Jan 05

Macular Degeneration

That’s a condition in which your retinas develop flaws that can distort what you see (like turning straight lines into curves) culminating in so much damage that you are blind (well, effectively, you can still detect light).

I have that.

There are 2 types- Wet and Dry. Wet is caused by bleeding in the capillaries behind the retina causing bubbles of blood that separate it from the eyeball (thus the distortion). The treatment is horrible. Fully conscious, open eyed and dilated, and under the mildest of topical anesthetic, the Doctor takes a needle, sticks it in your eye, and injects… something, I’m not a Doctor. Side effects include air bubbles in your Intraocular Fluid which manifest themselves as big floaty black spots that swim when you turn your head too fast like a nauseating Lava Lamp. After 2 or 3 days they go away.

The minimum course is 3 shots, 6 weeks apart, which I have had and my Retinologist is very pleased with the reversal of my symptoms and results of my tests and has me under observation which will continue pretty much for the rest of my life.

Thank goodness it wasn’t Dry. There is no known treatment.

But that’s just a metaphor. As it turns out I have to revise and extend my piece from Wednesday.

That was about the Intel half of the problem, what is now commonly known as Meltdown. It is very real, very Intel specific, and has an available cure that slows down your Intel based system by up to a third.

I also hold by my statement that Intel was cheating to convey an inflated impression of its processor capability.

Meltdown allows a Virus to read privileged memory space (like the OS kernel) and takes advantage of an Intel side channel designed to allow quicker access for urgent instructions from user level programs. It does not require any special tailoring to the software currently running since it’s a hardware flaw.

Meltdown (PDF)

Meltdown is distinct from the Spectre Attacks in several ways, notably that Spectre requires tailoring to the victim process’s software environment, but applies more broadly to CPUs.

But, like Wet Macular Degeneration, at least there’s a cure.

Spectre is similar in that it allows access to protected areas of memory and is based on “Out of Order Execution” (having your CPU look ahead when it’s idle or expediting certain instructions), but is more difficult to implement since there are a lot of variables.

Spectre (PDF)

Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects.

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.

(note: The links to the specific papers are from meltdownattack.com and my primary source that references them is Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device? by Devin Coldewey, Tech Crunch, 1/3/18)

Speculative processing is something everybody does. Allow me to explain the concept.

In modern computing there are many speeds of memory, the fastest being the most expensive and therefore smallest. To maximize the value of this relatively scarce resource it’s commonly dedicated to hold the items that are most frequently re-used. This is called ‘caching’. It is also possible to stock it with things computers anticipate will be needed shortly and to increase performance most chips do this during their idle time, which is almost always because they are so damn fast that during a nanosecond (the time it takes light or electrons to travel about a foot) they can do much more than 12 things.

Is that fast? My monitor is more than a nanosecond away and so should yours be (“Don’t sit so close to the TV, you’ll ruin your eyes!”).

So on the CPU, at lightspeed, it can seem an eternity to fetch a value or 64 out of the fastest DRAM (they arrive at the same time or not so much and you can handle them simultaneously and asynchronously). What do you do for a hobby?

Yes, you’ve already done your chores. Posted results and sent out requests for future anticipated needs. Why not play a game? What if the results of the current operation turn out about the same way they have in the past? What will you do then?

THAT is speculative processing, everybody’s doing it Ma. The reasoning is that it’s totally benign. In the worst case where you stumble across an unexpected result you simply flush your speculation and proceed as if you’d just been sitting there waiting all the time. You don’t even pay a real penalty for day dreaming as the next operation is just as fast as it would have been if you hadn’t.

However, if you happen to be a malicious hacker, you can prime the pump by leading the CPU to anticipate an innocuous result and use the time difference between that and the realization the actual outcome was not expected to execute…


In the current context this consists of enticing the CPU to put pieces of memory that don’t belong to the malicious program in known places that program can access. Little things like passwords.

Heck, even knowing where the kernel is located (it floats around as a security measure) is a huge advantage because you can flip the switches (if you know where they are within the attack target) and give your process all the access it needs to do some real damage.

Now the problem with a Spectre attack is that it requires a deep knowledge of the target’s behavior in specific situations but hey, that’s what you have computers for- even the one you’re targeting.

You might think a handful of idle cycles and a few bytes of memory is not enough to accomplish anything but I remember a conversation I had with a cousin who was programming industrial robots. He was working with a Z80 and 256 Bytes (Byte! that’s like one letter!) of memory for instructions AND data.

As he explained to me, they don’t have to do much. Most of the time he didn’t use half that.

The bottom line is this- if you’re shorting Intel because their processors suck and are incredibly vulnerable to Hardware Viruses or because they’ve been lying about their performance you are exactly correct to do so.

Spectre attacks are never going away and the only good news is that they’re very difficult to implement.