As you have all heard, the Meldown & Spectre security vulnerabilities apply in some fashion to pretty much every computing device out there. This is a new paradigm of security issue, in that is’s a compromise of the fundamental hardware vs software that runs on it. But the issue can be mitigated by software.
The news of the issue hit the Linux Kernel community at the same time as it hit the press, even though it was known by at least Google, Intel and Microsoft for 6 months prior.
Since many cloud platforms run on linux servers the linux community has been scrambling to resolve the issue as quickly as possible, and I am seeing almost daily security patches coming from them. These patches come with a non-zero risk. Both Intel and Microsoft have release patches that for some subset of customers have caused issues, and based on the kernel teams comments and testing the Linux teams testing, I know these patches carry risk as well. But for the security of our systems I’m applying patches as they become available.. First on back up servers, then on primary servers.
Kernel level and bios patches require system reboots to take effect so expect some short outages at 10:00 pm as we apply the updates. The fixes are not trivial, and I’m expecting the fallout from these updates to take a few months to settle down.