[00:41] <blahdeblah> Personally, I'd rather build a reboot-friendly application architecture.
[00:41] <sarnold> :)
[04:02] <yurtesen> Is this channel alive?
[05:30] <yurtesen> Is there anybody here who can check/approve/merge security related debdiffs for a package in universe or somebody who knows a person who can do that?
[05:55] <Teachmehow>  Hi everyone. I have a list of installed packages on my system with dpkg. Is there any library/package that will allow me to convert the package names to its respective CPE?
[06:09] <sbeattie> yurtesen: do you have a launchpad bug or other pointer?
[06:09] <sbeattie> Teachmehow: sadly, there is not really that I'm aware of, though happy to be corrected if someone knows of one.
[06:55] <yurtesen> @sbeattie yes I prepared a small debdiff also https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1915911/comments/4
[06:57] <sbeattie> yurtesen: thanks, I saw some chatter about that bug, I'll poke further.
[08:24] <yurtesen> Thankyou, That was my first debdiff. Hopefully it is somewhat acceptable. I had a few questions about how to track if anybody is looking at a debdiff and format of the changelog if anybody can answer. See comment 8 for formatting question: https://answers.launchpad.net/ubuntu/+source/tomcat9/+question/700934
[08:45] <tomreyn> i just brought this up in -kernel, but maybe you could also give me feedback, maybe i'm missing something. i'm running 18.04 amd64 with HWE (5.4.0-104-generic #118~18.04.1-Ubuntu). "cat /sys/devices/system/cpu/vulnerabilities/spectre_v2" reports "Mitigation: LFENCE, IBPB: conditional, STIBP: disabled, RSB filling" (on this Ryzen 7 1800X), so it seems the kernel has not been compiled with a retpoline-aware compiler, which would suggest 
[08:45] <tomreyn> the system is affected by spectre_v2, and apparently so because a compiler which does not (yet) support full_retpoline is used to build these kernels.
[08:49] <tomreyn> buildd@ubuntu built this one using gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) on Thu Mar 3 13:53:15 UTC 2022.
[09:18] <jjohansen> tomreyn: gcc 7.5 supports retpoline. until this last week lfence/jump was amd's recommended mitigation. You could force generic retpoline using the kernel boot parameter spectre_v2=retpoline,generic
[09:18] <jjohansen> see: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036
[09:42] <tomreyn> jjohansen: I can't force it with spectre_v2=retpoline,lfence (suggested by apw in #ubuntu-kernel - sorry for cross-posting here): cat /proc/version /proc/cmdline /sys/devices/system/cpu/vulnerabilities/spectre_v2 | nc termbin.com 9999
[09:42] <tomreyn> https://termbin.com/gbhc
[09:50] <tomreyn> interestnigly, AMDs advisory states "LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on *some* AMD CPUs" (*stress* added by myself) and does *not* list Ryzen 1000 series Desktop CPUs below. which could mean those are not affected, or are not being handled.
[10:14] <tomreyn> jjohansen: you have a point. i booted with spectre_v2=retpoline,generic now and got "Mitigation: Retpolines, IBPB: conditional, STIBP: disabled, RSB filling"
[10:27] <Nicholas[m]> on a related point, mitigation for spectre and meltdown result in a performance hit. Do we only need this mitigation on multiuser machines? 
[10:27] <Nicholas[m]> For a single-user desktop (or small multiuser system of trusted users) can we disable this mitigating features and boost system performance...?
[10:40] <jjohansen> Nicholas[m]: that entirely depends on what software you run on those machines. VMs that you don't trust - no
[10:41] <jjohansen> web browsers connected to the internet, well just about anything that could run untrusted scripts like the web browser
[10:41] <jjohansen> not