[80x25]

These mitigations feel like a half measure. To quote the Spectre paper:

"Even code that contains no conditional branches can potentially be at risk."

"long-term solutions will require that instruction set architectures be updated to include clear guidance about the security properties of the processor, and CPU implementations will need to be updated to conform."

It seems too early to declare Spectre class attacks mitigated by the mechanisms presented in the OP.

[EgoIncarnate]

I don't think anyone is claiming this is solved. Mitigations are by definition a half measure. "Mitigate (verb): make less severe, serious, or painful."

[pizlonator]

Maybe more than half. ;-)

I think that the branch aspect of Spectre is the thing that WebKit is most affected by.

[WillReplyfFood]

Translated this basically means- for real security to exist, the chip has to be open source down to the layout.

This will not happen. So basically, the interest of the one outweighing the interests of the many, results in the many suffering for what exactly?

[dingo_bat]

> open source down to the layout.

I don't see what open source has got to do with any of this.

[vog]

More security experts would be encouraged to have a look at the design and to find flaws early on.

Of course, we all know that this doesn't always happen, see OpenSSL. However, once a major incident (Heartbleed) happened, they did: Many more OpenSSL issues were found and fixed, forks with different trade-offs came into place. For example, LibreSSL traded backwards compatibility with ancient systems for a smaller code base and increased security.

Since CPU designs are not Open Source, and on top of that flooded with patents, nothing like that will happen in this space. Intel and AMD are on their own, rather than having their design checked by a motivated international research community.

[dingo_bat]

But these attacks (Meltdown/Spectre) are on a fundamental design approach, which was conceived and developed and researched in the open. People in colleges all over the world study about them. Do you really think this would have been caught much sooner is Intel had released all schematics and layouts to the public?

[vog]

I'm just saying that in general, the incentive for a scientist to put work into an open system is orders of magnitude higher than to put work into a closed system.

To provide a similar example:

The crypto experts around Daniel J. Berstein and Tanja Lange stated publicly at 34C3 that they refused to perform crypto analysis on a certain algorithm that was patented. But they (and others) published good crypto analysis results (working attacks!) just a few months after the patent expired.

[UncleEntity]

> I'm just saying that in general, the incentive for a scientist to put work into an open system is orders of magnitude higher than to put work into a closed system.

They already do that, I'm sure you can find a multitude of papers on branch prediction and speculative execution if you simply took the time to look. Probably even some by the very same people who designed the Intel chips causing all the fuss.

[vog]

> This will not happen

Note that we do have good Open Source CPU designs, though, such as RISC V.