ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)

Chat about just about anything else
User avatar
michael louwe
Level 9
Level 9
Posts: 2614
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Mon Apr 02, 2018 7:13 am

http://news.softpedia.com/news/intel-s- ... 0489.shtml
(Intel's Microcode Update for Spectre Makes a Comeback in Ubuntu's Repositories
Available on Ubuntu 17.10, 16.04 LTS, and 14.04 LTS
Apr 1, 2018 04:59 GMT )

User avatar
Terryphi
Level 3
Level 3
Posts: 140
Joined: Mon Jun 06, 2011 6:30 am
Location: West Wales. UK

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Terryphi » Mon Apr 02, 2018 8:15 am

Old news. See this thread for user experience : viewtopic.php?f=90&t=266766
Version: LM 19 64bit Mate

DAMIEN1307
Level 5
Level 5
Posts: 815
Joined: Tue Feb 21, 2017 8:13 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by DAMIEN1307 » Wed Apr 04, 2018 7:26 am

intel has announced today that it will make no further attempt to patch spectre variant 2 in the following chipsets mentioned in these 2 articles...DAMIEN

http://www.zdnet.com/article/intel-we-n ... ese-chips/

https://www.theregister.co.uk/2018/04/0 ... _be_fixed/

User avatar
xenopeek
Level 24
Level 24
Posts: 22654
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by xenopeek » Wed Apr 04, 2018 8:25 am

Good info DAMIEN1307.

The direct link from the articles to the updated list from Intel (PDF): https://newsroom.intel.com/wp-content/u ... idance.pdf
Those marked in red won't get patches.
Image

G-Mo
Level 1
Level 1
Posts: 24
Joined: Sat Jan 13, 2018 4:14 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by G-Mo » Fri Apr 13, 2018 1:59 pm

Anyone using Mint 18.3 spot the newer micro-code roll into the Update Manager? Seems the earlier version came up in the U-manager over a month ago but I never installed it as not for my I5 model.

Is everyone doing a manual install or waiting for the manager to populate it? The manual method mentions overwriting an existing directory containing the files, not a clean install. I don't have the first directory created to copy over.

User avatar
smurphos
Level 6
Level 6
Posts: 1178
Joined: Fri Sep 05, 2014 12:18 am
Location: Britisher...

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by smurphos » Fri Apr 13, 2018 2:07 pm

G-Mo wrote:
Fri Apr 13, 2018 1:59 pm
Anyone using Mint 18.3 spot the newer micro-code roll into the Update Manager?
Yep - viewtopic.php?f=90&t=266766&hilit=microcode & viewtopic.php?f=90&t=266811&hilit=microcode

User avatar
thx-1138
Level 6
Level 6
Posts: 1053
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by thx-1138 » Sun Jun 17, 2018 2:34 pm

...just stumbled upon this, for those that can grasp the more technical know-how.

...as for mere mortals likes the rest of us, slide 60 mentions setting IUCODE_TOOL_INITRAMFS=no in /etc/default/intel-microcode,
as another way of disabling it from loading: ie. an alternative method than setting dis_ucode_ldr in Grub,
which is more widely known & mentioned in kernel-parameters.txt...might come handy as a future reference.

JohnFrumm
Level 2
Level 2
Posts: 55
Joined: Sun Dec 03, 2017 12:49 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JohnFrumm » Sun Jun 17, 2018 3:30 pm

xenopeek wrote:
Wed Apr 04, 2018 8:25 am
Good info DAMIEN1307.

The direct link from the articles to the updated list from Intel (PDF): https://newsroom.intel.com/wp-content/u ... idance.pdf
Those marked in red won't get patches.
I hate to help resurrect this thread (the subject is long in the tooth and I stopped following it months ago), but an older computer I occasionally use has a red-flagged cpu on that list.

So my question is, does MInt expose the cpu model to the world? Can that value be obtained remotely in a browser (via firefox media queries, for example)?
Have you backed up your computer recently?

DAMIEN1307
Level 5
Level 5
Posts: 815
Joined: Tue Feb 21, 2017 8:13 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by DAMIEN1307 » Sun Jun 17, 2018 4:21 pm

hi JohnFrumm...yep, i was of the "long in the tooth" opinion as well and i did ask mods if i should mark this as solved...their opinions were to not do so as the total resolution of spectre and meldown is still far from total resolution as of this time with new outcroppings still showing up...i can tell you that it is not LM exposing the "red flagged" CPUs that wont be receiving any more updates for this flaw but rather, it is Intel telling the world that Intel is not going to support them any longer...DAMIEN

JohnFrumm
Level 2
Level 2
Posts: 55
Joined: Sun Dec 03, 2017 12:49 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JohnFrumm » Mon Jun 18, 2018 10:20 am

DAMIEN1307 wrote:
Sun Jun 17, 2018 4:21 pm
i can tell you that it is not LM exposing the "red flagged" CPUs that wont be receiving any more updates for this flaw but rather, it is Intel telling the world that Intel is not going to support them any longer...DAMIEN
Hi Damien,
actually I meant dynamically exposing the cpu model in the browser, as with browser responsive design, viz. fingerprinting. I am new to responsive design and don't know all of the parameters that are/can be exposed. The OS, screen size, window size, cpu cores available, browser version, I know can be obtained by servers (and gobbled up by trackers - like google). What about the cpu model?

https://panopticlick.eff.org/
Have you backed up your computer recently?

DAMIEN1307
Level 5
Level 5
Posts: 815
Joined: Tue Feb 21, 2017 8:13 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by DAMIEN1307 » Mon Jun 18, 2018 2:28 pm

hi JohnFrumm...i use this site to see what my browser is spewing out with and without my VPN running...cannot see any CPU info mentioned...maybe someone else here might know something more of this than i do...DAMIEN

http://www.whatsmyip.org/more-info-about-you/

rene
Level 7
Level 7
Posts: 1904
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by rene » Mon Jun 18, 2018 4:10 pm

JohnFrumm wrote:
Mon Jun 18, 2018 10:20 am
The OS, screen size, window size, cpu cores available, browser version, I know can be obtained by servers (and gobbled up by trackers - like google). What about the cpu model?
As a matter of design, no: JavaScript and certainly browsers' implementation thereof is severely limited as to what it can in fact do/see, and directly probing CPU information nor for example reading a client's /proc/cpuinfo are among it (HTML5 provides for a general File I/O API but with it the user would need to explicitly pick /proc/cpuinfo to share/upload). There is of course always the possibility of the JavaScript "sandbox" being compromised through a security bug but by design: no.

A useful site as to an overview of what information can be obtained from JavaScript: http://clientjs.org/ (although one should note that for many of those the user can elect to lie by f.e. providing a custom user agent string).

JohnFrumm
Level 2
Level 2
Posts: 55
Joined: Sun Dec 03, 2017 12:49 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by JohnFrumm » Tue Jul 10, 2018 6:10 pm

rene wrote:
Mon Jun 18, 2018 4:10 pm
JohnFrumm wrote:
Mon Jun 18, 2018 10:20 am
The OS, screen size, window size, cpu cores available, browser version, I know can be obtained by servers (and gobbled up by trackers - like google). What about the cpu model?
As a matter of design, no: JavaScript and certainly browsers' implementation thereof is severely limited as to what it can in fact do/see, and directly probing CPU information nor for example reading a client's /proc/cpuinfo are among it (HTML5 provides for a general File I/O API but with it the user would need to explicitly pick /proc/cpuinfo to share/upload). There is of course always the possibility of the JavaScript "sandbox" being compromised through a security bug but by design: no.

A useful site as to an overview of what information can be obtained from JavaScript: http://clientjs.org/ (although one should note that for many of those the user can elect to lie by f.e. providing a custom user agent string).
Thank you for that link (I just noticed your post). I bookmarked that site and will look through it more tomorrow (beer o'clock right now). Pursuing through it there really are some DISTURBING methods available (w.r.t. privacy).
Aside from privacy and security, such information does have one useful application: responsive design.
Have you backed up your computer recently?

User avatar
Portreve
Level 6
Level 6
Posts: 1202
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by Portreve » Tue Jul 10, 2018 6:25 pm

So, for a moment, let's kind of take this back to the basics.

It's my guess that back in the day a decision was made that host (i.e. the computer running the browser client) data should be exposed to the outside world. It was probably considered harmless enough at the time, since even though there were such things as computer viruses even back in the 1980s, that was geared towards a whole different mindset and purpose. That someone would try and do (potentially horrific) things through exploiting host data probably really hadn't crossed anyone's mind.

So, my question is: why not just eliminate that entire range of the feature set from the design of web browsers? I'm not saying that alone would deal with all possible exploit vectors, but wouldn't that eliminate a whole bunch of them?
Everything is in hand. With this tapestry... and with patience, there is nothing one cannot achieve.

No hamsters were harmed in the authoring of this post.

rene
Level 7
Level 7
Posts: 1904
Joined: Sun Mar 27, 2016 6:58 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by rene » Tue Jul 10, 2018 6:33 pm

People expect "dynamic content" and sometimes, rightly so. Let's take one of the more detailed bits of retrievable information from that site as an example, getCurrentResolution(): this enables a site to dynamically adjust its content/layout to the viewport-size and can be quite welcome.

Frankly I'm not too impressed by ClientJS' possibilities...

User avatar
BG405
Level 6
Level 6
Posts: 1244
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by BG405 » Wed Jul 11, 2018 7:56 pm

rene wrote:
Tue Jul 10, 2018 6:33 pm
as an example, getCurrentResolution(): this enables a site to dynamically adjust its content/layout to the viewport-size and can be quite welcome.
It would be welcome if it were used a bit moe often. Too many sites are a couple of dozen pixels too wide, or have a generally objectionable layout on a PC screen. Maybe it could be used to detect that you are using a PC or laptop, NOT a phablet. Especially sites aimed primarily at PC & Laptop users. :wink:
Dell Inspiron 1525 - LM17.3 CE 64-------------------Acer D255E 2GB - Manjaro KDE, LM17.3 KDE 32
Toshiba NB305 - LM17.3 Xfce 32---------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
michael louwe
Level 9
Level 9
Posts: 2614
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Fri Jul 20, 2018 4:44 am

https://www.phoronix.com/scan.php?page= ... 6-32-Lands (Meltdown Protection For x86 32-bit Aligned For The Linux 4.19 Kernel;
Written by Michael Larabel in Linux Kernel on 20 July 2018)

User avatar
michael louwe
Level 9
Level 9
Posts: 2614
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Wed Jul 25, 2018 7:31 am

https://www.zdnet.com/article/spectrers ... omponents/ (SpectreRSB: New attack targets CPU return stack buffers; Updated: The "Spectre class" attack can be used to recover and pull sensitive data from victim machines. - 24 July 2018)

neversaynever
Level 1
Level 1
Posts: 20
Joined: Sat Jan 13, 2018 4:26 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by neversaynever » Thu Jul 26, 2018 12:56 pm

michael louwe wrote:
Fri Jul 20, 2018 4:44 am
https://www.phoronix.com/scan.php?page= ... 6-32-Lands (Meltdown Protection For x86 32-bit Aligned For The Linux 4.19 Kernel;
Written by Michael Larabel in Linux Kernel on 20 July 2018)
Hi Michael and thank-you for the news.
I have Linux Mint 18.0 32-bit with kernel 4.4.0-116.140 and the last version of microcode Intel.
Up to now I couldn't mitigate Meltdown.
Do you think that i can try to update to kernel 4.19 without problems?
If yes, do you think it is worthwhile?

User avatar
michael louwe
Level 9
Level 9
Posts: 2614
Joined: Sun Sep 11, 2016 11:18 pm

Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)

Post by michael louwe » Thu Jul 26, 2018 2:43 pm

neversaynever wrote:.
.
Right now, there is only mainline/upstream Linux kernel 4.17 Stable available for manual install ... https://www.kernel.org/ . So, you will have to wait awhile for kernel 4.19 Stable.

Hopefully, Ubuntu/LM will also provide downstream Linux kernel 4.19 in the Update Manager of 32 bit LM 18.x and 17.x.

Post Reply

Return to “Open chat”