Thursday, January 04, 2018

Is This The Real Y2K ?

Do you remember all the boo ha around Y2K and the 'millennium bug' ? Pretty much nothing happened yet it commanded miles of newsprint and endless headlines.

But now we have a real Y2K scenario and it just doesn't seem to be taken seriously.

The two bugs found in pretty much every computer chip in every mobile phone, PC, Mac and server are a serious issue for a number of reasons:

1) Patches have been issued for the Meltdown bug, but there is none available at present for Spectre according to reports. The trouble with patches is that they often need to be patched themselves: this sounds like a very complex low level problem and I'd suggest that the chances of further issues arising are very high.

2) The patches involve restarting machines - we've been seeing Microsoft automatically restarting many of our cloud machines overnight. (We remain unsure if our inability to deploy new CPUs and VMs over the past few days was related to this). Restarting machines can have unexpected consequences.

3) Obviously, this is going to lead to disruption.

4) But the real issue are those machines that don't get patched - a network is only as strong as its most vulnerable node. It doesn't sound like anyone has yet exploited these vulnerabilities, but you can bet your bottom dollar that in bedrooms and bunkers around the world there are some very bright - and misused- minds trying their darnedest to do so.

5) Finally, we're told that there will be a performance hit after patching. Well that's all well and good, but performance = price in the cloud and a 10% degradation in performance is the same as a 10% price hike. Consequences of this are likely to include a class action suite against Intel, ARM and other chip manufacturers in the US and all the unpredictability this brings. It’s interesting to note that ARM sold itself at the end of last year and that the Intel CEO sold mist of his stock at the same time.

So, what should you do ?

If you don't already have a list of all the devices you use (and all the devices your employees use if you're a company), then prepare the list. Remember to include your thermometer, car, sound system, etc.. Your router is a good place to find a list of all the devices connected or capable of connecting to the internet.

Alternatively just restart your devices - this will usually prompt a patch or upgrade.

If there is no patch yet, then do not use that device or system for anything you don't mind being stolen.

Expect a lot of disruption online - in addition to our issues with Azure I was experiencing issues accessing my online banking today. It probably means that your service provider is working behind the scenes to secure their systems, so it's not a bad thing.

It's striking that this information has been around for a couple of months and we're only just hearing about it. Here's some more information.

This could well be bigger than the Y2K bug...