On linux add the following boot parameter: pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier
I saw a measurable decrease in build times in Linux. '$ time make' dropped nearly 10%.
Of course do not do this if you visit sketchy websites, install dodgy software, or open random attachment in email. That said, I can't find any evidence that any mass attack has been based on these exploits. <tin foil hat> Have a feeling our machines are made slower to make cloud providers safer or sell more CPUs.</tin foil hat>
I think it should be explicitly called out that meltdown is exploitable via JS, I wouldn't use 'insecure' mode for web browsing except on well known sites (e.g. docs.your-programming-language.org), and I would use an ad(malware)-blocker.
Compiled "mkvtoolnix" ( https://mkvtoolnix.download/ ) on Gentoo Linux twice, once without and then with the kernel options "pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier":
No kernel options:
merge time: 13 minutes and 38 seconds.
merge time: 13 minutes and 44 seconds.
merge time: 13 minutes and 5 seconds.
merge time: 13 minutes and 28 seconds.
Parallel compilation set to max 3 threads (" MAKEOPTS="-j3" ") but mkvtoolnix compilation seems to use most of the time max 2 threads.
gcc (Gentoo 8.2.0-r6 p1.7) 8.2.0
I guess that the 2nd rounds have higher runtimes than the 1st ones because the CPU got hotter... .
Yes, use the tool to get the actual patches...
> Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features.
> This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.
If this tool had the secret fix that didn't impact performance in any way then wouldn't it have been incorporated everywhere?
The cloud environment as a whole seems a lot more homogeneous, accessible, and easier to profit from than exploiting desktops.
I would assume hardware and electric outlets that are not professionally supervised to be most vulnerable. If you find your way into some type of NAS, then you've probably found a homogeneous environment: https://www.computerworld.com/article/2490759/hacked-synolog...
And it's ridiculous to give credence to the idea that the people pushing software mitigations to Linux, and the maintainers merging them, are doing so in bad faith.