[atq2119]

The really damning part is that it applies even for processors that are supposedly fixed in silicon because Intel dropped the ball by playing wack-a-mole with proof of concept exploits instead of thoroughly building their chips with security in mind.

If the history of Microsoft and Windows security is any indication, it'll take Intel many many years to turn that ship around.

There's a question of whether AMD has been mostly unaffected only because their chips haven't received as much scrutiny, but for the time being it does seem that if you care about security, you'd better go with Epyc.

[wtallis]

I don't think anyone seriously expected Intel to be able to thoroughly harden their chips against Spectre-style attacks given just a year to tweak their existing microarchitecture. They were able to move some permissions checks ahead of some speculative actions, but they simply haven't had enough time to design an architecture that can unwind all observable side-effects of mispredictions. It was obvious that all the near-term fixes in silicon would be equivalent to or only slightly better than the microcode or OS-based mitigations.

[dannyw]

AMD’s speculative execution design is more risk aversive and it isn’t prone to many of the bugs identified so far. Of course this may change but I think it’s more than just scrutiny: AMD speculates less.

Plus, with better IPCs on Ryzen and much greater performance per dollar, why Intel?!

[to11mtm]

> If the history of Microsoft and Windows security is any indication, it'll take Intel many many years to turn that ship around.

AMD's Bulldozer debacle may be a better example, because in some ways it's a better example than Windows.

By that, I mean two things.

1) Silicon typically has a pretty long up-front design phase. Meaning there's probably at least 2 upcoming generations in development at any given time.

2) Intel's marketing is somewhat coy about 'architecture' changes, but the sources I found (admittedly just an SO post and Wikipedia) indicate that the number of pipeline stages in the Core series has not changed much over the last few years. IOW it's probably not a full architecture revamp in their 3-step cycle.

P6 as an Arch lasted around 15 years, when you think about it (including the original 'Core' i.e. Core 2 Duo/Solo here, as while heavily optimized and revamped, it was still P6). K7/K8 lasted about the same longer (15-ish). Netburst was a bit of an outlier, only lasting around 7 years. Same for Bulldozer.

Big assumption here, but based on the pattern I'd assume that Intel originally wasn't even considering a full revamp (or, depending on how they do their iterations, it wouldn't be fully revamped) to be ready until around 2023.

Because of the time involved (back to the first point,) I doubt they would be able to have the problem mitigated in silicon until 2021 at the earliest. (As a bonus, they'd probably want/have to qualify it extra well, lest they accidentally introduce a whole new class of vulnerabilities.)