Meltdown and Spectre
New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.
New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.
This comic was inspired by the Meltdown and Spectre bugs found in certain processors; these vulnerabilities were disclosed to the public in the week of this comic. The bugs result from flawed implementations of speculative execution and made big news because they broke the "walls" between programs executing concurrently on the same computer, in some circumstances allowing malware to steal secrets from normal, bug-free programs.
Speculative execution is a technique used to speed up the execution of computer programs. Processors handle instructions in a series of steps, like an assembly line. The processor works on several successive instructions, each at a different stage in the assembly line. It may start speculatively executing instructions that follow a particular result of a decision before the execution of the logic that makes that decision is finished. Once the decision is made, it keeps results from the selected path, and discards unnecessary results. This allows it to keep doing useful work while some slower decision is made. In the Meltdown and Spectre bugs, the results of speculatively executed instructions are not completely discarded, allowing them to affect things that the program logic should have prevented.
Ponytail uses the Trolley Problem, and trolley (tram) tracks in general, as an analogy for streams of instructions in a program. The Trolley Problem is a thought experiment where an out-of-control trolley is heading to a switch which you control. Leaving the switch as-is will cause it to kill multiple people (typically five) stuck on the tracks, but switching the track will cause it to kill only one person, who would not have died if the switch was left untouched. This creates the ethical dilemma of passively causing multiple deaths, versus actively causing one. The Trolley Problem has gained significant memetic traction, helped in no small part by its frequent inclusion in “introduction to philosophy” type courses. The problem has seen revitalized interest with the emergence of autonomous cars, which may be faced with what are, essentially, such choices in emergency situations.
As an analogy for multiple mutually exclusive paths being executed at the same time, Ponytail invokes certain interpretations of quantum mechanics, where quantum-level particles can be viewed as taking every possible path at once, with the result being the sum of all of them. This is an idea popularized by the common interpretation of Schrödinger's cat, where the cat is both dead and alive until some event results in one of the states being selected. The phantom trolley driving through walls is an analogy for the computer instructions being able to access areas of memory that should be protected from them. This may also be a reference to quantum tunnelling, or even simply a joke about the phantom trolley being a literal phantom, i.e. incorporeal.
In many cases, contrary to what the comic implies, both paths are not taken simultaneously during speculative execution. A branch predictor may be used to select the most likely path, and the effects should be completely erased if the predicted path is incorrect. To use Ponytail's analogy, a phantom trolley is sent down one path (hopefully the most likely one), and either becomes real once it's determined that that path was correct, or vanishes and is replaced by a real trolley starting down the other path from the branching point. Both branch prediction and taking both paths (known as eager evaluation) are considered speculative execution and are affected by these bugs.
The Row hammer problem had been known for many years before this comic was published. A common form of computer memory is constructed from tiny capacitors organized in a two-dimensional grid of rows and columns. Capacitors store charge to represent information. By applying a pattern of memory access that rapidly changes a row of capacitors, you can cause charge to overflow to nearby rows and incorrectly change their states.
Ponytail mentions that we especially suck at building "shared computers" because Row hammer, Spectre, and Meltdown all break down the security divisions built between programs and between users. A hacker running a separate program in a separate account shouldn't be able to access your data or change the behavior of your program, but these problems allow them to. This is particularly dangerous for time-sharing, servers, and the cloud, where different programs, websites, or even companies can be sharing the same hardware. Cueball takes her explanation literally, and comes to the conclusion that the cloud "is full of phantom trolleys armed with hammers", and Ponytail cannot be bothered correcting him. Cueball's final line ironically suggests that these exploits can be repaired with a simple software update. This seems to be mocking the naive misunderstanding that software can make up for flawed hardware. However, the exploits discussed in this comic are not trivial oversights, but reflect fundamental issues in the design of modern processors.
The title text mentions a zero-day vulnerability, a vulnerability that hasn't been published yet and could be exploited, since it is neither patched nor known. It suggests that, until it was 'disclosed' here, nobody was aware that as well as Row hammer, computer servers can also be harmed by regular hammers. In reality, this would be obvious to most people. One might "patch" a server against this attack by plating it with stronger metal.