Trade security with performance

The recent CPU flaw caused quite a mess. Most recent linux kernels have the problems patched, but what if I am willing to trade security for performance? I’ll need to compile my own kernel and here is how to do that on Ubuntu 17. apt install git build-essential kernel-package fakeroot libncurses5-dev libssl-dev ccache wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.15.tar.xz tar Jxvf linux-4.15.tar.xz cd linux-4.15 First, we need to make oldconfig. Basically copy the kernel…

Read More

Meltdown and Spectre CVE-2017-5715

Numerous posts and announcements have been made available in past 48 hours[1]. I don’t want to embarrass myself trying to describe what they’re about. Here I want to measure the performance penalty for the kernel patch. Kernel update has been made available on CentOS 7 (3.10.0-693.11.6.el7), roughly 12 hours behind Redhat. Here is a quick test of mysql sysbench on a small instance on aliyun, AWS, and Azure. No impact…

Read More