[Discuss] Port Scanning

[Dan Ritter]

Daniel M Gessel wrote: 
> 
> 
> On 2024-08-06 11:47, Dan Ritter wrote:
> > Daniel M Gessel wrote:
> > > On 2024-08-06 00:31, Bill Bogstad wrote:
> > > > We would have a whole lot fewer moles to whack if we changed our tools.
> > > In some cases a 5% performance hit is huge - offering up "our programmers
> > > make mistakes" as a justification is a non-starter.
> > Remember that:
> > 
> > - virtual machines impose a penalty of 1% or more -- worse when
> >    not optimally configured
> > 
> > - the mitigations for various speculative execution and memory
> >    hammer attacks can impose 2-30% penalties depending on
> >    specific programs
> > 
> > - changes between stable kernel versions can be +/- 15% in some
> >    cases
> > 
> > All of those can already be cited as  "our programmers make mistakes".
> I honestly don't know how the first two address programmer mistakes; can you
> explain?

The rise of virtual machines and containers is an admission of
systemic failure: people gave up on managing dependencies in a
sensible manner. Rather than have a deployment system which
produces a working program plus libraries and configuration,
these systems effectively ship a developer's laptop to the
cloud.

Mitigations for Spectre and Rowhammer are required because we
persistently run other people's code on our hardware, or if you
prefer, we keep running our code on other people's hardware and
pretending that it's our hardware.

> On the commercial OSs I've worked on, a 5% performance drop would be a
> block-ship issue, depending on where it was seen.

I don't know where you've worked, but I will bet a shiny nickel
that 5% drops and 5% improvements happened in different sections on
most major releases.

-dsr-