OK, panic again: patching Spectre and Meltdown has been a disaster

When the news of two showstopping bugs in virtually every computer in use today broke, it was scary stuff -- experts predicted that mitigating these bugs would be difficult and impose severe performance penalties on patched systems; a week later, Google released research suggesting that the fear was misplaced, and that patching would be an orderly and relatively painless process.

But as manufacturers have rolled out their patches, it's looking more and more like the Spectre and Meltdown disaster are a long way off from being mitigated: these patches crash systems, or brick them, and have been recalled again and again. This, combined with the chip manufacturers' initial downplaying of the severity of the bugs (and their execs' suspicious financial dealings in the runup to the bugs' disclosure), suggests that the companies are not taking the bug seriously and don't know what they're doing.

Intel memorably said in its first statement about Meltdown and Spectre that, "any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time." Sounds great, right? In practice, Intel has had to repeatedly step on this initial nonchalance, revealing that its newer processors are also susceptible to patch-related slowdowns, and that it pushed out some patches too soon. On Monday, Intel retracted one of its Spectre patches because of random reboot issues, and suggested that system administrators roll it back or skip it if they haven't installed it already. "I apologize for any disruption this change in guidance may cause," Intel executive vice president Neil Shenoy said in a statement.

Meltdown and Spectre Patching Has Been a Total Train Wreck [Lily Hay Newman/Wired]