Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
(01-07-2018, 02:40 AM)JmaCWQ link Wrote: [ -> ]As interesting as all this is, and no doubt will become more interesting now as it all unfolds in the future, I can't say I'm surprised.
Big business usually doesn't give a sh*t about anything but big business.
I'd near bet if they weren't caught with their pants down it wouldn't have been published at all.
(01-06-2018, 02:56 PM)trinidad link Wrote: [ -> ](Intel CEO) Krzanich said the entire industry was planning to publish the data security issue once the fix was in place — but the problem leaked early.
"Why did it leak ahead of time? Somebody was doing some updates on a Linux kernel and they improperly posted that this was due to this flaw," Krzanich said.
TC
I like the quote, it'll be good for paraphrasing - "(Intel CEO) Krzanich said, everything was fine until those rebellious Linux geeks moved their fingers"
Ultimately the issue of computer security, in any sense whatsoever, is open source code. Speculative execution would not be a security issue at all if the processor code was open source. You cannot compare for bit parity for binaries you cannot access. We banged this around years ago and recommended dual CPU's and one bank of protected memory for low level binary comparisons. As long as OEM vendors refuse access to binary setups there is no solution that will ever be secure. The amount of patching in Debian is probably headed for fifty different specific application instances. At the high end, giant service providers are going to absorb a big hit and be forced to purchase more rack space to deal with the performance issues this ridiculous proprietary policy has caused. Intel's partnerships are just extortion in this sense and always have been.
TC
8) i am not too freaked out by all this , a flaw since what ?, 1995 ?, wow, ok. i suffered viruses through the years since windows 98SE, so again, not to freaked out by this .
??? any ways , has Linux Lite released some updates on this issue for Linux lite 3.6 ?.
my windows 10 machine has been fixed by me, ha ha , it was a outdated driver issue, now ready to bring back down my Linux machine from upstairs and plug it back in........ i miss my Linux.
windows is for my Husband, he so far has no problems with my machine , but he is a cave man and needs more how to attention.............
Interesting catch! Thanks, Trinidad, for both of these.
(01-05-2018, 07:40 AM)Jerry link Wrote: [ -> ]Ubuntu plan to release Kernel updates early next week, in or around the 9th.
Do we have any news on the status of Ubuntu kernel updates to fix this issue?
Kernel 4.4.0-109.132 is out for LTS. Fix for meltdown began at .131 I believe. This is not a complete fix all for Ubuntu OS. Older hardware will not respond to the update in many cases because of incomplete firmware. This whole thing is an ugly ugly mess for Debian. The main issue will be for people who run older hardware without firmware updates, and connect to virtual server instances that have firmware updates. They may find they cannot connect to their server. The exploit 1 of spectre is already mitigated in firefox but exploit 2 will not be fully mitigated for quite some time and people with older hardware may find themselves out of luck. If you are running anit-virus your provider will have had to issue a flag to your system to install the changes. I have some reticence about installing the meltdown mitigations at all, given other issues with Intel. I am slowly working my way through all the documentation on the exploits, but a cursory examination makes me a little itchy, given the impact on some common server administration tools, and given Intels other issues I am not so sure that the mitigation for meltdown will not open a wider door for specter exploit 2 due to a lack of pointer obfuscation. I don't think there's any need for home users to rush into this at this point other than the virtual server connection issues. Let the industry giants worry about it, and let Debian run its course through the mess the Debian way -- slowly via the community. There may be a worst case scenario for all of this akin to emmision testing for automobiles.
TC
Thanks TC
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16