An encrypted website with a single line of text promises to make your Linux machine more responsive – if you’re willing to accept some risk.
Another day, another bleed-ing vulnerability. New speculative execution attacks continue to be discovered, and operating system kernel developers continue to find ways to block them, at the cost of some CPU performance for each mitigation. But what if you run an isolated, self-contained box? What if you just… turned off all mitigations?
Many years ago my tenant at the time – a Perl and Linux guru – tried to show me a quick way to move certain things from one Linux machine to another. He was very surprised to find that I didn’t have SSH enabled and there was no way to access one of my Linux machines from any of the others. It was and is the default setting for the desktop versions of Ubuntu and Mint, and for many people that’s what you want: a computer isolated from the outside world.
If this describes your needs, you may find Jean-Michael Celerieris admirably concise make-linux-fast-again.com useful. The site is a bit dated – you only need all the switches if you’re using a kernel older than 5.1.13. Nowadays, just the last is enough. Add it to the end of the kernel line in
update-grub and restart.
If you want to see what each individual statement does, there are the two Short and more verbose explanations there. If these instructions aren’t enough for you, then sorry – you probably shouldn’t try this at home.
Also don’t do it on a server, or in a virtual machine, or a machine that hosts virtual machines or anything else that other people use. If the box allows other devices to connect to it over the network, don’t.
Seriously. Do not go.
Another fairly simple optimization is the one we mentioned during its introduction:
zswap characteristic. If your machine isn’t a powerhouse with tons of RAM, it’s probably swapped out to disk occasionally, whether it’s an Ubuntu-style swap file or a dedicated swap partition. . Activate
zswap compresses anything placed in swap, which on any 64-bit machine is likely to be a much faster process than writing to disk. With the
mitigations=off sentence mentioned above, just add
update-grub or the equivalent for your distro, and reboot.
The Reg FOSS office tried it on our daily 12GB RAM laptop, and it took a zero out of the amount of data placed in the swap. ®