IRC Logs for #crux Thursday, 2018-01-04

*** abenz has quit IRC00:20
*** rawmat has quit IRC00:31
*** dlcusa has joined #crux01:05
*** heroux has quit IRC01:12
*** heroux has joined #crux01:14
*** heroux has quit IRC01:14
*** heroux has joined #crux01:14
*** j_v has quit IRC02:45
*** j_v has joined #crux02:50
*** abenz has joined #crux02:51
j_vfinally booted into 4.14.11... on amd, with pti enabled, hard to tell yet how much slow down there is so far02:52
jaegerI'm running the firefox test again on my ryzen box with and without it just to see how that turns out02:56
j_vwould be interesting to see the results. i need to start tracking build times for things like kernel builds to get some data for stuff like this.02:59
jaegerI'll share when it's done. Just started the non-pti builds today so it'll be a while03:02
joacim i've been tracking kernel build times03:02
joacimbut over time my config slightly changes, and new kernels come with new stuff03:02
j_vI've been spending a lot of time watching activity in the kernel git repos, mainly tip and linus's main branch... there is still a lot of changes coming related to the bugs.03:03
joacimso i dont think they're the best to compare with03:03
joacimbut it is nice to see how things progress over time03:03
j_vi don't change my configs very often, though i do spend some time at it when ever I switch to a new stable release branch03:04
joacimhttp://dpaste.com/2E7ME9W03:05
joacimi should take the same config and test all those cpus again03:06
j_vi use a build script, so adding in a bit for doing like that would be fairly straight forward03:06
joacimi usually do those timed tests in a detached tmux session03:06
joacimsince all that text scrolling will add about a minute to the test03:07
j_vgood idea03:08
jaegerI don't mind that as long as my tests have it consistently :)03:09
joacimcould be complicated03:10
joacimsince some terminals are slower than others03:10
joacimand doing them remotely with ssh on servers will add a bit to the final time too03:10
joacimi think i saw someone use a test like this to benchmark terminals03:11
*** _________mavric6 has quit IRC03:40
*** _________mavric6 has joined #crux03:41
*** tilman_ has joined #crux04:05
Sitrij_v: AMD doesn't have the slowdown fix05:25
SitriThat's an Intel-only thing05:25
j_vSitri: i was talking about this patch earlier: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=694d99d40972f12e59a3696effee8a376b79d7c805:28
j_vit isn't a slowdown fix, and it hasn't landed in a release yet05:29
j_vbut it does skip enabling PTI on AMD... not clear yet if it is really a good move by AMD, given what I've read so far.05:30
j_vthat patch has only made into tip and linus's branches in recent hours, but looks like it's possibly staged for mainline05:32
SitriPTI is what I meant by "slowdown fix"05:33
j_vmy understanding is that PTI is a big part of the 'slowdown'05:33
SitriYes05:34
j_vand that there are features on intel processors that will make it less noticable05:34
SitriBecause it dumps and reloads memory on every syscall05:34
j_vthe PTI is currently applied unconditionally to all x86 processors, unless 'nopti' kernel commandline option given at boot05:37
SitriHmm05:37
j_vthat was why i've been watching that patch. it's been in lkml and patchwork for a while, only just making it into official trees, just not released yet05:39
j_vaccording to reports like googlezero and the kaiser writeup, amd fx and amd pro are affected, at least partially05:41
Sitrihttps://googleprojectzero.blogspot.ca/2018/01/reading-privileged-memory-with-side.html <-- apparently includes a script that lets you test for some of the vulns05:42
Sitri(See the #2 footnote)05:42
j_vyeah, good point. saw that, haven't tried here, though i should.05:42
j_vhmmm, don't see the script now. was sure it was there before05:50
j_vah, i was thinking link...05:55
Sitri"It is very unlikely that the PoC works with other kernel versions without changes; it contains a number of hardcoded addresses/offsets."05:58
SitriLame05:58
j_vdamn, and i think they used 4.4 kernel... very lame05:58
Sitri4.905:59
j_vah, i have 4.9.{71,72,73} builds, but currently booted into 4.14.1106:00
j_vhttps://github.com/felixwilhelm/mario_baslr is where i was thinking 4.4, but that is mainly against kvm06:02
j_vhttp://www.amd.com/en/corporate/speculative-execution seems overly optimistic, but i'd be fine with them being right.06:04
tilmanthat's my favorite exploit name so far :]07:05
*** timcowchip has joined #crux08:00
*** workodera has joined #crux08:00
*** workodera_ has joined #crux08:05
*** workodera_ has quit IRC08:05
timcowchipis there a dbus-python for python3?08:12
workoderadoes 4.14.11 include the patches for the intel bugs?08:19
timcowchipor can just pip3 install dbus-python?08:20
*** timcowchip has quit IRC08:24
*** timcowchip has joined #crux08:31
frinnsthttps://planet-express.se/bredbandskollen.png pretty08:33
timcowchipdon't speak the lingy but it looks fast08:40
frinnstaye, pretty much theoretical max for my connection at home :)08:46
joacimswedish is actually quite easy to read08:55
joacimthey promised 20 Gbps at school, but from the PC I use, I just get 700 Mbps at most. Maybe 200 up08:57
joacimThe PC only has a Gbps NIC tho08:57
timcowchiphttps://pastebin.com/jrwFDbXh dbus-python3?08:58
timcowchipgpodder just got upgraded to use python3 and dbus-python3 is a one of its new depends09:02
timcowchipalso py3gobject-gtk3 is another dep instead of pygtk09:03
timcowchipso should I make my own port, or run for the office of Contrib Maintainer09:09
timcowchiphoping nobody has any incriminating dossier on me09:10
timcowchipjk09:11
timcowchipI was thrilled to get 100Mbs from my new ISP09:19
timcowchipmy old ISP charged the same for 10Mbs09:20
*** timcowchip has quit IRC09:38
*** abenz has quit IRC09:38
*** g0relike has joined #crux10:29
*** g0relike-2 has quit IRC10:31
*** abenz has joined #crux11:22
*** g0relike has quit IRC11:25
*** abenz has quit IRC11:48
*** g0relike has joined #crux12:02
*** workodera has quit IRC12:05
*** workodera has joined #crux12:10
*** abenz has joined #crux12:14
*** g0relike has quit IRC12:15
*** g0relike has joined #crux12:15
*** khanku has quit IRC12:19
*** Kruppt has joined #crux12:30
*** Kruppt has quit IRC12:31
*** john_cephalopoda has joined #crux12:40
*** Tobit has quit IRC12:47
*** Tobit has joined #crux12:51
*** jue has joined #crux12:52
cruxbot[opt.git/3.3]: flash-player-plugin: update to 28.0.0.12612:56
cruxbot[opt.git/3.3]: nano: update to 2.9.212:56
cruxbot[opt.git/3.3]: samba: update to 4.7.412:56
cruxbot[opt.git/3.3]: neon: fix source URL12:57
pedjahttps://www.linuxjournal.com/content/happy-new-year-linux-journal-alive12:58
pedjait will be interesting to see where they go from here13:00
pedjasince PTI patch affects syscalls, if I am understanding the whole issue right, this might be an interesting benchmark to run before/after https://github.com/arkanis/syscall-benchmark13:08
pedjaworst case scenario sort of thing13:09
*** abenz has quit IRC13:17
pedjaLinus is not amused https://lkml.org/lkml/2018/1/3/79713:40
workoderaI don't think I'll buy intel again13:41
workoderahttps://www.businessinsider.nl/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1/13:41
john_cephalopodaUmm, that sounds like insider trading.13:54
workoderawell yeah it is imo13:58
frinnstif you file the paperwork you can do whatever you want i think14:07
frinnstso, file paperwork to sell stock (while knowing the stock will fall), wait, sell stock, announce bad news14:07
*** rawmat has joined #crux14:19
*** rawmat has quit IRC14:20
SiFuhX Files Season 11 started14:34
pedjaIntel's CEO stock sale was approved by SEC, iirc14:34
pedjaapparently, it was scheduled several months before14:36
pedja*if* there was something fishy going on, and SEC can prove it, he is fucked, probably.14:44
pedjaI am sure there is a rising star in SEC that would love to make an example out of him, if it's true.14:46
jaegerMaybe it's just really unfortunate timing14:47
pedjathe funny thing is, if he stopped the sale, that would raise a red flag too :)14:49
pedjait could be interpreted as signalling the investors14:49
pedjaWall Street is weird14:50
*** abenz has joined #crux14:57
frinnstthey knew about it in june14:57
pedjaah, yes, Google's Project 0 informed them15:02
*** abenz has quit IRC15:03
*** Tobit has quit IRC15:07
*** Tobit has joined #crux15:12
pedjas/several months/a month/ :)15:20
pedjaso, they knew in June, he filled the paperwork in late October, sold it in late November.15:22
pedja'SEC representative declined to comment'15:23
pedja2018. might be a pretty interesting year for Intel15:24
jaegerIt already is, heh15:25
jaegerstock aside, meltdown and spectre are a bad way to start the year15:26
SiFuhYeah read that in the news, today. Didn't want to upset pedja ;-)15:42
pedjawhy would I be upset?15:43
SiFuhBecause you are the google champion15:44
*** abenz has joined #crux15:48
tilman"works as designed"16:17
tilmanthe balls on them! :D16:17
*** abenz has quit IRC16:21
john_cephalopodaWhen the design is flawed, it works as designed although it is broken.16:23
*** workodera has quit IRC16:30
dlcusaHow often do you see Zseries in these: https://access.redhat.com/security/vulnerabilities/speculativeexecution?sc_cid=7016000000127NJAAY16:58
darfoZseries (IBM mainframes) have been doing speculative execution since before Intel 286 chips17:11
darfoOne client I used to have used RedHat on Zseries to support zTPF OS.17:12
darfoAFAIK Redhat is the only distro with enterprise support that runs on Zseries.17:13
darfoI wonder if Redhat is just covering their bases and protecting their customers?17:14
dlcusadarfo, they said there is a Zseries Spectre exploit (and several POWER chips, too).17:22
dlcusaMy question is about zVM, zVSE, and z/OS environments, but I think they are working on a firmware fix, so it may be trivial.  I'm trying to get to the IBM-MAIN list posts, rwal soon now.17:24
dlcusas/rwal/real/17:25
darfoYes. It makes me wonder if it only Linux that is a problem, ie. the linux kernel hasn't been following the rules all along.17:26
darfoACTION puts on fire-retardant suit17:26
darfoIt seems like these vulns would be causing a lot of dumps, lockups, weirdness, before they actually find what they are looking for.17:28
*** rawmat has joined #crux17:35
*** rawmat has quit IRC17:35
*** Anselmo has joined #crux17:51
*** onodera has joined #crux18:09
onoderaHow stupid would it be to not patch my kernel?18:09
onoderaas in disable the workaround18:09
ryuoonodera: well, you're putting yourself at greater danger if you allow untrusted cost to run, even in a sandbox.18:12
ryuocode*18:12
ryuoany vulnerabilities in existing software could be exploited further than usual.18:13
dlcusaRed Hat also published clear updates for Z kernel components: https://access.redhat.com/errata/RHSA-2018:001118:13
*** tsaop has joined #crux18:50
*** amonn has joined #crux19:13
darfodlcusa: it's odd. In the description it says "In this update mitigations for x86-64 architecture are provided."19:35
darfoBut at the end of the page, under Affected Products, it says "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.7 s390x"19:35
darfoThey might be rushing things out the door.19:36
*** tsaop has quit IRC20:18
dlcusadarfo, they didn't say exclusively x86-64.20:20
frinnsthttps://twitter.com/misc0110/status/94870638749178675220:31
*** john_cephalopoda has quit IRC20:36
*** john_cephalopoda has joined #crux20:37
*** john_cephalopoda has quit IRC20:37
*** john_cephalopoda has joined #crux20:37
darfodlcusa: true. probably just didn't review the description closely. For me the Affected Products section was always the definitive part.20:42
*** jaeger- has joined #crux20:50
*** jaeger has quit IRC20:52
pedjafrinnst, busy weekend ahead for you :) ?20:58
cruxbot[opt.git/3.3]: firefox: updated to 52.5.3esr21:31
frinnstlooks like21:31
ryuohttps://pics.me.me/the-more-of-your-data-i-gather-the-more-i-21522864.png21:33
pedjawth? https://support.mozilla.org/en-US/kb/broadwell-u-microcode21:50
pedja(FF-57+)21:51
frinnstlol22:08
crash_oh i have a broadwell cpu22:18
frinnsthttps://www.mozilla.org/en-US/security/advisories/mfsa2018-01/22:19
*** pedja has quit IRC22:20
john_cephalopodaOooh, that thing will get bigger.22:24
john_cephalopodaWith this bug, one can take over any non-updated computer easily.22:25
*** pedja has joined #crux22:41
pedjawell, that will teach me not to type something into ipython 'just to see what it does'22:46
ryuopedja: it bite your hand?22:50
ryuobit*22:50
pedjait almost gave me a heart attack :)22:56
pedjahard disk grinding, system frozen, keyboard LEDs flashing22:57
pedjaLED's flashing 'you idiot' in Morse, iirc22:58
*** onodera has quit IRC23:04
*** abenz has joined #crux23:09

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!