210
Researchers discover potentially catastrophic exploit present in AMD chips for decades
(www.engadget.com)
This is a most excellent place for technology news and articles.
Except the AMD exploit requires ring 0 access and is almost irrelevant to most users, whereas the Intel issues are physically destroying people's computers. The scale of the issues are utterly incomparable.
I'm much more angry with whatever dipshit at AMD decided to revoke permission for ZLUDA, and that they haven't yet been fired.
People grant kernel access all the time without thinking. Video game anti-cheat is a good example. It's a pretty potent vector of attack since you can never trust these companies to keep themselves secure.
Apex Legends and Genshin Impact being a good example of this.
The Apex Legends hacking situation was unrelated to the anti-cheat despite initial reports. It didn't stop the hack but it also wasn't the vector for the attacks.
Genshin Impact's anti-cheat however was an unmitigated disaster.
you're right, thanks for the clarification! https://inv.tux.pizza/watch?v=lzW4SDm0yWM
I'm thinking there are more things like this, and maybe even some are intentionally put in to please government actors. Intels management engine is like a small computer inside the computer, and amd has something simular. This computer can work completely independent of what the main computer does and has network access.
Difference is that Intel's Management engine can be controlled via the network whereas AMD's platform security processor is local-only.
The much bigger problem is Microsoft's Pluton coprocessor, which they plan on making mandatory for using windows in the future.
I didn't know amd is local only, that's amazing. Another huge reason to go for amd.
And yeah, Pluton... I don't use windows anymore and I encourage everyone to switch to Linux. But only a few people care about their privacy and not being tracked.
It used to be a major pro-AMD reason for me too, but it's become irrelevant since pluton. Weird thing is, pluton was announced with much fanfare for Ryzen 6000, but I've not heard about it since.
Edit: I just read up on this topic again and found out that both purism and system76 disable the Intel ME in all their products (don't know if all of it is disabled, since it normally controls a lot of necessary components)
Edit 2: they can either remove most of its code from the flash, or use a disabling system that Intel had literally developed for the NSA.
ZLUDA was probably taken down to protect AMD from being sued by Nvidia.
https://www.tomshardware.com/pc-components/gpus/nvidia-bans-using-translation-layers-for-cuda-software-to-run-on-other-chips-new-restriction-apparently-targets-zluda-and-some-chinese-gpu-makers
Didn't the author confirm the takedown came from AMD and not NVidia? AMD isn't responsible for third party software running on their hardware.
Although, IIRC they either sanctioned it or provided some initial funding, which might have put them in a more culpable position. Still, I'm pretty sure the takedown came from AMD, and it doesn't make sense that they're doing NVidia's policing for then.
They were paying for its development for about a year and a half.
Yeah, that'd do it. Although, again, it looks like the restriction wasn't in the NVIDIA licensing wording until recently. IANAL, but you it both parties are required to agree to contract changes; if AMD's contributions were all pre-wording change, they merely need to dust their hands; it's OSS. Why are they doing NVIDIA's dirty work for them?
I'm not convinced.
what's ZLUDA? can you ELI5?
ZLUDA was an open source translation layer for CUDA. So basically developers could take code from projects written for Nvidia's CUDA and use ZLUDA to run them on other hardware. Originally the dev was focused on Intel but AMD started paying him and he focused on AMD hardware. They stopped funding him earlier in the year and now it appears AMD legal has gone back on their earlier permission for him to keep distributing the code.
oof, what a rugpull