Google security researchers have come to the conclusion that speculative execution attacks are here to stay without drastic changes to modern CPU architectures, such as removing speculative execution entirely.
Spectre is here to stay: An analysis of side-channels and speculative execution
Related:
Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]
Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News
Congress Questions Chipmakers About Meltdown and Spectre
What Impact Has Meltdown/Spectre Had on YOUR Systems?
Intel Admits a Load of its CPUs Have Spectre V2 Flaw That Can't be Fixed
Intel FPU Speculation Vulnerability Confirmed
New Spectre Variant SpectreRSB Targets Return Stack Buffer
Intel Discloses a Speculative Execution Attack in Software Guard eXtensions (SGX)
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
MIT Researchers Claim to Have a Solution for Some Speculative Execution Attacks
Spectre, Meltdown Researchers Unveil 7 More Speculative Execution Attacks
New Side-Channel Leak: Researchers Attack Operating System Page Caches
(Score: 0) by Anonymous Coward on Saturday February 16 2019, @02:38PM (4 children)
This isn't about consumers replacing their computers. Any major changes to CPU architecture would be expensive, and the new hardware would need to be sold enterprises and data centers. Those are the environments where Spectre and Meltdown are the most dangerous.
Unfortunately, the companies that buy new hardware based on new CPU designs will not have a great market for selling their used equipment. "We replaced this stuff because it is a security risk ... so, you wanna buy it?"
(Score: 2) by zocalo on Saturday February 16 2019, @07:48PM (3 children)
That's somewhat illogical. You're essentially saying CPU vendors shouldn't try and fix the flaw because of those few users that re-sell hardware rather than re-purposing/scrapping it when its initial reason for purchase has been completed. That only works if they have a cartel, otherwise the one eyed man is king and whichever CPU vendor has the least exposure to the flaw is going to have an advantage in selling their hardware. Keeping in mind that sales will be even higher if they can scupper the used market as a security risk as well, do you think Intel, AMD, ARM, et al care more about making a profit from new hardware, or a second hard market they no direct benefit from?
UNIX? They're not even circumcised! Savages!
(Score: 0) by Anonymous Coward on Saturday February 16 2019, @08:40PM (2 children)
Not at all. I'm saying the enterprise and data center markets are going to have to buy the new, more secure hardware and will get stuck with the old hardware (rather than selling it down market, as they currently do). So the new CPUs, which will be very expensive because of the significant costs associated with redesigning a major feature, will hit the large purchasers even harder than normal hardware upgrades do.
(Score: 3, Insightful) by zocalo on Saturday February 16 2019, @10:16PM (1 child)
Yes, they'll have to buy new hardware at some point (as will anyone else who cares about Spectre) and selling downmarket is going to mean either lower prices and/or finding buyers that don't care about Spectre, e.g. private compute clouds on segregated networks, for instance. What they can do though is phase it in gradually; "Latest & Greatest Spectre-proof CPU VPS - $20/mo" vs "Older CPU with Microcode/OS Spectre mitigations VPS - $15/mo". After that, it's just supply and demand, same as with any other phased roll out of the latest hardware.
UNIX? They're not even circumcised! Savages!
(Score: 2) by hendrikboom on Sunday February 17 2019, @08:34PM
Higher price and slower speed for security. There's a market for that.