"The first thing is, that it is in my opinion a mistake to assume that only
proprietary software can contain malicious code."
Although that's not what I said now, was it? I referred to running
"proprietary programs that they can never audit or trust." The difference
being that, if someone were stupid enough to put something into a free
program that makes use of the Spectre exploit, we here in the free world will
make a modified version and remove it.
"The second thing is, that most sites in the internet are not useable without
You must be using a different internet than I do but I digress because but
this is a separate matter from finding ways to avoid Meltdown and Spectre.
The point remains. But, if someone were to absolutely insist "No! I must
continue to deliberately cause these problems for myself", there are still
other options too without having to resort to proprietary microcode changes.
Someone could, for one possibility, have a physically separate machine
dedicated to such things (preferably on a physically separate network)
without any confidential stuff on it in case some program makes use of the
Spectre exploit to grab it. And they always treat the machine as if it were
root-compromised. But, as we see here, this would be part of the building up
walls to defend against attacks that I was talking of earlier. It can be
simpler to remove onesself from the situation in the first place.
Of course I don't pretend these to be the only solutions for how someone
might address the issues raised by Meltdown and Spectre without using
proprietary software. Feel free to help come up with more. Solutions was what
the original poster was asking for anyway. ;)