Re: [PLUG] Retbleed, improve performance

Walt Mankowski via plug on 18 Jul 2022 12:10:44 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Retbleed, improve performance

From: Walt Mankowski via plug <plug@lists.phillylinux.org>
To: "PLUG Mailing List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Retbleed, improve performance
Date: Mon, 18 Jul 2022 15:10:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=sasl; bh=dCpOxRscIYdV5dAVvjsSmNKmmb5/Rm SyGqibnDLIhiM=; b=DyourItz6cMnuceUN01yxUX1QmrST58TVkq9Hs1JsxWu6z wDB43ylsnb8PzJfY2u0xqU5uF2HvFibk5YWAnKd6RoWvDzXK6OHEUSrIDsZ+fs2A fZv7flRnrDROyAjOH8YBreyvIXmHF5LXW65JyysfAry0z69CAmkLs047jhGmo=
Feedback-id: i7af9444b:Fastmail
Reply-to: Walt Mankowski <waltman@pobox.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Cyrus-JMAP/3.7.0-alpha0-755-g3e1da8b93f-fm-20220708.002-g3e1da8b9

On Mon, Jul 18, 2022, at 11:21 AM, Rich Freeman via plug wrote:

On Mon, Jul 18, 2022 at 9:59 AM jeffv via plug
<plug@lists.phillylinux.org> wrote:
>
> Improve Linux performance with this one weird trick
>
> https://www.theregister.com/2022/07/18/improve_linux_performance/
>
> Unless anyone else ever accesses your PC in any way

So, I'd probably read the fine print before doing that. First I'd
confirm exactly what the performance boost will be. Some mitigations
are expensive, and others are cheap, and it varies by CPU model. If
they're all cheap on your CPU then the value of disabling them to
avoid speculative execution attacks is dubious.

That said, I do know of at least one serious enterprise application
where they were considering disabling mitigations on an isolated
system used to do a workload that would have been severely impacted
(this was on an Intel CPU that had expensive mitigation cost).

In addition to depending on CPU model, the cost of mitigations can
also vary based on workload.

In general though speculative execution is a threat if you run
untrusted code on a system. That could be from less-trusted users
executing arbitrary code as non-root, or it could be from proprietary
software you don't completely trust in a mixed environment, or it
could be from sandboxed code like _javascript_/etc in a browser. If you
have a host that runs everything under a single UID, or uses UID 0 for
the OS and a single UID for everything else and the host really only
does one thing, and nothing is untrusted/sandboxed, then speculative
execution threats aren't really a serious problem. If a host only
runs one service and that service is compromised, the entire host is
effectively compromised anyway. If somebody hacks into your database
it is because they want to read the stuff in your database, not the
contents of /var/log.

I’ll also add that if your computer seems slow, there’s an excellent chance that it’s caused by something other than the raw speed of your CPU. Most of the time the problem is going to be network lag, or excessive disk access, or bloated websites, etc. Do your due diligence and check all those things first before even thinking about implementing any of these fixes.

Walt

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Retbleed, improve performance
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Retbleed, improve performance
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] HPLIP printing
Next by Date: Re: [PLUG] HPLIP printing
Previous by thread: Re: [PLUG] Retbleed, improve performance
Next by thread: Re: [PLUG] Retbleed, improve performance
Index(es):
- Date
- Thread