Selfhosted

59955 readers

391 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam.
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
Submission headline should match the article title.
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago

MODERATORS

curbstickle@anarchist.nexus

curbstickle_lw@lemmy.world

515

AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' (www.tomshardware.com)

submitted 2 years ago by TheHolm@aussie.zone to c/selfhosted@lemmy.world

181 comments fedilink hide all child comments

Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

you are viewing a single comment's thread
view the rest of the comments

[–] WhyJiffie@sh.itjust.works 1 points 2 years ago* (last edited 2 years ago) (1 children)

The latter do not buy second hand equipment

You are assuming activists are well funded in some way, and that they are not repressed.

This obviously has a benefit for consumer usage too, same as encryption. You're basically saying consumers don't need any kind of antivirus either, because it's not that critical.
This vuln should have been fixed for consumer hardware too, because it basically permanently taints all hardware that is vulnerable to it. And what makes it so hard to release patches for consumer hardware, when patches were already made for the same generations of enterprise hardware? Basically the majority of the work has been done already

[–] nlgranger@lemmy.world 1 points 2 years ago

I'm not saying this is a small issue and nothing should be done. I just noted that the issue is not as big as some other hardware-based vulnerabilities we encountered in the past. And every threat model calls for a corresponding counter-measure.

You are assuming activists are well funded in some way, and that they are not repressed. I'm assuming they are repressed, which is why they have people that buy and configure their equipment and hand it to them so that it hasn't been tampered with. If you cannot afford that your should use your computer as if it was compromised.

You’re basically saying consumers don’t need any kind of antivirus either Where did I write that?

And what makes it so hard to release patches for consumer hardware. AMD focusing on where its money's at and OEM/motherboard manufacturers being cheap and lazy and not pushing forward updates when they have them.