Computing, AI, Cybernetics and Mechatronics Functionally Specified Complex Information & Organization General interest UD's Sci-Tech watch

The Meltdown microprocessor architecture flaw vs control systems in industry

Spread the love

Let’s follow up our earlier Sci-Tech Newswatch on the Meltdown-Spectre MPU architecture flaw issue. (We see here just how hard it is to create a robust, complex design that can readily be adapted to changes in the environment. Besides, a heads up on a big but under-reported story is helpful.)

In a new Jan 15, 2018 report on Meltdown in The UK’s The Register, we may read:

>>Patches for the Meltdown vulnerability are causing stability issues in industrial control systems.

SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains.

Rockwell Automation revealed that the same patch had caused issues with Studio 5000, FactoryTalk View SE, and RSLinx Classic (a widely used product in the manufacturing sector). “In fairness [this] may be RPC [Remote Procedure Call] change related,” said cybersecurity vulnerability manager Kevin Beaumont . . . .

The expected and well-publicised system slowdown issues from Meltdown and Spectre patches (Reg reports here, here and here) have been accompanied by even more irksome stability problems on some systems. Incompatibility with Microsoft fixes released on January 3 freezes some PCs with AMD chips, as previously reported.

An Ubuntu Linux kernel update prompted by Meltdown caused systems to become unbootable. Patching against CVE-2017-5753, CVE-2017-5715 (Spectre) and CVE-2017-5754 (Meltdown) affected both the PulseSecure VPN client and Sandboxie, the sandbox-based isolation program developed by Sophos.>>

Let’s keep an eye on this story.

For one, it is looking like software patches are not going to be a good enough long term solution. I am thinking, re-architecting the system design and a new generation of “safe” processors. Perhaps over the next 2 – 3 years?

While we are at it, this is an ID blog. What is this telling us about how hard it is to factor in robustness against future unknown changes and challenges in environmental constraints on systems? Is it plausible for blind processes acting alone to develop high complexity robust systems?  END

5 Replies to “The Meltdown microprocessor architecture flaw vs control systems in industry

  1. 1
    kairosfocus says:

    The Meltdown microprocessor architecture flaw vs control systems in industry — and, implications for the plausibility of claimed origin mechanisms for high complexity information dense systems in the world of life

  2. 2
    kairosfocus says:

    BTW, looks like all sorts of glitches are/have been popping up with patched systems, not unexpected as we are playing with things close to the heart of the hardware here. KF

    PS: Here’s one from a MS forum:

    https://answers.microsoft.com/en-us/windows/forum/windows_10-update/after-installation-of-kb4056892-boot-failure-after/6c015632-2a45-4725-a882-f231f8c88f36?auth=1

    Q: After installation of KB4056892 boot failure, after roll-back error 0x800f0845

    Hi,

    I have older AMD Athlon 64 X2 6000+, Asus MB, after installation of KB4056892 the system doesn’t boot, it only shows the Windows logo without animation and nothing more. After several failed boots it do roll-back then it shows error 0x800f0845. Unfortunately, it seems it’s not easy to disable the automatic updates without gpedit tweaks, so it tries installing and rolling-back the update over and over. The sfc /scannow shows no problem, in-place upgrade also doesn’t seem to help. I can try full reinstall, but I doubt it will change anything. It seems like the update is binary incompatible with my old CPU. I understand that making the machine unbootable is the best protection from remote exploitation, but I would rather have the OS working. Especially if my CPU is not vulnerable to the Meltdown attack and the MS mitigation attempts for Spectre is more than questionable. I could find only some German and Italian people reporting the same issue (well the CPU is quite pre-historic and the KB update is very fresh), but no info / acknowledgment from the MS so far. I have Czech localization. Could anybody provide more information?

    My bet is, 2 – 3 years to an architecture fix and rollout of a new generation of processors etc. Any thoughts?

  3. 3
    polistra says:

    I wouldn’t compare this to “robustness against future unknown changes and challenges in environmental constraints on systems”.

    It’s a much higher-level conflict, similar to perception vs deception. Human perception has flaws that can be exploited by magicians and salesmen and politicians. If the exploit is common enough and costly enough, it’s worth slowing things down and getting rid of the “bets” and presumptions.

    We used to encourage people to check sales pitches carefully to avoid swindles. Now we WANT people to be swindled, as witness QE, ZIRP, share value, Bitcoin, media, etc. Our system is built on bets and bubbles, and it can’t work if suckers are stopping to check facts.

    I’m guessing the processor “bug” was the same. Like encryption which always has a back door for NSA, this bug was designed to let the Correct Swindlers fool the computer.

  4. 4
    kairosfocus says:

    Polistra, I doubt this was intentional. To boost processor power, from the ’70’s microprocessors began to have instruction pipelines that allowed a bit of parallelism. Then speculative and out of order execution etc were brought in. They overlooked that signals can be pulled out of noise. Here, inferring the processor core’s state. With the equivalent of the safe combination in hand, that can go to much more serious exploits. It’s going to take a few years to sort out the mess and put up a new generation of processors. Then, my point is, we see how easily complex systems fall to brittleness so how do we expect to account for robustness on claimed blind chance and mechanical necessity. KF

    PS: The US Government has a legitimate interest in coded messages, under due and proper controls. There is a reason why codes and cyphers are regarded as munitions of war, next to bullets, shells, rifles, tanks and warships or even nuclear weapons. The potential impact is in fact at the upper end of the scale as the tale of the Enigma machines will reveal to us. Our legitimate concerns are that we must not become arbitrary surveillance states and that for the US constitutional provisions against arbitrary fishing expeditions are to be respected. Similar provisions obtain in other responsible states.

  5. 5
    kairosfocus says:

    F/N: we are now reportedly seeing lawsuits over meltdown and spectre, even as the fixes are evidently proving to be a challenge. KF

    PS: Apparently the SPARC architecture is also vulnerable to Spectre. This thing is spreading.

Leave a Reply