Originally posted by cybertraveler
View Post
Announcement
Collapse
No announcement yet.
A Global Switch To Kill Linux's CPU Spectre/Meltdown Workarounds?
Collapse
X
-
Originally posted by Djhg2000 View Post"Disabling is a good option for strictly confined environments where no 3d party untrusted code is ever to be run, e.g. a rendering farm, a supercomputer, or even a home server which runs Samba/SSH server and nothing else."
Wait what? Wouldn't render farms and supercomputers be high value targets for hackers? Home servers woudn't be, but on the other hand they would probably be easier targets. The only legitimate use case I can think of is in strictly offline computers.
Note: I've simplified some aspects of the situations above, but it's close enough.
- Likes 1
Leave a comment:
-
Originally posted by Djhg2000 View Post"Disabling is a good option for strictly confined environments where no 3d party untrusted code is ever to be run, e.g. a rendering farm, a supercomputer, or even a home server which runs Samba/SSH server and nothing else."
Wait what? Wouldn't render farms and supercomputers be high value targets for hackers? Home servers woudn't be, but on the other hand they would probably be easier targets. The only legitimate use case I can think of is in strictly offline computers.
Leave a comment:
-
Originally posted by Djhg2000 View PostThe only legitimate use case I can think of is in strictly offline computers.
if someone starts to send spam from it i'd notice it sooner or later - and they would not need spectre to do it: a normal user account is totally fine for that.
dont forget: spectre doesnt open magically the doors for everyone. you still need to execute the code which starts the attack somehow
Leave a comment:
-
"Disabling is a good option for strictly confined environments where no 3d party untrusted code is ever to be run, e.g. a rendering farm, a supercomputer, or even a home server which runs Samba/SSH server and nothing else."
Wait what? Wouldn't render farms and supercomputers be high value targets for hackers? Home servers woudn't be, but on the other hand they would probably be easier targets. The only legitimate use case I can think of is in strictly offline computers.
Leave a comment:
-
Originally posted by caligula View Post
Nowadays 1, 2.5, 5, and 10 gigabit LANs are so cheap that you could easily offload all data accesses to a separate NAS doing encryption and such.
but usually whenever i tell someone "just spend 50$ on that" on this forum, someone yells at me that i can't expect anyone to have that much money
Leave a comment:
-
Originally posted by flower View Postfull disk encryption and dual boot is just a cheap way to seperate gaming from important stuff.
- Likes 1
Leave a comment:
-
Originally posted by flower View Postit also depends on your security profile. i ONLY care about my important data. i dont want it to leak or be tampered with.
- Likes 1
Leave a comment:
-
Originally posted by F.Ultra View Post
So everyone should now buy separate drives for every family member when they can instead just not disable the mitigations?
Note that the argument so far have not been "I personally should be able to disable these under my specific conditions" and instead where "every single end-user should disable them". And it's from that angle my counterpoints comes from, that you specifically can disable them and suffer nothing is of no question what so ever, it's your general advice that is under scrutiny.
I support giving users the option to disable these features if they want to, but I advocate that novice users (typical home users and gamers) do not disable these features unless they know what they are doing and are aware of the risks and the benefits. Computer security is a big deal and is becoming even more important as time progresses.
- Likes 1
Leave a comment:
-
Originally posted by cybertraveler View Post
You're going to mount them at some point right? If you're not using a TPM or similar, then those keys are going to be in system memory.
dualboot is important in that case because it might(!) be easy to get root and replace some system-binaries with nasty ones.
it also depends on your security profile. i ONLY care about my important data. i dont want it to leak or be tampered with.
Leave a comment:
Leave a comment: