BOINC Xenial Drivers

Any time I want to apply updates, here is the cycle I have to do to keep nVidia and ATI/AMD drivers happy for BOINC.

#####################################################
BOINC drivers on Xenial
#####################################################

### Update the kernel
apt-get update
apt-get install linux-lowlatency-hwe-16.04 linux-tools-lowlatency-hwe-16.04 linux-image-lowlatency-hwe-16.04 linux-headers-lowlatency-hwe-16.04
apt-get dist-upgrade
apt-get autoremove

### For AMD/ATI driver issues:
Testing: https://launchpad.net/~paulo-miguel-dias/+archive/ubuntu/mesa/
OR stable https://launchpad.net/~paulo-miguel-dias/+archive/ubuntu/pkppa
apt-get install ppa-purge
ppa-purge ppa:paulo-miguel-dias/ppka
ppa-purge ppa:paulo-miguel-dias/mesa
add-apt-repository ppa:paulo-miguel-dias/mesa
apt-get update
apt-get dist-upgrade
apt-get install boinc-client-opencl clinfo mesa-opencl-icd

### For nvidia driver issues:
apt-get purge xserver-xorg-video-nouveau
apt-get purge nvidia*
apt-get install boinc-client-nvidia-cuda
update-alternatives --config gl_conf
update-alternatives --config x86_64-linux-gnu_gl_conf
ldconfig
update-initramfs -u
nvidia-xconfig

### Virtualbox crashes
apt-get purge virtualbox*
https://www.virtualbox.org/wiki/Linux_Downloads

### Reboot for the drivers if necessary
shutdown -r now

If I were running an x-server, there is nvidia-xconfig, but I run headless (mostly) and connect to boincmgr over an SSH tunnel.


Security Defect in Intel, ARM and AMD processors

THE RISK:
The defect allows a user process to read any system memory.
A VM can read memory from the host or another guest in some environments.

WHAT IS AFFECTED:
This does NOT affect POWER/PPC architecture.
Only some of this affects AMD, and only in some modes.
Almost every ARM and Intel processor since 1995 is affected.
That includes desktops, laptops, servers, cellphones, routers, automobiles with Sync/Onstar/autopilot, etc.

DISCOVERY:
This defect was reported in June, 2017, but due to pervasiveness, has been embargoed.
It is only fully described now because patch notes leaked the problem.

THE FIX:
The actual fix would be replacement of the affected CPUs with new silicon, which does not exist yet.
There is a partial software workaround which decreases system performance.

TECHNICAL:
The issue is because the processor does not perform access checking prior to loading L1 cache.
Due to this design issue, data can be forced into L1 cache, and read, before access is denied by the TLB.
It’s fairly slow, at around 2k/second, but a long-running process can harvest everything.

Hardware Statuses:
• ARM has provided workarounds to vendors, but it’s up to them to implement
• Intel’s CEO sold off as much of his stock as possible last year after glowing projections.
• Not a peep from AMD.
• POWER/PPC is not affected.

Software Statuses:
• Windows included a partial workaround in the November security rollup.
• MacOS released a partial workaround in December’s 10.13.2
• Linux included a partial workaround in the mainline kernels 4.15, and 4.14.11.
• The workarounds decrease performance between 1% and 45% depending on the workload.
• Cloud providers are scheduling maintenance January 2018.

More Reading:
• Community: https://spectreattack.com
• Google: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
• Workaround: https://en.wikipedia.org/wiki/Kernel_page-table_isolation
• AMD: https://www.amd.com/en/corporate/speculative-execution
• A better write-up: https://techcrunch.com/2018/01/03/kernel-panic-what-are-meltdown-and-spectre-the-bugs-affecting-nearly-every-computer-and-device/
• Outlet that broke the embargo: https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/