Announcement

Collapse
No announcement yet.

Linux To Report MIPS Vulnerabilities But They Often Go Unreported Or Dead Vendors

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux To Report MIPS Vulnerabilities But They Often Go Unreported Or Dead Vendors

    Phoronix: Linux To Report MIPS Vulnerabilities But They Often Go Unreported Or Dead Vendors

    The Linux kernel with the likes of ARM and x86 hardware leverage kernel infrastructure for reporting their relevant CPU security mitigations while only now the MIPS kernel code is seeing work to report such vulnerabilities. However, on the MIPS front it's more difficult with some vendors not publicly acknowledging vulnerabilities and other cases of MIPS hardware vendors no longer producing the hardware in question or even in business...

    http://www.phoronix.com/scan.php?pag...ulnerabilities

  • #2
    Well, the `creator CI20` single computer board used to illustrate this piece of news has never been stable enough to make anything usable out of it ... Apparently there is a bug in the MMU which makes the board crash after a couple of hours.

    Comment


    • #3
      If only there was some legal means to enforce a user's ability to replace the software on the hardware they own with a newer version. Perhaps some way of leveraging the international copyright system? Maybe someone smart at MIT or something can come up with an idea.

      Comment


      • #4
        Originally posted by bregma View Post
        If only there was some legal means to enforce a user's ability to replace the software on the hardware they own with a newer version. Perhaps some way of leveraging the international copyright system? Maybe someone smart at MIT or something can come up with an idea.
        Doubtful. If the problem is these small chip vendors going out of business, you can't fix that. Out of Business = ceasing all operations. It's like passing a law requiring a person to do something after they have died. Not possible to implement in the real world.

        With the rampant IP theft in recent years, mainly from Chinese entities, I wouldn't trust any kind of code escrow system. Too much risk to the business with no tangible business gains. Plus there is no Global Code Police (thankfully) to enforce something like this.

        Comment


        • #5
          Those bloody chip vendors should have taken the time and effort to support they're SoCs (with all of the bells and whistles, not just the CPU) in upstream linux.
          Instead they create a shitty patch-set which they publish for their BSP layers which won't ever get updated after its initial release.

          This goes for all major chip vendors, broadcom, qualcomm etc..
          All these Android smartphones, satellite/IPTV receivers are damned to hell after they stop selling.

          I sure hope Google will push harder and be more strict when it comes to upstream kernel support.

          Comment


          • #6
            Originally posted by MastaG View Post
            Those bloody chip vendors should have taken the time and effort to support they're SoCs (with all of the bells and whistles, not just the CPU) in upstream linux.
            Instead they create a shitty patch-set which they publish for their BSP layers which won't ever get updated after its initial release.

            This goes for all major chip vendors, broadcom, qualcomm etc..
            All these Android smartphones, satellite/IPTV receivers are damned to hell after they stop selling.

            I sure hope Google will push harder and be more strict when it comes to upstream kernel support.
            All true. To them, the Android and Linux underpinnings are not an ecosystem to be supported. They are simply plugging in a required piece of the puzzle, one-and-done, in order to ship the product. After product ships, it's off to designing the next product, with little or no investment in the already shipping one. A definite throw-away consumerism mindset. Then again, these are consumer products, so what do we expect. IMO this is where projects like the FairPhone and e.foundation have a real market opportunity.

            Comment


            • #7
              Originally posted by torsionbar28 View Post
              Doubtful. If the problem is these small chip vendors going out of business, you can't fix that. Out of Business = ceasing all operations. It's like passing a law requiring a person to do something after they have died. Not possible to implement in the real world.

              With the rampant IP theft in recent years, mainly from Chinese entities, I wouldn't trust any kind of code escrow system. Too much risk to the business with no tangible business gains. Plus there is no Global Code Police (thankfully) to enforce something like this.
              easy to do: just require any vendor of any product to put all design documents and source code to a lawyer.
              he could publish them as soon as support ends or the company goes out of businness.

              should be a fixed cost for them. its not much work

              Comment


              • #8
                There still might be several also non-MIPS designs out there that are vulnerable, and some that possibly aren't but are genereally considered to be since they fall in the x86 category. Not sure if they actually tested on x86_32 or just assume it's vulnerable. But Geode e.g. is partially in-order and might not be affected, some VIAs are unclear or Transmetas and probably others, too. Those are still around in thin clients or automates, and some might have connections to the outside world.
                So it would be good to check those for once and issue warnings or not.
                Stop TCPA, stupid software patents and corrupt politicians!

                Comment


                • #9
                  I would write something about "how the mighty have fallen" as I spent a good amount of time working with SGI hardware during its prime... but to be fair, MIPS still exists which is more than you can say for Alpha, PA-RISC, and some others. Never would have expected 99% of MIPS cpus would be going into $10 chinese routers.

                  Comment


                  • #10
                    Originally posted by torsionbar28 View Post
                    With the rampant IP theft in recent years, mainly from Chinese entities, I wouldn't trust any kind of code escrow system. Too much risk to the business with no tangible business gains. Plus there is no Global Code Police (thankfully) to enforce something like this.
                    https://foreignpolicy.com/2019/10/16...heft-progress/

                    This is a good write up. History of IP theft is a long one. When a country is getting their stuff going they steal a lot once they start innovating themselves they come IP protective. USA/UK... all have a long list of doing this with china exactly following this route. Its really simple to forgot historic from of IP theft was not steal the tech but steal the person who designed it.

                    The reality is when China stops stealing IP some other country attempting to develop is likely to steal IP instead. IP stealing is part of the global system. The fact we are not doing it as often with guns and muggings as much has been an improvement.

                    Companies do have a take a serous look at what they are keeping secret lot of cases its eating resources with very little gain in lots of cases this is why we are seeing more open source stuff in risc-v and others places. Sometimes its better to share the design get it peer reviewed to make sure you are not releasing a brand damaging product. Lot miss this do consumers care about what IP is inside their devices mostly no they care about reliability and that comes from trust in brand to provide solid products.

                    Yes it stupid right having your product cloned in lots of cases not damaging to your consumer base if you are delivering quality products. Remember clone products will normally attempt to cut costs in places so lower their quality. The more IP protective a company is normally the more crap their product is. There is a pattern of needing to protect IP because the product is not quality.

                    IP theft you hear thrown out as an arguement not to open up IP of a company you don't hear that there is quality reasons not to in most cases.

                    Remember if a party does not steal your IP that does not stop them stealing from your competitor or design a competitor themselves. Yes that were they steal from your competitor and clone it can result in your competitor getting more market share with a sales pitch we are the original quality design without defects and providing systems to prove the defects in the clones.

                    IP theft is one of those horrible things one way it can cost a business market share on the other hand it can get people developing products using methods compatible with your hardware so opening up a market for you that would not exist otherwise so grow you business market share. Yes sharing your design off the start line can be way to open up market for you as well and get other gains like peer review on what you are doing.

                    IP is a messy complex area to work out what is the right thing.

                    Comment

                    Working...
                    X