Re: [lubuntu-users] Current State of Spectre and Meltdown
On 5/27/19 2:06 PM, Barry Titterton wrote: I have been doing a bit of background reading about the CPU faults nicknamed Spectre and Meltdown, and have been getting more and more annoyed by what I have read. I would like to ask you all for your opinions on whether I am justified in my feelings. In my case, I have a number of computers, most of which are used only as test machines for the software I develop and support (see https://keymusician.com/ ). Other computers, I use in music performance, as musical instruments. All of the above machines I only connect to the Internet for updating. I don't browse the Internet, or do e-mail on any of them, so the security requirements are not as great for these machines. I only need one machine, on which I do Internet browsing and e-mail, that needs good, up-to-date security, and that machine I mainly run Linux on. A bigger concern for me, is the ending of support for 32-bit architecture machines. When that happens, I will have several machines that are only useful as musical instruments, and (to a more limited extent) as test machines. -- Sincerely, Aere -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
Re: [lubuntu-users] Current State of Spectre and Meltdown
> My intention was to start a conversation, and gather opinions, about how > Spectre and Meltdown have affected the support for End Of Life hardware:- My primary desktop runs c2q-q9400 which is on the list of dropped by intel with regards microcode. Likewise my old servers have xeons also on that list. I can't afford to replace any of them, so I'll continue to use them. For my old servers, the cost of electricity used by my old boxes worries me more than spectre/meltdown. > What is the most cost effective, way of buying a secure second hand > desktop today? This dell optiplex d960 came from a recycler in Melbourne (my home town) because I had to go there for someone. Normally i'll purchase from ComputerBank Victoria (https://www.computerbank.org.au/) that would have given me a screen, keyboard, mouse & an installed OS (Ubuntu too). I could have purchased newer, but I buy what I can afford. Recyclers work for me but cost is a huge factor in my decision. -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
Re: [lubuntu-users] Current State of Spectre and Meltdown
On Tue, 28 May 2019 15:45:12 +0100, Barry Titterton wrote: >Is 10 years a reasonable time scale for End Of Life support for >hardware? Yes, if human kind wants to go the way of the dodo bird. No, if not. >Is it acceptable that some manufacturers are giving much shorter >support periods, even for serious security issues? Yes, if human kind wants to go the way of the dodo bird. No, if not. The idea of "Fridays for Future" is very good, it's just that the kids are not credible, as long as they continue their consumer behaviour. I know a lot of people around my age, 50+, including myself, who don't own a mobile phone and who don't need a super fast Internet connection 24/7, if at all. The kids buy a new mobile phone on a yearly basis and can't stay away from the Internet for longer than half a minute. IOW what human kind wants is technical progress at any cost. Humans of all ages pay lip services. If we look into a mirror, we see dodo birds. -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
Re: [lubuntu-users] Current State of Spectre and Meltdown
On 28/05/2019 6:35 am, Ralf Mardorf wrote: > > Your subject is misleading, since you question the support of aged CPUs. This is the problem with typing a email while I'm tired and grumpy. :) > > A lot of hardware and software development happened and still happens > because it's coupled with consumerism. While software development for > free as in beer is possible to some degree, CPU development and > fabrication has got a price. I agree. There will always be a proportion of consumers who like to buy the newest and the best, whilst there will also be some consumers, like myself, who choose to buy second hand and enjoy the challenge of keeping older devices working. I would like to keep that choice. > > Who should pay the people for supporting a microchip bought 10 years > ago in the price range of what we pay to get the food we need in just > one week? Should they also continue to develop newer CPUs? Who should > pay for the development, if we continue using old machines? > > I dislike, if people buy a new computer each year. I tend to use my PCs > for around 10 years, if possible, often the PCs already fail before > they are 10 years old. Some of us are able to repair broken computer > gear, but often it doesn't pay to repair old computers. For the > majority of people who need to pay a repair shop, it's cheaper to get a > new PC from the discounter, by the way, with the latest release of > Windows pre-installed. > > Regards, > Ralf My intention was to start a conversation, and gather opinions, about how Spectre and Meltdown have affected the support for End Of Life hardware:- Is 10 years a reasonable time scale for End Of Life support for hardware? Should serious security issues, rather than just performance, require a longer support period? Is it acceptable that some manufacturers are giving much shorter support periods, even for serious security issues? Should I just accept that Spectre and Meltdown is a temporary situation, stop being a grumpy old man, and (very reluctantly) spend some cash until the newer, more secure, processors work their way through the supply chain? What is the most cost effective, way of buying a secure second hand desktop today? Cheers, Barry T -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
Re: [lubuntu-users] Current State of Spectre and Meltdown
PS: On Tue, 2019-05-28 at 07:35 +0200, Ralf Mardorf wrote: > Your subject is misleading, since you question the support of aged CPUs. ^discontinued ;) -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
Re: [lubuntu-users] Current State of Spectre and Meltdown
Hi, consumerism has got an upside and a downside. Your subject is misleading, since you question the support of aged CPUs. Your point of view takes only your field of application into account and apart from this you ignore the progress computers already made before the microchips mentioned by you were available. I for example still own a 80286. From which date on should support end? Probably the 80286 was never supported by the Linux kernel. Is Linux the measure of all things? The Commodore 64 I used around 30 years ago was in the same price range as my new iPad Pro 3rd generation today. The C64 was used as a MIDI sequencer with a click thingy to sync to a tape recorder (years later it was replaced by an Atari ST with SMPTE to sync to a tape recorder). In addition I needed a studio full of expensive synth and effect gear that was way more expensive than those computers. For the iPad I only need a cheap pro-sumer audio interface and to purchase a few proprietary apps in a price range of what was needed just to get one synthesizer around 30 years ago. You indeed could get a second hand PC and free as in beer Linux audio applications, but you cannot replace the aged synthesizers and the old effect gear completely with a Linux machine, because the virtual free as in beer synthesizers and effects do not nearly sound as good as the old studio gear does. If you pay software for the relatively expensive iPad, you can replace almost all of the old gear. A lot of hardware and software development happened and still happens because it's coupled with consumerism. While software development for free as in beer is possible to some degree, CPU development and fabrication has got a price. I'm neither unconditionally pro consumerism, nor naive against it. Who should pay the people for supporting a microchip bought 10 years ago in the price range of what we pay to get the food we need in just one week? Should they also continue to develop newer CPUs? Who should pay for the development, if we continue using old machines? I dislike, if people buy a new computer each year. I tend to use my PCs for around 10 years, if possible, often the PCs already fail before they are 10 years old. Some of us are able to repair broken computer gear, but often it doesn't pay to repair old computers. For the majority of people who need to pay a repair shop, it's cheaper to get a new PC from the discounter, by the way, with the latest release of Windows pre-installed. Regards, Ralf -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users
[lubuntu-users] Current State of Spectre and Meltdown
Hi All, [Rant Alert] I have been doing a bit of background reading about the CPU faults nicknamed Spectre and Meltdown, and have been getting more and more annoyed by what I have read. I would like to ask you all for your opinions on whether I am justified in my feelings. As I understand it Spectre and Meltdown is a complicated story, and covers several different security flaws within the design of processors. It also affects almost all processors currently in use. The flaws cannot be fixed but their vulnerabilities can be mitigated by software. Some flaws require the CPU manufacturers to issue changes to the processor microcode. Initially Intel and AMD both announced that they will only issue microcode mitigations for processors made since approx' 2011; older processor families will remain vulnerable to the security flaws. For Intel it means Core 2 Duo and older will not be fixed. For AMD it is Athlon and similar. I find this annoying as it is a strength of Linux that it can make machines with these older CPUs perfectly usable, especially for normal office type work. Are we now expected to throw perfectly good machines away just because Intel and AMD will not accept full responsibility for the mess that they have created? My annoyance levels increased when I read that, as of this month (May 2019), Intel were dropping microcode support for first generation i3/i5/i7 processors! Can we expect this to be an annual event: security support will end for CPU families that reach their 10th birthday? My anger reached boiling point when I read that some hardware manufacturers are refusing to pass on the microcode updates as an excuse to generate increased sales! Allegedly Acer, Asus and Gigabyte are bad, refusing to support hardware that is only 3 or 4 years old. Dell are supposed to be good at supporting older hardware. My current PCs are now no longer supported. What are my options to replace them? - Am I over reacting? The flaws are allegedly difficult to exploit, so just relax and carry on. - Buy the newest Intel CPU that I can afford, and expect it to eventually become too dangerous to use. - Switch to AMD, which is allegedly not as badly affected, and hope their support is better than Intel. - Only buy Dell machines. Sorry for the long post but I needed to unload. Cheers, Barry T -- Lubuntu-users mailing list Lubuntu-users@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lubuntu-users