[DISCUSSION] Linux Mint

You need to login to view this posts content.

 

You need to login to view this posts content.

 

Thank you John for the update. I just installed kernel 4.4.0-116 which I had seen yesterday. Seems that every thing is OK now. I hope!! If this is all correct then these guys have it all over Intel and M$.

Spoiler: Cool

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO (echo 1 > /proc/sys/kernel/ibrs_enabled)
* IBRS enabled for User space: NO (echo 2 > /proc/sys/kernel/ibrs_enabled)
* IBPB enabled: NO (echo 1 > /proc/sys/kernel/ibpb_enabled)
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
* Retpoline enabled: YES
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)

 

We now have a new intel-microcode update (3.20180312.0~ubuntu16.04.1) available from Linux Mint / Ubuntu Update Manager.
This is the latest Spectre and Meltdown mitigation detection tool's (v0.36) output on my machine:

Spoiler: Spectre and Meltdown mitigation detection tool (v.0.36)

Spectre and Meltdown mitigation detection tool v0.36

Checking for vulnerabilities on current system
Kernel is Linux 4.13.0-37-generic #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: YES
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: NO
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: NO
* CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO): NO
* CPU microcode is known to cause stability problems: NO (model 42 stepping 7 ucode 0x2d)
* CPU vulnerability to the three speculative execution attack variants
* Vulnerable to Variant 1: YES
* Vulnerable to Variant 2: YES
* Vulnerable to Variant 3: YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec: NO
* Kernel has the Red Hat/Ubuntu patch: YES
> STATUS: NOT VULNERABLE (Mitigation: OSB (observable speculation barrier, Intel v6))

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Mitigation 1
* Kernel is compiled with IBRS/IBPB support: YES
* Currently enabled features
* IBRS enabled for Kernel space: NO
* IBRS enabled for User space: NO
* IBPB enabled: YES
* Mitigation 2
* Kernel compiled with retpoline option: YES
* Kernel compiled with a retpoline-aware compiler: YES (kernel reports full retpoline compilation)
> STATUS: NOT VULNERABLE (Mitigation: Full generic retpoline, IBPB (Intel v4))

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface: YES (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: YES
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer

 

And the good news just keeps on coming
Thanks TinMan

 

Just to let you know, we now have kernel 4.15.0-13 available in Linux Mint Update Manager (View - Linux kernels). I've just updated to the new kernel on my desktop, so it's too early to say if there are any bugs specific for my configuration...

Anyway, this is the latest Spectre and Meltdown mitigation detection tool's (v0.36+) output on my machine:

Code:

Spectre and Meltdown mitigation detection tool v0.36+

Checking for vulnerabilities on current system
Kernel is Linux 4.15.0-13-generic #14~16.04.1-Ubuntu SMP Sat Mar 17 03:04:59 UTC 2018 x86_64
CPU is Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz

Hardware check
* Hardware support (CPU microcode) for mitigation techniques
  * Indirect Branch Restricted Speculation (IBRS)
    * SPEC_CTRL MSR is available:  YES
    * CPU indicates IBRS capability:  YES  (SPEC_CTRL feature bit)
  * Indirect Branch Prediction Barrier (IBPB)
    * PRED_CMD MSR is available:  YES
    * CPU indicates IBPB capability:  YES  (SPEC_CTRL feature bit)
  * Single Thread Indirect Branch Predictors (STIBP)
    * SPEC_CTRL MSR is available:  YES
    * CPU indicates STIBP capability:  YES
  * Enhanced IBRS (IBRS_ALL)
    * CPU indicates ARCH_CAPABILITIES MSR availability:  NO
    * ARCH_CAPABILITIES MSR advertises IBRS_ALL capability:  NO
  * CPU explicitly indicates not being vulnerable to Meltdown (RDCL_NO):  NO
  * CPU microcode is known to cause stability problems:  NO  (model 42 stepping 7 ucode 0x2d)
* CPU vulnerability to the three speculative execution attack variants
  * Vulnerable to Variant 1:  YES
  * Vulnerable to Variant 2:  YES
  * Vulnerable to Variant 3:  YES

CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel has array_index_mask_nospec (x86):  YES  (1 occurence(s) found of 64 bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch:  NO
* Kernel has mask_nospec64 (arm):  NO
> STATUS:  NOT VULNERABLE  (Mitigation: __user pointer sanitization)

CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Mitigation 1
  * Kernel is compiled with IBRS/IBPB support:  YES
  * Currently enabled features
    * IBRS enabled for Kernel space:  UNKNOWN
    * IBRS enabled for User space:  UNKNOWN
    * IBPB enabled:  UNKNOWN
* Mitigation 2
  * Kernel has branch predictor hardening (arm):  NO
  * Kernel compiled with retpoline option:  YES
  * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
> STATUS:  NOT VULNERABLE  (Mitigation: Full generic retpoline, IBPB, IBRS_FW)

CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
* Mitigated according to the /sys interface:  YES  (kernel confirms that the mitigation is active)
* Kernel supports Page Table Isolation (PTI):  YES  (found 'CONFIG_PAGE_TABLE_ISOLATION=y')
* PTI enabled and active:  YES
* Running as a Xen PV DomU:  NO
> STATUS:  NOT VULNERABLE  (Mitigation: PTI)

A false sense of security is worse than no security at all, see --disclaimer

 

You need to login to view this posts content.

 

Whats a good program to clean Junk, other stuff.. for Linux Mint
(an app that is safe to use, and virus-free..)

Cheers

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

Unfortunately, it appears that when you formatted /home, it erased the entire Linux install. You can make /home a separate partition but by default it is part of the root.

 

My /home partition was separate than the root partition, so I do not see how it would delete the entire Linux install.

 

Hello @Uboatfreak and welcome to the My Digital Life forums. While it would be possible to edit /etc/fstab and mount that partition(/dev/nvme0n1p9) automatically during boot, the real problem is that when you formatted it the first time, you eradicated the /home directory as well. Since I don't think it's possible to restore or rebuild the directory, I would recommend deleting all of your existing Linux partitions and start over with a clean install.

One tip before you begin installation: After you boot your Linux Mint installation media and are in a live CD session, you should mount the EFI system partition and open the folder "EFI". If I remember correctly (it's been a while), you will find two folders, one labelled "Unbuntu" and a second labelled "ubuntu". Delete both of them, then unmount the EFI system partition. If you don't do this, you will find duplicate entries in the grub boot menu after you perform the re-install. The entries created by your new install will work, but the ones created by your old install will not.

I'm looking at your existing partition setup and have a concern and a question. I noticed /dev/nvme0n1p4(58.64GB) and /dev/nvme0n1p6(120GB) are both NTFS partitions. The first is your Windows C:\ system partition and the second is a NTFS partition that you created yourself, correct? If that's the case, your Windows C:\ partition is currently 80% full. If you're OK with that, then fine. But if you ever need to extend that partition, now is the time to do it, before you re-install Linux Mint. That's my concern.

My question is what are you using that 120GB NTFS partition for? If it's not the Windows C:\ system partition, then you can use this existing partition as a shared data partition, provided that you created it using Windows Disk Management and assigned a drive letter so that it's recognized by Windows. After you re-install Linux Mint, your can create a new directory and then use nano to edit /etc/fstab and create a new mount point using the following steps:

1.) Boot into Linux Mint and open the Terminal.

2.) Create a new directory named Data(or whatever name you want) : sudo mkdir /media/Data

3.) Mount the partition: sudo mount /dev/nvme0n1p6 /media/Data

4.) Take ownership of the directory and mount point: sudo chown -R (your Linux username): /media/Data

NOTE: Steps 5 & 6 are optional; skip to Step 7 if you have a different idea for folders

5.) Change into the directory /media/Data(optional): cd /media/Data

6.) Create new folders within the directory(optional): mkdir Documents Music Pictures Videos

7.) Edit the file /etc/fstab: sudo nano /etc/fstab

8.) Go to the bottom of the file and create a new entry as follows: UUID=E646F3DD46F3AC85 /media/Data ntfs-3g defaults,windows_names,locale=en_US.uft8 0 0

9.) Close the file by pressing Ctrl + X, then enter "Y" to save the changes, then press "Enter" to exit

10.) Upon rebooting into Linux Mint, this partition will automatically mount at boot. All files will be read/write in both Windows and Linux.

NOTE: Never do this with your Windows C:\ system partition. Windows doesn't like it when your make changes to it's files behind it's back. You will be sorry.

 

You need to login to view this posts content.

 

I second this BleachBit thingy

 

Another handy application is 'Stacer': github.com/oguzhaninan/Stacer

 

You need to login to view this posts content.

 

You need to login to view this posts content.