Mark H Weaver skribis:
> l...@gnu.org (Ludovic Courtès) writes:
>
>> Mark H Weaver skribis:
>>
>>> FYI, in another thread, I recently posted preliminary patches to add the
>>> GCC 7.3 release candidate as a Guix package, and to use it to build
>>> linux-libre on x86_64 and i686 systems:
>>>
>>>
l...@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver skribis:
>
>> FYI, in another thread, I recently posted preliminary patches to add the
>> GCC 7.3 release candidate as a Guix package, and to use it to build
>> linux-libre on x86_64 and i686 systems:
>>
>> https://lists.gnu.org/archive/htm
l...@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver skribis:
>
>> FYI, in another thread, I recently posted preliminary patches to add the
>> GCC 7.3 release candidate as a Guix package, and to use it to build
>> linux-libre on x86_64 and i686 systems:
>>
>> https://lists.gnu.org/archive/htm
Mark H Weaver skribis:
> Leo Famulari writes:
>
>> On Fri, Jan 19, 2018 at 05:06:25PM -0500, Mark H Weaver wrote:
>>> There's now a GCC 7.3 release candidate that apparently contains the
>>> necessary compiler support to allow linux-libre-4.14.14 to use the
>>> retpoline technique internally.
>>
Leo Famulari writes:
> On Fri, Jan 19, 2018 at 05:06:25PM -0500, Mark H Weaver wrote:
>> There's now a GCC 7.3 release candidate that apparently contains the
>> necessary compiler support to allow linux-libre-4.14.14 to use the
>> retpoline technique internally.
>>
>> https://gcc.gnu.org/ml/gc
On Fri, Jan 19, 2018 at 05:06:25PM -0500, Mark H Weaver wrote:
> l...@gnu.org (Ludovic Courtès) writes:
> > Leo Famulari skribis:
> >> Something we can do very easily, even on the master branch, is to build
> >> specific packages with GCC 7, assuming the Retpoline technique would be
> >> effective
l...@gnu.org (Ludovic Courtès) writes:
> Leo Famulari skribis:
>
>> On Wed, Jan 10, 2018 at 05:39:59AM +0800, Alex Vong wrote:
>>> About the "Retpoline" mitigation technique[1]. Right now only GCC 7.2.0
>>> is patched, but our default gcc version is 5.4.0 in master and 5.5.0 in
>>> core-updates.
2018-01-16 4:58 GMT+01:00 Chris Marusich :
> Katherine Cox-Buday writes:
>
> > Tobias Geerinckx-Rice writes:
> >
> >> I think the real and thornier question for GuixSD
> >> is: if the recent CPU vulnerabilities require a
> >> microcode update to fully mitigate, then how do we
> >> square not rec
Mike Gerwitz skribis:
> On Tue, Jan 16, 2018 at 12:10:53 +0100, Ludovic Courtès wrote:
>> Should GuixSD nevertheless provide a mechanism to support microcode
>> updates, while not steering users to particular proprietary microcode?
>> Just like Linux-libre (attempts to) support loading of proprie
On Tue, Jan 16, 2018 at 12:10:53 +0100, Ludovic Courtès wrote:
> Should GuixSD nevertheless provide a mechanism to support microcode
> updates, while not steering users to particular proprietary microcode?
> Just like Linux-libre (attempts to) support loading of proprietary
> firmware at the user’s
Leo Famulari skribis:
> On Tue, Jan 09, 2018 at 06:10:02PM -0500, Mark H Weaver wrote:
>> Marius Bakke writes:
>> > Katherine Cox-Buday writes:
>> >> I am also interested -- more from a philisophical perspective -- how
>> >> GuixSD and GNU squares with these kinds of security updates.
>> >
>> >
Hello,
Leo Famulari skribis:
> On Wed, Jan 10, 2018 at 05:39:59AM +0800, Alex Vong wrote:
>> I have an idea. Should we add a news entry to Guix blog[0] summarizing
>> all the above? For example, we can advice users to install noscript and
>> turn off javascript by default and only enable it on t
ood word to use to describe the FSDG:
Shackled then ;)
I do think these breaches can lead to serious exploits, even though
taking over a computer (which is the real concern) may be very hard to
achieve and may never happen reading 'random' data. Intels management
system is a much worse and direct
Katherine Cox-Buday writes:
> Tobias Geerinckx-Rice writes:
>
>> I think the real and thornier question for GuixSD
>> is: if the recent CPU vulnerabilities require a
>> microcode update to fully mitigate, then how do we
>> square not recommending proprietary globs like
>> this in official channe
On Mon, Jan 15, 2018 at 09:07:45 +0100, Pjotr Prins wrote:
> GNU Guix, however, by virtue of being a GNU project is hampered by its
> free software credentials.
"hamper" isn't a good word to use to describe the FSDG:
From The Collaborative International Dictionary of English v.0.48 [gcide]:
On Wed, Jan 10, 2018 at 03:04:44PM +0100, Gábor Boskovits wrote:
>I don't believe that making a microcode update available makes
>the situation worse. An earlier version is a non-free component
>of the system anyway. I believe, that it might well worth to
>provide the possibility t
Tobias Geerinckx-Rice writes:
> Hej Marius,
>
> [I see this is being CC'd to @libreboot.org. I'm answering only as a GNU
> Guix user and contributor, and assume people who live and breathe this
> stuff will find plenty of holes in my opinion. Which this is.]
>
> Marius Bakke wrote on 08/01/18 a
Tobias Platen writes:
> Leah Rowe uses the nickname _4of7 on IRC, she is the founder of Libreboot
I see - I did not know. Thank you for clarifying that!
--
Chris
signature.asc
Description: PGP signature
Gábor Boskovits writes:
> The second thing that comes to my mind is to have a free tool to perform
> the microcode update, so that we can inspect, that nothing else on the
> system gets modified.
FWIW there is a tool that does this in Guix already: "iucode-tool".
Here is the latest microcode fr
With regards to BSD-3-Clause-Clear and BSD-2-Clause-FreeBSD vs. GPL (and
variants), the latest version and "or-later" option of the latter allows
a chance to transfer the freedoms of the software to the end-users' copy
(it's not a perfect ingredient, because it depends on the rights holder
to enfor
Leo Famulari writes:
>> Morally, at least in the short-to-medium term, I'm not convinced.
>> The smell of privilege becomes hard to ignore with the costs and other
>> assumptions involved.
>
> I think I agree with you here, Tobias.
>
> To me, the right choice is not to suggest that people replace
Christopher Lemmer Webber writes:
> Katherine Cox-Buday writes:
>
>> Tobias Geerinckx-Rice writes:
>>
>>
>>> I think the real and thornier question for GuixSD
>>> is: if the recent CPU vulnerabilities require a
>>> microcode update to fully mitigate, then how do we
>>> square not recommending pr
On Wed, Jan 10, 2018 at 11:46:46AM +0100, Tobias Platen wrote:
> The Talos II is a free-er system. And its processor (the POWER9) does not
> seem to be affected by Meltdown/Sprectre [1].
>
> [1] https://mobile.twitter.com/RaptorCompSys?p=s
The Talos teams says that their POWER8 and POWER9 systems
I don't believe that making a microcode update available makes the situation
worse. An earlier version is a non-free component of the system anyway.
I believe, that it might well worth to provide the possibility to update it.
I think it would be beneficial, if we got a singned blob for that,
becau
Alex Vong transcribed 1.7K bytes:
> Mark H Weaver writes:
>
> > Mark H Weaver writes:
> >
> >> I just followed this up with a Spectre mitigation for WebKitGTK+
> >> backported from upstream WebKit:
> >>
> >>
> >> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=56804398a94bea941183ae4ed2
On 10.01.2018 12:49, Adonay Felipe Nogueira wrote:
I don't know if this serves as guidance as to if microcode is functional
or not, but from [1] I quote:
#+BEGIN_QUOTE
However, there is an exception for secondary embedded processors. The
exception applies to software delivered inside auxiliar
I don't know if this serves as guidance as to if microcode is functional
or not, but from [1] I quote:
#+BEGIN_QUOTE
However, there is an exception for secondary embedded processors. The
exception applies to software delivered inside auxiliary and low-level
processors and FPGAs, within which soft
On 09.01.2018 22:18, Tobias Geerinckx-Rice wrote:
Katherine,
Not really an answer to your question, I'm afraid. Just some thoughts I
had after hitting ‘Send’ on my previous non-answer.
Katherine Cox-Buday wrote on 09/01/18 at 21:13:
Tobias Geerinckx-Rice writes:
[...] how do we square not
Alex Vong writes:
> Hello,
>
> I hope this is on topic. Recently, 2 critical vulnerabilities (see
> https://meltdownattack.com/) affecting virtually all intel cpus are
> discovered. I am running libreboot x200 (see
> https://www.fsf.org/ryf). What should I do right now to patch my laptop?
>
> Che
Katherine Cox-Buday writes:
> Tobias Geerinckx-Rice writes:
>
>
>> I think the real and thornier question for GuixSD
>> is: if the recent CPU vulnerabilities require a
>> microcode update to fully mitigate, then how do we
>> square not recommending proprietary globs like
>> this in official chann
On Sun, Jan 07, 2018 at 01:38:40AM -0500, Mark H Weaver wrote:
> Mark H Weaver writes:
> > I just backported the Spectre mitigation from Firefox 57.0.4 to IceCat,
> > and pushed it to master here:
> >
> >
> > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=c23243fccd4f73430ca06a862acd33c0
On Tue, Jan 09, 2018 at 10:18:51PM +0100, Tobias Geerinckx-Rice wrote:
> Katherine Cox-Buday wrote on 09/01/18 at 21:13:
> > Tobias Geerinckx-Rice writes:
> >> [...] how do we square not recommending proprietary globs like this
> >> in official channels with giving users all knowledge required to
On Tue, Jan 09, 2018 at 06:10:02PM -0500, Mark H Weaver wrote:
> Marius Bakke writes:
> > Katherine Cox-Buday writes:
> >> I am also interested -- more from a philisophical perspective -- how
> >> GuixSD and GNU squares with these kinds of security updates.
> >
> > In my opinion, CPU microcode fa
On Wed, Jan 10, 2018 at 05:39:59AM +0800, Alex Vong wrote:
> I have an idea. Should we add a news entry to Guix blog[0] summarizing
> all the above? For example, we can advice users to install noscript and
> turn off javascript by default and only enable it on trusted site when
> necessary.
I thin
Marius Bakke writes:
> Katherine Cox-Buday writes:
>
>> Chris Marusich writes:
>>
>>> Leo Famulari writes:
>>
>>> I wonder: how easy will it be to install those firmware/microcode
>>> updates if you are using GuixSD? In particular, I'm curious about the
>>> case of the Lenovo x200 with librebo
Mark H Weaver writes:
> Mark H Weaver writes:
>
>> I just followed this up with a Spectre mitigation for WebKitGTK+
>> backported from upstream WebKit:
>>
>>
>> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=56804398a94bea941183ae4ed29d2a9f82069a6f
>
> FYI, adding a patch to 'webkitgtk
Katherine,
Not really an answer to your question, I'm afraid. Just some thoughts I
had after hitting ‘Send’ on my previous non-answer.
Katherine Cox-Buday wrote on 09/01/18 at 21:13:
> Tobias Geerinckx-Rice writes:
>> [...] how do we square not recommending proprietary globs like this
>> in offi
Tobias Geerinckx-Rice writes:
> I think the real and thornier question for GuixSD
> is: if the recent CPU vulnerabilities require a
> microcode update to fully mitigate, then how do we
> square not recommending proprietary globs like
> this in official channels with giving users all
> knowledge
I should probably have written what I thought:
Tobias Geerinckx-Rice wrote on 08/01/18 at 22:51:
> AIUI, at least on x86 CPUs, the microcode *is* a large and/or functional
> part of the processor...
...but it's initially included in ROM. Only when bugs are found in that
copy does a user-provided
Hej Marius,
[I see this is being CC'd to @libreboot.org. I'm answering only as a GNU
Guix user and contributor, and assume people who live and breathe this
stuff will find plenty of holes in my opinion. Which this is.]
Marius Bakke wrote on 08/01/18 at 19:26:
> In my opinion, CPU microcode fall
Katherine Cox-Buday writes:
> Chris Marusich writes:
>
>> Leo Famulari writes:
>
>> I wonder: how easy will it be to install those firmware/microcode
>> updates if you are using GuixSD? In particular, I'm curious about the
>> case of the Lenovo x200 with libreboot, since that's what I use
>> pe
Chris Marusich writes:
> Leo Famulari writes:
> I wonder: how easy will it be to install those firmware/microcode
> updates if you are using GuixSD? In particular, I'm curious about the
> case of the Lenovo x200 with libreboot, since that's what I use
> personally.
I am also interested -- more
Hi,
Mark H Weaver skribis:
> Mark H Weaver writes:
>
>> Leo Famulari writes:
>>
>>> The Spectre bugs have to be fixed per-application for now. As far as I
>>> know, we haven't made any related changes to packages besides
>>> linux-libre.
>>>
>>> Mozilla has released an update that is supposed
Mark H Weaver writes:
> I just followed this up with a Spectre mitigation for WebKitGTK+
> backported from upstream WebKit:
>
>
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=56804398a94bea941183ae4ed29d2a9f82069a6f
FYI, adding a patch to 'webkitgtk' seems to have greatly exacerbated
Mark H Weaver writes:
> Leo Famulari writes:
>
>> The Spectre bugs have to be fixed per-application for now. As far as I
>> know, we haven't made any related changes to packages besides
>> linux-libre.
>>
>> Mozilla has released an update that is supposed to mitigate the
>> vulnerability but I d
Leo Famulari writes:
> ### Guix status ###
>
> The CPU makers are issuing microcode updates as a hardware-level
> mitigation, but I don't think we'll be providing those in Guix.
It seems some (but not all) mitigations may require firmware/microcode
updates. For details, see:
https://newsroom.i
Leo Famulari writes:
> The Spectre bugs have to be fixed per-application for now. As far as I
> know, we haven't made any related changes to packages besides
> linux-libre.
>
> Mozilla has released an update that is supposed to mitigate the
> vulnerability but I don't if they'll be porting it bac
On Sat, Jan 06, 2018 at 09:20:50PM +0800, Alex Vong wrote:
> I hope this is on topic. Recently, 2 critical vulnerabilities (see
> https://meltdownattack.com/) affecting virtually all intel cpus are
> discovered. I am running libreboot x200 (see
> https://www.fsf.org/ryf).
> What should I do right
48 matches
Mail list logo
