February 13 2018 GDPR, codewars, Meltdown and Spectre Meet

BradLUG (Bradford GNU/Linux Users Group) A self-help group for GNU/Linux, Open Source and Free Software users in and around the Bradford District, West Yorkshire

Home About Meetings FOSS

February 13 2018 GDPR, codewars, Meltdown and Spectre Meet

John R Hudson

Posted on February 18, 2018

( 2 minute read )

John shared a presentation he was developing on GDPR for small voluntary organisations. David S commented that the test for organisations would be ‘have you made a bona fide attempt to meet the regulations?’ He also commented on the three different uses of ‘loss’:

loss of data by deletion
loss of data by theft, and
loss (harm) to someone as a result of either of the first two.

For organisations managing their own servers, they might need to consider encrypting the server logs; however, small voluntary organisations which use a server are more likely to use a hosted server.

Suggested software:

Keybase: it works like Dropbox setting up shared folders which can be accessed only by certain people. No data is passed to Keybase; only the links to the folders to allow sharing.
WhatsApp, a secure messaging service, now owned by Facebook, might be suitable for some organisations but would need checking for its suitability.
VeraCrypt allows you to encrypt parts of hard drives; it is probably most suited to office based systems.
EncFS provides an encrypted filesystem in userspace.
Thunderbird allows you to encrypt emails; however you need a program like GnuPG to provide the encryption keys.

Never transfer anything on USB sticks.

Darren spoke about the last Leeds Code Dojo when they had taken part in codewars, each writing a program in a chosen language to solve a problem. When you submit your program, it is evaluated to provide you with a review and a ranking as a coder.

David S drew attention to spectre-meltdown-checker.sh which checks how many vulnerabilities have been addressed in your kernel.

Intel had originally sent out a patch which had allegedly caused some machines to freeze; so it had withdrawn it and then discovered that it did not necessarily freeze machines and reissued it.

The latest updates from Intel are available as Microcode Revision Guidance.

Brendan Gregg has done a paper on Initial Performance Regressions as a result of KPTI/KAISER Meltdown.

Past Meetings