Victor

I love the immediate “a-and”. But I read it as a confident “aaand…” which I think is way funnier.

Not if you BBQ vegetables!

— Vegans

I think we’re talking past each other here. Missing each other’s points. I’m definitely confused by yours, and I feel like I’m not getting across to you. So I think I’ll say thank you for the discussion, and I’m sorry.

Just know this: I’m on board with everyone saying it would be good if AMD patched this for everyone. 🙂

But the airbag situation is different. The airbag vulnerability is something broken which already doesn’t work on the car. It’s broken before and after the crash.

But as I understood it, this vulnerability is only exploitable after the system has been compromised in some other way, first. So your system would have to first be compromised, then this vulnerability is exploitable. That’s like saying “your car radio will not function in this car, but only after the engine breaks.” It’s like 🤷‍♂️ OK, seems reasonable.

But the really bad thing IMO is that this vulnerability can cause permanent damage once exploited (?). That is super, super bad.

I haven’t had malware on any of my computers for 20+ years. 🤷‍♂️ Ever since I stopped clicking on shitty links on shitty sites and downloading shitty files with unknown contents and such behavior. I don’t think I’m worried. I’m not the target group for these kinds of attacks, I think.

I mean… 🤷‍♂️ The analysis is made, decision made. I probably have an affected system but… What’s the real risk for private end users? Should I really be so concerned?

they could just as well choose to help them.

I think that’s what I have a hard time believing. If they could “just as well” help, it is my belief that they also would. Because I don’t think they’re morons. I think they know this hurts their reputation. There has to be some obstacle, be it financial or lack of man power or… something. That is my belief.

Don’t you (all) think that sounds more likely than them just leaving their customers in the dark for no other reason than not having to do work?

What I meant was exactly that, which you corroborated as correct. You’d first have to already compromise these systems, in order to be able to exploit this vulnerability. That’s as I understood it. It’s that correct?

Gosh, it’s not easy getting my point across here today, I’m sorry.

All I’m saying is that I don’t think AMD is doing this to us, on purpose. I think it’s just happened, and they’re not handling it very well, even though it’s somewhat understandable. At least to me. 🤷‍♂️

But then again, I have no reason to be attacked or have my system compromised, so my situation is better than others’, perhaps.

I agree. 👌

When I said “It’s like”, I meant it as a simile to what’s going on with AMD right now. Not with what’s actually going on with car companies. Car companies are a whole different topic and discussion, of which I know nothing.

Would a car have a defect that was shown 5 years later, then the manufacturer would have to recall it or offer a repair program and or money in exchange.

I mean… A car is different, depending on the defect. It’s like “this window only breaks if you’ve already crashed the car”. (The defect only causes a vulnerability if the system is already compromised AFAICT.) And 5 years is much, much younger for a car compared to a CPU, but that’s not the important bit, I know.

But I agree with you all, I am not saying it shouldn’t be fixed, I was just saying I don’t think AMD is looking to screw over their customers on purpose. That’s all.

Ryzen 3000 series CPUs are still sold as new

Ah, that changes things. Not great. But still,

uninfected systems will intentionally be left vulnerable

what I meant was that apparently only compromised systems are vulnerable to this defect.

I’m guessing it’s a balance between old products, effort, severity, etc. As we’ve learned, this is only an issue for an already infected system. 🤷‍♂️

Well, you feel how you feel, and you choose the products you want after this. Good luck to you! 👍

Edit: So many down votes for wishing someone good luck. The hive mind is odd sometimes.

That’s not what I was referring to. I was referring to the act of “adding vulnerabilities”. Surely they aren’t doing that on purpose. And surely they would add fixes for it if it was economically viable? It’s a matter of goodwill and reputation, right?

I don’t know, I just don’t think it’s AMD’s business model to “screw over” their customers. I just don’t.

How is AMD “screwing us over”? Surely they aren’t doing this on purpose? That seems very cynical.

Nothing causes the electron to emit a photon exactly then at exactly that energy, it’s just something that happens.

I have to say this doesn’t sound very scientific to me.

Science would settle at “it’s just something that happens”? Certainly not the scientist in me, lol. Everything that happens is driven by something, in my mind. Some process. Even if it “appears” probabilistic or whatever. Seems like a probabilistic model is applicable to the behavior, perhaps, but we can’t measure or see such small things so we can’t really make any more detailed models than that. Isn’t that right?

So just because we don’t yet have a model for it or understand it fully, but we can describe it with some model, doesn’t mean we are finished or should stop there, IMO.

It’s like saying the dinosaurs went extinct after the youngest bones we’ve found. Or that they are exactly as old as the oldest bones we’ve found. But, we haven’t found all the dinosaur bones, or at least we can’t know that we have or haven’t. And we definitely haven’t found the bones of those dinosaurs that didn’t leave behind bones.

You feel what I’m getting at, kind of?

I was referring to the difference between a theory and a hypothesis.

Theorem would also be interesting to add to the mix.

Could you explain the difference to me? 🙏

Just a joke. It’s just a way to set up the joke. It doesn’t make sense, practically, but it isn’t supposed to be part of the funny bit. Or it is… It could be, in an ironic way.

🤷‍♂️ Take it with a pinch of salt.