Shal & All . . .
On Sat, 20 Jan 2018 21:12:54 -0800, "Shal Farley" <shals2nd@...>
wrote:
* SYSADMIN: Completed reboots of all machines in Phase 1 of
Meltdown/Spectre patching.
Last I heard there is no indication that there have been attacks against
web services based on these exploits, but still it is better to have
Groups.io secured against them. And our own machines as well. That said,
from what I understand these two represent a whole new class of
"information leak" exploits; so we probably haven't heard the last of
their ilk.
Most Linux distributions have rolled out their patches so if you're
using Linux as your operating system, let it update things. You can
always choose to not update applications and just let the ones
affecting the kernel update. I let Linux Mint update this time for
that reason. I typically use Windows for most PC use but dabble in
Linux using Linux Mint.
For Windows 10, the update has also been rolled out. There was a
problem with the fix for some AMD CPUs that caused it to either not
boot or reboot over and over (I forget which it was), but Microsoft
stopped updating those for a while. I believe they have it right now
and the updates will work. It's time to let it update if you've been
able to prevent it from doing so (Pro users have more influence on
holding off on updates).
It seems to me that updates for Win 7 and 8.x were not ready yet as of
a few days ago, but that may have changed by now so if you get offered
updates, I would suggest letting the system do the update if you are
concerned about potential Meltdown/Spectre security issues. Unpatched
systems have been the cause of many PC infections and help to spread
the infections. Windows 10 pretty much eliminated that on those PCs
that have it because it takes updates out of the hands of the user
since it forces the user to update. There's good and bad with this,
but for security issues, it's mostly good. Same with other updates,
too, but I've had issues early on with touchpad driver updates--they
finally have got it right though for out two older HP business-class
laptops.
I don't have any information on MAC PCs.
I don't expect older smartphones (and tablets, both iOS and Android)
to get updates for this as the manufacturers have a vested interest in
you buying new smartphones every 2-3 years, and the carriers also
profit from not updating older phones since they're the point of sale
for most smartphone purchases. Apple is more likely to update older
hardware than other companies, though.
If you don't keep sensitive information on your phone (I'm referring
to financial/banking, online purchasing with credit cards, etc.), you
have less to be concerned about than if you do. If you don't sideload
applications from "untrusted" sources you are less likely to have
issues with this on a phone/tablet. I would even suggest being very
cautious about what you download from Google Play or the App Store,
and for PCs, the Microsoft app store or anywhere you get software
from. You may want to wait a few months before downloading some new
program or app to find out if there are issues you need to be
concerned about. Eventually infected apps get rooted out, or people
report the problem and it makes the news, forcing the source of these
to remove them from their collections.
Unfortunately, the internet is not all fun like it was way back in the
1990s. It's not exactly a minefield, either, but you do have to be
careful.
Donald
The further a society drifts from truth the more it will hate those who
speak it. --George Orwell
