thx-1138 wrote: ⤴Fri Feb 16, 2018 2:57 pm
I'm still not much worried myself about Spectre & Meltdown
Nor should anyone. Meltdown is first of all fully solved by KPTI: if you are running a current kernel (or have an AMD processor) you are not affected by Meltdown.
By Spectre you are in theory but the actually important part of that is as far as I'm aware as fully solved by either retpoline or CPU microcode updates (both of which may still need to make it down to you) in the sense of restoring full privilege separation of user- and kernel addressspace. What fundamentally remains concerns multiple untrusted VM situations and the like: very applicable to hosting providers but not so much to you or me.
This, moreover, is while Spectre exploits are quite involved to begin with; proof of concept code is out there but as far as I know no actual exploits or even
attempts at exploit have been observed in the wild. If they were they, moremoreover, would be unlikely to target Linux rather than Windows. And certainly given that, moremoremoreover, getting an exploit delivered to you on Linux is
itself quite involved: full-blown Linux malware is for all intents and purposes non-existent and while not solved as per above, current browser vigilance mitigates dynamic content worries.
"Friends don't let friends do Facebook" or whichever other primary source of malicious content is popular among 14 year olds this month but other than that I'd advise anyone here to not worry about any of it.