punkfungus

joined 5 months ago
[–] punkfungus@sh.itjust.works 106 points 3 months ago (3 children)

Really not good enough from AMD. I wonder if Intel wasn't a complete dumpster fire right now if they would still cut off the fix at Zen 3 (I doubt it). There's really no reason not to issue a fix for these other than they don't want to pay the engineers for the time to do it, and they think it won't cost them any reputational damage.

I hate that every product and company sucks so hard these days.

[–] punkfungus@sh.itjust.works 15 points 3 months ago* (last edited 3 months ago)

This isn't the first time such a vulnerability has been found, have you forgotten spectre/meltdown? Though this is arguably not nearly as impactful as those because it requires physical access to the machine.

Your fervour in trying to paint this as an equivalent problem to Intel's 13th and 14th gen defects, and implication that everyone else are being fanboys, is just telling on yourself mate. Normal people don't go to bat like that for massive corpos, only Kool aid drinkers.

[–] punkfungus@sh.itjust.works 8 points 4 months ago (1 children)

Crowdstrike bypassed WHQL because the update was not to the driver, it was to a configuration file that then gets ingested by the driver. It's deliberate so they can push out updates for developing threats without being slowed down by the WHQL process.

And that means when they decide to just send it on a Friday with a buggy config file, nobody is responsible but Crowdstrike.