With CES in full swing, I am wondering if anyone who has been considering a new computer purchase has considered putting that off and waiting for new CPU designs which will undoubtedly be coming. That may be a long wait. Design of a new chip and setting up a fab plant to make it may require well more than a year. If not waiting for a new chip, because you are convinced that there is either no risk or no downside to the fixes available, how about waiting for the price to fall on the old design chips when new ones are available? Presumably the new chips will be in high demand by cloud service providers, and they will not necessarily have to be bigger-faster-cooler if they can be as fast as the old chips with the software fixes but really safer. When those new chips hit the market, the effect may be to inflate their price dramatically, at least until the pipeline is saturated. The median computer buyer will not likely take the effort to understand the issue, and the market will be largely influenced as usual by poorly understood fears and promises. Cloud services will definitely take a more nuanced view before replacing millions of units. In either case, look for a slowdown in the new computer (and related products) market and the possibility of a drop in prices of components even before there are any new designs available. Bad news for some small assemblers who put together dedicated DAW's?
 
btw a one stop shop for information
https://spectreattack.com/
 
 
 

Nearly got a new PC last black Friday (my current is over 7 years old), and in addition thinking about those new Dell XPS's that have been released. Glad I didn't get one and yes won't be buying until the situation is resolved. That probably means next black Friday or January 2019.

CPU designs take years, what's coming out next year is already being or been setup for manufacturing.
I personally dont expect us to see this fixed in hardware till 2020 versions of the chips are released.
 
While this is a currently big issue I suspect that in a couple of weeks after the workarounds have been implemented that it will be a non-issue for most sectors. 
 

I think I will wait a couple of years before upgrading my CPU/mobo.  Something like this will take a while to shake out.
 
In a single user machine where you have control over what is running at any given time, your risk of "sharing" memory (passwords, crypto keys, etc.) between apps, including any possible malicious code, is minimal.
 
Assuming you run a good AV and only allow trusted/signed code to run on your box, the biggest risk would be from a malicious script exploiting your browser.
 
But if I was running/hosting a cloud server with multiple clients and virtual machines I would be very worried now, because you would have no control over the code being executed on the common hardware by the multi-user environment.
 
So your data that you store in the cloud is probably more at risk than what you keep at home.  Maybe a good time to switch on multi-factor authentication for your critical online accounts in case they expose your passwords... and don't panic!

I think they've known about it for years and one of the reasons why it's public now is because they are nearly ready to release fixed chips. Either way they won't be selling new flawed chip designs otherwise they would have even more lawsuits slapped down upon them.

>But if I was running/hosting a cloud server with multiple clients and virtual machines I would be very worried now, because you would have no control over the code being executed on the common hardware by the multi-user environment.
 
Keep in mind that software runs off cloud not on it.  It's remote storage.
Exes and code run locally.
 
Virtual machines can't access system hardware. Malware would have to run directly on system or something that directly acts on system to affect it. 

TheSteven
 
Keep in mind that software runs off cloud not on it.  It's remote storage.
Exes and code run locally.
 

 
Was referring to exploit code running locally on the server reading your data in transit while it is being read/written.  A hosted server environment potentially has many clients running various things.  Your cloud service may only be one slice of a large pie on a physical server.
 

 
Virtual machines can't access system hardware. Malware would have to run directly on system or something that directly acts on system to affect it. 

VM instructions are all executed on the same physical CPU.  If the flaw could be exploited to read a host memory location outside of the address range assigned by the VM hypervisor, data security could be compromised.

For DAW purposes (with Sky Lake, Coffee Lake CPUs), we're seeing virtually no performance difference running heavy loads at small ASIO buffer sizes.

"
With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.

With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.

With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance."

https://cloudblogs.micros...ns-on-windows-systems/