• Nemoder@lemmy.ml
    ·
    8 months ago

    Hohndel agreed but added that the industry needs to support these smaller projects -- and not only with money. "Companies need to engage with these projects. Have your company adopt a couple of such projects and just participate. Read the code, review the patches, and provide moral support to the maintainers. It's as simple as that."

    Really glad he said this, I keep seeing posts about how all these big companies could solve the problem by just throwing money at small projects and while that is better than nothing it would help way more to have their own developers helping to review and fix issues.

  • vort3@lemmy.ml
    ·
    8 months ago

    Is there a link to this talk (or interview, or whatever this is) but in a video format, or at least a text without all those «SEE ALSO» self ads?

    • lemmyreader@lemmy.ml
      hexagon
      ·
      edit-2
      8 months ago

      Maybe it's this one (I'm in a rush here 🙂) ? https://youtube.com/watch?v=VHHT6W-N0ak Someone in the comments writes that the full interview is in the channel of Linux Foundation : https://piped.video/channel/UCfX55Sx5hEFjoC3cNs6mCUQ

  • hungrybread [comrade/them]
    ·
    8 months ago

    In addition, hardware developers reinvent old ways of doing things and only learn by making all the same mistakes that have been made before. It's sad, but true.

    This same criticism is validly launched at software devs all the time lol.

    One thing I've anecdotalally seen and heard is hardware guys indicating that something is rock solid and solved because it's old, so building on top of it isn't a problem. Obviously we have to build on the old to get to the new, but if we just skip auditing hardware due to age we end up deploying vulnerable hardware globally. Spectre and Meltdown are an interesting example where I've heard from at least one distinguished professor that "everyone" believed branch prediction design/algorithms were essentially done. Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.

    • lemmyreader@lemmy.ml
      hexagon
      ·
      8 months ago

      Spectre and Meltdown are an interesting example where I’ve heard from at least one distinguished professor that “everyone” believed branch prediction design/algorithms were essentially done.

      Interesting to hear this.

      Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.

      Right.