2018 is already off to an interesting start

So soon after I wrote this, 2018 is already off to a bit of a nutter start.

Cryptocurrency craziness

The cryptocurrency market is already coming to a head. We have known that the lack of regulation would come to a head, and soon. It’s heating up quickly, as the last days of 2017 and first of 2018 saw allegations and claims that the big banks in Australia (ANZ, CBA, Westpac, NAB) were freezing the accounts of customers trading in cryptocurrency, even while Bitcoin and other crypto valuations jumped and down by double digit % on an almost hourly basis.

Taken from Coinbase.com, 05 January 2018

Amid discussion around the volatility and liquidity of crypto traders, it’s obvious that the lack of regulation is becoming a massive red flag, especially with the SEC in the USA making various valid statements at the end of 2017.

Where to next? It looks like the regulations will become an immediate priority in the first months of 2018, with the government and banks viewing the volatility as an obvious risk, and an increasing need to be involved in the growing market.

One to watch people.

The kernel flaw – Meltdown/Spectre

The second to watch is big. So big it possibly/probably/maybe/likely affects every Intel CPU (and in the Spectre scenario every chipset ever made) in market.

That’s a massive effect. Business Insider has a bit of an initial wrap up, and props to The Register for opening the wraps on the 2 scenarios, now dubbed Meltdown and Spectre. Essentially, it’s exploiting a loophole that CPUs, OSes and installed apps use to communicate at the most core level of the entire system – the kernel. Once at this level, the exploit allows an app to access information within its communication channels, and into other channels that other apps etc are using. It’s a pretty core vulnerability that uses a system’s use of memory and architecture, against itself, and in a massive Cloud environment, could allow a user to access ALL data (from every customer on the system) from an app installed in their account.

Of the 2 scenarios, Meltdown is basically focussed on Intel CPUs, while the Spectre scenario focusses on being able to affect all types of CPUs, even through IoT and mobile devices.

It’s a development of known/theoretical vulnerabilities that have existed in CPUs for a long time. This current one was recorded and reported by Google’s Project Zero team from mid 2017.

Here, and here, for more reading.

Beyond the absolute craziness that every chip in market could be vulnerable, it’s also alleged that Intel’s CEO has since engaged in some shady behaviour, selling US$24million of stock in late November, after having full knowledge of the vulnerability.

What next? This is still very much emerging, so there’s not enough known. While the big platforms are rolling out fixes for their systems (it’s highly recommended that everyone keep a sharp eye on updating and maintaining current systems), it’s also said that these updates end up slowing down systems, as they focus on security over performance.

The industry has focussed for so long on performance as an absolute metric – there are so many tech sites obsessing over the % difference between each CPU generation. And on these sites many users are angry, with calls for class actions, and forcing Intel to refund users or upgrade for free to recent generations, which have some of the performance problems mitigated. See a problem there? It’s still obsessing over performance rather than security.

Could this be the end of Intel? Doubtful, although it will be a hit. I hope this has a positive effect on chipset design, looking at new architectural models that focus on governed models rather than performance as the key value model.

Keep a look out.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s