Mint is now fixed in regards to Spectre and Meltdown vulnerabilities. All of the Debian derived servers are now fixed. Redhat derived servers remain vulnerable to Spectre Variant 2.
On Scientific (Scientific Linux 6), kde, gnome, lxde, xfce, icewm are all functional. LXDE is rather minimal as no distribution for this OS exists but I was able to piece together enough of the required packages to get it minimally operational, the others are pretty much fully operational. As with Zorin, KDE’s default configuration does not include a logout widget, so first thing you should do if you use it is add a logout widget to a panel.
There is a new shell server available for your use, zorin.eskimo.com. Zorin is a relatively new Linux distribution that has some of the eye candy of Mint or Debian but brings with it the security and updatedness of Ubuntu.
The following desktop environments work on it with x2go, KDE, Mate, XFCE, and LDXE. LDXQ does not work with x2go, please don’t ask. The problem is it uses Qt5 and Qt5 applications are not presently compatible with x2go. This is the first OS with KDE5 that works reasonably well with X2go. It does not have the long start up time KDE5 sessions have on some other operating systems.
There are two problems with KDE, First, the default configuration has no logout so first thing you should do when you login is add an logout widget to a panel so you can logout when finished.
Then there is another issue, xrandr requires version 1.3, the stable x2go only has version 1.2 and Nightly Builds does not yet work on this platform. The work around is to use xrandr in a terminal to set your screen dimensions manually, for example, my screen is 1920×1080 so I would type in a terminal, “xrandr -s 1920×1080“.
The web server is now on 4.13.0-36, the most recent Ubuntu. Spectre and Meltdown have been fixed since 4.13.0-33. I suspect these subsequent releases are fixing things they broke in the process of fixing these two exploits. I know 4.13.0-33 was unstable at least on some systems (my old Mac Pro 1,1 for example).
There will be an outage of approximately 3 minutes Feb 17th close to noon in order to load a new kernel.
Last night’s reboots did not go entirely cleanly.
It took three reboots of Isumataq, which hosts home directories and a number of virtual machines, for it to come up cleanly. The first two times it did not properly start networking and manually attempting to start it did not work. This is not a new problem but one that has been ongoing since 16.04 LTS which introduced systemd which unfortunately while it sped up booting considerably, introduced quite a few bugs, all of which have not been entirely squashed yet.
Debian NFS did not sync properly when the mail server returned to service and so to restore proper functionality I had to reboot that tonight.
Ubuntu stopped talking to the network even though the kernel was still up and operational and I could get into the machine through the virtual machine manager. I rebooted it to fix.
The current state of meltdown and spectre vulnerability fixes on our network is that meltdown is fixed on all of our hosts both physical and virtual, spectre both variant 1 and variant 2 is fixed on all of our physical hosts and ALL ubuntu based hosts. Spectre variant 1 is fixed on almost all of our virtual hosts but spectre variant 2 is fixed only on ubuntu based hosts.
People ask me why I have moved and am continuing to move our services off of CentOS and to Ubuntu, this is an excellent example of why. To the best of my knowledge, ubuntu is the ONLY Linux distribution that has fixed meltdown and BOTH variants of spectre. They are usually first out of the gate with exploit fixes.
I am going to be rebooting servers tonight to load new kernels which fix meltdown and spectre vulnerabilities. Then I will be taking mail and web down for about 25 minutes each to image the machines so that if it becomes necessary to restore them in the future, it will not be restored to a vulnerable state.
I will be taking the web server down for approximately twenty minutes after midnight to image again with missing SSL certificates in place.
Maintenance on OpenSuse has been completed. Everything has been restored to service.