Mostly geeks want/need this flag which is why no one implemented it earlier.

I set my bootloader up so I have both unmitigated and mitigated options. Only reason is if a game stutters or gets low FPS, I can try it unmitigated and see if that's the cause....it hasn't been the cause yet.

While helpful, all this does is make some my kernel command lines shorter.

Personally, I think things like the S/M mitigations need the error messages when not in use. It's like the kernel is saying "Hey, yo! You about to get all up in that unwrapped. You could get digi-AIDS. "

I'm not sure there are other things in the kernel that deliberately leave it vulnerable when disabled - I also can't believe you're still bitching about this when you've removed the "offending" line yourself. In the famous words of Queen Elsa - "Let it go"

Never have understood if Desktop users need this mitigation enabled...

Can't remember who said it, but it's become a saying at work.

Now I am even more confused...
Let me just say that I use Debian with Xfce4...

The serous answer is in the spectre white paper. Turns out meltdown and spectre attacks can be performed from java-script inside your web browser.

Yes particular news sites covered it.


Welcome to fun reality. Are you really sure you should turn them off? You do need to think serous-ally. Like if I have a machine running a blender render on a secure network turning these mitigation off for performance is safe. Now as a desktop user going on the internet with the mitigation turned off might be why your system ends up exploited and infected.

Do me a favour and don't answer these security topic again until after you have read up on them. This is not IBM or Redhat harming anyone this is you being a moron who had no clue of the security risk. Something you did not consider is how many kernel modules are developed by Redhat/IBM developers and change settings without displaying warning. The fact they decided to include a error message about it was in fact it was critical the attack surface to exploit spectre and meltdown is huge thinking it works from in browser javascript, game map scripting.......

Please explain what does that line of code have todo with IBM/Redhat. The line you commented out is by David Woodhouse of amazon uk.

Above is the patch. Not a single person who approved it for Include in the Linux kernel has a single thing todo with IBM/Redhat.

Redhat and IBM basically have no code in the spectre/meltdown code. Horrible fact is Redhat had to revert all their spectre/meltdown code out their enterprise kernels and switch to third party made because third party made was better constructed and covered more cases.

No it did not take half a year to implement either was released in stable kernels well before 5.1 kernel release. So this is more formal notice of a forwards ported patch from Linux kernel LTS to Linux kernel mainline. This does not happen that often.

Told you to read up before posting another comment. Really debianxfce stop giving IBM credit for work they never did because you fail at doing you homework on who did what.