Hi,
yesterday, Tom’s Hardware published an article named How to Build a Hardware Firewall with IPFire, in which they are effectively advising people to run a 32 bit installation in a virtual environment:
If you want to use a VM for IPFire, you can use the 32-bit ISO from the IPFire […]
I take this as an opportunity to stress the facts mentioned in 32 bit is dead - Long live 32 bit. The brutal truth here is: 32 bit installations are effectively in extended support. Yes, they will continue to work. They will probably continue to work until the next major kernel update, but we are not making any guarantees on that front.
Supporting 32 bit installations is causing more and more pain as application support is diminishing. The Linux Kernel’s security hardening against the all-new-and-improved CPU security vulnerabilities (thanks, Intel) on 32 bit is poor, and I have no reason to be optimistic on its future. Please do not get me wrong: Kernel developers do great work indeed, and the whole CPU security vulnerability topic is a time-consuming Sisyphus task, with no end in sight and no user ever saying ‘Thank you’. If people ever looked for a reason to be depressed, this is one.
At IPFire, unfortunately, we do not have the resources to significantly improve this situation. 32 bit installations are insecure, and if your hardware supports 64 bit, you are strongly encouraged to reinstall. At the hardware vulnerability page, you will probably see the difference.
While I appreciate the article at Tom’s hardware, they could have been a better job by not bringing us a bunch of new 32 bit installations on virtualised systems. You do not want a firewall at that hardware security level.
Thanks, and best regards,
Peter Müller