This is a repost from Insurgo's Facebook Page.
#x86 processors/CPUs (#Intel, #AMD) need to be replaced by open source hardware alternatives.
The x86 architecture is rotten to its roots with deep #DesignFlaws, for which vulnerabilities are discovered at an increasing pace since December 2017/January 2018 with MeltDown/Spectre speculative flaws. And now with #ZombieLoad .
ZombieLoad is the invasive newcomer, exploiting the theoretical design flaws in really practical ways, see linked demo. But it can be mitigated. Reactively and preventively.
Reactively by applying microcode updates, those corrective patches applied at runtime by your Operating System, directly to your CPU software (yes, there is software in your processor, as everywhere else), instructing it to compute stuff differently from when it left the manufacture. And through Operating system updates, who will take advantage of the microcode fixes... Until a new vulnerability is exposed from known design flaws.
On the preventive side, Xen, a virtualization platform, used in QubesOS to compartmentalize your digital life to fit your needs, isolates your needed daily applications in different isolated compartments. QubesOS "virtualises" those environments in HVM(Hardware isolated Virtual Machines), taking also advantage of the microcode update, while limiting the reach of those continuously discovered vulnerabilities to the sole realm of that compromised "insecure" compartment, preventing it from easily stealing secrets from your "ClientX", "Work E-Mail" or "Social Media" compartments, running applications concurrently on your physical machine.
Your "Accounting", "ClientZ" and "vault" compartments, unpowered at the moment, don't expose any of their secrets, simply because they are not active; not in memory. In simple words, QubesOS empowers you with multiple virtual machines inside of a single physical computer, letting you launch only required applications inside of them and only when you need them. You can seemlessly have 3 different Firefox, running distinctively from different compartments, filling different needs, without them stealing easily information from each other. You compartiment your life. What is personal stays personal. What is professional stays professional. What is untrusted stays untrusted and can even be deleted as needed. You get the picture.
Otherwise, Windows, MacOSX or Linux, which are monolithic by design, run everything in the same "realm", possibly exposing the content (memory) of your concurrent applications, consequently to discovered CPU vulnerabilities. That's right: your recently typed password, your deleted browsing history, your recently sent encrypted e-mail (plain text) content, your (not so) private messages, your encryption key and its passphrase... All of those can be accessed by a malicious application running concurrently, passively monitoring information it's interested in, as you go. Have you watched the demo?
Until user-friendly #compartmentalization technologies like QubesOS become available on x86 open hardware alternatives (like #Power9 or #RISC-V), #QubesOS on x86 is your best friend, while x86's hyperthreading and speculative execution design flaws are filthy traitors who have cheated for too long to arrive first at the finish line... with doped performances, multiple times exposed to the world for everyone to see.
Catch home message: an information that is in memory is an information that can potentially leak; to other applications sharing physical memory on your own machine, to other virtual machines on the same physical machine. Your preferred cloud outsourced server is the same: they are basically and most commonly containers (less #trustworthy then HVMs) running concurrently on the same physical server and sharing even more then virtual machines, potentially leaking each other's applications secrets without any probable oversight.
Be conscious of what you keep in memory. :)