Ya'll know what... If humans weren't such annoying vulnerability-searching little shits then we wouldn't have had to implement any protection against them and think of all the performance that would be saved on that. Take branch prediction vulnerability mitigation in the Linux kernel for example, that's got to make a performance hit of least 10% on basically everything.

Alas, I do get why security is important and why we keep such vulnerability mitigation running despite the performance hit. I get why safe code is necessary but still... if these people weren't such annoying little bastards.

Yeah, I was just kind of set off by the above. So much would be faster and easier if only the programmers wouldn't have to plan for people exploiting their software. Software would be written much faster and humans would progress to stuff that actually matters like innovation.

Intel shouldn't have cheated their way through, simple as that; having 4 cores with thousands of threads instead of investing into properly implementing more cores and pushing the technology like AMD now finally did.

There wouldn't be such a performance penalty if Intel didn't have a flaw in their product

Security is always going to get in the way of Performance and Usability.

Most of the time it comes down to what your risk appetite is and how much you need to compromise Security for the sake of Performance and Usability.

If you're running PC's in an isolated / controlled environment and need the raw computing power - who gives a fuck about speculative execution vulnerabilities if "fixing" them requires you to buy 10% more hardware

B-but I like to search for vulnerabilities, it's fun...

For real though, as @JoshBent said, Intel really cared more about having more models on the market instead of actually researching proper architecture designs like AMD because before the Zen line, AMD was almost out of the picture and Intel had an almost total monopoly on desktop and server CPUs. That's a huge part in why monopolies suck.

While I can share part of the feeling, I think it is wrong on different levels.
If you took for serious the anti-security pope Torvalds that security issues are just bugs, then just go ahead and write a bug free system! Well of course there is none, not in a unmanaged language like C (not even qmail) - and probably also beyond if business logics get involved enough.

Performance wise I miss Borland Turbopascal. What a compilation speed. Imagine a TDD loop with this old 80's machinery, you'd still outdo today's bloat on an i386. But friggin users demand GUI? And somehow today an 'app' is some slow shit that runs in a browser and needs a JIT to not be worse in responsiveness an usability than Win 3.11.

You cannot shoot the massenger, the brave man that explore the vast uncharted land of the CPU, found these side channels. The problem: we as devs should not accept our soft- nor hardware stacks to become stinking piles of entropy!

Thing is, that the security topic has become such a big deal only in the IT world.

Maybe it's because IT systems are accessible from anywhere around the globe today, but have you ever seen a lock manufacturer develop new locks because lock picking tools are invented, sending new locks to all user? Or anyone change their locks just because someone has successfully opened a lock of the same type with a screwdriver and a wire?

@ddephor actually, yes. Not the whole "send new locks to everyone" thing, but people changing their locks because their neighbors or friends were actually lockpicked is a thing I've heard pretty often. And also, as you mentioned, the fact that it's much more spread in the IT world is partly due to the fact that it's easier to do it on a computer because 1. People don't know how to secure their stuff, most users don't even know how exactly does a computer work, 2. It's easier to do it remotely and also to automate and reproduce the attack on multiple machines at once, while unless you have an army of robots you can't pick several door locks at once, and 3. The whole "hacker who steals your credit card info" myth is still scary to people who are not really into computers, just like thiefs were when locks were invented.

Humans are the worst I hate them.