I'm a bit late to the party, but...
^^ Good link. Thanks. And the author is right - it is FUD, and generally, wherever one finds FUD, one will usually find an accompanying $commercial and/or a political motivation, if not simply an "ulterior" motive.
The warnings about Spectre and Meltdown weren't FUD.
As Jibz said, the prime target isn't end-user machines, but stuff running in the cloud. Thing is, more and more stuff is being moved to cloud infrastructure - email, the ecosystems for software updates on everything from phones to server and desktop operating systems, payment processors, social media, every-friggin-thing. Being able to freely dump memory of other tenants on the infrastructure? TERRIBAD!
Fortunately Meltdown was "fairly easy" to fix, and without adding that
big overhead... depending on workload and whether the CPU is recent enough to support the "Process Context ID" feature.
Spectre on the other hand? It's a can of worms where the lid has just been popped off. It's a class of bugs that's very hard to totally fix, because of the way modern CPUs work - unless we're willing to give up a lot of speed. I expect we're going to see a game of whack-a-mole for a while.
be used to target end-users.
This was not a case of cry wolf. It was a case of "we need to fix shit, now, before people outside the NSA, GRU and GCHQ start
abusing these flaws".