Hey Benny!

:r /proc/version
Linux version 6.4.1 (root@itsii) (gcc (GCC) 13.1.0, GNU ld (GNU Binutils) 2.40) #1 SMP PREEMPT_DYNAMIC Tue Jul 4 06:18:18 UTC 2023

:r !lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 39 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: GenuineIntel
Model name: Intel(R) Celeron(R) CPU N3450 @ 1.10GHz
CPU family: 6
Model: 92
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
Stepping: 9
CPU(s) scaling MHz: 68%
CPU max MHz: 2200.0000
CPU min MHz: 800.0000
BogoMIPS: 2188.80
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts vnmi md_clear arch_capabilities
Virtualization: VT-x
L1d cache: 96 KiB (4 instances)
L1i cache: 128 KiB (4 instances)
L2 cache: 2 MiB (2 instances)
NUMA node(s): 1
NUMA node0 CPU(s): 0-3
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Retbleed: Not affected
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Retpolines, IBPB conditional, IBRS_FW, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected

Life is good,
Maurice

o- -o -o o-
/) (\ (\ /)
^^ ^^ ^^ ^^
... Wærwyrde sceal wisfæst hæle, breostum hycgan.
Wary with words, a wise man should meditate in his heart.
--- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
* Origin: Little Mikey's EuroPoint @ (2:280/464.113)

Hello Maurice!

04 Jul 2023 22:41, Maurice Kinal wrote to Benny Pedersen:

Hey Benny!

:r /proc/version
Linux version 6.4.1 (root@itsii) (gcc (GCC) 13.1.0, GNU ld (GNU
Binutils) 2.40) #1 SMP PREEMPT_DYNAMIC Tue Jul 4 06:18:18 UTC 2023

now i have 6.4.6 with have zenblead fixes

keep away from zen2 hardware is safe on its own



Regards Benny

... too late to die young :)

--- Msged/LNX 6.1.2 (Linux/6.4.6-gentoo-dist (x86_64))
* Origin: gopher://fido.junc.eu/ (2:230/0)

Hey Benny!

now i have 6.4.6 with have zenblead fixes

Which zenblead fixes? I just booted it up on this machine earlier today but see little to no difference.

keep away from zen2 hardware is safe on its own

I am not convinced but it isn't like I can cite any unsafe behavior so far. This machine is deploying a AMD Ryzen 7 5800U which if I am not mistaken is a zen3. The Europoint is on a zen1 (AMD Ryzen Embedded R1505G). I also have a zen2 but it is an Epyc and isn't part of the fidonet mix. I am using it solely for R&D.

As for the www it is even more fsck'ed than it ever was. No surprises there. I note many a site that won't support my webbrowser anymore and it was probably the safest any browser ever is/was. Very sad although I never really cared for the www so I wan't be missing it. How about you?

Life is good,
Maurice

o- o- -o o- -o o- o- o- o- -o o- -o o- o- -o -o /) /) (\ /) (\ /) /) /) /) (\ /) (\ /) /) (\ (\ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ... Fidonet 4K - You load sixteen penguins and what do you get?
--- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
* Origin: One of us @ (1:153/7001.2989)

Hello Maurice!

26 Jul 2023 03:12, Maurice Kinal wrote to Benny Pedersen:

Which zenblead fixes?

why do you ask me ? :=)

I just booted it up on this machine earlier
today but see little to no difference.

then you possible are fine with zen3 or zen4 with dont have this bugs to be solved in ucode

keep away from zen2 hardware is safe on its own

I am not convinced but it isn't like I can cite any unsafe behavior so far. This machine is deploying a AMD Ryzen 7 5800U which if I am not mistaken is a zen3. The Europoint is on a zen1 (AMD Ryzen Embedded R1505G). I also have a zen2 but it is an Epyc and isn't part of the fidonet mix. I am using it solely for R&D.

does it say epyc in uname -a ? :)

there exists zenbleed tarball that have tools to test if something is missing in ucode, i dont know if the ucode is part of kernel, but imho only 6.4.6 have zenbleed fix, not currently older kernels

i still don't have any epyc cpu, so i am happy :=)

As for the www it is even more fsck'ed than it ever was. No surprises there. I note many a site that won't support my webbrowser anymore
and it was probably the safest any browser ever is/was. Very sad although I never really cared for the www so I wan't be missing it.
How about you?

gopher is not well designed for roundcube webmail, lol :)

i dont know if there exists webmail based on gopher protocol, i will let it be upto the reader to find why it does not work

sadly dovecot have planed to support jmap, but so far only cyrus-imapd have it, on the other hand cyrus-imapd miss support for weakforced, it complicated for secureity, i could just make reject rules in iptables change to accept for a limited ip ranges where i have users, it would be rock solid, firewalls should be static rule set, not dynamic, and this is why i think fail2ban is designed for the incorrect problem


Regards Benny

... too late to die young :)

--- Msged/LNX 6.1.2 (Linux/6.4.6-gentoo-dist (x86_64))
* Origin: gopher://fido.junc.eu/ (2:230/0)

Hey Benny!

does it say epyc in uname -a ?

Nope. All kernels are reporting x86_64 which from the kernel's point of view is correct for all despite the differences. As far as zen3/zen2 goes, I see very little difference other than speed.

i still don't have any epyc cpu, so i am happy :=)

:r !lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 48 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 16
On-line CPU(s) list: 0-15
Vendor ID: AuthenticAMD
Model name: AMD EPYC 3251 8-Core Processor
CPU family: 23
Model: 1
Thread(s) per core: 2
Core(s) per socket: 8
Socket(s): 1
Stepping: 2
Frequency boost: enabled
CPU(s) scaling MHz: 48%
CPU max MHz: 2500.0000
CPU min MHz: 1200.0000
BogoMIPS: 5000.05
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf rapl pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate ssbd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
Virtualization: AMD-V
L1d cache: 256 KiB (8 instances)
L1i cache: 512 KiB (8 instances)
L2 cache: 4 MiB (8 instances)
L3 cache: 16 MiB (2 instances)
NUMA node(s): 1
NUMA node0 CPU(s): 0-15
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Retbleed: Mitigation; untrained return thunk; SMT vulnerable
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected

The above is a zen2 processor. Also ecc ddr4 at it's disposal which is very nice. Also, also a samsung nvme (default boot disk) which so far has been the best when compared to other brands. Also, also, also four hotswappable sata drives.

Life is good,
Maurice

-o o- o- -o o- o- -o -o o- -o o- o- -o o- -o -o
(\ /) /) (\ /) /) (\ (\ /) (\ /) /) (\ /) (\ (\
^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ... Fidonet Unplugged - One in a million.
--- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
* Origin: One of us @ (1:153/7001.53423)

Hey Benny!

why do you ask me ? :=)

You're the one that brought it up. Anyhow here is what I've figured out so far as zenbleed relates to the local scene.

----- From https://www.xda-developers.com/zenbleed/
Here's a table that should make it all clear:

┌─────────────────┬────────────────────────────────────┐
│ │Impacted CPUs │ ├─────────────────┼────────────────────────────────────┤
│Ryzen 3000 Series│All except APUs (e.g. Ryzen 3 3200G)│ ├─────────────────┼────────────────────────────────────┤
│Epyc Rome │All │ ├─────────────────┼────────────────────────────────────┤
│Ryzen 4000 Series│All │ ├─────────────────┼────────────────────────────────────┤
│Ryzen 5000 Series│Only the 5300U, 5500U, and 5700U │ ├─────────────────┼────────────────────────────────────┤
│Ryzen 7000 Series│Only 7020 APUs (e.g. Ryzen 3 7320U) │ └─────────────────┴────────────────────────────────────┘
-----

Note that "AMD Ryzen 7 5800U with Radeon Graphics", which is a zen3 appears to be safe from this particular cpu exploit. Also the "AMD Ryzen Embedded R1505G", which runs EuroPoint, is a zen1 and thus not affected by this particular exploit. However according to lscpu these are the exploits that do exist on that cpu;

Vulnerabilities:
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Retbleed: Mitigation; untrained return thunk; SMT vulnerable
Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, IBPB conditional, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Srbds: Not affected
Tsx async abort: Not affected

Currently it appears that none of the deployed AMDs in this neck of the woods suffer from this particular exploit (zenbleed) ... :::knocking on wood:::

Life is good,
Maurice

-o o- o- -o -o -o o- -o -o o- o- o- -o -o -o -o
(\ /) /) (\ (\ (\ /) (\ (\ /) /) /) (\ (\ (\ (\
^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ^^ ... Fidonet 4K - You load sixteen penguins and what do you get?
--- GNU bash, version 5.2.15(1)-release (x86_64-pc-linux-gnu)
* Origin: One of us @ (1:153/7001.2989)