Greg Kroah-Hartman, the stable Linux kernel maintainer, could have prefaced his Open Source Summit Europe keynote speech, MDS, Fallout, Zombieland, and Linux, by paraphrasing Winston Churchill: I have nothing to offer but blood sweat and tears for dealing with Intel CPU's security problems.
Or as a Chinese developer told him recently about these problems: "This is a sad talk." The sadness is that the same Intel CPU speculative execution problems, which led to Meltdown and Spectre security issues, are alive and well and causing more trouble.
The problem with how Intel designed speculative execution is that, while anticipating the next action for the CPU to take does indeed speed things up, it also exposes data along the way. That's bad enough on your own server, but when it breaks down the barriers between virtual machines (VM)s in cloud computing environments, it's a security nightmare.
(Score: 4, Interesting) by HiThere on Wednesday October 30 2019, @04:09PM
You say "with hindsight", but I've heard it reported that the vulnerabilities were predicted before the chips were designed. Though I admit that, at the time, I don't believe anyone believed the exploits were practical.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.