0

SMLR Episode 262 The Spectre Of A Meltdown

Posted by Tom Lawrence on January 8, 2018 in Show-mp3, Show-ogg |
Play

http://smlr.us

Downloads:

MP3 format (for Freedom Haters!)
OGG format (for Freedom Lovers!)

Contact Us:

show (at) smlr.us or the Contact us page


Intro:

Tony Bemus, Tom Lawrence, Phil Porada and Mary Tomich

Sound bites by Mike Tanner

Tech News:

NYTIMES: Taking a Look at Linux

https://www.nytimes.com/2018/01/04/technology/personaltech/taking-a-look-at-linux.html?rref=collection%2Fsectioncollection%2Fpersonaltech

 

Really Mozilla? Mr Robot?

Firefox recently pushed an add-on to users called “Looking Glass 1.0.3,” carrying no description other than “MY REALITY IS JUST DIFFERENT THAN YOURS.” While it was a benign marketing campaign by the company, several users assumed they had downloaded malware.

https://wccftech.com/firefox-damaged-user-trust-promote-mr-robot/

 

Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox. The precision of performance.now() has been reduced from 5μs to 20μs, and the SharedArrayBuffer feature has been disabled because it can be used to construct a high-resolution timer.

https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/

 

Docker Performance With KPTI Page Table Isolation Patches, not as bad as expected

https://www.phoronix.com/scan.php?page=article&item=docker-kpti-linux&num=1

 

For their 2017 fiscal year they took in $126 million which is better than the prior year and their headcount grew from 496 to 566. On that $126 million, for their fiscal year they managed a net profit of just two million.

https://www.phoronix.com/scan.php?page=news_item&px=Canonical-2017-Financial-Result

 

ssh sshtron.zachlatta.com

http://sshtron.zachlatta.com/

 

Apt-get install screenie-qt

https://www.maketecheasier.com/add-style-to-screenshots-using-screenie/

 

Read privileged ARM system registers from usermode – PoC implementation of Meltdown variant 3a

https://github.com/lgeek/spec_poc_arm

 

Original Project Zero Post

https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

 

Google Security Blog Post

https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html

 

Spectre and Meltdown

http://kroah.com/log/blog/2018/01/06/meltdown-status/

https://medium.com/implodinggradients/meltdown-c24a9d5e254e

https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/

https://lkml.org/lkml/2018/1/3/797

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

https://lwn.net/SubscriberLink/742702/e23889188fce9f7f/

Out Going Show Music:

https://www.jamendo.com/track/951448/show-me-what-you-got

 

 

This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2011-2018 Sunday Morning Linux Review All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.