Slashdot Mirror
Intel's Reworked Microcode Security Fix License No Longer Prohibits Benchmarking (theregister.co.uk)
An anonymous reader quotes a report from The Register: Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors -- after the previous wording outlawed public benchmarking of the chips. The reason for Intel's insistence on a vow of silence is that -- even with the new microcode in place -- turning off hyper-threading is necessary to protect virtual machines from attack via Foreshadow -- and that move comes with a potential performance hit. Predictably, Intel's contractual omerta had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.
In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."
In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."
Slashdot may be a bully pulpit...
More accurately, TheReg was the bully pulpit, Slashdot was an amplifier.
When all you have is a hammer, every problem starts to look like a thumb.
> bully pulpit
Before anyone else gets their panties in a knot, that's a horrible coining by Theodore Roosevelt. I doubt most people know the difference between:
* bully, the adjective; which means "fine; excellent; very good."
* bully, the noun; which means "a blustering, quarrelsome, overbearing person"
Thank you! Obviously Debian and friends were after Intel before I saw that other Linux distributions had accepted the license and decided that the people needed some education on the topic. I can't say for sure that Intel wasn't already working on the improved license before I got involved.
This is still a proprietary software license, and it's unfortunate that if you want the security fixes you have to load a binary blob on your nice otherwise-100%-Free-Software system every time you boot it up.
If you'd like to help me do stuff like this, there's my brand-new Patreon site, follow me on Twitter and re-tweet me when I'm working on things like this, keep watching Perens.com and my submissions to Slashdot (which are often rejected).
Bruce Perens.