Meltdown & Spectre Information and Discussion

[newtusmaximus]

Tks Trinidad.  For the uninitiated, such as myself
Does this Virtual Server vulnerability mean?
a) Contacting/using cloud storage is a possible vulnerability.
B) Connection to online banking  could be vulnerable
c) Ditto online payment transaction such as Amazon, Paypal etc even though they are supposedly "locked" = https://
d) The connection process to "home" wifi is vulnerable  even with proper WPA/WPA2 activated?

Is this another case of Year 2000  "panic" or a realistic potential threat?

Thanks

[TheDead]

I read one article referred to me about the whole issue but it only mentions Intel/AMD "Server" CPUs and ARM CPUs. Atoms are not affected(?).
[member=5916]trinidad[/member] , from your readings, are standard desktop/laptop CPUs affected are not?
This whole issue went kaboom all over the place... hard to find clear info.

Nothing better for something to get popular than big companies trying to keep it quiet.

Cheers!

[trinidad]

Certainly not a panic issue for home users of any OS, at least in the present definition of what security is. There is no doubt that it could prove to be a real pain down the road (depending on the provider) for small businesses using older Intel hardware who have purchased virtual space on a server, in that there is a real possibilty that their hardware will no longer be able to log onto their server space which is likely to have the Intel firmware updates, kind of like the changes made to Firefox last summer involving secure connections. If there is no Intel firmware update available for your hardware you may find yourself not able to log onto virtual server space you have paid for that has the Intel firmware updates. That is just the first problem users of Ubuntu, Windows 7, 8.1, Debian, Mac OS, and others running on Intel older hardware will run up against. It is a security issue for industry leaders using Intel hardware to run big server arrays. People like RHEL, Suse Enterprise, Microsoft, and Ubuntu and Debian as well. However, and it's a big however, I would argue at this point that is a rush toward an appearance of better security, but not as grave as it seems in the news. Furthermore given the security measures available to most good administrators, it is a highly unlikely hack unless of course you operate with seriously unvetted administrators. The winners here are likely to turn out to be Intel and Microsoft in the end, given the planned obselescence model of business they use. Want to use our Intel servers? Upgrade your firmware. It seems too brilliant of a business ploy to be anything other than a business ploy. That aside I am not satisfied at all with the mitigations in Linux for meltdown as I and a lot of other people think the action is too extreme, given the neccessity of then having to deal with propietary firmware updates. We all need to take a deep breath here and take the time to study the mitigations thorougly. It has been proved time and time again that computing security is best enabled via the open source community, period.

TC       

[trinidad]

Few new things:
Have not tested this but the script should work on normal Linux OS. Those of you who want to check kernels may want to try it.

https://github.com/speed47/spectre-meltdown-checker

So far it seems that the version of the LTS 4.4 kernel 109.132 does not brick some older boards the way .108 does. I am running it on a six year old Intel Dell. Will be looking at Qemu this afternoon to see how broken it is. MS patches have been bricking things all over the place and literally locking Windows 7 and 10 on older harware to junk. If you are on Windows 7 do NOT install the patch. The patching for this mess in general is running below 50% success rate on older hardware. Best to be patient. This whiz kids who published this worked from a 2005 research paper to begin with. The generation gap is obvious concerning this. If you are just a home user, and do not maintain a server presence, I wouldn't bother with a patch just yet. This vulnerability affects the core infrastructure of the web and there is little you can do about that. IMHO I think it may turn out to be the biggest tech bloodbath in history by the end of the year with a myriad of on again off again failed fixes. If you are just a home user take heart, you are a consumer, and that is what built it all.

TC 

[Valtam]

IMHO I think it may turn out to be the biggest tech bloodbath in history by the end of the year...

TC 

It already is.

[newtusmaximus]

Any idea which Intel chips are considered to be vulnerable to updates.?

[trinidad]

No comprehensive info on that yet. MS patches have cooked a bunch of different boards already, and withdrew some patches. Early losses will be unpredictable, about like a blind machine gunner firing into a crowd.

TC

[newtusmaximus]

So are we safe in  continuing to update LL; i.e no chance of "junking" our older hardware??

[newtusmaximus]

If you wanna do a quick check on your own. Just for piece of mind I guess.

Code:

dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000

<use sudo in Linux Lite>

RESULT
-Ultra-slim-Desktop:~$ sudo dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
[sudo] password for linuxlite:
5000000+0 records in
5000000+0 records out
2560000000 bytes (2.6 GB, 2.4 GiB) copied, 21.1723 s, 121 MB/s
-Ultra-slim-Desktop:~$


So what does this mean in the scheme of things please?

[rokytnji]

[quote author=rokytnji link=topic=4978.msg37703#msg37703 date=1515153114]
If you wanna do a quick check on your own. Just for piece of mind I guess.

Code:

dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000

<use sudo in Linux Lite>

RESULT
-Ultra-slim-Desktop:~$ sudo dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
[sudo] password for linuxlite:
5000000+0 records in
5000000+0 records out
2560000000 bytes (2.6 GB, 2.4 GiB) copied, 21.1723 s, 121 MB/s
-Ultra-slim-Desktop:~$


So what does this mean in the scheme of things please?
[/quote]

For starters. Simple answer. 121 MB/s is OK and means no memory leak.

I have been busy changing kernels in my gear and using patched kernels from Debian and AntiX to make the point of this thread moot in my case usage.

Like on this IBM T23 Laptop that Linux Lite won't run on. Due to age of gear and hardware limitations. Posting this reply in Netsurf browser. No Java or Flashplayer Plugin touches this laptop.

Code:

harry@biker:~
$ inxi -M
Machine:   Device: laptop System: IBM product: 26474MU serial: N/A
           Mobo: IBM model: 26474MU serial: N/A
           BIOS: IBM v: 1AET64WW (1.20 ) date: 10/18/2006
harry@biker:~
$ inxi -f
CPU:       Single core Mobile Intel Pentium III - M (-UP-) cache: 512 KB
           CPU Flags: cmov cx8 de eagerfpu fpu fxsr mca mce mmx msr mtrr pae pge pse
           pse36 sep sse tsc vme
harry@biker:~
$ uname -a
Linux biker 4.9.75-antix.2-486-smp #2 SMP Tue Jan 9 15:22:47 EST 2018 i686 GNU/Linux
harry@biker:~
$

Ubuntu will make this thread moot also when their patched kernels are available also.

Your gear is untouched from what I can tell from your readout. I'll run that command on my IBM T23 Laptop. Which is way way slower and weaker than your gear. It uses a intel cpu also though.

Code:

# dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
5000000+0 records in
5000000+0 records out
2560000000 bytes (2.6 GB, 2.4 GiB) copied, 68.3041 s, 37.5 MB/s

as you can tell from my readout I gave as a comparison. Mine is fine also for the age of this gear. If I got something like 5 MB/s. Then I'd worry. If it took like 10 mintues to copy. That would concern me also. s