Tweet
Originally posted by flower
View Post
-
Dualboot into what? And no my kids do not have access to my data either, they logon using their own account which is exactly why mitigations for things like this matters also for the normal end user. I hope you see that having kids running data on a separate account is basically the same as Amazon running other peoples code on their cloud and thus suspect to all the spectre variants. -
if you use full disk encryption and the disks are not mounted no spectre vuln is able to get access to them.Originally posted by F.Ultra View Post
so your data is not at risk
(i use physicalle seperated machines for work and gaming though)Comment
-
So everyone should now buy separate drives for every family member when they can instead just not disable the mitigations?Originally posted by flower View Post
Note that the argument so far have not been "I personally should be able to disable these under my specific conditions" and instead where "every single end-user should disable them". And it's from that angle my counterpoints comes from, that you specifically can disable them and suffer nothing is of no question what so ever, it's your general advice that is under scrutiny.Comment
-
i dont really care if others disable the mitigations or not. i want to be able to disable them because of cities skylines. which is (with many mods) a performance monster which was unplayable for me with them activated.Originally posted by F.Ultra View Post
in MY opinion it is never a good idea to run untrusted code on a machine with important data - even before spectre. we just dont know what kind of vulns exists and are not public.
full disk encryption and dual boot is just a cheap way to seperate gaming from important stuff.
Comment
-
You're going to mount them at some point right? If you're not using a TPM or similar, then those keys are going to be in system memory.Originally posted by flower View PostComment
-
only if the disks are mounted the key is in memoryOriginally posted by cybertraveler View Post
dualboot is important in that case because it might(!) be easy to get root and replace some system-binaries with nasty ones.
it also depends on your security profile. i ONLY care about my important data. i dont want it to leak or be tampered with.Comment
-
Exactly.Originally posted by F.Ultra View Post
I support giving users the option to disable these features if they want to, but I advocate that novice users (typical home users and gamers) do not disable these features unless they know what they are doing and are aware of the risks and the benefits. Computer security is a big deal and is becoming even more important as time progresses.Comment
-
Indeed. I also have a separate system for gaming. I pay far less attention to the security of that system than my other systems.Originally posted by flower View PostComment
-
Nowadays 1, 2.5, 5, and 10 gigabit LANs are so cheap that you could easily offload all data accesses to a separate NAS doing encryption and such. When doing dual boot, you need to know that if you don't cycle the power off, the data (keys) might be intact in RAM after rebooting. There's a switch to wipe the RAM when shutting down in the kernel, but it slows down rebooting considerably on modern 16-64 GB RAM machines.Originally posted by flower View PostComment
-
true that... but you still need to secure the login data.Originally posted by caligula View Post
but usually whenever i tell someone "just spend 50$ on that" on this forum, someone yells at me that i can't expect anyone to have that much money
Comment
Comment