Originally posted by ll1025
View Post
Announcement
Collapse
No announcement yet.
Disabling Spectre V2 Mitigations Is What Can Impair AMD Ryzen 7000 Series Performance
Collapse
X
-
-
Originally posted by birdie View PostThere's some trickery going on, e.g. the CPU could completely discard the instructions which are meant to protect against Spectre but there are other protections in place so the vulnerability is taken care of. Amazing I'd say except this could open the door to new vulnerabilities.
- Likes 3
Comment
-
As far as I understand, Spectre V2 mitigation restricts Indirect branch speculations. Is it possible, that changes done by AMD (probably as part of hardware mitigation implementation) caused indirect branch speculation speed regression so much, that code runs much slower with indirect branch speculation enabled?
Comment
-
Originally posted by ll1025 View Post
Since when did the Linux enthusiast community become security-allergic luddites?
Do you also setenforce 0 and run as root? Maybe you stick to 1024 bit RSA because it's faster? And what's with that lengthy key exchange in SSH, take us back to telnet!
It's 2022, and sentiments like yours are responsible for the massive cybercrime industry's success. Whether on Linux or Windows, this kind of "it'll never get me" attitude is exactly how they get you.
If I was looking for top CPU performance in an environment I control (usually I run Windows for VR set-ups like this), I disable mitigations because they do actively slow things down, and the CPUs I usually use aren't high-end. I trust hardware mitigations wouldn't remotely be an issue on newer CPUs.
- Likes 3
Comment
-
Originally posted by ll1025 View Post
Since when did the Linux enthusiast community become security-allergic luddites?
Do you also setenforce 0 and run as root? Maybe you stick to 1024 bit RSA because it's faster? And what's with that lengthy key exchange in SSH, take us back to telnet!
It's 2022, and sentiments like yours are responsible for the massive cybercrime industry's success. Whether on Linux or Windows, this kind of "it'll never get me" attitude is exactly how they get you.
- Likes 2
Comment
-
Originally posted by cj.wijtmans View Postkeep in mind that CPU by law must have backdoors and vulnerabilities. Same with encryption or in case of court cases/investigations you must give out your password.
- Likes 2
Comment
-
Unfortunately the UK counts as a repressive government.
As for performance vs. security, I did stick with TLS 1.2 because it was the only way to retain compression of PostgreSQL replication streams. Had to recompile OpenSSL packages, but it's worth it for a 60% saving in bandwidth used. Transfer isn't free on all providers, and if an attacker has the skill to pull off a CRIME-variant attack on our replication, they probably have access to other methods of attack, including legal ones.
In some cases, disabling mitigations may be appropriate too. In others, like open multiuser systems or VM hosting, it is probably not. It's good to see that we now have some CPUs where that tradeoff doesn't need to be considered.
- Likes 3
Comment
Comment