Hacker News new | past | comments | ask | show | jobs | submit login

Bare metal servers that run trusted code like a build not are not effected. Maybe this will be a bios setting or a kernel flag to set .



Kernel flag at compile time? - Yes

Kernel flag at boot time? - No (the fix is a to compile instructions differently).

Bare metal servers that only run trusted code are only unaffected so long as they explicitly opt out of the new security model, and I'm not sure how easy that'll be...


IIUC it's not possible to opt out at this time (short of reverting the patches). Linus expressed some concern about it: https://lkml.org/lkml/2018/1/3/797


What a tl;dr!

  Please talk to management. Because I really see exactly two possibibilities:
 
  - Intel never intends to fix anything

  OR

  - these workarounds should have a way to disable them.

  Which of the two is it?


In case of Meltdown and Linux you simply set the boot parameter pti=off and reboot the machine.


Ah, sorry. My comment was specifically directed at Spectre (though I didn't say it), the more serious of the two.


I feel like user-facing server-side scripting languages should be investigated whether they incur the same risk as running JavaScript in a browser (which is big and complicated). I'm thinking about stuff like Sievescript and IFTTT-like applications.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: