I buy a lot of Intel processors cause they're the fastest usually. These bugs mostly affect servers I mean the difficulty required to pull these attacks off for desktop users is quite extreme, basically needing physical access or at-least running software on the computer in the first place (at which point you could be doing anything malicious). I believe Microsoft is even defaulting some of the mitigation patches to off by default due to the difficulty in performing the attacks.
It is really concerning for server operators though. I myself rent about 20 VPS's at any one time for my business needs and although I don't host customer information on those or any kind of credentials that could allow someone to gain further access to my infrastructure it's still concerning. I'm essentially depending on my cloud host providers to patch their hypervisors consistently.
As for my own bare metal servers, I rent a bunch of those and I'm not concerned about those because I'm the only customer on the machine so all code running is determined by me. I don't have to worry about other customers on the same shared resources as me performing attacks etc
But anyway it is concerning. Supposedly Intel's Cascade Lake will have hardware level mitigation so that they can keep performance high while protecting against speculative execution. In some benchmarks I've done on my own servers I saw a 30% database performance drop due to the need to constantly have the kernel perform file operations.
A lot of the patches Intel are telling us to implement essentially flush caches that help the CPU perform speculative execution which provides a big improvement to performance when you have lots of serial operations that aren't utilising the entire processors capability. So without these caches the CPU can't be kept doing speculative work that may turn out to be useful later (thus saving time) and that has had a big hit on things that require context switching.
Like when you want the kernel to do something for you there is the potential to peek at another processes potential operations from the predictive cache. So it has to be cleared every single time to ask the kernel to do something with the file system. That's a huge hit to database performance.
I'm certainly not planning to run out and replace my servers with Cascade Lake, I literally just got new XEON's for my servers in December last year so I'm good for another 3-4 year cycle I think. And as for the servers I rent instead of buy they usually are several years behind in architecture anyway to pay less money etc
The thing that gets me about all this is Intel did this in a pursuit to outdo the competition. They removed safeguards that would have caused prediction logic to check the process reading the memory addresses was allowed to do so. Something AMD included and it slowed AMD's CPU's down slightly but Intel didn't do it just to get what, 2-5% faster IPC ? it's corporate malfeasance.
I really hope that AMD is able to come back with Zen 2 next year (EPYC 2 / Ryzen 3 / Threadripper 3 products will use it) and just blow Intel away. We desperately need competition to reign in Intel.
