[16:21] <kantlivelong> is there list of kernel command line options to disable security mitigation for recent cpu exploits?
[16:27] <gpiccoli> kantlivelong, I think "mitigations=off" will do the job, by disabling all of them
[16:28] <kantlivelong> thats 5.2+ kernel though right?
[16:28] <kantlivelong> suppose i could update
[16:29] <gpiccoli> It's backported to older kernels in our releases, let me check for you kantlivelong 
[16:29] <kantlivelong> ah
[16:30] <gpiccoli> kantlivelong, for Bionic (4.15): https://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/tree/Documentation/admin-guide/kernel-parameters.txt#n2452
[16:30] <kantlivelong> ah cool
[16:30] <kantlivelong> thats what i was lookin for
[16:30] <gpiccoli> This file explain the fine tunnings to the mitigations, like to disable a mitigation for a single issue (Spectre only for example)
[16:31] <gpiccoli> Great =)
[16:31] <gpiccoli> This is on Disco (5.0): https://kernel.ubuntu.com/git/ubuntu/ubuntu-disco.git/tree/Documentation/admin-guide/kernel-parameters.txt#n2567
[16:31] <gpiccoli> SAme thing basically heheh
[16:31] <gpiccoli> You may be using 5.0 as Bionic HWE for example
[16:32] <kantlivelong> gonna give this a shot
[16:32] <gpiccoli> cool, hope it helps you
[16:32] <kantlivelong> only real concern is js but think firefox mitigated that 
[16:33] <gpiccoli> Hmm..not sure about that. The advise is usually to keep mitigations enabled, although I can see how it may affect some workloads' performance heheh
[16:33] <kantlivelong> otherwise its all trusted code running
[16:33] <gpiccoli> It's a per-case decision I guess
[16:33] <kantlivelong> desktop gaming/dev pc
[16:33] <kantlivelong> older
[16:34] <kantlivelong> tyty
[16:35] <gpiccoli> yw =)
[16:42] <JanC> maybe don't do banking on it
[16:42] <JanC> or similar
[16:43] <kantlivelong> or just close ff and open w/ bank alone
[16:43] <JanC> and development might depend on what sort; if it's all open source there are probably easier ways to "steal" your code, like using git...  ;)
[16:43] <kantlivelong> no real concern other than ff
[16:46] <tyhicks> kantlivelong: firefox reduced their timer precision which makes it more difficult to carry out speculative attacks using JS
[16:46] <JanC> which means an attack would probably take a lot longer
[16:48] <tyhicks> https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
[16:48] <tyhicks> they call it a partial, short-term mitigation (which is a fair description)
[16:48] <tyhicks> I don't know if they've done anything in addition to that initial change
[16:49] <JanC> probably not much else they can do without removing functionality
=== mamarley_ is now known as mamarley
=== joedborg_ is now known as joedborg
=== vaishali_ is now known as vaishali
=== kantlive- is now known as kantlivelong
=== kloeri_ is now known as kloeri
[22:16] <shibboleth> for some reason the verbose boot text, desktop, picture on the screen is "more grey" (dunno how to put it) wheen booting kernel 5.3 vs 4.15
[22:16] <shibboleth> no such issue in 5.0
[22:16] <shibboleth> in short, my displays look at lot cheaper when booting 5.3 :)
[22:17] <shibboleth> displays connected by displayport, intel skylake graphics
[22:17] <shibboleth> imagine looking at a cheap-ass LCD vs a decent one at best buy. one has excellent black, the other will be tainted by a grey hue
[22:21] <shibboleth> booting debian testing kernel 5.3=no issue
[22:22] <shibboleth> ubuntu 18.04-hwe-edge was affected both before and after todys update