
Intel Publishes Microcode Patches, No Benchmarking or Comparison Allowed - jeswin
https://perens.com/2018/08/22/new-intel-microcode-license-restriction-is-not-acceptable/
======
headmelted
Before Zen, we all kind of assumed they were so far ahead that AMD were more
likely to be out of business before they would ever be a credible threat
again.

I actually thought Intel must have had some tricks up their sleeves in terms
of performance gains that we hadn't seen yet, simply because there was no
market need to roll them out and they had so many years of coasting on
marginal gains.

Seeing them taking this stance looks a lot like the microcode hit _is_ that
bad, and that the emperor has no clothes.

Clearly, they don't have an answer to AMD at all. If this is true, their
shareholders should be asking serious questions about why they've nothing
significant to show for all that time and money spent when they were raking it
in without a serious competitor.

~~~
ksec
>Before Zen, we all kind of assumed they were so far ahead that AMD were more
likely to be out of business before they would ever be a credible threat
again.

It depends where about on the timeline. AMD's hired of Lisa Su and Jim Keller
in 2012, we all thought it was too little too late. Look back at the Roadmap
Intel were giving at the time, I used to joke about Tick Tock were like the
sound of AMD's death clock. In 2012 we were looking at 10nm in 2016, 7nm in
2018, and 5nm in 2020. We just had Sandy Bridge, but that was the last big IPC
improvement we have had.

Fast forward to 2018 / 2019, No 10nm, and I would have been happy if they were
selling me 14nm++++++ Quad Core Sandy Bridge. Broadwell and Skylake brings
nothing much substantial. Intel were suppose to break the ARM Mobile Market
with tour de force, and that didn't happen.

We all assumed Intel had many other tricks up its sleeves, new uArch or 10nm
waiting in the wings when things are needed. Turns out they have nothing. Why
did they buy McAfee?( Which has been sold off already ) And Infineon? Nearly
eight years after the acquisition they are just about to ship their first
Mobile Baseband made by their own Fabs, Eight Years! What an achievement!
Nearly three years after their acquisition of Altera, which itself has been
previously working with Intel Custom Fab before that. What do they have to
show?

During that time, the Smartphone revolution scale has helped Pure Play Fab
like TSMC to made enough profits and fund their R&D rivalling Intel. And in a
few more weeks time we will have an TSMC / Apple 7nm node shipping in millions
of units per week. In terms of HVM and leading node, making TSMC over taking
Intel for the first time in history. AMD has been executing well following
their Roadmap, and Lisa Su did not disappoint. Nothing on those slides were
marketing speaks or tricks that Intel used. No over hyped performance
improvement, but promise of incremental progress. She reminds me of Pat
Gelsinger from Intel, Down to Earth, and telling the truth.

Judging from the Results though, AMD aren't making enough of dent in OEM and
enterprise. Well I guess if you are not buying those CPU with your own money,
why would you not buy Intel? The consumer market and Small Web Hosting market
though seems to be doing better, where the owners are paying. I hope Zen 2
will make enough improvement and change those people's mind, better IPC,
better memory controller.

If you loathe Intel after all the lies they have been telling and marketing
speaks, you should buy AMD.

If you love Intel still after all, you should still buy AMD, teach them a
painful lesson to wake them up.

~~~
johnchristopher
> If you loathe Intel after all the lies they have been telling and marketing
> speaks, you should buy AMD.

> If you love Intel still after all, you should still buy AMD, teach them a
> painful lesson to wake them up.

But how do I choose which AMD CPU I need ? Back in my youth p4 and athlon were
easy to compare (freq., IPS and a modifier because AMD) but now I can't even
tell the differences between any i5/3/7 and when I look at AMD names it's as
confusing but with a different lingo. I feel the same regarding GPU so maybe I
am too old for that now.

~~~
onli
The right answer to this is to look into benchmarks. It now works again to
compare Intel and AMD clocks, but only of the current generation, and then
there is core count and motherboard prices to consider, so on.

A project of mine is a hardware recommender, it also includes a meta-
benchmark. I collect published benchmarks and build a globally sorted order of
processors out of it. [https://www.pc-
kombo.com/benchmark/games/cpu](https://www.pc-kombo.com/benchmark/games/cpu)
for games, [https://www.pc-kombo.com/benchmark/apps/cpu](https://www.pc-
kombo.com/benchmark/apps/cpu) for application workloads (that one still misses
a bit of work, the gaming benchmark is better). Legacy processors are greyed
out, so this might be a good starting point for you. There is also a benchmark
for gpus.

For most people this processor choice is also very easy, it is "Get a Ryzen 5
2600 or an Intel Core i5-8400."

Feel free to ask if you want some custom recommendations, email is in profile
:)

~~~
newman314
Can you add the ability to sort based on price/perf?

Also, the existing bar graph is unclear to me. What does 10/10 mean?

~~~
onli
10 is just the fastest. Because it is a meta-benchmark, this rating is not
necessarily relative performance, it is based on the position in the ordering.
The achieved average FPS is just a factor in that, used to make the distance
bigger to indicate performance jumps.

Example, fictional values: The 8700K is the fastest, because it was most often
seen as the benchmark leader. It gets a 10. The 8600K has almost the same FPS,
but it was always a bit slower, it gets a 9.9. The i5-8500 comes next, but its
average FPS scaled to the 0-10 scale is lower, it gets a 8.7. Then the
i5-8400, always seen as slower than the 8500 in benchmarks, would at most be
able to get a 8.6, no matter what the average FPS says (with enough benchmarks
average FPS become an almost meaningless metric, it's the position in the
benchmark that counts).

That's why it is not possible to calculate price/performance with this. I
could only highlight good deals, processors that have a high position despite
being cheaper than the processors below. Which is of course already baked into
the logic of the recommender.

------
bluecalm
Here is one thing we can do about it: make public service announcement to our
users that we no longer recommend Intel CPUs because of security holes,
censorship and crippled performance.

I am going to do that today. While we only have several thousand users they do
CPU intensive work, buy a lot of new CPUs and rent a lot of servers. My small
contribution will likely amount to low-mid 6 figures out of Intel pocket in
coming 2-3 years.

Please consider such announcement if you could do some damage as well.

~~~
eps
This amounts to little more than making a statement _at the expense of your
users._

It would've carried that much more weight if it were _your_ low-mid 6 figures
that were redirected away from Intel.

~~~
Jonnax
Intel isn't really that much far ahead to say that users are going to be
negatively affected.

~~~
bluecalm
Intel is actually behind in performance/price ration by a wide margin at least
on workloads which can make use of many cores. The margin is likely getting
bigger after the latest patches.

------
amluto
I can think of two theories:

1\. It's a mistake. Someone in legal got carried away.

2\. The performance of the L1TF mitigation is so awful that someone at Intel
thought it would be a good idea to try to keep the performance secret.

(Which leads to option 2b. The performance of the L1TF mitigation is so awful
that somemone at Intel is afraid that Intel could be sued as a result, and
they want to mitigate _that_ risk.)

I would guess it's #1.

~~~
TheRealPomax
It works for Oracle (it is famously illegal to publish benchmarks of DB2 vs
other engines), I'm sure intel can make it work for them thanks to Oracle's
court case(s).

~~~
cm2187
But you can't buy an oracle license in a shop around the corner. It is going
to be hard for intel to enforce it.

~~~
laumars
Perhaps if Intel were to play honestly then you might have a point. However
there's certainly a few ways they could attempt to enforce it through slightly
underhanded, yet pretty typical practices for how many multi-nationals like to
operate in this day and age.

* cease and desist orders. They could probably argue improper use of trademark or something. And by "could" I don't mean "they have a legitimate legal case" but rather "a flimsy one but one that is still scary enough that few people might want to take the risk / expense testing the argument in court.

* many benchmarks are ran by reviewers who might have access components before they hit the shelves. It would be trivial for Intel to end that relationship. If it's suppliers further down the chain who are providing samples to journalists and reviewers then Intel might put pressure on those suppliers to end their relationships with said journalists. This might break a few anti-competition laws in the EU but it's not like that's ever stopped businesses in the past.

On a tangential rant: I think the real issue isn't so much whether it is
enforceable but rather the simple fact that companies are even allowed to
muddy the waters about what basic journalistic and/or consumer rights we have.
I'm getting rather fed up of some multi-nationals behaving like they're above
the law.

------
wolfgke
My thougt based on the HN headline "Intel Publishes Microcode Patches, No
Benchmarking or Comparison Allowed" (after having read the article, of
course):

Doesn't this show that it is time for someone to set up some kind of
"ScienceLeaks" website, where scientists can upload research (results, papers,
...) anonymously which they are are not allowed to do legally because of
various such "research-restricting" laws.

\---

UPDATE: Before people ask the potential question how the researchers are
supposed to get their proper credit - my consideration is the following: Each
of the researchers signs the paper with their own "public" key of a public-
private key pair. This signature is uploaded as part of the paper upload. The
"public" key is nevertheless kept secret by the researchers.

When the legal risk is over and the researchers want to disclose their
contribution, they simply make their "public" key really public. This way,
anyboy can change that the signature that was uploaded from beginning on,
indeed belong to this public key and thus to the respective researcher.

~~~
topspin
That's not the way. The tech press isn't powerless here.

The media that has been performing such benchmarks for decades and have thus
earned a large and faithful audience can organize and simultaneously publish
the relevant benchmarks in the US, complete with an unapologetic disclosure
right at the top as to the why this is happening. Put Intel into the position
of suing every significant member of the US tech media and create a 1st
amendment case, or perhaps try to single out some member and create a living
martyr to which we can offer our generous gofundme legal defense contributions
over the decade it takes to progress through the courts. Either way Intel
creates a PR disaster for itself.

Sack up and call their bluff. There are MILLIONS of people that will stand
behind that courage. At some point the share holders will feel it and this
nasty crap will end.

~~~
bluGill
The press can just give intel a "Don't buy" rating with a comment that intel
has something to hide, we don't know what but you would be a fool to even
consider them when you can't know if they are any good. Technically I can't
even show the latest intel is faster than a old i386 that I'm finally ready to
replace, while I can show the AMD is better.

------
beefhash
As a side note: Some of the license changes also block Debian from updating
their intel-microcode package[1].

[1] [https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=906158#14](https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=906158#14)

~~~
mpartel
My guess is Intel will revert the license change soon. It's just too absurd to
stay. But if not, I wonder if distros could have two packages, named with
appropriate and well-deserved passive-aggressiveness, e.g.: intel-microcode-
insecure and intel-microcode-legally-restricted.

~~~
jgtrosh
And maybe they'll mark benchmarking packages as conflicting with intel-
microcode-legally-restricted?

~~~
akx
Installing the benchmarking package, or running it, isn't against the license.
Providing or publishing (comparative?) numbers while the microcode package is
applied would be.

------
eksemplar
Aside from my vic20 and c64 I’ve only ever owned intel CPUs, and those two may
have been intel as well, I wouldn’t know. I’ve never made a decision to chose
Intel based on benchmark, I’ve bought them because they’ve always been great
for me.

So it’ll be ironic when I buy an AMD processor when I upgrade for cyberpunk
2077, because of benchmarks. Not because AMD is faster, they may be but I
wouldn’t know, no, it’ll be because intel are douches.

I didn’t like how they handled their vulnerabilities, or how they still
released chips with the errors long after it was discovered because they had
production planned, and now they are pulling stuff like this?

Heh.

~~~
SmellyGeekBoy
Similar to my story. Apart from an Athlon 650 around 2000-era we've always
been an Intel household. I recently upgraded my gaming PC and went with the
Ryzen 7 2700X, partly due to the way Intel have been treating their customers
like idiots lately. I'm seriously considering AMD for the graphics card too
(currently running a GTX 970) as I may well be moving my main gaming PC over
to Linux in the near future.

~~~
theandrewbailey
> I'm seriously considering AMD for the graphics card too (currently running a
> GTX 970)

Me too. I was running Intel+Nvidia rigs for about ten years, up until last
year, when I got a Ryzen 1800X and (this year) a Radeon 7970. Nvidia hasn't
been the most ethically behaved as of late (whether it's more or less than
Intel, I haven't figured out). Intel will be releasing a discrete GPU in a
year or two; who knows how fast it will be, or if they will allow people to
benchmark it.

~~~
gargravarr
Same, I had bad experiences with the early Athlons and bought Intels after
that, never had any stability problems. But now I'm seeing douchey behaviour
from both Intel and nVidia. I've been a big fanboy because of the performance,
but the business practises are becoming polarising, and AMD seems to have
caught up or surpassed in performance terms. Plus, they handled the
vulnerabilities disclosure much better (even a smug 'AMD processors are not
affected' on more than one).

I always used to root for Intel because AMD made their entire business model
off copying (later licensing) Intel's x86 designs (including the model
numbers), but that's becoming a lot less relevant now.

I upgraded my desktop's Geforce 550Ti with a Radeon HD 7850, and though it's
gotten off to a slightly rocky start (Windows logins are noticeably slower,
seems to be a known issue), performance is great, benchmarks showing it on par
with the 970m in my laptop. When the Haswell i7 needs to be upgraded, I may
start looking at a Ryzen. Never thought I'd see the day.

~~~
sitkack
> AMD made their entire business model off copying (later licensing)

Intel contracted AMD to second source their processors as a requirement for
being in the IBM PC (requirement dictated by IBM).

AMD existed long before their version of the x86, producing the venerable
[http://www.cpu-world.com/CPUs/2901/](http://www.cpu-world.com/CPUs/2901/)
which was widely used in minicomputers of the time.

The amazing thing about the 2901 and family, was that the engineer could
design a board level CPU and full freedom over register sizes, numbers, alus,
etc.

Don't forget that the 64 bit x86 ISA was created by AMD and licensed to Intel.

~~~
gargravarr
Huh, I didn't know that. I thought AMD started competing with Intel by cloning
the 286 and beyond. Had no idea it was for the IBM PC contract.

I knew about 64-bit (Athlon 64, anyone?), but I've always heard x86-64
described as a kludge and an awful hack, not a well-designed architecture. The
greater RAM accessibility and native execution of 32-bit code are advantages,
but shortly thereafter Intel went multi-core, which seems to have done
drastically more for system performance than x64 did.

------
johnklos
I'm really curious how Intel could even imagine this is enforceable. For
instance, if I have a server with shell access for many users, am I supposed
to forbid my users from publishing benchmarks? If they do, am I liable since I
"agreed" to the license? Or are they, even though they never "agreed" to the
license? It just doesn't make sense.

~~~
muppetman
Surely it's just designed to scare the big media websites from publishing
numbers.

~~~
0x8BADF00D
This is censorship, plain and simple. They cannot command everyone to abridge
their speech, even if their license terms say so. It is unenforceable and
illegal.

~~~
lathiat
It's also crazy to my mind. The reality is these various issues are all having
potentially significant impacts on performance -- and it's not just the
microcode related changes, but also the kernel changes, etc. It is kind of
ridiculous to require everyone to do their own testing and not allow basic
numbers to be published.

I also find it fascinating in that in theory your BIOS update can include
these changes.. does this anti benchmark license apply if you reflash a new
BIOS or just buy a new motherboard with the new bios and then use the same
type of CPU to compare?

Makes me want to look at some BIOS and motherboard EULAs now...

~~~
SmellyGeekBoy
This is a very good point. What about replacing a motherboard (but not CPU)
due to motherboard failure or just to get some extra feature or other? If the
new BIOS includes the microcode updates are you legally forbidden from
benchmarking your old CPU?

------
gaia
Let the benchmarks roll in...

[https://access.redhat.com/security/vulnerabilities/L1TF-
perf](https://access.redhat.com/security/vulnerabilities/L1TF-perf)

An estimation of man hours spent on this issue outside Intel

[https://www.servethehome.com/intel-publishes-l1tf-and-
foresh...](https://www.servethehome.com/intel-publishes-l1tf-and-foreshadow-
performance-impacts/)

Thought frequently mentioned, Phoronix did not run a benchmark comparing
before and after application of the microcode update. Excerpt: To note, no
microcode changes/updates were made to the systems under test for this
article, just testing/comparing the kernel patches
([https://www.phoronix.com/scan.php?page=article&item=l1tf-
for...](https://www.phoronix.com/scan.php?page=article&item=l1tf-foreshadow-
xeon&num=1))

~~~
panarky
_> For companies like Google and Microsoft with the ability to get custom
chips, and with custom schedulers that can ensure that VMs to not cross hyper-
threading boundaries, this is something that can be relatively easily
mitigated. For enterprise virtualization clouds, this may increase utilization
of underutilized servers, and cause more server purchases in the future._

Is this net-positive for VMware since customers will be required to buy more
licenses for the same workload?

Or is it net-negative because it makes public clouds more competitive?

------
Nition
They better be wary of the Streisand Effect here. Banning benchmarking just
makes it seem like the performance hit is going to be serious, which makes
everyone even more curious.

~~~
duxup
I didn't know anything about this... now I'm really curious what the
benchmarks are.

Now that it is news they're pretty much begging for someone to do the
benchmarks.

This reminds me of the oracle license that was so broad it prevented users
from talking to other users about their experience with the product... any
experience.

~~~
pbhjpbhj
Perhaps they're not complete imbeciles and this is a marketing stunt, turns
out the benchmarks are fantastic??

~~~
duxup
I would very much enjoy that.

------
infinity0
> Another issue is whether the customer should install the fix at all. Many
> computer users don’t allow outside or unprivileged users to run on their
> CPUs the way a cloud or hosting company does. For them, these side-channel
> and timing attacks are mostly irrelevant, and the slowdown incurred by
> installing the fix is unnecessary.

lol, javascript

~~~
theprotocol
>Another issue is whether the customer should install the fix at all

Microsoft will surely decide for me on my Windows 10 gaming PC. Better save my
work (which I sometimes do even on a gaming machine) frequently lest the
masters deem it fit to restart while I'm away having lunch if they decide I
can live with the performance hit.

~~~
chrisper
Just mark every 2nd Tuesday of a month as patch day and you won't have
surprises!

~~~
theprotocol
• Updates are not served to me at regular, known intervals. Perhaps it's due
to a progressive rollout policy of some kind.

• Certain days come up that I, the paying user, do not want to patch on.
Microsoft wins this disagreement and I lose. This occurs in a glib fashion
with a message like "Hey, just a heads up, we are going to restart your
computer" (whether I like it or not). It is my computer, there is no "we!"

It will _absolutely_ close programs with unsaved work if I am not there.

• Maybe I don't want the performance hit on my gaming PC. This is another
element of surprise: who knows how bad it'll be? Certainly not the users if
Intel and Microsoft have their way.

• Yet another element of surprise: I've had hardware stop working after
updates.

I cannot wait until it becomes viable to escape the toxicity of companies such
as Intel and Microsoft.

~~~
ReverseCold
Microsoft's stance on the issue:

Win10 is free* (so it does this) - Professionals who need to override these
settings should get Win10 Pro.

~~~
0xffff2
I have Win 10 Pro. AFAIK it handles updates the exact same way. How do I
disable automatic reboots on my Win 10 Pro machine?

------
eight_ender
Has Intel just outlawed any review website (gaming, enthusiast, etc) from ever
posting benchmarks of their CPUs again? I feel like they didn't think this
through.

~~~
wtallis
If we tech journalists were actually seriously concerned that Intel would be
dumb enough to try to enforce those provisions against us, then we'd just ask
the motherboard vendors for updated pre-release firmware that incorporates the
new microcode but doesn't come with Intel's license agreement attached. We
often go that route anyways because it's easier to update the motherboard than
to ensure that every OS you're testing against (especially Windows) has loaded
the newer microcode.

~~~
lagadu
Also if you get the update via windows update you get the patch without having
ever agreed to the no-benchmarking clause, so you're free to publish anyway.

~~~
glenneroo
Windows Updates used to pop up an EULA to be agreed upon before installing
certain anti-malware related software, not sure if that's the case anymore
with Windows 10 auto-install-and-reboot procedure. I wonder if Intel
could/would try to have Microsoft insert another click-to-agree EULA for this
upcoming patch?

~~~
rebelwebmaster
I got the Win10 update yesterday and didn't have to accept any sort of license
first.

------
flcknzwrg
This borders on unbelievable...

I checked at intel directly just to make sure this is true:
[https://downloadcenter.intel.com/download/28039/Linux-
Proces...](https://downloadcenter.intel.com/download/28039/Linux-Processor-
Microcode-Data-File?v=t) The file
[https://downloadmirror.intel.com/28039/eng/microcode-2018080...](https://downloadmirror.intel.com/28039/eng/microcode-20180807.tgz)
contains the license file with that laughable clause included.

Now hand me the popcorn...

------
FiloSottile
Forget benchmarks, how is (iii) (“You will not [...] use or make the Software
available for the use or benefit of third parties”) compatible with shared
hosting and rented virtual machines, where the provider has to apply the
microcode for the benefit of the guests?

~~~
gnud
Forget shared hosts, how about when I write something for my client on my
employers machine? I'm using the software for the benefit of a third party...

~~~
lucb1e
I read that license line as that you can't make it available for the benefit
of others, not that you can't use it for the benefit of others. But of course
that's the logical interpretation and the only one that matters is the worst
possible interpretation. I'm not a native English speaker nor lawyer, would be
interesting to see another opinion on this.

------
squarefoot
Sorry if I stress this even one more time, but we _badly_ need 100% open iron,
I mean something beefier than SiFive. If there is any effort in this
direction, then, say for a year, most donations should be diverted over there.
Closed hardware is becoming the unavoidable medium used to push closed
firmware into everyone's system, that's a lot more important than benchmarks.

~~~
radialbrain
Have you seen
[https://www.raptorcs.com/TALOSII/](https://www.raptorcs.com/TALOSII/)? Typing
this on my own right now.

~~~
iforgotpassword
Fails the 'reasonable pricing' check. Who's gonna pay 6x of what you pay for a
comparable intel system? This is only for the super-enthusiast.

~~~
glenneroo
Technology often starts out expensive and enthusiast only, but if Intel keeps
throwing these wild punches in every direction, why wouldn't we see a steady
migration to alternatives? AMD is definitely benefiting from Intel's recent
decisions, I am sure Raptor is also starting to get more business. A few more
years of shady Intel decisions combined with sufficient negative press and I
am sure the market will gladly decide. There are surely plenty of large
corporations who can afford the costs and would prefer being able to audit
everything themselves. This seems like the perfect storm for competition to
finally have a chance.

~~~
iforgotpassword
You cannot deliver competitive quality, performance and pricing right away,
completely agree. But there's generally a threshold to how much more expensive
it can be in the beginning, and more importantly, how much you benefit from
it. The problem here is that only few people even understand the problems with
what Intel does, and even fewer people care. My games still run fine so why
should I care? HN is a real echo chamber in cases like this and easily give a
false impression. As you also mentioned, AMD is the only realistic winner from
all this, since it's also x86 so you can switch over and everything stays the
same. But in general, remember that people are very good at forgetting, and at
just accepting that "everything's fucked up" is the new normal. Intel only
needs to keep delivering competitive performance and people will keep buying.

I'd really love to see a big shift to a new architecture, RISC V, OpenPOWER
etc. get me really excited because as a nerd new technology in general is
always interesting, but the above simply is my prediction of the future based
on history. I mean, how long ago have the first serious Intel ME
vulnerabilities been disclosed? What happened apart from a short shitstorm on
tech websites and some small companies offering laptops with crippled down IME
that only complete neck beards care about?

~~~
josemanuel
But riscV processors will always be closed source. so you cannot crowdsource
vulnerability finding...

~~~
iforgotpassword
Why would they always be closed source?

------
molyss
This is beyond idiotic. Any company that's about to release this in their
production server will want to benchmark the effect of the fix. And some of
them will have to provide the results to their customers.

------
harry8
I would like to see the New York Times co publish benchmarks with phoronix (or
whomever has the relevant expertise and credibility) with a box detailing the
ridiculous license and an editorial suggesting Intel investors may have cause
for concern about managerial competence.

~~~
pbhjpbhj
Someone with a publishing arm at their disposal is surely shorting Intel as we
speak, ready to publish just such a story?

------
bochoh
It would seem that paired with
[https://news.ycombinator.com/item?id=17820248](https://news.ycombinator.com/item?id=17820248)
that Intel is reeling back like a wounded animal. I'm intrigued as to what
comes next - real innovation or dirty tactics to stay on top?

~~~
sorokod
Why not both?!

~~~
jagger27
Worked wonders for Nvidia.

------
ddtaylor
2018 has been an abysmal year for Intel so far. Multiple serious
vulnerabilities that effect multiple areas of their products, Spectre,
Meltdown, Management Engine, etc. The only thing they _can_ control is how
they respond and they've done a terrible job of that too. At this rate I'm
expecting a consumer product agency to eventually get involved.

~~~
ikeyany
They also got rid of their CEO this year.

------
mnm1
Bring on the lawsuits. Ignore the patches and sue Intel for the underlying
security flaws. When they point to the patches, clearly state that because of
the new license, they do not solve the problem and will not be applied. No one
signed up for this when they bought an Intel CPU and that's saying a lot
considering all the bullshit we do sign up for when buying one. This is
outrageous. Intel should be sued in a class action. Whether they could have
known about the exploits or not is irrelevant at this point. They refuse to
provide proper patches without this license which is equivalent to providing
no patches at all while knowing about the exploit. They have provided faulty
hardware without a way to fix it. A lawsuit or a few thousand is the only way
to get resolution on this.

~~~
aerotwelve
How many mandatory binding arbitration clauses and/or class action waivers
have Intel hidden in their license agreements over the years? If they did it
right, they never have to worry about a class action lawsuit (and the horrible
press that comes with it) anytime soon.

Which, of course, makes the kind of systematic deception Intel is trying to
pull off here much easier. It's a feature!

~~~
mnm1
I wasn't aware that CPUs have licenses. It's certainly not something I've ever
agreed to on purpose or otherwise. There is no box or manual to imply that I
have ever agreed to such a license. I'm not doubting you, I'm just wondering
where this license lies and when/how did I agree to it?

------
robocat
> (iii) use or make the Software available for the use or benefit of third
> parties

i.e. you cannot allow anyone else to use your CPU?

I get that the intent is probably about distribution, but the software runs on
the CPU so is being used by whoever is using the CPU.

------
naasking
I wish lawmakers would tackle these kind of ridiculous provisions in EULAs.
When you purchase something, you own it, and you should be able to do what you
want with it.

You shouldn't have to jump through absurd legal hurdles to use and talk about
something you legally purchased. These aren't national security secrets for
god's sake.

~~~
f055
They do. The same EULA will have different binding in the US and in Europe,
for example. In many EU countries companies cannot draw arbitrary EULAs. If
some sections infringe on consumer rights, then these sections simply don't
apply and cannot be enforced. In essence, Intel can write whatever they wish
in the EULA, but the consumer can do whatever they want as well. Depending on
consumer's jurisdiction, it can create problems or not. US judiciary system is
particularly unpleasant to the regular Joe, but the rest of the world is not.
Go figure.

------
bubblethink
>Since the microcode is running for every instruction, this seems to be a use
restriction on the entire processor

Does Intel's legal team even have a basic understanding of how computers work
? In essence, the word 'benchmark' ceases to exist after this microcode
update. No more research in any domain. Back to hunting and gathering.

------
elihu
> The security fixes are known to significantly slow down Intel processors,
> which won’t just disappoint customers and reduce the public regard of Intel,
> it will probably lead to lawsuits (if it hasn’t already). Suddenly having
> processors that are perhaps 5% to 10% slower, if they are to be secure, is a
> significant damage to many companies that run server farms or provide cloud
> services.

Maybe I'm missing something here, but I was under the impression that the
Spectre/Meltdown mitigations have a big performance penalty, but the more
recent L1TF mitigations should have little or no impact, and that the new
license only showed up recently on the new L1TF mitigation patches.

Is the L1TF mitigation actually a lot worse than I thought, or does this
license apply to the earlier Spectre/Meltdown patches, or is Bruce Perens just
being sloppy and conflating the two?

Either way, I agree with him that draconian license terms shouldn't be
attached to bug fixes.

~~~
cyphar
> Is the L1TF mitigation actually a lot worse than I thought, or does this
> license apply to the earlier Spectre/Meltdown patches, or is Bruce Perens
> just being sloppy and conflating the two?

He isn't being sloppy. According to the Debian package maintainer[1], the new
license only applies to the new patches (ones after 2018-08-07) which were
released long after the Spectre/Meltdown ones -- because the license was only
changed in the 20180807 microcode update (and because Debian didn't block the
previous Spectre/Meltdown releases over license concerns).

In theory, nobody can actually tell you how bad the L1TF mitigation is because
of the new license terms (a comparison before-and-after L1TF mitigation would
be providing you with comparison test results).

[1]: [https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=906158#14](https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=906158#14)

------
GrayShade
Phoronix already tested this:
[https://www.phoronix.com/scan.php?page=article&item=l1tf-
ear...](https://www.phoronix.com/scan.php?page=article&item=l1tf-early-
look&num=1) and [https://www.phoronix.com/scan.php?page=article&item=l1tf-
for...](https://www.phoronix.com/scan.php?page=article&item=l1tf-foreshadow-
xeon&num=1).

The performance loss isn't that bad in most cases.

~~~
polkadotted
These seems to be linux's own mitigations against L1TF. There's no mention
about microcode being updated here, which I assume isn't the case.

I assume the microcode update could be either equal o slightly worse in terms
of performance, as the CPU might need to flush more frequently.

Which is pretty sad, as the status of kernel+microcode updates is quite
confusing already. Some mitigations can take advantage of new microcode
updates, if the kernel is recent enough. How does the pure soft-workaround
compare in terms of performance to the microcode-assisted one?

Note that, combining all workarounds for meltdown+spectre-v1/v2+l1tf can have
a _significant_ performance hit for some workloads which are not purely cpu-
bound. On top of that HT is now looking like a bad idea to start with.

I'm pretty sure that for a server where there's a lot of I/O and
virtualization going on, enabling all the patches and workarounds + disabling
HT can take a massive cut in overall throughput.

~~~
GrayShade
I assumed the tests were were ran on the new microcode version, as it was
released a week before the tests, but it seems that Ubuntu didn't ship that
update yet.

Their security advisory says that

> Optimized L1 data cache flushing is available via intel-microcode updates.
> The updated kernels implement a software fallback cache flushing mechanism
> for processors that have not received microcode updates.

It looks like the kernel will say "VMX: conditional cache flushes" on the new
microcode so according to the Phoronix screenshots, they were running the
older version.

Maybe we'll see a new set of benchmarks.

------
acd
"Freedom of speech is a principle that supports the freedom of an individual
or a community to articulate their opinions and ideas without fear of
retaliation, censorship, or sanction."
[https://en.wikipedia.org/wiki/Freedom_of_speech](https://en.wikipedia.org/wiki/Freedom_of_speech)

------
mannykannot
These pernicious attempts to chip away at free speech through contractural
riders is becoming more common and blatant.

The best way to combat this sort of thing is for journalists, and anyone else
discussing the issues of this vulnerability, to make a point of bringing it
up, repeatedly. Whenever performance is an issue, point out that Intel is
restricting the impact from being evaluated, which suggests that it is bad.
Whenever security is an issue, point out that Intel is restricting the
dissemination of the mitigation by imposing self-serving conditions on its
use.

------
xoa
I'm mildly surprised to do a quick search on this HN thread and not see the
word "adhesion" appear. These microcode patches are for a significant design
defect in a product that Intel already sold under both explicit and implicit
promises and expectations of general functionality. The microcode patches
aren't some luxury fully optional deal to make pretty patterns with case LEDs
or something, they're a matter of critical safety and _failing_ to install
them might even expose downstream users to liability issues were the security
problems to ever subsequently be exploited and then cause damage to a 3rd
party (or even themselves, cybersecurity insurance is still a pretty new area
but one of the few policies I've see had print I understood to be along the
lines of "insured is expected to take reasonable precautions staying up to
date with known patches"). Furthermore, Intel obviously presents no other
options for users, using cryptographic signing to ensure that (even ignoring
practical issues) there are zero other options to get microcode from.

At least from my layman's perspective this certainly smells like an absolutely
100% textbook contract of adhesion. It's a "take it or leave it" offer, there
is no room for bargaining, the term is far outside of reasonable expectations
for the situation, it's simply an entirely one-sided item for the pure benefit
of Intel leveraged coercively. In fact I think it may go far enough to hit the
doctrine of unconscionability even. All this without even touching on any
public interest issues.

I think they should be challenged on this, that benchmarks should be published
and Intel told to pound sand. Companies can stick whatever they want in a
contract but that doesn't make it enforceable. And while admittedly often that
can be quite gray territory and people toss out "not enforceable!!!" on the
Internet far, far more often then is justified this particular instance really
does look egregious. Yes, normally you can contract away your speech rights,
but it's in the process of a _real contract_ , with reasonably equal
bargaining positions, proper consideration, etc. I think this goes too far.

Perhaps Intel's real aim though is actually slimier, lots of major review
sites depend pretty heavily on access that Intel (and other vendors) offer as
well as free/cheap kit and the like which is optional and much easier to yank
away at a whim. For those publications this may be a shot across the bow, of
the sort "sure, you can challenge this if you want but it's a warning that if
you do we can still punish you for it regardless of you winning the case."

~~~
Aloha
I'm not at yet convinced this was not simply user error in the legal
department, or in the department that deployed the microcode to the website.
The longer Intel is silent on the issue, the more likely this was their
intent.

------
akerro
Can I publish benchmarks of 7zip, The Witcher 3 and OpenGPG from yesterday and
tomorrow (after Intel patch, which was patched coincidentally)?

~~~
shakna
> (v) publish or provide any Software benchmark or comparison test results.

This seems to exclude any benchmark that may be affected by the Software's
performance... Which means any CPU benchmark.

There is some play in the wording... And I'm taking the least favourable
interpretation. But yeah... Seems like Intel have said no benchmarking, full
stop.

~~~
mcv

      > Seems like Intel have said no benchmarking, full stop.
    

That doesn't mean it's enforceable. Companies say silly things all the time.

~~~
shakna
Absolutely.

If they tried to uphold that least-favourable interpretation, then I would be
reaching for anti-competitive laws, and other consumer protections, and
perhaps even contract law as they say downloading the software, so you can see
the license, is binding.

It seems difficult to have a legal argument that it should be binding at all.

------
mpartel
Good thing we still have a somewhat anonymous internet. I'd be surprised if
there wasn't a benchmark or two on the HN front page by tomorrow.

Might even come from a media organization if their lawyers deem this
sufficiently unlikely to be enforcable in their country.

------
close04
I'm pretty sure they can expect future article titles to be _Massive
performance penalty with latest firmware patches ... Intel CPUs hit so hard by
latest patches that Intel bans benchmarks_.

Doesn't even need to have a content.

------
tait
Back in 2000 or maybe 2001, Intel had software one could use to create an
image (something analogous to Paint or Photoshop). If I recall correctly, the
novelty was that it was online.

The license for that software was that Intel owned all rights to everything
produced with it - your art was not your own.

My Google-fu is weak today. Does anybody remember the name/have a reference?

------
ulfw
Oh intel. What has happened to you? Do they really think this could even
remotely be enforceable?

~~~
Jach
Oracle and MS SQL Server have had no benchmark disclosures in their licenses
for a long time, so Intel probably thinks so.

~~~
throwaway77384
So this is illegal?

[http://phpdao.com/mysql_postgres_oracle_mssql/](http://phpdao.com/mysql_postgres_oracle_mssql/)

~~~
yrro
I don't think it's illegal for the author to violate the terms of the license
that they agreed to in order to be able to run Oracle RDBMS legally.

~~~
throwaway77384
Feels like it makes very little sense to even attempt to suppress
benchmarking. Like, comparing products is at the heart of capitalist / free
market trade / society, surely?

------
ajb
Intel release a faulty product, and to get the fix you are required to sign up
to additional terms and conditions. Is that even legal? If it is, it shouldn't
be.

------
fron
Intel's poor handling of the Meltdown fiasco and now this tomfoolery, means
they have lost me as a customer forever.

I'm on the AMD train now, never buying Intel again.

------
punnerud
Under EU legislations these rules is void and null. In addition you can’t put
rules to stop scraping of databases. The only rules that does apply is patents
and copyright if you want to redistribute/sell.

You are free to change, modify, reverse-engineer every product you can view or
get access to.

------
sverige
> I'm not blaming Intel for this, I don't know if Intel could have foreseen
> the problem.

The potential security issues with out of order processing were noted publicly
at least as far back as 2007. The problem is that, on the whole, the entire
industry doesn't really give a shit about security until it's too late, which
is exactly the wrong time to start.

I don't foresee this changing anytime soon. It will be interesting to see the
downside of AI. Or maybe terrifying is a better word for it, since it could
foreseeably include personal physical security. But before that time comes,
people who think like me are still just pointy-headed paranoid security
losers, I reckon.

~~~
api
Nobody is thinking about security and AI. I wonder how long it will be before
someone images a neural net embedded into some product and then figures out
how to trick it into behaving in some way that attacks some internal part of
the program hosting it. I'm imagining things like images than when shown to
image classifiers cause the classifier neural network to buffer overflow the
conventional program hosting it and inject shellcode.

Many types of neural networks are Turing-complete and are written in C by
academics with no security experience. Fun times ahead.

------
emilfihlman
No benchmarking?

Just benchmark and publish results anonymously. Intel can't take them down
since the results are not illegal, only the "act" is prohibited by the EULA,
which is not enforceable anyways.

Intel should be seriously punished for trying to play like this.

------
mehrdadn
Even if everyone plays by the rules, can't someone in another jurisdiction
publish comparison results? How do they expect this to work?

~~~
ksrm
I'm curious to know how valid this is in EU countries. Anyone know?

~~~
rbehrends
Against consumers, almost certainly unenforcable under the Unfair Terms in
Consumer Contracts Directive alone, nevermind that some countries have even
stricter laws regarding unfair contract terms.

[1]
[https://en.wikipedia.org/wiki/Unfair_Terms_in_Consumer_Contr...](https://en.wikipedia.org/wiki/Unfair_Terms_in_Consumer_Contracts_Directive_1993)

------
tripzilch
> I don’t know if Intel could have forseen the problem. Since some similar
> exploits have been discovered for AMD and ARM CPUs, the answer is probably
> “no”.

the answer is they probably both should have.

speculatively executing code that is time-sensitive to privileged data should
have been caught. timing attacks on this level have been known for at least a
decade. for that reason I don't quite believe that nobody at Intel (or AMD)
was aware of the possibility of these attacks before anyone in the security
industry published about it. they should have been more responsible instead of
just waiting until it broke.

everything about this saga adds up to economics, business and production
reasons why 1) not enough people were paid to look for these kind of problems,
2) the microcode developers that might have become aware of potential issues
didn't have a good avenue to raise them, 3) there seems to have been NO proper
roadmap whatsoever at both of these (rather large) companies for responsibly
addressing, fixing and patching mistakes of this level. the whole response
seems to be completely _ad hoc_ , like it was some kind of one-in-a-million
act-of-god thing that nobody could have foreseen.

it's not a super obscure bug. it's a _side channel cache timing attack_ , the
likes of which have been well-known for over a decade.

if Intel and AMD both thought, during the past decade, "well we know about
side channel cache timing attacks now, and this is probably the worst they'll
ever get", they don't know quite an important rule about security: exploits
only get worse, never better. that inaction definitely doesn't fall under
"could not have foreseen".

------
adiusmus
Intel are the experts in their own products. If they don’t have confidence in
them, why should we?

------
hansendc
Response from Intel that includes a new version of the license is here:

[https://twitter.com/imadsousou/status/1032680311753072640](https://twitter.com/imadsousou/status/1032680311753072640)

Disclaimer: I work at Intel

------
_ph_
A total disaster. From all I know, any thorough fix of the exploits of
speculative execution will slow down the processers significantly. Unless the
terms are just a terribly blunder (which would be bad enough on its own), this
points to a rather big marketing nightmare to show up. First of all the bad PR
for those terms, and of course, sooner or later there will be thorough
benchmarks on the net. I would even guess, one of the larger hardware review
sites will openly ignore the terms and run them and wait for Intel to sue
them. I could not imagine such a law suit achieving anything but directing
even more attention to that publication and the obtained results.

------
crb002
Benchmarking clause is unenforcible. It's like a clause by an auto
manufacturer you can't track gas milage.

What you are supposed to just ignore how much gas you put in the tank? No
different when your servers slow down and runs up your electric bills.

------
a3_nm
Amusingly, I don't think the summary in the article or article title correctly
summarizes the legalese. What is forbidden seems to be to "publish or provide"
benchmark results. So let's I boot my machine with the new microcode, run a
benchmark, then reboot it with the old microcode and upload the results to my
website (hosted on a machine that doesn't run the new microcode). I don't see
how this violates the terms of the license.

In general, these terms doesn't seem to be very carefully phrased. Point (i),
and independently point (iii), apparently prevent you from running the
software altogether.

------
farhanhubble
Is it even legal to do so? Tomorrow Intel can ask us not to benchmark the
clock speed.

------
gigatexal
Yeah...super fishy. If you don’t want to show off your product something is
wrong. If they released Speculative execution newly (in some alternate
universe) they’d be touting the huge performance benefits and showing off a
ton.

------
JudasGoat
The Tech Press seems to be only covering the patch, while ignoring the
NDA.[https://www.zdnet.com/article/windows-10-alert-all-
versions-...](https://www.zdnet.com/article/windows-10-alert-all-versions-get-
new-intel-patches-for-spectre-foreshadow-bugs/) and
[https://hothardware.com/news/microsoft-windows-10-patches-
sp...](https://hothardware.com/news/microsoft-windows-10-patches-spectre-
foreshadow-side-channel-exploits)

------
isthatart
Earth is flat and the theory of evolution is bogus. You will not allow and
will not allow any third party to publish or provide any benchmark or
comparison test results. Done with Science.

------
kashyapc
So, as expected, a colleague of mine pointed out—Imad Sousou from Intel's Open
Source Technology Center clarified:

 _We have simplified the Intel license to make it easier to distribute CPU
microcode updates and posted the new version
here:[http://bit.ly/2w9RjtM](http://bit.ly/2w9RjtM) . As an active member of
the open source community, we continue to welcome all feedback and thank the
community_

------
sir-alien
The no publishing terms is pretty much null and void outside the USA. Many
non-US countries have unfair contract laws that make certain contracts (EULA)
illegal and unenforceable. So if you and your site are outside the USA and
your country has the appropriate consumer protection laws, benchmark and
publish away.

I would be certainly interested in the level of degraded performance.

------
l3tf
Intel themselves have published before and after benchmarks, though.

[https://www.intel.com/content/www/us/en/architecture-and-
tec...](https://www.intel.com/content/www/us/en/architecture-and-
technology/l1tf.html)

------
dayaz36
I'm done with Intel

------
andy_ppp
How is this enforceable in Law - I mean surely free speech laws apply here?
You can't be compelled by contracts like this to not talk, it's absurd.

It doesn't even seem like a particularly well written clause as it could be
interpreted to mean benchmarking the microcode update process not the
hardware.

------
Grollicus
> You will [..] not allow any third party to [..] publish or provide any
> Software benchmark or comparison test results

I read this as everyone that distributes this has to change THEIR ToS to
explicitly disallow THEIR users to provide benchmarks. Surprised any distro
distributes this at all.

------
fbn79
It's a clear invite to benchmark.

------
bigon
Isn't the the license used for OEM that prevents Debian to upload the update?
[https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=906158](https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=906158)

------
crististm
I'm sick of this kind of restrictions from anybody. They are obviously blind
to the reputation damage they inflict on themselves.

Regardless, what would be a compelling reason for which I should buy from
Intel again? What kind of credibility do they build for themselves?

------
grecy
Does intel seriously think there won't be hundreds of people publishing
benchmarks?

We live in a time where thepiratebay still thrives, Snowden did his think and
wikileaks is a thing, and Intel thinks they'll stop someone publishing
benchmarks.... of a cpu.... ?

------
mark-r
I hope the Streisand Effect[1] makes them regret this decision.

[1]
[https://en.wikipedia.org/wiki/Streisand_effect](https://en.wikipedia.org/wiki/Streisand_effect)

------
S-E-P
Why not make it optional? I don't care about that level of security on most of
my systems, I, and I hope the rest of you, have ways to mitigate most security
issues like this anyhow. It's ridiculous.

------
waldbeere
Simple solution in comments: [ i7-8750H ] User1: do benchmark on no patch Os
post in thread User2: do benchmark on patched OS, post in thread

Is not a compare only performance graph between two users computer remember
USER1 is patched

~~~
dvhh
you would have to demonstrate that the config from user1 is identical to the
configuration of user2, wich mean you would have to split the patch up to the
microde update.

------
chrisper
Couple months ago I got an AMD Ryzen for my homeserver. I am pretty happy with
it. Next time I'll probably get an AMD for the desktop as well. But I am
talking about 6 years at least

------
faragon
Intel already made an important effort regarding being Open Source friendly.
In my opinion they should keep playing the nice guy role, avoiding PR fiascos.

------
Buge
What if I install the microcode then sell the CPU, then the buyer does a
benchmark? Am I banned from selling the CPU after installing the microcode?

------
freeopinion
This raises the question about how you sort null with respect to processor
performance.

Given four benchmarks (7,null,8,6) where do you place the null?

------
JTbane
>No benchmarking allowed

If this isn't a smoking gun about performance loss due to vulns, I don't know
what is. Intel is in hot water.

------
cmurf
I'm willing to bet the license agreement in OEM firmware updates that also
include the microcode patches, has this language.

------
aruggirello
So what will these guys do?

[https://www.cpubenchmark.net](https://www.cpubenchmark.net)

------
dhimes
What's the over/under for seeing published benchmarks? Monday, 2018-Aug-27
1200 UTC seem reasonable?

------
api
So... anyone want to link to some benchmarks hosted somewhere Intel can't mess
with? I have Tor Browser.

------
zmix
It is sad to see Intel moving this way, but the Internet will find a way
around this. As it did so often.

------
amelius
Would car manufacturers get away with this? "No emission tests allowed!"

------
minusSeven
This is why need more regulations so companies can't pull this shit....

------
rbc
I wonder what the folks over at top500.org will think of that?

------
gesman
This TOS is driven by lawyers, not by business decision makers

~~~
tzmudzin
Are lawyers running their business, or are business decision makers making
business decisions?

~~~
theyinwhy
So business decision makers made the decision to let their lawyers be business
decision makers?

~~~
tzmudzin
It certainly looks like that. Not sure it was the wisest move though...

------
givinguflac
So, has anyone done any comparison or benchmarks?

------
utopcell
Gag benchmarkers ? That is the Oracle way.

------
textmode
For discussion...

Question: Are these license restrictions on right to disclose benchmarks
enforceable?

Question: If they are enforceable, do licensors ever try to enforce them? If
not, why?

A little background here: [https://danluu.com/anon-
benchmark/](https://danluu.com/anon-benchmark/)

For example, this has been posted to HN at least twice recently:

[https://clemenswinter.com/2018/07/09/how-to-analyze-
billions...](https://clemenswinter.com/2018/07/09/how-to-analyze-billions-of-
records-per-second-on-a-single-desktop-pc/)

Question: Was the author subject to any restrictions on publication? If yes,
did the author seek "permission" from the licensor to publish these findings?

Excerpts from some of the licenses:

2.2. 32 Bit Kdb+ Software Use Restrictions

(c) 32 Bit Kdb+ Software Evaluations. User shall not distribute or otherwise
make available to any third party any report regarding the performance of the
32 Bit Kdb+ Software, 32 Bit Kdb+ Software benchmarks or any information from
such a report unless User receives the express prior written consent of Kx to
disseminate such report or information.

kdb+ on demand - Personal Edition [64-bit]

1.3 Kdb+ On Demand Software Performance. End User shall not distribute or
otherwise make available to any third party any report regarding the
performance of the Kdb+ On Demand Software, Kdb+ On Demand Software benchmarks
or any information from such a report unless End User receives the express,
prior written consent of Kx to disseminate such report or information.

This Kdb+ Software Academic Use License Agreement ("Agreement") is made
between Kx Systems, Inc. ("Kx") and you, the University, or employee of the
University ("End User") with respect to Kx's 64 bit Kdb+ Software and any
related documentation that is made available to you in (jointly, the "Kdb+
Software"). You agree to use the Kdb+ Software under the terms and conditions
set forth below. This Agreement is effective upon you clicking the "I agree"
button below.

1\. LISCENSE GRANTS [sic]

1.4 Kdb+ Software Evaluations. End User shall not distribute or otherwise make
available to any third party any report regarding the performance of the Kdb+
Software, Kdb+ Software benchmarks or any information from such a report
unless End User receives the express, prior written consent of Kx to
disseminate such report or information.

Kdb+ software end-user agreement:

By accessing the Kdb+ Software via the Google platform, you are agreeing to be
bound by these terms and conditions (which may be updated from time to time)
and to the extent you are acting on behalf of a permitted organization that
you have authority to act on their behalf and bind them to these terms and
conditions.

You may not access the Kdb+ Software if you are a direct competitor of Kx.

4\. Benchmark Test Results. User agrees not to disclose benchmark, test or
performance information regarding the Kdb+ Software to any third party except
as explicitly authorized by Kx in writing.

------
h4b4n3r0
It’s as though Intel is being sabotaged from inside. Delays with 10nm,
suspicious exit of Krzanich, harebrained unenforceable licensing schemes. My
next machine will use Threadripper and this kind of shit just seals the deal.

------
gammatrigono
Time to disable automatic Windows Updates.

~~~
wtallis
Windows automatic updates are one of the easier ways to get the new microcode
without agreeing to the new license terms. But there are plenty of other
reasons to disable Windows Update (not that Windows will respect your
decision).

~~~
jwilk
How do you keep the system secure without Windows Update enabled?

~~~
wtallis
All of the Windows machines that I use for work are firewalled and have no
internet access, primarily so that they won't interrupt my work with fucking
updates, but security is a nice side effect. My personal Windows machine has
updates enabled because I don't mind if it reboots when my back is turned, and
my Linux and OS X machines can be trusted to ask before rebooting to apply
updates.

Microsoft has provided no real alternatives for those of us who need to be
able to keep a Windows machine running overnight.

------
jve
> Since some similar exploits have been discovered for AMD and ARM CPUs, the
> answer is probably “no”. But certainly customers are upset.

Whats to be upset? Don't update if you are upset. Choose between
perf/security. What are the options, anyway? You can be upset that the things
are the way they are, however you can't blame Intel/AMD/ARM, etc. You should
have been upset if these vulerabilities were known and not fixed thou.

~~~
cyphar
People are upset because Intel is not allowing people to run benchmarks on
their CPUs (the language is so vague that you could argue that running non-CPU
benchmarks, or benchmarks for other software unrelated to Intel would violate
this license). So you can't really make a "choice between
performance/security", because nobody is allowed to publish data that would
let you make an informed choice.

~~~
jve
Quoted text talks about being upset because of perf, not because of Intel not
allowing benchmarks.

Not allowing benchmarks - yeah, agree to that, that is a reason to be
dissapointed or upset.

But people throw words around: lawsuits, upset, etc.

~~~
cyphar
All the recent microcode patches to fix CPU security flaws have caused
performance degradation, so it's fair to mention that people have been upset
about this in the past (anecdotally, I know first-hand that people have
disabled the patches because it's started to break software that has
significant timeouts -- and they were obviously not happy that this was
necessary).

It's also (somewhat) fair to assume that this patch would also affect
performance until proven otherwise, and Intel changing their license to
disallow sharing comparative performance tests doesn't give me much faith that
I'm wrong in that assumption.

