this post was submitted on 24 Oct 2023
98 points (91.5% liked)

Technology

70365 readers
3540 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
98
The Risk of RISC-V: What's Going on at SiFive? (morethanmoore.substack.com)
submitted 2 years ago by dragontamer@lemmy.world to c/technology@lemmy.world
15 comments fedilink hide all child comments
 

Ian Cutress muses upon rumors around SiFive, the forerunner of high-performance RISC-V cores.

all 18 comments
sorted by: hot top controversial new old
[–] onlinepersona@programming.dev 16 points 2 years ago (1 children)

I was expecting this to go into the direction of "China has inserted itself as a state level actor into the development of RISC-V, don't use it". That would've been ridiculous as the US has been meddling with chips for a long time and we still use their stuff. Having chip designs or instruction set architecture out in the open would give me much more confidence in a chip that anything AMD, ARM, Nvidia, qualcomm or whatever out there release.

Of course open ISA doesn't mean the resulting chip will be open, but it's a step in the right direction.

[–] Uranium3006@kbin.social 1 points 2 years ago

Indeed. We should also develop ways to detect sabotage in the design and manufacturing stages so a user can verify their chip doesn't have a backdoor

[–] NeoNachtwaechter@lemmy.world 6 points 2 years ago (4 children)

maintains the open-ness and customization that RISC-V offers

Thinking about cybersecurity: does this kind of open-ness mean that some evil guys could now design some evil behaviour into the hardware, and no scanner software will ever be able to detect it, because it is only a software scanner?

[–] partial_accumen@lemmy.world 50 points 2 years ago

That sounds like lots of extra work, when current CPU manufacturers built that hidden space in already. Intel Management Engine is a great example.

[–] bh64@lemm.ee 34 points 2 years ago (1 children)

security through obscurity is a bad practice.

it's better to be transparent and let everyone analyze your design. the more eyes on it, the better. even the proprietary and obscured Intel CPUs have had security vulnerabilities in the past.

[–] spauldo@lemmy.ml -3 points 2 years ago (1 children)

I don't think it's so much "security by obscurity" as it's an issue of a much lower bar for chip production. Intentional back doors or malware represent a huge risk for a product line, so manufacturers won't put them in without someone like the NSA leaning on them. It's a simple risk/benefit calculation.

But the risk is much lower if you can snag a processor design off the 'net, make your modifications, send it off to a fab and sell it under a fly-by-night operation. If it's ever discovered, you take the money and run.

[–] TheHobbyist@lemmy.zip 21 points 2 years ago (1 children)

Do you mean that someone can take the design, place a hardware vulnerability and sell it? Sure, but this does not require RISC V to be possible, there are already vulnerable CPUs sold on the market. People have found such vulnerabilities already in reputable Intel CPUs for example (look up Spectre).

[–] IHeartBadCode@kbin.social -3 points 2 years ago (3 children)

Dell iDRAC comes to mind as well.

[–] fuckwit_mcbumcrumble@lemmy.world 10 points 2 years ago (2 children)

iDRAC is specifically designed for remote management of serves. Calling it a back door is silly when it's more of a front door. It's how Dell intends for you to manage the server.

[–] t0m5k1@lemmy.world 0 points 2 years ago* (last edited 2 years ago)

That's the same train of thought I had when telnet was declared a back door in huawei devices.

https://www.theregister.com/2019/04/30/huawei_enterprise_router_backdoor_is_telnet/

During the hey day I passed hcna-rs, the first thing we were taught was to just use telnet as a means to enable shh, then log back in and disable telnet.

Moral of the story, do not under estimate a nation state's use of global tech media to effect a global drop of a product or manufacturer from the market.

[–] IHeartBadCode@kbin.social -2 points 2 years ago (1 children)

LUL. So you’re right but one of the horror stories I tell around campfires is how many folks don’t know about that front door.

So how about we agree to “surprise feature” for iDRAC? And, yes yes, I can feel the “they shouldn’t be admins” coming.

[–] ggppjj@lemmy.world 3 points 2 years ago (1 children)

It has to be enabled, right? So if someone enabling iDRAC doesn't know that it exists...

[–] IHeartBadCode@kbin.social 0 points 2 years ago

The person enabling it isn’t always still at the company.

[–] baduhai@sopuli.xyz 9 points 2 years ago

Don't downvote this person, they're just asking a question.