Meltdown notes

Submitted by John Locke on Mon, 01/15/2018 - 22:32

The Meltdown vulnerability leaked out into public news a full week before patches were available for many distributions. When patches did become available, sometimes the patch caused further trouble.

Our vulnerable systems

Before patches were available, we downloaded the Proof-of-Concept exploit code, compiled and tested it on a variety of the environments we work in, or have in production.

Here's a quick run-down of what we found affected, and what was not:

The Spectre of a Meltdown

Submitted by John Locke on Thu, 01/11/2018 - 17:31

The news was supposed to come out Tuesday, but it leaked early. Last week we learned about three variations of a new class of attacks on modern computing, before many vendors could release a patch -- and we come to find out that the root cause may be entirely unpatchable, and can only be fixed by buying new computers.

Today Microsoft released a patch -- which they had to quickly pull when they discovered that it crashed computers with AMD chips.

Essentially Spectre and Meltdown demonstrate a new way of attacking your smartphone, your laptop, your company's web server, your desktop, maybe even your tv and refrigerator.

Meltdown - Animated
Meltdown in Action

This all sounds dreadfully scary. And it is... but don't panic! Instead, read on to learn how this might affect you, your website, and what you can do to prevent bad things from getting worse.

Getting hands on with Drupal Commerce 2 - Onsite payments and Sales Tax

Submitted by John Locke on Fri, 12/29/2017 - 15:29

We're nearing launch of two new Drupal Commerce sites, one of them being this one. It turns out has some relatively sophisticated commerce needs: some taxable products, some non-taxable products. Recurring subscriptions. Arbitrary invoice payments.

We previously blogged about Commerce 2 Price Resolvers. Now, let's get into some of the details of payment gateways and taxes.

Employee Picture
Rafael Malave

Rafael Malave

Rafael started with Freelock in May 2015 and is one of our junior developers. Rafael is currently a student and working on his cert...
Employee Picture
Chris Yim

Chris Yim

Chris came to Freelock after working at Pethub, working in Drupal web content and marketing, but had his hands in pretty much every...
Employee Picture
Jill Locke

Jill Locke

Jill Locke is an experienced technical writer who specializes in training and documentation. She's now a Project Lead at Freelock w...