If you do not count CPUs without speculative execution the only safe device is probably the Abacus.
I think we are missunderstanding one and other, or, i hope so. My point was, that any CPU without it, is pretty much safe. This time around. While VIA simply weren't able to make competetive CPU's and therefor went and tried to make really energy efficient ones, and therefore excluded it in early versions, AMD included it in their low wattage units (to the best of my knowledge, all of them) in order to stay competetive. Intel, did both. First they didn't include it in the Atom family CPU's, and decided they had enough of a performance lead to remain competetive, and later they added it, as a cheap n' simple way to make the CPU ever so slightly more power hungry, but get more performance from them. Strictly speaking about Atom's here.
ARM CPU's have been developed both with, and without, in parallel, Since ARM wanted to be able to deliver designs that were both very power efficient, and ones that are more high performing.
I honestly don't really care much about the whole spectacle. Patch a few days after the patches are made available, let others take the initial hit from being early adopters, and stuff like borked patches will be pulled before you get there, and you will still be patched soon enough that as a end user, / consumer, the security risk remains negligible. Nobody could have prevented this, and now that it's a known issue, everyone is trying to fix it. Sadly. THAT is where i get upset.
It turns out that even if ARM, Intel, AMD, VIA, and so fourth, all create a patch for your specific application, your hardware vendor, be it the motherboard manufacturer, or the phone manufacturer, may very well not give a damn about forwarding that patch in a useful format to you as a end user. People still build "gaming rigs" on Core 2 Duo & Core 2 Quad systems for gods sake. Manufacturers like MSI that has clearly stated that they have no interest in providing updated BIOS binary's for anything past the previous generation, that just isn't cool.
Bad news: A Spectre-like flaw will probably happen again
Of course it will. It is just a matter of time. In something as complex as a modern CPU, there will always be flaws. Someone will find them. Sooner or later. And then someone will do their best to fix them.
Those are not "bad" or "good" news, they are "generic non-news".
Pretty much, yeah.
I do not know why, but I believe Simon Segars concerns. He is chip designer ARM Holdings.
Nobody said it was wrong. It's just not that relevant. Bugs are found, and squashed all the time. Old bugs or new, it doesn't really matter. It is an issue when black hats get a hold of them before the uh, good guys do. No, not the good guys, the service, and hardware providers. They have an interest in keeping us as safe as possible, so that we trust their brand, and keep spending out money. Thats why stuff like NSA leaked tools create huge havoc, where as this, which is a much larger security issue, with a much wider spectrum, has yet to see anyone attacked. Someone found the security issue, and adopted it for nefarious use much faster then most people could/would patch for it.
Edited by Mr B, 15 January 2018 - 07:11 PM.