Ministry of Prose: making words work for your business

One in a semi-regular series of ponderings, musings and contemplations on the interaction of words and psychology in business.

Meltdown, Spectre and the biological paradox of technology

January 2018

Being a technology writer is like being a policeman: one tends to see the darker side of one's subject matter. IT security is one of my areas of knowledge and these days it doesn't afford much cheer. The more computers of any kind - including phones, printers, TVs, in-house 'assistants' and Internet-of-Things gadgetry - that we connect together, the greater the risk of technological problems.

In this respect the IT environment closely mimics the biological one. The more densely populated - and therefore connected - groups of people or animals become, the easier it is for viruses and other pathogens to pass between them. That's especially true of homogeneous populations with little genetic diversity. People and animals have defences but pathogens change and mutate all the time. It's an arms race and the chances of a happy ending are slim.

IT is the same, right down to the risks inherent in mass homogeneity, both hardware and software. There is, I believe, no method of connecting computers that can be proven to be completely secure. I'd call this Cruickshank's Law, only I doubt I'm the first person to declare it. It's already logically and philosophically true, and the real world keeps showing it to be true empirically.

I'm writing this at a writers' meetup. Sitting around me are 30 or so people using laptops, tablets, netbooks, smartphones and other modern devices. Almost every one of them is now known to be fundamentally broken in terms of security. Some have the Meltdown flaw, nearly all have the Spectre vulnerability. The only immune writing tools in the room are the Psion 3mx on which I'm drafting this blog post and the pen and paper being used by the playwright sitting in the corner.

Something is fundamentally wrong with the way we build and use computers. I'm not sure exactly what it is, although poor design and QA of software and hardware is certainly a major part of the problem. Nor am I sure what can be done to fix it, since much of what we build emulates the functional behaviour of our own biology. Perhaps there's no way to break free from this mimicry: maybe we can't help but build machines in our image. In that case our computers and networks will always be broken. We may have reached a level of complexity at which it's no longer possible to even understand the risks inherent in what we create.

I have no solutions, just pragmatic ideas for risk mitigation. As far as is possible I will use only appliances from now on, devices designed or suited for a single purpose. That means using one of my vintage machines for the bulk of my writing work; a dumbphone for calls and messages; a battle-hardened read-only Linux operating system and browser for banking and other sensitive online transactions; and a separate general-purpose Linux OS for email and all other work. The two Linux installations run on an older machine that's free from the Spectre and Meltdown flaws. It's slow but it's safe - or at least safer.

This doesn't reduce my risk profile to zero, but it puts it in a range at which I'm comfortable. My technological vulnerability is now roughly equivalent to the risk of catching Ebola while snorkelling in the Outer Hebrides.

I can't and don't suggest that you do what I do, because it takes specialist knowledge and effort and inevitably involves compromise. However, I do suggest you start thinking of all computing connections in biological terms and act accordingly. Every connection holds the potential for infection. In human terms that might lead to an unpleasant and embarrassing trip to the clinic. Unfortunately, in IT terms the outcome could be even worse.

Alex Cruickshank has been a professional writer since 1994 and tries to practise safe tech.

back back to blog index

All content © copyright 2013-onward Ministry of Prose ( reproduction in whole or in part is illegal under international law.

home | blog | about