A fact about mys site which some people may not know, is that I take the unusual approach of hosting it on one of my PCs at home. The computer which acts as my Web-server, is also the one I named ‘Phoenix’, and which is still running Debian / Jessie. What this piece of trivia means in practice, is that any downtime of this one PC, also causes the site not to be accessible on the Internet. This is very different from how it would be, if I was to pay a professional hosting service.
Today, ‘Phoenix’ received a long-awaited kernel update, With which the package maintainers hope to be mitigating the ‘Meltdown’ vulnerability. What this does, is complete the work that some of the System Programmers have been doing, on the ‘Meltdown’ vulnerability, since as it stands, all the kernels on the list here have been patched now.
The fact is somewhat ironic, that ‘Phoenix’ has an AMD processor, and was therefore never directly susceptible to this form of attack. However, the computer which I name ‘Plato’ has an Intel CPU, and received its kernel update on January 5.
I congratulate the kernel-programmers on a milestone in their work.
Now an unanswered question remains, as to what will be done – if anything – about ‘Spectre’, which is a related vulnerability, in which a hypothetical attacker would ‘attack’ other processes running on the same machine, but not the kernel. The problem with ‘Spectre’, as far as I think I understand it, is that it involves “Speculative Execution” of code, but does not involve ‘system calls’ per se. What that means is that, unless somebody comes up with something brilliant, the only ways to patch that would either be to disable Speculative Execution entirely, or, switch to new chips, which have been designed with ‘Spectre’ taken into account, but which haven’t been designed yet in fact.
‘Spectre’ may also affect some AMD CPUs.
In any case, my site was unavailable from about 15h30 until 15h45.