Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Security flaw discovered in Intel chips.

Featured Replies

  • Replies 65
  • Views 12.8k
  • Created
  • Last Reply

Not yet, my guess it will be incorporated into a RC once the changes required are merged upstream in the Linux kernel.

y my pc so slo!?

Hold on,  buying AMD stock.

 

Depending on the reports you read, the slowness will be less noticeable on Desktop/gaming type functionality and more so on server-end stuff.

Not sure how many memory calls unRaid base does, but seeing as most use docker/kvm and Hypervisors are said to be impacted the most by this issue it will be interesting to see what happens. I work in the IT field, so will be fun to follow this fallout.

Edited by ninthwalker

We are about to find out at work. I’d say whatever is done for the “meltdown” patching make sure the patch doesn’t include the AMD chips. Sounds like rumblings are that the current patch in the wild blankets all x86 CPUs. As I’m a Ryzen VM gamer with full gpu passthrough, if there’s a beta patch we can test I’d be happy to help. Haven’t heard word on KVM issues however ESX and Xen specifically have been called out by documentation I’ve read.

intel CEO sold a huge amount of stock last week, coincidence?

5 minutes ago, markiii said:

intel CEO sold a huge amount of stock last week, coincidence?

Shhh no one was supposed to notice... motleyfool reported the sale as end of Nov to the minimum levels as a CEO.

Quick question regarding the release-schedule of unRaid: Will the fix once it's public a security update for 6.3.5 or only for the new 6.4 RC?

12 minutes ago, Dr_Cox1911 said:

Quick question regarding the release-schedule of unRaid: Will the fix once it's public a security update for 6.3.5 or only for the new 6.4 RC?

Interesting point!

 

my guess would be that it will only be done to the 6.4 release as the fix will almost certainly equire a kernel update which would need major regression testing to make it available with 6.3.5.   Hopefully 6.4 is very close to final release so this does not become a significant factor.   Of course the fix itself may delay 6.4 going Final if it has knock-off effects.  

 

In many ways this is likely not to be a significant issue for most unRAID users as it is only a very controlled set of binaries that are run on a typical unRAID system.

 

i wonder if this issue affects VMs?

Hm, is the 6.4 already ready for a productive setup? unRaid is only used as my homeserver, but I don't really want to run an RC because stability is kinda necessary.

20 minutes ago, Dr_Cox1911 said:

Will the fix once it's public a security update for 6.3.5 or only for the new 6.4 RC?

While I can't speak for LT I'm pretty sure v6.3.5 won't be patched.

From Ars Technica "Programs that don't use the kernel much might see a hit of perhaps 2-3 percent" but "a program that does virtually nothing other than call into the kernel saw its performance drop by about 50 percent" and "Benchmarks that use Linux's loopback networking also see a big hit, such as 17 percent".  The issue being that "every time a program makes a call into the kernel —to read from disk, to send data to the network, to open a file, and so on" —it will force the translation lookaside buffer to be flushed, a ton of extra operations.  I'm not feeling good about the impact to unRAID.

2 hours ago, tdallen said:

I'm not feeling good about the impact to unRAID.

 

It likely will not be an option as I am sure LT does not want to maintain two versions, but, if the hit is too great, I would not mind an unpatched version of unRAID with lots of "user beware" warnings. Unfortunately, someone is bound to blame LT if, after installing the unpatched version when a fix is available, they get hit with the issues.

 

Hopefully, the hit to unRAID won't be too great, but, it has the potential to be a "damned if we do, damned if we don't"  situation.  Should the worst case become reality, I am sure LT would not be alone in this boat and that's little consolation.

Edited by Hoopster

Should be able to disable via kernel parameters at boot time if you really desire.

I don't know what I desire.  We are all in "wait and see" mode until all the patches make their way into an unRAID release and we have some data concerning any performance impacts these patches may have on common unRAID operations. 

Is this as much of a security risk on a home system that isn't directly connected to the net.  Sure I can see the risk of you are on AWS and anyone can buy space on the SAME CPU as you and run code that can break through the VM layer and suck out info.  But for my home server is this an issue?

5 hours ago, wayner said:

But for my home server is this an issue?

Code does have to run on a box in order to exploit Meltdown.  If all you do is run unRAID as a NAS from a trusted vendor like Limetech, you would be fine.  But if you are running a ton of Dockers from random sources, not so much... 

On 1/9/2018 at 1:21 AM, tdallen said:

Code does have to run on a box in order to exploit Meltdown.  If all you do is run unRAID as a NAS from a trusted vendor like Limetech, you would be fine.  But if you are running a ton of Dockers from random sources, not so much... 

We have to be careful when we say things like this now. Unfortunately the days when this was really true are long gone, doubly so due to ransomware.

 

Modern "Security in depth" practices call for essentially a "patch everything" policy because devices, people and WLAN are so ubiquitous now it is really just a matter of when, rather than if, a bad actor gains some foothold code in a "secure" private LAN.

 

Terrible I know but thats the modern reality.

With unRAID it wasn't a realistic posture, anyway.  Virtually everyone running unRAID 6 is also running a plugin or Docker of some sort.

  • Author

Makes me wonder if data centers will look to do a tech refresh sooner than later to get these chips out of their production boxes and sell them for cheap on eBay! w00t! :D

2 minutes ago, Joseph said:

Makes me wonder if data centers will look to do a tech refresh sooner than later to get these chips out of their production boxes and sell them for cheap on eBay! w00t! :D

 

The answer is "yes," but, there isn't anything to buy right now. No way am I comfortable enough yet with AMD's latest products to fill my data center with them.

 

Unfortunately, we aren't allowed to sell anything after it has been decommissioned.  Everything is physically destroyed. :(

13 minutes ago, StevenD said:

Unfortunately, we aren't allowed to sell anything after it has been decommissioned.  Everything is physically destroyed.

 

I can understand HDDs and such, but what's the logic behind destroying other kit?

3 minutes ago, CHBMB said:

 

I can understand HDDs and such, but what's the logic behind destroying other kit?

 

"Security".  I know, it's BS.  That's just the way it is.  It sucks because we have even destroyed HP Proliant Gen8s.

Just now, StevenD said:

 

"Security".  I know, it's BS.  That's just the way it is.  It sucks because we have even destroyed HP Proliant Gen8s.

 

So, no logic then? :D

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.