-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, 2018-08-23 at 21:11 +0200, Peter Müller wrote: > Hello, > > > Hi, > > > [snip] > > > > > > > It looks like we have to rollback the microcode update. Intel has > > > > changed the licensing terms in such a way that we won't be able (and no > > > > third party either) to provide any performance benchmarks. > > > > > > > > So if someone says on the forum that IPFire is "a little bit slower > > > > since the last update", that would violate that license. > > > > > > That's a VERY broad reading of the license. What you describe is a > > > subjective opinion of the performance of one installation from someone > > > not associated with the project, as opposed to the project itself > > > posting controlled performance benchmarks with before-and-after numbers. > > > > That didn't come from me, but Debian and Gentoo: > > > > * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158 > > * https://bugs.gentoo.org/664134 > > > > RedHat and SuSE seem to be shipping the new microcode. Not sure if they > > saw the change of the license. > > > > There is also a number of articles in the German news (at least) who > > share this opinion: > > > > * https://www.golem.de/news/side-channel-angriffe-intel-untersagt-benchmarks-und-haertet-naechste-generation-1808-136151.html > > Heise has published one, too: > https://www.heise.de/newsticker/meldung/Aerger-ueber-Intels-Lizenzbedingungen-fuer-Sicherheits-Updates-4144515.html > > It says there: Intel announces to publish a changed version of the license > soon. Seems like the current version was copied from a NDA template, as > confidentiality is one of the listed aspects - which does not make any sense > at all in a public document. Yeah sure. An accident. Accidentally they had a spare restrictive license next to the real one. > However, as Michael mentioned, it illustrates the problem we all have with > Intel: Technical mistakes with security impact happen - they must not happen, > but unfortunately they do. A "normal" vendor would publish updates and a > security advisory as soon as possible, keep customers and partners up > to date, and maybe apologises for the problem. I wouldn't assist on the latter, but it is just essential to provide good quality updates as swiftly as possible. They are a billion dollar company. It shouldn't be too hard. > They company did none of those in time. And it does not look like they are > going to do so in future. Of course, that's exactly the problem with all > major IT companies, there is no need to name them here. But if you do not > like your ISP, there is an alternative. If you do not like an operating > system, choose another. But nobody can afford to stop using nearly all > modern computer hardware from one day to another - not speaking about the > poor diversity situation on the market. Unfortunately that's true that there isn't many alternatives out there. > And so, trustworthy hardware remains a dream - at least for those users who > care (or have to care) about security. It is wretched, absolutely wretched. However, we do have something in the pipeline that will be entirely independent from Intel and x86 in fact. However, I cannot publicly talk about this yet, and it will probably not be able to compete with systems on the top end of the market like our Premium appliance. But it will be a very powerful and small system and hopefully allow us to get a step away from Intel. > > > [snip] > > > > > > > Basically, it isn't an option to ship this. Other distributions think > > > > the same. > > > > > > I see the desire to err on the side of caution, plus the desire to put > > > pressure on Intel to modify the license, but I'd argue it's overkill. > > > > It is just ridiculous from my angle. Their primary sales argument is to > > be on top of the list of each benchmark out there. They probably forgot > > about that. > > > > But this is more about a slight change to hide that they messed up > > *massively* here and a very bad attempt to cover it up. Now they got a > > proper Streisand going. Well done Intel. > > > > I am so fed up with spending so much of my time trying to fix something > > that they got wrong and don't even own up to it. They are a shit > > company. > > ACK. > > > > *Goes and punches a wall now* > > "Wo sich sicherheitsmäßig alles in der Scheiße suhlt und stinkt zum > Gottserbarmen..." (Sorry for the German swearwords, I do not have an > English translation at hand. Feeling with Michael here...) > > Best regards, > Peter Müller > > > > -Michael-- > > Microsoft DNS service terminates abnormally when it recieves a response > to a DNS query that was never made. Fix Information: Run your DNS > service on a different platform. > -- bugtraq > -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5/rW5l3GGe2ypktxgHnw/2+QCQcFAlt/4FsACgkQgHnw/2+Q CQePHA//Y6kg9SkVjA7Q9ohJ+htxjosBQWNXeqTLYh0LXbcK27Lxl4QCGDSqDN6h r3RYBrZK+WgQYfYvGVeo9b0YkZ4/EmjntsLqyH1BlHCxvdZu0t+ytE7zGEFKzdsP mcXMlhMiOHDBTwnF0oQgt+nJTLYCuvHpNAkfIn1cmvpXX1qVrekT89S2qOvC+oHh a0VxiV3uXAI10hFt583gqHq/TKvVHoRd7rOqtD1Ad5DOiqmcNozszWTqFwhfsv3z JKvIHmR9x5RJxfUv0G9h4rYAqjxYjW5NrgqnYzIZkZAKigv0ZXFsIGiTV/xAnh9D MnKXdnAl+mJqQWeP/BRLFn1SKgia75P44r1RJBrQevmnomlsAZDkp+qWQ9K/X4yV PrbUSlDhT8bIrXTLWjjYIW/suwqOarD3JccC2Svt0HLgnSZSxeu/ezH7hkTm7h1X A838Z1ZQsFqgDE4LQgXJX0I53HG4PhxqGpsyx1XTYzzLOATB+BKHLlRZcVqTFRW5 0EdmgHdmukVHZOpLv8v9KAh8w97uz+6xkAdOjgjOGBw9VYEPTUKYelwkAyWgdteg i9+PsaYcs6IppnHW1oSVBceVzASf2rKx+bKnZe3b1tWdbOavBDpPVaJcfW3FQZW7 qAl1qhObEfFTghxsAhQbuiUgg67OkKY1k7dqYsivPpjh74ic/fI= =O9N7 -----END PGP SIGNATURE-----