Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well, it's not like the "line is drawn" in the sense of GNU software not working on such systems. They draw it in what's included in the default repository for guix... so that line does not actually impact many people, and those who are impacted by it can still cross the line pretty easily.

About the CPU microcode updates... why do you believe they are important? I mean, if your system runs arbitrary code off the Internet, or has thousands of people log in and work on it, then sure, but otherwise, I don't know.



This story happens all the time: Someone learns about free software, gets excited, downloads an ISO for a free distro and is then disappointed to find that their wifi doesn't work. They get told to buy a USB dongle or something so instead they just use something else that works. It's the most common onboarding problem I'm aware of.

Are you saying that the security updates in CPU microcode aren't important because you can't think of an attack vector? Feels like a weak reason to justify not shipping updates.


> Well, it's not like the "line is drawn" in the sense of GNU software not working on such systems. They draw it in what's included in the default repository for guix... so that line does not actually impact many people, and those who are impacted by it can still cross the line pretty easily.

And if what's in the install image results in the OS not bringing up important hardware like network cards, then the software is effectively not working on such systems. And yes, of course it's possible to enable it, but you have to find out yourself because telling people about nonguix in any official docs or communication channels is disallowed.

> About the CPU microcode updates... why do you believe they are important? I mean, if your system runs arbitrary code off the Internet [...]

We call that a web browser.


> because telling people about nonguix in any official docs or communication channels is disallowed.

That's pretty bad. I'm definitely against that.

> We call that a web browser.

Are there known exploits based on web browser use, which are foiled by CPU microcode changes? Or, are these speculated to be possible?


> Are there known exploits based on web browser use, which are foiled by CPU microcode changes? Or, are these speculated to be possible?

The exploit certainly was possible: https://security.googleblog.com/2021/03/a-spectre-proof-of-c...

To what degree it's mitigated by CPU microcode patches or browser changes, I couldn't say off the top of my head. I suspect the situation has improved on both fronts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: