Let’s follow up our earlier Sci-Tech Newswatch on the Meltdown-Spectre MPU architecture flaw issue. (We see here just how hard it is to create a robust, complex design that can readily be adapted to changes in the environment. Besides, a heads up on a big but under-reported story is helpful.)
In a new Jan 15, 2018 report on Meltdown in The UK’s The Register, we may read:
>>Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.
SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.
Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). “In fairness [this] may be RPC [Remote Procedure Call] change related,” said cybersecurity vulnerability manager Kevin Beaumont . . . .
The expected and well-publicised system slowdown issues from Meltdown and Spectre patches (Reg reports here, here and here) have been accompanied by even more irksome stability problems on some systems. Incompatibility with Microsoft fixes released on January 3 freezes some PCs with AMD chips, as previously reported.
An Ubuntu Linux kernel update prompted by Meltdown caused systems to become unbootable. Patching against CVE-2017-5753, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) affected both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.>>
Let’s keep an eye on this story.
For one, it is looking like software patches are not going to be a good enough long term solution. I am thinking, re-architecting the system design and a new generation of “safe” processors. Perhaps over the next 2 – 3 years?
While we are at it, this is an ID blog. What is this telling us about how hard it is to factor in robustness against future unknown changes and challenges in environmental constraints on systems? Is it plausible for blind processes acting alone to develop high complexity robust systems? END
The Meltdown microprocessor architecture flaw vs control systems in industry — and, implications for the plausibility of claimed origin mechanisms for high complexity information dense systems in the world of life
BTW, looks like all sorts of glitches are/have been popping up with patched systems, not unexpected as we are playing with things close to the heart of the hardware here. KF
PS: Here’s one from a MS forum:
My bet is, 2 – 3 years to an architecture fix and rollout of a new generation of processors etc. Any thoughts?
I wouldn’t compare this to “robustness against future unknown changes and challenges in environmental constraints on systems”.
It’s a much higher-level conflict, similar to perception vs deception. Human perception has flaws that can be exploited by magicians and salesmen and politicians. If the exploit is common enough and costly enough, it’s worth slowing things down and getting rid of the “bets” and presumptions.
We used to encourage people to check sales pitches carefully to avoid swindles. Now we WANT people to be swindled, as witness QE, ZIRP, share value, Bitcoin, media, etc. Our system is built on bets and bubbles, and it can’t work if suckers are stopping to check facts.
I’m guessing the processor “bug” was the same. Like encryption which always has a back door for NSA, this bug was designed to let the Correct Swindlers fool the computer.
Polistra, I doubt this was intentional. To boost processor power, from the ’70’s microprocessors began to have instruction pipelines that allowed a bit of parallelism. Then speculative and out of order execution etc were brought in. They overlooked that signals can be pulled out of noise. Here, inferring the processor core’s state. With the equivalent of the safe combination in hand, that can go to much more serious exploits. It’s going to take a few years to sort out the mess and put up a new generation of processors. Then, my point is, we see how easily complex systems fall to brittleness so how do we expect to account for robustness on claimed blind chance and mechanical necessity. KF
PS: The US Government has a legitimate interest in coded messages, under due and proper controls. There is a reason why codes and cyphers are regarded as munitions of war, next to bullets, shells, rifles, tanks and warships or even nuclear weapons. The potential impact is in fact at the upper end of the scale as the tale of the Enigma machines will reveal to us. Our legitimate concerns are that we must not become arbitrary surveillance states and that for the US constitutional provisions against arbitrary fishing expeditions are to be respected. Similar provisions obtain in other responsible states.
F/N: we are now reportedly seeing lawsuits over meltdown and spectre, even as the fixes are evidently proving to be a challenge. KF
PS: Apparently the SPARC architecture is also vulnerable to Spectre. This thing is spreading.