From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Intel Microcode Date: Thu, 23 Aug 2018 21:11:20 +0200 Message-ID: <7ccf12cd-e37e-d5bf-3821-2aca28928122@link38.eu> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0906891709648527059==" List-Id: --===============0906891709648527059== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > Hi, >> [snip] >> >>> It looks like we have to rollback the microcode update. Intel has >>> changed the licensing terms in such a way that we won't be able (and no >>> third party either) to provide any performance benchmarks. >>> >>> So if someone says on the forum that IPFire is "a little bit slower >>> since the last update", that would violate that license. >> >> That's a VERY broad reading of the license. What you describe is a=20 >> subjective opinion of the performance of one installation from someone=20 >> not associated with the project, as opposed to the project itself=20 >> posting controlled performance benchmarks with before-and-after numbers. >=20 > That didn't come from me, but Debian and Gentoo: >=20 > * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D906158 > * https://bugs.gentoo.org/664134 >=20 > RedHat and SuSE seem to be shipping the new microcode. Not sure if they > saw the change of the license. >=20 > There is also a number of articles in the German news (at least) who > share this opinion: >=20 > * https://www.golem.de/news/side-channel-angriffe-intel-untersagt-benchmark= s-und-haertet-naechste-generation-1808-136151.html Heise has published one, too: https://www.heise.de/newsticker/meldung/Aerger-ueber-Intels-Lizenzbedingungen= -fuer-Sicherheits-Updates-4144515.html It says there: Intel announces to publish a changed version of the license soon. Seems like the current version was copied from a NDA template, as confidentiality is one of the listed aspects - which does not make any sense at all in a public document. However, as Michael mentioned, it illustrates the problem we all have with Intel: Technical mistakes with security impact happen - they must not happen, but unfortunately they do. A "normal" vendor would publish updates and a security advisory as soon as possible, keep customers and partners up to date, and maybe apologises for the problem. They company did none of those in time. And it does not look like they are going to do so in future. Of course, that's exactly the problem with all major IT companies, there is no need to name them here. But if you do not like your ISP, there is an alternative. If you do not like an operating system, choose another. But nobody can afford to stop using nearly all modern computer hardware from one day to another - not speaking about the poor diversity situation on the market. And so, trustworthy hardware remains a dream - at least for those users who care (or have to care) about security. It is wretched, absolutely wretched. >=20 >> [snip] >> >>> Basically, it isn't an option to ship this. Other distributions think >>> the same. >> >> I see the desire to err on the side of caution, plus the desire to put=20 >> pressure on Intel to modify the license, but I'd argue it's overkill. >=20 > It is just ridiculous from my angle. Their primary sales argument is to > be on top of the list of each benchmark out there. They probably forgot > about that. >=20 > But this is more about a slight change to hide that they messed up > *massively* here and a very bad attempt to cover it up. Now they got a > proper Streisand going. Well done Intel. >=20 > I am so fed up with spending so much of my time trying to fix something > that they got wrong and don't even own up to it. They are a shit > company. ACK. >=20 > *Goes and punches a wall now* "Wo sich sicherheitsm=C3=A4=C3=9Fig alles in der Schei=C3=9Fe suhlt und stink= t zum Gottserbarmen..." (Sorry for the German swearwords, I do not have an English translation at hand. Feeling with Michael here...) Best regards, Peter M=C3=BCller >=20 > -Michael--=20 Microsoft DNS service terminates abnormally when it recieves a response to a DNS query that was never made. Fix Information: Run your DNS service on a different platform. -- bugtraq --===============0906891709648527059== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ2dBZEZpRUV2UDRTaUdoRVlE SnlyUkxrMlVqeUQzMTduMmdGQWx0L0J1RUFDZ2tRMlVqeUQzMTcKbjJpYVhoQUFsYXpNMTV3QVQy b2xKMVZlN0NMOEZDOHFvU3plK29qM0pmOVppaWJzSDV2SlhDc2grbUMwbVV3LwpRNWduandYTDhx T2g5VVBTV2tMMWpkb1NUVjdXdGVJYXRYNlVDQmtMbHV2akhndVpVaU1vUkJadDdWS05PcE1uCmlz b0hSVkx5SXR5cVNaQUx5TWNVbDJQemRJKzZWbUw3RnFzc293MjNTVEJYaURGNDFlekJySjZuOVNk UzVOeU8KYlp5dlc0YWxWRUFhMU5Ray9OS21wZjlhajhITG40Y3NwSjBmN1JROVpwUVFvWlpCdUND WjRkMmFRdmxpOHlIbAppUm9iUUczRG1CMEhlMW9jdGZVM09uMFFrZjgvbjF3T1NIUFpwNjB3UWlT OW5pbTB5VGF5c1FEdTJlUVVRMFBKCjFZSmVGcXI3Sm1IMnZnRUx0WXZWL05TSzVpRU9JaUQ4NzBh VUdXdzNHU1pDZW5ycjdmSm1NcWVoVXJ2bHNKZUUKc3hSWnFqSDJhMWxvK3pUY0x6TEJWM05YOEdO dXM5NGh1UVdpY0ZKRGxBZHd3V3FnRGZ0N0VYZ25aNjBqQjZ4UwpwS3pKMC95RDY3amM1TVBRME9U TEhRcWFwRmhMTC9XRnUyWmRPN0xVeXB0Y0pQZDlIQ09qZ2xLNjZNWTZrVU1xCnZqVVREVmFEZU1i eU5pbC8wYytUQmlXeEx4bnVrazQvN0dsUlBZTUFrWUhWUmU4M1ZNemxJN1QrWnJmTGhOemoKV1My dWpncVdpRlQwNm0za0l4Vy9JcVljdC9neXVRTzZkdFVybU9CbFVZQlNybCtlVnVyNDJUUSswdE1X L1YzcgpTa0xwV0lURUJJWWJqK0JaYU9LL2pzSlBoVkYvTk52ekMvKzdsTVVqVDlFVUtWOE51bnc9 Cj1FUDE2Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0906891709648527059==--