Real fixes for Spectre and Meltdown?

cloasters said:
Thank you booman and Gizmo for your very helpful posts!

Previous instructions I've tried to follow don't let me update my Mint Cinnamon 17.3.
My machine refuses to see 18.1 and 18.3 updates. And doesn't ask for them either.

Now that there seems to be a good fix available for 18.3 I'm in trouble for not updating my OS to 18.3. Arrgh.
Click to expand...
The fixes for Mint 17.x are also out, along with various other bits... https://blog.linuxmint.com/?p=3496

Um... I may have misread but if you're trying to upgrade in place from 17.x to 18.x, that's, er, brave?
 
Same goes for me, as well! With very great help from ThunderRd I've been doing a few typing in the scary Terminal zone thangs.

Saw a very recent squib saying how, yet again, or perhaps still how terrible Intel has been with its ""updates"" to fix Intel's stupidity/underhanded greed from Linus Torvalds himself.
 
Oh, this one? https://lkml.org/lkml/2018/1/21/192

Not his finest work. Needs more ****. Also read https://lkml.org/lkml/2018/1/22/598 and https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html

Anyway, I'm not falling over myself to apply patches to either of my laptops. Ignoring the fact that my main laptop is now 8 years old, with the family's "new" laptop turning six in April, it seems to me that the more immediately effective solution is, as ever, is to control who gets to run what on my machine. If that means blocking javascript, and only whitelisting particular scrips on particular sites... well, I already do that.
 
Scheisse du Mensch! I have not done any "updates" for my processor. Looks like that was the right move. Fscking Intel. Learning to hate you, learning to hate all about you!

Yes, that was the Linus post I was referring to. The latest from David Woodhouse adds more confusion. The CUTE .pdf from Intel seems to mean I have a Skylake proc. The info is undecipherable for me. Maybe I should just stop using computers--I surely can't understand what I'm supposed to.

I know, starting tomorrow I'm building my own CPU! How hard can it be?
 
An interesting overview by a well-known security geek named Colin Percival, of FreeBSD. Pay attention to the section called
Understanding the attacks. It explains the nature of the security holes present in Meltdown and Spectre, for non-experts:

http://www.daemonology.net/blog/2018-01-17-some-thoughts-on-spectre-and-meltdown.html
FWIW, Percival is a certified expert in this area, known to have gone toe to toe with Linus a few times over the years. Linus was a bit dismissive when Percival discovered a similar vulnerability in the Pentium 4 some years ago, and there were some flames as a result.
 
Last edited:
Thanks a lot for providing further info about this "fun" in your post, Thunder! Clearer as mud, sorry for the un-intelligence on my part.

$ sudo apt-get install -s intel microcode
[sudo] password for myname:
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package intel
E: Unable to locate package microcode

Er, that's:
[sudo] password for my name:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
iucode-tool
The following NEW packages will be installed:
intel-microcode iucode-tool
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Inst iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
Inst intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Conf iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
Conf intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
 
Last edited:
Er, that's:
[sudo] password for my name:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
iucode-tool
The following NEW packages will be installed:
intel-microcode iucode-tool
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Inst iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
Inst intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Conf iucode-tool (1.0.1-1 Ubuntu:14.04/trusty [amd64])
Conf intel-microcode (3.20180108.0+really20170707ubuntu14.04.1 Ubuntu:14.04/trusty-updates [amd64])
Last edited: Yesterday at 9:44 PM


Put it in the wrong place. My bad. Thank you TR!
 
Do you get a "microcode updated" string on Mint?

For added confirmation, do:

dmesg | grep - i "microcode"

It should spit out a few lines showing that the microcode driver has loaded and confirming which version of microcode is in use. Although the same info is also available in /proc/cpuinfo.
 
You must log in or register to reply here.
Back
Top