2. It's for the paranoid. So you don't have to do it
3. It's on context switches. These aren't that common, and reloading it will pull entire cache lines in from the L2 cache which is pretty quick anyway.
But this I agree with:
> If untrusted code is running on the same core/package/what have you, your security has already been breached.
The biggest untrusted sod to be running is usually the browser. Of course if you're worried about that, how about turning off JS thereby blocking the biggest attack vector in it? (and loads of bloody irritating behaviour, as a blissful bonus).
Edit: why the world-is-going-to-shit attitude I keep seeing everywhere? The worst possible interpretation is put upon everything, instead of evaluating the risk/reward rationally then choosing appropriate actions.
Same as
- Volkswagen (dirty cheating cars)
- Samsung (exploding phones)
- Boeing (falling planes)
Eventually tech companies will join them. The signs are already there, the dirty growth tricks at Google and Amazon. It'll take more time.
The issue is that gains at performance (...environmental performance, form factor, battery density, etc) are not linear anymore - the investments to make further gains becomes increasingly more expensive and time consuming and all the quasi market duopolists and too big too fail national infrastructure companies are not able to grow slower- stock market dynamics would punish them, execs wouldn't get their entitled pay day, politicians would lose jobs, tax income.
And so corners are cut (Boeing, Samsung, Intel) or performance tests are cheated (all of the above) and slowly infrastructure of dependent industries (cloud, transportation) is built on more and shaky ground.
So why? Market concentration, entitlement, too big to fail dynamics, endless growth doctrine.
Easily that much and more but compare that to a CPU with say a 3GHz clock ie. 3 billion ticks per second, that's not much.
Plus the other overheads of switching are already there - it's not cheap. I don't expect the overhead of reloading from L2 cache to add much (to repeat, I'm not an expert though).
Until it's proven not to be so, through another POC.
And then OPs point stands: Lots of Intel's performance gains since the 90s has been through out-of-order execution and branch-prediction.
If those improvements are deemed incompatible with being able to securely run JS in your browser, I would argue Intel is having a very fundamental problem now.
Hopefully AMD does better, but I don't think they are entirely immune to this category of security-issues either.
No, it's optional in the sense of you choosing to enable it.
I also suspect the performance hit will be minimal, however I'm not an expert.
> If those improvements are deemed incompatible with being able to securely run JS in your browser, I would argue Intel is having a very fundamental problem now.
Well it is, yet people are overwhelmingly willing to expose a turing complete language controlled by some 3rd party they know little or nothing about directly to the open internet. The problem there is nothing to do with hardware. It's people.
2. It's for the paranoid. So you don't have to do it
3. It's on context switches. These aren't that common, and reloading it will pull entire cache lines in from the L2 cache which is pretty quick anyway.
But this I agree with:
> If untrusted code is running on the same core/package/what have you, your security has already been breached.
The biggest untrusted sod to be running is usually the browser. Of course if you're worried about that, how about turning off JS thereby blocking the biggest attack vector in it? (and loads of bloody irritating behaviour, as a blissful bonus).
Edit: why the world-is-going-to-shit attitude I keep seeing everywhere? The worst possible interpretation is put upon everything, instead of evaluating the risk/reward rationally then choosing appropriate actions.