Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 9:22 PM, R0b0t1 wrote: > > I think referring to BPF is a red herring, because it is really the > processor that is at fault. Not BPF. And yes, I'm aware of what AMD > claims. Of course the processor is at fault. However, in order to exploit the fault on

Re: [gentoo-user] Re: old kernels are installed during the upgrade

On Thu, Jan 4, 2018 at 9:12 PM, Walter Dnes wrote: > > There are 2 vulnerabities at play here, both caused by speculative > execution... Actually, there are 3 related ones, with two names between them. Can't imagine why there is so much confusion... > 2) "Spectre" is

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 10:18 AM, Rich Freeman wrote: > On Thu, Jan 4, 2018 at 10:44 AM, R0b0t1 wrote: >> >> I am still working through the information myself, but it looks like >> BPF filters are an easy way to make sure you have something to look >> for in

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 8:52 PM, Jalus Bilieyich wrote: > Is my Pentium D from 2007 affected? > Any Intel x86 chip after and including the Pentium Pro should be affected. That came out in 1995. The Pentium D is almost certainly vulnerable. -- Rich

Re: [gentoo-user] Re: old kernels are installed during the upgrade

On Thu, Jan 04, 2018 at 11:10:01AM -0500, Rich Freeman wrote > On Thu, Jan 4, 2018 at 11:02 AM, Holger Hoffstätte > wrote: > > On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote: > > > >> On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists >

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

Is my Pentium D from 2007 affected? On 01/03/2018 09:34 PM, Adam Carter wrote: >> >> Project Zero (Google) found it; >> https://googleprojectzero.blogspot.com.au/2018/01/ >> reading-privileged-memory-with-side.html >> >> Phoronix has done some benchmarks on the impact of the kernel based >>

Re: [gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

> > The settings relevant to Spectre are: > CONFIG_BPF_JIT - this being set to y is enough to make Intel > processors vulnerable to variant 1/2. This being set to y is > necessary, but not sufficient, for making AMD vulnerable to variant 1. > net.core.bpf_jit_enable - this being set to 1 along

Re: [gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 7:51 PM, Adam Carter wrote: > On Fri, Jan 5, 2018 at 8:39 AM, Nikos Chantziaras wrote: >> >> On 04/01/18 18:18, Rich Freeman wrote: >>> >>> For variant 1 the only known vulnerability is BPF which probably >>> next to nobody uses >>

Re: [gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

On Fri, Jan 5, 2018 at 8:39 AM, Nikos Chantziaras wrote: > On 04/01/18 18:18, Rich Freeman wrote: > >> For variant 1 the only known vulnerability is BPF which probably >> next to nobody uses >> > > I had to enable various BPF settings in the kernel because systemd > wouldn't

[gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

On 04/01/18 23:39, Nikos Chantziaras wrote: On 04/01/18 18:18, Rich Freeman wrote: For variant 1 the only known vulnerability is BPF which probably next to nobody uses I had to enable various BPF settings in the kernel because systemd wouldn't shut up about it. It prints warning messages

[gentoo-user] Re: Expect a ~15% average slowdown if you use an Intel processor

On 04/01/18 18:18, Rich Freeman wrote: For variant 1 the only known vulnerability is BPF which probably next to nobody uses I had to enable various BPF settings in the kernel because systemd wouldn't shut up about it. It prints warning messages during boot that the system doesn't support

Re: [gentoo-user] Re: Spectre and Meltdown summary

Thanks for the great summary! Having 2FA enabled for all accounts will go a long way as well. On Thu, Jan 4, 2018 at 4:21 AM, Adam Carter wrote: > Browser stuff > > I'm guessing this relates to Variant1; > @hackerfantastic "Blackhats will be weaponizing spectre to steal

Re: [gentoo-user] Fail to configure polari and gnome-documents with portage. (SOLVED)

El jue, 04-01-2018 a las 12:04 -0600, Corbin Bird escribió: > > On 01/04/2018 10:31 AM, Personal wrote: > > Hi list. > > > > I can't install polari and gnome-documents using portage. Using > > ./configure by myself there is no problem. I post the polari > > output: > > ... > > > I tested

Re: [gentoo-user] Fail to configure polari and gnome-documents with portage.

On 01/04/2018 10:31 AM, Personal wrote: > Hi list. > > I can't install polari and gnome-documents using portage. Using > ./configure by myself there is no problem. I post the polari output: > Emerging (1 of 1) net-irc/polari-3.22.2::gentoo >  * polari-3.22.2.tar.xz BLAKE2B SHA512 size ;-) >

Re: [gentoo-user] Spectre CPU flaws

ALL CPUs are vulnerable to Spectre. The vuln described in your link is Meltdown and only Intel is vulnerable to that. https://meltdownattack.com I don't believe there is a fix for Spectre, but it is also much tougher to mount and attack. Meltdown on the other-hand has a fix that will likely

[gentoo-user] Fail to configure polari and gnome-documents with portage.

Hi list. I can't install polari and gnome-documents using portage. Using ./configure by myself there is no problem. I post the polari output: >>> Emerging (1 of 1) net-irc/polari-3.22.2::gentoo  * polari-3.22.2.tar.xz BLAKE2B SHA512 size ;-) ...

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 10:44 AM, R0b0t1 wrote: > > I am still working through the information myself, but it looks like > BPF filters are an easy way to make sure you have something to look > for in kernelspace. My understanding is that for exploit 1 to work you need to have

Re: [gentoo-user] Re: old kernels are installed during the upgrade

On Thu, Jan 4, 2018 at 11:02 AM, Holger Hoffstätte wrote: > On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote: > >> On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists wrote: >>> >>> And as I understand it the code can be disabled with either

[gentoo-user] Re: old kernels are installed during the upgrade

On Wed, 03 Jan 2018 15:53:07 -0500, Rich Freeman wrote: > On Wed, Jan 3, 2018 at 3:35 PM, Wols Lists wrote: >> >> And as I understand it the code can be disabled with either a compile >> time option or command line switch to the kernel. > > I suspect the compile-time

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 9:44 AM, R0b0t1 wrote: > But, if they do, then AMD processors are susceptible in the same way, and the issue can not be fixed. There are some news pieces and commenters claiming that AMD processors suffer similar issues.

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 8:17 AM, Rich Freeman wrote: > On Thu, Jan 4, 2018 at 8:44 AM, Corbin Bird wrote: >> >> According to the Project Zero documentation having BPF JIT enabled >> is the key to the exploit. >> >> The way the docs read ... can it be

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On 01/04/2018 08:17 AM, Rich Freeman wrote: > On Thu, Jan 4, 2018 at 8:44 AM, Corbin Bird wrote: >> According to the Project Zero documentation having BPF JIT enabled >> is the key to the exploit. >> >> The way the docs read ... can it be assumed that by having BPF

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On Thu, Jan 4, 2018 at 8:44 AM, Corbin Bird wrote: > > According to the Project Zero documentation having BPF JIT enabled > is the key to the exploit. > > The way the docs read ... can it be assumed that by having BPF JIT > disabled on an AMD, that blocks this

[gentoo-user] Switching from Seamonkey to Firefox and Thunderbird

Howdy, I have been using Seamonkey as my main web browser and email program for many years.  Thing is, some sites either don't work right or won't load at all.  Those same sites work fine in Firefox.  Just the other day, LastPass started acting weird and I had to remove it.  My plan was to remove

Re: [gentoo-user] Expect a ~15% average slowdown if you use an Intel processor

On 01/03/2018 09:34 PM, Adam Carter wrote: > > Project Zero (Google) found it; > > https://googleprojectzero.blogspot.com.au/2018/01/reading-privileged-memory-with-side.html > > > > >

[gentoo-user] Re: Spectre and Meltdown summary

Browser stuff I'm guessing this relates to Variant1; @hackerfantastic "Blackhats will be weaponizing spectre to steal session cookies from additional websites opened in the browser, especially financial sites. Enable site isolation in Chrome now.

[gentoo-user] Spectre and Meltdown summary

No guarantees on accuracy... Meltdown CVE-2017-5754 (Variant3) - userspace reads kernel memory. Intel vulnerable, AMD not vulnerable. Issue is mitigated with KPTI (in kernel 4.14.11, Security Options -> Remove the kernel mapping in user mode (CONFIG_PAGE_TABLE_ISOLATION), on by default for all

Re: [gentoo-user] Spectre CPU flaws

On Thursday, 4 January 2018 05:50:59 GMT the...@sys-concept.com wrote: > New bug resurface. > What is the command to test AMD CUP's if flag: X86_BUG_CPU_INSECURE is > enabled? > > From: > https://lkml.org/lkml/2017/12/27/2 grep bugs /proc/cpuinfo -- Regards, Mick signature.asc Description:

Re: [gentoo-user] old kernels are installed during the upgrade

On 04/01/2018 08:40, Wols Lists wrote: > On 03/01/18 22:09, Alan McKinnon wrote: >> On 04/01/2018 00:02, Stroller wrote: >>> On 3 Jan 2018, at 21:55, Wols Lists wrote: What would be nice, would be if "emerge --depclean" had the smarts to recognise