Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intel's Reworked Microcode Security Fix License No Longer Prohibits Benchmarking (theregister.co.uk)

Posted by BeauHD on from the mission-accomplished dept.

An anonymous reader quotes a report from The Register: Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors -- after the previous wording outlawed public benchmarking of the chips. The reason for Intel's insistence on a vow of silence is that -- even with the new microcode in place -- turning off hyper-threading is necessary to protect virtual machines from attack via Foreshadow -- and that move comes with a potential performance hit. Predictably, Intel's contractual omerta had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.

In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."

20 of 76 comments (clear)

  1. Thanks slashdot by hcs_$reboot · · Score: 2

    The power of the media.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  2. Thanks, Bruce by Anonymous Coward · · Score: 5, Insightful

    Slashdot may be a bully pulpit, but Bruce Perens desrves the credit.

    1. Re:Thanks, Bruce by Tough+Love · · Score: 2

      Slashdot may be a bully pulpit, but Bruce Perens desrves the credit.

      Seconded.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    2. Re:Thanks, Bruce by Tough+Love · · Score: 5, Informative

      Slashdot may be a bully pulpit...

      More accurately, TheReg was the bully pulpit, Slashdot was an amplifier.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    3. Re:Thanks, Bruce by UnknownSoldier · · Score: 3, Informative

      > bully pulpit

      Before anyone else gets their panties in a knot, that's a horrible coining by Theodore Roosevelt. I doubt most people know the difference between:

      * bully, the adjective; which means "fine; excellent; very good."
      * bully, the noun; which means "a blustering, quarrelsome, overbearing person"

    4. Re:Thanks, Bruce by Bruce+Perens · · Score: 4, Informative

      Thank you! Obviously Debian and friends were after Intel before I saw that other Linux distributions had accepted the license and decided that the people needed some education on the topic. I can't say for sure that Intel wasn't already working on the improved license before I got involved.

      This is still a proprietary software license, and it's unfortunate that if you want the security fixes you have to load a binary blob on your nice otherwise-100%-Free-Software system every time you boot it up.

      If you'd like to help me do stuff like this, there's my brand-new Patreon site, follow me on Twitter and re-tweet me when I'm working on things like this, keep watching Perens.com and my submissions to Slashdot (which are often rejected).

      --
      Bruce Perens.
  3. Bad for intel, good for AMD at least by Anonymous Coward · · Score: 4, Interesting

    If there's one silver lining to this shitstorm it's that AMD should continue to get more and more sales.
    I know my next upgrade is going to be a ryzen because of spectre/meltdown and also to spite intel for basically preventing >4 cores becoming mainstream. If they'd have worked on jamming more cores into affordable cpus maybe we'd be seeing far more heavily multithreaded games & programs.

    1. Re:Bad for intel, good for AMD at least by Tough+Love · · Score: 2

      It's good for Intel to be seen at work on the issue. Bad that it's basically impossible to fix in microcode without losing massive performance. Bad luck that the issue exists in the first place. Good for AMD as you say, but even without this AMD was already the sweet spot for me, and getting sweeter methinks.

      Intel needs to fix this at the transistor level, that will take months for the 14nm fabs and who knows how much additional delay it means for 10nm. Just copying AMD's design would likely hit a patent minefield. If I was Intel, at this point I would bury the hatchet and license at least part of AMD's speculative execution design. Given that Intel already hired Ryzen's lead architect, maybe that's exactly what is happening.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
  4. And now we see the true Intel by Anonymous Coward · · Score: 3, Insightful

    No faster than AMD's offerings, but at a 50% higher price. And they've been doing this for over a decade, knowingly putting out flawed CPUs just to beat the performance charts.

    You like that Intel Inside bragging right? Open up your wallet then, the lying cheating fuckers at Intel would like to take as much as you're willing to give.

    1. Re:And now we see the true Intel by Tough+Love · · Score: 3, Insightful

      they've been doing this for over a decade, knowingly putting out flawed CPUs just to beat the performance charts.

      Intel has done many slimy things, but I don't think that is one of them. Putting out flawed CPUs, yes, but knowingly... I doubt it. AMD was lucky on this one, or maybe somebody at AMD actually did realize the security ramifications of the interaction between speculative execution and protection levels. If so then they richy deserve bragging rights, I would really enjoy hearing the details whole story. But I doubt it happened.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
  5. How to avoid future licensing issues: by Gravis+Zero · · Score: 3, Insightful

    Only buy AMD.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:How to avoid future licensing issues: by Gravis+Zero · · Score: 2

      Intel has a long history of shady and illegal business practices. AMD is a far better bet than Intel will ever be.

      --
      Anons need not reply. Questions end with a question mark.
  6. Accomplishing just the opposite by alvinrod · · Score: 5, Insightful

    This was utterly stupid of them. They had to know that this would only draw more attention to the fact and they had to know that they couldn't prohibit benchmarking. That simply wasn't going to happen. And now that they've had to retract this idiotic policy, they've practically ensured that every tech site is going to do loads of benchmarking when they might not have otherwise been interested (there were a few when Meltdown and Spectre first came out, but I haven't seen a lot of benchmarks for the newer varients), but because Intel turned this into a big story, now everyone is going to want to do benchmarks to ride the renewed wave of interest.

    This was like getting pulled over by a cop and shouting, "Nothing suspicious in the trunk!" before the cop has even had a chance to ask for your license and registration.

    1. Re:Accomplishing just the opposite by Tough+Love · · Score: 2

      This was utterly stupid of them

      It was a stupid mistake, yes, but it was smart to fix it as quickly as possible. I can't say I don't enjoy seeing their legal beagles squirm a bit. Lawyers always think they know how to run the tech industry and they are always wrong.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    2. Re:Accomplishing just the opposite by AHuxley · · Score: 2

      When the wider public is not allowed to talk about a product and its performance thats not a "mistake".

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Accomplishing just the opposite by jezwel · · Score: 2

      Zero people will benchmarking these firmware updates that were not already planning on it. The performance degradations were entirely anticipated, given turning off HT is part of the solution.

      Wrong. Our hardware evaluation team are now interested in benchmarking as Intel made too big a deal out of this.

  7. Seriously? by franzrogar · · Score: 5, Insightful

    On a binary blob, closed source, forbidden to decompile, study or whatever they wrote this: "As an active member of the open source community"?

    Shame on them!

  8. How stupid can you be? by Opportunist · · Score: 3, Interesting

    Intel, I have no idea what bozo is responsible for this, but please do yourself and the world a favor and fire him. Out of a cannon. What this idiot managed to do with the "must not benchmark" bullshit was that everyone wants the benchmark results.

    This stupidity now makes sure that everyone can get them legally, too.

    Unless this microcode patch actually causes no performance hit, which would make it a great PR stunt, but is very unlikely considering what we've seen so far, this is about the worst kind of PR disaster you could possibly have gotten into.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Buy a different CPU by AHuxley · · Score: 2

    When a company does not want people looking into its products and talking about its products?
    Its time to find a new company with better products they allow full and open discussion of.

    --
    Domestic spying is now "Benign Information Gathering"
  10. Re:See? by Anonymous Coward · · Score: 2, Insightful

    Where did you get "dumb fucking lawyer" part? Nothing in Intel's response indicates there was any error: "we have simplified the Intel license to make it easier to distribute CPU microcode updates".

    They corrected it after it become news and topic of embarrassing public discussion. What other choice did they have?