The sky is falling, Melt Down and Specter

 

You’ve probably heard about it by now. The entire computer industry is in turmoil over the Specter and Meltdown vulnerabilities. These are recently discovered serious vulnerabilities in the CPUs (microprocessors) used in virtually all computers manufactured since the mid 1990s. For sophisticated hackers, these defects have  potentially provided access to all the information on all the world’s computers for over twenty years. Whether or not governments or criminals have discovered and used these vulnerabilities is not known, simply because anyone who had discovered and used this vulnerability would have kept it secret. Our own NSA denies previous knowledge of the problem (opportunity?) For the past several months the computer industry has been scrambling to find fixes. While these vulnerabilities exist in personal PCs the biggest concerns are in the servers and other high speed computers commonly used by governments and corporations. These computers use the same CPU as your PC but each of these powerful computers will contain dozens or even hundreds of these CPUs.

The story of how these twenty year old defects were only discovered in 2017  by four separate and unrelated groups all within months of each other is fascinating. Surely several books and at least one movie are in the offing. The defect in CPUs involve a process that has long been employed in the industry to make computers run faster, today it’s called “speculative execution.” 

Back in the late 1960’s dozens of small high tech companies were nipping at IBMs heels. Each was in the race to make the fastest mainframe computers. I was an engineer with one of those companies SEL (Systems Engineering Laboratories) in Fort Lauderdale (Florida’s Silicon Valley). We used the technique that today is known as “speculative execution” to make our computers execute tasks faster. In those days we called it making “blind calls” or “blind fetches.” The speed of computers was limited by their architecture and physics but a computer could be made to execute complex instruction sets quicker if its program could look ahead and “fetch” data that was likely to be needed in subsequent computations. This speed enhancing technique was somewhat hit or miss. While the “blind fetch” usually pulled up the files that were needed, it often pulled many other files that were not needed, these were then discarded. The methods of accessing and discarding these superfluous files have created the vulnerability.

In the early days this ‘speculative execution” was an activity of the program (software). In the mid 90s, Intel and other CPU makers encoded this process in silicon. “Speculative execution” became a part of every microprocessor (CPU).

The way computers handle the files in the process of “speculative execution” has created the vulnerability for the Specter and Meltdown exploits. The industry is working feverishly to find fixes for these vulnerabilities. Most of these fixes so far have the unpleasant side affect of slowing down the big, fast multi-microprocessor computers used by governments and industry by as much as 30%. This is a big problem for industrial and Internet servers, and governments, but not for home PC users.

These vulnerabilities don’t invade computers like a virus. The simply allow hackers to steal data.   Passwords, bank accounts, personal data and industrial and government secrets that are stored in “servers” are at risk. Home and small business computers are not likely to be hacked because the process is involved and the rewards are limited on individual PCs. While the fixes may slow down large powerful PCs, the will not have noticeable affects on individual PCs.

We all face the risk of having our personal data stolen from commercial and government networks. We may also experience unpleasant delays on Internet websites we are accustomed to using. At this point no one really knows how bad the problem is or what affect it may have on our day to day lives. We must wait and see.