kantlivelong | is there list of kernel command line options to disable security mitigation for recent cpu exploits? | 16:21 |
---|---|---|
gpiccoli | kantlivelong, I think "mitigations=off" will do the job, by disabling all of them | 16:27 |
kantlivelong | thats 5.2+ kernel though right? | 16:28 |
kantlivelong | suppose i could update | 16:28 |
gpiccoli | It's backported to older kernels in our releases, let me check for you kantlivelong | 16:29 |
kantlivelong | ah | 16:29 |
gpiccoli | kantlivelong, for Bionic (4.15): https://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/tree/Documentation/admin-guide/kernel-parameters.txt#n2452 | 16:30 |
kantlivelong | ah cool | 16:30 |
kantlivelong | thats what i was lookin for | 16:30 |
gpiccoli | This file explain the fine tunnings to the mitigations, like to disable a mitigation for a single issue (Spectre only for example) | 16:30 |
gpiccoli | Great =) | 16:31 |
gpiccoli | This is on Disco (5.0): https://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/tree/Documentation/admin-guide/kernel-parameters.txt#n2567 | 16:31 |
gpiccoli | SAme thing basically heheh | 16:31 |
gpiccoli | You may be using 5.0 as Bionic HWE for example | 16:31 |
kantlivelong | gonna give this a shot | 16:32 |
gpiccoli | cool, hope it helps you | 16:32 |
kantlivelong | only real concern is js but think firefox mitigated that | 16:32 |
gpiccoli | Hmm..not sure about that. The advise is usually to keep mitigations enabled, although I can see how it may affect some workloads' performance heheh | 16:33 |
kantlivelong | otherwise its all trusted code running | 16:33 |
gpiccoli | It's a per-case decision I guess | 16:33 |
kantlivelong | desktop gaming/dev pc | 16:33 |
kantlivelong | older | 16:33 |
kantlivelong | tyty | 16:34 |
gpiccoli | yw =) | 16:35 |
JanC | maybe don't do banking on it | 16:42 |
JanC | or similar | 16:42 |
kantlivelong | or just close ff and open w/ bank alone | 16:43 |
JanC | and development might depend on what sort; if it's all open source there are probably easier ways to "steal" your code, like using git... ;) | 16:43 |
kantlivelong | no real concern other than ff | 16:43 |
tyhicks | kantlivelong: firefox reduced their timer precision which makes it more difficult to carry out speculative attacks using JS | 16:46 |
JanC | which means an attack would probably take a lot longer | 16:46 |
tyhicks | https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ | 16:48 |
tyhicks | they call it a partial, short-term mitigation (which is a fair description) | 16:48 |
tyhicks | I don't know if they've done anything in addition to that initial change | 16:48 |
JanC | probably not much else they can do without removing functionality | 16:49 |
=== mamarley_ is now known as mamarley | ||
=== joedborg_ is now known as joedborg | ||
=== vaishali_ is now known as vaishali | ||
=== kantlive- is now known as kantlivelong | ||
=== kloeri_ is now known as kloeri | ||
shibboleth | for some reason the verbose boot text, desktop, picture on the screen is "more grey" (dunno how to put it) wheen booting kernel 5.3 vs 4.15 | 22:16 |
shibboleth | no such issue in 5.0 | 22:16 |
shibboleth | in short, my displays look at lot cheaper when booting 5.3 :) | 22:16 |
shibboleth | displays connected by displayport, intel skylake graphics | 22:17 |
shibboleth | imagine looking at a cheap-ass LCD vs a decent one at best buy. one has excellent black, the other will be tainted by a grey hue | 22:17 |
shibboleth | booting debian testing kernel 5.3=no issue | 22:21 |
shibboleth | ubuntu 18.04-hwe-edge was affected both before and after todys update | 22:22 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!