Alex Hudson

Thoughts on Technology, Product, & Strategy

Tag: security

Spectre attack: why is it unpatchable?

Everyone is now talking about the CPU security problems that are now being fully disclosed: they’re dubbed Meltdown and Spectre. Meltdown is a problem that mainly or entirely affects Intel CPUs, but Spectre is a problem that affects all designs.

I haven’t seen any “explain it like I’m 5” on the Spectre paper yet, so here’s my take. Sadly, it’s not 5-year-old level, but I’ve tried to make it a bit more accessible. If you want a lot more detail, the Google blog has code.

Read More

Potential Gna! issues

It looks like someone has been attacking Savane-derived hosting platforms. Recently Savannah has been down, and the page that has now gone up confirms that they had a security breach. Unfortunately, Gna! has a similar code-base, and their site now confirms that they are investigating an issue too.

This has a knock-on issue for Bongo, since we use Gna! hosting. Our download area appears to still be alive, and thankfully we have always signed the releases. You can check a release of Bongo quite simply:

  gpg --verify bongo-0.6.1.tar.bz2.sig bongo-0.6.1.tar.bz2

This should result in a confirmation that the file is correctly signed with the key 9B6913D7, which is available on public webservers – just search for that ID.

We will check the SVN repos and other parts of the project when Gna! comes back on line to ensure that these have not been attacked; but I can say with some confidence that we have no reason to expect that r1323, the current HEAD, has anything nefarious in it whatsoever. Certainly, if the security breach was as recent as Savannah’s appears to be, there is nothing to fear.