What’s the potential impact from Spectre and Meltdown vulnerabilities to Securenodes running on VPS or Cloud platforms? If vendor patches are applied, there is up to 30% impact to performance. Is there anything the node owners can do to remedy that? I think the developers need to look into these vulnerabilities, and provide specific information to node operators.
I believe most if not all secure nodes are running Ubuntu or some variant of Linux. Below is the tracker for the spectre and meltdown patch for Ubuntu. Unfortunately every industry partner had a coordinated release date of January 9th, but the two bugs were leaked to the public early. I didn’t research too much into it, but from the below link it looks like Ubuntu is on track for Jan 9th update. So In a few days all secure nodes should update the latest security fix with.
sudo apt-get update
I think it’s important to also note, I don’t believe this bug affects any end users. Since all of your private keys are stored local in ur wallet, that information would not be accessible by a vulnerable node.
I don’t think anyone really knows the full extent of vulnerabilities right now, but these apply to most computer systems in most of the world…not much we can do except recommend best sec practice of storing privkeys offline. Right now we have a paper wallet option and you can store your keys on an encrypted drive entirely disconnected from the Web. Sec nodes, unfortunately, to operate don’t have that luxury so the system is theoretically vulnerable; whether that’s a practical vulnerability is still TBD…
I think it’s well past theoretical. The unfortunate thing is all vendors will be attempting to fix a hardware vulnerability at the software level until all vulnerable hardware can be replaced. All of those fixes will be temporary band aids bound to be bypassed. I think you and the rest of the team should take a deeper look as soon as possible.