Announcement

Collapse
No announcement yet.

Linux To Report MIPS Vulnerabilities But They Often Go Unreported Or Dead Vendors

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • anarki2
    replied
    That's rather unfortunate given that many networking vendors use MIPS on their routers and switches (e.g. Ubiquiti), where security is pretty darn crucial.

    Leave a comment:


  • flygoat
    replied
    I'm the author of the patch and the patch was meant to say Loongson 64C is not known to be affected by meltdown.....

    Leave a comment:


  • Quetzalcoatlus
    replied
    as: Warning: Target architecture mipsel-elf is deprecated. Please run mips2arm

    Leave a comment:


  • Mangix
    replied
    A lot of these MIPS platforms in practice are not vulnerable to Meltdown/Spectre. A lot of them are in order and have a static memory boundary between kernel and user space.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by torsionbar28 View Post
    Sounds like someone has been drinking the Chinese kool-aid. Acquiring a patent or hiring an inventor in the 1890's can hardly be compared with the state-sponsored hacking and IP theft we see coming out of the CCP today. China is a uniquely bad actor when it comes to Internet-age intellectual property theft.
    https://www.forbes.com/sites/kenrapo...-for-ip-theft/

    The reality is China is not uniquely bad actor. Biggest of the bad actors yes but methods not unique. You would not be looking at the examples of where the US/Uk/
    Russia/Australia... are doing the wrong thing. The USA media is doing very bias reporting on the ip theft issue .

    https://www.dw.com/en/germany-fears-...ets/a-16925289

    Its also important to be aware that USA has in the recent past with NSA been caught with hand in state-sponsored stealing of intellectual property.

    torsionbar28 its really easy to look at CCP doing all this stuff and say they are a uniquely bad actor so ignoring the fact the USA, Russia, UK, Australia.... in the past 50 years have been caught with state sponsored hacking and theft of intellectual property. China for what they are doing is not unique. The volume the China is doing is more but so is their population so not unique just is more because China has more population to-do it. China for what they are doing they were the copy cat criminal who has out done the party they copied now the party they copied is getting really upset.

    Its really simple to miss that the USA, Russia, Uk.... all set bad examples how China should behave to develop their industries quickly. We are not talking 100 years back setting these examples in the last 50 years its not the 1890s its the internet age where USA set the bad example. Remember USA state funded set a lot bad example in the internet age before china really had internet as in the early 1990s.

    Yes we want to kill this model off because if India copies china in future we will have equal big mess coming.

    https://en.wikipedia.org/wiki/Stuxnet
    Lot of ways we have to be thankful china is doing state-sponsored hacking and IP theft and have not followed the USA bad example completely to use computers as weapon of war and started targeted like USA power generation. Remember that was the result of Stuxnet in a few countries the USA hated.

    The reality we have a lot of bad government actors in the world they are not a single country problem. Larger the poplation of a country when they go bad actor the worse it is. If we really don't start generically dealing with these bad actor problems we are going to rinse and repeat the current china mess with India most likely in a few decades. We failed to learn from the USA and other prior ones.

    Leave a comment:


  • torsionbar28
    replied
    Sounds like someone has been drinking the Chinese kool-aid. Acquiring a patent or hiring an inventor in the 1890's can hardly be compared with the state-sponsored hacking and IP theft we see coming out of the CCP today. China is a uniquely bad actor when it comes to Internet-age intellectual property theft. In fact, China and Russia are the only two nations in the world, where their governments have established laws granting them full 100% access by default, to any data stored in-country, personal, commercial, anything. As a Communist nation, all the largest businesses are effectively CCP owned and controlled. Whatever you decide to build or manufacture there, the CCP has access to all of it. Do you really think the CCP is going to allow any foreign competitor to maintain a competitive technology advantage, when the CCP can peek at their IP at any time?
    Last edited by torsionbar28; 31 December 2020, 10:15 PM.

    Leave a comment:


  • oiaohm
    replied
    Originally posted by torsionbar28 View Post
    With the rampant IP theft in recent years, mainly from Chinese entities, I wouldn't trust any kind of code escrow system. Too much risk to the business with no tangible business gains. Plus there is no Global Code Police (thankfully) to enforce something like this.
    https://foreignpolicy.com/2019/10/16...heft-progress/

    This is a good write up. History of IP theft is a long one. When a country is getting their stuff going they steal a lot once they start innovating themselves they come IP protective. USA/UK... all have a long list of doing this with china exactly following this route. Its really simple to forgot historic from of IP theft was not steal the tech but steal the person who designed it.

    The reality is when China stops stealing IP some other country attempting to develop is likely to steal IP instead. IP stealing is part of the global system. The fact we are not doing it as often with guns and muggings as much has been an improvement.

    Companies do have a take a serous look at what they are keeping secret lot of cases its eating resources with very little gain in lots of cases this is why we are seeing more open source stuff in risc-v and others places. Sometimes its better to share the design get it peer reviewed to make sure you are not releasing a brand damaging product. Lot miss this do consumers care about what IP is inside their devices mostly no they care about reliability and that comes from trust in brand to provide solid products.

    Yes it stupid right having your product cloned in lots of cases not damaging to your consumer base if you are delivering quality products. Remember clone products will normally attempt to cut costs in places so lower their quality. The more IP protective a company is normally the more crap their product is. There is a pattern of needing to protect IP because the product is not quality.

    IP theft you hear thrown out as an arguement not to open up IP of a company you don't hear that there is quality reasons not to in most cases.

    Remember if a party does not steal your IP that does not stop them stealing from your competitor or design a competitor themselves. Yes that were they steal from your competitor and clone it can result in your competitor getting more market share with a sales pitch we are the original quality design without defects and providing systems to prove the defects in the clones.

    IP theft is one of those horrible things one way it can cost a business market share on the other hand it can get people developing products using methods compatible with your hardware so opening up a market for you that would not exist otherwise so grow you business market share. Yes sharing your design off the start line can be way to open up market for you as well and get other gains like peer review on what you are doing.

    IP is a messy complex area to work out what is the right thing.

    Leave a comment:


  • squash
    replied
    I would write something about "how the mighty have fallen" as I spent a good amount of time working with SGI hardware during its prime... but to be fair, MIPS still exists which is more than you can say for Alpha, PA-RISC, and some others. Never would have expected 99% of MIPS cpus would be going into $10 chinese routers.

    Leave a comment:


  • Adarion
    replied
    There still might be several also non-MIPS designs out there that are vulnerable, and some that possibly aren't but are genereally considered to be since they fall in the x86 category. Not sure if they actually tested on x86_32 or just assume it's vulnerable. But Geode e.g. is partially in-order and might not be affected, some VIAs are unclear or Transmetas and probably others, too. Those are still around in thin clients or automates, and some might have connections to the outside world.
    So it would be good to check those for once and issue warnings or not.

    Leave a comment:


  • flower
    replied
    Originally posted by torsionbar28 View Post
    Doubtful. If the problem is these small chip vendors going out of business, you can't fix that. Out of Business = ceasing all operations. It's like passing a law requiring a person to do something after they have died. Not possible to implement in the real world.

    With the rampant IP theft in recent years, mainly from Chinese entities, I wouldn't trust any kind of code escrow system. Too much risk to the business with no tangible business gains. Plus there is no Global Code Police (thankfully) to enforce something like this.
    easy to do: just require any vendor of any product to put all design documents and source code to a lawyer.
    he could publish them as soon as support ends or the company goes out of businness.

    should be a fixed cost for them. its not much work

    Leave a comment:

Working...
X