Meltdown and Spectre explained, again

You may have heard of Meltdown and Spectre. In January, these two new security vulnerabilities were made public, and it was kind of a big deal: all modern processors were more or less vulnerable, all systems affected, they could steal your passwords and everything.

Things have settled down a little bit since then; security patches have been released and no actual attacks have been reported. But still, discoveries of that scale are not common, so I was curious: How do these vulnerabilities work?

The explanations I could find on the Internet came in two flavors: the one for security experts (extremely technical, very hard to follow) and the ones for scared customers (that will make you doubt everything you known about computers).

So I decided to write my own: for people that have some knowledge about CPUs, but no interest in actually exploiting the vulnerabilities.