Garrett: To update blobs or not to update blobs

Matthew Garrett examinesthe factors that go into the decision about whether to install afirmware update or not.

I trust my CPU vendor. I don't trust my CPU vendor because I wantto, I trust my CPU vendor because I have no choice. I don't thinkit's likely that my CPU vendor has designed a CPU that identifieswhen I'm generating cryptographic keys and biases the RNG output somy keys are significantly weaker than they look, but it's notliterally impossible. I generate keys on it anyway, because whatchoice do I have? At some point I will buy a new laptop becauseElectron will no longer fit in 32GB of RAM and I will have to makethe same affirmation of trust, because the alternative is that Ijust don't have a computer.