Operating Systems – Noise

Ubuntu Disables Spectre/Meltdown Protections

Bruce Schneier — Wed, 02 Jul 2025 11:02:22 +0000

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops.

Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.

After discussion between Intel and Canonical’s security teams, we are in agreement that Spectre no longer needs to be mitigated for the GPU at the Compute Runtime level. At this point, Spectre has been mitigated in the kernel, and a clear warning from the Compute Runtime build serves as a notification for those running modified kernels without those patches. For these reasons, we feel that Spectre mitigations in Compute Runtime no longer offer enough security impact to justify the current performance tradeoff...

ShredOS

Bruce Schneier — Fri, 03 Jan 2025 14:46:03 +0000

ShredOS is a stripped-down operating system designed to destroy data. GitHub page here.

A Guide to Quickly Enable and Disable SMT and Hyper-Threading on Ubuntu and Debian

Eric Smith — Mon, 23 Sep 2024 05:00:06 +0000

This is a quick little guide to enabling and disabling SMT on a Debian or Ubuntu system without having to reboot the system The post A Guide to Quickly Enable and Disable SMT and Hyper-Threading on Ubuntu and Debian appeared first on ServeTheHome.

Backup Proxmox VE VMs Quickly and Easily

Eric Smith — Tue, 30 Apr 2024 21:21:23 +0000

We show you how to easily backup Proxmox VE vitual machines using only a few clicks of the UI, and also show a neat trick for restoring them The post Backup Proxmox VE VMs Quickly and Easily appeared first on ServeTheHome.

Proxmox VE 8.2 Is Out with New Updates

Cliff Robinson — Sat, 27 Apr 2024 13:00:34 +0000

Proxmox VE 8.2 is out with several updates, virtual machine importers, automated installations, and a bugfix for an issue we have seen The post Proxmox VE 8.2 Is Out with New Updates appeared first on ServeTheHome.

Ubuntu 24.04 Server Big Updates Including Intel QuickAssist Support

Cliff Robinson — Fri, 26 Apr 2024 23:42:40 +0000

Ubuntu 24.04 is out with big updates, including Intel QuickAssist support making it much easier to accelerate crypto and compression The post Ubuntu 24.04 Server Big Updates Including Intel QuickAssist Support appeared first on ServeTheHome.

Intel X553 Networking and Proxmox VE 8.1.3

Patrick Kennedy — Fri, 05 Jan 2024 00:48:17 +0000

We had a lot of comments saying the Intel Atom C3000 series built-in Intel X553 NIC was not working with Proxmox VE 8 so we tested it The post Intel X553 Networking and Proxmox VE 8.1.3 appeared first on ServeTheHome.

pfSense CE 2.7.2 and pfSense Plus 23.09.1 Released to Fix ZFS

Cliff Robinson — Sat, 09 Dec 2023 17:08:15 +0000

Two new dot releases, pfSense CE 2.7.2 and pfSense Plus 23.09.1 are out this week to fix issues related to ZFS and a few other features The post pfSense CE 2.7.2 and pfSense Plus 23.09.1 Released to Fix ZFS appeared first on ServeTheHome.

Critical Vulnerability in libwebp Library

Bruce Schneier — Wed, 27 Sep 2023 11:08:01 +0000

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library:

On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images.

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems that developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under active exploitation...

Debian Adds RISC-V as an Official Architecture

Cliff Robinson — Tue, 25 Jul 2023 15:00:45 +0000

A quick note today, Debian announced that RISC-V (riscv64) is now an official architecture as a prelude to more widespread support The post Debian Adds RISC-V as an Official Architecture appeared first on ServeTheHome.

IBM Red Hat Puts RHEL Source Behind Paywall

Patrick Kennedy — Fri, 23 Jun 2023 15:00:02 +0000

IBM Red Hat pushes non-paying customers further away in latest move. VMware users should take note as the Broadcom deal looms The post IBM Red Hat Puts RHEL Source Behind Paywall appeared first on ServeTheHome.

Proxmox VE 8.0 Is Out Upgrading Linux and More

John Lee — Thu, 22 Jun 2023 16:29:57 +0000

Proxmox VE 8.0 is out with new Linux Kernel updates and many additional features. This is the first major version release in almost two years The post Proxmox VE 8.0 Is Out Upgrading Linux and More appeared first on ServeTheHome.

Intel Boot Guard OEM Private Key Allegedly Leaked

Cliff Robinson — Sat, 06 May 2023 18:00:10 +0000

Security researchers on Twitter are claiming that an Intel Boot Guard OEM Private Key was leaked as part of the MSI data breach The post Intel Boot Guard OEM Private Key Allegedly Leaked appeared first on ServeTheHome.

Proxmox VE 7.4 Released with Dark Mode Support

Cliff Robinson — Thu, 23 Mar 2023 16:52:54 +0000

Proxmox VE 7.4 is out, now with Dark Mode support (FINALLY) and several other updates and features to the popular virtualization platform The post Proxmox VE 7.4 Released with Dark Mode Support appeared first on ServeTheHome.

BlackLotus Malware Hijacks Windows Secure Boot Process

Bruce Schneier — Wed, 08 Mar 2023 11:11:14 +0000

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.”

Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an ...

Hiding Vulnerabilities in Source Code

Bruce Schneier — Mon, 01 Nov 2021 15:58:54 +0000

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.

From Ross Anderson’s blog:

We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages...

Raspberry Pi Imager update

Wed, 23 Dec 2020 08:57:57 +0000

Just in time for the holidays, we’ve updated Raspberry Pi Imager to add some new functionality. New submenu support: previous versions of Raspberry Pi Imager were limited to a single level of submenu. This limitation has been fixed so we can group images into different categories, such as general purpose operating systems, media players, and…

The post Raspberry Pi Imager update appeared first on Raspberry Pi.