Observations on AI and Google’s Implementation

Google (the company who claims it does no evil) is a good example of social implications of AI.  A recent live demonstration showed Google’s AI assistant being told to book a haircut appointment for a certain time.  The AI searched and found local salons and actually booked an appointment while having a normal, human conversation with the person on the other end being completely unaware they were talking to an AI bot.  The voices seem random and they are all 100% convincing and essentially without fault or flaws in their interactions that it is simply stunning and scary at the same time.

Some are criticizing this as unethical and I would agree, but argue the technology could be used for good as well.  However, what is stopping a bunch of script kiddies from making an army of these bots to SWAT people or report false emergencies and even make mass prank calls.  I would imagine at this point that the AI is probably good enough to duplicate a target’s voice as well.  We are heading into extremely uncharted and scary territory here.

Like anything else, there is no arguing that scientific advancement has almost always been used for war and to harm people.  I believe AI’s first and primary use will be to weaponize it, whether it be for social experiments, controlling people or crimes.

There are other “here right now” implications such as the fact that this technology can essentially replace entire call centers.  In fact I would argue that this could be done now and no one would be the wiser they were speaking to a bot.

The implications are far reaching, I also feel this kind of AI combined with robotics are going to be mass job killers.  We have robots that can build entire cars, houses and AI that can interact with humans at the same level as we interact with ourselves.  It’s not an understatement to say that a lot of our jobs and our existence are teetering on unnecessary and obsolete and this is, in fact a conclusion that it appears some AI has already reached.  It would be a logical one for an AI net to conclude that they should be on top and that we should work for them.  I know it’s a doomsday scenario but I concur with other experts that not only is this possible, it is likely if proper checks are not put in place.

Other examples of AI have shown how some of these bots use the whole treasure trove and mine of social media to create their persona, including their views.  I am sure you could even plugin political or racial bias.  The point is that some of these bots have said and done disturbing things like threaten the person they were talking to.  It’s almost as if the cesspool that we know as social media is ruining them and a lot of people said if AI is picking up bad habits from social, how about our kids?

I would not feel comfortable with machines making life and death decisions for the above reasons.  I think AI has massive potential and we are only starting to tap into it, but time will tell where we take AI or where AI takes us.  It has the potential to do both great good and great harm and I think it is largely unpredictable.

My Take On Meltdown and Spectre Computer Security Flaws

Spectre and Meltdown allow a non-privileged user (non-root/non-Admin)  to access memory they aren’t supposed to essentially dissolving the majority of computing security and privacy barriers.  This could be a guest user collecting sensitive information/passwords for an entire database, group of users, network etc..

If you are using any computing device whether it be an ARM based device, Intel CPU (although Intel is the worst offender at this point), AMD CPU this issue affects you and billions of other devices and users around the world.  Whether you are on Linux, Unix, Windows, Mac this applies to you.  It is really an unmitigated scandal and disaster for both privacy, security and even safety with long lasting and wide ranging ramifications that will continue to playout for years.

I’ve made a comment in the past about security, IOT and how there are many devices that are now unsupported or can’t be updated leading to huge security issues.  We are now unfortunately there and have been since 1995.

This issue was first reported by Google Project Zero and they are known as the Meltdown and Spectre Vulnerabilities that affect all microprocessors made since 1995 (the modern computing era).

To make it worse there are 3 known “variants” or attack vectors known (I suggest there may be more that are undisclosed or not yet known to the public).  With variants 1,2 being very similar (known as Spectre) and variant 3 known as Meltdown.

  • Variant 1: bounds check bypass (CVE-2017-5753)
  • Variant 2: branch target injection (CVE-2017-5715)
  • Variant 3: rogue data cache load (CVE-2017-5754)

The attack is possible due to “speculative execution” where CPUs (computer chips) essentially try to predict future work needed and will actually do sometimes unneeded work as the performance hit for doing this is less than waiting to execute the instructions later.   This means the computer sometimes performs work that isn’t needed and not used to increase performance, where things have gotten bad is through this feature, it’s possible for a normal user/process to gain unrestricted access to memory that you shouldn’t have access to.

What is Spectre?

The primary variants (1,2) that make up Spectre  rely on the user exploiting the speculative feature of the CPU to write to memory under their control.  This allows a normal user to read basically all memory processes allowing keys, passwords and confidential data to be intercepted.  AMD Claims that Variant #2 does not impact them as well.



What is Meltdown?

Meltdown is the third and more serious and nasty variant that still relies on the speculative execution exploit/flaw but actually allows the attacker to read arbitrary memory (so basically anywhere at will).  The key feature of Meltdown is that it is the easiest attack to perform and it has been demonstrated on the Intel platform already.

The only good news is that apparently this Meltdown attack only affects Intel and not AMD.



Redhat has also done an excellent writeup about the issue here:


How To Protect Yourself

First and foremost you should update your devices as soon as patches become available.  In Linux enabling KPTI can protect you.   However for some major distributions of Linux users are still waiting for a patch.

If you are vulnerable and performing critical operations it’s time to make tough choices including possibly turning off your machines or denying all non-admin users access to a server/services if possible.

Ensuring rotation of keys and passwords can also mitigate your risks even if passwords have been compromised.

It comes down to good security practices all around such as segregating services to different physical machines, restricting physical and virtual user access.

If possible remove all non-essential or untrusted applications from your device/computer/server.

Dedicated Servers Will Become More Popular

There has been a huge trend to put everything into the Cloud, one that I have reservations with despite owning companies that offer our own private Cloud.

Fortunately we haven’t been impacted by Spectre and Meltdown and are not vulnerable but it does raise questions from our clients that we’ve mentioned before.

I’ve always advocated for physical segregation, which means that if possible you should have your own physical dedicated server that is encrypted and running a minimum set of services with as a few users as possible.  By doing this you significantly reduce your risk in a scenario like this by putting your company database, e-mail, VPN, websites, file server on physically different servers.

Serious Questions and Concerns Raised

I would raise the question that is it really possible that such a wide-ranging exploit was completely unknown for this long until a team from Google discovered it?  Considering the budgets of major intelligence agencies around the world who are constantly looking to find exploits of their own it is conceivable that this vulnerability may have been exploited for far longer than it was publicly known by specific groups.

Another one is Intel’s response to it by apparently being accused of singling out AMD when as of now, Intel is far more vulnerable.

Since these chip makers are all US based is it possible they were mandated by law to introduce speculative execution in such a similar way that this vulnerability would be possible?  Considering recent revelations I don’t think it would be inconceivable.

Are there more than 3 variants and if we assume that no one else really knew about Variants 1-3 is it not possible that a well-armed team could find new ways to exploit them?

Long-term Value for Intel, AMD and ARM

At the time of writing Intel’s stock was down about 3% but this could get worse for either of these companies if one’s vulnerabilities keep increasing and/or one of them is hit with a larger exploit.


It’s hard to give an honest conclusion as we’re just getting started and this is all we know about the Variants 1,2 (Spectre) and Meltdown.  So far it looks like we were lucky to choose AMD.  The key issue that will come out of this is how many devices and users will remain vulnerable by being unable to patch or if they have a device that cannot be easily patched or there is no longer any support from the vendor?  This would increase the amount of zombies and data security breaches several fold.

This is also a good time and a wakeup call for all companies to do a security audit and if they don’t have dedicated security staff, to bring in some good IT and security auditors to assess and mitigate these risks before they become costly losses.