You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
that's not what I mean; it wouldn't even occur to me (before this all was disclosed) that any speculation is security-sensitive. and indeed it didn't occur to me, or to thousands of way more competent researchers that have certainly known how CPUs work since speculation existed
But it didn't occur to people... because they weren't working in both fields. The problem isn't speculation, it's speculation + side channels. HT was always dangerous, but the cache side-channels are just something nobody thought through properly.
The thing is that speculation is really too good to pass up. Can you imagine how slow a loop not using a register would be overwise? At current frequencies, we’re probably talking 10-50x slowdown. The proper fix (AMDs) likely makes context switches non-trivially slower.
There is No Good Solution™ to the general speculation problem (Spectre v1) other than to use barriers in security-sensitive code (and teach people about them), but v2 and meltdown and now this are absolutely fixable in silicon with negligible performance impact.
As for cache side channels, they suck but are merely an attack vector. That you need a way to exploit the bug doesn’t mean the exploit vector is the core problem, there are too many potential other ways to leak data
Yes, the issue is that nobody considered the existence of those side channels. This whole saga is basically CPU manufacturers discovering that timing side channel attacks apply to them as well.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
