Viewing a single comment thread. View all comments

8

libreleah wrote (edited )

It affects libreboot systems the same way as it affects any system. Technically, it has nothing to do with LIbreboot.

There are ways to mitigate it:

  • Make sure to install the latest linux kernel, which has mitigations However, that's not perfect, so I also recommend:

  • Don't run JavaScript on the web (this was already good advice anyway, for freedom reasons). It has always been good advice to not let random code run on your system, especially from random websites which you probably don't trust.

  • Don't let anyone but you execute any code on your system. (if you're a hosting provider, you're screwed. but hosting companies were already a nightmare security-wise before spectre/meltdown anyway)

Just follow good security practises, and you'll be fine. For my own computing, I'm not worried. I think I'm OK security-wise.

EDIT: oh and, fun fact: host your own servers

Either get a static IP from your ISP (maybe even IPv6), or set up an SSH/VPN tunnel through third party that provides IPs.

Never use a VPS! If you're hosting something on a VPS, assume that you're already pwned. VPS hosting was already a bad idea, even before meltdown/spectre. Nowadays, you definitely shouldn't do it. The only thing a VPS is good for is: VPN or SSH tunnel, or downloading things on torrents etc for later retrieval locally. You should be hosting from your own private location, e.g. your home, if you care about security. Take all the right precautions, e.g. ways to detect that the system has been accessed/disassembled, lock the room its in, etc.

4

[deleted] wrote

5

libreleah wrote

get a dedicated vpn provider, they'll optimize for it (performance. encrypted connections especially). it makes little difference in security, in my opinion. the virtual machine is just a pointless extra overhead. VPN provider will typically have you running on bare metal

I highly recommend using one of these VPNs: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/ (torrentfreak is big on privacy. ignore the other VPN lists, just always look at the torrentfreak list)