Administrative > Messages from the pfSense Team

An update on Meltdown and Spectre

(1/4) > >>

ivor:
https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html

kejianshi:
https://www.theverge.com/2018/1/22/16919426/intel-advises-pause-deployment-of-spectre-patch

https://techcrunch.com/2018/01/22/linus-torvalds-declares-intel-fix-for-meltdown-spectre-complete-and-utter-garbage/

https://gizmodo.com/intel-is-trying-to-fix-the-biggest-problem-with-its-spe-1822305604

All fixed!  (AMD patches are pretty broken as well)

Darkk:
Sweet!!  Meanwhile the hackers and the NSA are having a party!

I agree it's a mess and hope this will get patched soon.

kejianshi:
I actually wouldn't apply any of these patches to a pfsense running on hardware.  You risk performance and stability hits and I think pfsense isn't really at risk unless its running as a VM.  I'd only apply these patches to a machine hosting VMs.  I wouldn't even do that right now actually.  I'd wait for the chip makers to get their act together.

jahonix:

--- Quote from: https://www.netgate.com/blog/an-update-on-meltdown-and-spectre.html ---The FreeBSD developers will likely wait a bit before starting the backport of these patches to both FreeBSD 11 and 10. Once these backports are available, snapshots including the fixes will only be available for pfSense® 2.4.x and amd64 architecture.
--- End quote ---
Again, why is that?

Navigation

[0] Message Index

[#] Next page

Go to full version