[rightbyte]

The security concern is remote code execution via JS, and sharing processor time with other people you don't trust, right?

It should be up to the VM-as-a-service and browser vendors to flush the cache properly.

[compiler-guy]

No. The security concern is attackers reading data they shouldn’t. The article explains how.

“Microarchitectural Data Sampling (MDS) is a group of vulnerabilities that allow an attacker to potentially read sensitive data.”

That is way more serious than stealing cycles.

[rightbyte]

Ye, but I didn't understand how this was different than Spectre, except with different caches.

Still it's fine with no JS and no shared processor time, right?

[rurban]

Right. If you run no foreign code you are safe.

[bloomer]

From a brief read, I think it reads in flight data not necessarily cached, so flushing cache won't help unfortunately.

[silversconfused]

One CPU per process makes a lot more sense, especially now that we have so many specialized CPUs in our machines anyway.

[rightbyte]

Ye I got a feeling that shared processor time with strangers is not viable without specialized hardware.

[snovv_crash]

I think it isn't viable with non-deterministic (in time) hardware behavior. This means dedicated caches, or no caches at all. Dedicated guaranteed memory speeds and latencies. Dedicated processing units. The untrusted code cannot be affected by other code, otherwise the other code leaks its usage patterns across.