January 3, 2018
Some one at the office reminded me that the candy bucket is almost empty. In the mean time, I’ve been busy following the Meltdown and Spectre news. My colleague and I have been talking about this subject since we got together after work.
If you don’t have the time and patience to read the details, you can get a summary from Ars Technica.
For some reasons I thought about James Bond’s SPECTRE when I first read the news.
January 2, 2018.
Back to work after a few days off; New Year’s Day and whatnot.
What a year to start with some big computing news, which is not a good one. Tip of the hat to my colleague for forwarding me the article.
From the original article:
tl;dr: there is presently an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve. Urgent development of a software mitigation is being done in the open and recently landed in the Linux kernel, and a similar mitigation began appearing in NT kernels in November. In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualization environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer.
Apple will be issuing Software Update to disable “root” user which is inadvertently enabled by default with blank password in macOS High Sierra.
To disable “root” user, follow the instruction from Apple or the instruction below:
Disable the root user
Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
Click the Lock, then enter an administrator name and password.
Click Login Options.
Click Join (or Edit).
Click Open Directory Utility.
Click the Lock in the Directory Utility window, then enter an administrator name and password.
From the menu bar in Directory Utility: Choose Edit > Disable Root
In previous incarnations of macOS/OS X/Mac OS X, “root” user is disabled by default.
Anyone with physical access to your Mac potentially can reset your password.