[00:16] <oerheks> uh oh .. https://aepicleak.com/
[00:22] <arraybolt3[m]> Ah, yet another cataclysmic CPU failure. I'm starting go get tired of this insanity.
[00:22] <arraybolt3[m]> s/failure/vulnerability
[00:22] <oerheks> also ZEN 1/2/3 are bad ..
[00:23] <oerheks> what is left, ARM ?
[00:24] <oerheks> too many, too soon CPU's hit the market.
[00:24] <arraybolt3[m]> Even ARM got hit with Meltdown in at least one of their CPUs. I think we have to just accept that CPUs are vulnerable and that microcode updates need to be applied the moment they become available.
[00:24] <oerheks> jups
[00:25] <oerheks> https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1039
[00:25]  * arraybolt3[m] wonders just how many cracks in the armor my 3rd gen i5 is riddled with
[00:25] <arraybolt3[m]> Does Intel still release microcode updates for discontinued processors?
[00:25] <arraybolt3[m]> I think they do, so hopefully I'm all patched up.
[00:25] <oerheks> i run i7 4790 ..
[00:26] <oerheks> 4th gen
[00:26] <arraybolt3[m]> The best one I've got is a 3rd or 4th gen Xeon.
[00:56] <tomreyn> grep . /sys/devices/system/cpu/vulnerabilities/*
[00:56] <tomreyn> https://github.com/speed47/spectre-meltdown-checker.git
[00:57] <arraybolt3[m]> tomreyn: Oh lovely, looks like I can be pwned with srbds, l1tf, or mds.
[00:58] <tomreyn> arraybolt3[m]: did you switch off mitigations?
[00:58] <arraybolt3[m]> tomreyn: Nope, I've got lots of other mitigations on.
[00:59] <arraybolt3[m]> tomreyn: L1TF and MDS are problematic because I have hyper-threading enabled, while SRBDS is just straight-up vulnerable (no microcode it say).
[00:59] <tomreyn> intel-microcode package is installed?
[01:02] <arraybolt3[m]> tomreyn: Yep.
[01:02] <tomreyn> the meltdown-checker script can give you a better interpretation and better explanations. it's also in ubuntu (in an older version)
[01:02] <tomreyn> some older cpu's did not get microcode fixes indeed
[01:05] <arraybolt3[m]> (Your CPU microcode may need to be updated to mitigate the vulnerability) yep, no kidding. But I'm updated. So I guess this system is shot from a CPU security standpoint.
[01:05] <arraybolt3[m]> Also some of the vulns say "Not vulnerable, this system is not running a hypervisor." ROFL so what is GNOME Boxes then?
[01:06] <arraybolt3[m]> So... yikes. Guess I'd better not run untrusted stuff even in a VM.
[01:06] <arraybolt3[m]> (Which thankfully I've not done yet, but still, that's a bit unnerving.)
[01:08] <sarnold> btw, js in a web browser counts as 'untrusted'
[02:21] <lotuspsychje> good morning
[04:01] <marcoagpinto> heya
[16:46] <tomreyn> ravage: btw. MICROburst moved to getting help with whatever it may be they are trying to do in #ubuntu-de
[16:49] <tomreyn> i'm guessing their goal was to change $PS1
[16:49] <ravage> ok then :)