A Spectre of Meltdown

Turning it off and on again will not fix the problem.

Remain Calm

Timothy Prickett Morgan writes about a couple of the latest significant security threats to computers at The Next Platform. If thinking about computers hurts your brain; avert thine eyes. Else, it discusses and refers to details which I won’t reproduce here so it’s worth a click.

Chip designers’ tricks are back-firing as those tricks can be exploited by user code running on the machine, potentially exposing deeply-held secrets to nefarious types. The user code can be injected into systems by an injudicious click of a mouse button.

For the edification of the semi-technical, Chris Williams writes at The Register:

a blueprint blunder in Intel’s CPUs could allow applications, malware, and JavaScript running in web browsers, to obtain information they should not be allowed to access: the contents of the operating system kernel’s private memory areas. These zones often contain files cached from disk, a view onto the machine’s entire physical memory, and other secrets. This should be invisible to normal programs.

Unless one is involved in the crafting of the heart of operating systems; the kernel; one can only wait for operating system and application updates to put protection measures in place to protect the systems from the (ab)users.

Alas, the updates do not always run smoothly as “demonstrated” by Microsoft who rolled out updates that turn some systems into lifeless lumps, referred to in industry jargon as “bricks”. Sometimes the medicine is worse than the malaise.

In this case; everybody with potentially vulnerable hardware catches at least a bit of a flu; the patches turning off or limiting “speculative execution” in which the CPU calculates  things because they might need to be calculated depending on some as-yet unknown condition; ahead of time; a gamble that exploits spare parallel compute capacity.

It’s one way in which performance is increased in some processors. Without speculative execution, performance will be reduced; noticeably for some, depending on what they’re doing with the computer.

Some users will feel compelled to upgrade their hardware to restore previous compute performance. Because faster and newer hardware is cheaper than getting better performance out of software; real computer programming talent and abilities being a rare commodity.

Think of the patches as being required to fit a roll-cage to a race car; the weight (mass, more precisely) will slow down the car, all other things being equal. The options for restoring a good lap time include a more powerful engine; and improving the driver’s ability. Before you decide which, consider that the better driver will be quicker in any car.

This entry was posted in Digital Universe, Information Security and tagged . Bookmark the permalink.