this post was submitted on 12 Aug 2024
512 points (95.7% liked)

Selfhosted

39937 readers
371 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Here we are - 3600 which was still under manufacture 2-3 years ago are not get patched. Shame on you AMD, if it is true.

top 50 comments
sorted by: hot top controversial new old
[–] narc0tic_bird@lemm.ee 169 points 2 months ago (33 children)

That's so stupid, also because they have fixes for Zen and Zen 2 based Epyc CPUs available.

Intel vs. AMD isn't "bad guys" vs. "good guys". Either company will take every opportunity to screw their customers over. Sure, "don't buy Intel" holds true for 13th and 14th gen Core CPUs specifically, but other than that it's more of a pick your poison.

[–] haui_lemmy@lemmy.giftedmc.com 61 points 2 months ago (7 children)

Tangent: If we started buying risc-v systems we might get to a point where they can actually compete.

[–] PrivateNoob@sopuli.xyz 47 points 2 months ago (7 children)

That's still far away from us as a consumer standpoint, but I'm eagerly waiting for a time when I could buy a RISC V laptop with atleast midrange computing capabalities

load more comments (7 replies)
[–] conciselyverbose@sh.itjust.works 15 points 2 months ago (9 children)

I'm not buying hardware that doesn't suit my needs as an investment hoping maybe it eventually will.

load more comments (9 replies)
[–] Grappling7155@lemmy.ca 13 points 2 months ago (1 children)

Jeff Geerling had a video recently about the state of RISC V for desktop. https://youtu.be/YxtFctEsHy0?si=SUQBiepSeOne8-2u

load more comments (1 replies)
load more comments (4 replies)
load more comments (32 replies)
[–] punkfungus@sh.itjust.works 106 points 2 months ago (3 children)

Really not good enough from AMD. I wonder if Intel wasn't a complete dumpster fire right now if they would still cut off the fix at Zen 3 (I doubt it). There's really no reason not to issue a fix for these other than they don't want to pay the engineers for the time to do it, and they think it won't cost them any reputational damage.

I hate that every product and company sucks so hard these days.

load more comments (3 replies)
[–] blackstrat@lemmy.fwgx.uk 79 points 2 months ago (4 children)

Attackers need to access the system kernel to exploit the Sinkclose vulnerability, so the system would have to already be compromised. The hack itself is a sophisticated vector that is usually only used by state-sponsored hackers, so most casual users should take that into account.

So it's a vulnerability that requires you to.already have been compromised. Hardly seems like news.

I can understand AMD only patching server chips that by definition will be under greater threat. On the other hand it's probably not worth the bad publicity not to fix more.

[–] atiredittechnician@lemmy.world 28 points 2 months ago (3 children)

The reason that this is news is because it allows malware to embed itself into the processor microcode once kernel is breached. IE: If it is exploited for compromise, you either have to have the knowledge and hardware to reset the processor microcode manually (Requires an SPI flash tool) or you toss the hardware entirely. There's no just 'blow the drive away and reinstall the OS' solution available.

[–] WhyJiffie@sh.itjust.works 18 points 2 months ago (1 children)

This sounds weird. I was in the impression that operating systems load updated cpu microcode at every boot, because it does not survive a power cycle, and because the one embedded in the BIOS/UEFI firmware is very often outdated. But then how exactly can a virus persist itself for practically forever?

load more comments (1 replies)
[–] booly@sh.itjust.works 13 points 2 months ago

And that introduces a specific type of supply chain threat: someone who possesses a computer can infect their own computer, sell it or transfer it to the target, and then use the embedded microcode against the target, even if the target completely reformats and reinstalls a new OS from scratch.

That's not going to affect most people, but for certain types of high value targets they now need to make sure that the hardware they buy hasn't already been infected in the supply chain.

load more comments (1 replies)
[–] PM_Your_Nudes_Please@lemmy.world 16 points 2 months ago

It’s important because it allows them to directly modify the CPU’s microcode. Basically, the CPU has its own set of instructions, called microcode, which controls how the chip functions on a physical level. If they manage to change your microcode, even a full system reformat won’t kill the virus; You’ll need to either re-flash the CPU (which is not something the standard user or even power user will know how to do) or replace the entire CPU.

[–] Sethayy@sh.itjust.works 13 points 2 months ago

That being said it builds up vulnerabilities in anti-cheats to another beautiful crowstrike like domino cluster fuck

load more comments (1 replies)
[–] teawrecks@sopuli.xyz 64 points 2 months ago (1 children)

I feel like this is the perfect place for Right to Repair legislation: the product is broken? And it's outside your support window? Then give customers what they need to make the fix themselves. It's not good enough to say "meh, guess you gotta buy one of our newer chips then 🤷"

[–] possiblylinux127@lemmy.zip 12 points 2 months ago (1 children)

Especially since the Linux community are the types to go way overkill

load more comments (1 replies)
[–] KoalaUnknown@lemmy.world 55 points 2 months ago (3 children)

The enterprise models are getting patched but the consumer ones aren’t. Shame on them.

[–] nlgranger@lemmy.world 12 points 2 months ago (7 children)

Consumer usage is not really concerned by the attack scenario of this vulnerability from what I understand. The prerequisite is to have access to the bios so it's already game over at this point.

load more comments (7 replies)
load more comments (2 replies)
[–] KillingTimeItself@lemmy.dbzer0.com 48 points 2 months ago (1 children)

welp, time to go buy intel... wait.

[–] schizo@forum.uncomfortable.business 14 points 2 months ago (2 children)

You laugh, but if you're buying used, this 100% makes Intel the way to go over a Ryzen 1000/2000/3000 CPU.

[–] A_Random_Idiot@lemmy.world 32 points 2 months ago* (last edited 2 months ago) (10 children)

I dont know.

If I had my choice between a CPU that has a vulnerability that can only be exploited if the system is already compromised

or a CPU that are full of oxidation cancer, or frying themselves and doing irreparable damage.. Which the company is being excessively shady about concretely admitting to any RMA promises and wwill all eventually die in short order..

I think I'm gonna go with the Ryzen and not leave leave my computer outside at defcon.

Sure but we're talking about several generation old CPUs: nothing's wrong with Intel's 10/9/8th gen CPUs, which would be the contemporary ones to the Ryzen chips in question.

load more comments (9 replies)
[–] KillingTimeItself@lemmy.dbzer0.com 16 points 2 months ago

as long as we're buying 12th gen, we're ok.

[–] eskuero@lemmy.fromshado.ws 40 points 2 months ago (1 children)

lol for the past 15 years I have "rebuilt" my desktop every 5 years but I didn't expect the would try to force me out of my 7 3700x right on the date

[–] Schmuppes@lemmy.world 16 points 2 months ago (3 children)

Which is a shame because our 3700X is still pretty potent for the average user or gamer.

load more comments (3 replies)
[–] Kolanaki@yiffit.net 31 points 2 months ago (2 children)

How severe is this vulnerability?

[–] ducking_donuts@lemm.ee 65 points 2 months ago (5 children)

The good news is that in order to exploit the new vulnerability, the attacker first has to obtain kernel level access to the system somehow - by exploiting some other vulnerabilities perhaps.

The bad news is once Sinkclose attack is performed, it can be hard to detect and mitigate: it can even survive an OS reinstall.

[–] scoutFDT@lemm.ee 54 points 2 months ago (6 children)

So basically what you are saying is we just need one pvp game with kernel level anti cheat to fuck up somewhere...... yeah I'm sure that's not going to happen.

[–] Appoxo@lemmy.dbzer0.com 12 points 2 months ago (7 children)

Probably only on a targeted attack. I don't see it being a mass target attack like a worm could be.
And in the realm of businesses, how many programs are running in kernel level besides the antivirus/ED(P)R solution?

[–] weker01@sh.itjust.works 12 points 2 months ago

And with crowd strike we have seen how reliable Antivirus is.

load more comments (6 replies)
load more comments (5 replies)
load more comments (4 replies)
[–] TheHolm@aussie.zone 15 points 2 months ago (6 children)

You need to be a root to exploit it, but if it get exploited any way to get rid of it is to throw MB to trash.

load more comments (6 replies)
[–] BrightCandle@lemmy.world 25 points 2 months ago (1 children)

AMD has unfortunately a long history of abandoning products before its reasonable on its graphics division. Its not really acceptable, up until earlier this year my NAS/server was running a 3600 and its only for power saving purposes I changed that as its still a very workable CPU in that role.

[–] kalpol@lemmy.world 12 points 2 months ago (3 children)

Er I'm still running a FX-8350 as a gaming machine (not AAA games obviously). I had another one as a host for a few VMs and it was more than enough till the motherboard went. One day I'll upgrade I guess.

load more comments (3 replies)
[–] ipkpjersi@lemmy.ml 22 points 2 months ago* (last edited 2 months ago) (5 children)

Yay, another BIOS update!

I am getting so sick of all these BIOS updates because of all these security vulnerabilities all the time. It is so tiring having to set up my settings all over again all of the time. Earlier this year, or maybe it was last year, it felt like every month or two there was a new BIOS update for a new security vulnerability.

load more comments (5 replies)
[–] Harvey656@lemmy.world 21 points 2 months ago (5 children)

So I have a 3700x, I've read about the vulnerability but don't fully understand it. How at risk am I?

[–] ozymandias117@lemmy.world 27 points 2 months ago* (last edited 2 months ago) (1 children)

If an attacker gets access to your system, they will be able to ensure you can't get rid of their access

It will persist across operating system installs

However, this requires them to get access first

load more comments (1 replies)
[–] psmgx@lemmy.world 25 points 2 months ago

If they get root or admin they can hack the chip itself.

But minor exploits, nada, no issue, you good. Gotta get root to make it happen.

Problem is if you, as they say, get got, you have no way of knowing if they're in your CPU, and no way to fix if they did -- basically gotta trash it and replace.

load more comments (3 replies)
[–] Jumuta@sh.itjust.works 18 points 2 months ago (3 children)

so that means you can internally flash the bios chip from the os?

would be cool if there were coreboot builds for these platforms, this exploit seems pretty useful

load more comments (3 replies)
[–] 30p87@feddit.org 11 points 2 months ago (3 children)

*Cries in 5 2600 and 1070*

load more comments (3 replies)
load more comments
view more: next ›