Submissions of lists, like this home page, lead to lowest-common-denominator discussions. People focus on what the list items have in common and its gravity prevents specific items from gaining liftoff. Specific discussions tend to go deeper than generic ones, so we're going to unmerge these threads and have a separate one for each major disclosure:

Zombieload: https://news.ycombinator.com/item?id=19911341

MDS: https://news.ycombinator.com/item?id=19911277

This will take several minutes, so if you see weird incongruities or disappearances, hold your fire.

Edit: Ok, I've done as much of this as I'm going to do. If you notice anything wrong, can you let us know at hn@ycombinator.com so we can fix it?

This is the overview page. It comes alongside:

* https://zombieloadattack.com/ , on Hacker News as https://news.ycombinator.com/item?id=19911341 (The technical paper is hidden inside a collapsed part of the page and is at https://www.cyberus-technology.de/posts/2019-05-14-zombieloa... .)

* https://mdsattacks.com/ , on Hacker News at https://news.ycombinator.com/item?id=19911277

* Google's announcement about ChromeOS at https://sites.google.com/a/chromium.org/dev/chromium-os/mds-... , on Hacker News at https://news.ycombinator.com/item?id=19911406

( Several Hacker News discussions have since been merged here. And were then re-split. )

I thught Theo deRaadt was exaggerating when he said that Intel does not know how to build a CPU.

The blog post is buried a bit deep, but has the actual technical information on the topic

https://www.cyberus-technology.de/posts/2019-05-14-zombieloa...

The worst thing about heartbleed is that it introduced marketing into vulnerability disclosures :(.

I never knew about the .fail TLD.

> Computer makers Apple and Microsoft and browser makers Google and Mozilla are releasing patches today.

Computer makers? Wouldn't that be OS makers? They are patching their OS to prevent leaking...