SoylentNews first reported the vulnerabilities on January 3. Since then, we have had a few stories addressing different reports about these vulnerabilities. Now that it is over two weeks later and we are *still* dealing with reboots, I am curious as to what our community's experience has been.
What steps have you taken, if any, to deal with these reports? Be utterly proactive and install every next thing that comes along? Do a constrained roll out to test a system or two before pushing out to other systems? Wait for the dust to settle before taking any steps?
What providers (system/os/motherboard/chip) have been especially helpful... or non-helpful? How has their response affected your view of that company?
What resources have you been using to check on the status of fixes for your systems? Have you found a site that stands above the others in timeliness and accuracy?
How has this affected your purchasing plans... and your expectations on what you could get for selling your old system? Are you now holding off on purchasing something new?
(Score: 4, Interesting) by The Mighty Buzzard on Friday January 19 2018, @02:00PM (4 children)
Aside from the physical servers hosting our VMs being updated so we can't do nefarious stuff to Linode and an update for my browser so that javascript can't be used as a vector, nothing much at all. Aside from js, my boxes never run anything not initiated by myself and the guys who have access to run arbitrary code on any of our servers except the staff server have root anyway.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Friday January 19 2018, @02:54PM (1 child)
Same here. I use Linode for hosting as well. Good communication from them. My machines at home are all AMD machines, so there's nothing to be done there so far it seems.
(Score: 3, Informative) by The Mighty Buzzard on Friday January 19 2018, @05:26PM
No, AMD is not immune and there are patches out. They're just not critical to me because between my desktop and all the Linode VMs, the only thing that is supposed to allow remote code execution by untrusted parties is javascript in my desktop browser.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Saturday January 20 2018, @04:23PM (1 child)
Have you seen any measureable performance drop after the updates?
(Score: 2) by The Mighty Buzzard on Saturday January 20 2018, @07:14PM
In my browser? Nah. Haven't bothered checking on the db servers for SN though because nobody has bitched about error pages yet.
My rights don't end where your fear begins.