Good News Bad News

Good News

The only known successful Spectre attack involves BPF which can be turned off or BPF can be patched as suggested here. Meltdown is an Intel blunder and the KAISER patch fixes it at a tolerable cost until Intel ships better chips.

Intel correctly notes that these problems do not directly impact integrity.

A fix perhaps for some.

Bad News

The above is only temporary. The current successful exploits took considerable cleverness but there is no end to clever people in the world. A workman (metaphor for object) is banging around trying to answer a correctly formed query from a legitimate requestor. He applies fast algorithms, perhaps including guessing, and the time it takes to deliver the response will depend on secrets that are not to be revealed to the requestor. To throw in an obfuscating delay works only to the extent that the advantages of fast algorithms are foregone.

In my capability work I have believed that a person with the right ideas (caps) can produce a system that smarter people cannot exploit. Now I don’t know how much smarter the builder must be than the attacker. The attacker has the advantage that there are many points of attack. Caps can make it so that attacks succeed at many points instead of just a few.