> Attribution is trivial and left as an exercise to the reader.

Huh? It isn't to me. Can someone clarify on this?

Also:

- To what extend is this fixed by the mitigations which the kernel provides [0] for the Intel bugs? What do I have to add to my kernel command line?

- Where did he get the binary from? VirusTotal doesn't allow arbitrary people to download binaries which someone else uploaded, does it?

> What do I have to add to my kernel command line?

Paranoid users of Ubuntu and Debian can install this package: https://packages.debian.org/bullseye/hardening-runtime . Then reboot.

It disables SMT, so independently of mitigations you won’t be vulnerable, but of course Hyper-Threading will be gone.

I have a much more up-to-date and comprehensive GPL-3.0 package called 'brace' available here: https://github.com/divestedcg/brace

Supports Fedora, Arch, Debian, and openSUSE.

Has GNOME, Firefox, kernel cmdline, sysctl, firewalld, NetworkManager, and systemd unit hardening among other things.

Goes well with firejail (am a developer of): https://github.com/netblue30/firejail