Conversation

Notices

1. Embed this notice
   Iron Bug (iron_bug@friendica.ironbug.org)'s status on Tuesday, 18-Jun-2024 09:15:31 JST Iron Bug

   • Julius Schwartzenberg
   @ariadne @jschwart @kate updating microcode is a big thing. it may
   - introduce new vulnerabilities
   - significantly slow down performance
   - have inlaid backdoors for vendor
   and not all vulnerabilities are exploitable in every particular case. sometimes the use case of CPU excludes the possible attacks and performance is more important than some fast and dirty fix.
   
   of course, this all does not lift the fact that CPU must be designed and tested more carefully to avoid such BS we see more and more often nowadays. the problem is aggressive and idiotic management that forces engineers to throw semi-raw products to the market. nobody cares for quality and security. users pay for some cat in a bag that may have absolutely broken performance after a serie of skew firmware workarounds for CPU architecture errors.
   • 翠星石 likes this.
   • Embed this notice
     Alexandre Oliva (lxo@gnusocial.net)'s status on Tuesday, 18-Jun-2024 09:15:29 JST Alexandre Oliva

     in reply to
     if a cpu is found to be defective and endangering to users' safety, it should undergo a recall list most everything else. if a recommended microcode update patches a defect at the expense of slowing down the cpu or otherwise making it unable to do things it was purchased for, without the possibility of a proper recall fix, the sale should be considered fraudulent
     翠星石 likes this.
   • Embed this notice
     Iron Bug (iron_bug@friendica.ironbug.org)'s status on Tuesday, 18-Jun-2024 17:59:55 JST Iron Bug

     in reply to

     • Alexandre Oliva
     @lxo and yes, they try to impose SaaS even to CPU! they want users to pay to them endlessly. for "unlocking" CPU features. but why, the hell, features of CPU might be locked from an user that has bought it and have already paid? that's really weird. and that what should be stopped by all means.
     翠星石 likes this.