fsebugoutzone.org:9999

       Post 9svxlcXUOmXTeRklgO by ParadeGrotesque@mastodon.sdf.org
 (DIR) More posts by ParadeGrotesque@mastodon.sdf.org
 (DIR) Post #9svxlb6riHeFDaHzXs by h3artbl33d@bsd.network
       2020-03-12T14:17:41Z
       
       0 likes, 0 repeats
       
       From the Tails 4.4 changelog:&quot;Vagrant build box: disable mitigation features for CPU vulnerabilities (Closes: #17386). Given the kind of things we do in our Vagrant build box, it seems very unlikely that vulnerabilities such as Spectre and Meltdown can be exploited in there. Let&#39;s reclaim some of the performance cost of the corresponding mitigation features.&quot;Source: https://git.tails.boum.org/tails/plain/debian/changelog
       
 (DIR) Post #9svxlbXo67COZ8tVXU by h3artbl33d@bsd.network
       2020-03-12T14:21:57Z
       
       0 likes, 0 repeats
       
       I get that the mitigations for the CPU vulnerabilities come with a performance cost. Might be even called a &quot;harsh&quot; cost for certain workloads.However, coming from a Linux distribution with the target audience that Tails has, offering privacy and resiliency, it seems a somewhat concerning choice to pick performance over security.Personally, I consider Tails to be a high profile target, given the use for whistleblowers, the privacy conscious and those in need [...]
       
 (DIR) Post #9svxlbykTwkXuhV1X6 by h3artbl33d@bsd.network
       2020-03-12T14:28:05Z
       
       0 likes, 0 repeats
       
       for a system that might offer some resiliency / anonimity for whatever reason. It could very well be oppressed people that want to bring out information, risking their lives. Literally.Thus, even though the project considers it &quot;very unlikely&quot;, the impact in case of a succesfull breach is disastrous and could put users in grave danger.I would really like if Tails were to reconsider this move. Or am I being overly paranoid and alone in this thinking?
       
 (DIR) Post #9svxlcXUOmXTeRklgO by ParadeGrotesque@mastodon.sdf.org
       2020-03-12T14:33:57Z
       
       0 likes, 0 repeats
       
       @h3artbl33d You have a point, but I think the git changelog you mention only applies to the build box.In other words, the build box itself is not &quot;protected&quot; against the most recent Intel snafus, but the Tails distribution itself is. Since we can hope their build box is both transient and well protected, this makes sense to me. I may be wrong, of course, but I&#39;d like to test Tails with the latest Intel bug analyzer.
       
 (DIR) Post #9svy3ocoCd22Lauwa0 by h3artbl33d@bsd.network
       2020-03-12T14:37:25Z
       
       0 likes, 0 repeats
       
       @ParadeGrotesque Thank you for your reply. That is exactly how I have interpreted the message. Ideally, the build machine should be utterly secure, even against complex and high-resource attacks such as the Intel vulns. I mean, if there is a chance to snuck in some code in the Tails distro, an adversary *will* try sooner or later.Currently downloading Tails to do just that :)
       
 (DIR) Post #9svyIqJuBNglwrF0Vc by ParadeGrotesque@mastodon.sdf.org
       2020-03-12T14:40:03Z
       
       0 likes, 0 repeats
       
       @h3artbl33d You do have a point. This being said, I can understand the desire to have a fast(er) machine for build if your (well, Tails) infrastructure is limited.Not the most secure but could be acceptable based on the security applied to the build chain (for instance: entirely offline, etc.).Let&#39;s test and compare notes!