Firefox Quantum, Bcachefs, Ubuntu, Devuan 2.0

News briefs for May 10, 2018.

It is here: Firefox 60 “Quantum” is available for download! Now with Client Side Decorations (CSD) and much more!

And development for Firefox 61 has already begun.

Kent Overstreet of Bcache and now, Bcachefs is working his way to push patches for Bcachefs upstream and into the Linux kernel. Bcachefs is an advanced Linux COW filesystem that boasts a lot of the features used by ZFS and Btrfs.

It would seem that the main Ubuntu distribution may not be the only *buntu to drop support for 32-bit x86 (i386) architectures. A proposal has just been put forth by Bryan Quigley to drop support for Lubuntu, Xubuntu, Kylin and Kubuntu.

While the beta for Devuan 2.0 ASCII (a Debian fork without systemd) landed back in February, yesterday marked the availability of the first official release candidate.

Image removed.

Read More

Read-Only Memory

Igor Stoppa posted a patch to allow kernel memory
to be made read-only.
Memory pools are a standard way to group memory allocations in Linux so their time
cost is more predictable. With Igor’s patch, once a memory pool was made read-only,
it could not be made read-write again. This would secure the data for good and
against attackers. Of course, you could free the memory and destroy the pool. But
short of that, the data would stay read-only.

There was not much controversy about this patch. Kees Cook felt that
XFS would work
well with the feature. And, having an actual user would help Igor clarify the usage
and nail down the API.

This apparently had come up at a recent conference, and Dave Chinner was ready for
Igor’s patch. He remarked, “we have a fair amount of static data in XFS that we set
up at mount time and it never gets modified after that. I’m not so worried about
VFS level objects (that’s a much more complex issue) but there is a lot of low
hanging fruit in the XFS structures we could convert to write-once structures.”

Igor said this was exactly the kind of thing he’d had in mind.

A bunch of folks started talking about terminology and use cases, and speculating
on further abilities. No one had any negative comment, and everyone was excited to
get going with it.

The thing about a patch like this is that people can use the feature or not. It helps
them with security, or it costs them nothing. It adds an ability but adds no
complexity to the code. Unless something weird happens, I’d expect this patch to go
into the kernel as soon as the API stabilizes.

Note: If you’re mentioned above and want to post a response above the comment
section, send a message with your response text to

Read More