From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 0A5393CB47 for ; Tue, 9 Jan 2018 13:19:57 -0500 (EST) Received: by mail-qk0-x242.google.com with SMTP id b76so6836279qkc.1 for ; Tue, 09 Jan 2018 10:19:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=r5fxyxUpStAClVkelMCeRxX2sQq64nDjM0IjVM2M1Og=; b=T5MpmCQfsOsD8dbZabQNiukWvdETp6qSbhDBeNtOblt5nYUpQ/yDnAM4cGfUss1T3Z dar4VAbcqhW0ze9lDHbFssSN5v1ztwigHpFPoNWqdTSKRh3m4ETv5A3KlKyPR+XhzyL7 QA4rbseAB1fDTcCOzxfKS2N7sGZ9N9ZFDI6jlxu1LPgh1f47VfFH+lk2+lFbuk2gg0QL ikCEbif1ZFMIfjdzCjo8fbme6/sO9SMw2dJOwqL3JAr6cPTBBWKdUjVj3hnrXsgVF6GN lxXIiVgbdiH+Fw3Rg0af+6bbzAhysQdpBPpwO8L9/4DNs2fY3P6a0tgvflVmESr0ejXa aX4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=r5fxyxUpStAClVkelMCeRxX2sQq64nDjM0IjVM2M1Og=; b=M8A4GwS7w0aSs/YxUusmj1NOD530EEX8ucICGGr9BDFWLlGGyb0YTTtsvM0uekB3iR VjJYFN8Xq2wftWdq2xqrvtfoww3r1XckTECyabO5s+G3r+sAgfeWxRPIKd8w3tkBpx5Q M4UwvXxa5yWsgVDci7cLq2bVGo5rEv7IbXL6ueiXvswTqd99ug8nhSFAiTwPUfxtmBNY MPAlgVhDB/ZxBVJf6URCORqq3DeHrh7YU443ChovzlpUzQscQ77V5zYJP61v9xgYcfdd k0SvpVma+yjbxZNgckgiJqcJ1XamLnO0UFxZiTSKjiKJ6ZPLCXA+O5IpO6FAiGTGsSsZ SNPg== X-Gm-Message-State: AKwxyteAnGsY+SwHs66tIqaNZQYV19+EqMhv1ohmKcGuA1x0zeH6hjbW Dvkox/dKY7cAOqKNj0pRitqVx3poZMTRqtPAHYY= X-Google-Smtp-Source: ACJfBotKt48xlng2xs9JugmeUZrINvEMmTrPnnnK/qnwXo4MJuJyg98iMUz0tRMVqJheUk5hyuC1ZvoxwrvpN6uujCA= X-Received: by 10.55.102.87 with SMTP id a84mr8757935qkc.75.1515521997566; Tue, 09 Jan 2018 10:19:57 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.193.93 with HTTP; Tue, 9 Jan 2018 10:19:56 -0800 (PST) In-Reply-To: <510E05F0-82F2-4024-9508-1A253D1C23BB@gmail.com> References: <1515351819.800420254@mobile.rackspace.com> <510E05F0-82F2-4024-9508-1A253D1C23BB@gmail.com> From: Dave Taht Date: Tue, 9 Jan 2018 10:19:56 -0800 Message-ID: To: Jonathan Morton Cc: "dpreed@deepplum.com" , cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] aarch64 exploit POC X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 18:19:58 -0000 On Mon, Jan 8, 2018 at 7:57 AM, Jonathan Morton wro= te: > > >> On 8 Jan, 2018, at 5:49 pm, Dave Taht wrote: >> >> Can I get a discount for running stuff I don't care about on obsolete >> hardware? The 5 dollar insecurity special? > > You can pass command-line arguments to the kernel to turn off the retpoli= ne and kpti patches. Obviously, don't do that on a virtualised box, but yo= u can do it on hardware you own and operate yourself with no untrusted code= . Not my point. it might be possible to buy time on hardware known to be more secure, or (as I suggested) get a discount for time on hardware known to insecure. In other news: https://lists.xenproject.org/archives/html/xen-devel/2018-01/msg00436.html And I'm still waiting on a plan from linode. https://blog.linode.com/ > - Jonathan Morton > --=20 Dave T=C3=A4ht CEO, TekLibre, LLC http://www.teklibre.com Tel: 1-669-226-2619