| ▲ | thg 11 hours ago |
| This was never marketed as a feature of the consumer CPUs and if some malignant actor does get physical access to my (consumer) hardware, then them being able to read out bytes through cryo-freezing the RAM really isn't high up on the list of things I'm going to worry about. |
|
| ▲ | simcop2387 3 hours ago | parent | next [-] |
| It's more than just for cryo-freezing and attacks like that, it also helps defend against row-hammer and other DRAM refresh related issues since the scrambling means that the host kernel or application can't determine what the physical bits on the chips are going to actually be and end up determining the layout in a way to flip specific bits. It might still be possible but it's yet another layer of defense against memory related security problems. |
| |
| ▲ | westurner 2 minutes ago | parent | next [-] | | RAM crypto mitigates side channels. | |
| ▲ | RealityVoid 2 hours ago | parent | prev [-] | | Oooh, I saw this memory scrambling trying happening on the Open titan chips and I couldn't wrap my head around why they would scramble the memory since on read you descramble it anyway through the circuitry. That makes sense! Thanks for the explanation. |
|
|
| ▲ | DanielHB 9 hours ago | parent | prev | next [-] |
| Reminds me of that Seinfeld episode where George tries to move a Frogger arcade machine without powering it off in order to not lose his high score leaderboard. https://youtu.be/5etwHVarNgI?t=256 |
| |
| ▲ | throw0101c 8 hours ago | parent [-] | | From a few years ago: > Five guys moving a server to a new datacenter without shutting it down. Without cutting it off from the internet. And as using a car would have been too easy, they used public transport. * https://www.youtube.com/watch?v=vQ5MA685ApE (DE audio, EN subs) See also perhaps: > The HotPlug allows hot seizure and removal of computers from the field to anywhere else. The HotPlug's patented technology keeps power flowing to the computer while transferring the computer's power input from one A/C source (such as a wall outlet or power strip) to another (a portable UPS) and back again. * https://shop.digistor.com/products/hotplug-field-kit * 2007 potato-quality demo: https://www.youtube.com/watch?v=erq4TO_a3z8& | | |
| ▲ | marklubi 5 hours ago | parent | next [-] | | Thanks for sharing the video of moving the server. I wouldn't say that I miss those days, but there's some good nostalgia there having done some things that feel pretty similar (early 2000s). Not quite to that extreme though. | |
| ▲ | yomismoaqui 3 hours ago | parent | prev | next [-] | | Thanks for the video, it made me happy seeing those pals having so much fun :) | |
| ▲ | dark-star 2 hours ago | parent | prev | next [-] | | Tangentially related: https://www.youtube.com/watch?v=6uhO1SNJRMQ Highspeed Highway Halo | |
| ▲ | mystraline 8 hours ago | parent | prev [-] | | Thats rough. If anything, thats an indication to me to make a HA setup so you can power down 1 member. Im not going to watch a video, honestly, but HA with a front-facing Zookeeper and sharded Postgres isnt super hard. Can be if you didnt initially plan for it. Ideally, you need an odd amount of quorum machines to properly handle split brain decisions... But if its a money issue, you can technically get by with just 2, and accepting a possibility of split brain. | | |
| ▲ | baq 6 hours ago | parent [-] | | You are not the market. > We created this product for our Government/Forensic customers |
|
|
|
|
| ▲ | mort96 6 hours ago | parent | prev | next [-] |
| There's plenty of features in products I buy which aren't "marketed", which I nonetheless get upset if are suddenly removed. |
| |
| ▲ | izacus 6 hours ago | parent [-] | | You can get upset over anything in the world, including the color of your fridge and that doesn't mean it's a reasonable reaction. | | |
| ▲ | mort96 6 hours ago | parent [-] | | A great example of a non-sequitur. I will interpret this to mean you concede and are not interested in continuing this conversation. | | |
| ▲ | andsoitis 5 hours ago | parent [-] | | Why are you upset about the removal of this particular “feature”? | | |
| ▲ | cogman10 5 hours ago | parent | next [-] | | Let me put it this way. My oven has a proofing feature. It wasn't really advertised, it's just there. I like that feature and I use that feature when baking. If one day my oven manufacturer pushed an update which removed my proofing feature, I'd be upset. The same could be said for encrypted memory. If you as a computer owner discovered and turned on encrypted memory because you wanted to feel a bit more secure about your hardware getting stolen. You'd probably be upset that on a normal firmware update that feature suddenly went away. Not because the hardware doesn't supported it or didn't support it. Not because AMD's firmware didn't or couldn't support it. But because someone in an AMD product management team said "Woopsie, that's an enterprise feature, we better disable that". Completely different story if these CPUs never supported that feature. Completely different story if future CPUs didn't have that feature or had it disabled in firmware. Heck, even a different story if with the disable AMD also said "We disabled this because there's an unrecoverable fault in the memory controller which causes memory corruption." I have to assume the reason wasn't because of a bug in the feature, but rather because management decided the feature wasn't supposed to be there. | |
| ▲ | mort96 5 hours ago | parent | prev [-] | | I'm not a user of it, so It's not hurting me personally. But if I had read about how Ryzen CPUs support encrypted memory, and had chosen a Ryzen CPU for that reason, I think I'd have a pretty good reason to be upset that the feature I needed from a hardware product I bought suddenly vanished in a firmware update. Because I think ethics goes further than "bad thing happened to me", I've formed an opinion that this is a pretty shitty move. |
|
|
|
|
|
| ▲ | close04 10 hours ago | parent | prev | next [-] |
| Transparent communication would have been appreciated nonetheless. You have customers not just lawyers on the other side, it's not just about making sure you're legally covered. |
| |
| ▲ | thg 9 hours ago | parent [-] | | Let me give you an analogy: If you e.g. figure out some undocumented endpoints for a REST API, which are intended for internal use only, and started using them, do you expect the developers to inform you about changes? As far as AMD is concerned, this was never supported, nor documented. Now pulling the rug with a firmware update isn't a very nice thing to do, but maybe they've had some actual reason for that beyond "this shouldn't be enabled". Nobody should expect undocumented and unsupported features to just continue to work in perpetuity, simply because they did work at some point in the past. | | |
| ▲ | kubik369 9 hours ago | parent | next [-] | | There is more nuance to this. Let me give you a better example that actually happens — SSDs. Manufacturer will tell you some miniscule amount of specifications, such as that the drive reads and writes some amount of MB/s. That's basically the only spec you get. Reviewers review this drive. It is a really good drive, dedicated controller, MLC/TLC flash, all the good stuff. It gets raving reviews. Some months after this, during which the drives have been selling like hot-cakes and have been recommended everywhere, the manufacturer swaps parts, without creating a new SKU/model. Some examples are swapping TLC flash for QLC flash, making the SSD DRAMless when it had a dedicated RAM before and such, all negatively affecting the performance in some way. After the changes, you can still read/write with the advertised speeds, but only for 10GB instead of indefinitely or the drive has much worse latency or what have you, you basically got bait-and-switched and bought an inferior product to what was expected. The question is, is this ok? I think it is not ok, even though the manufacturer technically did not promise all the seemingly undocumented stuff (although one could argue that it has been documented by the reviewers). | |
| ▲ | cwillu 9 hours ago | parent | prev | next [-] | | That's an asinine take. We're not talking about a remote subscription service changing an undocumented implementation detail. Physical artifacts shouldn't lose features due to the remote action of the company that made them. | |
| ▲ | close04 8 hours ago | parent | prev [-] | | > As far as AMD is concerned, this was never supported, nor documented. Maybe this is the only thing that concerned them but not the only thing they knew very well. AMD knew that this was widely used by consumers and that every motherboard manufacturer exposed the option to the user. They pulled the rug legally, knowing that all those many people standing on the rug will fall on their ass. |
|
|
|
| ▲ | chironjit 4 hours ago | parent | prev | next [-] |
| So that burn notice episode about freezing ram is real? Damn, thought they made it up |
| |
|
| ▲ | himata4113 9 hours ago | parent | prev | next [-] |
| Many many people use consumer CPUs for gaming servers. |
| |
| ▲ | porridgeraisin 9 hours ago | parent | next [-] | | And? do you worry about the gaming server owner's neighbour breaking in, freezing the ram, quickly transferring it to another machine and reading it off? | |
| ▲ | embedding-shape 9 hours ago | parent | prev [-] | | So reading between the lines, you're saying it's bad for AMD to disable undocumented features because people still might have bought them for those undocumented features, particularly for gaming servers? | | |
| ▲ | nemomarx 9 hours ago | parent | next [-] | | You shouldn't be remotely disabling hardware features in my opinion at all. It's not really like changing an API or something, this is like an update removing something from your car or another appliance years after you bought it. | | |
| ▲ | fc417fc802 5 hours ago | parent | next [-] | | > You shouldn't be remotely disabling hardware features I don't know what current case law is but I think that ought to be explicitly illegal. A physical product should be required to maintain the features that it had when it was purchased. Anything else is clearly cheating the consumer. | |
| ▲ | embedding-shape 9 hours ago | parent | prev [-] | | Yeah, basically you'd trade uncertainty for the ability to remotely enable/disable hardware features not ready at launch I understand, which totally makes sense as a position, I probably agree with you. I think from AMD's side they like the option of being able to remotely enable things though, so new software updates in the future could be major releases enabling functionality that wasn't quite ready at launch. But, I suppose the uncertainty is the tradeoff here. | | |
| ▲ | fn-mote 7 hours ago | parent [-] | | How hypothetical is this situation? Even if you have the ability to remotely enable new features: 1. You shouldn’t use the same ability to disable existing features. 2. You shouldn’t enable them, either! It should be opt-in. Any kind of change has the potential to break something. Just don’t be changing my hardware without me initiating the change. | | |
| ▲ | embedding-shape 6 hours ago | parent [-] | | Overall I agree with you, and aim for the same, as a professional user I can't really have my environment and hardware change automatically, I really despise that too! > Just don’t be changing my hardware without me initiating the change In this case it seems to have been disabled in future firmware, so "you" did initiate the change, as you did an firmware upgrade that included the change. Still, shitty to sneak it in, I agree, but the feature wouldn't literally be there one day then not the next, requires human initiation at least. |
|
|
| |
| ▲ | margalabargala 6 hours ago | parent | prev | next [-] | | Yes. > particularly for gaming servers Not "particularly" but that's one example. | |
| ▲ | ChocolateGod 8 hours ago | parent | prev | next [-] | | I can't even think of what benefit memory encryption has for gaming servers? | | |
| ▲ | vel0city 6 hours ago | parent [-] | | IIRC, this memory encryption function can let a hypervisor tell the platform to use different encryption keys for different virtual machines. So even if somehow a compromised VM managed to read data from a neighboring VM theoretically they'd get garbled, encrypted data. | | |
| ▲ | porridgeraisin 5 hours ago | parent [-] | | That is not in this one. That is only the datacenter one(SEV) This one (SME) is a single machine wide key and it doesn't have integrity protection either. | | |
|
| |
| ▲ | endgame 8 hours ago | parent | prev [-] | | Yes. |
|
|
|
| ▲ | rolandog 8 hours ago | parent | prev | next [-] |
| This doesn't matter; it's post-sale enshittification... They didn't even wait to make the next model shittier! Also, it probably wasn't the selling point, but it was the baseline of quality, and probably documented online or in manuals. Furthermore, accepting this as normal opens the door to further post-sale enshittification of ALL things. Next thing you know, upgrades here and there are going to degrade the quality of products and services just because it wasn't explicitly written (think post-upgrade slowdowns of mobile phones to pressure people to buy newer ones). This is THE slipperiest slope; and it's just taking place because the deregulation mafia is turning a blind eye to these tech cartels. |
| |
| ▲ | ChocolateGod 8 hours ago | parent [-] | | This is FUD. We have no idea the reason why. Given it was never marketed, it's possible perhaps despite the feature being exposed it never worked correctly and AMD saw fit to just disable it rather than people get a false sense of security through it. | | |
| ▲ | red-iron-pine 7 hours ago | parent | next [-] | | the fact they won't tell us why is the concern. "no one uses it and there is a bug" may invite more questions or panic, but "that's all we're going to say" implies that Mythos found something scary, or that the NSA demanded they all get turned off. | |
| ▲ | 63stack 3 hours ago | parent | prev | next [-] | | AMD is spreading FUD by not answering why it was removed. They could stop this in its tracks if they wanted. | |
| ▲ | pluralmonad 7 hours ago | parent | prev [-] | | Why call out FUD when you only have more/different uncertainty to offer? | | |
|
|
|
| ▲ | fragmede 4 hours ago | parent | prev | next [-] |
| Except let's say the argument for running a local model is for your finances or marriage, counseling or help raising children and you want privacy for that, and you're willing to buy the new AMD AI Halo box for that ($4,000 MSRP, July 10th). You're gonna want this shit to be trustable that depending on your marriage that notification that the other person's reading, your shit is accurately being logged. But in the case of a domestic dispute, in this age of AI the partner is being cheated on only has to have a targeted conversation with AI in order to figure out how to read out bytes via cryo-freezing the RAM. The attacker isn't the police because you're not committing crimes. The attacker is your partner that you thought you could trust or maybe your kids trying to get access to your bank account to buy drugs or some such. |
| |
|
| ▲ | crypttales 8 hours ago | parent | prev [-] |
| [dead] |
