Meltdown & Spectre Information and Discussion

[TheDead]

If you trust everyone that uses your pc locally, then you have nothing to worry about, do you...

But, can you REALLY thrust anyone? Your familly could have been infitrated years ago and your life a lie.
(reference to a 2001 movie called "Antithrust", was pretty cool )
 
Thrust no one! (insert X-File music)

[Searchernow]

Agreed.

[Jerry]

Security is a fallacy, there is no such thing in computing.

As long as you own the architecture, you will always be at risk. The attack vector for Meltdown is extremely unlikely. If you trust everyone that uses your pc locally, then you have nothing to worry about, do you...

[Searchernow]

It's been a long time since I looked at this issue, I had frankly forgotten it!

I keep my Updates up-to-date each week, so am I safe to assume the vulnerabilities are no longer a threat?

LL 4.4, 64bit, i5 processor.

[TheDead]

Yo!

I didnt use the Checker tool... yet, since using other computer for banking stuff, etc.
But is it / will it be available in Lite Tweaks or Lite Software in LiLi 4.0 ?
Planning to ditch those 'dows when 4 is out.

Cheers and keep it up!

[Jerry]

LL meltdown Checker on Linux Lite 4.0 (latest kernel)

[Searchernow]

News

1) Well Intel has made stable microcode available now as far back as Sandy Bridge, however OEM's Dell and HP are still lagging behind in the implementations. Microsoft continues to be ahead of the curve on the whole issue though the latest updations have install issues as well due to the lagging OEM implementations. I have succeeded with a couple of W10 Dell Sandy Bridge boxes but it cannot be done without resorting to the CLI so everyday users are unlikely to install the mc mitigations.

2) New security studies from AMD are dismal for some of their CPU's. See the link below.

https://www.amdflaws.com/

3) Being a regular Debian user I am a bit spoiled when it comes to updates. Debian stable is slow and methodical about such things. But I also use both Ubuntu and LL where update schedules are far denser and hectic. I have to remind myself that so many of the current issues are linked to S/M and Intel. Ubuntu has been on top of the issues since they began and the devs have worked very hard to deal with the changes for their users. Updation was not always so intense with Linux in general, but it is good to remember that Linux is a community and as such more in touch with its own reality in more diverse ways than any corporate entity could ever hope to be. It is discouraging what corporate OEMs have done to everyday people, but it is wonderful to watch the Linux community respond.

TC

I'd been wondering about your comment re OEMs lagging ... in implementations - and would I need to do anything myself.

But today I did Install Updates and it includes "intel-microcode: microcode will be updated at next boot" - I presume this will apply to my i5 cpu.

[bitsnpcs]

I had looked at imgur before it looked a bit snoopy to me, I use a different image host. https://imgbb.com/

Very many thanks for this useful tip 

Glad it was useful

[m654321]

I had looked at imgur before it looked a bit snoopy to me, I use a different image host. https://imgbb.com/

Very many thanks for this useful tip 

[bitsnpcs]

Thank You  , I'll have a read of it

[Searchernow]

yes, at least some blanks are ads, I try to live an ad-less life.

https://en.wikipedia.org/wiki/Imgur

[bitsnpcs]

Do you have a link for the imgur wikipedia page please, so I can read the detail of it ?

The blank spaces in the Guardian may be blocked adverts ?

[Searchernow]

Re-reading my posts - I mentioned blank spaces n the Guardian, I should add that these are the exception, most images in the Guardian I can see ok.

[Searchernow]

Hello Searchernow,

I thought it could be the case, I had looked at imgur before it looked a bit snoopy to me, I use a different image host. https://imgbb.com/

You could check this post
https://www.linuxliteos.com/forums/other/is-there-a-way-to-make-the-desktop-taskbar-always-on-top/msg39982/#msg39982
and see if the png images I added display in your browsers, to determine if your browsers are blocking png image file type at other hosts, or whether it is only blocking imgur.

Thanks,
I opened that page and I do see your pic of a bee on flowers and a screenshot of "Panel window".

More generally, the wikipedia page for imgur reported a serious potential user data breach, though unlike yahoo they did notify users straight away.

[bitsnpcs]

Hello Searchernow,

I thought it could be the case, I had looked at imgur before it looked a bit snoopy to me, I use a different image host. https://imgbb.com/

You could check this post
https://www.linuxliteos.com/forums/other/is-there-a-way-to-make-the-desktop-taskbar-always-on-top/msg39982/#msg39982
and see if the png images I added display in your browsers, to determine if your browsers are blocking png image file type at other hosts, or whether it is only blocking imgur.