Man, Ars' headline doesn't sugar-coat things:
“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-every-modern-processor-has-unfixable-security-flaws/
And for completeness here's Google's blog post: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html (h/t @netshade and others)
curious what happens next
@schlink well this is existentially spooky
@schlink ruh roh
@schlink @netshade I expect continued frantic patching (in OSes and browsers and I guess VMs too?), then more slow-paced work on making fixes that *don't* ruin performance or remove features.
I wouldn't be surprised if the NSA has lost a powerful set of tools from their toolbox as a result of this.
Many computers will go unpatched, and these vulnerabilities will go *into* the toolboxes of pentesters and malware authors.
Motherboard has a nice explainer today: "The Clever Engineering Behind Intel's Chipocalypse"
https://motherboard.vice.com/en_us/article/qvw3k3/the-clever-engineering-behind-intels-chipocalypse
but tbh this birdsite thread may be the clearest not-too-technical explanation of the flaw that I've seen https://twitter.com/FioraAeterna/status/948684092333158400
@schlink Notice that it's not «google» it's public research from university and a guy from google.
actually, here's a real sign that something's ~ going on ~ https://octodon.social/media/rKAbOBJck-zEoIbfbP4