ATTN!...Intel CPU owners (Spectre,Meltdown,Foreshadow, flaws)
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 30 days after creation.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
http://news.softpedia.com/news/intel-s- ... 0489.shtml
(Intel's Microcode Update for Spectre Makes a Comeback in Ubuntu's Repositories
Available on Ubuntu 17.10, 16.04 LTS, and 14.04 LTS
Apr 1, 2018 04:59 GMT )
(Intel's Microcode Update for Spectre Makes a Comeback in Ubuntu's Repositories
Available on Ubuntu 17.10, 16.04 LTS, and 14.04 LTS
Apr 1, 2018 04:59 GMT )
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Old news. See this thread for user experience : viewtopic.php?f=90&t=266766
Version: LM 21.3 64bit Mate "If something is worth doing, it is worth doing for free."
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
intel has announced today that it will make no further attempt to patch spectre variant 2 in the following chipsets mentioned in these 2 articles...DAMIEN
http://www.zdnet.com/article/intel-we-n ... ese-chips/
https://www.theregister.co.uk/2018/04/0 ... _be_fixed/
http://www.zdnet.com/article/intel-we-n ... ese-chips/
https://www.theregister.co.uk/2018/04/0 ... _be_fixed/
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Good info DAMIEN1307.
The direct link from the articles to the updated list from Intel (PDF): https://newsroom.intel.com/wp-content/u ... idance.pdf
Those marked in red won't get patches.
The direct link from the articles to the updated list from Intel (PDF): https://newsroom.intel.com/wp-content/u ... idance.pdf
Those marked in red won't get patches.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Anyone using Mint 18.3 spot the newer micro-code roll into the Update Manager? Seems the earlier version came up in the U-manager over a month ago but I never installed it as not for my I5 model.
Is everyone doing a manual install or waiting for the manager to populate it? The manual method mentions overwriting an existing directory containing the files, not a clean install. I don't have the first directory created to copy over.
Is everyone doing a manual install or waiting for the manager to populate it? The manual method mentions overwriting an existing directory containing the files, not a clean install. I don't have the first directory created to copy over.
- smurphos
- Level 18
- Posts: 8498
- Joined: Fri Sep 05, 2014 12:18 am
- Location: Irish Brit in Portugal
- Contact:
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
For custom Nemo actions, useful scripts for the Cinnamon desktop, and Cinnamox themes visit my Github pages.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
...just stumbled upon this, for those that can grasp the more technical know-how.
...as for mere mortals likes the rest of us, slide 60 mentions setting IUCODE_TOOL_INITRAMFS=no in /etc/default/intel-microcode,
as another way of disabling it from loading: ie. an alternative method than setting dis_ucode_ldr in Grub,
which is more widely known & mentioned in kernel-parameters.txt...might come handy as a future reference.
...as for mere mortals likes the rest of us, slide 60 mentions setting IUCODE_TOOL_INITRAMFS=no in /etc/default/intel-microcode,
as another way of disabling it from loading: ie. an alternative method than setting dis_ucode_ldr in Grub,
which is more widely known & mentioned in kernel-parameters.txt...might come handy as a future reference.
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
I hate to help resurrect this thread (the subject is long in the tooth and I stopped following it months ago), but an older computer I occasionally use has a red-flagged cpu on that list.xenopeek wrote: ⤴Wed Apr 04, 2018 8:25 am Good info DAMIEN1307.
The direct link from the articles to the updated list from Intel (PDF): https://newsroom.intel.com/wp-content/u ... idance.pdf
Those marked in red won't get patches.
So my question is, does MInt expose the cpu model to the world? Can that value be obtained remotely in a browser (via firefox media queries, for example)?
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
hi JohnFrumm...yep, i was of the "long in the tooth" opinion as well and i did ask mods if i should mark this as solved...their opinions were to not do so as the total resolution of spectre and meldown is still far from total resolution as of this time with new outcroppings still showing up...i can tell you that it is not LM exposing the "red flagged" CPUs that wont be receiving any more updates for this flaw but rather, it is Intel telling the world that Intel is not going to support them any longer...DAMIEN
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Hi Damien,DAMIEN1307 wrote: ⤴Sun Jun 17, 2018 4:21 pm i can tell you that it is not LM exposing the "red flagged" CPUs that wont be receiving any more updates for this flaw but rather, it is Intel telling the world that Intel is not going to support them any longer...DAMIEN
actually I meant dynamically exposing the cpu model in the browser, as with browser responsive design, viz. fingerprinting. I am new to responsive design and don't know all of the parameters that are/can be exposed. The OS, screen size, window size, cpu cores available, browser version, I know can be obtained by servers (and gobbled up by trackers - like google). What about the cpu model?
https://panopticlick.eff.org/
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
hi JohnFrumm...i use this site to see what my browser is spewing out with and without my VPN running...cannot see any CPU info mentioned...maybe someone else here might know something more of this than i do...DAMIEN
http://www.whatsmyip.org/more-info-about-you/
http://www.whatsmyip.org/more-info-about-you/
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
As a matter of design, no: JavaScript and certainly browsers' implementation thereof is severely limited as to what it can in fact do/see, and directly probing CPU information nor for example reading a client's /proc/cpuinfo are among it (HTML5 provides for a general File I/O API but with it the user would need to explicitly pick /proc/cpuinfo to share/upload). There is of course always the possibility of the JavaScript "sandbox" being compromised through a security bug but by design: no.
A useful site as to an overview of what information can be obtained from JavaScript: http://clientjs.org/ (although one should note that for many of those the user can elect to lie by f.e. providing a custom user agent string).
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Thank you for that link (I just noticed your post). I bookmarked that site and will look through it more tomorrow (beer o'clock right now). Pursuing through it there really are some DISTURBING methods available (w.r.t. privacy).rene wrote: ⤴Mon Jun 18, 2018 4:10 pmAs a matter of design, no: JavaScript and certainly browsers' implementation thereof is severely limited as to what it can in fact do/see, and directly probing CPU information nor for example reading a client's /proc/cpuinfo are among it (HTML5 provides for a general File I/O API but with it the user would need to explicitly pick /proc/cpuinfo to share/upload). There is of course always the possibility of the JavaScript "sandbox" being compromised through a security bug but by design: no.
A useful site as to an overview of what information can be obtained from JavaScript: http://clientjs.org/ (although one should note that for many of those the user can elect to lie by f.e. providing a custom user agent string).
Aside from privacy and security, such information does have one useful application: responsive design.
- Portreve
- Level 13
- Posts: 4870
- Joined: Mon Apr 18, 2011 12:03 am
- Location: Within 20,004 km of YOU!
- Contact:
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
So, for a moment, let's kind of take this back to the basics.
It's my guess that back in the day a decision was made that host (i.e. the computer running the browser client) data should be exposed to the outside world. It was probably considered harmless enough at the time, since even though there were such things as computer viruses even back in the 1980s, that was geared towards a whole different mindset and purpose. That someone would try and do (potentially horrific) things through exploiting host data probably really hadn't crossed anyone's mind.
So, my question is: why not just eliminate that entire range of the feature set from the design of web browsers? I'm not saying that alone would deal with all possible exploit vectors, but wouldn't that eliminate a whole bunch of them?
It's my guess that back in the day a decision was made that host (i.e. the computer running the browser client) data should be exposed to the outside world. It was probably considered harmless enough at the time, since even though there were such things as computer viruses even back in the 1980s, that was geared towards a whole different mindset and purpose. That someone would try and do (potentially horrific) things through exploiting host data probably really hadn't crossed anyone's mind.
So, my question is: why not just eliminate that entire range of the feature set from the design of web browsers? I'm not saying that alone would deal with all possible exploit vectors, but wouldn't that eliminate a whole bunch of them?
Flying this flag in support of freedom 🇺🇦
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Recommended keyboard layout: English (intl., with AltGR dead keys)
Podcasts: Linux Unplugged, Destination Linux
Also check out Thor Hartmannsson's Linux Tips YouTube Channel
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
People expect "dynamic content" and sometimes, rightly so. Let's take one of the more detailed bits of retrievable information from that site as an example, getCurrentResolution(): this enables a site to dynamically adjust its content/layout to the viewport-size and can be quite welcome.
Frankly I'm not too impressed by ClientJS' possibilities...
Frankly I'm not too impressed by ClientJS' possibilities...
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
It would be welcome if it were used a bit moe often. Too many sites are a couple of dozen pixels too wide, or have a generally objectionable layout on a PC screen. Maybe it could be used to detect that you are using a PC or laptop, NOT a phablet. Especially sites aimed primarily at PC & Laptop users.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Toshiba NB250 - Manjaro KDE------------------------Acer Aspire One D255E - LM21.3 Xfce
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----… Two ROMS don't make a WRITE …
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
https://www.phoronix.com/scan.php?page= ... 6-32-Lands (Meltdown Protection For x86 32-bit Aligned For The Linux 4.19 Kernel;
Written by Michael Larabel in Linux Kernel on 20 July 2018)
Written by Michael Larabel in Linux Kernel on 20 July 2018)
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
https://www.zdnet.com/article/spectrers ... omponents/ (SpectreRSB: New attack targets CPU return stack buffers; Updated: The "Spectre class" attack can be used to recover and pull sensitive data from victim machines. - 24 July 2018)
-
- Level 1
- Posts: 23
- Joined: Sat Jan 13, 2018 4:26 pm
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
Hi Michael and thank-you for the news.michael louwe wrote: ⤴Fri Jul 20, 2018 4:44 am https://www.phoronix.com/scan.php?page= ... 6-32-Lands (Meltdown Protection For x86 32-bit Aligned For The Linux 4.19 Kernel;
Written by Michael Larabel in Linux Kernel on 20 July 2018)
I have Linux Mint 18.0 32-bit with kernel 4.4.0-116.140 and the last version of microcode Intel.
Up to now I couldn't mitigate Meltdown.
Do you think that i can try to update to kernel 4.19 without problems?
If yes, do you think it is worthwhile?
Re: ATTN!...Intel CPU owners (Spectre & Meltdown flaws)
.neversaynever wrote:.
Right now, there is only mainline/upstream Linux kernel 4.17 Stable available for manual install ... https://www.kernel.org/ . So, you will have to wait awhile for kernel 4.19 Stable.
Hopefully, Ubuntu/LM will also provide downstream Linux kernel 4.19 in the Update Manager of 32 bit LM 18.x and 17.x.