[akg_67]

> AFAIK, there is absolutely zero evidence either Intel or AMD CPUs are compromised, even less so that they're somehow remotely accessible by the US government...

The concerns are similar to US supplied fighters having the kill switch or remotely damaging centrifuges in Iran using software virus.

No one knows whether CPUs are compromised similar to no one knew beepers with explosives in Lebanon were compromised by Israel, allegedly during manufacturing. CPUs don't need to be accessed remotely, any compromised person locally will be enough.

These are fascinating cases to show how far state actors will go and how long the compromise can stay dormant.

[noir_lord]

> The concerns are similar to US supplied fighters.

I doubt that they actually do, just cutting off software support substantially cripples the F-35 in multiple ways and without spares they aren't going to fly very long (on the timescales of fighter programs).

The risk isn't worth the payoff because if anyone found that killswitch, US arms sales would crater.

All that said I don't think my country should be buying US systems if European equivalents or near equivalents exist anyway for geopolitical reasons.

[embedding-shape]

> The concerns are similar to US supplied fighters having the kill switch

This is very different though, first they're huge, expensive machines, requiring infrastructure, maintenance and crew, there are huge surface areas to hide things like kill-switches. With CPU packages, not so much, and also fairly established how exactly you can clear the entire CPU, good luck doing that with the complexity-machines known as fighter jets.

> No one knows whether CPUs are compromised

Right, but what we do know, is that any US company (or any EU subsidiary with US owner, like "AWS European Sovereign Cloud") can and will be used to hold our data hostage when needed by the US government, as proven by recent actions.

So, based on what we know and what we don't know, "data sovereignty" remains a priority, and until proven, "hardware sovereignty" remains less important, for now.

[akg_67]

With the advent of LLMs, data sovereignty is being bypassed. All three Service, Data, and Hardware sovereignty are important and should be the focus. It is not about prioritizing one over the other.

[embedding-shape]

"Everything is highest priority" is the same as saying none of them are high priority. Considering one is a real issue we've already experienced, and others are theoretical ones we haven't, I feel like I agree with the current prioritization which is data migrations. Guess I'm too pragmatic to chase the ideal here, even though I'd want to eventually get to the ideal too of course.