New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It's running a "rolling distribution", and I figured it'd be fine, but it really did me no favors. It was sitting at a load of about .8 just running housekeeping - so that's a vCore dedicated to switching. Swell.
I'm sure subsequent patches will be somewhat better, but for those of us with single-user systems, there really isn't that much of a worry provided we don't have any services running that can be exploited in some fashion.
Ouch!
It takes like 45 seconds from sddm to Cinnamon now. That's slower than my (former) C2D.
I'll have to boot an old kernel and do some tests, but it's not really livable on that. However, my i5-2540M is only about 15% slower.
I am thinking the same, at home, behind 2 firewalls, nothing exposed...
But I am thinking some privilege escalation issue might happen in time, I am thinking to go back to core2duo, it was not bad at all.
You know how they say "Once you throw it out, you'll need it"? All of those C2Ds and P4Ms that I donated in December.. I was using the HP as my DD then, and now it feels like I still am.
I assume that PE will eventually become a deal as well. I've been passively considering reordering well-known entry points in libc and relinking the stock "generic" kernels to keep the most common/simple exploit entry points at bay.
I know, that is why I am a hoarder :P
I could easily open a computer museum, I have even an x86 made in 1986 with a Schweitzer hdd of 20 MB but still functional... Man, those serial and memory cards...
I was thinking one of these days, if I ever get raided, those people will most likely not recognize a lot of stuff
Update: Looking at intels high level
PR blablastatement their asses are on fire.Why am I not surprised you live by the old "I'm behind 9 proxies" meme :P
Francisco
Where is the picture :P Aldryic was much better at it.
Hum, a far cry from "we are not the only ones screwing and hiding it, AMD is to be blamed too!"
I do hope they do that, TBH i held Intel in a higher regard regarding contributions to kernels and OS projects, but recently I tried to install debian on a baytrail tablet and I am afraid I sounded like jarland for a while.
Finally, it runs lubuntu and canonical got it's share for not adding uefi32 support on their ISOs. I still need to fix the touch, but everything else seems to work after a long struggle.
If you're gaming and have the budget, get the 8700. I bought an i5 8600K for $224 and it kicks ass, running it at 4.8GHz with a low 1.17v and every game is smooth as butter. Here's a userbenchmark run: http://www.userbenchmark.com/UserRun/6759624
The Ryzen 1700 is good too though so either way I don't think you could go wrong
There is a Windows app with GUI to easy check if your computer is affected:
https://www.ashampoo.com/en/usd/pin/1304/security-software/spectre-meltdown-cpu-checker
P.S: Did not read the full post, so not sure if anuone as already posted this.
Apple: 60%+ loss
http://blog.metaobject.com/2018/01/meltdown-patch-reduces-mkfile8.html
And you thought only older cpus are a pain. Intel Skylake/Kabylake are due for additional patches and updates for Spectre variant 2 https://www.phoronix.com/scan.php?page=news_item&px=RETPOLINE_UNDERFLOW
Is that servers too? It mentions desktop/mobile, but i'd think the E3's are more or less the same.
Francisco
I think it's the architecture as a whole just the patches coming first for mobile/desktop first.
Thinking the same
Francisco
For one syscall.
I patched my MacBook Pro and iMac and my wife's MacBook Pro and I have not been able to notice the difference. I'm using these devices for typical desktop uses - browsing, office docs, compiling, photoshop, etc., so overall light but sometimes bursty I/O.
vmWare's official stance (according to colleagues at work) is that you have to patch the physical node, the guest VM's OSes, and the BIOS of the guest VMs.
I'm a little confused why patching the guests is necessary...don't they make all requests to access memory through the hypervisor?
Not sure if vmWare is just playing it ultra-cautious...it's very easy to say "you must patch all your guests" since it doesn't cost them anything and they're not doing the work ;-)
Iirc processes on the guest can still infer memory from other processes or the guests kernel without patching the guests kernel.
That at least, is my thoughts on KVM. I presume if correct, VMware has the same problem.
(Emphasis mine)
The issue isn't "just one [particular] syscall". The issue of the linked article can be summarized as "the patches slow down particularly with some apple file system" due to the fact that rel. small data chunks are transferred which translates to many more syscalls.
This, however, does not translate to "so, no problem, no significant slow down due to patch" as servers often don't get to chose the packet size or the number of packets. The former is, depending on protocol and network config, very often very small (e.g. dns) while the latter often is very high.
The rule of thumb for the patches seems to be "the more syscalls the more slowdown".
Side note: the number of syscalls on a typical desktop system is minimal (compared to a server).
All in all I expect the slowdown to be typically in the 3% or 5% range on desktops and between 10% and 25% on servers, largely depending on i/o.
Just keeps getting better...
"Intel’s Spectre patch is causing reboot problems for older processors" (older = 4-year-old Haswell)
"Microsoft had to halt the deployment of AMD’s Spectre patches after they rendered some computers unbootable."
https://www.theverge.com/2018/1/12/16884750/meltdown-spectre-intel-patch-reboot-problems
That's... Not old in terms of computing power
mktemp() is fast my man
And mkstemp is specifically designed to be slightly less fast for important reasons ;-)
So Redhat (and CentOS) are reverting the CPU microcodes to the "last known good" version before 2018/01/03
@rds100 just beat me to it LOL
Still waiting on Dell to do something for my Haswell-based (not consumer-grade) desktop; oddly they've already released partial patches for my 7 year old laptop.
Hi,
I’m not a hardware/security expert and after reading a lot of contradiction information about this Meltdown/Spectre security issues I have some simple doubts that I leave bellow and would really appreciate if anyone can clarify me.
All my computers are at the moment only vulnerable to Spectre (Meltdown was fixed by software updates). So, my only question/doubt is:
Can Spectre flaw be exploited remotely just by having my computer connected to the internet? Or for a hacker to exploit it, it must have physical access to my computer and/or I have to download malware to be infected?
Thanks!
My understanding is that an attacker would have to execute code on your computer to exploit the vulnerability (which would not require having "physical" access, in the sense of being at the console). But that code would not have to be running with root/administrator privileges, so any insecure application on your system could be a vector of attack. You wouldn't have to download malware, per se, if a vulnerability in some installed software could be leveraged to execute code on your system.
I don't think this really changes things too much: good security practice is, as it was before, to reduce your attack surface by not installing and running unnecessary software; by keeping ports you don't need open closed; by keeping your operating system and application software updated; and, of course, by backing up your data.
Things are a little scarier for multi-user systems, of course.
#dicks