On 2018-05-04 Gilbert E. Detillieux wrote:

The dust hasn't fully settled yet on Meltdown and Spectre, but get ready for Spectre NG...

https://www.theinquirer.net/inquirer/news/3031765/spectre-ng-security-bods-u...

... coming to your security news feeds on Monday!

Greeeeaaat... but not like we didn't know more of these were coming. The originals set off lightbulbs in a lot of people's heads.

There's a major problem with Intel's response to these bugs lately: the patches are in part or in whole in firmware. The article above mentions firmware only.

Intel has made it clear that not all chips are equal when it comes to firmware updates (let alone board chipsets). The newest ones (think 2-3 years old max) get the fixes first. Then the rest straggle along weeks/months/years later. Past a certain age, they just list as "no fix", meaning you're SOL. There's a chart from Intel somewhere.

Sucks for me because I keep putting off upgrading my main workstation which is a C2Q, which is *just* beyond the era of CPU/board they are providing fixes for. Sure, most people don't have boxes that old, but I'm sure many MUUGers have boxen that age or older doing hand-me-down duty somewhere. So, what's Intel doing for us? Zip. I smell a lawsuit... a CPU isn't supposed to be a MS operating system that is deemed "useless" (read: unpatched) one arbitrary day by the manufacturer. (Is it?)

Oh well, I'll upgrade once they address some of these bugs in CPU hardware...