The Spectre of Meltdown

I’m seeing so much “OMG, the Earth is doomed!” noise about Meltdown and Spectre, the recently-revealed Intel bugs, I just couldn’t resist adding my own.

I know some of you have managed to miss the fuss so far, so here’s a quick rundown of the problem: All Intel CPUs and some other manufacturers’ chips are vulnerable to one or both of a pair of issues that were just discovered recently. That includes the Apple-designed chips in iPhones and iPads; many of the CPUs in Android phones; some, if not all, AMD CPUs; and every Intel processor from the Pentium* on.

* I find it ironic that the bug dates back to the Pentium. Turns out that chip’s early inability to do division was the least of its problems.

Both bugs are related to something called “speculative execution”. The brief explanation is that in order to give faster results, CPUs are designed to guess what work they’ll have to do next and work on it when they would otherwise be idle. If they guess right–and a huge number of engineering hours have gone into establishing how to guess and how far ahead to work–the results are already there when they’re needed. If not, the wrong guesses are thrown away.

The details are way too deep for this blog, but the upshot is that because the bugs are in the hardware, there isn’t any perfect fix possible. Meltdown can be patched around, but Spectre is so closely tied into the design of the chips, that it can’t realistically be patched at all. It’s going to require complete hardware redesigns, and that’s not going to come soon. I’ve seen articles speculating that it could be five years before we see Intel CPUs completely immune to Spectre.

Personally, I suspect that’s insanely pessimistic. Yes, it’s a major architecture change, but Intel’s motivation is huge.

More worrisome is how many other hardware bugs are going to turn up, now that researchers are looking for them. Even if we get Spectre-free Intel chips this year–which is as optimistic as five years is pessimistic–the odds are overwhelmingly good we’ll see more such bugs discovered before the Spectre fix rolls out.

It’s also worth noting that the patches for Meltdown aren’t cost-free. According to Intel, depending on what kinds of things you do, you could see your computer running anywhere from five to thirty percent slower. Let’s be blunt here: if you mostly use your computer for email, looking at pictures, and web surfing, you’re not going to notice a five percent drop. You might not even notice thirty percent–but your workload isn’t going to be the kind that has a thirty percent slowdown*. The people who will get the bigger hits are the ones doing work that already stress their CPUs: video processing, crunching big databases, serving millions of web pages, and so on.

* Unless some website hijacks your computer to mine cryptocurrency. But if that happens, you’d notice your computer slow down anyway.

So the bottom line here: Eventually, replacing your computer will be a good idea, but we’re not there yet. (And yes, given the speed and power increases we’re going to see between now and then, even if it’s possible to just upgrade the CPU, it’ll probably make more sense to replace the whole computer.) And in the meantime, unless you’re running a big server, do what you’ve been doing all along: keep your OS up to date with all the vendor patches, don’t run programs from untrusted sources, and if your search engine tells you a web site is dangerous, don’t go there!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s