Re: What an absurdity!
Per your X86 cruft comment, Intel did try to push exactly that concept. Get rid of X86 replace it with Itanium. Didn't work so well. I'm sure Itanium wasn't the best but they probably still spent billions of dollars developing it hoping to kill X86. I think it also wasn't the first time Intel wanted to kill X86, didn't they try something much earlier I want to say the i860 or i960 processors or something -- I want to say I remember reading something along the lines of those processors were the first ones that MS built NT on and only ported it to X86 later (and alpha and mips and ppc..)
As for peer review. I find it funny to see comments like this. This obviously isn't a new issue, this stuff has been in the chips for more than a decade. No real stink was made (outside I recall reading OpenBSD folks harping on hyperthreading and other stuff about 10 years ago). Lots of people knew the architecture,it wasn't top secret.
For me personally I am not patching my systems(at least at the firmware level). The risk outweighs the benefit. My laptop(Lenovo P50), and my personal servers(both run recent Intel Xeons) are not getting fixed for this stuff.
I haven't had a known security incident on any of my personal systems hardware or software since literally I think it was something like 1992, when my 486 computer at the time got the [STONED] virus. Though I don't recall it doing any damage. I don't remember if anti virus took care of it or what.
Professionally I haven't had a known security incident hardware or software on any of my equipment since 1997. I was running a small ISP, someone who had a legit shell account on one of my Linux servers decided to hack it. I was involved in software piracy back then so not everyone I knew was super trustworthy. Though they were detected within seconds (as I was logged in at the time, I detected it by them being stupid and firewalling my IPs from contacting that server, system was disconnected from the network within an hour or so and rebuilt).
I have assisted in a few security incidents of things that I had access to (but was not responsible for) though. Presently I manage more than 1,000 virtual servers and server hardware and networking and storage that run under them. So I have a decent amount of experience.
So yeah, my ~22 years of online experience, many of which running internet connected services in both personal and professional capacity makes me believe that the risk of this is far overblown for MOST people (exception is shared environments where you have untrusted workloads,e.g. public cloud providers, or high value targets).
The knee jerk reactions to most of these security things are just crazy. It would be different if there was an active exploit available, something that is networkable and can infect/spread/worm itself etc.
There's far more critical security related things to patch or secure from than this.
I believe the most vocal people talking about this stuff are more so the hard core AMD fans who want Intel to fail so AMD can rise up again. I can certainly understand that angle, though it's not going to happen.
One thing to keep in mind, if someone (say a state actor) really wants in, they will get in. Doesn't matter if you have all the patches, they will find a way in.
Biting the hand that feeds IT
