https://lwn.net/Articles/761100/ This is a special feed containing comments posted to the individual LWN article titled "Remote Spectre exploits demonstrated". en-us Sun, 31 Aug 2025 00:56:36 +0000 Sun, 31 Aug 2025 00:56:36 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/761571/ https://lwn.net/Articles/761571/ timokokk <div class="FormattedComment"> Something that probably makes a difference in the real world is the network latency. I didn't read the paper with too much care, but it caught my eye that in their setup they had ~15us average latency and they used a million samples per bit to distinguish ones and zeroes from each other. In real life the latency to any random server is at least in the range of milliseconds and varies much more. You basically need to be in the same LAN in order to reliably exploit the flaw, otherwise your bits will get lost in the noise. So we are nowhere near where you could just pick up random net servers and extract data off it just by measuring the response latency variance.<br> </div> Thu, 02 Aug 2018 08:16:39 +0000 https://lwn.net/Articles/761257/ https://lwn.net/Articles/761257/ rweikusat2 <div class="FormattedComment"> Not necessarily. The only hard requirment is that 'uncontrolled fluctuations' in machine state are random, IOW, cancel each other out when enough measured values are averaged. OTOH, the more 'noisy' the environment is, the lower the achievable transmission rate will be and 15 bits/ hour isn't exactly a high bandwidth to begin with.<br> </div> Mon, 30 Jul 2018 11:27:21 +0000 https://lwn.net/Articles/761251/ https://lwn.net/Articles/761251/ jk <div class="FormattedComment"> I would have thought so too, but:<br> <p> <font class="QuotedText">&gt; We used `stress -i 1 -d 1` for the experiments, to simulate a</font><br> <font class="QuotedText">&gt; realistic environment. Although we would have expected our attack</font><br> <font class="QuotedText">&gt; to work best on a completely idle server, we did not see any negative</font><br> <font class="QuotedText">&gt; effects from the moderate server loads. In fact, they even slightly</font><br> <font class="QuotedText">&gt; improved the attack performance</font><br> <p> (section 6.3)<br> </div> Mon, 30 Jul 2018 07:54:46 +0000 https://lwn.net/Articles/761151/ https://lwn.net/Articles/761151/ jcm <div class="FormattedComment"> @Jon: technically they can exploit other variants remotely also, just they use v1 for simplicity<br> </div> Fri, 27 Jul 2018 23:26:21 +0000 https://lwn.net/Articles/761115/ https://lwn.net/Articles/761115/ jcm <div class="FormattedComment"> Not strictly required, we've seen in reproduced in a range of environments.<br> </div> Fri, 27 Jul 2018 16:31:50 +0000 https://lwn.net/Articles/761102/ https://lwn.net/Articles/761102/ martin.langhoff <div class="FormattedComment"> From a quick read, the network and target machine need to be very "quiet" for this to work...<br> </div> Fri, 27 Jul 2018 14:48:54 +0000