Welp: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
> A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
> Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down.
> A spokesperson for Intel was not available for comment
Weren't they now.
@rysiek Brilliant ... now I'll have to build my own kernel without this patchset if I want to keep the current performance
@MightyPork current performance and vulnerability, that is. ;)
I mean, if you have a machine that is not Internet-connected, only runs 100% verified software, *and* has only one user, sure. But otherwise not applying this patchset is asking for pain, IMVHO.
@MightyPork My gut feeling is: yes your home PC will be hit by this, *unless* it is disconnected from Teh Intertubes and runs 100% verified software. :)
This seems to be a bug that allows userland to read kernel memory. I.e. your adblocker could be reading your kernel memory.
But I am happy to be proven wrong.
@MightyPork so, "nopti" kernel arg is now a thing:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf
@rysiek I really don't believe my home PC will be hit by this - being a Linux and behind multiple layers of ad-blockers and filters. For things like shared hosting though, it's a very different story