Page 5 of 7
Re: Zombieload
Posted: Thu May 16, 2019 11:03 pm
by KBD
Question guys: How important is it to disable hyper-threading? Google is doing it now with ChromeOS. I wouldn't even know how to start to disable this, or if it even makes sense in Linux. What do you folks think about hyper-threading and avoiding some of these intel issues by disabling it?
Re: Zombieload
Posted: Thu May 16, 2019 11:17 pm
by figueroa
beardedragon wrote: Thu May 16, 2019 8:05 pm
Code: Select all
bob@MX:~/Downloads
$ sudo ./spectre-meltdown-checker.sh
sudo: ./spectre-meltdown-checker.sh: command not found
Make sure it is executable. Make sure you are in the same directory as the script.
Re: Zombieload
Posted: Thu May 16, 2019 11:29 pm
by figueroa
KBD wrote: Thu May 16, 2019 11:03 pm
Question guys: How important is it to disable hyper-threading? Google is doing it now with ChromeOS. I wouldn't even know how to start to disable this, or if it even makes sense in Linux. What do you folks think about hyper-threading and avoiding some of these intel issues by disabling it?
I'm going to let it all hang out here saying that if you are on a single user or family computer that isn't performing any server functions exposed directly to the Internet (i.e. behind a router with NAT), and you haven't exposed ports to unauthenticated users, it's not very important. Users should evaluate their own exposure and consider reducing that exposure, eliminating exposure to the extent possible. Practicing safe computing is more important that locking down the CPU. Disclaimer -- this is my reasonably informed opinion.
Re: Zombieload
Posted: Fri May 17, 2019 2:43 am
by Kulmbacher
beardedragon wrote: Thu May 16, 2019 8:05 pm
Code: Select all
bob@MX:~/Downloads
$ sudo ./spectre-meltdown-checker.sh
sudo: ./spectre-meltdown-checker.sh: command not found
just use: $ sudo spectre-meltdown-checker
Re: Zombieload
Posted: Fri May 17, 2019 7:14 am
by Head_on_a_Stick
KBD wrote: Thu May 16, 2019 11:03 pm
How important is it to disable hyper-threading?
I would recommend disabling SMT for Intel hardware, there are almost certainly many more undiscovered vulnerabilities that can take advantage of Intel's broken microarchitecture.
The vulnerabilities can be targetted through the browser using javascript so the risk is very real even for "normal" desktop users.
Re: Zombieload
Posted: Fri May 17, 2019 7:18 am
by Head_on_a_Stick
beardedragon wrote: Thu May 16, 2019 8:30 pm
I give up,I am going to install fresh and not use that kernel.
The kernel you were using was protected according to the /sys content you posted earlier.
That silly spectre-meltdown-checker script just reads those values anyway.
Re: Zombieload
Posted: Fri May 17, 2019 7:23 am
by richb
I do not think the spectre-meltdown-checker is silly. beargdragon had his running script when in post #25.
Re: Zombieload
Posted: Fri May 17, 2019 7:37 am
by Head_on_a_Stick
richb wrote: Fri May 17, 2019 7:23 am
I do not think the spectre-meltdown-checker is silly.
Hey, it's just my opinion
I don't see why a 4508 line script should be preferred over the information already provided by the kernel, especially when said script draws it's results from the same files in /sys that my posted one-liner does.
Re: Zombieload
Posted: Fri May 17, 2019 7:50 am
by richb
I respect your opinion.
The script is in our repos so easily available to new users. It also has explanation abilities for the output. In my opinion it brings the information closer to ease of use and understanding for the average user. Both methods, however, probably raise more questions than answers unless the user digs deeper to understand the issues.
Re: Zombieload
Posted: Fri May 17, 2019 8:03 am
by oops
"...raise more questions than answers unless the user digs deeper to understand the issues."
... Exact richb, it is the main problem, The problematic is too deeper to almost everybody (me included).