I've seen a video from CTT demonstrating the <10 performance boosts by simply off the mitigation. The system will be secure for personal use as before.
Ask yourself: do you really need a performance boost or are you just chasing the numbers to avoid a non-existant problem?
Yea
Everything is secure until it isn't. I'd leave it on.
The short answer, as a ton of people already said in the comments of the video, is "hell no" it is not and it is most likely also not worth it. Back when the video came out I tested it (with unplugged network) on my system and the performance gain was ~1% which I'd consider well within the margin of error
Mines about 60% faster, ymmv
What workload makes that much of a difference?
Games on a 3rd gen i7
Which games?
Aren't you the guy who runs one of the largest RuneScape private servers? Why tf are you disabling security measures
Isolated machine for emulating old consoles
The system will be secure for personal use as before.
I wouldn't be so sure of that. CPU side channels allow data to be leaked across security contexts. For example, from a user process to sandboxed JavaScript in a browser, from kernel space to user space, or from one containerized process to another. This is a problem even on a single user system without any VMs.
Many years ago when I was still doing my undergrad I had a cyber security prof talk about side channels:
”There's no way to prevent side-channels. As long as two components are sharing the same physical resource there will be side channels. The only problem is that these side channels are leaking way more bits than we expected.”
So the question here is how big does the side channel need to be to leak something sensitive from memory? Turning off mitigations will almost certainly lead to larger side channels. Whether that is worth the risk is up to you.
It depends on how importent security is for that system and how devestating it would be if someone else got control over it and all accounts and devices connected to it.
Assuming there are sucessful exploits it would be like running everything as root and disabling all sandbox/isolation features from the kernel and browsers. I'd say you should not connect such a machine to the internet.
…or you could opt for other ways to improve your PC performance. For instance, using equal values for both
scaling_max_freq
andscaling_min_freq
gives you a quite considerable performance boost at the expense of (almost) nothing.Well, you lose a lot of power efficiency, this would be massively detrimental to many peoples experiences if you do this on anything battery powered like a laptop.
Eh…I see your point.
And does this still work with modern cpufreq schedulers like amd-pstate and the Intel equivalent? IIRC I couldn't simply set frequencies or select the userspace scheduler on 10th gen Intel and frequencies don't seem to be honoured by AMD pstate drivers on Zen4.
Link for the video?
As a general rule of thumb, I've been told that anything less than a 50% performance boost is hardly noticeable.
I've also heard (but ready to stand corrected) that mitigation costs only about 10% CPU (depending on the CPU).
I don't get out of bed for a 10% performance boost.
99% of mitigations generally aren't for vulnerabilities that affect day-to day users, so I'd say that you'll probably be fine
This is exceptionally bad advice.
I like living on the edge
Then post your credit card number, expiry, and CVC
You ain't gonna get much out of it, even if I do lol
Not important, until some day a virus is on Flathub, a user downloads a stupid appimage and they get in trouble