[01:20] <dax> !kpti
[01:20] <dax> !-kpti
[01:27] <dax> not sure this is gonna fit on one line
[01:27] <dax> !no, meltdown is <reply> Meltdown is a security issue affecting (primarily) Intel processors. It is mitigated by Linux kernel patches named KPTI. Ubuntu released security updates for 14.04, 16.04, and 17.10 with these patches. 17.04 will not receive this update. 18.04 will ship with kernel 4.15, which is patched already. 16.04 has updates for Linux 4.4 (release) and 4.13 (HWE), installs with 4.10 should
[01:27] <dax> upgrade to 4.13.
[01:27] <dax> lol
[01:27] <dax> !no, meltdown is <reply> Meltdown is a security issue with (primarily) Intel processors. It's mitigated by kernel patches named KPTI. Ubuntu released them in security updates for 14.04, 16.04, and 17.10. 17.04 will not receive this update. 18.04 will ship with kernel 4.15, which is patched already. 16.04 has updates for Linux 4.4 (release) and 4.13 (HWE), installs with 4.10 should upgrade to 4.13.
[01:28] <dax> !no, kpti is <alias> meltdown
[01:28] <dax> !forget kaiser
[01:28] <dax> !-spectre
[01:30] <dax> !no, spectre is <reply> Spectre is a security issue in almost all modern processors, which was released along with !Meltdown (but is not the same thing). While there are several initiatives underway to mitigate it, there is no "magic bullet" software fix. Ubuntu is monitoring ongoing efforts and will provide security updates as they become available. See !usn for security update notifications.
[01:34] <dax> !nopti is <reply> KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), KPTI has a sigificant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub but should only be done if absolutely necessary.
[01:34] <dax> !nopti =~ s/should/this should/
[01:35] <dax> !meltdown =~ s/$/ See also !spectre, !nopti/
[01:35] <dax> !meltdown
[01:35] <dax> \o/
[01:40] <dax> !nopti =~ s/sigificant/significant/
[01:54] <dax> !nopti =~ s/especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), //
[01:54] <dax> !nopti =~ s#especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), ##
[01:54] <dax> !nopti
[01:54] <dax> !nopti =~ s^especially those without PCID support (output of "grep pcid /proc/cpuinfo" is empty), ^^
[01:54] <dax> hrm
[01:55] <dax> !no, nopti is <reply> KPTI is a mitigation for the !Meltdown security issue. With some workloads on some processors, KPTI has a significant performance impact. KPTI can be disabled by adding "nopti" to the GRUB_CMDLINE_LINUX_DEFAULT line in /etc/default/grub but this should only be done if absolutely necessary.
[02:04] <dax> !nopti =~ s/.$/ because it will disable proctections against Meltdown./
[02:05] <dax> !nopti =~ s/.$/ and thus allows any malicious user process to read memory and probably escalate to root./
[02:05] <dax> !nopti
[02:06] <dax> !nopti =~ s/ but this/. This/
[02:06] <dax> !nopti
[02:06] <dax> !nopti =~ s/allows/allow/
[02:06] <dax> (sorry for all the noise)
[02:06] <dax> !nopti
[02:07] <dax> !nopti =~ s/proctections/protections/
[02:37] <dax> oh hell, let's do another topic while we're at it
[02:38] <dax> !search lenovo
[02:40] <dax> !lenovobug is <reply> Current Ubuntu 17.10 ISOs contain a bug that makes firmware memory read-only. The bug description on https://pad.lv/1734147 contains more information and fixes for users affected by this issue. The kernel in the 17.10 repositories has been updated and will not trigger this bug, so upgrading is now safe. Ubuntu 17.10 ISOs will be re-released on January 11th with updated, safe,
[02:40] <dax> packages.
[02:40] <dax> dangit
[02:41] <dax> !no, lenovobug is <reply> Current Ubuntu 17.10 ISOs contain a bug that makes firmware memory read-only. https://pad.lv/1734147 contains more information and fixes for users affected by this issue. The kernel in the 17.10 repositories has been updated and will not trigger this bug, so upgrading is now safe. Ubuntu 17.10 ISOs will be re-released on January 11th with updated, safe, packages.
[02:41] <dax> !artfulrespin is <alias> lenovobug
[02:41] <dax> !intel-spi is <alias> lenovobug
[02:41] <dax> !intelspi is <alias> lenovobug
[02:41] <dax> better late than never.
[02:43] <TJ-> dax: the current 17.10 ISOs are fixed, see http://iso.qa.ubuntu.com/qatracker/milestones/385/builds and  http://cdimage.ubuntu.com/artful/daily-live/pending/
[02:43] <dax> those aren't "the current 17.10 ISOs" until Thursday
[02:43] <dax> and yes, I'm aware of the testing ISOs :)
[02:48] <dax> hrm, i swear i saw somewhere on LP saying upgrades were safe, but now that i'm double-checking i can't find it
[02:49] <dax> "We have not done this because the kernel you get with a dist-upgrade is /fixed/ to no longer trigger this issue." yay ok good
[02:50] <TJ-> the kernels without SPI_INTEL_SPI_PLATFORM being published, you mean?
[02:50] <TJ-> ah, right
[02:50] <JackFrost> https://launchpad.net/ubuntu/+source/linux/4.13.0-21.24
[02:50] <dax> thanks JackFrost, meltdown crapped all over the publishing history and i'm too tired to find it from there
[02:50] <JackFrost> Indeed.
[03:48] <lotuspsychje> morning guys, could anyone reload ubottu for right kernels on the kpti its happening on !usn
[03:49] <lotuspsychje> tnx
[12:01] <ikonia> hey TJ-
[12:13] <TJ-> hallo. Oh, it auto-reconnected after last night!