"The first thing is, that it is in my opinion a mistake to assume that only proprietary software can contain malicious code."

Although that's not what I said now, was it? I referred to running "proprietary programs that they can never audit or trust." The difference being that, if someone were stupid enough to put something into a free program that makes use of the Spectre exploit, we here in the free world will make a modified version and remove it.

"The second thing is, that most sites in the internet are not useable without JavaScript."

You must be using a different internet than I do but I digress because but this is a separate matter from finding ways to avoid Meltdown and Spectre. The point remains. But, if someone were to absolutely insist "No! I must continue to deliberately cause these problems for myself", there are still other options too without having to resort to proprietary microcode changes. Someone could, for one possibility, have a physically separate machine dedicated to such things (preferably on a physically separate network) without any confidential stuff on it in case some program makes use of the Spectre exploit to grab it. And they always treat the machine as if it were root-compromised. But, as we see here, this would be part of the building up walls to defend against attacks that I was talking of earlier. It can be simpler to remove onesself from the situation in the first place.

Of course I don't pretend these to be the only solutions for how someone might address the issues raised by Meltdown and Spectre without using proprietary software. Feel free to help come up with more. Solutions was what the original poster was asking for anyway. ;)

Reply via email to