Thanks to @Infinity for sharing this...
https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/
"It is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the contents of protected kernel memory.
"The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI.
"The downside to this separation is that it is relatively expensive, time wise, to keep switching between two separate address spaces for every system call and for every interrupt from the hardware. These context switches do not happen instantly, and they force the processor to dump cached data and reload information from memory. This increases the kernel's overhead, and slows down the computer. Your Intel-powered machine will run slower as a result."
tl;dr you're going to get patched and will be trading up to 30% of your CPU performance in exchange for protection from a security flaw.
Not saying that's not the right choice, but I see rebellion and forks coming...you know, the "speed is critical, we won't upgrade past Linux 4.14..." crowd, or the "we're building a mining rig, so we want to use Dark Chester's non-isolation patches" tutorial people.
@WSS I think this is the equivalent of the introduction of the catalytic convertor. Shade tree coders?