While the original link didn't provide much extra, what I found particularly interesting there were the comments from the person who is running a patched system, yet finding that one of the spectre PoC code examples was still working.
Would be interesting to know if anyone else is experiencing anything similar.
yes, I am also experiencing this. But this is not unexpected: if you take this spectre PoC: https://github.com/crozone/SpectrePoC/blob/master/spectre.c then all that is doing is reading data from the same process. With spectre variant 1, it is the code that is vulnerable (in this case, an unmasked bounds check). As the compiler does not do any mitigations for this, it is the software that has to protect against it (that's one reason why browsers for example needed mitigations, along with everything else running untrusted code). This variant is only a problem if you're trying to run untrusted code though... so you could say that the PoC itself has a security vulnerability, no wonder that still works (an OS does not prevent you from running vulnerable programs - there could be hardining techniques that can make it harder or impossible to exploit that vulernerability though.)
"New Spectre/Meltdown Variants"
https://www.schneier.com/blog/archives/2018/02/new_spectreme...
While the original link didn't provide much extra, what I found particularly interesting there were the comments from the person who is running a patched system, yet finding that one of the spectre PoC code examples was still working.
Would be interesting to know if anyone else is experiencing anything similar.