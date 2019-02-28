The Single-Board Computers Issue
When I was a child in the 1980s, I had a computer—a very 1980s computer.
It had a hefty, rectangular, grey case made of some sort of industrial sheet metal. Two plain (but rather large), square buttons adorned the front, begging to be pressed: "Reset" and "Turbo". On the right side of the case, far in the back (nearly out of reach), sat an almost comically large, red power switch. It was the kind of lever that would look right at home in an action movie—used to cut the electricity to all of New York City.
When you "threw the switch", the PC turned on with a deeply satisfying, soul-reverberating, "ka-THUNK".
Security: Update, FUD and Survey
Programming: GCC, LLVM and Programming Languages Survey
Linux Lock-Down Kernel Patches Get Revived, Seeking Mainline Inclusion
An effort ongoing for a few years now has been the CONFIG_LOCK_DOWN_KERNEL patches to prevent user-space from being able to modify the kernel image with blocking the ability to load unsigned kernel modules, no writing to /dev/mem, restricting PCI BAR and MSR access, ACPI restrictions, and more. Some Linux distributions are are already carrying this work in some form and enabling it with UEFI SecureBoot, but it hasn't been mainlined although could soon change. Since 2016 these patches have gone through several rounds of improvements for tightening up access to different kernel bits in the name of security. But it's never managed to cross the finish line of being accepted into the mainline kernel even though it's used in different distribution kernels. Well known kernel developer Matthew Garrett at Google is working to carry this code over the finish line. Also: Linux Fix For Issue That Prevented Some MacBook Pros From Booting On Recent Kernels
