[kwlug-disc] Meltdown and computer sales

Khalid Baheyeldin kb at 2bits.com
Wed Jan 17 16:32:36 EST 2018 

I actually came across it shortly after Meltdown came up, and was
happy to know that I can stay on the ESR and not have to move to 57 or
later (for now). Only remembered the fact that I looked this up
yesterday.

As I said: the curse is true: we are living in 'interesting times'.

On Wed, Jan 17, 2018 at 4:16 PM, Chamunks <chamunks at gmail.com> wrote:
> Thanks for posting that Khalid I never would have dug it up.
>
> On Tue, Jan 16, 2018 at 6:03 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>>
>> If you are on Firefox ESR (like me), then ESR is not vulnerable to
>> Meltdown, with or without extensions.
>>
>> If you are on Firefox 57, there is an option that you can turn off to
>> eliminate the risk of Meltdown. Unless you upgraded to the latest 57,
>> and that gets done for you.
>>
>> SharedArrayBuffer is the option.
>>
>>
>> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
>>
>> On Tue, Jan 16, 2018 at 4:29 PM, Andrew Stevanus (KWLUG)
>> <andrew+kwlug at hoot.tech> wrote:
>> > Seconding uMatrix. It allows much more fine-grained control than
>> > NoScript. It doesn't have some of NoScript's other features like ABE,
>> > XSS, and clickjacking protection, though, so I actually use both and
>> > just enable scripts globally in NoScript and block them with uMatrix.
>> >
>> > On 2018-01-16 04:25 PM, Chamunks wrote:
>> >> You should consider uMatrix it's really quite good and lets you enjoy a
>> >> bit
>> >> more of a modern web experience without the finnicky nature of NoScript
>> >> itself https://addons.mozilla.org/en-US/firefox/addon/umatrix/
>> >>
>> >> On Tue, Jan 16, 2018 at 4:20 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
>> >>
>> >>> Yes, I use NoScript currently on Firefox ESR.
>> >>>
>> >>> On Tue, Jan 16, 2018 at 4:02 PM, Chamunks <chamunks at gmail.com> wrote:
>> >>>> Local exploit that with frameworks like WebAssembly might be
>> >>>> exploitable
>> >>>> through your browser.  Use uMatrix & Firefox/Chrome or Brave browser
>> >>> with JS
>> >>>> disabled by default on places you don't trust.
>> >>>>
>> >>>> On Tue, Jan 16, 2018 at 4:00 PM Khalid Baheyeldin <kb at 2bits.com>
>> >>>> wrote:
>> >>>>>
>> >>>>> Remember that Meltdown is a LOCAL exploit.
>> >>>>> That means that someone is able to execute unauthorized code on your
>> >>>>> machine.
>> >>>>>
>> >>>>> On desktops and dedicated servers, this is less of a concern, since
>> >>>>> it
>> >>>>> is game over already if someone is able to execute code locally.
>> >>>>>
>> >>>>> On virtualized machines, this is a big concern. Data can be leaked
>> >>>>> by
>> >>>>> other instances active on the same physical server. So companies
>> >>>>> operating virtual servers are concerned about this.
>> >>>>>
>> >>>>> AMD's vulnerability (Spectre) is less severe than Meltdown, and
>> >>>>> their
>> >>>>> latest generation of CPUs caught up to Intel in terms of performance
>> >>>>> and cost as well.
>> >>>>>
>> >>>>> I will consider them in future purchases.
>> >>>>>
>> >>>>> _______________________________________________
>> >>>>> kwlug-disc mailing list
>> >>>>> kwlug-disc at kwlug.org
>> >>>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> >>>
>> >>>
>> >>>
>> >>> --
>> >>> Khalid M. Baheyeldin
>> >>> 2bits.com, Inc.
>> >>> Fast Reliable Drupal
>> >>> Drupal optimization, development, customization and consulting.
>> >>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> >>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> >>> For every complex problem, there is an answer that is clear, simple,
>> >>> and wrong." -- H.L. Mencken
>> >>>
>> >>> _______________________________________________
>> >>> kwlug-disc mailing list
>> >>> kwlug-disc at kwlug.org
>> >>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> >>>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> kwlug-disc mailing list
>> >> kwlug-disc at kwlug.org
>> >> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> >>
>> >
>> >
>> > _______________________________________________
>> > kwlug-disc mailing list
>> > kwlug-disc at kwlug.org
>> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>> >
>>
>>
>>
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple,
>> and wrong." -- H.L. Mencken
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org



-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple,
and wrong." -- H.L. Mencken

More information about the kwlug-disc mailing list