If you talk about "how stupid Intel's engineers were a decade ago" re:CPU flaws on social media without an engineering background, I think you should be banned from Twitter until you read the Intel assembly manuals cover to cover. Either that or some similarly ironic punishment.
-
-
Speculation must either not happen, or happen in containment outside of which no speculative results can be seen.
-
hence xfence instructions are finally put to use ?
-
No, because that's imposing a new ISA constraint not satisfied by existing binaries, it's opt-in, and it pessimizes non-broken cpu implementations. The cpu needs to do the right thing itself, not only when assisted by a pessimizing compiler.
-
Nothing to argue with that. This confirms my understanding fixes are not made to last as effective mitigations on current processors would require massive patching across bios, kernel, apps, libs. (right?)

-
I am convinced any cloud vm with root access is a gonner regardless of patching.
-
I think vm's are actually easier to make safe if the host isn't cost-cutting. Just doing full flush of entire cache hierarchy at every vm switch covers most of it.
-
It's within a vm where you have syscalls, shared memory across privilege domains, and content switches that safety gets hard.
-
NTM the unfixable privilege boundaries within a single application content that are enforced by software logic that Spectre v1 breaks.
End of conversation
New conversation -
-
-
Not a solution, but increased attacker work factor can be a figure of merit.
-
At best it increases wotk factor for some variants we mostly have solutions for. It doesn't help at all with ones we lack any solution for.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.