I agree.

I point out that pretty much everyone in that group experiences it, so even those who aren’t in that disadvantaged group should show some empathy towards the experiences of others, that we may never directly encounter ourselves. Part of that empathy, of course, is to provide support and structures for reducing the likelihood that these things happen, and mitigating them when they do happen.

It basically varies from chip to chip, and program to program.

Speculative execution is when a program hits some kind of branch (like an if-then statement) and the CPU just goes ahead and calculates as if it’s true, and progresses down that line until it learns “oh wait it was false, just scrub all that work I did so far down this branch.” So it really depends on what that specific chip was doing in that moment, for that specific program.

It’s a very real performance boost for normal operations, but for cryptographic operations you want every function to perform in exactly the same amount of time, so that something outside that program can’t see how long it took and infer secret information.

These timing/side channel attacks generally work like this: imagine you have a program that tests if variable X is a prime number, by testing if every number smaller than X can divide evenly, from 2 on to X. Well, the bigger X is, the longer that particular function will take. So if the function takes a really long time, you’ve got a pretty good idea of what X is. So if you have a separate program that isn’t allowed to read the value of X, but can watch another program operate on X, you might be able to learn bits of information about X.

Patches for these vulnerabilities changes the software to make those programs/function in fixed time, but then you lose all the efficiency gains of being able to finish faster, when you slow the program down to the weakest link, so to speak.

This particular class of vulnerabilities, where modern processors try to predict what operations might come next and perform them before they’re actually needed, has been found in basically all modern CPUs/GPUs. Spectre/Meldown, Downfall, Retbleed, etc., are all a class of hardware vulnerabilities that can leak crypographic secrets. Patching them generally slows down performance considerably, because the actual hardware vulnerability can’t be fixed directly.

It’s not even the first one for the Apple M-series chips. PACMAN was a vulnerability in M1 chips.

Researchers will almost certainly continue to find these, in all major vendors’ CPUs.

Can’t fix the vulnerability, but can mitigate by preventing other code from exploiting the vulnerability in a useful way.

these people actually exist

The way it’s been explained to me is that so much of the negative interactions in life come from a tiny, tiny number of offenders who manage to be shitty to dozens and dozens of people. So anyone who has to interact with many different people will inevitably encounter that shitty interaction, while most of us normies would never actually behave in that way.

Of the literally thousands of times I’ve interacted with a server or cashier, I’ve never yelled at one. But talk to any server or cashier, and they’ll all have stories of the customer who yelled at them. In other words, it can be simultaneously true that:

• Almost all servers and cashiers get yelled at by customers.
• Very, very, few customers actually yell at servers or cashiers.

In other words, our lived experiences are very different, depending on which side of that interaction we might possibly be on.

When I talk to women in male dominated fields, basically every single one of them has shitty stories about sexist mistreatment. It’s basically inevitable, because they are a woman who interacts with literally hundreds or thousands in their field. And even if I interact with hundreds or thousands of women in that same field, just because I don’t mistreat any of them doesn’t mean that my experienced sample is representative.