Re: Remove high accuracy timers?
I'll bite. Specifically what apps use nano-second timers. Explotation of these 'cpu' flaws is esoteric lab research at best. It's easier just to phish passwords. I'm still not seeing how one could realistically exploit this stuff. You gotta know the workload, know the process, and sniff aound petabytes of data until you match something. All the POC's involved running two processes in a controlled environment, or sniffing around with a known workload passing thru at a known time, I mean if I got all that, I'm pretty sure I already have you pwned.
There has not been a single ransomware tied back to meltdown or spectre. If resticting access to precision timers is feasable, and takes the bulk of the risk away, it beats crippling performance for day-to-day worloads. I know it's *possible* someone could inject a stored procedure on my sql server, that daisy chains something to exploit meltdown. My only question would be why? I'm already f*cked. If it makes you sleep better by all means have fun.