05 January, 2018

Meltdown & Spectre --update--

Yeah, sometimes it does not warrant any extra security to be cutting edge... This I know.

That a hardware-vulnerability has gone unchecked for a couple of decades, however, eluded even me. Even more that it wasn't even addressed / announced before very recently.

Turns out, almost every computing-device I own has these bugs. And I find myself in a situation where I do as very many others do with vulnerable equipment, with little to no chance of patching; I just isolate them.

Don't get me wrong, I've taken measures and patched / disabled low-level functions as best I could. But when the issue is basically invisible (ring -3), there's limits to what I can do to fix it.

The ass-hats who made the shit have to fix it properly, or someone considerably smarter than me have to do what they can to mitigate as the circumstances will allow.

Which, from what I understand isn't much, and it's massively complicated to boot. The complications are the reasons for the "considerable performance slow-down" that will result from the software-fixes to the issue.


***UPDATE***

Seems these bugs / vulnerabilities have been blown totally out of proportion for the average computer-user.

Slowdowns only present themselves at huge workloads (think Big Data databases, enterprise computing, etc.), so average-Joe won't even notice any difference... I've been pretty buzy patching / fixing my affected systems lately, both at work and at home, and I can't say I've noticed any significant slowdowns in any way.

Not that I've got huge workloads, or global-spanning database-queries running 24/7, but I've definitely got bigger and heavier workloads than the average man.

--- If people just patch their systems regularly, they'll be fine ---




If you want to be sure you actually have the bugs, you can run this bash-script on Linux systems:
#!/usr/bin/env bash
echo "cpuinfo           : "$(cat /proc/cpuinfo | grep 'model name' | awk 'NR==1' | awk '{ print $4" "$5" "$6" "$7" "$8" "$9 }');
cat /proc/cpuinfo | grep -i bugs | head -1;