Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy-Centric Linux Distro Tails 3.0 Will Drop 32-Bit Processor Support (betanews.com)

Posted by EditorDavid on from the chasing-its-Tails dept.

All of its outgoing connections are routed through Tor, and it even blocks non-anonymous connections. You can carry it around on a USB stick, and Edward Snowden uses it. But a big change is coming with Tails 3.0. BrianFagioli quotes BetaNews: Unfortunately for some users, Tails will soon not work on their computers. The upcoming version 3.0 of the operating system is dropping 32-bit processor support. While a decline in compatibility is normally a bad thing, in this case, it is good. You see, because there are so few 32-bit Tails users, the team was wasting resources by supporting them. Not to mention, 64-bit processors are more secure too...

"In the beginning of 2016, only 4% of Tails users were still using a 32-bit computer. Of course, some of these computers will keep working for a while. But once the number had fallen this low, the benefits of switching Tails to 64-bit outweighed the reasons we had to keep supporting 32-bit computers," says the Tails team... "In the last few years, the developers who maintain Tails have spent lots of time addressing such issues. We would rather see them spend their time in ways that benefit our users on the long term, and not on problems that will vanish when Tails switches to 64-bit eventually."

50 of 97 comments (clear)

  1. One line could use some explanation. by Anonymous Coward · · Score: 4, Insightful

    Not to mention, 64-bit processors are more secure too...

    I'm not posting to doubt the author's assertion here, but rather to request more information: a link to the security benefits of one size over another would be nice. Is DEP something inherently impossible on 32-bit processors? Is the advantage really linked to word size, or is it more a function of new parts added to more recent processors?

    1. Re: One line could use some explanation. by Anonymous Coward · · Score: 3, Informative

      As per Tails:

      "software built for 64-bit processors can benefit from several improvements that make it harder for attackers to exploit security vulnerabilities (improved Address space layout randomization, compulsory support for the NX bit)."

    2. Re:One line could use some explanation. by Dunbal · · Score: 1, Interesting

      Yes I doubt this assumption too, simply because 64 bit processors are newer iterations closer to alterable microcode and "trusted computing".

      --
      Seven puppies were harmed during the making of this post.
    3. Re:One line could use some explanation. by AHuxley · · Score: 2

      AC think of the way an older OS would access memory and how malware could find interesting details at expected, almost set locations.
      Generations of malware could expect an OS and memory to work in a set way and code for information gathering.
      With 64 bit that information can be spread over memory in different ways or over a lot more memory beyond the limits of older systems malware.
      Protecting is provided by making malware have to hunt for more secure details in more random places in memory every time on newer hardware.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:One line could use some explanation. by Anonymous Coward · · Score: 1

      Please, most malware as-is today doesn't give two fucks about ASLR. They depend upon the practices taught today which results in shoddy bloated, vulnerable code.

      These problems simply wouldn't happen if people knew how to code small and quit trying to make a program do everything. This is why Unix is so rock fucking solid.

    5. Re:One line could use some explanation. by wbr1 · · Score: 2

      Modern, 64 bit CPUs also contain things like Intel's IME (or the AMD alternative), a small, always on CPU with network access. This is more secure?

      --
      Silence is a state of mime.
    6. Re:One line could use some explanation. by Anonymous Coward · · Score: 1

      That's the purpose of this news, to encourage everyone to use 64 bit CPU with Intel's IME so everyone can be de-anonimized and tracked.

    7. Re:One line could use some explanation. by Darinbob · · Score: 1

      I'm replying here to explicitly doubt the author's assertion. It's a silly thing to be asserting. Security is not in the size of a system's registers or address bus. A good 32-bit SoC with crypto hardware may be much more secure than a 64-bit CPU.

    8. Re:One line could use some explanation. by Darinbob · · Score: 1

      Just dump Intel and be more secure overall.

    9. Re:One line could use some explanation. by thegarbz · · Score: 1

      In favour of what exactly?

    10. Re:One line could use some explanation. by admin7087 · · Score: 1

      The problem is the opposite, all recent processors/motherboards are insecure. They contain a processor on its own, with its operating system, network stack, and complete access to all hard disks and RAM of the machine, and that little embedded OS can be controlled and triggered from the network.

    11. Re:One line could use some explanation. by arth1 · · Score: 1

      It goes both ways. More modern systems also have more features that might be exploited, while older systems may have a much higher ratio of vulnerabilities already discovered and with workarounds for them.
      And, of course, the number of attacks against a system is going to have at least some proportionality to how popular it is.

  2. seems to be time... by Anonymous Coward · · Score: 1

    Consumer 64 bit CPUs have been around since the 2003 AMD Opteron, so getting on towards a decade and a half soon now. And workstation class 64 bit was available for many years before that.

    It's cool that Linux itself supports really old hardware, but when it comes to a small distro team trying to support niche architectures, sometimes you have to pick your battles. If there's sufficient interest in 32 bit, then the interested parties can provide the necessary support.

    Dealing with security and privacy is hard, and there aren't many OSs trying to do it at all, so it seems apt for the Tails team to focus where they can have the maximum impact for the resources they have available.

    1. Re:seems to be time... by ShanghaiBill · · Score: 4, Interesting

      Consumer 64 bit CPUs have been around since the 2003 AMD Opteron

      Linux runs on many many embedded systems that are 32 bit, including plenty of new devices. It is likely that these are even the majority of running Linux instances. This particular distro may only be interested in the 64-bit desktop/laptop/server market, but many other distros would be foolish to abandon the embedded market.

  3. How do they know... by Anonymous Coward · · Score: 5, Interesting

    ... that 4% of users are using 32-bit systems? Can't be that private if they're collecting telemetry from their own userbase...

    1. Re:How do they know... by Motherfucking+Shit · · Score: 5, Informative

      The official announcement says "These statistics are gathered from bug reports we have received from WhisperBack." WhisperBack is a voluntary, manual bug reporting system that comes with Tails. So they're only collecting "telemetry" from users who are voluntarily submitting it; that may not be the best barometer of who's using 32-bit systems, but it's all they have to go by.

      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    2. Re:How do they know... by KiloByte · · Score: 1

      As a comparison, Debian popcon shows i386 users being 27% of amd64's number, yet by counting bug reports filed after 2016-01-01 that include system information, that's 7%.

      I see two possible explanations for this discrepancy: either i386 installations are old ones that were installed as such because the user didn't know better (the i386 installer was shown more prominently), or that such users are too untechnical to participate in filing reports.

      In any case, getting a non-thoroughly-embedded machine without amd64 support takes some serious dumpster diving.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    3. Re:How do they know... by adolf · · Score: 1

      A year or two ago, my dad (an avid dumpster diver) found a working and very clean Dell Latitude 32-bit D620 laptop. I shaved some parts off that I needed for my own D620 and sold the display+housing complete on Ebay, because...because.

      I'm about to ditch the D620 altogether (in favor of kvm/qemu guest, possibly Tails) and then I will not have any more 32-bit x86 machines for my own personal purposes.

      --
      Kid-proof tablet..
    4. Re:How do they know... by reiscw · · Score: 1

      Debian supports multiarch, so many of us have i386 packages installed on the amd64 of Debian. Wine / Crossover does this a lot. That's another explanation for the discrepancy.

    5. Re:How do they know... by sjames · · Score: 1

      It could also mean that the software isn't yet 64 bit clean.

    6. Re:How do they know... by toddestan · · Score: 1

      Not really, the Coppermine P3's are pretty efficient. A lot of them use less than 20W at full load until you start approaching the 1 GHz mark.

  4. That's not good... by MindPrison · · Score: 5, Interesting

    Considering who the platform was meant to help in the first place, this is not good news.

    Imagine this scenario, you're an informer on the run, you have to hide because you've got a secret that must eventually get out to the public. You have no access to modern computer, but could possibly scrape together some old computer parts to make one, perhaps an old disgarded 32 bit laptop somewhere in the dumpsters in an opressed country where even old computers are gold.

    And you can't install it because it requires a 64 bit processor, well - bummer.

    Any other day I'd agree with that decision, but in this case - I think it should be as compatible as possible with as much hardware as possible, focus less on modern things, and focus more on safe communications.

    --
    What this world is coming to - is for you and me to decide.
    1. Re:That's not good... by Anonymous Coward · · Score: 1

      Or... you've been living under Taliban rule and now they've fled you've dug up your trusty old Commodore. What then, huh?

    2. Re: That's not good... by Anonymous Coward · · Score: 1

      Free wi-fi is intriguing to me, but I don't see anything about wi-fi in your newsletter.

    3. Re:That's not good... by AHuxley · · Score: 1

      What happens when a nations telco supports the security services and then moves in for some equipment interference?
      With 64 bit and better security, encryption and memory an application might just offer a bit more protection.
      With very old computers a lot of interesting user details just exist in memory in set places for any security service to gather without much effort.
      Computers that will be tracked and will face equipment interference need all the encryption and modern hardware support a developer can offer.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:That's not good... by thegarbz · · Score: 1

      You have no access to modern computer, but could possibly scrape together some old computer parts to make one, perhaps an old discarded 32 bit laptop somewhere in the dumpsters in an oppressed country where even old computers are gold.

      It may just be a sign of the times but a) if you're in such an oppressed country if the laptop is working you won't find it in a dumpster, and b) if you're not in quite such an oppressed country your dumpster laptop will very likely be 64bit anyway. Do remember that 64bit processors have been around for 15 years now. If your only source of equipment is older than this, being able to get software to run on it will be the least of your problems.

      and focus more on safe communications

      This is exactly why they are making the move.

    5. Re:That's not good... by Ramze · · Score: 1

      AMD released the first intel-compatible 64 bit processors in 2000. That's almost 17 years ago. Sure, people kept buying 32-bit crap for a long while after that, but even Intel saw the writing on the wall, licensed the tech, and eventually mostly moved everything over to it.

      It's more difficult to find electricity and an internet connection than it is to find a 64 bit machine in poverty-stricken and/or war-torn countries. I threw away my first 64-bit AMD machine well over a decade ago. I'm sure there's mountains of them at recycling centers in Asia.

      I don't think your average refugee is dumpster diving for computer parts -- anything that's gotten wet or crushed is most likely useless, and one would instead go to a garage sale or some other second-hand store to get parts anyway.

      North Korea's Red Star OS 3.0 had both x86 and 64-bit versions three years ago. Even they have probably moved to 64-bit only by now. I'm hard pressed to think of a country with higher sanctions and barriers to technology and freedom than NK, but if there is one, I bet their computers are 64 bit by now also.

  5. BIOS for 32b x86 CPU's are not Backdoored ... by Anonymous Coward · · Score: 1

    You have to go back over 10 years for Intel and a few generations for AMD to be able to build firmware for your mainboard that is all open source, without all the closed Blobs. So what's the point of a secure OS with a backdoored BIOS?

  6. Inevitable by m.dillon · · Score: 5, Insightful

    We already dropped 32-bit support in DFly. There are many good reasons for doing it on Linux and the other BSDs as well. I will outline a few of them.

    (1) The big reason is that kernel algorithms on FreeBSD, DragonFly, and Linux are starting to seriously rely on having a 64-bit address space to be able to properly size kernel data structures and KVM reservations. While (for FreeBSD) 32 bit builds still work, resource limitations are fairly confining relative to the resources that modern machines have (even 32-bit ones).

    (2) Being able to have a DMAP makes kernel programming a whole lot easier. You can't have one on a 32-bit system unless you limit ram to something like 1GB. Being able to make a DMAP a kernel-standard requirement is important moving forwards.

    (3) Modern systems are beginning to rely more and more (on x86 anyway) on having the %xmm registers available. To the point where many compilers now just assume that they will exist. ARM's 64-bit architecture also has some nice goodies that it would be nice to be able to rely on being available in-kernel.

    (4) Optimizations for 64-bit systems create regressions on 32-bit systems. Memory copies, zeroing, and setmem, for example. Even if 32-bit support is kept, performance on those systems will continue to drop.

    (5) There is a lot of ancient cruft in 32-bit code that we kernel programmers don't like to have to sift through. For example, being able to get rid of the EISA and most of the ISA support went a long ways towards cleaning up the codebase. Old drivers are a stick in the craw because nobody can test them any more, so the chances of them even working on an old system is reduced for every release. Eventually it gets to the point where there's no point trying to maintain the old driver.

    (6) People should not expect modern features on old machines. The cost of replacing that old machine is minimal. Live with it. It's part of the price of progress. If the industry is a bit slow understanding what 'old' means, than the fewer systems which support these older architectures the better, it will make the point more obvious to the corporations who've lost their innovative edge.

    (7) For ARM, going back to the corporate point, there's really no reason under the sun to continue to produce 32-bit cpus, even for highly embedded and IOT stuff. The world has moved on, and even embedded systems have major resource limitations in 32-bit configurations. If kernel programmers have to put an exclamation mark on that point, then so be it.

    -Matt

    1. Re:Inevitable by hairyfeet · · Score: 1

      Wow...how very first world of you. Did it never occur to you that people in the third world, in places that have oppressive governments and can actually USE this software, are often stuck dealing with old hand me downs from the first world and the cost of replacing those systems cost more than a years wages?

      Just because the cost is trivial to YOU does not mean its trivial to the rest of the world, and when it comes to a tool that is designed to help those in repressive regimes? That kind of attitude is not only arrogant but just shows the devs haven't actually bothered to think about the conditions those who might use their software have to deal with.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    2. Re:Inevitable by eclectro · · Score: 1

      Whoa hold on there!!

      there's really no reason under the sun to continue to produce 32-bit cpus, even for highly embedded and IOT stuff.

      You actually had me going until that. There are a whole slew of reasons why a lower byte count would be needed for embedded and IOT stuff. For example countless IOT applications are going to need to be low current - low power low heat devices controlled by low current low power processors. It sometime still feels like to me that many 64bit processors still require close proximity to a nuclear plant because of their current draw. Certainly nothing that can be powered by a small battery alone for a couple of weeks to a month. And if they are truly low power (single digit wattage) they simply will not have the clock speed/horsepower to be able to run 64 bit compiled kernel code. I won't even get into the power conservation reasons of billions of IOT devices needing to be low current. Nor the price point that IOT devices will need to be at (aka market demand). Forcing a "one size fits all" mentality demonstrably does not work here and is counterproductive.

      --
      Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
    3. Re:Inevitable by mlyle · · Score: 2

      The grandparent poster is volunteering his time to make a thing that people like (DragonFly BSD). There are limited resources to be spread. Old versions will continue to work unmaintained, just like the old hardware does.

      How much should he increase his effort to support smaller and smaller populations? If supporting x86 is a 15% "tax" on developer time and resources-- is it worth it if 10% of the userbase is x86-64? 5%? 1%? How long should we still be supporting things? 386's are still out there.

      > That kind of attitude is not only arrogant but just shows the devs haven't actually bothered to think about the conditions those who might use their software have to deal with.

      No.. the attitude where you expect people donating their work and resources and time to work on what you would like them to is arrogant.

    4. Re:Inevitable by somenickname · · Score: 1

      32-bit machines may eventually go away but, to argue that the reason for them to go away is "because kernel stuff is irritating" is crazy. Even if there is no reason to continue to produce 32-bit hardware, it will be around for *decades*. The number of 32-bit embedded ARM CPUs out there has got to number in the billions. Changing hardware is much, much harder than changing software so, as a kernel developer, I think you'll find it's a very uphill battle to "put an exclamation mark on that point". The kernel will remain 32-bit compatible for decades because the people who contribute to the kernel have a vested interest in not changing their hardware.

    5. Re:Inevitable by serviscope_minor · · Score: 1

      (7) For ARM, going back to the corporate point, there's really no reason under the sun to continue to produce 32-bit cpus, even for highly embedded and IOT stuff.

      If you think you can beat the power draw of the 8 bit PIC 10F series or some sort of attiny with a 64 bit (!) CPU then please send me whatever it is you're smoking because it's some good shit.

      The world has moved on, and even embedded systems have major resource limitations in 32-bit configurations. If kernel programmers have to put an exclamation mark on that point, then so be it.

      Yeah no. The current embedded CPU I'm using has a glorious 4k of RAM (luxurious compard to the 64 bytes of a PIC10F or 12F). I can't see how moving from 8 to 64 bits would ease any resource limitations, unless you're thinking of giving me over 1000 times the amount of memory.

      But of course that takes 1000 tims the amount of power to run, so unless you have some batteries which use sintered unicorn horn cathodes to power these things, I'll keep my 4k thnakyou very much. Currently I'm using a CR2032 and get very many hours of runtime.

      I am considering moving to a newer 32 bit CPU. 64k RAM, but lower overall power draw being a newer design on a newer process and also reduces the parts count with an on-chip BALUN. I don't see how 64 bit pointers will help in the slightest with 64k of RAM.

      The other embedded machine I have of course is an RPi. Much larger, but only has a gig of ram if that (I've not checked---it has assloads). Again, 64 bit pointers won't help there.

      --
      SJW n. One who posts facts.
    6. Re:Inevitable by Darinbob · · Score: 1

      They should just be clear and say "We're making linux for PeeCees. We don't understand other types of systems. We think 32-bit means old and 64-bit means new."

    7. Re:Inevitable by Darinbob · · Score: 2

      Yup, bigger CPUs take more power, there's no need for a large amount of address space (which is the only practical thing you get from 64-bit). I'm working on a system with 20kb RAM which has to run off of a small battery for more than a decade. 64-bit has no applicability there. If it's a PC then sure, the newer CPUs tend to be 64-bit but outside of the PC monoculture there is a whole lot of other stuff that can run linux where 32-bit could actually be more secure. The smartcard market has parts that are based on 8-bit 8051 running Java VMs with crypto accelerators.

    8. Re:Inevitable by Darinbob · · Score: 1

      Why would they go away? 8-bit CPUs are still around and going strong.

    9. Re:Inevitable by Anonymous Coward · · Score: 1

      Those 8-bit systems aren't running Linux or *BSD, so bringing them up is irrelevant. Why even bother with them when you can't run Linux on this single transistor here?

    10. Re:Inevitable by Anonymous Coward · · Score: 1

      Switch to OpenBSD 6.0. They still release i386 versions and my little netbook runs happily.

      OpenBSD still supports the following:

      alpha Digital Alpha-based systems

      amd64 AMD64-based systems

      armv7 ARM-based devices, such as BeagleBone, BeagleBoard, PandaBoard ES, Cubox-i, SABRE Lite, Nitrogen6x and Wandboard

      hppa Hewlett-Packard Precision Architecture (PA-RISC) systems

      i386 Standard PC and clones based on the Intel i386 architecture and compatible processors

      landisk IO-DATA Landisk systems (such as USL-5P) based on the SH4 cpu

      loongson Loongson 2E- and 2F-based systems, such as the Lemote Fuloong and Yeeloong, Gdium Liberty, etc.

      luna88k Omron LUNA-88K and LUNA-88K2 workstations

      macppc Apple New World PowerPC-based machines, from the iMac onwards

      octeon Cavium Octeon-based MIPS64 systems

      sgi SGI MIPS-based workstations

      socppc Freescale PowerPC SoC-based machines

      sparc64 Sun UltraSPARC and Fujitsu SPARC64 systems

    11. Re:Inevitable by chmod+a+x+mojo · · Score: 1

      The cost of replacing that old machine is minimal. Live with it. It's part of the price of progress.

      Some of us quite literally can't. Your "minimal" cost is over $150K for one of the machines I use, with the actual machine being maybe $600, the rest being software licenses to work on OS's newer than the mid 90's and interface adapters to work with machines more advanced than a Pentium II.

      --
      To err is human; effective mayhem requires the root password!
    12. Re:Inevitable by serviscope_minor · · Score: 1

      Your claim doesn't stand up.

      Very many embedded 32 bit cores are too small to rnu Linux and BSD as well, yet the OP claims there's no need to ever use a 32 bit ARM core when 64 bit ones exist. Embeddd stuff covers a vast amount of profiles from 8 bit with literally bytes of RAM to massive DSP beasts.

      He's claiming that on 32 bit cores it's hard to implement some kernel feature if you have less than a gig of RAM. Hardly any embedded system has remotely that much.

      --
      SJW n. One who posts facts.
    13. Re:Inevitable by mlyle · · Score: 1

      Yes, and get results like this: http://www.phoronix.com/scan.p...

    14. Re:Inevitable by sad_ · · Score: 1

      it's also open source, if there is that many demand for a 32bit Tails somebody will pick it up and maintain it as a fork.

      --
      On a long enough timeline, the survival rate for everyone drops to zero.
    15. Re:Inevitable by hairyfeet · · Score: 1

      The whole "there is the source" argument is an is ought fallacy because its assumes because there IS source their OUGHT to be enough coders that 1.- understand deep level security in Linux, 2.- the interdependence these various apps have with each other and the OS well enough to keep from making accidental backdoors and 3.- also have a deep enough understand of web tracking methods including the ever evolving tracking tactics to insure new innovations like hidden pixels don't latch on for a ride.

      To say there is source is like me saying I will offer you a free car only for you to get there and me to hand you some raw ore and the blueprint for a Honda...what you HAVE ridden in a car, know what they look like, yes? Why can't you simply build a car? You can't because you do not have the tools, the education, and years of experience required to complete the task and neither does 99.998% of users of this software, and more like 99.9999% of people in repressive regimes where this kind of software was originally targeted. In most cases including this one source might as well not exist because nobody outside the original core team is gonna have the knowledge and experience to actually make this work.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    16. Re:Inevitable by toddestan · · Score: 1

      The problem with Windows 10 (and Windows 8) is that it requires the NX bit be present on the processor. The NX bit came in around the same time as Intel was making the transition to 64-bit, so while there are a small handful of 32-bit processors that can run Windows 10, the vast majority of 32-bit Windows 10 systems are going to be running on 64-bit hardware because it won't boot on most 32-bit systems. So while you can run Tails (for now) on that Socket 478 P4 or Athlon XP, you can't run Windows 10 on it, even if the hardware is otherwise powerful enough.

      Also, as far as I know the requirement for signed drivers is only for 64-bit Windows. Which makes sense, as the 32-bit version of Windows 10 is basically the "compatibility mode" version of Windows that you can try to use for all that old, crufty software and hardware that simply will never work on 64-bit.

  7. Surprising by DaMattster · · Score: 1

    I honestly thought Edward Snowden might use OpenBSD because it is more secure than Linux. The allegations of backdoors in the IPSEC stack were proven to be false during an intensive security audit by the OpenBSD team. The OpenBSD team regularly audits their code and is transparent about bugs found. But, I digress, I am an OpenBSD fanboi. OpenBSD powers my router/gateway, server, desktop, and laptop. In my world, if it is capable of running OpenBSD, it does.

    1. Re:Surprising by Cmdln+Daco · · Score: 1

      I am a NetBSD fan, but OpenBSD is very similar and almost as portable. If it is capable of running NetBSD it exists. That's nearly the case, though I have some PalmPC devices that won't run NetBSD and Apple machines need to be new enough to sport a 68030 processor.

  8. Seems a bit odd by dbIII · · Score: 1

    Seems a bit odd to drop 32 bit with the Raspberry Pi and clones all over the place.

  9. Ok, I'll drop Tails then... by demon+driver · · Score: 1

    ... as my preferred privacy-centric OS. It's not as if there weren't alternatives. And 32-bit machines will be good enough to access the internet for many years to come. I'm allergic to software producers forcing me to upgrade hardware for no reason, and seeing what the audience for systems like Tails is, the decision is even more despicable, and I'd expect there to be a lot of people who'll be much less inclined, if even able, to upgrade their hardware on a whim than I am.

  10. As long as it compiles, by rene2 · · Score: 1

    we will not remove 32-bit x86 support from T2SDE:

    Also still got some mice 32-bit vintage machines, like Oqo01+ with Transmeta Efficieon, or Nokia Booklet 3G, with 32-bit only Atom Z, ...

    In general I find it a bit sad to remove support to use older machines for poor families and third world countries.