[atoav]

Gotcha, so you are also against electrical regulations like requirements to use tested insulators etc?

Because some regulation is actually useful in a world where consumers cannot be expected to know everything and be able to test everything.

And some assumptions about a product should hold true as well. E.g. the assumption should be that if I buy a desktop CPU today I should be able to use it for at least n years. Because how would you know this beforehand?

If Intel made an optimization that turns out to be a security flaw, that is totally their fault and they should cover it. This is nothing any consumer could have known (and rherefore avoided buying) beforehand. This is the cost of taking risks in business.

It seems to be a popular stance these days to shill for corporations and protect them from ever having their risks realized. But that makes the products and the world we live in worse for everybody and gives you nothing at all.

[dannyw]

There is a huge difference between electrical safety regulations, and a side channel attack that has never been seen to be exploited in the wild.

[atoav]

If that sidechannel attack that has not been seen in the wild leads to me having to throw my CPU/computer into the bin because it is unsopported on a up to date OS for that reason, there isn't.

How should I, as a consumer, have voted against this with my wallet, before it happened?

We can argue whether this is the fault of the hardware manufacturer or the software company that sells the OS, but I am 100% sure that no consumer should take the blame for "not doing their research".

[eru]

> How should I, as a consumer, have voted against this with my wallet, before it happened?

That's what long term reputation is for.

[atoav]

So which desktop processor manufacturer other than the mentioned two do you recommend? ARM?

[eru]

Me!

I happily resell you Intel processors at a 10x markup but you get a ten year warranty that I'll replace your processor with a new one of no worse specs, if similar vulnerabilities get discovered.

Details to be negotiated.

(More seriously: you don't need a new manufacturer. Someone else can do the warranty at a price.

That's actually what eg Apple Care: if a part inside your device catches on fire, Apple will replace it, even though they did not necessarily manufacture that part.

I have no clue whether their particular policy covers the vulnerabilities we are talking about. But you can easily imagine a variant of such an insurance policy that does.)

[eru]

> And some assumptions about a product should hold true as well. E.g. the assumption should be that if I buy a desktop CPU today I should be able to use it for at least n years. Because how would you know this beforehand?

You ask the manufacturer, duh? If they lie, that's fraud. If you don't like the answer, you don't buy.

> If Intel made an optimization that turns out to be a security flaw, that is totally their fault and they should cover it. This is nothing any consumer could have known (and therefore avoided buying) beforehand. This is the cost of taking risks in business.

Customers and suppliers should be able to allocate such risks between themselves however they like.

You can fiddle with what the default should be, in case they haven't negotiated anything.

But if both customer and supplier agree, the customer should be allowed to bear such a risk.

> It seems to be a popular stance these days to shill for corporations and protect them from ever having their risks realized.

Why? I have nothing against any particular allocation of the risks, as long as all involved parties agree. (Otherwise, they just don't make a deal.)

> Gotcha, so you are also against electrical regulations like requirements to use tested insulators etc?

If you claim they are tested, you better not lie. Otherwise it's fraud and you should be held liable.

If a customer wants to buy untested insulators, who am I to keep them?

I mean, in the most extreme case, a customer can buy bread and try to use it as an insulator, if they really want to. There's nothing the supplier can do about that.