Intel Publishes Microcode Security Patches With No Benchmarks Or Profiling Allowed

Long-time Slashdot reader Bruce Perens writes: The Register reports that Debian is rejecting a new Intel microcode update because of a new license term prohibiting the use of the CPU for benchmarks and profiling.

There is a new license term applied to the new microcode: "You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results." UPDATE:: Intel has reworked the license to no longer prohibit benchmarking. Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, tweeted on Thursday: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community."
The security fixes are known to significantly slow down Intel processors, which won't just disappoint customers and reduce the public regard of Intel, it will probably lead to lawsuits (if it hasn't already). Suddenly having processors that are perhaps 5% to 10% slower, if they are to be secure, is a significant damage to many companies that run server farms or provide cloud services. I'm not blaming Intel for this, I don't know if Intel could have foreseen the problem. Since some similar exploits have been discovered for AMD and ARM CPUs, the answer could be "no." But certainly customers are upset.

Another issue is whether the customer should install the fix at all. Many computer users don't allow outside or unprivileged users to run on their CPUs the way a cloud or hosting company does. For them, these side-channel and timing attacks are mostly irrelevant, and the slowdown incurred by installing the fix is unnecessary.

So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move. The correct way to handle security problems is to own up to the damage, publish mitigations, and make it possible for your customers to get along. Hiding how they are damaged is unacceptable. Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can't trust your components when you do that.

You'll never get a first post

with these security patches installed, m'ladies

Re: You'll never get a first post

[Calydor]

TRUMP IS A TRADER

This game is funny.

Re: You'll never get a first post

Trump is a master baiter.

My nose is runny.

Re:You'll never get a first post

[Z00L00K]

Those that have security concerns are willing to take performance penalties, those that want performance usually don't worry too much about the security issues since the performance hunters are probably just running a single application anyway.

What might be interesting is to be able to boot the computer in different modes - performance or security mode. The Turbo button revival!

Re: You'll never get a first post

[Zero__Kelvin]

I have no idea where you got that idea, but in general any such generalization / assumption will be wrong. Nobody is OK with performance slowdowns, especially when the degree of performance degradation is an unknown.

Re:You'll never get a first post

Those who need performance _and_ security... are screwed. Stop assuming that only gamers need performance...

Re: You'll never get a first post

No, he is right, on engineering you have to choose, most of the time you can't have all and most people will accept security risks to run certain program faster and other people will preffer that security even if is a bit slower, Windows keeps always making the new and faster hardware running sloooooooower anyways.

Re: You'll never get a first post

[BlackOverflow]

Trump is a master debater

Re: You'll never get a first post

[Zero__Kelvin]

How is "he right" when he said something completely different from what you just wrote?

Re:You'll never get a first post

[Ol+Olsoc]

Those that have security concerns are willing to take performance penalties, those that want performance usually don't worry too much about the security issues since the performance hunters are probably just running a single application anyway.

What might be interesting is to be able to boot the computer in different modes - performance or security mode. The Turbo button revival!

I love the idea! Although it would probably show the 5-10% slowdown is a real myth. I have a laptop that overall seems to have slowed down by about half.

Now that's not "benchmarked", but apparent performance.

Re: You'll never get a first post

A master negotiator, sonny!

Re:You'll never get a first post

the problem is because we aren't allowed to see the benchmarks, it makes it difficult to make an informed decision. do i need the security? exactly how much slowdown are we talking about if we run the patch???

Re: You'll never get a first post

[aliquis]

Trump negotiations:
"This is what I'll do. See ya suckers."

Re: You'll never get a first post

[aliquis]

Stop assuming people who run games care less about security than those possible just using the computer for one task where this may not be a risk.

People who game likely use their machine in a way putting them at risk.

Re: You'll never get a first post

[aliquis]

Just test and see yourself?

Re: You'll never get a first post

[The-Ixian]

I have no idea where you got that idea, but in general any such generalization / assumption will be wrong. Nobody is OK with performance slowdowns, especially when the degree of performance degradation is an unknown.

I think are a generalizing about who is "OK" with performance slowdowns.

Personally, I would be ok with some performance loss if my security is enhanced. It just depends on how much performance is lost.

Re: You'll never get a first post

[Z00L00K]

Just wait for a Russian to publish it.

Re: You'll never get a first post

[aliquis]

The micro-code updates aren't permanent changes in the processor.

One can just enable it and run the system like that and then notice if it become slower or not, even with your own benchmark whatever Intel say and if it did and you don't want it just disable it again.

You aren't enabling it in the dark and then stuck with it. Well unless you run Windows 10 and Microsoft force you to update and install it all the time.

Re: You'll never get a first post

[Zero__Kelvin]

Yeah. I should have said "in general". Oh, look, I did and you just "forgot" to boldface that part of my statement.

Re:You'll never get a first post

You can't really choose between the modes if your machine is owned it will still be owned on reboot unless you swap the hard drives and all the flash-able firmware chips on each boot.

Intel. Just say no

Making a bad situation, worse.

Re:Intel. Just say no

>_ Inasmuch as I agree with "Just say no", it's not so simple.

See, I work for the government. We have to keep transparency in procurement. That is not an option; the public is our "boss". Hiding things is unacceptable.

Benchmarks are a necessary part of choosing a product.

And we must "publish or provide any Software benchmark or comparison test results", so that the procurement process is documented to be led impartially.

I have the law and a contract to choose which I will abide by.

Either I will violate the contract later or exclude Intel from bidding a priori.

Re:Intel. Just say no

[hcs_$reboot]

Microsoft didn't say No.

Re:Intel. Just say no

Because Microsoft was more interested in fixing the security issues than releasing benchmarks comparing the performance difference, and hey if customers want to do those benchmark comparisons then that's fine.

Re:Intel. Just say no

[hcs_$reboot]

"You will not, and will not allow any third party to ..."

Re: Intel. Just say no

i think its actually illegal to sell consumer products with such strings attached, in most countries anyways.

intel is opening itself for a lawsuit here

Re:Intel. Just say no

"You will not, and will not allow any third party to ..."

You're quoting the summary, which is quoting a page in the link which is the license agreement for the Intel Memory Latency Checker development tool. Are you even reading what you're posting?

Re: Intel. Just say no

the license says that debian would have to restrict anyone using the software from running any benchmarks.

they can't do that.

even windows has built in benchmarks. either microsoft didn't care OR just said to intel okay whatever, good luck with that.

also intel has to agree to microsofts licenses which shove the responsibility right back at intel.

Re:Intel. Just say no

They've obviously included the wrong license file you nitwit, it also says you can't even make that software available to third parties. How are you going to distribute a microcode update that you can't make available to third parties?

Re:Intel. Just say no

Of course microsoft wouldnt be against what intel wants. Those lower benchmarks would make windows look bad too (patched windows vs unpatched windows).

Re:Intel. Just say no

"You will not allow any third party to anything" is an evil license clause. IMHO, it is the reason why Debian rejected the patch. Yes, they have a "non-free" repository, but it is reserved only for not open-source (or non-DFSG compliant) freeware without any evil license clauses. These Intel patches are not qualified to go there. Perhaps, Debian could think about creating an "evil" repository in addition to the currently used "main", "contrib" and "non-free"?

Re:Intel. Just say no

[MachineShedFred]

Looks like AMD is getting government business, or a FOIA request will be causing a legal showdown.

Re:Intel. Just say no

[ewanm89]

That and said terms are illegal. Seriously, very illegal.

If Intel tried to enforce such a term in a court the court will throw it out.

One can not ever just write a EULA that stamps on statutory rights and force it on people. And benchmarks are covered under rights to give fair criticism meanwhile some countries also have a right to reverse engineer for compatibility reasons.

Re:Intel. Just say no

Unless MS forces the same terms on its users, isn't this a monopoly play? DoJ needed?

Re:Intel. Just say no

[Z00L00K]

AMD most likely suffers from similar issues. Not identical, but related.

The more different the architecture is from the x86 strain the better since it would cause more trouble for those trying to utilize flaws to keep up with all the different architectures.

Re:Intel. Just say no

[ewanm89]

Law always trumps contract. EULA is a one sided contract and therefore very limited in comparison anyway. Publishing benchmarks is a form of critique and is specifically allowed under fair use or a copyright exception in most countries, this makes the term invalid and will not be held up in any court.

Speak to your government lawyers, they wrote such laws.

Re:Intel. Just say no

[DarkOx]

The more different the architecture is from the x86 strain the better since it would cause more trouble for those trying to utilize flaws

I find this claim questionable. Do you have some examples to back that up. Certainly reproducing it in the lab with some other chip would be more effort you'd have to basically start over. I am not sure that its appreciably harder to actually perform an attack in a life environment. I don't me just a POC where you read some memory that did not belong to you. I am talking an actual useful attack on a live system.

That to me has a few requirements and alternatives.
1) You have something you can deliver as shell code or as payload to include in malware. So its got be small and not look super suspicious to heuristic tools or signature based AV.
2) Its got to have a useful level of reliability. IE its go to work at least 1 in 10K tries. That is to be minimally useful weaponized as worm etc; its got to be much better for target attacks
3) Either you need to be able to target specific memory so you obtain 'crown jewls' or you need be able to dump a lot of memory (sort thru the haystack for something useful theory). If you do the later that brings us to 3a
3a) you can't be the hottest process on the system for hours on end because you'd be detected in an instant.

So I think we talking a major effort by what is actually not that big a pool of folks with the technical know how to build something workable. I have been a developer for decades working in the security segment and I certainly would not have the skills to design something like that. I know people who do but not very many. A couple of them are ex-NSA and when we were discussing this they suggest even the NSA only has handful of people with the expertise to use these types of attacks in the wild; perhaps a handful more who could be brought up to speed quickly; if they were pulled from other areas of research.

Re:Intel. Just say no

[mark-t]

Do they define "allow"?

Is the mere act of providing it to someone who later goes and does what you are prohibited from doing by that eula, even without your involvement beyond the initial act of providing it, considered "allowing" them?

If so, Intel can just... let me see if I can put this delicately.... go fuck themselves so hard that they die.

Re:Intel. Just say no

[hcs_$reboot]

Interestingly, Intel stock keeps being quite stable.

Re: Intel. Just say no

[aliquis]

Intel are a dressing this and removing this part.

Re:Intel. Just say no

[brxndxn]

Wouldn't a 'security microcode patch' be something similar to a recall on a vehicle? Like.. how far would Ford get if they had a recall that took a toll on gas mileage and you had to promise not to publish the updated gas mileage if you accepted the recall?

Someone needs to hurry up and just publish some results.. I wanna see how much my servers are going to slow down because of this.

Re:Intel. Just say no

[ewanm89]

Sorry, but Ford can't hold you to that too. Benchmark performance data is critique and comes under fair use in the US. In places like the UK there is an equivalent exceptions to things like copyright laws to specifically allow such data distribution as it is critique for the consumer. An EULA or other contract of adhesion (where one party drafts it and has it in a take it or leave it way) can just stomp on ones consumer rights, such terms are often thrown out by the judge when they come up in a court. Ultimately no contract can be used to force someone to break the law.

In this particular case, the wording had them holding third parties to the same standard without those third parties ever agreeing to it, that is a big no no. It is more like Ford issuing a recall and providing terms when sending the parts to the dealership that third parties (the customers) using those parts can not publish gas mileage data when they get their cars back and the dealership is responsible if they do.

As for data, several including Redhat and Microsoft have published benchmarking data anyway. The big issue is the recommendation hyper-threading is disabled, new microcode or not. Depending on workload that can cause a major performance hit, or in some rare circumstances a performance boost.

Who is this Bruce Perens guy.

And the bigger question why is he not posting spam and dups like the rest of slashdot editors?

Re:Who is this Bruce Perens guy.

[Bruce+Perens]

why is he not posting spam and dups like the rest of slashdot editors?

Because they've never actually given me inside access to Slashdot. It's their playground. One or two editors look for things I've written, mostly the folks who work on the weekend.

I screw up as much as anyone else.

Re:Who is this Bruce Perens guy.

I seriously doubt that last statement.

Re:Who is this Bruce Perens guy.

[Mal-2]

I don't, he's probably just better at not committing his stupidity to the public record. We all fuck up.

Re:Who is this Bruce Perens guy.

The statement wasn't true/false, it's a sliding scale that Bruce Perens doesn't mess up as much

Re:Who is this Bruce Perens guy.

[q_e_t]

You are too modest. You have been a huge asset to the community over many, many years. You are allowed the occasional error.

Re: Who is this Bruce Perens guy.

More, you say?

Re:Who is this Bruce Perens guy.

[thegarbz]

You are allowed the occasional error.

Not on Slashdot your not.

Re:Who is this Bruce Perens guy.

[MachineShedFred]

I'm guessing intended grammar irony for the lulz?

Re:Who is this Bruce Perens guy.

[thegarbz]

Did it not work! Damn?

Re:Who is this Bruce Perens guy.

[Mal-2]

I suppose it depends where you draw the line.

If something that makes you say "oops" is a fuckup, then I'm sure he does it as much as anyone. What he doesn't do so much are things for which he has to publicly apologize, so if that's where you draw the line, then you are also right.

Re:Who is this Bruce Perens guy.

[Dareth]

Forget who he is. Look at that Slashdot UID.

Re:Who is this Bruce Perens guy.

Fucking up and committing it to the public record is two counts of fucking up. If 3872 is better at not committing it to the public record, then he's screws up less when it comes to pulling the trigger on posting, at the very least :-)

Re:Who is this Bruce Perens guy.

You are allowed the occasional error.

Not on Slashdot you're not.

FTFY

Re:Who is this Bruce Perens guy.

You are allowed the occasional error.

Not on Slashdot your not.

* - You're.

Re:Who is this Bruce Perens guy.

You are allowed the occasional error.

Not on Slashdot your not.

Absolutely correct. It's "you're not", not "your not". :P

Re:Who is this Bruce Perens guy.

Your not, wrong.

Re:Who is this Bruce Perens guy.

Not on Slashdot, you're not.

Re:Who is this Bruce Perens guy.

"Not on Slashdot your not."

' you're ' Get it right!

Re:Who is this Bruce Perens guy.

Oh, I've got this!
Not on Slashdot you're not. FTFY

Quick fix:

[Gravis+Zero]

Only buy AMD.

Re:Quick fix:

Only buy POWER, BLOB free

Re:Quick fix:

Why? It has most of all the same speculative execution flaws.

Re:Quick fix:

[rahvin112]

Actually no it doesn't. Of the 11 Spectre Variants AMD has only been vulnerable to about 3. And two of those variants were the ones that affected every out of order processor ever made.

Re:Quick fix:

Two words: Meltdown. Foreshadow.

Re:Quick fix:

Something like this?

Re:Quick fix:

[that+this+is+not+und]

You can buy the USSR version of an 8086 processor on eBay.

Re:Quick fix:

2.5, or 1.5, considering no POC has been proofed beyond what is already patched.

Re:Quick fix:

[Bruce+Perens]

If you want a fully-open processor, there is Risc-V.

Re:Quick fix:

[chill]

Is it? Everything I've read lately is the ISA is free, but there are plenty of blobs for the other components that make an actual processor. It has the potential to be a truly free processor, but the early players don't have the resources for that.

I think POWER9 implementations are, right now, the closest. Raptor Computing Systems is shipping what looks to be real nice, but real EXPENSIVE, stuff. There may also be some OpenSPARC stuff.

Re:Quick fix:

[RhettLivingston]

I read an interesting article on that a couple of decades ago where they were discussing how it ignited some growth in machine code translation technology that later evolved into some of the first serious run-time machine code translators.

It seems that they just shipped it with faults and researchers would test it, characterize the faults in the chip, and cross translate all of the machine code to eliminate the use of opcodes that had faults in the hardware in favor of equivalent workarounds.

An interesting side effect is that there were many different levels of performance available depending on how many and which opcodes had to be worked around.

Re:Quick fix:

It's better because it's sold pre-slowed, without needing updates.

Re:Quick fix:

[dwywit]

I'd love to evaluate one of those Talos II workstations, just to see what kind of workload could make it top out.

4K special effects rendering? VMs by the dozen?

Re: Quick fix:

"It has most of all the same speculative execution flaws"

Are you stupid? If someone gave you the choice of being slapped 3 times in the face or 2, would you choose 3?

You already gave enough reason to choose AMD.

Re: Quick fix:

Correction; AMD has only been proven to be vulnerable to 3. Several they have remained suspiciously silent about, which either means they are hoping nobody finds out they are while desperately trying to find a fix or they flat out don't know for sure. I'll let you decide which possibility is worse.

Re:Quick fix:

If you want a fully-open processor, there is Risc-V.

Everyone knows that analog is the future.
Frauds and charlatans push for software based devices. I'm enjoying the show, losers.

Re:Quick fix:

2.5, or 1.5, considering no POC has been proofed beyond what is already patched.

As a Person of Colour, I strongly disagree.

Re:Quick fix:

[Tough+Love]

The main issue is Meltdown, which is Intel-only.

Re:Quick fix:

[Tough+Love]

Not only full open, but said to be more power efficient than ARM. Rather interesting, even if the truth is more nuanced.

Re:Quick fix:

https://www.phoronix.com/scan.php?page=article&item=power9-epyc-xeon&num=1
You're welcome!

Re:Quick fix:

[Bruce+Perens]

Wrong link.

Re:Quick fix:

[Tom]

Alternative fix: Someone in a country with a) a non-broken legal system or b) a legal system so broken that Intel can forget about enforcing its "license": Go collect and post the most comprehensive benchmark data you can possibly get.

Re:Quick fix:

[Tough+Love]

Right.

Re:Quick fix:

[Bruce+Perens]

Right SiFive. ABI from Risc-V, but their own VHDL program (or whatever they use). Uses the existing software tools.

Re:Quick fix:

Intel is pretty open, in fact I'm inside your computer right now!

Re: Quick fix:

If they were vulnerable, safe to say Intel would be shouting it from the rooftops. You can bet they allocated resources to find flaws in AMD.

Inclined to go with option C) don't seem to be affected, but cannot be empirically proven, so prudent to make no definitive statement either way.

Re:Quick fix:

You could, but this tells Intel to continue on their path and push stricter even stricter licensing.
Buying AMD tells Intel that they need to change.
At the same time it teaches AMD that they can afford to abuse their customers a bit more and there isn't really a realistic third alternative you can go to.

Re: Quick fix:

I, for one, an querying for the first half decent Risc-V laptop that runs Linux.

That thing WILL sell!

Re:Quick fix:

Isn't this licence worthless even in the US due to 1st amendment ? (Aka "My benchmark is free speech, fuck you").

Re:Quick fix:

More like an African elephant for Intel and a chihuahua for AMD and the rest. The exploits for Intel were extremely easy and could lead directly to info to exploit security, while the others take multiple steps and only glean random info that may or may not be useful -- things like... what is left in the write buffer that hasn't been written to disk yet? Maybe it's a password, but most likely, it's garbage that isn't useful to escalate privileges. For Intel, the meltdown flaw allowed to to execute literally anything regardless of security level & scrape the answer before it was flushed.

Sure, the others aren't great -- one can snoop on paged table locations, memory access, file writes... all sorts of things, but it's not something that's as simple as running an elevated process with access to things you shouldn't have to give you a direct answer to what you're seeking.

That's why there are so few examples of exploits using these techniques. Researchers and hackers are trying everything under the sun to find exploits to the current architectures so we can fix them. The sample code is given with notes like.. "hey, we were able to get this data that we shouldn't have... or we scraped the L3 cache and were able to find the location of things in memory we shouldn't know, but we don't have actual read or write access to it, so we'll need a 2nd exploit to use the info from this exploit to do anything."

I welcome the bug reports so we can fix what we can in hardware for the next gen, but let's not kid ourselves that Intel's major f-up was anywhere near the scale of the issues we're finding in other CPUs.

Re: Quick fix:

[Zero__Kelvin]

Digital is already a special case of analog. That is why clock speeds have limits and trace runs must be laid out by someone with a firm understanding of analog. Crosstalk etc. are a thing with digital components.

Re: Quick fix:

[Zero__Kelvin]

Buying AMD doesn't mitigate the issue for already purchased and deployed hardware. The two aren't mutually exclusive.

Re: Quick fix:

Intel already (probably) paid a shady Israeli security firm to publish vulnerabilities supposedly making Ryzen-based systems really darn insecure. It was a bit of a joke since the published vulnerabilities required local root access to be of any use.

And AMD patched them out in microcode anyway.

Re:Quick fix:

At that point, may as well go Elbrus with an x86 emulator.

Because hey, IN SOVIET RUSSIA, Elbrus emulates YOU!

Ah ah ah what a country

Re: Quick fix:

[zwarte+piet]

You won't make that mistake again.

Re: Quick fix:

[zwarte+piet]

Can't get the image of digital pcb tracks getting laid by an analog engineer out of my head.

Re:Quick fix:

[zwarte+piet]

I wondered what that smell was.

Re: Quick fix:

[Zero__Kelvin]

Keep trying.

Re:Quick fix:

[Type44Q]

How about good old-fashioned commodity hardware for the /heavy lifting/rendering... and save the ridiculously expensive secure stuff for when you can't airgap??

Re:Quick fix:

[AmiMoJo]

Even better, take Intel to small claims court and make them buy you a new AMD system.

That's what I did. The first round of patches were crippling for me.

Re: Quick fix:

The first amendment restricts the government from persecuting you based on your speech. It has nothing to do with a contract between you and a third party.

Re:Quick fix:

[AmiMoJo]

The CPU is fully open source, but you need more than just a CPU to make a useful computer.

It's still a very important project. Aside from anything else it offers other open source projects a decent CPU core to use, unencumbered by patents or copyright and fully supported by tools like GCC and Linux.

Re:Quick fix:

[drinkypoo]

More like an African elephant for Intel and a chihuahua for AMD and the rest.

Not the rest. IBM's POWER is just as vulnerable as Intel's processors, and mitigation is just as expensive. Apparently, Big Blue is just as unscrupulous as Intel. But I guess that's not a big shock to anyone who's been paying attention since, say, WWII?

Re:Quick fix:

[drinkypoo]

The main issue is Meltdown, which is Intel-only.

ITYM Intel and IBM, whose POWER processors are also vulnerable to both SPECTRE and MELTDOWN... and on whose processors mitigation is just as expensive as on Intel.

Anyone who trusted Intel or IBM before this was a tool, but anyone who trusts Intel or IBM now is a moron.

Re:Quick fix:

The architecture is yes but it is uses the BSD license which allows for the inclusion of proprietary work. That's probably where the confusion comes from. For example, if Samsung wanted to use RISCV the processor core itself would be open source but there is nothing stopping them from building in proprietary SIMD instructions into a custom FPU. BSD has always been a bit of a compromise. You can ensure a high degree of compatibility with open source but allowing the inclusion of closed source designs means businesses who want to guard trade secrets or have a market edge will be more willing to use it. True copyleft licenses will probably never see wide commercial adoption because there are simply certain things that companies will always want to keep secret.

Re:Quick fix:

The First Amendment prevents the government from restricting your speech.

You are free to enter into a contract that restricts your speech ("I agree to give you microcode updates, you agree not to publish benchmarks", or "I agree to give you $130,000, you agree not to speak about our sexual escapades").

Debian is rightfully refusing the offer, it's a stupid move on Intel's part. The natural assumption, in the absence of any benchmarks, is that the security fixes carry a severe performance penalty. If it were negligible, why try to suppress benchmarks?

Re:Quick fix:

[Tough+Love]

Anyone who trusted Intel or IBM before this was a tool, but anyone who trusts Intel or IBM now is a moron.

I wouldn't got that far, I can see how this vulnerability could be overlooked before it became a widely researched thing. I would say it convincingly demonstrates that neither Intel nor IBM is infallible. But we already knew that, after all they are just populated with a bunch of real life schmucks just like you and me. Mistakes happen. Maybe they should keep that in mind for their next design.

BTW, is there anybody stupid enough to trust a monopolist? Oh right.

Re: Quick fix:

No Meltdown on AMD.

Re: Quick fix:

But wasn't it interesting to see it unfold? I was munching popcorn from the sideline as the first Meltdown announcements came out. The initial discussions were earnest, as AMD was clearly exempt, yet quickly turned nasty when Intel tried to force the Linux kernel patch onto all CPUs. Fortunately AMD corrected for that, but within a short while the Spectre announcements started to come out and the media confusion was off the charts. From that point forward it was impossible to read fair unbiased reporting that did not mix up the vulnerabilities. In addition, I couldn't help but notice the swell in support for Intel here on Slashdot. I don't know whether there are lots of Intel staff here flying the flag, or Intel paid shills are targeting the site, or some IT professionals have been left with egg on their face (the $X million data centre they designed no longer runs to spec with the Meltdown patch applied, ...etc...) and feel frightened into defending them.

Been an interesting ride, and in many ways a good case study for how corporations interact with the media to protect their brand.

My conclusion is that Intel suck and I don't want to have anything more to do with them. I'm already switching to Ryzen on the desktop and in the server room, which has been great going so far. For my embedded projects I have RISC-V firmly in my sights and hope it can deliver.

Keep your eyes open people, stay educated and informed, and make your own decisions.

Re: Quick fix:

Yes it does. Go to the boss, tell them you fucked up, throw away all the Intel hardware and buy AMD. Easy.

Re: Quick fix:

Are you prepared to share more of your story to help others do the same?

Re: Quick fix:

[ComputerKarate]

Where I live you cannot take a company with more than 3 shareholders to small claims court. I guess it is different where you live?

Re: Quick fix:

[AmiMoJo]

It is, you can take anyone to small claims court here.

Re:Quick fix:

[drinkypoo]

Anyone who trusted Intel or IBM before this was a tool, but anyone who trusts Intel or IBM now is a moron.

I wouldn't got that far, I can see how this vulnerability could be overlooked before it became a widely researched thing. I would say it convincingly demonstrates that neither Intel nor IBM is infallible.

I can see how it would be overlooked, but I can also see that's not what happened. Intel gained a competitive advantage over AMD by architecting their chips in this fashion. It was a deliberate decision and now Intel's users are paying for it. Ditto for IBM.

BTW, is there anybody stupid enough to trust a monopolist? Oh right.

Yeah, only tools.

Re: Quick fix:

[that+this+is+not+und]

Actually, more what we used to call an RF design engineer. The tracks are waveguides.

Not some hokey analog engineer with 6V6 vacuum tubes designing an audio power amp.

Re:Quick fix:

[that+this+is+not+und]

There aren't any non-proprietary and open tools to compile Verilog or VHDL. At least not any that you can plug into a modern powerful FPGA.

we saw this coming long ago

[deviated_prevert]

You do not own a computer chip you are a slave to the software necessary for it to run which is locked down. HACK ON they deserve what they are about to reap! Reversing chips is how most of the locked down hardware was made available to Linux users for most of the early history of the kernel. Intel now wants a total lock down.... SCREW THEM

Re:we saw this coming long ago

I agree, this Intel policy sucks.

Re:we saw this coming long ago

[Balial]

You saw this coming but have no idea of the history behind microcode patches?

https://en.wikipedia.org/wiki/...

The microcode feature is there to help you, not enslave you. Silicon is forever. Patching it on your desktop after the fact is a god-send.

Learn some history before you claim to have predicted the future.

Re:we saw this coming long ago

The microcode feature is there to help you, not enslave you.

So you didn't even RTFS?
Still more evidence that RMS is always right.

Re: we saw this coming long ago

Right about what, looking as if his armpit hair spread up to his chin?

Re:we saw this coming long ago

[hcs_$reboot]

The microcode feature is there to help you

Except, as GP said, when that prevents you from using freely the CPU it runs into.

Re:we saw this coming long ago

[SharpFang]

The idea of microcode is neat, but lawyers and marketing drones can shit up any neat idea by tacking a shitty license on top of it.

Re:we saw this coming long ago

...If you're so anti-computer...what are you writing this on?

Re:we saw this coming long ago

[deviated_prevert]

You saw this coming but have no idea of the history behind microcode patches?

https://en.wikipedia.org/wiki/...

The microcode feature is there to help you, not enslave you. Silicon is forever. Patching it on your desktop after the fact is a god-send.

Learn some history before you claim to have predicted the future.

With respect; the fight to keep alternative operating systems on PCs and servers is a long and storied history. Through the "hardware partner" cartel, win modems and finally the palladium initiatives culminating in locked bios that required key codes to load an OS. Linux has weathered the lockout exclusion storms that favor Microsoft and to a lesser extent Apple.

The fact that Linux based servers still run huge portions of the servers that power the net is still a problem for Intel, in as much as Linux servers don't suffer the constant upgrade cycles that Windows servers do. Thus reducing the need to change out high horsepower gear every 5 years or so and greatly reducing the software licensing fees for ISPs and web servers. The slow sales of Windows server software to ISP, can easily be helped along by Intel locking down testing of security updates for the Linux kernel. Servers certainly must patch the Intel hell holes that speculative execution has created.

I am posting this from a core 2 duo on a Lenovo T500 that is completely vulnerable to the Intel holes that could melt me down at any time. In fact this aspect has already been exploited on firefox with a malicious javascript that put an old school activex style coded tidbit on my ram that made me kill the firefox pid and do a whois traceroute on the source. It was from a .tk as usual and the kicker was that the .tk redirected to a .ru. I still have the logs and printouts of the hack with bounces.

So yes linux is vulnerable and can be annoyance hacked due to intel's stupid speculative execution coding routines, but fortunately not completely hosed unless you are an idiot and let the attacker(s) in. The sky is always falling with opensource software and using linux as a computer OS. BUT I still refuse to send more ransom money to Microsoft or even the Coca Cola company for that matter to secure my computers for use on the information highway when Intel tries again to start WW111 with us linux users. I must indeed be a deviated_prevert to say this but: NOT ONE DIME MORE TO INTEL OR MICROSOFT I have spent enough securing and replacing their hardware and software over the 30 or so years I have needed it to do any serious work that required internet communications!

Re:we saw this coming long ago

You clearly don't work for anyone that operates a data center, or a large volume of servers.

Virtualization is a thing. Intel doesn't give a fuck what OS you run in your VMs, as long as the hypervisor runs on something that has an Intel logo on it. Windows, Linux, or otherwise, the days of buying a hundred small servers and racking them all in a giant room and having them running at 15% capacity max are long over; Intel couldn't be happier about it, either - there's far more margin to be made on the high-core-count CPUs people want for the modern VM / container hosting paradigm.

Intel is more than happy to stamp out high-end Xeon processors that cost an order of magnitude more than the lower end stuff and sell them by the truckload to Fortune 500 and cloud computing operators.

Re:we saw this coming long ago

Microcode is still a blob, a blob with non-free conditions.

Re:we saw this coming long ago

I think you might have your tinfoil hat on a little tightly.

There are a lot of us that develop cloud-based services and Linux on the cloud isn't going anywhere anytime soon.

Re:we saw this coming long ago

The microcode feature is there to help you.

The license accompanying the microcode is there to enslave you. There is no legitimate purpose for any of the license terms, other than the one restricting its use to Intel hardware. (And that one is kinda pointless, since it would take an exceptionally close clone to make any use of the same microcode)

I think I've got the message...

[niittyniemi]

So Intel, as a condition of using your patch to fix the broken shit you sold us, you don't want us to use the patch to empirically determine just how broken your shit was, or else you'll sue us?

I've got the message loud and clear: you're crooked dirtbags.

I don't think I'll be sending any money your way in future.

Re:I think I've got the message...

[r_pattonII]

The statement from Intel is translated as follows: "We really don't want the public to know how bad we screwed up so we are prohibiting you or anyone else to benchmark the issue before this patch and especially after the patch as we do not want our bottom line ($$$) tarnished by the bad publicity. Therefore since you are using cloud services and require speed this fix is supplied to you to keep your mouth shut about how bad we actually suck at providing quality code for our products. If you are not satisfied with this solution, go somewhere else. BTW good luck with that too!"

Re: I think I've got the message...

That's a license to use one of their profiling tools, not a license for the microcode patch. I'm not going to post a link to the actual license because you're obviously too big of a fucking moron to actually read it. Making purchasing decisions based on slashdot articles without doing your own research proves that.

Re: I think I've got the message...

[Bruce+Perens]

The slashdot editor munged the link to the license text. It's here.

Re: I think I've got the message...

AMD: "We'll take 'em!"

Intel just made my Streisand effect alarm break. They've screwed up the PR for this since it started. Bad updates, downplaying the severity of the issue, FUD, and now a gag order. You'd think they could handle this better, but I guess not. Rather, I'd say they are scared shitless right now. They've got another FDIV problem on their hands, nothing that will fix it without pain, and no true solution coming out the pipe for another year. Meanwhile their competition is out classing them in everything. Well almost everything, colossal PR nightmares, and bad security design isn't on their competition's roadmap. Reason to be scared indeed. I was already buying AMD exclusively over the AMT crap, but anyone buying Intel at this point is a complete idiot.

Re:I think I've got the message...

i want to see the best intel vs amd cpu benchmarks fro the last 10 years to be rerun and for us to see how the difference between intel's best and amd's best looks now with all the patches and microcode updates installed. like x4-965 vs intel equivalent. stuff like this.
i'm leaning towards the 'intel processors routinely being 20% faster than amd cpu's at the same speed" to be more even, or possibly amd having the performance crown for all these years, it's just intel cheated so much it made their cpus look faster.
amd always had the superior design, they just weren't willing to cheat as much as intel was to win.

it's funnier when you realize they don't want people to benchmark these and publish them, yet when intel launches cpu's, they include benchmarks.... which i thought were useless. oh, they're only useless when they paint you in a bad light, but they're good when they show your cheats are winning the race.

Re:I think I've got the message...

And if you want the most powerful processor?

It's like Nvidia with GPU's. They have everyone by the balls.

Re:I think I've got the message...

[RhettLivingston]

you're crooked dirtbags

From the very start of this saga when Intel jumped the gun on the press release to make sure that it combined their main problem with another problem they shared with AMD in order to make it appear as though they were equally affected, Intel has been playing dirty - bordering on criminal - pool.

Re:I think I've got the message...

[DontBeAMoran]

At this point I'm hoping the soon-to-be-announced low-cost MacBook will use Apple's own ARM CPU/GPU.

Re: I think I've got the message...

[SIGBUS]

I have absolutely no regrets about going with AMD for all my recent builds. As lackluster as Bulldozer was, Ryzen (even my relatively pedestrian 1700) has been wonderful - and I'd even take Bulldozer over Meltdown, FUD, and gag orders any day.

Re: I think I've got the message...

Oh, I found it in about 30 seconds myself. My point is that the poster I replied to is basing his actions on a headline without doing any actual research himself. That's idiotic, foolish, and the number one reason why our country is as fucked up as it is today.

Re: I think I've got the message...

Riiight, you're that incredibly nasal toned guy with the wacky hair from that ancient movie...the one about even more ancient open source weirdoes.

In all seriousness, get that checked or buy a Netipot, sounding like you talk with your nose lodged in your own ass must get old.

Re:I think I've got the message...

They also explicitly don’t allow redistribution of the patch, so no distro has any business accepting it, anyway, whether or not they agree with the stupid “no benchmarking” language.

Re: I think I've got the message...

I 100% agree, except for your last point, for desktop fair enough... but for getting a nice notebook you basically have no choice, it's intel or a giant brick or a thin but low performing one. I hear things may change but currently it's not fun trying to buy nice AMD laptops.

Re: I think I've got the message...

[Zero__Kelvin]

Debian would be distributing the patch. It would be redistribution if the Debian user ... wait for it ... redistributed it.

Re: I think I've got the message...

[jittles]

The slashdot editor munged the link to the license text. It's here.

The license agreement says that they cannot publish benchmarks, as in those who redistribute the microcode cannot publish benchmarks. It does not (and could not) restrict anyone using the microcode update to publish benchmarks. Intel has been asking all of the companies involved in this process for benchmarks since the beginning. Every single microcode update. I'm not saying Intel is doing the right thing here at all, but it's not as bad as it seems. My guess is that the reason for this change is that the performance decrease is based on the type of work being performed. The microcode that Intel sends for inclusion in firmware is different than the microcode they send to OS vendors. The firmware version of microcode has all of these mitigations disabled and they must be enabled. My understanding is that these microcode updates through OS are supposed to be optional for those who need the mitigations enabled (cloud providers, for instance). But I don't know Intel's exact reasoning behind this with any sort of certainty. And since an OS push of microcode has to be loaded every single boot, it is easy enough to downgrade if necessary.

Re: I think I've got the message...

[kalpol]

I don't even think Bulldozer was that lackluster, mine have been great other than the massive amount of heat it puts out. It's still doing pretty much anything I ask of it.

Re:I think I've got the message...

ARM yes low cost not even in your dreams.

Re: I think I've got the message...

[Shirley+Marquez]

Bulldozer had very disappointing single thread performance, making it a poor choice for gaming. It was further crippled on Windows by the fact that Microsoft didn't release a process scheduler that really understands it until Windows 8, leaving all the installed base of Windows XP and 7 with ever worse performance than the processor was capable of. Linux, of course, was updated right away, and Windows 10 inherited the improvements from 8.

Basically, you can't schedule Bulldozer as if it were a straightforward 8 core CPU because of the resources shared between core pairs. It needs to be scheduled in a way that is more like Hyperthreading on Intel CPUs, acknowledging the performance differences of various combinations of cores. Microsoft wrote that code but didn't backport it to the versions of Windows that most people were using at the time.

At the initial release, Ryzen suffered from a similar problem. Not with SMT; that was handled properly right away. But what Windows didn't understand was the need to be aware of the two CCX units and the increased memory latency for cross-CCX access. So far as I know Microsoft STILL haven't fixed that for the single-die Ryzen processors, though they do address it correctly for Threadripper. In short, they should schedule Ryzen as if it were a dual-socket system, and keep threads of the same program on a single CCX when possible.

Re: I think I've got the message...

[Shirley+Marquez]

The license of Debian explicitly gives users the right to redistribute it, with or without modification. That right is inherent to the nature of free software. So they can't possibly comply with a restriction on redistribution.

Re: I think I've got the message...

Yes, I can only find 5 Ryzen laptops at the moment. I'd like a little more choice before I jump in and buy, but buy I will.

Re: I think I've got the message...

[Zero__Kelvin]

Very good. You just restated the content of the story. Here's your sign ...

Re:I think I've got the message...

i want to see the best intel vs amd cpu benchmarks fro the last 10 years to be rerun and for us to see how the difference between intel's best and amd's best looks now with all the patches and microcode updates installed. like x4-965 vs intel equivalent. stuff like this.
i'm leaning towards the 'intel processors routinely being 20% faster than amd cpu's at the same speed" to be more even, or possibly amd having the performance crown for all these years, it's just intel cheated so much it made their cpus look faster.
amd always had the superior design, they just weren't willing to cheat as much as intel was to win.

it's funnier when you realize they don't want people to benchmark these and publish them, yet when intel launches cpu's, they include benchmarks.... which i thought were useless. oh, they're only useless when they paint you in a bad light, but they're good when they show your cheats are winning the race.

Intel still has the performance crown, even after these patches that cause slowdown. Intel was frequently 200%-500% as fast as AMD at the same clock speed. A 5-20% reduction is nothing in comparison.

Re: I think I've got the message...

Not since the k-2, and only in very small numbers of programs. Nobody is really talking about Pentium pro vs 486 clones here

Lies?

The linked license is for a Memory Latency Checker, not for the ucode patches.
It seems entirely understandable that a company would prohibit sharing results of a profiling tool like this for benchmarking.

Re:Lies?

[glowworm]

The Microcode tgz file also contains a license file with the same language

"(v) publish or provide any Software benchmark or comparison test results. "

However, there is also a clause that says if you download the tgz you accept the license automatically. So, the act of downloading to read thatlicense means you have agreed will not publish benchmarks.

Re:Lies?

Pretty sure that the shrink-wrap license issue was already tested in court and lost--completely unenforceable.

Re:Lies?

[Bruce+Perens]

Yes. I didn't write that link. The proper text can be found here.

Re:Lies?

The Microcode tgz file also contains a license file with the same language

"(v) publish or provide any Software benchmark or comparison test results. "

However, there is also a clause that says if you download the tgz you accept the license automatically. So, the act of downloading to read thatlicense means you have agreed will not publish benchmarks.

I'd like to see a court case. Wouldn't this be thrown out as an obvious violation of free speech? Sure intel could not hire someone who benchmarks their stuff, or fire someone who benchmarks it and happens to work at intel, but I'd think that is it.

My last 3 cpu's have been intel. Prior to that is a bunch of AMDs. I don't need any currently, but AMD was already likely going to be my next CPU, whenever that is.

Re:Lies?

[thesupraman]

You cannot agree to a license until you have had an opportunity to read it.
WELL Established these days.

However, they can stipulate that you cannot use the item until you agree, so long as they can show that the license was reasonably presented to you.

Intel trying top prosecute anyone on this however would be... interesting PR.

Re:Lies?

[Mal-2]

For the tealdeer crowd, the relevant portion starts on line 71.

Re:Lies?

[anegg]

I'd like to see a court case. Wouldn't this be thrown out as an obvious violation of free speech? Sure intel could not hire someone who benchmarks their stuff, or fire someone who benchmarks it and happens to work at intel, but I'd think that is it.

"Free speech" in the United States typically means rights against federal government regulation described in the 1st amendment to the US constitution. There isn't a general prohibition against a contract requiring someone not to talk about something - non-disclosure agreements specifically limit an individuals ability to speak about certain matters. IANAL; I have no idea how likely it is that a prohibition on publishing benchmarks contained in a firmware license for firmware necessary to patch security vulnerabilities in a chip would be found valid or invalid by a court. However, I don't think a winning argument against it would be based on it being a violation of free speech.

Re:Lies?

[LaughingRadish]

How well do you suppose a book publisher will get with a clause stating that nobody shall release a review of a particular book without that review first being approved by the publisher?

Re:Lies?

just let someone in a country that doesn't give a shit about things like forced conditions and shrinkwrapped terms and licenses to post the benchmarks. it'll happen. hell, someone (many someones, no doubt) in the u.s. will do it, too, regardless of what intel 'demands'.

Re:Lies?

[niittyniemi]

I'd like to see a court case. Wouldn't this be thrown out as an obvious violation of free speech?

Perhaps you haven't been watching too closely but this 'take your customer to court & try and destroy him' approach to doing business in the tech world has been going on since at least the '80s to my knowledge. It occurs because the US justice system has been whored out to the john packing the biggest wallet. It's not about justice, it's about money - that's the American Way.

Somebody who can take considerable credit for the 'sue 'em if they benchmark it & realise it's overpriced shit' subgenre as demonstrated by Intel in this case, is the verminous, coiffed poltroon and great helmsman (who shat himself on the Sydney/Hobart one memorable year - what a complete & total helm'): Larry Ellison.

Trying to get a prof fired for doing benchmarks? Threatening to sue security researchers reporting bugs in contradiction to Oracle's EULA? Yep, the maggot Larry.

This won't stop happening until enough people stop buying their stuff, and stop buying from people who buy their stuff.

It's happening to Oracle and it's going to be happening to Intel too. You can pass the odd cockup off as an aberration but a veritable blizzard of them?

It's not like they're the only game in town, let alone the best game.

Intel shareholders must be wondering why their shiney new CEO resembles the old one in every respect: a completely clueless horse's cock.

Time to fire the board, folks, or your business is toast. Actually, I think a rebrand might be in order.

Give the name: IG Farben a go perhaps? Memories are short and they had a better reputation back then than you have now with "Intel".

Freedom of Press

Conduct benchmarks anyway, claim they were provided by an "anonymous" source, publish....

Re:Freedom of Press

No need to, just do them in some other country than US.

It's extremely slow now!

[Gravis+Zero]

The reason they did this is because it slows performance to what I would call a painful crawl. I would post the benchmarks to quantify and prove it but it's not allowed.

Re:It's extremely slow now!

Well, if you break the license, you should stop using product (the updated microcode). I'm sure someone would sacrifice their CPU for publishing

Re:It's extremely slow now!

Methinks "slows performance to what I would call a painful crawl" qualifies as a benchmark report. You, sir, are in violation!!! Expect contact from lawyers shortly.

Re:It's extremely slow now!

[sinij]

The reason they did this is because it slows performance to what I would call a painful crawl. I would post the benchmarks to quantify and prove it but it's not allowed.

Painful crawl is slightly faster than a standstill, and slightly slower than molasses slow. So you did benchmark it and violated the agreement.

Re:It's extremely slow now!

>Painful crawl is slightly faster than a standstill,

That's like saying "at least poor people make $5 a day instead of $2".

> So you did benchmark it and violated the agreement.

This is what the site has come to, oohhhh nooo he violated a basically unenforceable agreement on his home computer?

Re:It's extremely slow now!

[Tough+Love]

One person downloads and applies the patch, another runs the benchmarks. Why is this complicated? In the worst case, somebody posts the results anonymously.

Intel is definitely wrong here, legal thuggery notwithstanding.

Re:It's extremely slow now!

[wgoodman]

That's why they added "or allow a third party to.."

Re:It's extremely slow now!

[Tough+Love]

Interesting and fanciful legal theory that some crack addict in Intel's legal department put forth. How can any processor maker control what somebody does with their computer? Well that is the issue of course. Intel so obviously in the wrong. I say, rub their noses in it more than a little bit.

Re:It's extremely slow now!

[Dragonslicer]

How can any processor maker control what somebody does with their computer?

They aren't. The license doesn't say that you can't run any benchmark tests, it only says that you can't tell anyone else the results. Of course, it's still stupid.

Re:It's extremely slow now!

C'mon, Mods, how about some +1 Funny?

Say, what's that black helicopter outside my windo~~~+++~~~NO CARRIER

Re:It's extremely slow now!

[Tough+Love]

OK, so a friend runs the benchmarks and EFF publishes them. EFF notifies Intel that they have done so and that their third party software license stipulation is unenforceable. Hilarity ensues.

Re:It's extremely slow now!

[Dragonslicer]

OK, so a friend runs the benchmarks and EFF publishes them. EFF notifies Intel that they have done so and that their third party software license stipulation is unenforceable.

Intel asks a judge to subpoena someone from the EFF and ask them who the friend is that violated the license. Whether or not it's worth it for Intel to push to find out who it was, that's a separate question.

Hilarity ensues.

For those of us watching at home, hopefully yes. Still a pain in the ass for anyone who has to waste time and money defending themselves in court.

Re:It's extremely slow now!

[Tough+Love]

Intel asks a judge to subpoena someone from the EFF and ask them who the friend is that violated the license.

The friend turns out to be a lawyer working for EFF. This is the raison d'etre for EFF, this is precisely how they get donations and entertain themselves. Intel is highly unlikely to go as far as a subpoena or any other such wankery, it would be highly embarrassing for them. This whole fiasco is just the result of some overzealous minion getting a bit too creative with the creative license writing. It should be put down firmly by people whose business it is to do so (like Bruce Perens) and we should all move on.

Re:It's extremely slow now!

[Dragonslicer]

The friend turns out to be a lawyer working for EFF. This is the raison d'etre for EFF, this is precisely how they get donations and entertain themselves.

No complaints from me. I'm perfectly happy to see crap licenses get struck down by a court. It's also much better for an organization such as the EFF to do it, since they're well-prepared for the fight, instead of some random Slashdot reader.

Intel is highly unlikely to go as far as a subpoena or any other such wankery, it would be highly embarrassing for them.

True, but I try not to underestimate how far some companies will go with the wankery (Oracle comes to mind). Sometimes they don't realize how embarrassing it might be, and sometimes they just don't care because they know they won't lose any business over it (Oracle again comes to mind).

To emphasize, I agree that this license provision is crap. I just wanted to try to correct a couple points.

Re:It's extremely slow now!

[Tough+Love]

It's also much better for an organization such as the EFF to do it, since they're well-prepared for the fight, instead of some random Slashdot reader.

What makes you think there are no EFF members randomly reading Slashdot?

Re:It's extremely slow now!

[Tough+Love]

This whole fiasco is just the result of some overzealous minion getting a bit too creative with the creative license writing. It should be put down firmly by people whose business it is to do so (like Bruce Perens) and we should all move on.

Well there ya go.

Re:It's extremely slow now!

[Dragonslicer]

I'm sure plenty of Slashdot readers have donated money to the EFF, and I'm sure several people who work for the EFF read Slashdot at least occasionally. Does the EFF call anyone who donates money a member? The probability of a randomly selected Slashdot user being employed by or volunteering significant time to the EFF is extremely low. The probability of a randomly selected Slashdot user having donated money to the EFF is higher, but I would guess it's still unlikely.

If you specifically select a Slashdot user because they work for the EFF, then your selection isn't random. Bruce is not, with any reasonable probability, a "random Slashdot reader".

What makes you think there are no EFF members randomly reading Slashdot?

I would think that any EFF member who is reading Slashdot intended to come here. Do they typically have their computers select random web sites to visit?

Re:It's extremely slow now!

[Tough+Love]

Bruce is not, with any reasonable probability, a "random Slashdot reader".

I beg to differ, Bruce is pretty random. Me too, I consider it a badge of honor.

Hey Rocky, watch me pull a rabbit out of my ass

[bobstreo]

"This time for sure!"

I've had an AMD-64 microcode patch sitting in my update manager for a week or so. I think I'll wait a little longer to apply it,

  I don't like being the first wave of test monkeys.

Re:Hey Rocky, watch me pull a rabbit out of my ass

[Tough+Love]

Not what you're on about. AMD microcode updates have been solid as a rock in my personal experience.

Re:Hey Rocky, watch me pull a rabbit out of my ass

Not what you're on about. AMD microcode updates have been solid as a rock in my personal experience.

AMD64 is the architecture, like 486 or 8080. Intel 64 bit processors are AMD64 architecture.

Re:Hey Rocky, watch me pull a rabbit out of my ass

amd64 is the 64-bit mode/architecture of both AMD and Intel. Linus refused to rename it to something more Intel-centric (it was introduced with the AMD Athlon 64) after Intel sort-of pretended of having come up with a 64-bit mode of their own. So an amd64 microcode update can be for either an Intel or AMD 64-bit system. Considering the total of the context of the OP, I would rather guess on Intel, even though he wrote "AMD-64" instead of the "amd64" moniker used in Linux.

Re:Hey Rocky, watch me pull a rabbit out of my ass

[drinkypoo]

AMD64 is the architecture, like 486 or 8080. Intel 64 bit processors are AMD64 architecture.

Literally everything you said was wrong. amd64 is the instruction set. The architectures have code names by which we know them, and none of them are called "AMD64". Intel 64 bit processors duplicate the AMD64 instruction set, but they have different underlying architecture than the AMD processors. They are similar because they perform similar jobs, but they are not identical.

Re:Hey Rocky, watch me pull a rabbit out of my ass

In Computer Engineering, the two terms are synonymous. You are confusing die architecture with processing architecture. The former is physical, the latter is logical.

I know you aren't a CE. You know that you aren't a CE. Stop lying to everyone and yourself by injecting falsehoods into a discussion about CE.

Re:Hey Rocky, watch me pull a rabbit out of my ass

AMD64 is the architecture, like 486 or 8080. Intel 64 bit processors are AMD64 architecture.

Literally everything you said was wrong. amd64 is the instruction set. The architectures have code names by which we know them, and none of them are called "AMD64". Intel 64 bit processors duplicate the AMD64 instruction set, but they have different underlying architecture than the AMD processors. They are similar because they perform similar jobs, but they are not identical.

Replying again.

Here You piece of shit. Right from the creators of the AMD64 artchitecture. You can't even get the capitalization right.

I'm sick and tired of this culture of ignorance that has saturated technology. We are supposed to be nice now. We are supposed to not act like Theo or Linux. We are supposed to be inclusive for diversity's sake. We always were inclusive except for people that are incompetent. That is why BSD and Linux just work better most of the time. People like you are tolerated. People like you think you can spew ignorance while jerking your ego because nobody calls you on that shit.

This trash is why people are still being hacked. This trash is why everyone has to do weekly updates on everything made within that trash culture. This trash is why everything is fragile. Some think technical specifics don't matter. Technical specifics are the difference between the Hubble Space Telescope and the Challenger. Technical specifics are the difference between the OKC federal building standing after an asshat destroyed half of it and what happened in New York. This is why Trump is president, Russia and China continue to get what they want from us, and garbage people like you make the lives of everyone you know to be a little worse. These things matter, your feelings don't.

Re:Hey Rocky, watch me pull a rabbit out of my ass

[Tough+Love]

You know that you aren't a CE. Stop lying to everyone and yourself by injecting falsehoods into a discussion about CE.

Wow, you have serious issues, you need to learn some respect. And you are spouting nonsense. Physical vs logical indeed, thanks for your own private definitions, I'm sure everyone in the industry will appreciate those.

Re:Hey Rocky, watch me pull a rabbit out of my ass

[Tough+Love]

And WTF is "die architecture"?

Re:Hey Rocky, watch me pull a rabbit out of my ass

[Tough+Love]

This was a parody post right? Please tell me it was parody.

Kudos

[jmccue]

Well kudos to Debian. I am very disappointed in seeing Red Hat, SUSE in saying the licence is fine.

Just goes to show you how close to Windows the big commercial Linux Distro are moving.

Re:Kudos

you mean close to Microsoft, windows is a product.

The companies dont want to risk their bottom line by losing customers to someone who will provide needed patches. Not that i agree, but it is what they are doing.

Re:Kudos

[sinij]

You are assuming they read the click-through agreement.

Re:Kudos

[Bruce+Perens]

Actually, I've caught Red Hat in a number of legal mistakes where I've had to wake up one of their lawyers to the issue, because the engineer never consulted one. This might be that sort of thing, or whoever read the text didn't consider the implications. The microcode runs for every instruction, and as far as I can tell the prohibition applies to all use of the CPU. Don't ever provide or publish benchmarks, even for your own software, using this CPU to collect them.

The lawyer who wrote the license obviously didn't walk through what the CPU actually does, and that the implication of the language would thus be larger than expected.

Re:Kudos

It does sound like Intel needs to train product category specialized technical lawyers to craft their contracts. Every other highly technical field gets its specialists over time, lawyers and judges included. Now these products start to form the backbone of societies, so perhaps they are important enough to warrant some extra attention.

Re:Kudos

[short]

It is being discussed for Fedora, RHEL is its derivative.

Re:Kudos

[AmiMoJo]

Would the licence even apply to the end user? Will a licence agreement pop up on screen asking the user to agree to Intel's terms when they install a Red Hat OS or update one?

Because it seems likely that the end user will never even hear about the patch, and innocently go run some benchmarks when they find their system has slowed to a crawl.

Will be interesting to see how Microsoft handles it too. Someone is living in a fantasy world if they think people are going to stop benchmarking and posting the results online.

Re:Kudos

I fully agree. Part of the maturity process for any organization or individual is learning to tell people to go fuck themselves. After that, you spend the rest of your existence learning how to stop telling people that. Kudos indeed to Debian for having a spine and I hope the rest of the open source community learns how to follow their lead.

Re:Kudos

Actually, I've caught Red Hat in a number of legal mistakes where I've had to wake up one of their lawyers to the issue, because the engineer never consulted one. This might be that sort of thing, or whoever read the text didn't consider the implications. The microcode runs for every instruction, and as far as I can tell the prohibition applies to all use of the CPU. Don't ever provide or publish benchmarks, even for your own software, using this CPU to collect them.

The lawyer who wrote the license obviously didn't walk through what the CPU actually does, and that the implication of the language would thus be larger than expected.

Unfortunately, the issue here is far more fundamental.

These kinds of licenses violate fundamental rights.

There was at least one case where a court decided that attempting to take away fair use rights via contract was grounds to lose the copyright on the material. But that is exactly what was done in the license text "You will not, and will not allow any third party to (i) use, copy, distribute, ... the Software or associated documentation ... modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws ". Translation: you can't exercise fair use rights.

As fair use rights must be considered as being protected by the 9th and 10th Amendments, this means the contract disallows the exercise of these rights - placing contract law superior to the Bill of Rights. That's unethical practice of law: the reasonable expectation of the public - which is protected by the right to ethical practice of law under the 9th and 10th Amendments - is that the Bill of Rights will be superior to all other law, and thus fair use rights can not be taken away by any lessor law, including contract law, and the DMCA.

Similarly, the prohibition on "disassemble, decompile, reverse engineer" violates fair use rights, and the right to freedom of thought (including the right to exercise one's curiosity), also rights arising under the 9th and 10th Amendments and thus not subject to a lessor law such as contract law.

Even creating the impression, through complex language, that they are taking away these rights is a violation of the right to ethical practice of law - it creates an artificial and avoidable demand for the services of legal professionals by making a legal document unnecessarily complex and hard to understand.

The US legal profession is in a position of significant ethical conflict of interest with respect to the nature, scope, and form of contract law. It's a huge legal ethics problem. Even the appearance of conflict of interest must be avoided when alternatives exist - and that clearly isn't happening here. The language could be simpler, and could make clear that they are not attempting to take away people's rights.

I think the conclusion we need to reach from considering examples like this - this sort of language is typical in these contracts - is that the US legal profession is massively unethical - and US judges are willing to allow unethical practice of law to be an everyday and routine element of the practice of law.

Everybody involved is violating their oaths to uphold the law, and the federal officials are violation the Constitutional requirement of 'good behaviour' - which is a precondition for holding office - which means these officials have disqualified themselves from office and are now impersonating government officials.

As the infringement of fundamental rights 'under the colour of law' has been a criminal offence in US federal law for a long time, this is criminal conduct by both the government officials involved, and the third party lawyers writing these contracts.

As rights retained by the people are retained by the people by definition, no entity of government can take these rights away - so no judicial precedent o

What I hope will happen

[Bruce+Perens]

I hope that the part of Intel with some sense will wake up to what that other part of Intel is doing and fix this, quickly. When there is a company that big, it has a multiple personality disorder. Obviously this time somebody didn't think through the implications of their legal language.

Re:What I hope will happen

So basically any lawyer? No, I think they most certainly thought this through, unfortunately it was filled with dollar signs falling from the sky. This was designed to bring them work battling it in court for _years_, if not decades. At the end of the day they will make a killing along with their friends.

Never underestimate greed.

There's a lot of good people who work at Intel but this kind of crap really makes me wonder if they are trying to kill off x86 for something "new" (aka growth, job security, new nsa backdoors, etc). Wouldn't at all surprise me if the usuall slimeballs were involved too - Google, Microsoft, Amazon, Dell, etc. The Emperor(s) ran out of new cothes.

That's not the message I took away

[rsilvergun]

what I took away was "Go buy an AMD processor".

Re:That's not the message I took away

"Go buy an AMD processor... The new leader in all CPU benchmarks!"

Re:That's not the message I took away

[thegarbz]

what I took away was "Go buy an AMD processor".

If you took nothing away you would likely be legitimately looking in AMD's direction anyway. AMD have made some amazing strides back into the market place in the past few years.

Car analogy time

That's like offering a upgrade (downgrade more like) to your supercar and never being able to tell anyone about how much better it is than before.. never being allowed to start a stopwTch when to stomp on the accelerator!!! If I had time I would post results to a pastebin account from a coffee shop with a Pringles canntenna on a raspberrypi running Tor that gets launched as soon as I'm done!!

How much Cocain does a lawyer need to rack up to get you to the point where they think this is ok?

Re:Car analogy time

[Bruce+Perens]

Well, the good lawyers call me when they do stuff like this. Or someone like me who can read a license and knows how a CPU is built. I have saved a few from mis-stating themselves.

Only if a judge says so

Intel can put "You will not (i) exercise any of your first amendment rights ever again." in their license. That doesn't make it enforceable.

I bet Intel would be too chicken-shit to even sue over this license breach.

Is a judge really going to say that a software license, to fix a defect in a product, can rise to the level of an NDA (non-disclosure agreement)?

The precedent set by a counter suit for a full refund plus court costs will have Intel scrambling, tail between legs, to change this license text.

Re:Only if a judge says so

[PPH]

That doesn't make it enforceable.

And what will the penalty be? Pay them back the price of the patch?

The interesting part would be if someone installed the patch, ran the benchmarks, published the results and then Intel sued them for an imputed loss of sales.

Re:Only if a judge says so

[Spamalope]

Loss of the lawsuit from customers who paid Base price * 3 for the bleeding edge processor and received performance at a level below the advertised performance of the base unit. I'd think they'd want a refund (at least of the price difference - but if they've got to replace the platform to recover the speed... that's more expensive isn't it).
And why wouldn't they be entitled to one just as a diesel VW customer would be.

Re:Only if a judge says so

[cstacy]

Intel can put "You will not (i) exercise any of your first amendment rights ever again." in their license. That doesn't make it enforceable.

First Amendment pertains to GOVERNMENT censorship, not to private contracts such as software licenses.

Re:Only if a judge says so

Hmm, so you think this clause in license for some trivial indie game would be perfectly enforceable? You are so wrong it is not even funny.

Re:Only if a judge says so

[cyberchondriac]

That has nothing to do with the First Amendment. Why do so few people understand what free speech means? It means the government can't penalize you for speaking your opinion; it says nothing of a private institution suing you over a disputed NDA or contract. There should be some other legal recourse however to defeat this ridiculous, draconian license.

Wrong link

[Bruce+Perens]

The link at "a new license term" is to a license for a different product. I'm sure I didn't write that :-)

Someone at Intel might want to read about...

[ElizabethGreene]

Someone at Intel might want to read about the Streisand effect.

Re:Someone at Intel might want to read about...

[dddux]

We have a very old proverb here: "Good news travel far, but the bad news travel farther". Something along these lines.

this is why

This is why I use debian and AMD

In something approaching lawyerese...

[Letophoro]

Our new microcode reduces performance so much that we must muzzle those who analyze these things for a living to prevent them disclosing their results lest it negatively impact our stock price in a manner sufficient to affect the valuation of those in our organization whose position begins with XXO (Something Something Officer), at least until such time as the proper retirements and/or significant stock sales are complete.

Quicker fix.

Use Transmata chips.

What if I do publish the benchmarks?

[Gabest]

Will I lose the right to use the CPU?

Re:What if I do publish the benchmarks?

[Miles_O'Toole]

"You can use the CPU, bitch, but only the way WE tell you to use it". No doubt that's the fantasy Intel execs masturbate to every night before bed.

Re:What if I do publish the benchmarks?

Will I lose the right to use the CPU?

If you can still use it after Intel used their IME for remotely bricking it. Let's hope your benchmarks did not make it too easy to figure out your network address.

What's the problem?

[JThundley]

"as specifically required by ... any applicable third party license terms accompanying the Software"

Debian packages the software and redistributes it with the GPL, Intel now has to has to abide by the GPL!

Re:What's the problem?

The intel-microcode packages for Debian are in the non-free repository. I'll make a point not to take legal advice from you.

Links to benchmarks?

[KClaisse]

So.....



Anyone got a link to some benchmarks?

Re:Links to benchmarks?

Here's a link, I just hope Intel doesn't commandeer my#``{{#'+`$NO CARRIER

Probably a mistake

Someone probably just did a quick copy and paste job from another license and didn't bother to edit out the bits that don't make sense. When you remember that at least half the people in any given company are probably faking it, it's not all that surprising. Hopefully, some media coverage will get the attention of someone higher up at Intel who will say it was a mistake (even if it wasn't) and push out a revised license that doesn't include the offending bit.

Re: Probably a mistake

Nothing to see here, move along, just a mistake.

Dude! Itâ(TM)s pretty specific. The problem is, there is legal liability. The attempt to limit may fail, but itâ(TM)s for certain intentional.

How long before we see what this code does?

[Streetlight]

I already expected to see either a link here in /. or real data on the effect this code has on CPU performance. Maybe I'm looking in the wrong place.

Re:How long before we see what this code does?

[sgage]

"In a time of universal deceit, telling the truth is a revolutionary act. George Orwell"

In a time of universal deceit, telling the truth is a total fracking waste of time.

Yes, I'm afraid it's come to this.

Intel is scum

Refusal to completely disable harmful management engine

False equivalence PR doublespeak on Meltdown

16 lanes is a woefully inadequate joke

ECC is AWOL

Insane strong-arming and political games to attempt to hide dirty laundry.

Intel doesn't deserve my business.

Re:Intel is scum

[sgage]

I feel bad that I bought a new computer this spring with an Intel processor. I can't afford to just get a new computer, or I would. But I'm stuck with this one for a while.

Is this enforceable outside the US?

[shking]

There are much stronger consumer protection laws in many countries, the EU for example

Re:Is this enforceable outside the US?

It would be interesting to see if the Chinese "captive" PC makers (Lenovo, etc) run benchmarks, and dare Intel to sue them, and the Chinese government by association....

R O

Re:Is this enforceable outside the US?

A vendor cannot change the terms of sale during a warranty repair. The CPU as purchased is faulty. Everyone in Europe with Intel CPUs under warranty would be justified in returning them for a full refund.

Make your next CPU

[AHuxley]

a AMD CPU. Enjoy some benchmarks.

Re:Make your next CPU

Techspot just published some very extensive benchmarks ( https://www.techspot.com/review/1683-linux-vs-windows-threadripper-vs-core-i9/ ) that make AMD's Threadripper 2990WX look significantly faster than Intel's i9-7980XE in a lot of the particular tests. Interestingly they did most (all?) of the tests with Linux and Windows 10 on both CPU's and Linux also seemed to do better to various degrees (a little to a lot).

I suppose we could assume this patch will increase the AMD performance margin, depending on the particular test, so why bother with worrying about how much more the patch hurts the Intel - just assume it will perform even worse, and buy accordingly, eh?

R O

Re:Make your next CPU

Win10 has issues with more than 2 NUMA nodes (and really, some would claim that it chokes on just 2, but I digress). Linux's scheduler does not have so many problems.

Anyway, the 2990WX represents . . . 4 NUMA nodes? It's a bit wonky, though it's awesome when it works right.

The 2950X seems a better fit for Win10.

quote âI'm not blaming Intel for this,,,â

Why not? I certainly do, and evidence is that they knew about these vulns for a while (especially Foreshadow) and said nothing. During that time, many ppl purchased products on the strength of benchmarks they knew would be revised. This is close to the definition of false advertising, at the very least.

But put that aside... the security aspect is much more important, much more damaging to the average person.

So, yeah. I blame Intel.

This is a national security issue

[Zero__Kelvin]

Intel is guilty of attempting to undermine national security and whomever attempted this bullshit should be charged accordingly. Every qualified security expert should look carefully at this code and publish their findings post haste.

Re:This is a national security issue

[sgage]

"Guns don't kill people; Physics kills people!"

Guns don't kill people; BULLETS kill people!"

Re: This is a national security issue

[Zero__Kelvin]

Yeah ... That's way more funny. DOH!

nope

[matushorvath]

"Many computer users don't allow outside or unprivileged users to run on their CPUs"

Your browser is running some outside unprivileged JavaScript for almost every page you visit. One of the exploits was specifically described for JavaScript running in a browser.
You don't even need to be able to execute code. Even code that would traditionally be considered harmless could potentially be used for side channel attacks if you e.g. control the input data. That invoice your ISP sent you as a PDF could potentially use a harmless piece of code inside Adobe Reader to do something harmful.
The fact that it has not been demonstrated yet does not mean it can't be done.

Re:nope

[phantomfive]

I think that sentence was aimed at people run their own data centers. Many of these computers (most?) don't even have a web browser installed.

Re:nope

[Spamalope]

Why would anyone bother with a novel approach to exploiting Adobe products when there are such a large number of known vulnerabilities to choose from?

Re:nope

I think that sentence was aimed at people run their own data centers.

You think "Many computer users" really meant people that run data centers?

Many of these computers (most?) don't even have a web browser installed.

Oh honey, you must not have any experience in one. Few companies give people the time to custom strip an OS before install. If the base has a browser, or any software has a browser (good luck finding all those webkit installs integrated with web provisioning servers/apps/etc) it's gonna stay 99% of the time. Might not ever be used, but it's there in the cheap storage.

Why do people, particularly those that post throughout working hours, say patently absurd or ignorant things as if they are authorities? Are they a class of technology workers like PHB MBA's where having landed an easy job with lots of off time makes them think themselves experts on all subjects?

Re:nope

[thegarbz]

Your browser is running some outside unprivileged JavaScript for almost every page you visit.

Which would worry me if the browser ran that script long enough to build up a detailed profile of my machine, and then customised it's own malware attack to make a side channel attack at all relevant.

The reality is side channel attacks MUST be targetted at a specific system setup, or in many cases with modern OS security measures the actual specific currently running system with the hope it doesn't reboot at some point. Just because your browser executes Javascript doesn't mean anyone in their right mind would attack or even be able to successfull attack your system in doing so.

The fact that it has not been demonstrated yet does not mean it can't be done.

It can be done. Everything CAN be done. The point is it WON'T be done because of the sheer amount of effort requried when there are far more effective attacks. Even for malware writers and hackers time ultimately is money and a generic bug is many orders of magnitude more valuable to them than a side channel attack on memory.

Re:nope

[AmiMoJo]

Browsers run Javascript in a VM. It's not the same as running code directly on the CPU, and a world away from changing the CPU microcode that runs below all other protection mechanisms.

CPU microcode malware would be incredibly hard to detect or mitigate. We are reliant on CPU vendors keeping it secret enough to prevent abuse.

Intel?

Intel has not gone bankrupt yet due to the large existing install base of Windows computers running on x86 and its derivatives. However, the world is going mobile - and that's a realm that is neither dominated by Intel x86 nor Microsoft Windows. Plus, with Satya Nadella at Microsoft's helm, I would be willing to bet that at some point in the future, Microsoft will reduce Windows to a mere API running atop Linux, redirecting its efforts to Microsoft Office and other profitable applications, as well as Microsoft Azure. If and when that happens, Intel is screwed.

Re:Intel?

[sgage]

Imagine if MS went all in supporting/facilitating Wine. I wouldn't be surprised at all if they had contingency plans...

That's not the message I took away-egg salad.

I find it ironic that when the features in question were having a positive listing in benchmarks, everyone and their dog was toting it especially when it came to AMD comparisons (yeah AMD's going to fail because we're better than you). Several years later AMD is doing much better and Intel is afraid of benchmarks because it makes them, and their fanbase look really, really bad.

AMD

[BrendaEM]

Vote against Intel's malarkey with your money.

Re:AMD

Good luck with that.

AMD is really weird. Their GPU's are decent but everything that makes them work (drivers, software) is so buggy and messed up as to make the hardware practically worthless.

Same with their CPU's which are decent but all the chipsets surrounding them are so buggy and messed up that you don't want to use the CPU.

Re:AMD

Vote against Intel's malarkey with your money.

Why not against nvidia as well seeing how they are as bad as Intel.
Nvidia: https://www.youtube.com/watch?v=H0L3OTZ13Os
Intel: https://www.youtube.com/watch?v=osSMJRyxG0k

Re:AMD

[Fly+Swatter]

ATI had horrible and buggy drivers too, what happened to them?

Re:AMD

Can't speak to the GPU side but the Ryzen CPUs are fantastic and the chipsets have never been problematic IMO. The on-die memory controller was a little different at first but now I have no issues on my 1st gens and never had any issues with my Ryzen+.

Re:AMD

What are you talking about? My Ryzen 2700X can compile the linux kernel in 52 seconds. I think I'll be alright.

Re:AMD

In case this isn't a troll...

ATI was aquired by AMD. It's the same outfit with the same buggy drivers.

Re:AMD

AMD bought them and the driver stayed horrible. What is your point?

Re:AMD

[drinkypoo]

ATI had horrible and buggy drivers too, what happened to them?

They started publishing enough driver information to developers that they are able to make a functional Open Source driver. nVidia is still worse about that. Best to avoid spanking new AMD video cards until the free driver supports them, however.

Re:AMD

[Shirley+Marquez]

AMD's CPU chipsets have been solid for quite a while. The problematic AMD motherboards were mostly back in the day when third party chipsets were still available. VIA, notably, did a number of them and not all of them were good. The only reports of problems with Ryzen motherboards I have heard of involved support of very fast RAM; that one appears to have been the fault of both the CPUs and the motherboard chipsets; it was mitigated with microcode updates for the CPUs and fixed in the second generation Ryzen products.

AMD, nee ATI, graphics drivers can still be a problem. And the company tends to drop support of older graphics hardware like a hot potato, much more quickly than NVidia does. On the bright side, AMD is much more cooperative with open source development than NVidia is, so older ATI/AMD graphics hardware is well supported on Linux.

Intel is not managed well, in my opinion.

[Futurepower(R)]

Intel is AMAZINGLY self-destructive, IMO!

Intel says this: Intel's Brian Krzanich is forced out as CEO after 'consensual relationship' with employee. Another story: New details emerge on the office affair that led to Intel CEO Brian Krzanich's surprising resignation on Thursday.

Do you believe this quote? "The office affair which sparked Intel CEO Brian Krzanich's surprise resignation on Thursday started a decade ago and ended before he became CEO in 2013, The Wall Street Journal reported."

I'm guessing that Intel is trying to hide the real reasons that CEO Brian Krzanich is no longer CEO: 1) The Sceptre and Meltdown vulnerabilities in nearly all Intel CPUs, problems that began with former CEO Paul S. Otellini. 2) He used inside information to profit: Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock.

The new Intel CEO is Robert Swan. He joined Intel in September 2016 as CFO.

One of the most self-destructive acts is to appear to lie. Then everything else is examined as also possibly a lie.

Re: Intel is not managed well, in my opinion.

An outsider might be what they need, they have the same mentality as Microsoft to extend vs innovate.

Rumors have it Intel will be laying off soon. Probably more grade capped experienced employees

Re:Intel is not managed well, in my opinion.

The #metoo hysteria might be on the wane but companies are still terrified of sjw twitter mobs. Any important male publicly known to have ever glanced in the vague direction of a female at any point in the last 30 years opens himself up for immediate dismissal.

Re:Intel is not managed well, in my opinion.

Have they asked Elon Musk to step in as a Social Media Officer and SJW-in-Chief yet?

Re:Intel is not managed well, in my opinion.

[thegarbz]

Don't guess. Intel has absolutely nothing to lose by saying the CEO steps down due to Spectre and Meltdown. Hell their share price may even spike up as a result.
While you're not guessing, also don't underestimate the stupidity of past actions in the moden Code of Conduct / #metoo world we live in. Many people have been undone for things they have done in the long past that don't conform to modern social norms*. There are countless people out there who are bleeding from their self inflicted character suicide wounds, they are just waiting for the end to come.

*Note here we're talking about social norms, not something actually illegal like touching little boys or sexual assault which were the very legitimate components of the #metoo movement.

Re:Intel is not managed well, in my opinion.

[Z00L00K]

Now we just have to find a scapegoat for rowhammer as well.

Re:Intel is not managed well, in my opinion.

[DarkOx]

I agree but lets be really honest about something else while we are on that subject. Those skeletons are left to lay in their closets unless unless you extol the wrong politics or tick off the wrong person. The CoC / #meToo crowd has a some legitimately aggrieved folks in it who deserve justice but to pretend that the majority of people banding those terms about on twitter are not using as either a person or political weapon for entirely selfish motives is nonsense.

Re:Intel is not managed well, in my opinion.

[BlackOverflow]

Intel inside

Re: Intel is not managed well, in my opinion.

#metoo, which culminated in calling Aziz Ansari a predator for not being a kind reader, was about anything but honest allegations. All men are fearful at work around women and rightfully so. I, myself, thought like you do until I got #metoo'd for a private political conversation after hours (at a conference) about Donald Trump's Billy Bush comments with a female coworker. She decided that being offended constituted sexual harassment. I was immediately suspended (sent on a plane ride home from the conference) and fired the next day without so much as a conversation with me about my side. That's right. I was fired for sexual harassment because I said (privately after hours and as an answer to a question) that the Billy Bush comments don't prove Trump is a rapist. Men have every reason to be afraid of false sexual harassment allegations in the #metoo era. You need to get educated.

Re:Intel is not managed well, in my opinion.

[thegarbz]

Those skeletons are left to lay in their closets unless unless you extol the wrong politics or tick off the wrong person.

I don't agree with this completely. There have been plenty of examples where good people have been let go due to skeletons entirely because of fear of public opinion. The fact that workplace relationships at Intel are banned in the first place is a very crude example of this. It's excessive nonsensenical application of something that in some conditions goes against the social code (specifically power over others in a employer / employee relationship).

You don't need to piss off anyone for a SJW to go rambo on your arse.

Re:Intel is not managed well, in my opinion.

>The fact that workplace relationships at Intel are banned in the first place is a very crude example of this.

They are not banned. They are banned between a manager and someone underneath that manager in the management hierarchy. If you are CEO, everyone is underneath you in the management hierarchy.

Re: Intel is not managed well, in my opinion.

I call bullshit.

That's not correct HR procedure in any company over 20 employees.

If it did happen like that, in any size company, you'd have a strong case for wrongful dismissal.

So don't embellish a weak story to make it sound relevant, it doesn't help either side.

Re: Intel is not managed well, in my opinion.

That story is 100% how it happened. I can't afford to sue them.

hah

We are a giant corporation who will push against the will of the people

*corporation gets crushed*

Well fuck...

Guns don't kill people; holes kill people

[bussdriver]

Guns don't kill people; flesh displacement kills people.
Guns don't kill people; going into shock kills people.
Guns don't kill people; organ failure kills people.
Guns don't kill people; bleeding out kills people.

Re:Guns don't kill people; holes kill people

[cstacy]

Guns don't kill people; flesh displacement kills people.
Guns don't kill people; going into shock kills people.
Guns don't kill people; organ failure kills people.
Guns don't kill people; bleeding out kills people.

"And what makes that cop's gun so cool? PHYSICS! Kinetic energy generates the velocity with which the bullet exits the barrel, while the ballistics coefficient and sectional density determine the damage to its targets! Guns don't kill people, PHYSICS kills people!" ---Prof. Dick Solomon

Judge Laughs

[bill_mcgonigle]

So Intel is saying if you want to benchmark to decide if you want to join the class action, you can't provide a detailed reason that you're joining the class? Lawsuits are a matter of public record - a judge is going to laugh at that kind of restriction. How does Intel expect it's going to enforce this?

Let's see a million people tweet their slowdown measurements and then it'll be Intel Legal's move. Somebody come up with the hashtag.

Re:Judge Laughs

#sluginside

Re:Judge Laughs

Another issue is that something is seriously wrong with our legal system if a click-through license change can remove rights and be enforceable without providing any consideration or at least an offer of a full refund. The patch itself shouldn't be considered sufficient, it's basically the equivalent of an automotive recall for defective parts, and for the similar reasons we don't want there to be obstacles from people taking them.

Re:Judge Laughs

How? Arbitration comes to mind....
Did YOU read you're the entire T&S when purchasing that Intel processor of yours?!?

/ yes yes... you may not actually own an Intel proc.

Re:Judge Laughs

How does Intel expect it's going to enforce this?

Clearly Intel is having a benchmark meltdown.

Re:Judge Laughs

[Dragonslicer]

So Intel is saying if you want to benchmark to decide if you want to join the class action, you can't provide a detailed reason that you're joining the class? Lawsuits are a matter of public record - a judge is going to laugh at that kind of restriction. How does Intel expect it's going to enforce this?

In general, if you need to provide to the court some document or information that should not be revealed to the public, it would be filed under seal. That isn't to say that a judge wouldn't (or shouldn't) laugh at Intel for this, I'm just pointing out that it isn't an impossible situation.

Re:Judge Laughs

here is a start:
spectre after
slow embargo
meltdown slowdown
benchmicrocode

Re:Judge Laughs

[dddux]

"Somebody come up with the hashtag". #intelgate

and will intel force MS to trun this on in windows

[Joe_Dragon]

and will intel force MS to trun this on in windows even on AMD systems?

Not Legal

[SirAstral]

You can ignore stupid shit like this. Intel can sue for you for looking cross eyed if they wanted to. It does not mean that they will win even if you lose everything defending yourself from it.

No company can legally require a person this kind of performative obedience under any circumstance as a sold product like this. Additionally, there have already been cases where judges have rendered TOS/EULA agreements as total bullshit and unenforceable. Especially after a sale has already been completed, just look at the Sony Linux feature removal class action on the PS3 that cost them millions.

That said, it could still be a nightmare to deal with but that is the nature of SLAP lawsuits to begin with. The intention is not to win, but to financially drain you into a loss or to scare people... mainly the websites publishing benchmark data.

One wrong move by Intel and they will be facing the same kind of fucking class action lawsuit themselves. Everyone should slap so many fucking benchmarks online that intels heads spin!

Re:Not Legal

[cstacy]

No company can legally require a person this kind of performative obedience under any circumstance as a sold product like this.

Of course a company can enter into a contract with you that says you can't publish performance specs for their product. So I am going to assume that you mean to say that it's about a product they PREVIOUSLY sold you. The thing is, Intel did NOT previously sell you this microcode update.

The contract is that Intel will provide you this new microcode update, which is software, but that your license to use it will be restricted. (Specifically that you can't run this software on a computer for the purpose of benchmarking it, and that you won't publish such a benchmark.)

I don't see any legal problem with that contract.

It doesn't make Intel look good, but if you don't like the deal, then don't install the software.

Additionally, there have already been cases where judges have rendered TOS/EULA agreements as total bullshit and unenforceable.

If you cannot read the "By downloading, you agree..." license terms BEFORE downloading, then you have a shrink-wrap license problem. (By the way, shrink-wrap licenses are still upheld in some states such as Maryland and Virginia.) Even if there's a shrink-wrap issue, though, it is fairly obvious that INSTALLING the software after downloading and reading the accompanying license would constitute agreement to the terms.

Especially after a sale has already been completed, just look at the Sony Linux feature removal class action on the PS3 that cost them millions

That case was different than this. In the PS3 case, Sony removed access to their online gaming network, thereby crippling the box. Here, Intel is not removing access to anything: if you don't like the terms, then don't install the microcode update, and your computer will continue to function exactly as it did before, with all the same capabilities (and bugs) intact. Which is the point.

I expect the benchmarks will be out soon and all over the place, published in ways that make it impossible to figure out who to sue. Then, these benchmarks will be reported all over the place by people who never downloaded or installed or agreed to any of the license terms, and in fact did not perform any benchmarking themselves. Just published some results from some other shadowy people who cannot be sued.

Re: Not Legal

its an under warranty fix for previously sold product.

(or rather, for benchmarking tool, the article is slightly incorrect)

Re:Not Legal

A company can't impose additional legal terms with a fix to a sold product.

If Toyota had a recall for faulty brake lines and demanded that anyone accepting the fix must agree to never inspect, allow someone else to inspect, or publish results of inspecting the brake lines any judge would laugh while quashing.

Re: Not Legal

[cstacy]

its an under warranty fix for previously sold product.

Yeah, except that you're just TOTALLY MAKING THAT UP !

Re:Not Legal

[cstacy]

A company can't impose additional legal terms with a fix to a sold product.

This Intel "fix" has nothing to do with any kind of "warranty" or "recall" or anything like that, and it's totally optional for you. You just don't like that fact, is all.

Not that this makes Intel less slimy, but your "legal" reasoning is just based on ignorance and imagination.

Re:Not Legal

However, the argument could be made that the product was inherently defective at the time of sale. The fix is just a patch to bring it up to the level it was already expected to be. By changing the terms with the microcode update, they are effectively offering a choice - accept our defective product or install crippling software to make it "safe". Oh, and shut up about it, so nobody knows just how bad it is.

The lawyers will pounce on this in 3...

Re:Not Legal

Step 1: Sell broken hardware
Step 2: Release patches with EULA that requires customers to sell their souls
Step 3: ???
Step 4: Profit!

Re:Not Legal

[SirAstral]

"That case was different than this."

Nope, like all case law, it depends on your argument.

When intel sold their product they agree to certain legal obligations. They cannot alter those legal obligation with a TOS/EULA. Sure it does not stop them from trying but no judge is going to uphold a contract that states you have no 1st Amendment rights after buying our CPU on a PUBLICLY SOLD product. They might have a case if they sold their product exclusively where they can control the purchase start to back. And this does not even get into 2nd hand items.

Intel cannot shirk it's legal warranty requirements in this fashion and they certainly cannot place a moratorium on public data about a publicly sold product expost facto to its sale.

Just a new lawyer, nothing to see here, move along

Apparently Intel just hired a new lawyer, and he was doing his best to show how productive he was even before receiving the mandatory corporate legal training.

Don't worry, the boys are on their way to his office now with Intel-inside baseball bats. The next bunch of legalese won't be so suicidally dysfunctional.

where are the Ryzen/TR IPMI boards? epyc is overki

[Joe_Dragon]

where are the Ryzen/TR IPMI boards? epyc is overkill for some workloads.

Illegal in the EU.

Yeah, that license is invalid in the EU. They have to check first, and have proof that you agreed, before they send you the files. If they do it without, they just did it without attaching any conditions. So do whatever you like. (As if they could stop you, in any case... lol)

Debian isn't Linux anymore.

They stopped being Linux, when they adopted systemd.
They are a PoetteringOS distribution now. Which just temporarily uses the Linux kernel for the transition phase, until systemd gets its kernel component.

Re:Debian isn't Linux anymore.

This.

systemd is all about control.

Could be a mistake

[viperidaenz]

The license also mentions NDA's and Pre-Release agreements

Looks like license they would include with pre-release/beta software.

7. CONFIDENTIALITY. The terms and conditions of this Agreement, exchanged
confidential information, as well as the Software are subject to the terms and
conditions of the Non-Disclosure Agreement(s) or Intel Pre-Release Loan
Agreement(s) (referred to herein collectively or individually as "NDA") entered
into by and in force between Intel and You, and in any case no less
confidentiality protection than You apply to Your information of similar
sensitivity. If You would like to have a contractor perform work on Your behalf
that requires any access to or use of Software, You must obtain a written
confidentiality agreement from the contractor which contains terms and
conditions with respect to access to or use of Software no less restrictive
than those set forth in this Agreement, excluding any distribution rights and
use for any other purpose, and You will remain fully liable to Intel for the
actions and inactions of those contractors. You may not use Intel's name in any
publications, advertisements, or other announcements without Intel's prior
written consent.

Re:Could be a mistake

[jrumney]

I thought the following terms from TFS were a bit off for a production release.

You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; ... (iii) use or make the Software available for the use or benefit of third parties;

Never mind the benchmark clause, there is no way I would expect Debian, Microsoft, or anyone else to start shipping code that has those clauses in the license terms.

Re:and will intel force MS to trun this on in wind

[viperidaenz]

How would you run Intel microcode on an AMD CPU?

Re:and will intel force MS to trun this on in wind

[Joe_Dragon]

may not that but the other non microcode Intel fixes.

so run SUSE, Arch, and Red Hat and lose the right

[Joe_Dragon]

so run SUSE, Arch, and Red Hat and lose the right to bench your own systems?
I don't think that yum update can show an EULA or even an YUM update -y && reboot can stop and force you to read it.

Intel can say you are not our customer call your d

[Joe_Dragon]

Intel can say you are not our customer call your dealer / distributor for an refund.

well When you started your car you said yes to eul

[Joe_Dragon]

well When you started your car you said yes to the new eula. Don't like it you can trade your car in (no full refund)

we can file an copyright claim / dmca takedown

[Joe_Dragon]

we can file an copyright claim / dmca take down or even an press theft changes some of our cpus are over $1K-5K each so that is grand larceny.

Now an real lawyer can kill that BS but some small guys may just back down vs $$$ to defending them form the big boys at intel.

is just for places like Puget Systems / LinusTechT

[Joe_Dragon]

is just for places like Puget Systems / LinusTechTips / etc that if you bench it then you get cut off them from free parts / Engineering Samples? But they some how copied the that EULA into the update one?

Whoops

[Tough+Love]

Whoops, this is basically an ad for Ryzen.

It is over 25% slower than before

This is bad. According to my experience, it is over 25% slower than before the fix.

Me too, lol.

[Grog6]

n/t.

Is Microsoft Bound by the Same Terms?

[jaa101]

How can Microsoft deploy this microcode to customers without banning benchmarking under Windows? Are they just betting Intel isn't going to sue them?

Slows down my system over 25%

This is bad. My system seems to be over 25% slower. This kind of huge performance hit is unacceptable.

Simple - Can't run == FAIL

[technosaurus]

Since you cannot run the benchmark (in this case due to legal restrictions) just write FAIL* next to it. Then put the actual values for AMD, VIA and DMP CPUs. Once a few dozen articles get published where even DMP beats Intel's most expensive chips, they will wake up.

* FAIL means that the chip was unable to complete the benchmark due to faulty engineering or legal restrictions.

Re:Simple - Can't run == FAIL

[jittles]

Since you cannot run the benchmark (in this case due to legal restrictions) just write FAIL* next to it. Then put the actual values for AMD, VIA and DMP CPUs. Once a few dozen articles get published where even DMP beats Intel's most expensive chips, they will wake up. * FAIL means that the chip was unable to complete the benchmark due to faulty engineering or legal restrictions.

The license does not say you cannot run benchmarks. It says that the OS vendors cannot publish benchmarks. Period. Other people can benchmark and publish. The OS vendor can benchmark and decide whether or not to even accept the update, as Debian has done. I don't think it's right. Intel should not try to restrict this. They should request that the OS vendors publish a caveat that performance degradation depends on the way the system is being used and leave it at that. This was pretty stupid. But you are making sound worse than it actually is.

Returning my Laptop to the store for a refund

Some countries have decent consumer law - like NZ. Statutory Refund.
As I cant get a unqualified security fix, I will just return it. Dell, Acer and Leveno and others will be very unhappy if it becomes a tide.
They have been very quiet on Mobile Phone ARM chips, but as independent apps are released, there will be returns.

Re:Returning my Laptop to the store for a refund

I don't believe that's going to happen. Dealing with it involves being without a computer for a time, and people need to get sh*t done (I, for one, cannot afford being without computer for work reasons). Now, a different matter is when it comes to upgrade equipment. I can certainly say my next computer will not have be Intel.

Dear unfree communist China

Pleas post these benchmarks. Thank you, the US.

Both would be null and void in EU

Meaning you cannot foist a license like that onto somebody, furthermore for academic research you are always allowed to do benchmark and no goddamn license can remove your basic right (such contract become null and void by law). So this is pretty much an american market only license.

Volkswagen...

Damn, if only VW would have done that, "You shall not measure how much crap our diesel produce" in the EULA of every car, no billion fine...

Something weird...

Maybe I don't understand correctly, but this section "You will not, and will not allow any third party to (i) USE, copy, distribute, sell or offer to sell the Software or associated documentation;..." doesn't prohibits the very use of software?

5-10% You wish it was that little.

For Intel to go all out like this, it is probably in the 20-30% range. And we now know that Intel put out CPUs knowingly with these flaws because they could top the performance charts. The reasons for picking an AMD for your next build are stacking up.

So if I am an IT service provider ...

[thempstead]

"(v) publish or provide any Software benchmark or comparison test results"

So if I am an IT services provider looking after systems for my Customers and need to patch this ... then the first thing they will ask is "what performance impact did your testing of the patch show?" ... which I can't now tell them as it would be providing them with comparison test results between a system before and after patching ...

Without providing this then they will not agree to the change being made ... which means the system will have to remain unpatched and vulnerable.

I wish I had mod points.

[Grog6]

This really fits with the Manifort/Cohen news, but it's on point, nonetheless.

I wonder why the new /. owners haven't allowed a story on that? :)

Just use AMD

[ReneR]

it has better performance and price anyway: https://www.youtube.com/watch?...

Permanent fix of side channel vulnerabilities

Side channel attacks are inherently benchmarking attacks (in particular, the spectre attacks check how far speculative execution is getting for carefully selected workloads), and benchmarking is no longer allowed.

Problem solved.

Hooray.

Soon to be found in hardware magazines

[Opportunist]

"We are not allowed to provide any benchmark results, but we can say that if you consider buying an Intel i9, we should maybe inform you that we have an Athlon that we don't need anymore and you might be interested."

"Hey, we need a licence on this thing"

Sounds like somebody stuck a file in there without actually talking to legal.

I've recently signed an NDA and I don't know why they wanted me to sign it, as what it covered was something I either didn't get into, or was too late to sign an NDA for (entering discussions to enter a joint something). Since it was a zero-value NDA, I didn't raise much stink and signed it.

When asked about the source of the NDA, the office manager just said it's a template that's been in the company since before he joined and he has to give it to people to sign.

That was the straw?

... because all those other terms are completely reasonable for an open-source project to agree to?!

BogoMIPS

[zmooc]

So did the Linux distro's that did accept this license modify their kernel to disable the BogoMIPS feature?

Phoronix

[Meneth]

Phoronix seems to have disregarded that part and published some benchmarks anyway. https://www.phoronix.com/scan....

Re:Phoronix

[jittles]

Phoronix seems to have disregarded that part and published some benchmarks anyway. https://www.phoronix.com/scan....

Read the license. It does not restrict the publication of benchmarks. It restricts the OS vendors from publishing benchmarks directly. Not cool on Intel's part. But no where does the license prevent anyone from running benchmarks. That would be impossible to control and completely impossible to enforce.

Re:Phoronix

did they apply the microcode or just the updated linux kernel patches?

Re: Phoronix

Those benchmarks only test different kernel patches, not the microcode update.

Eff Intel

Just to get my curse in. Next laptop will have an AMD proc. And screw corrupt sh***Y System76 while we're at it.

Benchmark with the 20180703 release

[tglx]

The 20180703 micro code release has the mitigations for a set of server class CPUs and comes with the old micro code license, which does not contain any of those restrictions. Also experimentation has shown, that the micro code variant for flushing L1D on VMENTER is not really much different slowdown wise from the software L1D flush mitigation which is used by the Linux kernel/KVM when the magic new MSR is not available.

While Joe Desktop User does not worry much about the L1TF mess, he very much is interested in the other fixes and mitigations which come with those updates.

It's a sad state of affairs, that corporates seem to be able to screw their customers in any way they see fit. Seems to be a common scheme. Just look at the Diesel disaster where now the car owners are facing driving restrictions in certain cities because their cars do not comply to the emission standards.

Publish benchmarks anyways

When intel comes to sue you, counter-sue with a SLAPP suit. Refuse to settle.

Take them for a few billion.

What is happening at Intel? BAD management?

[Futurepower(R)]

Intel accused of age discrimination (May 28, 2018) Subtitle: "US federal investigators are looking into Intel's layoffs of 12,000 employees since 2016."

Judging from personal conversations with Intel employees and comments on web sites, Intel is badly managed:

Quote from thelayoff.com, Nov. 23, 2017:

"As a person who worked there several times as contract employee, which makes up most of the workforce. I have seen this happen many times, where older and higher paid blue badges get shown the door, and sometimes escorted out like criminals. This has created a paranoid environment among those who are left, so everyone starts back stabbing each other because they don't want to be the next one to be booted. And creates animosity to the contract workers who are treated like crap. So any workplace cohesion gets thrown out the window, because everyone is circling their prospective wagons."

Use a public blockchain register

Just put the benchmark results onto a public blockchain register. Works to prevent Chinese censorship. It will definitely help Intel to understand how wrong they are.

I wouldn't use any existing or currently holding keys for this.

just more unethical behavior from the powerful

funny how the poor have to play by the rules but the rich people can steal, lie and cheat and that's ok ... Intel, and other excessively large multinational corporations are clearly above the law and their behaviour is unethical, exploitive and often illegal. The system is corrupt and only comprehensive corporate reform will fix this. Corporations must not be used to evade responsibility for immoral actions by overly-affluent individuals.

Face facts, they, the upper class, have enslaved the middle and lower classes. If the people want real freedom, they'll need to stop economic slavery.

Re:just more unethical behavior from the powerful

You could at least finish with something about their backs being the first against the wall when the revolution comes...

Devil's Advocate

So now the marketers will disparage Debian by saying that they run insecure code that is subject to side channel attacks.

The correct way to handle security problems is to own up to the damage, publish mitigations, and make it possible for your customers to get along.

The moral high road is easy to preach when you have nothing to lose. But, it's another story when doing so will result in litigation that is likely to cost the company billions of dollars and may even sink the company.

I agree that the mitigation is largely unnecessary for most users. But, most distros are incorporating the fixes and Microsoft is too, slowing down everything. Even more so than usual.

This calls for the corporate death penalty

Execute the CEO and executives. Shut it all down. Euthanize the family of the subhuman who actually wrote that clause.

Can we get the benchmarks on wikileaks?

[InPursuitOfTruth]

They will probably sue wikileaks for publishing benchmarks now.

Sorry that happened. Working at 6PM is still worki

[raymorris]

I'm sorry that happened to you.

You mentioned "after hours" twice. Your story might be a reminder that if you're at a work conference with the team from work, don't do or say things that are Not Safe for Work. I have other friends, not co-workers, for NSFW discussions. If you're with co-workers, follow the guidelines you'd use for conversations with co-workers - no matter what time it is.

Ummmm.... yeah.

The Debian team's response here is appropriate. They should have also responded with a "Fuck you."

Re:I think you've misinterpreted the message...

niittyniemi railed:P

So Intel, as a condition of using your patch to fix the broken shit you sold us, you don't want us to use the patch to empirically determine just how broken your shit was, or else you'll sue us?

I've got the message loud and clear: you're crooked dirtbags.

Mmm ... no.

As another Anonymous Coward pointed out halfway up the page from here, the summary is (surprise!) poorly written. It leaves the reader with the impression that Intel is trying to use its EULA to suppress benchmark reviews of its microcode fixes for the latest set of predictive execution bugs. It's not.

What it IS doing is forbidding developers from sharing benchmark data about its own, proprietary microcode development tools, to whit:

“Development Tools” means the development, evaluation, production, or test tool software, and associated documentation or other collateral, identified in the “development_tools.txt” text files, if any, included in the Materials.

You're perfectly free to publish before-and-after benchmarks of the impact of Intel's current - and previous - microcode fixes on CPU performance to your geeky heart's content. You're simply forbidden from using the tools in Intel's own developer software (which you have to buy from Intel) to obtain the results you publish.

(And, of course, you're forbidden to give, resell, reverse engineer, or share the tools themselves, because they're commercial software, the redistribution terms of which are protected by international copyright law. Nota bene: the topic under discussion here is NOT international copyright law. Therefore, please confine any rants about the evils of copyright to your mother's basement.)

There are ZERO restrictions imposed by the license terms for Intel's own developer tools on the use of third-party test software to establish performance benchmarks and evaluations - and no trace of attempted prior restraint on publishing those results.

Once again, the problem is that The Guardian has conflated Intel-proprietary test software with the microcode fixes themselves, and has invented a scheme by Intel to suppress publication of all benchmarks, including those produced by third-party tools, because Richard Speed, its reporter, misunderstood the EULA about which the Debian people are complaining. And, unfortunately, Bruce failed to catch Speed's mistake before posting this story.

Early in this discussion, he mentions in a comment that he "screws up" as often as anybody else around here - and this is an exemplar of that.

I think Mr. Perens is a real asset to the Slashdot community. His comments are usually thoughtful, informed, and often well-documented. I admire the fact that, when he gets things wrong, unlike many users here, he swiftly and cheerfully admits his errors and disavows them.

Would that more of Slashdot's users had that kind of intellectual honesty ...

(Posting as AC only so as not to undo prior upmods in this thread.)

--

Check out my novel ...

for comfort

[micahraleigh]

Federal civil servants just doesn't feel comfortable letting the general population know how many CPU cycles they are, ahem, re-appropriating to their activities.

They are already uneasy about people finding out how much of their data and cell bills are getting eaten up by their activities.

It's been hard enough getting enough opposition research and unmasking all the GOP bad guys. It's not their fault they couldn't do their jobs properly and get Hillary in the white house.

And now they're losing their jobs because they couldn't get their candidate in? How disappointing that must be.

So think about the comfort of the federal people entrusted with making sure their people get elected and need to hide how much of our device resources they are using.

If you don't think about that ... how selfish are you ??

Looking forward to seeing the benchmarks.

Anybody who is not in a country that appreciates these limitations can still legally run benchmarks and publish them. I'm looking forward to seeing these metrics go public anyway.

SLAPP?

If Intel sued someone for violating these terms would SLAPP apply?

You are already breaking the terms!

If the license snipet in the summary is correct, it is worded such that you aren't even allowed to use the patch: "You...will not... use...the Software" :P

Intel is changing the license.

[aliquis]

And allowing benchmark again.
And chance it was an old beta license?

Pretty sure Intel, and other, were well aware

[w1zz4]

They probably just cut corners, just like the others, in order to be able to claim better performance and optimization...

I just think the threat is overblown

The media has so over blown this and the fixes be it firmware, OS updates, or microcode has manged to stay ahead of it with rather minimal affects on performance for most users. If we actually had more proof of attacks occurring in the wild and affecting systems. Then this would be news worthy, but so far its quiet and this only proves how difficult these hardware exploits are to achieve any sort of success.

Now updated

[velinion]

Seems someone in PR realized how bad this looked, as they've updated the license: https://01.org/mcu-path-licens...

How can they enforce that?

[ripvlan]

They build a general purpose CPU - and it is owned by the person who purchases it. How can this possibly be enforced? It feels like selling car, and stating that the new owner can't drag race and post the times.

Although I read it as distinct pieces. "You" won't provide documentation to others explaining how to look inside, and also won't provide benchmark software / results, nor documentation that uses these "Secrets" to benchmark.

but some random person off the street can certainly figure it out themselves. "You" can't use your insider knowledge to help them.

It's called a DeWitt clause

[dwheeler]

Contract clauses that forbid benchmark publication (unless the vendor likes them) are called DeWitt clauses. The clause was originally created to squelch database research being performed by Dr. David DeWitt. These should be illegal, but Oracle certainly rigorously enforces them. There was a law passed in 2016 that prevented similar problems for Yelp, but DeWitt clauses haven't been struck down yet (and should be). See my post, "The DeWitt clause’s censorship should be illegal" by David A. Wheeler (2017-06-25): https://www.dwheeler.com/essay...

Seems like it is now addressed based on feedback.

https://01.org/mcu-path-license-2018

Re:Sorry that happened. Working at 6PM is still wo

[Highdude702]

Man I'm glad I'm in construction. I would hate to have to watch my mouth at every turn and not be able to make crude jokes.