Dang. You seem optimistic. I hope these cloud providers are doing everything you think they are.
Any machine you share with others will share all sorts of resources. As well as the pre-fetch caches and stuff like that, you will share the disk fetch latency times (which might tell you where the head was) the GPU temperature (which tells you how much work it has done lately), the clock (which tells you how loaded the system is. If we are using the round-robin scheduler, you will always be between the same other two jobs provided they are still running. So, if someone wants to run Meltdown on your machine then they are going to have to match your particular machine then steal a lot of cycles for each word you want to look at. You can probably turn off sharing on the caching if you are editing /etc/passwd or something sensitive in a way the cloud provider can’t. A cloud provider has thousands of copies of a known processor, and lots of cycles to steal before someone notices the loss. It is not clear to me where the balance lies. The collective web has my permission to slag me off if I am wrong.
I am personally glad the nice guys have told is about this. I would imagine the attacks have a very distinctive signature, so you may be able to detect it on unmodified hardware.
