Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 13 Dec 2018, 21:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
[ meltown & spectre ] Puppy's kernel update ?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [23 Posts]   Goto page: Previous 1, 2
Author Message
belham2

Joined: 15 Aug 2016
Posts: 1628

PostPosted: Tue 09 Jan 2018, 11:07    Post subject: Re: My summary (as requested)  

ozsouth wrote:
Apparently affected CPU list - https://www.techarp.com/guides/complete-list-cpus-meltdown-spectre

Intel support notes - https://www.intel.com/sa-00086-support

Prefbar mozilla addon toggles javascript & flash on/off.



Hi Ozsouth,

Trying to access "techarp' today to show a few friends the lists, and am getting weird behavior from the techarp site. First, it keeps trying to reload our browsers (shut them down and restart them--and we are on different machines, and different lans). Even more weirdly, when we won't let it do that, it pops up the pic below. Gotta ask: do you use this site often? Are they legit? Had never heard of them until yest and now I am circumspect given this behavior their site is displaying. The scripts on the main page are aggressive in attempting to do things to each different browser we tried (Firefox, Palemoon, Chrome) but we have the browsers set up that javascript is disabled. Darn weird...didn't do this to me yesterday when I looked the 1st time.

(This pic below was snapped after a full 1-2 minutes passed)
screenshot.jpg
 Description   
 Filesize   42.1 KB
 Viewed   709 Time(s)

screenshot.jpg

Back to top
View user's profile Send private message 
mostly_lurking

Joined: 25 Jun 2014
Posts: 285

PostPosted: Tue 09 Jan 2018, 11:59    Post subject:  

belham2 wrote:
Trying to access "techarp' today to show a few friends the lists, and am getting weird behavior from the techarp site.

They are running some DDoS protection software. (I've seen that before on other sites.) Enable Javascript and cookies and you should be able to get in.

musher0 wrote:
AMD "Turion line" CPUs are not affected.

ac2011 wrote:
Or perhaps just too old to be listed? I have a couple of T7600 Intel Core 2 Duo machines that also aren't on that list. I don't see what, if anything, would make them invulnerable to Spectre, though. It may just be the case that these machines are too old for Intel/AMD to even bother testing.

The list contains AMD workstation processors going as far back as 2011, but desktop/mobile processors only for 2015-2017. Unless home PC CPUs didn't receive the features that made them vulnerable until 2015, It looks like a case of "didn't bother testing older ones".
Back to top
View user's profile Send private message 
Marv


Joined: 04 May 2005
Posts: 1101
Location: SW Wisconsin

PostPosted: Tue 09 Jan 2018, 12:25    Post subject:  

Linux 32 bit kernels and 64 bit kernels handle memory spaces quite differently. Here is one reference https://lwn.net/Articles/738975/. There may be better. I haven't yet seen a 32 bit kernel with the kpti patches verifiably enabled and am trying to understand whether that is due to the greater pressure to patch the 64 bit ones or to the difference in memory handling affecting meltdown & spectre vulnerability. Any help in understanding this part of the issue?

Edit 11/01/2018: Having made no progress at all with 32 bit kernels, I extracted the 64b 4.14.12 from Fatdog64 721 Final (Thanks Kirk, James, SFR and step) and am running LxPupSc 18.01 +2T with it. kpti enabled, meltdown protected, but microcode not working yet on my i5 so still spectre vulnerable. Inch by inch... later, also running and meltdown protected in battleshooters xfce xenialpup64. My i5 is probably outside intels 5 year fix window hence the microcode not working. Confirmed that the latest ucode doesn't include the 2520 though intel claims it does. Microcode loading is working correctly on that kernel so I'll probably use it across the board for now.

Edited later on 11/01/2018 to add attachment and update microcode stuff.
Screenshot.png
Description  Grrrrrrr on intel
png

 Download 
Filename  Screenshot.png 
Filesize  46.52 KB 
Downloaded  163 Time(s) 

_________________
Pups currently in kennel Very Happy LxPupSc and X-slacko-4.4 for my users; LxPupSc, LxPupSc64, LxPupBionic, upupbb and upupcc for me. All good pups indeed, and all running savefiles for look'n'feel only. Browsers, etc. solely from SFS.
Back to top
View user's profile Send private message 
autumnleaves

Joined: 07 Jan 2011
Posts: 125

PostPosted: Thu 11 Jan 2018, 22:53    Post subject: Kernel update?  

Is there a kernel update for dummies file somewhere? Tahrpup 64 6.0.6
Back to top
View user's profile Send private message 
souleau


Joined: 23 Oct 2016
Posts: 132

PostPosted: Thu 18 Jan 2018, 05:47    Post subject:  

Okay, so the situation with me is that I am running Puppy Precise 5.7.1 on an machine with an AMD Athlon 3000+ processor.

I am very happy with this setup since it has been tweaked to cater my preferences over a long period of time.

Now, patches for Ubuntu Precise are only available for Ubuntu Advantage customers with Extended Security Maintenance. So if I want security I should basically switch to another Puppy.

But I don't want to.

If I understand correctly, my cpu is only vulnerable to one form of the Spectre exploit, which in itself is the more difficult one to accomplish.
So the question really is, am I a wreckless idiot for thinking the risks are negligable if I don't do anything at all?
Back to top
View user's profile Send private message 
musher0

Joined: 04 Jan 2009
Posts: 13162
Location: Gatineau (Qc), Canada

PostPosted: Thu 18 Jan 2018, 06:49    Post subject:  

souleau wrote:
Okay, so the situation with me is that I am running Puppy Precise 5.7.1 on an machine with an AMD Athlon 3000+ processor.

I am very happy with this setup since it has been tweaked to cater my preferences over a long period of time.

Now, patches for Ubuntu Precise are only available for Ubuntu Advantage customers with Extended Security Maintenance. So if I want security I should basically switch to another Puppy.

But I don't want to.

If I understand correctly, my cpu is only vulnerable to one form of the Spectre exploit, which in itself is the more difficult one to accomplish.
So the question really is, am I a wreckless idiot for thinking the risks are negligible if I don't do anything at all?

Hi souleau.

I don't think so. If you are, I am too! Wink

One other reason being that, at this time, the threats are "theoretical", as I
understand it.

It's good to know that some computer experts are on the look-out for these types
of technical failings, and are doing something about it.

But IMO it does no one any good to lose sleep over this if no easy-to-apply end-
user solution is available.

I read elsewhere that Linux kernels are susceptible to only one of the three threats
as well. If the threats are not the same (checking this is above my pay grade), one
would be safe running a Linux distro on an AMD machine -- without doing anything.

BFN.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)
Back to top
View user's profile Send private message 
souleau


Joined: 23 Oct 2016
Posts: 132

PostPosted: Thu 18 Jan 2018, 09:10    Post subject:  

Thank you for the reassurance musher0!

It seems my risk asessment was not merely born out of convenience after all.
Back to top
View user's profile Send private message 
ozsouth

Joined: 01 Jan 2010
Posts: 398
Location: S.E Australia

PostPosted: Fri 19 Jan 2018, 18:32    Post subject:  

I spent a day upgrading my Slacko64-6.9.9.9 k4.9.30
to kernel 4.9.77. Meltdown is covered - others not as compiler isn't retpoline aware, & insufficient LFENCES.
Hence an updated Pup is still required. Site isolation in Firefox 55 onwards mitigates to some degree.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [23 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0649s ][ Queries: 12 (0.0143s) ][ GZIP on ]