"Disabling is a good option for strictly confined environments where no 3d party untrusted code is ever to be run, e.g. a rendering farm, a supercomputer, or even a home server which runs Samba/SSH server and nothing else."

Wait what? Wouldn't render farms and supercomputers be high value targets for hackers? Home servers woudn't be, but on the other hand they would probably be easier targets. The only legitimate use case I can think of is in strictly offline computers.

my gaming pc has spectre disabled and even if someone hacks it i dont care because there is nothing important on it.

if someone starts to send spam from it i'd notice it sooner or later - and they would not need spectre to do it: a normal user account is totally fine for that.

dont forget: spectre doesnt open magically the doors for everyone. you still need to execute the code which starts the attack somehow

What's there to gain or steal exactly? Another idiot in the thread.

He didn't mention those things because they are not high value. As you stated: they very much can be high value. He mentioned them because the nature of use of those machines often means that you can't actually use the spectre and meltdown exploits. e.g. If I had a machine without spectre/meltdown mitigations that was purely serving static files, then an attacker has no opportunity to execute code and read protected memory. However if I'm using a computer without spectre/meltdown mitigations for browsing the web, then an attack can potentially create a specially crafted website with javascript on it which will exploit a buggy CPU and exfiltrate sensitive data.

Note: I've simplified some aspects of the situations above, but it's close enough.

firefox and chromium have their own protection against spectre though.

Mining power, persistent network entry points and/or login credentials would be three of the blatantly obvious answers.

I get your point, but from what we've seen recently, exploits tend to be used together in order to achieve the goals of the modern hacker. Leaving behind leverage for a privilege escalation could be a really bad idea, particularly in the last example, where a home server could easily have an unpatched version of Samba or OpenSSH running ("I'll patch it tomorrow after the backup is done" and so forth). A college/university supercomputer could potentially be vulnerable to bad code as well, many of them allow for very limited access by students but it might just be enough for malicious intents if a student account gets compromised. Render farms would probably be pretty safe, but a weaponized version of NSA-class malware (like Stuxnet) could get in there.

To be fair, that last one is probably more of a threat by itself even without the help of speculative execution, but I hope you get my point.

You missed off a key part of my sentence when you cropped it:

I understand your point and agree. I didn't mention that stuff just to keep it simple.

Security always comes at a cost. It's down to the informed administrator/technician to decide whether it's safe to disable those mitigations and whether the reward (more performance) outweighs the risks.

ok, sorry. i misunderstood it as "if your computer has no spectre mitigation, then"
english is hard for me

No problem