Meltdown and Spectre Analysis and Current Status

There seems to be a lot of complacent or feel-good news that Meltdown and Spectre will solve themselves or that no worry or care should be taken from users but this couldn’t be further from the truth.  In reality while CPU makers say “there are no known cases of exploits” doesn’t do much to allay fears of those in the know.  This is because Spectre and Meltdown will not leave any trace or evidence that you’ve been hacked.  Although it can be argued that there may be some signs of unauthorized access if that was how access was gained.

However, the nature of Spectre and Meltdown allow for normal authorized users, programs and even scripts on websites to exploit you.  This is why it is so scary as there’s really no way to be certain you haven’t been breached.

It’s an issue for everyone because these exploits could impact anything from your bank, transportation/transit, airplanes, nuclear power plants, and basically anything else that relies on computing security since Meltdown and Spectre are a complete breakdown of those barriers.  I won’t go into more of the basic details but I did make a quick “take on the issue here“.

The good news

There were patches quickly released for a lot of Linux, Windows and Mac devices.  However this doesn’t mean that the users installed the patches or that all users have the ability or access to do so.  Take for example physically remote computers, devices and perhaps some that are running headless that may not be easily accessible or that for some reason have patches disabled (this is more common than you’d think in production or mission critical environments).

Then what about old and unsupported versions of operating systems or that old security system, phone, or TV box, or even ATM whose manufacturer may not be around anymore or is just simply not offering support?

It’s the same issue with many common worms and viruses, patches, and fixes may be issued but millions or more are often still affected long after for various reasons.

The bad news

Even if we assume that Google discovered these flaws first, and if we assume they weren’t mandated to be put there via ARM, AMD and Intel what about insiders who know about this back in June or even earlier on?   From that point a number of individuals and groups could have compromised or damaged sensitive data and computer systems.  There’s still time since a lot of devices and people will not be patched yet.

And to make things worse, the only true way to solve this issue is with a CPU microcode update, which is not simple to deploy especially on embedded devices and any mistake can lead to a bricked device.

These OS patches are just that “patch work”, a hack or work around to mitigate the issue.

Then there’s the question of “we know there are 3 variants or vectors of attack”.  What if there are others that are not yet discovered?  You can be well equipped and funded organizations/hacking groups are working on this as we speak and they certainly won’t be disclosing it.  Until all devices have microcode updates there’s no way to certain we are safe from unknown vectors related to Spector and Meltdown.

What can you do?

Simply look out for the latest updates for your devices/phones/computers and install the update but don’t falsely assume a new update means you are protected unless you’ve read so that “this update fixes the Spectre and Meltdown” issue.

Ethereum’s Issues Stem From the Basics

Ethereum is certainly #2 in the market capitalization only second to Bitcoin but it doesn’t mean it’s as easy to use.  In fact I suspect my recent experience is what is keeping it from rising, Ethereum makes me nervous and reluctant to use it everyday. As someone who has used the client’s/wallets for both I find Ethereum’s is cumbersome and at times impossible to use, thus preventing the user from using it to do any transactions at all.

Imagine if a simple eTransfer or Wire from your bank took over a week to initiate?  That’s way too long and beyond the purpose of the infamous but in practice non-realtime transactions in the cryptoworld.

I spent nearly a week syncing 4 months of blocks!

I needed to do a transaction in Ethereum and opened up my Ethereum Client which slowed my whole computer down and ultimately wouldn’t update past a certain point.

I consider myself an above average user who is good at troubleshooting issues.

I updated to the latest Ethereum client and that still didn’t fix it.

Some users suggest deleting the “chaindata” folder and that didn’t fix it.

Eventually I decided to do delete the whole “Ethereum Wallet” folder (never do this without backing up your keystore files safely).  Also be aware that this folder “Ethereum Wallet” is not where your keys/wallet data are stored.  In Linux they are stored in “~/.ethereum/keystore”which is very misleading when you have a “~/.config/Ethereum\ Wallet” (which is not where your wallet data or keys are stored).  I stress this because I came across many who had sworn off the Ethereum Coin and team because of this confusion where they lost their keys and ultimately their investment and coins.

The solution was to delete “~/.config/Ethereum\ Wallet” but the fun didn’t stop there.  It was updating so slow through the missing blocks that it felt like I was mining the entire blockchaining (you could literally count 1 by 1 as it was processing or sometimes it would take minutes on a single block).  I’ve been able to sync the whole Bitcoin or Litecoin Blockchain more quickly and without or much impact on my computer.

I decided to switch the chaindata for Ethereum to SSD it did speed things up but not significantly and still took about a day to catch up and my computer still did slow down.

What I Learned About Ethereum

For all of its features I think the team is out of touch with getting the basics right first, as evidenced by the “Parity” fiasco where through no fault of the users people have essentially lost or have 160M worth of Ethereum coins frozen and lost presumably forever.  I have never seen this with another major coin.

Nor have I seen or experienced the confusion on basics of why their client is so complex.  Why does it use another program geth to sync the data?  Why are there so many different choices, fast sync (which didn’t help speed things up for me), a MIST client and so many different confusing and unnecessary choices and complexity?

I like how I can just download the Bitcoin client or Litecoin client and it works simply, there’s no guessing or confusion.

When it comes down to it, if someone with my background is having to troubleshoot and it slows me down from doing transactions, or I fear my coins could randomly be lost it doesn’t bold well for Ethereum’s future.  I don’t mind leaving other wallets running but Ethereum just takes too much computing with SSH so it’s not practical.  I will consider Ethereum a wise investment with some risks I’ve highlighted above but for any cryptocurrency to truly be accepted and successful it must be secure, fast, reliable and easy to use (something which most cryptocurrencies still fail at if not for the reason that you require the whole blockchain to keep your money in your own possession or have to rely on dangerous uninsured third party exchanges or services that are often hacked).

As we can see below this is not a sustainable practice for cryptocurrency going forward and I will be posting more about how I think the future of crypto will be significantly different than we currently see.

Screenshot-Ethereum Wallet-19