This is a patch from the hardware vendor so I am assuming that the ask is not that the hardware vendor take responsibility but that they not release buggy hardware. That is what I mean about the validation issue.

The attack vector is shared in the patch so it isn’t entirely a theory.

There is a comment from Linus about how this patch is only needed for some hardware and doesn’t apply to others but I don’t get his relevance there as different hardware validates against different use cases and their source logic might be entirely disparate.

So my validation talk is simply saying that bugs happen. My concern here is what more should a hardware vendor do beyond submitting a kernel patch? You can’t just not have the bug, and if you recall the part someone else will just keep theirs in the field and take all the market share and roll the dice that their bugs don’t get exploited.

Is this really the hardware vendor’s problem though? It’s the consumers problem.

I bring up full validation because the concern here is putting in a speculative fix. If the ask is, why was the hardware like that in the first place the answer is because it can’t be fully validated. If the ask is why should a speculative fix go into the Kernel it is because the consumers are not on top of tree and if a fix has a chance of never being exploited it needs to be pulled in years ahead so it goes into an LTR that customers migrate to BEFORE the issue comes up.

Fully validating hardware is an insane task that hasn’t been really done in years. It would mean 5 years between chip releases and a 2-5X in cost to produce, and people wouldn’t follow the validated configs anyways. If we followed the validated hardware spec we would have 50 min boot times and not go past a 3.5Ghz clock.

People have the choice today on if they want to run on validated hardware. You can opt in to get a 2.8Ghz part that supports 2666MT/s that is mostly tested and validated, or you can get a 5Ghz part that supports 6000MT/s that is only partially validated. They cost the same price. What do folks think people pick?

Every security feature ever made has basically started by absolutely dumping on S3 recovery. S3 recovery requires every device in the computer to give you a complete understanding of how to bring it up cold without engaging the boot flow. Sometimes devices don’t do this because they are lazy, other times they don’t do this for security reasons.

If you do it that way you are importing a good.

The end of this would not be that Steam relenting enables folks to start using foreign currency to get cheap games on a publicly traded space.

What will happen if that goes through is a swift increase in taxation of export of digital goods. You’d have countries fighting tariff wars over video games.

The idea that you can use foreign safe spots to buy and sell goods at a cheaper cost is something that only rich people get to do. As soon as it becomes broadly available to the general populace the governments crack down on it quickly.

Discrimination only applies if the two parties are similar. In this case the location makes these parties dissimilar due to the inability to just go from one place to the other legally. Brazil gross national income is 1/3rd the US. It makes sense to price things at 1/3rd the US price.

Steam taking 30% is a better deal than any other form of media gets by a mile. It’s crazy folks complain when it is so easy to self distribute a video game, people have been doing it for years and years. Steam doesn’t even require you to sign up for exclusivity like basically every other distribution/marketing service does for all media including other video game services.