Major Intel CPU vulnerability
- 
 @momurda said in Major Intel CPU vulnerability: @tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room. 
 This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.The car analogy sold me. With this type of vulnerability the safety is very similar to having a brake problem. 
- 
 @momurda said in Major Intel CPU vulnerability: @tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room. 
 This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.There are federal mandates on how long automakers must make recalls. I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great). It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years. LOL - like that will ever happen. 
- 
 @momurda said in Major Intel CPU vulnerability: @tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room. 
 This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.Yeah I get the point. I agree they should provide a fix for them all as far back as Operating System vendors (Microsoft, Apple, Linux Distros, etc) will provide OS patches for AT LEAST. 
- 
 @dashrender said in Major Intel CPU vulnerability: @momurda said in Major Intel CPU vulnerability: @tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room. 
 This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.There are federal mandates on how long automakers must make recalls. I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great). It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years. LOL - like that will ever happen. I don't think that it would be great. It would encourage all kinds of bad things, like intentionally fly by night organizations and a lot of small, cheap stuff not able to be made. 
- 
 @scottalanmiller said in Major Intel CPU vulnerability: @dashrender said in Major Intel CPU vulnerability: @momurda said in Major Intel CPU vulnerability: @tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room. 
 This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.There are federal mandates on how long automakers must make recalls. I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great). It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years. LOL - like that will ever happen. I don't think that it would be great. It would encourage all kinds of bad things, like intentionally fly by night organizations and a lot of small, cheap stuff not able to be made. The knife definitely cuts both ways in this. 
- 
 Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product. 
- 
 @momurda said in Major Intel CPU vulnerability: Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product. What's more shocking is how few of their customers care or will stop buying from them. 
- 
 @momurda said in Major Intel CPU vulnerability: Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product. I can agree with your stance, yet I have to disagree with you. The money earned has nothing to do with what it would take to fix every CPU ever made since this bug existed. Old tech has a shelf life, just like everything else. Replace your old equipment and move on. Hopefully you replace it with something that isn't Intel if you don't want to support them. 
- 
 @momurda said in Major Intel CPU vulnerability: Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product. It's about what makes the money. Making money is likely the only goal the public company has. So spending some of it on making patches actually doesn't make them money, because customers won't leave them, it hurts them - because if patched, why buy more? 
- 
 @dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus 
- 
 @momurda said in Major Intel CPU vulnerability: @dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus You're point? They aren't a charity. It wouldn't matter if it was 0.00001% if it doesn't make financial sense, you don't do it. 
- 
 @momurda said in Major Intel CPU vulnerability: @dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus Not of the profits, though, that's just the money passing through them. 
- 
 Who cares if their margins get affected for a year? 
 The company i work for designs and makes electronics. Our revenues are less than 20million/year. Intel makes more than 3000 dollars for every dollar we make. Yet we still have devices over 10 years old in the field that we still provide hardware support and software updates for. No excuse for this.
- 
 @momurda said in Major Intel CPU vulnerability: Who cares if their margins get affected for a year? 
 The company i work for designs and makes electronics. Our revenues are less than 20million/year. Intel makes more than 3000 dollars for every dollar we make. Yet we still have devices over 10 years old in the field that we still provide hardware support and software updates for. No excuse for this.Also no reason to expect it. Sure, they COULD fix these old things. But just because they can, doesn't mean anything. Profits, size of the field, what other people do... none of these things are factors. All you are doing is showing that Intel could do something, but that's not relevant to if they should or need to or whatever. Sure we need to know that it is possible before knowing if they should, but that's not enough alone to even suggest that that is the case. 
- 
 @scottalanmiller I wasnt trying to compare what intel could do to what the company i work for does. It is just an example of another electronics manufacturer. One with far less resources. 
 One that knows its customers are the only reason it exists. A rather basic economic concept Intel doesnt seem to grasp.
 Intel have issued patches for the cpus theyre going to patch within 10 days of this knowledge being released. Are you suggesting that another couple weeks of R&D and a patch for cpus going back to Westmere would be too much of a burden for Intel? That is a ludicrous idea.
- 
 @momurda said in Major Intel CPU vulnerability: @scottalanmiller I wasnt trying to compare what intel could do to what the company i work for does. It is just an example of another electronics manufacturer. One with far less resources. 
 One that knows its customers are the only reason it exists. A rather basic economic concept Intel doesnt seem to grasp.
 Intel have issued patches for the cpus theyre going to patch within 10 days of this knowledge being released. Are you suggesting that another couple weeks of R&D and a patch for cpus going back to Westmere would be too much of a burden for Intel? That is a ludicrous idea.Intel is primarily a consumer products company, though. And that makes things very, very different. Intel also has a strong incentive not to patch old procs - because it is confident that by not doing so they will sell more new ones. And if that happens, which I assure you it will, then their customers have spoken and not only do they not care that their old procs are not patched, they are willing to pay to make sure that they aren't. Intel has a fiduciary responsibility by law, and if not patching makes them money, they are required to do it. Now they have to truly believe that they will make more money that way, but that's how the system works with public companies in the US. 
- 
 
- 
 Anybody know Supermicro's update stance with this? Have they posted anything? 
- 
 @momurda said in Major Intel CPU vulnerability: Anybody know Supermicro's update stance with this? Have they posted anything? https://www.supermicro.com/support/security_Intel-SA-00088.cfm 
- 
 @dbeato said in Major Intel CPU vulnerability: @momurda said in Major Intel CPU vulnerability: Anybody know Supermicro's update stance with this? Have they posted anything? https://www.supermicro.com/support/security_Intel-SA-00088.cfm You beat me to it! I just found the Supermicro links and was about to post them here :D. 








