Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Thursday August 23 2018, @10:15PM   Printer-friendly [Skip to comment(s)]
from the ffs dept.

ZDNet:

Open-source champion Bruce Perens has called out Intel for adding a new restriction to its software license agreement along with its latest CPU security patches to prevent developers from publishing software benchmark results.

The new clause appears to be a move by Intel to legally gag developers from revealing performance degradation caused by its mitigations for Spectre and Foreshadow or 'L1 Terminal Fault' (L1FT) flaw speculative attacks.

"You will not, and will not allow any third party to ... publish or provide any software benchmark or comparison test results," Intel's new agreement states .

[...] Another section of the license blocking redistribution appears to have caused maintainers of Debian to withhold Intel's patch too , as reported by The Register.

[...] Updated 12:15pm ET, August 23 2018: An Intel spokesperson responded: "We are updating the license now to address this and will have a new version available soon. As an active member of the open-source community, we continue to welcome all feedback."


Original Submission

Related Stories

PortSmash: Hyper-Threading Flaw Affects Intel CPUs, Possibly Others 21 comments

Researchers Exploit Another Intel Hyper-Threading Flaw

Five academics from the Tampere University of Technology in Finland and Technical University of Havana, Cuba, have discovered yet another flaw in Intel's Hyper-Threading (HT) technology that attackers could use to steal users' encrypted data, as reported by ZDNet today.

Other CPUs that use Simultaneous Multithreading (SMT) technology may also be affected by the bug, but so far only Intel's HT has been confirmed as vulnerable. SMT and HT are technologies that allow two or multiple computing threads to be executed on the same CPU core. Intel enables two threads per physical core with its HT technology.

[...] The vulnerability, which the researchers nicknamed PortSmash, allows attackers to create a malicious process that can run alongside another legitimate process using HT's parallel thread running capabilities. This malicious process can then leak information about the legitimate process and allow the attacker to reconstruct the encrypted data processed inside the legitimate process.

The researchers also made available the proof of concept (PoC) for the attack, showing that it is indeed feasible and not just theoretical. This PoC can now also be re-purposed and modified by attackers to launch a real attack against owners of systems using Intel CPUs.

Also at Ars Technica and The Register.

Related: OpenBSD disables Intel's hyper-threading over CPU data leak fears
TLBleed Affects Intel Processors with Hyperthreading to Leak Encryption Keys, Non-Trivial to Exploit
OpenBSD Chief De Raadt Says No Easy Fix For New Intel CPU Bug
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by RS3 on Thursday August 23 2018, @10:25PM (15 children)

    by RS3 (6367) on Thursday August 23 2018, @10:25PM (#725436)

    So where is this valid? Where could Intel prosecute someone for publishing before and after benchmarks? I bet there are countries where Intel can't reach, and someone will publish results.

    The fact is, most of us know that performance will take a hit, and that's just the way it is. We have the option of not applying the microcode patches and being vulnerable. And for many of us, Intel has said they will never patch our CPUs.

    • (Score: -1, Offtopic) by Anonymous Coward on Thursday August 23 2018, @10:35PM (9 children)

      by Anonymous Coward on Thursday August 23 2018, @10:35PM (#725442)

      its called contract law. Yes, they can sue. Yes they can win.

      • (Score: 2, Insightful) by Anonymous Coward on Thursday August 23 2018, @10:49PM

        by Anonymous Coward on Thursday August 23 2018, @10:49PM (#725452)

        No, violation of license conditions and a license is not a contract. I'm not sure they could win a lawsuit as the terms are onerous, being unilaterally imposed after sale to fix a product defect.

      • (Score: 5, Interesting) by bzipitidoo on Thursday August 23 2018, @10:57PM (7 children)

        by bzipitidoo (4388) on Thursday August 23 2018, @10:57PM (#725455) Journal

        They can lose too. Contract law is not an absolute and cannot trump other laws. People cannot be held to a contract that enslaves them, forces them to break other laws, or recklessly endangers others. People also cannot always be held to NDAs and non-compete agreements.

        But this one was lost in the court of public opinion before Intel even thought of trying it. It was a stupid move, and they should have known better. The powerful have to be repeatedly reminded that they are not above the law or the people. Wonder which moron thought this attempt at censorship was a good idea? The CEO?

        • (Score: 1, Interesting) by Ethanol-fueled on Thursday August 23 2018, @11:35PM (6 children)

          by Ethanol-fueled (2792) on Thursday August 23 2018, @11:35PM (#725470) Homepage

          Can't somebody just publish an anonymous article (with easily repeatable results) and then have a trusted buddy in the tech journalism industry publish it? Intel's Jewish lawyers probably thought of that one, too, but maybe not well enough to cover their asses from that extra abstraction-layer.

          • (Score: 2) by bzipitidoo on Friday August 24 2018, @12:22AM (5 children)

            by bzipitidoo (4388) on Friday August 24 2018, @12:22AM (#725489) Journal

            Sounds like Intel's lawyers did think of that: "You ... will not allow any third party..."

            But I expect a contract agreement can't oblige one of the parties to become a vigilante. Does Intel seriously expect recipients of their patches to monitor and restrain thousands of users? Did they even think about what they were asking of Linux distro maintainers?

            • (Score: 2) by Runaway1956 on Friday August 24 2018, @01:10AM (4 children)

              by Runaway1956 (2926) Subscriber Badge on Friday August 24 2018, @01:10AM (#725511) Homepage Journal

              As a Linux User, and part of the worldwide Linux Users Group, I don't exactly answer to anyone. Whatever I do, is not by "permission". Linus Torvalds does not "permit" me to do much of anything. I can run benchmarks all day long (or all month long) and publish the results wherever I wish. My readership base is just about nil now, but the Streisand effect would probably cause that to balloon in no time at all. And, I have never signed a contract with Intel or any other tech giant.

              In all of the world, is there not one single (already existing and circulated) tech publication with the freedom that I enjoy?

              --
              "I didn't lose to him!" - The Donald referring to Trippin' Joe
              • (Score: 0, Troll) by Ethanol-fueled on Friday August 24 2018, @01:56AM (1 child)

                by Ethanol-fueled (2792) on Friday August 24 2018, @01:56AM (#725536) Homepage

                It appears to me that you are all chickenshit bastards.

                • (Score: 3, Informative) by Runaway1956 on Friday August 24 2018, @02:11AM

                  by Runaway1956 (2926) Subscriber Badge on Friday August 24 2018, @02:11AM (#725549) Homepage Journal

                  You should stop looking at the world through your chickenshit colored glasses. Try those silly rose colored glasses. Lev Sheckelzoid recommends them!

                  --
                  "I didn't lose to him!" - The Donald referring to Trippin' Joe
              • (Score: 0) by Anonymous Coward on Friday August 24 2018, @05:52AM

                by Anonymous Coward on Friday August 24 2018, @05:52AM (#725653)

                What if you just find one of these computers with the patch at a garage sale or whatever?

              • (Score: 0) by Anonymous Coward on Friday August 24 2018, @10:33AM

                by Anonymous Coward on Friday August 24 2018, @10:33AM (#725730)

                As a Linux User, and part of the worldwide Linux Users Group, I don't exactly answer to anyone. Whatever I do, is not by "permission". Linus Torvalds does not "permit" me to do much of anything.

                You're quite wrong about that. Torvalds permits you to do pretty much: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/COPYING?h=v4.18 [kernel.org]

    • (Score: 5, Interesting) by TheGratefulNet on Friday August 24 2018, @12:58AM (4 children)

      by TheGratefulNet (659) on Friday August 24 2018, @12:58AM (#725503)

      sudo apt-get remove --purge intel-microcode

      fuck it, I'm outta here. I'll take NO microcode to the bullshit they are shoving our way.

      the fact that they gag us says it all. I don't need to see numbers. I'm done buying intel cpus at this point.

      its not just that they fucked up the silicon (and they have more people and money than they can count, so its NOT a resources issue!) - but they are actively hostile toward the userbase.

      fwiw, I used to actually work for intel. I used to like them. that is now all gone.

      all it takes to lose decades of repeat customers is one huge fuckup. welcome to that, intel. THIS is what is going to turn people off. not so much the si bugs, but its how you handle yourself. and this is what a total lack of grace looks like.

      pitiful. from a once world leader in tech, we get this.

      --
      "It is now safe to switch off your computer."
      • (Score: 1) by Ethanol-fueled on Friday August 24 2018, @01:57AM

        by Ethanol-fueled (2792) on Friday August 24 2018, @01:57AM (#725537) Homepage

        Too Late, buddy.

      • (Score: 2) by RS3 on Friday August 24 2018, @04:36AM (1 child)

        by RS3 (6367) on Friday August 24 2018, @04:36AM (#725615)

        I thought the microcode got loaded by BIOS (or EFI-BOOT) or by the kernel? [trundles off to check...] Yep, right there in kernel config. So just make your own kernel, or grab an older microcode and compile it into a newer kernel. May be easier said than done...

        • (Score: 0) by Anonymous Coward on Friday August 24 2018, @02:11PM

          by Anonymous Coward on Friday August 24 2018, @02:11PM (#725807)

          it's what I did to restore performance to a machine that infrequently touches the internet except for the occasional update.

          which of course reminded me to check the updates more thoroughly before applying them, after I was unhappy with the result.

          I had to get the microcode file from an old backup; I'd never even paid attention to the microcode file as applied by the OS prior to that. This also was before the whole spectre thing. something in the management engine was goofing up my overclocks..

      • (Score: 0) by Anonymous Coward on Monday August 27 2018, @09:12PM

        by Anonymous Coward on Monday August 27 2018, @09:12PM (#727133)

        Update 28 August: new intel-microkernel update arrived in my Mint 18.3.... the glacier moves noticeably faster after that. Even thumbnailing is back to almost pre-Intel-panic speeds, though apparently Ubuntu are ignoring a Gnome vulnerability "fix" on the thumbnailing... but do I trust Gnome devs (new "flat look", Gnome 3,..)

  • (Score: 1, Insightful) by Anonymous Coward on Thursday August 23 2018, @10:26PM (10 children)

    by Anonymous Coward on Thursday August 23 2018, @10:26PM (#725437)

    Same backdoors, but at least they don't try to stifle free speech and their CEO is quite likable.

    • (Score: 2, Funny) by Anonymous Coward on Thursday August 23 2018, @10:28PM (6 children)

      by Anonymous Coward on Thursday August 23 2018, @10:28PM (#725438)

      Typo in that last word. You are missing either "c" or "e".

      • (Score: 2, Funny) by Anonymous Coward on Thursday August 23 2018, @10:45PM (5 children)

        by Anonymous Coward on Thursday August 23 2018, @10:45PM (#725449)

        "Their CEO is quite clickable"?

        • (Score: 2) by requerdanos on Thursday August 23 2018, @11:03PM

          by requerdanos (5997) Subscriber Badge on Thursday August 23 2018, @11:03PM (#725458) Journal

          clickable

          clickable would remove the ambiguity, yes.

        • (Score: 1, Funny) by Anonymous Coward on Thursday August 23 2018, @11:05PM

          by Anonymous Coward on Thursday August 23 2018, @11:05PM (#725459)

          Puts a whole new spin to their backdoors.

        • (Score: 2, Insightful) by RS3 on Friday August 24 2018, @12:22AM

          by RS3 (6367) on Friday August 24 2018, @12:22AM (#725488)

          "Their CEO is quite clickable"?

          You put the "c" in the wrong place. He meant 'lickable'.

        • (Score: 2) by maxwell demon on Friday August 24 2018, @07:23AM (1 child)

          by maxwell demon (1608) on Friday August 24 2018, @07:23AM (#725681) Journal

          That would be two additional "c"s.

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 0) by Anonymous Coward on Sunday August 26 2018, @04:27AM

            by Anonymous Coward on Sunday August 26 2018, @04:27AM (#726446)

            You have violated the license by publishing a before and after "count of c" benchmark. Prepare for litigation.

    • (Score: 2) by takyon on Thursday August 23 2018, @10:46PM (1 child)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday August 23 2018, @10:46PM (#725450) Journal

      Same backdoors, but at least

      I prefer AMD too, but this just sounds pathetic.

      When AMD ditches the backdoor(s) (that you know about), then you can have some pride in your choice.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by requerdanos on Thursday August 23 2018, @11:07PM

        by requerdanos (5997) Subscriber Badge on Thursday August 23 2018, @11:07PM (#725462) Journal

        When AMD ditches the backdoor(s) (that you know about)...

        And that's an inspired consideration there. You know what AMD wants to be able to do and get away with, because they are doing it and pretty much getting away with it.

        Even if the tide turns and they have to backpedal and at least make the rootkit-backdoor system an optional/extra, how could you trust them when they say "Sure, all of our chips had backdoor rootkits before, but now, *this one* totally doesn't."

    • (Score: 1, Insightful) by Anonymous Coward on Friday August 24 2018, @12:02AM

      by Anonymous Coward on Friday August 24 2018, @12:02AM (#725484)

      Sadly I cannot unsolder the i7 my high-end "gaming" laptop came with and solder in a Ryzen. I might if I had the option, but cannot be. Intel might gag the distros, but not the users...
      So far, my own experience with several machines, 3 or 4 i5-based an i-3 and two i7 machines is this: boot times are much. much slower. What was well under 20s is now around 40s. Application startup times are glacial. It sued to be when opening Inkscape, GiMP or Libre Writer that you would have the window appear within 3 seconds and fully up in the next 3 seconds (Libre maybe 7 seconds). Since the kernel has started to duck around the Intel defects .... well: nothing happens for about 8 seconds. Then the taskbar twitches and another 4 seconds late the app starts to reserve a window on the desktop. You watch in slow motion as the shaded border appears, then a blank panel, then the rest of the application elements grow into place. The i7's have a 40% edge in performance over say the i3. Working on the i3 is like Windows 3.11 over a Novell network. Nah, I lie - it is faster than that, but I have far more time to make and drink coffee than before.
      Bottom line - Intel should be facing a worldwide class action to REPLACE every single chip AT THEIR COST.

  • (Score: 4, Touché) by Anonymous Coward on Thursday August 23 2018, @11:09PM (4 children)

    by Anonymous Coward on Thursday August 23 2018, @11:09PM (#725463)

    Intel... responded... "As an active member of the open-source community, we continue to welcome all feedback."

    "Welcoming feedback" doesn't make you a useful member of the community.

    "Not being a dick" makes you a useful community member.

    Please adjust appropriately.

    • (Score: 2) by Runaway1956 on Friday August 24 2018, @01:17AM (3 children)

      by Runaway1956 (2926) Subscriber Badge on Friday August 24 2018, @01:17AM (#725515) Homepage Journal

      There is little to nothing that is "open source" about Intel. To them, minimal cooperation with open source seems to be good for business. At such time that they might determine that open source costs more than it is worth, they'll ditch open source.

      --
      "I didn't lose to him!" - The Donald referring to Trippin' Joe
      • (Score: 3, Informative) by TheGratefulNet on Friday August 24 2018, @01:43AM (2 children)

        by TheGratefulNet (659) on Friday August 24 2018, @01:43AM (#725523)

        their network cards (still among the best if not the best) are fully open. no binary blogs and I don't remember there ever being any.

        their i3/5/7 graphics are open. the video from the old atom series was not open, but the i-series is. nvidia is the closed one, in video space.

        they release specs on their chipsets, too, and I'd call that 'open'. (rasp pi, otoh, has so much that is not open, and yet a lot of people don't even realize that).

        --
        "It is now safe to switch off your computer."
        • (Score: 1, Informative) by Anonymous Coward on Friday August 24 2018, @04:50AM (1 child)

          by Anonymous Coward on Friday August 24 2018, @04:50AM (#725622)

          their network cards (still among the best if not the best) are fully open. no binary blogs and I don't remember there ever being any.

          Actually, Intel requires non-free firmware [debian.org] in order for their wireless adapters to function. Qualcomm Atheros released libre firmware [debian.org] for some of its wireless adapters.

          • (Score: 0) by Anonymous Coward on Friday August 24 2018, @05:44PM

            by Anonymous Coward on Friday August 24 2018, @05:44PM (#725931)

            noone in the whole world means wireless anything when they say "network cards". i said, goddamn! goddamn the pusher man!

  • (Score: 2) by axsdenied on Friday August 24 2018, @07:17AM (1 child)

    by axsdenied (384) on Friday August 24 2018, @07:17AM (#725677)

    Are any benchmarks showing the performance hit out yet?

    • (Score: 0) by Anonymous Coward on Friday August 24 2018, @02:58PM

      by Anonymous Coward on Friday August 24 2018, @02:58PM (#725834)

      I'd like to see the results of 'dmesg|grep -i bogo' before & after the patch. I trust that as much as any other benchmark.

  • (Score: 0) by Anonymous Coward on Friday August 24 2018, @08:45AM

    by Anonymous Coward on Friday August 24 2018, @08:45AM (#725705)

    - observed"

    Might that be because observation is prohibited? Joking aside they're just lying and apparently quite a lot.

    I think such a crazy gag says much more negative things about intel than any report of performance degradation. As long as my old computers keep working I will not buy new from these assholes. Perens is absolutely right here.

  • (Score: 2) by Bot on Friday August 24 2018, @08:50AM

    by Bot (3902) Subscriber Badge on Friday August 24 2018, @08:50AM (#725707) Journal

    - "hello sir, is this seat taken?"
    - "errr....i run oracle on wintel"
    - "oh, sorry i didn't meant to..."
    - "no offence taken"
    two armed police officers surround the guy and take him away just in case

    --
    Account abandoned.
  • (Score: 0) by Anonymous Coward on Friday August 24 2018, @12:48PM

    by Anonymous Coward on Friday August 24 2018, @12:48PM (#725770)

    Scene 0: Make a product, ship a billion, then have the world find out they have a wee problem.

    Scene 1: Get the lawyers to prevent benchmark publication. Amounts to Intel themselves publicizing that the benchmark results are as bad as he who must not be named. This is probably worse that the actual results.

    Scene 2: Busted, now it's ok to publish. Except now they will come out with a big spotlight shining on them.

    Scene 3?: Perhaps Intel will do what they should have in the beginning. That is publish their own benchmarks showing the mods in their best light. (Any odds on this except messed up by showing results that can't be duplicated?)

    Grab the popcorn and stay tuned. Except that the world depends on this stuff to work, this is a great show.

(1)