De we even have a Proof of concept for the MDS attacks (one that doesn't require other thread to be writing the same data over and over in a loop)?<p>So much of this seems driven by Intel hate, and while hardware manufacturers should work on mitigation, it shouldn't be done at the expense of performance, especially for machines that don't run untrusted code (even then, I'm not sure it should be done unless the cost is extremely minimal).<p>JavaScript/WASM is being used as a bogey man, when the overwhelming evidence is that it just isnt possible to exploit the browser with enough consistency to make it work when not assisted. The meltdown POC was more a "look at this neat thing I an do if I set everything up perfectly" - set up to such an artificial extent that it wasn't even applicable to any computer system.<p>The the one MDS attack I saw required the target to repeatedly write the same byte of memory in loop while being attacked. This isn't going to happen. These MDS attacks at best seem to be able to pick fairly random bytes, and they can only do it while the data they are snooping on is in the load/store buffer, so they can't even run the number of times required to exfiltrate the data consistently.<p>I haven't seen a single piece of code that will, for example, grap SSH keys from a running ssh program using one of these attacks. From Javascript in a browser? LOL.<p>While these are very cool and interesting, they arent anything to be worried about, especially if you don't run a cloud service. Oh, but right, Intel hate.