Whether it's cost prohibitive or not, it's impossible to keep those devices secure and updated. That's just how it is. People are misled by many cultists that the OS is the only thing you need to update, which is completely false.
@inference
It is false, but it's not unreasonable. What are the chances of encountering a threat targeted at specific hardware in the wild? If someone has physical access to your device, you're fscked anyway. And that's security, their privacy is more often threatened by newer software, by stuff marketed as useful features that come built right into their ROM.
I don't disagree with you, but claiming older devices a privacy nightmare is a bit of a stretch too 🤷
@rqsd@borg.social
@inference
M1racles is known for over a year — it's a hardware fault that cannot be fixed properly, only mitigated at other levels to a certain point. Is everyone advised to put their M1-bases Macs in the dumpster? I think not, because that hardware isn't exactly old. People expecting vulnerabilities to be fixed on other levels (OS in our case) aren't oblivious, this can be done in theory, but they are wrong because no one has incentive to do so.
@rqsd@borg.social
@inference
> Apple have mitigated M1 vulnerabilities, same as how Intel and AMD have done in their chips.
Exactly! That's why the ones who expect vulnerabilities to be fixed on OS level aren't crazy (I thought that was your point), it's possible, but there is a 99,(9)% chance that it'll never get done😄
The ones who don't want to upgrade aren't unreasonable, maybe the troubles that (ALWAYS!) come with new devices outweight the security risk for them🤷
@rqsd@borg.social
@inference
Because it's *more reasonable* to fix it at firmware level, not because it's the only way. They can't fix it on hardware level, and OS-level patch will likely be more complex and have a bigger impact on performance — and that's it. Imagine we don't have flashable firmware and patchable microcode, would they go for that more complex OS-level solution? Yes, they most probably would. It's possible — that's my point.
@rqsd@borg.social
@inference
> can partially mitigate Spectre and Meltdown etc, but cannot fully do so
It could if it didn't use flat memory model. Spectre/Meltdown wouldn't have happened in the first place if that was the case. 386 protected mode looked so… protected to me with segmented addressing. I've lost track of how stuff works when everyone was transitioning to x86-64 — this design is just asking for trouble. And look where it got us 😂
@rqsd@borg.social
@inference But address randomization won't even be needed if segmented addressing is used 🤔
As there is no way for one process to do what CPU might treat as addressing memory of another process. Yeah, it makes IPC more complex, microkernels make it more complex as well. But isn't that the proper fundamental solution to this problem? Address randomization is just a quirk!
Neither Linux, nor Windows ever used all the features of PM, only OS/2 did that AFAIK
