>desktop executes untrusted and rather arbitrary code pretty often
Aren’t the most affected group of users cloud users (and providers), not desktop users? I thought the biggest risk of specter attacks is the ability to glean information on other server residents who should be segmented off. There are many more concerns in user space which make attacking a desktop with specter pretty cumbersome for low reward wrt opportunity cost.
The performance savings of speculative execution do seem to be worth the risk on a desktop IMO.
I was under the impression that spectre is is much more limited in scope than Meltdown. I think you have to be in a position to influence the execution of the program you are trying to extract information from. Like JavaScript engines running in browsers. One example is your JS can be used to get the browser to speculatively execute something that leaks data. I think that it’d be pretty hard for one VM to set up a spectre attack on another arbitrary VM. Meltdown however does expose everything.
At least on AWS EC2, malicious neighbors won't be an issue. "This issue has been addressed for AWS hypervisors, and no instance can read the memory of another instance, nor can any instance read AWS hypervisor memory. We have not observed meaningful performance impact for the overwhelming majority of EC2 workloads."[1]
Aren’t the most affected group of users cloud users (and providers), not desktop users? I thought the biggest risk of specter attacks is the ability to glean information on other server residents who should be segmented off. There are many more concerns in user space which make attacking a desktop with specter pretty cumbersome for low reward wrt opportunity cost.
The performance savings of speculative execution do seem to be worth the risk on a desktop IMO.