Announcement

Collapse
No announcement yet.

The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bsdisbetter
    replied
    Originally posted by Cybmax View Post
    So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
    The words : "he adds, it’s highly unlikely it will ever be used in the wild." and “This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says, is ofc absolutely NO concern i guess.
    http://fortune.com/2019/05/15/zombie...ng-downplayed/

    Might not be spoken by anyone with a clue, but where is the hard evidence that any random "Joe Average" has gotten his personal computer ruined by any of those exploits running linux? Where are the horror stories? What are the REAL risks?

    I would suspect NONE tbh, but noone will ever consider doing such a shady thing as disabling those things, and with "everything" compiled WITH exploit mitigations, there are almost nothing to be gained by disabling this on a kernel level. I guess you would need to recompile everything to even gain anything back now

    F**ed if you do, f**ed if you dont
    If you only run the OS on your personal computers then ignoring / disabling these mitigations is what you should do if it impacts your processing. Unless you're into hacking yourself... bsds use sysctls and/or kernel defines to allow you to ignore them (well some bsds anyway), not sure about linux

    You may be at risk but you have been at risk most of this century - how's it been so far?
    Perform backups, use snapshots, etc. You're probably more at risk of data loss through drive failure imho.
    Last edited by Bsdisbetter; 18 May 2019, 07:55 PM.

    Leave a comment:


  • loganj
    replied
    ok. so there are more bugs now. the question that i have: does any of the manufactures removed any of them with the new processors? will they remove any of them? or they will continue to pretend that there is nothing wrong with them?

    Leave a comment:


  • angrypie
    replied
    Originally posted by Cybmax View Post
    So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
    A 486 is faster now, since it isn't affected by any of those flaws. Time to dust off my DX4-100.

    As for those flaws being "highly unlikely" to be used in the wild: there's a thing called "off-the-shelf malware." And let's not forget that Spectre is a flaw that runs deep inside the uarch, so it's highly likely there are more exploits to be discovered. With those flaws all over the press there's more incentive to exploit it.

    Of course Intel knew it all along. If a much smaller company like AMD could foresee the nastiness and take measures to secure their CPUs, so could Intel.
    Last edited by angrypie; 18 May 2019, 07:33 PM.

    Leave a comment:


  • 9Strike
    replied
    Originally posted by Cybmax View Post
    So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
    The words : "he adds, it’s highly unlikely it will ever be used in the wild." and “This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says, is ofc absolutely NO concern i guess.


    Might not be spoken by anyone with a clue, but where is the hard evidence that any random "Joe Average" has gotten his personal computer ruined by any of those exploits running linux? Where are the horror stories? What are the REAL risks?

    I would suspect NONE tbh, but noone will ever consider doing such a shady thing as disabling those things, and with "everything" compiled WITH exploit mitigations, there are almost nothing to be gained by disabling this on a kernel level. I guess you would need to recompile everything to even gain anything back now

    F**ed if you do, f**ed if you dont
    As far as I know, at least for the Meltdown Bug are JavaScripts available, which could run on any Website (but Browsers now decrease the timing accuracy so that they don't work).

    Leave a comment:


  • milkylainen
    replied
    That summarizes most of it pretty nicely. Thanx. Some epic crippling of performance there.
    As usual. Cheating pays off. Until you get caught. Then you'll get your ass handed to you.

    Sorry Intel, but there is no way you didn't know that you traded security and proper implementation for faster performance.

    Leave a comment:


  • Cybmax
    replied
    So... yet another "lets get that brand spanking new 9900K working like a 486!" "mitigation" linux kernel has to enable by default.
    The words : "he adds, it’s highly unlikely it will ever be used in the wild." and “This particular one would require the hackers to have perfect conditions in order to exploit it,” Siciliano says, is ofc absolutely NO concern i guess.


    Might not be spoken by anyone with a clue, but where is the hard evidence that any random "Joe Average" has gotten his personal computer ruined by any of those exploits running linux? Where are the horror stories? What are the REAL risks?

    I would suspect NONE tbh, but noone will ever consider doing such a shady thing as disabling those things, and with "everything" compiled WITH exploit mitigations, there are almost nothing to be gained by disabling this on a kernel level. I guess you would need to recompile everything to even gain anything back now

    F**ed if you do, f**ed if you dont

    Leave a comment:


  • ThoreauHD
    replied
    Well, on the bright side, that only wipes out 2 years of performance gains. Could be worse.

    Leave a comment:


  • geearf
    replied
    Those 16% don't even account for Intel disabling TSX on some CPUs too (like mine) :/

    Leave a comment:


  • Xaero_Vincent
    replied
    Heavy context switching is a disaster for Intel chips now. Ugh.

    Leave a comment:


  • RussianNeuroMancer
    replied
    Thanks for PostgreSQL test! Would be interesting to how much all of this is impact virtualization.

    Leave a comment:

Working...
X