![]() ![]() “We're keeping an eye on the patches for Windows and Linux, and the microcode releases/BIOS updates from our server vendors,” says Chase. “Once they seem to stay out for more than two weeks we'll look at upgrading. Given that there is a performance hit, and it differs by workload, it'll be a phased approach to roll out with lots of performance benchmarking. The vulnerability hits if someone can execute malicious code on your servers. There's not a worm or drive-by attack that can exploit this (as yet). ![]() “We started paying a lot closer attention to the Linux Kernel list to see the discussion of the various patches and their impact.” ![]() “We’ve investigated what's happening and verified that our production network does not run outside code (while being very thankful that we are 99% in colo datacenters, not cloud),” says David, a security architect at a large Internet advertising company. They’re looking for vulnerabilities and running tests to evaluate how patched systems might break down or be open to other problems. "Projections of how badly performance will be affected range from 'You won’t notice it' to 'significantly impacted.'" Plus, IT staff have to look into whether the patches themselves could break something. In fact, some patches have warnings about the potential side effects," says Sandra, who recently retired from 30 years of sysadmin work. "The problem is that the patches don’t come at no cost in terms of performance. This means spending even more time reading in order to stay up to date and learn if their own infrastructure needs immediate attention. The confusion-and rumored performance hits-are causing some sysadmins to adopt a “watch carefully” and “wait and see” approach. “Unfortunately I think we have some vendor-supported systems where we don't have patches yet, but they're also single-purpose systems isolated from the Internet so the risk seems acceptable for now.” What are your current activities and short-term plans? “We patched OSs where we could,” says Skylar, a systems engineer at a university. Vendors have released, pulled back, re-released, and re-pulled back patches, explains Chase, a network administrator. “Everyone is so concerned by this that they rushed code out without testing it enough, leading to what I've heard referred to as ‘speculative reboots.’” “I’m waiting for Bond to do his Spectre thing,” agrees another admin, Emil. “I applied the patches for Meltdown but I am still waiting for Spectre patches from manufacturers,” explains an IT pro named Nick. That is, sysadmins are ready to apply patches-when a patch exists. Ron, an IT admin, summarizes the situation succinctly: “More like applied, applied another, removed, I think re-applied, I give up, and have no clue where I am anymore.” What have you done so far?Įveryone has applied patches. Here’s a snapshot of what other sysadmins have done so far to respond to Spectre and Meltdown, as well as their current plans and long-term strategy. I asked several network managers, system administrators, and DevOps how they’re coping-so, if nothing else, you can be reassured you’re not alone. If nothing else, at the beginning of January, every sysadmin had a long to-do list and now those projects are behind. If the computer systems are slowed down as the result of the short-term update and application performance suffers, the finger-pointing is directed at the whimpering sysadmin whose only recourse is to post to /r/talesfromtechsupport. If the patch introduces new problems, it has to be backed out. ![]() If a vendor has released patches, it’s the system administrator who has to apply them. īut that doesn’t help the poor human being who has to cope with the problem in the meantime. By now, you’re up to date on the technical details, and you've watched the industry scurry to respond with patches and updates as it prepares for longer-term solutions. It’s been a month since we all learned about Spectre and Meltdown, the two gaping security vulnerabilities that affect nearly every hardware platform. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |