In the list of possible risks to online banking (and why is it always online banking in these hypothetical world-is-ending scenarios?), CPU bugs are way down the list.

It's the stereotypical "why to use SSL" that everyone thinks of first.

Note that the bank will carry on using their Intel systems on the front end, with probably some crawling horror buried in the back office. All the intranet webpages will be IE6-only or similar.

This. I am reasonably confident in my security on the client side, but my credit union's janky ASP site does not inspire confidence at all.

Some banks don't even use HTTPS consistently. Their security is almost always primarily through the legal system.

The xdcbt instruction was a custom addition for the 360s CPU so vanilla PowerPC chips shouldn't be affected by this.

Not by this, but it shows the chip has speculative execution, and is therefore vulnerable to Spectre.

In this specific instance, the xdcbt instruction accidentally does a bad thing in the Spectre Zone that leaks back into the real world through a side-channel in the L1 cache. Crafted malicious code could do another bad thing in the Spectre Zone that ordinarily isn't allowed in the real world, then leak the results back to the real world through any side-channel that works.

Only on Xbox 360, it could even use xdcbt vs dcbt for that side-channel. If you set code up to always execute xdcbt on core 2, and always dcbt on cores 0 and 1, you might be able to do timing-based attacks between core 0 (closer to L2) and core 1 (further from L2) comparing against core 2 (bypassing L2).

A different version of the same PowerPC chip family would have its own side-channels. All those side-channels are hardware-specific.

Run nested CPU simulators on a beowulf cluster of Raspberry Pis?

486s do not have branch predictors.

https://news.ycombinator.com/item?id=16088830

AFAIK the 32-bit Atoms (of Netbook fame) are not affected?

Atom CPUs were in-order execution, at least at first, AFAIK. So, without speculation and an OOE engine, Meltdown and Spectre can't happen.

Just because the execution is in-order, doesn't mean there is no speculative execution.

The 360 cpu (and the closely related ps3 cpu) is the perfect example of this. Despite the fact that it's 100% in-order, it has a very long instruction pipeline (upto 50 instructions long) and branch prediction. And that's all Spectre needs, a long pipeline + branch prediction.

I'm not even 100% sure the intel atom will be safe from Spectre & Meltdown. It's pipeline is much shorter, only 16 stages long, but it still speculatively executes up-to 32 instructions (2 instructions per cycle).

It just makes things harder, you have to find a Spectre gadget that's short enough. Though piss-easy for Meltdown, because you can just hand-assemble short code.

Older Atom processors (pre-2013), or a Raspberry Pi.