Choose style:

Author Topic: ATTEN. Intel cpu users  (Read 5168 times)

0 Members and 1 Guest are viewing this topic.

Offline christianvl

  • Member
  • ***
  • Posts: 190
  • Karma: 32
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: ATTEN. Intel cpu users
« Reply #60 on: January 11, 2018, 02:23:41 pm »
It makes me want to build a new AMD based rig.

I have always used AMD CPUs, until building this latest rig. All of AMD's offerings on the shelf last year seemed to be lacking and out of date, while everything I read about them lead me to ditch AMD for this rebuild...

I live in Brazil. You just can't buy a single computer with an AMD processor anymore, they're nowhere to be found. Even visiting AMD's local website, now we're forwarded to online stores abroad. Video cards are still available.
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24414
  • Karma: 2695
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: ATTEN. Intel cpu users
« Reply #61 on: January 11, 2018, 06:59:27 pm »
The intel microcode has just been updated in the upstream repos

intel-microcode 3.20180108.0~ubuntu16.04.2
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1710
  • Karma: 237
    • View Profile
Re: ATTEN. Intel cpu users
« Reply #62 on: January 12, 2018, 01:41:43 am »


Skickat från min SM-G900F via Tapatalk

Just say NO to flatpak and snap!!

Offline christianvl

  • Member
  • ***
  • Posts: 190
  • Karma: 32
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: ATTEN. Intel cpu users
« Reply #63 on: January 12, 2018, 07:59:28 pm »
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1710
  • Karma: 237
    • View Profile
Re: ATTEN. Intel cpu users
« Reply #64 on: January 12, 2018, 11:30:46 pm »
Yeap...
Here also, https://www.theregister.co.uk/2018/01/12/intel_amt_insecure/

EDIT: But, IMHO this is not as bad. You can still fix it.

« Last Edit: January 12, 2018, 11:55:42 pm by pin »
Just say NO to flatpak and snap!!

Offline DAMIEN1307

  • Member
  • ***
  • Posts: 154
  • Karma: 11
  • non illigitamus carborundum est
    • View Profile
  • Peppermint version(s): Peppermint 8.5 (Respin) 64 bit
Re: ATTEN. Intel cpu users
« Reply #65 on: January 14, 2018, 04:46:43 pm »
hi PCNetSpec and all others here...when i started this post, I had no idea that in this forum or the other i write to that it was going to be anything like it turned out to be...(the other forum has already hit 20 pages)...i truly didnt realize it in its early stages that this was going to be such a big deal...i figured it to be minor...as you know PCNetSpec...as well as others here, im now up to 25 plus installs of peppermint 8 for other people computers now (mine is the only one on 8.5 respin) and have caught up with all of them at least for the intel processors...
thus far, i have installed intel-microcode 3.20180108.1  amd64.deb...enabled strict isolation on all chrome/chromium, based browsers...1st party isolation on all firefox browsers...and kernel update to 4.13.026...have i missed anything here that you guys with better experience can inform me of...im also including my own inix -Fxz from my bedroom backup computer...have i done everything possible, and have i done it right to the best of my knowledge?...thanks in advance...DAMIEN

Spoiler (click here to view / hide)
[damien1307@DAMIEN1307 ~ $ inxi -Fxz
System:    Host: DAMIEN1307 Kernel: 4.13.0-26-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: N/A Distro: Peppermint Eight
Machine:   System: Dell (portable) product: Inspiron N5110
           Mobo: Dell model: 034W60 v: A11 Bios: Dell v: A11 date: 08/03/2012
CPU:       Dual core Intel Core i5-2450M (-HT-MCP-) cache: 3072 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 9976
           clock speeds: max: 3100 MHz 1: 2494 MHz 2: 2494 MHz 3: 2494 MHz
           4: 2494 MHz
Graphics:  Card: Intel 2nd Generation Core Processor Family Integrated Graphics Controller
           bus-ID: 00:02.0
           Display Server: X.Org 1.19.5 drivers: (unloaded: fbdev,vesa)
           Resolution: 1366x768@59.99hz
           GLX Renderer: Mesa DRI Intel Sandybridge Mobile
           GLX Version: 3.0 Mesa 17.0.2 Direct Rendering: Yes
Audio:     Card Intel 6 Series/C200 Series Family High Definition Audio Controller
           driver: snd_hda_intel bus-ID: 00:1b.0
           Sound: Advanced Linux Sound Architecture v: k4.13.0-26-generic
Network:   Card-1: Realtek RTL8101/2/6E PCI Express Fast/Gigabit Ethernet controller
           driver: r8169 v: 2.3LK-NAPI port: e000 bus-ID: 05:00.0
           IF: enp5s0 state: down mac: <filter>
           Card-2: Intel Centrino Wireless-N 1030 [Rainbow Peak]
           driver: iwlwifi bus-ID: 09:00.0
           IF: wlp9s0 state: up mac: <filter>
Drives:    HDD Total Size: 500.1GB (3.0% used)
           ID-1: /dev/sda model: WDC_WD5000BPVT size: 500.1GB
Partition: ID-1: / size: 453G used: 8.3G (2%) fs: ext4 dev: /dev/sda1
           ID-2: swap-1 size: 6.34GB used: 0.00GB (0%) fs: swap dev: /dev/sda5
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 46.0C mobo: N/A
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 178 Uptime: 13 min Memory: 846.3/5868.4MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35
/spoiler]

[close]
« Last Edit: January 14, 2018, 04:53:01 pm by DAMIEN1307 »
ORDO AB CHAO

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24414
  • Karma: 2695
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: ATTEN. Intel cpu users
« Reply #66 on: January 14, 2018, 07:58:26 pm »
If you're running Firefox 57.0.4 enabling privacey.fistparty.isolate isn't absolutely necessary .. Mozilla state:-

Quote
Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer.

Though I suppose it can't hurt either as long as it doesn't cause you any problems on sites you use.



I gather until Google release tweaked versions of Chrome/Chromium (probably also with reduced timing precision mitigations) enabling Strict Site Isolation in the chrome://flags is the best you can do .. but it is not a mitigation for Spectre in and of itself.



So I guess YES as long as you're running Firefox 57.0.4 (with or without first party isolation .. your choice), have the new intel microcode, along with the patched kernel, and update Chrome/Chromium as soon as 64 comes out (with or without strict site isolation .. your choice, though I gather that will be enabled by default in 64 anyway, but not directly in response to Spectre) you're already doing everything you can.

But really all of this (except the site isolation which isn't really a mitigation for Spectre in the first place .. but can't hurt either) should be automatically be being done via the update manager .. just stay on top of updates is about the best advice anyone can give you at the moment.



I don't think ANYONE quite knows how deep this particular rabbit hole is going to go, mitigations will be forthcoming as they're discovered .. which really is nothing new ;)

I'm not saying people shouldn't be concerned about Meltdown/Spectre, but to me it's just another possible vulnerability that was discovered and is being mitigated before it ever got leveraged in the wild .. so be aware of it, stay on top of updates, but don't panic ;)
« Last Edit: January 14, 2018, 08:07:07 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1710
  • Karma: 237
    • View Profile
Re: ATTEN. Intel cpu users
« Reply #67 on: January 15, 2018, 01:29:32 am »
Spectre is still alive and kicking
https://gist.github.com/ErikAugust/724d4a969fb2c6ae1bbd7b2a9e3d4bb6

Skickat från min SM-G900F via Tapatalk

Just say NO to flatpak and snap!!

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24414
  • Karma: 2695
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: ATTEN. Intel cpu users
« Reply #68 on: January 15, 2018, 09:29:23 am »
Spectre will never completely go away (until CPU's are completely redesigned), all that can be done is to disrupt the precision timings necessary for a successful external exploit .. there will likely never be a full 'fix' for someone with local access .. but then again if someone has local access and your data isn't encrypted they kinda already own it anyway.
« Last Edit: January 15, 2018, 11:31:18 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1710
  • Karma: 237
    • View Profile
Re: ATTEN. Intel cpu users
« Reply #69 on: January 15, 2018, 11:06:17 am »
Thx

Skickat från min SM-G900F via Tapatalk

Just say NO to flatpak and snap!!

Offline spence

  • Trusted User
  • Veteran
  • *****
  • Posts: 1814
  • Karma: 182
  • peppermint user since 2010
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin
Re: ATTEN. Intel cpu users
« Reply #70 on: January 15, 2018, 01:08:04 pm »
The intel microcode has just been updated in the upstream repos

intel-microcode 3.20180108.0~ubuntu16.04.2

Code: [Select]
spence@antec ~ $ sudo apt install intel-microcode
Reading package lists... Done
Building dependency tree       
Reading state information... Done
intel-microcode is already the newest version (3.20180108.0~ubuntu16.04.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

yippee....
spence
PeppermintOS 10installed  on:
'16 Antec Aria rebuild
 '18 Asus VivoBook


Do not despair, grasshopper...
    with patience all will be revealed...
       Through pain, enlightenment will come.

Offline pin

  • Trusted User
  • Veteran
  • *****
  • Posts: 1710
  • Karma: 237
    • View Profile
Re: ATTEN. Intel cpu users
« Reply #71 on: January 16, 2018, 11:00:31 am »
Performance test after Meltdown patches here, https://www.phoronix.com/scan.php?page=article&item=5distros-post-spectre&num=1

Doesn't look that bad, unless you're running  Centos.
Just say NO to flatpak and snap!!