QubesOS certainly feels great every day when it comes to things like this… :-)
Discussion
As an Ubuntu household I am not affected either, apparently, as well as winning the luck of the draw on my CPUs not being vulnerable. It would be mighty scary to be in either of those categories though, considering the code to run this attack is in the wild and it can run on a webpage that hits millions of users.
I see, well I ditched all dependencies on MS in 99, ran it under VMware until 2001 when I got on OSX plus Linux of course
I do run it a bit as VMs in QubesOS only these days actually, for accounts to reach into the Digital Gulags haha…
I don't know so much about it, but it sounds like even stuff running in VMs isn't safe from this, if you are browsing the web on a VM then this exploit could affect the host. Be careful out there.
Sure, but it would be limited to that one VM
On any given day I run 3-7 or more all in the one GUI that is the core function of QubesOS, so anything with risk goes into a separate one :-)
Qubes is also affected. Look at the Qubes Security Bulletin released: https://forum.qubes-os.org/t/qsb-090-zenbleed-cve-2023-20593-xsa-433/20037
Thanks, updating now :-)
But the main design of Qubes is what protects: in my Windows VMs I never store or handle any crypto, nor do I recycle passwords or run any important accounts…
I do know that I should get around to flashing the BIOS with Coreboot, but at least for main holdings there is the protection of hard wallets or running apps across a handful of devices…
Will follow this anyway of course, major bug for sure!
I would strongly encourage you to flash coreboot. I flashed HEADS and it was a lot easier than I thought it would be. There are definitely some confusing hang ups, but it was very satisfying and if I can do it you can too. Really good thing to do.
Yeah… The problem is that I do not enjoy tech like that, everything is a tool only…
And with Nostr being a protocol I feel most of my concerns evaporating anyway! :-)