LINUX LITE 7.2 FINAL RELEASED - SEE RELEASE ANNOUNCEMENTS SECTION FOR DETAILS


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Meltdown & Spectre Information and Discussion
#11
Meh,

Code:
~$ inxi -f
CPU:       Single core AMD Athlon 64 3800+ (-UP-) cache: 512 KB
           speed/max: 1000/2400 MHz
           CPU Flags: 3dnow 3dnowext 3dnowprefetch apic clflush cmov
           cr8_legacy cx16 cx8 de extapic extd_apicid fpu fxsr fxsr_opt
           lahf_lm lm mca mce mmx mmxext msr mtrr nopl nx pae pat pge pni pse
           pse36 rdtscp rep_good sep sse sse2 svm syscall tsc vme vmmcall

$ inxi -S
System:    Host: biker Kernel: 4.4.0-104-generic x86_64 (64 bit)
           Desktop: Xfce 4.12.3 Distro: Ubuntu 16.04 xenial
$ cat /etc/llver
Linux Lite 3.6

Edit: Just to explain myself. In my area. I am more likely to have have my car stereo stolen stolen than this exploit to take hold on my computers.
I care more about the stereo.
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
Reply
#12


(01-04-2018, 10:45 PM)rokytnji link Wrote: Just to explain myself. In my area. I am more likely to have have my car stereo stolen stolen than this exploit to take hold on my computers.
I care more about the stereo.

Indeed. Are hackers going to target Joe Nothing living at 123 Who Cares Street or do they have juicer targets?

Sent from my Mobile phone using Tapatalk

Reply
#13
Ubuntu plan to release Kernel updates early next week, in or around the 9th.

Sent from my Mobile phone using Tapatalk

Reply
#14
An update on (hopefully) reputable and authoritative information sources this morning regarding Meltdown and Spectre.

Personally I agree with Jerry:  Don't panic - there is no known malware exploiting these yet.  Meltdown looks specific to Intel, and is the "easier" both to exploit and to patch; Spectre affects many more processors (including ARM and AMD as well as Intel), and is both harder to exploit and patch.  At least according to these websites.

BBC News has two articles which may be of interest (the second if you are also an Apple user):
http://www.bbc.co.uk/news/technology-42562303
http://www.bbc.co.uk/news/technology-42575033

Leading cryptography expert Bruce Schneier says he plans to write more soon on his blog, and has a brief summary of the technical issue that is easy to read:
https://www.schneier.com/

4.4.x series updated in Kernel 4.4.109 (among other versions):
https://fullcirclemagazine.org/2018/01/0...down-flaw/

The Department of Homeland Security (USA) website contains additional information on the general problem, as well as links to vendor-specific information:
https://www.us-cert.gov/ncas/alerts/TA18-004A

Threatpost has details on ARM and AMD chips not affected by Spectre (according to the manufacturers) among other things:
https://threatpost.com/vendors-share-pat...ts/129307/

Happy Computing! Smile
Don't worry about artificial intelligence.  Worry about natural stupidity.  Smile
Reply
#15
If you wanna do a quick check on your own. Just for piece of mind I guess.


Code:
dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
<use sudo in Linux Lite>

Linus Torvalds thoughts on all of this hoopla.

https://lkml.org/lkml/2018/1/3/797



[color=inherit ! important][size=13px ! important][/size][/color]
LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
Reply
#16
To sum up myself: a nuisance with a price tag in manhours and compute time and a bad business practice from a company (Intel) that continues to operate above the law, and a community wide bandwagon of denial that everyone has been riding on for at least 10 years that I know of in the name of progress, Ethically speaking akin to testing drugs on people without having to pay them for the use of their body, claimed to be for the greater good of humanity. Driving at high speed is fun as long your brakes work properly, Ethics are the brakes.

TC 

https://www.intel.com/content/www/us/en/...ation.html

Read the section on privacy.
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
Reply
#17
So....If I am reading this right,We are going to get a software fix for a faulty hardware problem...?.  :Smile
Reply
#18
The Linus Torvalds email message is well worth reading; quote:


"I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed."


Designed. Yes, in this instance the company is telling the truth.
Terry Davis Command Line video cracks me up.
Quod delere vos ego faciam permanens.
Reply
#19
(Intel CEO) Krzanich said the entire industry was planning to publish the data security issue once the fix was in place — but the problem leaked early.
"Why did it leak ahead of time? Somebody was doing some updates on a Linux kernel and they improperly posted that this was due to this flaw," Krzanich said.

Exaclty who is the "entire industry" that so agreeably decided not to publish? Why is it "improper" to publish concerning a vulnerability, especially one that has been speculated about for years? Why would the US government drag its feet all this time? In fact Amazon (the only one that admits it "officially") was aware nearly two years ago. Suse Enterprise and RHEL well before that (which could aguably mean the whole Linux community). Why not publish? Proof of concept was obvious long ago. A working exploit was unneccessary. Why would the whole "white hat" community be coerced and/or intimidated by Intel not to publish? Intel's system of partnerships and non-disclosure agreements violates so many laws in the US that it is literally an issue for the ACLU, yet no one ever attempts to call them out. They are in general a national security issue for the US. Enough is enough. Funny how the annoncement didn't leak until after the Christmas buying season, a shame too. A good deep public panic would have given the WWW a much needed enema.

http://www.techradar.com/news/computing-...g-540671/2

I honestly remember being aware of this issue sometime around 2001 and having a discussion about it with some other hobbyists from that era. We considered it trivial at the time, but I reported it via e-mail to Suse. I can't remember what ISP I had at the time (the one from Ohio not AOL and not Prodigy) I wish I could because other hobbyist over-clockers at the time were aware of it as well. There is a history of awareness of this flaw that goes back at least 15 years and eventually it's going to appear taking away Intel's hope of any plausible denial.
 
TC     
All opinions expressed and all advice given by Trinidad Cruz on this forum are his responsibility alone and do not necessarily reflect the views or methods of the developers of Linux Lite. He is a citizen of the United States where it is acceptable to occasionally be uninformed and inept as long as you pay your taxes.
Reply
#20
As interesting as all this is, and no doubt will become more interesting now as it all unfolds in the future, I can't say I'm surprised.
Big business usually doesn't give a sh*t about anything but big business.
I'd near bet if they weren't caught with their pants down it wouldn't have been published at all.
Reply


Forum Jump:


Users browsing this thread: 5 Guest(s)