Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Spectre is more difficult to exploit. Plus, as the top commenter said, it's more difficult/less effective to exploit it on AMD still.

The "worse" part of Spectre is mainly about the fact that it affects everyone (but not to the same degree). But on a per chip-maker basis, Intel is still getting the shortest end of the stick here.



It's definitely true that Meltdown is a more immediate problem--but Spectre is basically the problem that will last. We can move kernel memory into another process space, take the perf hit, and correct most of the meltdown problems.

Spectre style issues had JS pulling browser process memory using timing--the patches being "put every page in its own process" (Chrome) and "don't let people get accurate timings" (Firefox). They are way worse in the grand scheme of things, because even if they aren't as easy to exploit, they will continue to show up, probably for the foreseeable future (next 5-10 years), long after Meltdown is patched and old news.


What? The whole idea that you can run untrusted code on your machine in the same process as secure data is ridiculous.

Of course every website needs it's own process. It should really be in it's own VM too.


Or how about we stop perusing services that demand that we run 200+k of JS just to look at a few lines of text and images?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: