| kantlivelong | is there list of kernel command line options to disable security mitigation for recent cpu exploits? | 16:21 |
|---|---|---|
| gpiccoli | kantlivelong, I think "mitigations=off" will do the job, by disabling all of them | 16:27 |
| kantlivelong | thats 5.2+ kernel though right? | 16:28 |
| kantlivelong | suppose i could update | 16:28 |
| gpiccoli | It's backported to older kernels in our releases, let me check for you kantlivelong | 16:29 |
| kantlivelong | ah | 16:29 |
| gpiccoli | kantlivelong, for Bionic (4.15): https://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/tree/Documentation/admin-guide/kernel-parameters.txt#n2452 | 16:30 |
| kantlivelong | ah cool | 16:30 |
| kantlivelong | thats what i was lookin for | 16:30 |
| gpiccoli | This file explain the fine tunnings to the mitigations, like to disable a mitigation for a single issue (Spectre only for example) | 16:30 |
| gpiccoli | Great =) | 16:31 |
| gpiccoli | This is on Disco (5.0): https://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/tree/Documentation/admin-guide/kernel-parameters.txt#n2567 | 16:31 |
| gpiccoli | SAme thing basically heheh | 16:31 |
| gpiccoli | You may be using 5.0 as Bionic HWE for example | 16:31 |
| kantlivelong | gonna give this a shot | 16:32 |
| gpiccoli | cool, hope it helps you | 16:32 |
| kantlivelong | only real concern is js but think firefox mitigated that | 16:32 |
| gpiccoli | Hmm..not sure about that. The advise is usually to keep mitigations enabled, although I can see how it may affect some workloads' performance heheh | 16:33 |
| kantlivelong | otherwise its all trusted code running | 16:33 |
| gpiccoli | It's a per-case decision I guess | 16:33 |
| kantlivelong | desktop gaming/dev pc | 16:33 |
| kantlivelong | older | 16:33 |
| kantlivelong | tyty | 16:34 |
| gpiccoli | yw =) | 16:35 |
| JanC | maybe don't do banking on it | 16:42 |
| JanC | or similar | 16:42 |
| kantlivelong | or just close ff and open w/ bank alone | 16:43 |
| JanC | and development might depend on what sort; if it's all open source there are probably easier ways to "steal" your code, like using git... ;) | 16:43 |
| kantlivelong | no real concern other than ff | 16:43 |
| tyhicks | kantlivelong: firefox reduced their timer precision which makes it more difficult to carry out speculative attacks using JS | 16:46 |
| JanC | which means an attack would probably take a lot longer | 16:46 |
| tyhicks | https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/ | 16:48 |
| tyhicks | they call it a partial, short-term mitigation (which is a fair description) | 16:48 |
| tyhicks | I don't know if they've done anything in addition to that initial change | 16:48 |
| JanC | probably not much else they can do without removing functionality | 16:49 |
| === mamarley_ is now known as mamarley | ||
| === joedborg_ is now known as joedborg | ||
| === vaishali_ is now known as vaishali | ||
| === kantlive- is now known as kantlivelong | ||
| === kloeri_ is now known as kloeri | ||
| shibboleth | for some reason the verbose boot text, desktop, picture on the screen is "more grey" (dunno how to put it) wheen booting kernel 5.3 vs 4.15 | 22:16 |
| shibboleth | no such issue in 5.0 | 22:16 |
| shibboleth | in short, my displays look at lot cheaper when booting 5.3 :) | 22:16 |
| shibboleth | displays connected by displayport, intel skylake graphics | 22:17 |
| shibboleth | imagine looking at a cheap-ass LCD vs a decent one at best buy. one has excellent black, the other will be tainted by a grey hue | 22:17 |
| shibboleth | booting debian testing kernel 5.3=no issue | 22:21 |
| shibboleth | ubuntu 18.04-hwe-edge was affected both before and after todys update | 22:22 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!