How is AMD “screwing us over”? Surely they aren’t doing this on purpose? That seems very cynical.
narc0tic_bird@lemm.ee 2 months ago
That’s so stupid, also because they have fixes for Zen and Zen 2 based Epyc CPUs available.
Intel vs. AMD isn’t “bad guys” vs. “good guys”. Either company will take every opportunity to screw their customers over. Sure, “don’t buy Intel” holds true for 13th and 14th gen Core CPUs specifically, but other than that it’s more of a pick your poison.
victorz@lemmy.world 2 months ago
Grippler@feddit.dk 2 months ago
They are 100% intentionally not patching old chips intentionally by not allocating resources to it. It’s a conscious choice made by the company.
victorz@lemmy.world 2 months ago
That’s not what I was referring to. I was referring to the act of “adding vulnerabilities”. Surely they aren’t doing that on purpose. And surely they would add fixes for it if it was economically viable? It’s a matter of goodwill and reputation, right?
I don’t know, I just don’t think it’s AMD’s business model to “screw over” their customers. I just don’t.
narc0tic_bird@lemm.ee 2 months ago
What I mean by that is that they will take a huge disservice to their customers over a slight financial inconvenience (packaging and validating an existing fix for different CPU series with the same architecture).
I don’t classify fixing critical vulnerabilities from products as recent as the last decade as “goodwill”, that’s just what I’d expect to receive as a customer: a working product with no known vulnerabilities left open. I could’ve bought a Ryzen 3000 CPU (maybe as part of cheap office PCs or whatever) a few days ago, only to now know they have this severe vulnerability with the label WONTFIX on it. And even if I bought it 5 years ago: a fix exists, port it over!
I know some people say it’s not that critical of a bug because an attacker needs kernel access, but it’s a convenient part of a vulnerability chain for an attacker that once exploited is almost impossible to detect and remove.
Grippler@feddit.dk 2 months ago
No they are just choosing not to roll out the fix to a known issue, which is screwing customers over on purpose (to increase profits). It’s not a matter of goodwill, they sold a product that then turned out to have a massive security flaw, and now they don’t want to fix even though they absolutely could.
ShortN0te@lemmy.ml 2 months ago
No, but those vulnerabilities where there when you bought it.
Would a car have a defect that was shown 5 years later, then the manufacturer would have to recall it or offer a repair program and or money in exchange.
Since everything is proprietary you cannot even fix things like this by yourself. The manufacturer needs to be held liable.
conciselyverbose@sh.itjust.works 2 months ago
The cost isn’t that high. They’re already doing it for a bunch of parallel systems.
In a just world they’d be legally required to provide the fixes, or fully refund the entire platform cost. It’s not remotely ethical to allow this to exist unpatched anywhere, regardless of support life.
Decipher0771@lemmy.ca 2 months ago
“Both sides”
“Vote third party!”
Wtf seriously this isn’t the same thing remotely but the arguments used are.
umbrella@lemmy.ml 2 months ago
cmon man
haui_lemmy@lemmy.giftedmc.com 2 months ago
Tangent: If we started buying risc-v systems we might get to a point where they can actually compete.
PrivateNoob@sopuli.xyz 2 months ago
That’s still far away from us as a consumer standpoint, but I’m eagerly waiting for a time when I could buy a RISC V laptop with atleast midrange computing capabalities
haui_lemmy@lemmy.giftedmc.com 2 months ago
I‘m more on the builder/tinkerer side so I‘m pretty much in starting position with risc-v now. But yes, its going to be some time before any of it is user ready as a pc.
Findmysec@infosec.pub 2 months ago
Framework has a laptop in progress if you’re interested
conciselyverbose@sh.itjust.works 2 months ago
I’m not buying hardware that doesn’t suit my needs as an investment hoping maybe it eventually will.
haui_lemmy@lemmy.giftedmc.com 2 months ago
Yeah, thats the reason why we‘re in this capitalist hellhole. Perfection comes from billionaire money, nothing else.
conciselyverbose@sh.itjust.works 2 months ago
What are you talking about perfection?
Buying something that doesn’t function is never rational.
amanda@aggregatet.org 2 months ago
This is one of the hardest earned lessons I’ve ever learned, and I’ve had to learn it over and over again. I think it’s mostly stuck now but I still make the same mistake from time to time.
Grappling7155@lemmy.ca 2 months ago
Jeff Geerling had a video recently about the state of RISC V for desktop. youtu.be/YxtFctEsHy0?si=SUQBiepSeOne8-2u
haui_lemmy@lemmy.giftedmc.com 2 months ago
I really enjoyed watching it. Thanks for referring to it.
narc0tic_bird@lemm.ee 2 months ago
I’m waiting to see how DeepComputing’s RISC-V mainboard for the Framework turns out. I’m aware that this is very much a development platform and far from an actual end-user product, but if the price is right, I might jump in to experiment.
haui_lemmy@lemmy.giftedmc.com 2 months ago
Sounds like a cool idea! :)
possiblylinux127@lemmy.zip 2 months ago
At the rate we are going Qualcomm might pivot to Risc-V (they are being sued by ARM)
haui_lemmy@lemmy.giftedmc.com 2 months ago
Interesting! Thanks for chiming in. I‘ll read up about it.