And OpenRISC no is the best way to control the hardware layer to prevent this kind of problem?

there are enough rumours around since 2013 that their QA and testing was "sped up" for the sake of catching up more with ARM.

Indeed, but it still is alot of guesswork if other threads (HW or Software) could interfere with the caches. The crazy thing is that alot of easily accessible and welcome dev features like perf-counters are now a double edged sword.
This is only the start of a paradigm shift, for me partly unwelcome as this turns alot assumptions upside-down but also party welcome as clean and virtualizable ISAs could get a foothold in x86 dominated areas

I had a discussion with a guy last year, about side-channels with network communication, this is on the same level.

Yes exactly. I can't say I understand what the current vulnerabilities really mean, but I can say for damn sure it doesn't seem at all like a bug. The behavior described seems like it's 100% completely designed exactly as intended. Perhaps it is a vulnerability after the fact of being discovered, but not a bug at all.

I had fun time reading the papers. Basically, AFAIK, al CPUs that have speculative execution (all?) are susceptible to Spectre attack which is a cache timing attack. It is a bit hard to explain but basically does this:

Code sample from paper:
if (x < array1_size)
y = array2[array1[x] * 256];

k=array1[x]=secret value we want

1. trains branch predictor to enter an unsafe instruction (like an if guarded boundary check)
2. speculative execution will just start executing second row, affecting the cache in the process
3. now you essentially made a memory access on array2 using index k which is a secret. So now you simply loop read on the array2 and time the memory access, where it loads fastest a cached read was made and you found the k.

..something like that. It is kinda mind blowing.

This only allows you to read memory of the same process which is already problematic but Intel has an additional issue where it speculatively executes even memory reads which you shouldn't have access to while AMD doesn't. This second problem is called Meltdown and only affects Intel and I think some ARM processors.

Nope, pedantic design criteria (ie start wih knowing about these possibilities) and validation are the only way.

I would guess x86 is particularly handicapped because it uses a stubborn memory model where everything has to be visible to multiple separate paths (so 40 year old self-modifying code continues to run). Ie those speedups like speculation and branch-prediction come with a more complex hardware than elsewhere

A quick question. If I apply all those patches for my system running on i7-6700K and I reboot my machine would it start up before the end of 2018?