AMD says some chips fall outside of the software support window.

Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

Norah - She/They
link
fedilink
English
13M

Sorry, I reread it and I understand now that you were referencing the AMD chip in a comparison. I guess I still would compare it most to the Takata airbag situation. You’re right that nothing happens on it’s own, but once you’ve “crashed the car” then it kind of is a lot like an airbag not going off. It infects your computer on a hardware level, and any future OS running off that motherboard is potentially vulnerable in a way that’s impossible to tell.

Victor
link
fedilink
English
1
edit-2
3M

But the airbag situation is different. The airbag vulnerability is something broken which already doesn’t work on the car. It’s broken before and after the crash.

But as I understood it, this vulnerability is only exploitable after the system has been compromised in some other way, first. So your system would have to first be compromised, then this vulnerability is exploitable. That’s like saying “your car radio will not function in this car, but only after the engine breaks.” It’s like 🤷‍♂️ OK, seems reasonable.

But the really bad thing IMO is that this vulnerability can cause permanent damage once exploited (?). That is super, super bad.

Norah - She/They
link
fedilink
English
13M

Except that doesn’t at all explain the wider recall of 100 million units. Not every single one of those airbags were faulty. First of all, how could we know? Testing an airbag is a potentially dangerous thing to do, let alone on an enormous scale that would require under-qualified persons to run the tests. Secondly, it’s not a 100% failure rate. If it were, it would have been picked up far sooner than it would take to sell 100 million units. If it happened just as severely no matter the unit’s age, it would have been picked up during crash-testing. What actually happened was an analysis of statistical averages that showed a far higher rate of failure than there should have been.

The similarities to me come from a comparison to Schrödinger’s cat. In the airbag example, you don’t know if the unit in front of you is going yo fail until you “open the box” by crashing. With the AMD vulnerability, you don’t know if ur motherboard has been infected by any virus/worm/etc until a “crash” or other signs of suspicious behaviour.

In both cases, the solution to the vulnerability removes that uncertainty, allowing you to use the product to it’s original full extent.

Look at it this way, imagine if this vulnerability existed in the ECU/BCU of a self-driving capable car. At any point someone could bury a piece of code so deeply you can’t ever be sure it’s gone. Would you want to drive that car?

Victor
link
fedilink
English
13M

I think we’re talking past each other here. Missing each other’s points. I’m definitely confused by yours, and I feel like I’m not getting across to you. So I think I’ll say thank you for the discussion, and I’m sorry.

Just know this: I’m on board with everyone saying it would be good if AMD patched this for everyone. 🙂

Norah - She/They
link
fedilink
English
23M

Hey, that’s really fair, thanks for being honest :)

Create a post

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.

Rules:

  1. Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

  • 1 user online
  • 124 users / day
  • 419 users / week
  • 1.16K users / month
  • 3.85K users / 6 months
  • 1 subscriber
  • 3.68K Posts
  • 74.2K Comments
  • Modlog