Quinn Labs: A website about building websites

meltdown spectre

Meltdown & Spectre

January 19, 2018
Authors:
Tag:

What are Meltdown & Spectre?

Meltdown & Spectre are hardware vulnerabilities that affect the processors in your computer, your smartphone, and the servers constituting the Internet and the World Wide Web. They allow information to be read from memory inappropriately and without authorization.

Meltdown is a hardware vulnerability affecting Intel x86 microprocessors and some ARM-based microprocessors that enables reading all memory without authorization (Source: Wikipedia). It has been assigned CVE ID CVE-2017-5754. It affects all systems using the processors, and is not a software bug.

Spectre is a hardware vulnerability affecting almost every computer system (including desktops, laptops, servers, tablets, and smartphones) and has been demonstrated on processors from manufacturers Intel, AMD, and IBM, as well as on some ARM-based processors (Source: Wikipedia). It has been assigned two CVE IDS: CVE-2017-5753 and CVE-2017-5715.

Impact and industry response

The computing industry has been producing software updates to mitigate the security holes in Meltdown and Spectre. These software updates affect the entire stack of software products:

  • Hypervisors (the software at the heart of most hosting providers)
  • Operating systems (like Windows, macOS, FreeBSD, iOS, Android, and Linux)
  • Application software (like your web browser)

At every level, the mitigations have the potential to cause slowdowns or instabilities (crashes and lockups, for example). This is already happening.

What to do

We at QI and the websites we have built for our clients are end-users of all this software and hardware. And unfortunately all of us will have to expect systems and web sites to perform worse and be less available than what we’ve been accustomed to. The best thing we can do is maintain our good practices, which include

About the Author

  • Fred Condo

    Fred has a Ph.D. in the Management of Information Systems and Cognitive Psychology from Claremont Graduate School, and is Chief Engineer at Quinn Interactive. He taught a graduate level class, “Principles of Usability” at the Academy of Art in San Francisco, and was an Assistant Professor in the Communication Design department at California State University, Chico for 6 years, teaching web development and human factors. Fred got into SilverStripe in 2008. He has made 35 commits to the SilverStripe framework repository, which makes him the 36th-most prolific contributor to the project (as of November 2014). You should follow him on GitHub here.

    More from Fred Condo