Re: [bitfolk] Security reboot needed, likely to be weekend o…

Top Page
Author: Andy Smith
Date:  
To: announce
Subject: Re: [bitfolk] Security reboot needed, likely to be weekend of 5/6/7 May

Reply to this message
gpg: Signature made Mon May 7 04:05:46 2018 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,

On Tue, Apr 24, 2018 at 06:43:27PM +0000, Andy Smith wrote:
> So, this set of reboots is most likely to take place in the early
> hours of the morning on 5/6/7 May.


This maintenance work has now been completed without incident.

Details of the security issues fixed in this work will be available
at <http://xenbits.xen.org/xsa/> once the embargo ends at 2018-05-08
17:00Z.

In terms of future security bugs though, I do not think we are out
of the woods yet. :(

A whole bunch of new Spectre CPU bugs will come out of embargo later
today:

    <https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html>


I think there is a good chance that these will require further CPU
microcode updates and/or fixes in software. We ("the industry")
always knew from the first disclosure that the first round of
Spectre bugs were not going to be the last that would be found.

Also the mitigation technique (XPTI) that Xen used for the Meltdown
CPU bug did impose quite noticeable performance overhead and Xen
now have a refined approach to this which reduces this overhead
considerably¹. I will not force a maintenance just for that, but I
am keen to get it deployed. In the unlikely event that it can't be
rolled in with a security fix in the near future, I may deploy new
hardware with those improvements and allow movement of VPSes to it.

Thanks for your patience!

Cheers,
Andy

¹ https://lists.xenproject.org/archives/html/xen-devel/2018-04/msg02043.html

--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce