You are Here:
Linux Lite 4.0 Beta has been released. See the Release Announcements Section.




Meltdown & Spectre Information and Discussion

Author (Read 10077 times)

0 Members and 1 Guest are viewing this topic.

Re: Meltdown & Spectre Information and Discussion
« Reply #30 on: January 11, 2018, 10:30:24 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 578
    Posts
  • Country: gb
  • Reputation: 57
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
Tks Trinidad.  For the uninitiated, such as myself
Does this Virtual Server vulnerability mean?
a) Contacting/using cloud storage is a possible vulnerability.
B) Connection to online banking  could be vulnerable
c) Ditto online payment transaction such as Amazon, Paypal etc even though they are supposedly "locked" = https://
d) The connection process to "home" wifi is vulnerable  even with proper WPA/WPA2 activated?

Is this another case of Year 2000  "panic" or a realistic potential threat?

Thanks
Last Edit: January 11, 2018, 10:34:18 AM by newtusmaximus
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now Trialling Alpha 32bit Debian.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL3.8 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 


Re: Meltdown & Spectre Information and Discussion
« Reply #31 on: January 11, 2018, 10:45:49 AM »
 

TheDead

  • I come here a lot
  • *****
  • 365
    Posts
  • Country: ca
  • Reputation: 27
  • Linux Lite Worshipper
    • My OpenDesktop Projects

  • Linux Lite: 3.8 32bit

  • CPU: HAL9000

  • MEMORY: 1Gb

  • VIDEO CARD: Oculus Rift v.5
I read one article referred to me about the whole issue but it only mentions Intel/AMD "Server" CPUs and ARM CPUs. Atoms are not affected(?).
@trinidad , from your readings, are standard desktop/laptop CPUs affected are not?
This whole issue went kaboom all over the place... hard to find clear info.

Nothing better for something to get popular than big companies trying to keep it quiet. ;)

Cheers!
- TheDead (TheUxNo0b)
 

Re: Meltdown & Spectre Information and Discussion
« Reply #32 on: January 11, 2018, 05:28:06 PM »
 

trinidad

  • Gold Level Poster
  • *******
  • 733
    Posts
  • Country: us
  • Reputation: 131
  • Linux Lite Member
    • dbts-analytics.com

  • Linux Lite: 3.8 64bit

  • CPU: AMD A8 5500 4 cores

  • MEMORY: 8Gb

  • VIDEO CARD: AMD/ATI Radeon HD 7560D
Certainly not a panic issue for home users of any OS, at least in the present definition of what security is. There is no doubt that it could prove to be a real pain down the road (depending on the provider) for small businesses using older Intel hardware who have purchased virtual space on a server, in that there is a real possibilty that their hardware will no longer be able to log onto their server space which is likely to have the Intel firmware updates, kind of like the changes made to Firefox last summer involving secure connections. If there is no Intel firmware update available for your hardware you may find yourself not able to log onto virtual server space you have paid for that has the Intel firmware updates. That is just the first problem users of Ubuntu, Windows 7, 8.1, Debian, Mac OS, and others running on Intel older hardware will run up against. It is a security issue for industry leaders using Intel hardware to run big server arrays. People like RHEL, Suse Enterprise, Microsoft, and Ubuntu and Debian as well. However, and it's a big however, I would argue at this point that is a rush toward an appearance of better security, but not as grave as it seems in the news. Furthermore given the security measures available to most good administrators, it is a highly unlikely hack unless of course you operate with seriously unvetted administrators. The winners here are likely to turn out to be Intel and Microsoft in the end, given the planned obselescence model of business they use. Want to use our Intel servers? Upgrade your firmware. It seems too brilliant of a business ploy to be anything other than a business ploy. That aside I am not satisfied at all with the mitigations in Linux for meltdown as I and a lot of other people think the action is too extreme, given the neccessity of then having to deal with propietary firmware updates. We all need to take a deep breath here and take the time to study the mitigations thorougly. It has been proved time and time again that computing security is best enabled via the open source community, period.

TC         
"You can't depend on your eyes when your imagination is out of focus."
 

Re: Meltdown & Spectre Information and Discussion
« Reply #33 on: January 12, 2018, 07:48:33 AM »
 

trinidad

  • Gold Level Poster
  • *******
  • 733
    Posts
  • Country: us
  • Reputation: 131
  • Linux Lite Member
    • dbts-analytics.com

  • Linux Lite: 3.8 64bit

  • CPU: AMD A8 5500 4 cores

  • MEMORY: 8Gb

  • VIDEO CARD: AMD/ATI Radeon HD 7560D
Few new things:
Have not tested this but the script should work on normal Linux OS. Those of you who want to check kernels may want to try it.

https://github.com/speed47/spectre-meltdown-checker

So far it seems that the version of the LTS 4.4 kernel 109.132 does not brick some older boards the way .108 does. I am running it on a six year old Intel Dell. Will be looking at Qemu this afternoon to see how broken it is. MS patches have been bricking things all over the place and literally locking Windows 7 and 10 on older harware to junk. If you are on Windows 7 do NOT install the patch. The patching for this mess in general is running below 50% success rate on older hardware. Best to be patient. This whiz kids who published this worked from a 2005 research paper to begin with. The generation gap is obvious concerning this. If you are just a home user, and do not maintain a server presence, I wouldn't bother with a patch just yet. This vulnerability affects the core infrastructure of the web and there is little you can do about that. IMHO I think it may turn out to be the biggest tech bloodbath in history by the end of the year with a myriad of on again off again failed fixes. If you are just a home user take heart, you are a consumer, and that is what built it all.

TC 
"You can't depend on your eyes when your imagination is out of focus."
 

Re: Meltdown & Spectre Information and Discussion
« Reply #34 on: January 12, 2018, 08:10:29 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6009
    Posts
  • Country: nz
  • Reputation: 537
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
IMHO I think it may turn out to be the biggest tech bloodbath in history by the end of the year...

TC 

It already is.
Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

Learn to use your emotions to think, not think with your emotions.



 

Re: Meltdown & Spectre Information and Discussion
« Reply #35 on: January 12, 2018, 08:49:24 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 578
    Posts
  • Country: gb
  • Reputation: 57
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
Any idea which Intel chips are considered to be vulnerable to updates.?
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now Trialling Alpha 32bit Debian.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL3.8 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Meltdown & Spectre Information and Discussion
« Reply #36 on: January 12, 2018, 08:55:59 AM »
 

trinidad

  • Gold Level Poster
  • *******
  • 733
    Posts
  • Country: us
  • Reputation: 131
  • Linux Lite Member
    • dbts-analytics.com

  • Linux Lite: 3.8 64bit

  • CPU: AMD A8 5500 4 cores

  • MEMORY: 8Gb

  • VIDEO CARD: AMD/ATI Radeon HD 7560D
No comprehensive info on that yet. MS patches have cooked a bunch of different boards already, and withdrew some patches. Early losses will be unpredictable, about like a blind machine gunner firing into a crowd.

TC
"You can't depend on your eyes when your imagination is out of focus."
 

Re: Meltdown & Spectre Information and Discussion
« Reply #37 on: January 12, 2018, 09:02:29 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 578
    Posts
  • Country: gb
  • Reputation: 57
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
So are we safe in  continuing to update LL; i.e no chance of "junking" our older hardware??
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now Trialling Alpha 32bit Debian.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL3.8 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Meltdown & Spectre Information and Discussion
« Reply #38 on: January 12, 2018, 09:53:56 AM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 578
    Posts
  • Country: gb
  • Reputation: 57
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
If you wanna do a quick check on your own. Just for piece of mind I guess.


Code: [Select]
dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000

<use sudo in Linux Lite>
RESULT
-Ultra-slim-Desktop:~$ sudo dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
[sudo] password for linuxlite:
5000000+0 records in
5000000+0 records out
2560000000 bytes (2.6 GB, 2.4 GiB) copied, 21.1723 s, 121 MB/s
-Ultra-slim-Desktop:~$


So what does this mean in the scheme of things please?






Last Edit: January 12, 2018, 09:57:22 AM by newtusmaximus
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now Trialling Alpha 32bit Debian.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL3.8 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Meltdown & Spectre Information and Discussion
« Reply #39 on: January 12, 2018, 10:24:40 AM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1257
    Posts
  • Country: us
  • Reputation: 133

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
If you wanna do a quick check on your own. Just for piece of mind I guess.


Code: [Select]
dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000

<use sudo in Linux Lite>
RESULT
-Ultra-slim-Desktop:~$ sudo dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
[sudo] password for linuxlite:
5000000+0 records in
5000000+0 records out
2560000000 bytes (2.6 GB, 2.4 GiB) copied, 21.1723 s, 121 MB/s
-Ultra-slim-Desktop:~$


So what does this mean in the scheme of things please?

For starters. Simple answer. 121 MB/s is OK and means no memory leak.

I have been busy changing kernels in my gear and using patched kernels from Debian and AntiX to make the point of this thread moot in my case usage.

Like on this IBM T23 Laptop that Linux Lite won't run on. Due to age of gear and hardware limitations. Posting this reply in Netsurf browser. No Java or Flashplayer Plugin touches this laptop.

Code: [Select]
harry@biker:~
$ inxi -M
Machine:   Device: laptop System: IBM product: 26474MU serial: N/A
           Mobo: IBM model: 26474MU serial: N/A
           BIOS: IBM v: 1AET64WW (1.20 ) date: 10/18/2006
harry@biker:~
$ inxi -f
CPU:       Single core Mobile Intel Pentium III - M (-UP-) cache: 512 KB
           CPU Flags: cmov cx8 de eagerfpu fpu fxsr mca mce mmx msr mtrr pae pge pse
           pse36 sep sse tsc vme
harry@biker:~
$ uname -a
Linux biker 4.9.75-antix.2-486-smp #2 SMP Tue Jan 9 15:22:47 EST 2018 i686 GNU/Linux
harry@biker:~
$

Ubuntu will make this thread moot also when their patched kernels are available also.

Your gear is untouched from what I can tell from your readout. I'll run that command on my IBM T23 Laptop. Which is way way slower and weaker than your gear. It uses a intel cpu also though.

Code: [Select]
# dd if=/dev/zero of=/tmp/testfile bs=512 count=5000000
5000000+0 records in
5000000+0 records out
2560000000 bytes (2.6 GB, 2.4 GiB) copied, 68.3041 s, 37.5 MB/s

as you can tell from my readout I gave as a comparison. Mine is fine also for the age of this gear. If I got something like 5 MB/s. Then I'd worry. If it took like 10 mintues to copy. That would concern me also. s

 

 



LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Meltdown & Spectre Information and Discussion
« Reply #40 on: January 12, 2018, 11:13:52 AM »
 

trinidad

  • Gold Level Poster
  • *******
  • 733
    Posts
  • Country: us
  • Reputation: 131
  • Linux Lite Member
    • dbts-analytics.com

  • Linux Lite: 3.8 64bit

  • CPU: AMD A8 5500 4 cores

  • MEMORY: 8Gb

  • VIDEO CARD: AMD/ATI Radeon HD 7560D
I heard you on the wireless back in fifty two
Lying awake intent at tuning in on you
If I was young it didn't stop you coming through

They took the credit for your second symphony
Rewritten by machine and new technology
And now I understand the problems you can see

Oh-a oh
I met your children
Oh-a oh
What did you tell them?

Video killed the radio star
Video killed the radio star

Pictures came and broke your heart
Oh-a-a-a oh

And now we meet in an abandoned studio
We hear the playback and it seems so long ago
And you remember the jingles used to go

Oh-a oh
You were the first one
Oh-a oh
You were the last one

Video killed the radio star
Video killed the radio star

In my mind and in my car
We can't rewind we've gone too far

Oh-a-aho oh
Oh-a-aho oh

Video killed the radio star
Video killed the radio star

In my mind and in my car
We can't rewind we've gone to far
Pictures came and broke your heart
Put the blame on VTR



Don't look back. You're not going that way.
TC
"You can't depend on your eyes when your imagination is out of focus."
 

Re: Meltdown & Spectre Information and Discussion
« Reply #41 on: January 12, 2018, 06:29:02 PM »
 

newtusmaximus

  • Gold Level Poster
  • *******
  • 578
    Posts
  • Country: gb
  • Reputation: 57
  • Paypal Supporter.

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core duo 6300 1.86GHz

  • MEMORY: 4Gb

  • VIDEO CARD: Intel 82Q963/Q965
Hey T what are you on :)   All this blown your circuits??   :)
2006 - HP DC7700p ultraslim Desktop Intel 6300 cpu  4GB Ram LL3.6 64bit.
2007 - Fujitsu Siemens V3405 Laptop  2 GB Ram LL3.6 32bit. Now Trialling Alpha 32bit Debian.
2006 - Fujitsu Siemens Si1520 Laptop Intel T720 cpu 3GB Ram LL3.8 64bit
2003 - RETIRED Toshiba Satellite Pro A10 1 GB RAM LL2.8 32bit
 

Re: Meltdown & Spectre Information and Discussion
« Reply #42 on: January 12, 2018, 07:10:35 PM »
 

rokytnji

  • Friganeer
  • Platinum Level Poster
  • **********
  • 1257
    Posts
  • Country: us
  • Reputation: 133

  • Linux Lite: 3.6 64bit

  • CPU: Intel Core2 Duo U9600

  • MEMORY: 4Gb

  • VIDEO CARD: Intel Mobile 4
Hey T what are you on :)   All this blown your circuits??   :)

My take  and sense of humor is his clever way on how video killed my the function of my IBM T23 laptop.

Only way I can watch watch youtube on a Pentium 3 is with livestreamer tied into streamlight-antix

Quote
Livestreamer is a Command Line Interface that extracts video
streams from various services and hands them to a video player,
such as VLC. The main purpose of Livestreamer is to allow the
user to avoid buggy and CPU heavy flash plugins but still
be able to enjoy various streamed content.

Currently most of the big streaming services are supported
(e.g. Dailymotion, Livestream, Justin.tv, Twitch, YouTube Live
and UStream) and more specialized content providers can be
added easily using Livestreamerís plugin system.
Quote

streamlight-antix

Quote
An easy way to play or download antiX help videos from Youtube without using a modern, heavyweight, web browser.
Quote

Hope I guessed right.  Kinda off topic. But I don't care.  :P

LL 3.6,2.8
Dell XT2 > Touchscreen Laptop
Dell 755 > Desktop
Acer 150 > Desktop
I am who I am. Your approval is not needed.
 

Re: Meltdown & Spectre Information and Discussion
« Reply #43 on: January 13, 2018, 09:39:58 AM »
 

trinidad

  • Gold Level Poster
  • *******
  • 733
    Posts
  • Country: us
  • Reputation: 131
  • Linux Lite Member
    • dbts-analytics.com

  • Linux Lite: 3.8 64bit

  • CPU: AMD A8 5500 4 cores

  • MEMORY: 8Gb

  • VIDEO CARD: AMD/ATI Radeon HD 7560D
Acutally if we consider the fundamental ethical business model of the proprietary computer industry we can derive the creedo: "Don't look back. You're not going that way." though Roks take is perfectly funny too. Rush to development is what this mess is all about. I believe a cautionary approach is better, given that this flaw involves proprietary code that has such a cross platform impact and scope. The best approach would be for Intel to release open source CPU code, not expect software modification. Some say Linux in general would be better off to drag its feet a little with this issue and consider a little more in depth what the suggested mitigations might open a door to. Could be a bad moon rising.

TC
"You can't depend on your eyes when your imagination is out of focus."
 

Re: Meltdown & Spectre Information and Discussion
« Reply #44 on: January 15, 2018, 02:19:56 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 6009
    Posts
  • Country: nz
  • Reputation: 537
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
FYI - Ubuntu making some head way here:

Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

Learn to use your emotions to think, not think with your emotions.



 


 


Linux Lite 4.0 Beta has been released. See the Release Announcements Section.