I’ve seen a video from CTT demonstrating the <10 performance boosts by simply off the mitigation. The system will be secure for personal use as before.

  • SuperFola@programming.dev
    link
    fedilink
    English
    arrow-up
    38
    arrow-down
    1
    ·
    1 year ago

    Ask yourself: do you really need a performance boost or are you just chasing the numbers to avoid a non-existant problem?

  • CaptainJack42@discuss.tchncs.de
    link
    fedilink
    arrow-up
    23
    ·
    1 year ago

    The short answer, as a ton of people already said in the comments of the video, is “hell no” it is not and it is most likely also not worth it. Back when the video came out I tested it (with unplugged network) on my system and the performance gain was ~1% which I’d consider well within the margin of error

  • dack@lemmy.world
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    The system will be secure for personal use as before.

    I wouldn’t be so sure of that. CPU side channels allow data to be leaked across security contexts. For example, from a user process to sandboxed JavaScript in a browser, from kernel space to user space, or from one containerized process to another. This is a problem even on a single user system without any VMs.

    • StarDreamer@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      Many years ago when I was still doing my undergrad I had a cyber security prof talk about side channels:

      ”There’s no way to prevent side-channels. As long as two components are sharing the same physical resource there will be side channels. The only problem is that these side channels are leaking way more bits than we expected.”

      So the question here is how big does the side channel need to be to leak something sensitive from memory? Turning off mitigations will almost certainly lead to larger side channels. Whether that is worth the risk is up to you.

  • Lemmy@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    It depends on how importent security is for that system and how devestating it would be if someone else got control over it and all accounts and devices connected to it.

    Assuming there are sucessful exploits it would be like running everything as root and disabling all sandbox/isolation features from the kernel and browsers. I’d say you should not connect such a machine to the internet.

  • StrangeAstronomer@lemmy.ml
    link
    fedilink
    arrow-up
    4
    arrow-down
    3
    ·
    1 year ago

    Link for the video?

    As a general rule of thumb, I’ve been told that anything less than a 50% performance boost is hardly noticeable.

    I’ve also heard (but ready to stand corrected) that mitigation costs only about 10% CPU (depending on the CPU).

    I don’t get out of bed for a 10% performance boost.