Dear user, we are still benchmarking and evaluating what the impact of KPTI is on ArangoDB.
Please bear in mind that the Linux kernel 4.15 including the Meltdown/Spectre fixes has not been released yet (nor the final release candidate). ArangoDB is no different from any other type of program in the sense that it uses memory, registers etc. A "mostly-memory" database system is at the same risk as any other database system or other program. Exploiting the x86 microarchitecture as described by the attacks titled Meltdown and Spectre can potentially access any data. These types of attacks do not attempt to read directly from a system's main memory however. But even if they did - the data handled any kind of database system passes the main memory and/or a CPU cache at some point, where it is at risk. If we find a drop in performance with KPTI enabled, there are already ideas what can be done to improve it again. Regarding security, you should obviously update your OS. There may also be microcode updates for your CPU, but Intel seem to have stopped the distribution because of some systems rebooting unexpectedly after updating. I'm not sure about the status of Google's Retpoline to mitigate Spectre attacks in software using patched compilers to trap speculative execution. We will let you know as soon as we get to know more. Best, an ArangoDB support member -- You received this message because you are subscribed to the Google Groups "ArangoDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
