A thousand WordPress hacks have been created without using Spectre or Foreshadow.
Exploits will continue to be found in OS code, applications, protocols, and even with air-gapped computers. The only 100% safe way to protect the information in a computer is to melt it down into a puddle of goo.
Time to go back to paper and pen, but write with a single sheet on a steel slate so that there is no information leakage onto the surface below.
Or....apply updates and patches as they are released, and evaluate how each unpatched new exploit applies to your own use of a PC and decide what to do about it.
Based on this, my opinion is that normal desktop users shouldn't care about TLBleed:
https://arstechnica.com/gadgets/201...leak-crypto-keys-on-hyperthreaded-processors/
Except that you're missing that why people are mad is that companies running servers have shown they're seemingly not taking security any more seriously than general WinXP users about 15 years ago. And you don't have to be running code on their stuff to be concerned, because lots of companies/organizations are handling your data, and that creates problems for you when they have this "eh, we'll do something about it if it becomes a problem" mentality.
Plenty of time its not the IT department workers that is the issue, as they'll tell the higher ups an they'll tell the management and the latter just won't care until they're forced to. But since they get away with light slap on the wrist if anything over their failures in this regard, there's no real pressure to change, because they share your feelings.
When this starts leading to real harm (like say hospitals, or infrastructure - power plants and electric grid, or food production facilities, or government), I'm guessing you're gonna be one of those "why weren't they doing something about this to prevent it?!?" people.
Yep, as the wise man Joe Jackson sings, "everything gives you cancer."
Don't install random apps from shady sites, keep your browser up to date, keep an eye out for unpatched zero-day exploits that don't require physical access to your computer or NSA-level hacking.
For example, at least one speculative execution exploit could work using just JavaScript in a browser, until they were patched. Once patched, you're safe. Now most of the speculative execution exploits have requirements like "first compromise the OS" or "buy $50 worth of cloud computing" which isn't going to happen for mass attacks on ordinary PCs.
Mass spam and phishing happens because the attacks cost less than a fraction of a cent per attempt. They infect (or buy access to infected) servers and have those servers do the bulk mailing.
If you're an engineer for Boeing and keep aircraft design documents on your home PC, then China might make the effort to target you personally. Even then they'd probably use something simpler than a speculative execution exploit, like installing a rootkit.
All that said, if you're running a commercial cloud service or datacenter that allows users to run their own code then you're probably very annoyed with intel right now for all of these exploits requiring performance downgrades.
I think its beyond annoyance. I imagine they'll be full on suing their butts or demanding they give them a CPU capable of the thread count processing and general performance of the one they bought based on Intel's sales and marketing. And that better be for free, because at this point, Intel straight up has been lying to its customers. I genuinely cannot think of the last time a company did something like this for years (Apple's battery/power gating thing would be the closest, and that was big news and even Apple fans were outraged). And I cannot think of any instance in which there was something like this and yet were so many people acting like people shouldn't even be able to have an issue with this. "Oh don't have a server CPU, well then stop whining." Great attitude there. They were quite aware of the potential catastrophic results from stuff like this, and didn't care, figuring like you, well they'll do something about it if it happens. And then of course they're trying to act like its computing at large, even when its ones that work only on their hardware.
Also, I take it you're choosing to ignore the IoT glut of devices where you can't patch them, and many of them are already compromised? I hope you recall that Intel was doing a big push for IoT, I'm sure its just a coincidence that both situations show a noticeable lack of concern about security. And we don't have good data on what is and isn't compromised, because again, there's a lot of people like you that just shrug, "eh, don't be an idiot and nothing will happen to you". Meanwhile I can guarantee you that there are exploits that are in the wild that you don't know about, and so even if you do your best to be smart, you're at serious risk of being compromised. And you're not going to know it.
The last point I want to make is. You think that maybe if these companies didn't have to worry about these Intel specific ones that it would just possibly free them up to work to deal with the many other ones they need to address? I'm waiting for when we find out that some of these fixes actually break the security protection for other exploits, opening them up to older ones that they thought were handled. At this point it seems like an inevitability.
Next up we'll find out that Intel's stuff somehow ends up with Y2K bugs because they're fix for that was to just set it to 2020 or something.