Meltdown and Spectre put me in a bad mood. I like computer systems about which you can make mathematical style arguments. I have some suggestions on Meltdown in its narrow form but the broader issue of covert channel it is murky. The good news is that Spectre is murky for the bad guy too. Aside from the successful Berkeley Packet Filter attack the attacks I have understood are plausible if the attacker can find a needle in a haystack. The problem is that I don’t know how many needles there are there. Nor do I know whether a pin will do as well. I have no definition that I can teach to a computer. That is the bad and the good news. For a long time now people have pointed out that the clock was a source of indeterminacy that might convey other people’s secrets but it has taken a long time to develop this as a real attack. Now we are there. It took considerable imagination on part of the attacker.

I think that Intel can fix the meltdown attack but the fix feels like whack-a-mole. This sounds more like classic military strategy than the sort of battle where the protectors have a clear advantage. I do not belong to the camp who claim it is hopeless.