Meltdown, Spectre, and the Processor Problem That We All Face

Michael PhillipsBy now you may have read about an issue affecting Intel, AMD, and other processors, potentially exposing sensitive memory data. Until now, that data has been assumed to be safe, since a program running on a system isn’t supposed to be able to access the memory used by the kernel or core of that system. There are two separate bugs involved, known by the names “Meltdown” and “Spectre.” The bugs affect virtually every device that uses an Intel or AMD processor: desktop computers, laptops, tablets, phones – essentially almost all computing devices made since 1995.

No one knows yet whether the bugs have been exploited, since the potential exploits do not leave any trace in traditional log files. But there have been proof-of-concept demonstrations that the bugs are exploitable, so software and hardware manufacturers are issuing patches and firmware updates to remedy the problems created by Meltdown and Spectre.

What this means for your website hosting

Microsoft is expected to release a number of patches for their different operating systems on Tuesday, January 9th (UPDATE: patch releases have already begun for the most recent O/S versions). In addition to those fixes, it’s also possible that we’ll have to install a number of different firmware updates for the different types of hardware that host your websites. We will, of course, apply the patches and firmware updates as soon as we can, and we will do our best to keep any disruption to a minimum, but at this point we do not know the extent of any potential outages related to the fixes.

What we do know is that the fixes will almost certainly have an impact on the speed of all of the affected hardware. That doesn’t apply only to web servers, but to all affected devices. Virtual machines, which run the vast majority of websites, will see an impact, since the fixes necessary to counteract Meltdown require changes to the way the operating system handles memory. Preliminary testing indicates that the speed of the memory processing could be slowed by anywhere from 17% to 30%, depending on the task.

We can’t be sure of the overall effect until all of the fixes are in place. When we get to that point we will evaluate the situation, and if any adjustments are necessary on our end to keep things running smoothly for you, we will make them.

This is an unusual and unfortunate situation that is going to impact virtually everyone. No one can predict the ultimate effect it will have, but we will continue to monitor the issue as it unfolds and post any pertinent updates related to your hosting in the forum.

Read more about the issue here.

Rate this article
   

2 Responses
  • Jim Hewitt Reply

    It has been quite the stir here at Dish where I am 6 months into a cybersecurity analyst job. One of the concerns expressed has been that the smaller cloud hosting providers won’t do much about this or even are aware of it. Glad to see you guys are on top of this, Michael. Thanks.

    • Michael Phillips Reply

      Thanks Jim. Sounds like you have an interesting job. And by “interesting” I mean probably terrifying a lot of the time. 😉

Leave a Reply