[kwlug-disc] Meltdown and computer sales

Wed Jan 17 16:57:18 EST 2018

I really wish that 57 ruined the entire extension architecture it was just
about the only reason I kept firefox installed on my computer for so long.
I miss all of my security plugins like Calomel SSL, DNS Sec, DownThemAll
etc... I had one that gave me the curl command to download a file without
my browser in some CLI somewhere... All of this stuff just gone...  Now you
can hardly inspect a TLS certificate.... anyways I digress.

On Wed, Jan 17, 2018 at 4:32 PM Khalid Baheyeldin <kb at 2bits.com> wrote:

> I actually came across it shortly after Meltdown came up, and was
> happy to know that I can stay on the ESR and not have to move to 57 or
> later (for now). Only remembered the fact that I looked this up
> yesterday.
>
> As I said: the curse is true: we are living in 'interesting times'.
>
> On Wed, Jan 17, 2018 at 4:16 PM, Chamunks <chamunks at gmail.com> wrote:
> > Thanks for posting that Khalid I never would have dug it up.
> >
> > On Tue, Jan 16, 2018 at 6:03 PM Khalid Baheyeldin <kb at 2bits.com> wrote:
> >>
> >> If you are on Firefox ESR (like me), then ESR is not vulnerable to
> >> Meltdown, with or without extensions.
> >>
> >> If you are on Firefox 57, there is an option that you can turn off to
> >> eliminate the risk of Meltdown. Unless you upgraded to the latest 57,
> >> and that gets done for you.
> >>
> >> SharedArrayBuffer is the option.
> >>
> >>
> >>
> https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
> >>
> >> On Tue, Jan 16, 2018 at 4:29 PM, Andrew Stevanus (KWLUG)
> >> <andrew+kwlug at hoot.tech> wrote:
> >> > Seconding uMatrix. It allows much more fine-grained control than
> >> > NoScript. It doesn't have some of NoScript's other features like ABE,
> >> > XSS, and clickjacking protection, though, so I actually use both and
> >> > just enable scripts globally in NoScript and block them with uMatrix.
> >> >
> >> > On 2018-01-16 04:25 PM, Chamunks wrote:
> >> >> You should consider uMatrix it's really quite good and lets you
> enjoy a
> >> >> bit
> >> >> more of a modern web experience without the finnicky nature of
> NoScript
> >> >> itself https://addons.mozilla.org/en-US/firefox/addon/umatrix/
> >> >>
> >> >> On Tue, Jan 16, 2018 at 4:20 PM Khalid Baheyeldin <kb at 2bits.com>
> wrote:
> >> >>
> >> >>> Yes, I use NoScript currently on Firefox ESR.
> >> >>>
> >> >>> On Tue, Jan 16, 2018 at 4:02 PM, Chamunks <chamunks at gmail.com>
> wrote:
> >> >>>> Local exploit that with frameworks like WebAssembly might be
> >> >>>> exploitable
> >> >>>> through your browser.  Use uMatrix & Firefox/Chrome or Brave
> browser
> >> >>> with JS
> >> >>>> disabled by default on places you don't trust.
> >> >>>>
> >> >>>> On Tue, Jan 16, 2018 at 4:00 PM Khalid Baheyeldin <kb at 2bits.com>
> >> >>>> wrote:
> >> >>>>>
> >> >>>>> Remember that Meltdown is a LOCAL exploit.
> >> >>>>> That means that someone is able to execute unauthorized code on
> your
> >> >>>>> machine.
> >> >>>>>
> >> >>>>> On desktops and dedicated servers, this is less of a concern,
> since
> >> >>>>> it
> >> >>>>> is game over already if someone is able to execute code locally.
> >> >>>>>
> >> >>>>> On virtualized machines, this is a big concern. Data can be leaked
> >> >>>>> by
> >> >>>>> other instances active on the same physical server. So companies
> >> >>>>> operating virtual servers are concerned about this.
> >> >>>>>
> >> >>>>> AMD's vulnerability (Spectre) is less severe than Meltdown, and
> >> >>>>> their
> >> >>>>> latest generation of CPUs caught up to Intel in terms of
> performance
> >> >>>>> and cost as well.
> >> >>>>>
> >> >>>>> I will consider them in future purchases.
> >> >>>>>
> >> >>>>> _______________________________________________
> >> >>>>> kwlug-disc mailing list
> >> >>>>> kwlug-disc at kwlug.org
> >> >>>>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >> >>>
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Khalid M. Baheyeldin
> >> >>> 2bits.com, Inc.
> >> >>> Fast Reliable Drupal
> >> >>> Drupal optimization, development, customization and consulting.
> >> >>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> >> >>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> >> >>> For every complex problem, there is an answer that is clear, simple,
> >> >>> and wrong." -- H.L. Mencken
> >> >>>
> >> >>> _______________________________________________
> >> >>> kwlug-disc mailing list
> >> >>> kwlug-disc at kwlug.org
> >> >>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >> >>>
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> kwlug-disc mailing list
> >> >> kwlug-disc at kwlug.org
> >> >> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >> >>
> >> >
> >> >
> >> > _______________________________________________
> >> > kwlug-disc mailing list
> >> > kwlug-disc at kwlug.org
> >> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >> >
> >>
> >>
> >>
> >> --
> >> Khalid M. Baheyeldin
> >> 2bits.com, Inc.
> >> Fast Reliable Drupal
> >> Drupal optimization, development, customization and consulting.
> >> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> >> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> >> For every complex problem, there is an answer that is clear, simple,
> >> and wrong." -- H.L. Mencken
> >>
> >> _______________________________________________
> >> kwlug-disc mailing list
> >> kwlug-disc at kwlug.org
> >> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>
>
> --
> Khalid M. Baheyeldin
> 2bits.com, Inc.
> Fast Reliable Drupal
> Drupal optimization, development, customization and consulting.
> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
> For every complex problem, there is an answer that is clear, simple,
> and wrong." -- H.L. Mencken
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180117/d428ac08/attachment.htm>