nlgranger

Agreed, firmware security by chip manufacturers has been underwhelming to say the least and we can blame them for that. But in this specific instance I still don’t see the benefit of a fix for consumer usage. Companies have a responsibility and accountability toward their users, so a fix is due, for personal laptops/PCs the threat is toward the owners themselves (activists, diplomats, journalists, etc.). The latter do not buy second hand equipment, and if the firmware is compromised while they own it, they are already in danger.

Good point ! 😆

I’m not saying this is a small issue and nothing should be done. I just noted that the issue is not as big as some other hardware-based vulnerabilities we encountered in the past. And every threat model calls for a corresponding counter-measure.

You are assuming activists are well funded in some way, and that they are not repressed. I’m assuming they are repressed, which is why they have people that buy and configure their equipment and hand it to them so that it hasn’t been tampered with. If you cannot afford that your should use your computer as if it was compromised.

You’re basically saying consumers don’t need any kind of antivirus either Where did I write that?

And what makes it so hard to release patches for consumer hardware. AMD focusing on where its money’s at and OEM/motherboard manufacturers being cheap and lazy and not pushing forward updates when they have them.

They are bad at writing software and firmware support is sketchy. That second point is technically the motherboard vendors fault but it could be due to confusing design and documentation on the AMD side. Hardware-wise they are great AFAIK.

I believe they used carbide lamps and not oil lamps.

So if a large region (say europe, or USA + canada) is cloudy and without wind, then all transactions must stop and the remaining countries are susceptible to represent over 50% of the hashing capacity. A perfectly sound system I’m eager to see.

I’m a bit dubious that revolutions can be effective nowadays against a well organised oppressive state with present tools (propaganda, police, surveillance, corruption). All revolutions have failed over the last few decades (Iran, Venezuela, Syria, Tunisia then Arab Spring, etc.).

AI companies in the USA are located is super expensive areas, I always wonder if the quality of life is actually better for these types of jobs. There is also meta in Paris, Google in London, etc. have you considered that ?

centrist -> far liberal, there I fixed it for you. I hate that stupid centrist word which makes them sound like reasonable people. Deregulation, globalization, privatization of public services, these all have brutal consequences on many people. Selling that as a compromise or a status quo is just an advertising stunt.

Consumer usage is not really concerned by the attack scenario of this vulnerability from what I understand. The prerequisite is to have access to the bios so it’s already game over at this point.