[zrm]

Spectre is basically a new variant in the longstanding category of timing attacks on hardware. There are things hardware vendors may be able to do to limit the impact, but it's just something software developers are going to have to learn to live with, like cache timing attacks. You mostly fix it by making the software different, not the hardware, because the performance benefits of having caches or speculative execution are too large to abandon in general.

Intel's trouble is that they're doing that kind of speculation across more security boundaries, which not only makes the attack more powerful (e.g. reading memory from the kernel/hypervisor or another process/VM instead of the active one), it also makes the mitigations more expensive. The benefits of speculative execution in those specific cases aren't worth the cost, but CPUs have a long lead time, so they're still selling silicon where that isn't fixed.

And then losing more performance to the mitigations than they gain from the speculative execution while enabling a greater attack scope for any software that doesn't implement the mitigations properly (or at all).