Trade security with performance

The recent CPU flaw caused quite a mess. Most recent linux kernels have the problems patched, but what if I am willing to trade security for performance? I’ll need to compile my own kernel and here is how to do that on Ubuntu 17.

First, we need to make oldconfig. Basically copy the kernel compile config from Ubuntu and decide whether new features should be enabled

Here I…

Read More

Meltdown and Spectre CVE-2017-5715

Numerous posts and announcements have been made available in past 48 hours[1]. I don’t want to embarrass myself trying to describe what they’re about. Here I want to measure the performance penalty for the kernel patch. Kernel update has been made available on CentOS 7 (3.10.0-693.11.6.el7), roughly 12 hours behind Redhat. Here is a quick test of mysql sysbench on a small instance on aliyun, AWS, and Azure. No impact…

Read More