Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

  • @[email protected]
    link
    fedilink
    English
    145 months ago

    No, but those vulnerabilities where there when you bought it.

    Would a car have a defect that was shown 5 years later, then the manufacturer would have to recall it or offer a repair program and or money in exchange.

    Since everything is proprietary you cannot even fix things like this by yourself. The manufacturer needs to be held liable.

    • Victor
      link
      fedilink
      English
      -54 months ago

      Would a car have a defect that was shown 5 years later, then the manufacturer would have to recall it or offer a repair program and or money in exchange.

      I mean… A car is different, depending on the defect. It’s like “this window only breaks if you’ve already crashed the car”. (The defect only causes a vulnerability if the system is already compromised AFAICT.) And 5 years is much, much younger for a car compared to a CPU, but that’s not the important bit, I know.

      But I agree with you all, I am not saying it shouldn’t be fixed, I was just saying I don’t think AMD is looking to screw over their customers on purpose. That’s all.

      • Norah - She/They
        link
        fedilink
        English
        4
        edit-2
        4 months ago

        “this window only breaks if you’ve already crashed the car”

        No, it’s usually more like “this thing will break and cause a car crash” or “this thing will murder everyone in the vehicle if you crash”. And companies still will not fix it. Look at the Ford Pinto, executives very literally wrote off people’s deaths as a cost of doing business, when they’d turn into fireballs during even low speed rear-end collisions. Potentially burning down the car that hit them too.

        Edit: I mean, just look at the Takata airbag recall. 100 million airbags from 20 different carmakers recalled because they wouldn’t activate during a crash.

        • Victor
          link
          fedilink
          English
          0
          edit-2
          4 months ago

          When I said “It’s like”, I meant it as a simile to what’s going on with AMD right now. Not with what’s actually going on with car companies. Car companies are a whole different topic and discussion, of which I know nothing.

          • Norah - She/They
            link
            fedilink
            English
            14 months ago

            Sorry, I reread it and I understand now that you were referencing the AMD chip in a comparison. I guess I still would compare it most to the Takata airbag situation. You’re right that nothing happens on it’s own, but once you’ve “crashed the car” then it kind of is a lot like an airbag not going off. It infects your computer on a hardware level, and any future OS running off that motherboard is potentially vulnerable in a way that’s impossible to tell.

            • Victor
              link
              fedilink
              English
              1
              edit-2
              4 months ago

              But the airbag situation is different. The airbag vulnerability is something broken which already doesn’t work on the car. It’s broken before and after the crash.

              But as I understood it, this vulnerability is only exploitable after the system has been compromised in some other way, first. So your system would have to first be compromised, then this vulnerability is exploitable. That’s like saying “your car radio will not function in this car, but only after the engine breaks.” It’s like 🤷‍♂️ OK, seems reasonable.

              But the really bad thing IMO is that this vulnerability can cause permanent damage once exploited (?). That is super, super bad.

              • Norah - She/They
                link
                fedilink
                English
                14 months ago

                Except that doesn’t at all explain the wider recall of 100 million units. Not every single one of those airbags were faulty. First of all, how could we know? Testing an airbag is a potentially dangerous thing to do, let alone on an enormous scale that would require under-qualified persons to run the tests. Secondly, it’s not a 100% failure rate. If it were, it would have been picked up far sooner than it would take to sell 100 million units. If it happened just as severely no matter the unit’s age, it would have been picked up during crash-testing. What actually happened was an analysis of statistical averages that showed a far higher rate of failure than there should have been.

                The similarities to me come from a comparison to Schrödinger’s cat. In the airbag example, you don’t know if the unit in front of you is going yo fail until you “open the box” by crashing. With the AMD vulnerability, you don’t know if ur motherboard has been infected by any virus/worm/etc until a “crash” or other signs of suspicious behaviour.

                In both cases, the solution to the vulnerability removes that uncertainty, allowing you to use the product to it’s original full extent.

                Look at it this way, imagine if this vulnerability existed in the ECU/BCU of a self-driving capable car. At any point someone could bury a piece of code so deeply you can’t ever be sure it’s gone. Would you want to drive that car?

                • Victor
                  link
                  fedilink
                  English
                  14 months ago

                  I think we’re talking past each other here. Missing each other’s points. I’m definitely confused by yours, and I feel like I’m not getting across to you. So I think I’ll say thank you for the discussion, and I’m sorry.

                  Just know this: I’m on board with everyone saying it would be good if AMD patched this for everyone. 🙂