Google and Amazon say the performance hit from the 'Meltdown' and 'Spectre' fixes is overblown
Sony
- Techies are going crazy after "Meltdown" and "Spectre," two new methods for stealing passwords, were revealed by Google on Wednesday.
- One worry was that the fix for the problems could come with a major negative impact on performance.
- Google and Amazon say they're not seeing any major slowdowns.
On Wednesday, Google revealed that there's a big security hole in pretty much every processor, including the one in your phone, the one in your laptop, and the processors running servers "in the cloud."
The two vulnerabilities, "Spectre" and "Meltdown," could even allow an attacker to steal passwords as a user typed them. Even worse, early speculation suggested that the fix for the two related but separate problems, "Spectre" and "Meltdown," could cause a major performance hit as the CPU would have had to do lots of extra work just to stay secure - maybe even reducing performance by 30%, according to The Register, which first reported the flaw.
Google now says all of that gloom and doom is overstated.
In a technical blog post published on Thursday, Google says the software it built to fix the issue - it calls it KPTI - causes "negligible impact on performance."
Here's the key passage:
There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.
In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.
Basically: Google's not stressing about any impact to performance, and it believes that the performance hits that other analysts are seeing were conducted without the right data, leading to an "exaggerated impact."
Of course, Google's findings are only applicable to Google's cloud and services, which run on Google's version of Linux, presumably on an Intel processor.
But Google's findings are based on data from some real-deal, heavy-duty services that would be dramatically impacted by a major decrease in performance, including Gmail, Search, and YouTube.
Amazon also says all-clear
David Ryder / Getty
"We don't expect meaningful performance impact for most customer workloads," an AWS representative told Business Insider. "There may end up being cases that are workload or OS specific that experience more of a performance impact. In those isolated cases, we will work with customers to mitigate any impact."
Amazon said on Wednesday that it had already protected its customers from nearly all AWS instances from the vulnerabilities.
Although Microsoft hasn't yet commented on what performance slowdowns it expects, its Azure service will also be closely watched to see if there are any impacts to processor performance. On Wednesday, it said it was in the process of implementing fixes.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- Experts warn of rising temperatures in Bengaluru as Phase 2 of Lok Sabha elections draws near
- Axis Bank posts net profit of ₹7,129 cr in March quarter
- 7 Best tourist places to visit in Rishikesh in 2024
- From underdog to Bill Gates-sponsored superfood: Have millets finally managed to make a comeback?
- 7 Things to do on your next trip to Rishikesh