Follow

Adding this to

If you use Debian: you're not getting the recent Intel CPU bugfixes because Intel updated the firmware package's license to state that it's not redistributable.

If use Linux other than Debian and have the bugfixes: ask your maintainers why they're distributing software they're not legally allowed to.

And in any case: next time you purchase a CPU, evaluate whether AMD might be a better choice than Intel.

freeradical.zone/@tek/10058377
via @stevelord @tek

@djsumdog @stevelord @tek I've seen Imad's tweet a few days ago, but people did already then have a lot of questions and I still don't see them addressed.
If Intel/Imad are really interested to get this, it's their move. He has NOT responded to follow-ups since in that twitter thread.

@tbr @stevelord @tek Thanks for the Gentoo tracker. That's my distribution. ^_^

@tbr @djsumdog @stevelord I agree. If Imad said something like "as an officer of Intel, I'm telling you that you have my explicit permission to redistribute this package while we clarify the license", this would be over and done with. His non-statement just muddied the waters IMHO.

@tek @djsumdog @stevelord with my realist and cynic hat on, I'm going to say he most likely wanted to answer, but was stopped by corporate process. This one involves their legal department, I'd be very surprised if they manage to change anything within the next month. All the while there will be total and utter radio silence from anyone involved, including Imad.

Previous encounters? Who? Me?

@tbr
Familiar with the SGX, PAVP, 4k bluray debacle? The post-production changes made to various chipsets which was rolled out to some, but not all platforms?

Brand new x299 chipsets (and it's $2000+ cpus) cannot play back a simple 4k bluray, so if you built a brand new system on that chipset, you wouldn't know it won't allow you to use a UHD r/w. No vendor is providing up-front info on this so they will have less trouble selling.
@stevelord @tek

@tbr @stevelord @tek
Can't even effing play amazon, Google play, etc, on their native, inception platform, the PC browser, without a hardware dongle and why? Because they said so. Because you need to spend more money. Or you don't get access to the best looking copies of your legally purchased media, and it has nothing to do with hardware limitations.

@tbr @stevelord @tek
"evaluate whether AMD might be a better choice than Intel" - you mean the AMD that refuses to release any microcode updates at all to end users? Yes, I'm aware that you can get them "on the internet", but not from AMDs homepage, so AMD really does not look that great in that evaluation...

@tbr
Aren't AMD and Intel and even ARM as bad as each other in this regard?
@stevelord @tek

@aidalgol @tbr @tek ARM's a slightly different case as they licence designs rather than complete products. It's down to the SOC manufacturer to determine what happens, so in some ways it's even worse. However, the impact will depend on how the device is being used.

@stevelord @aidalgol @tek Also ARM doesn't really do microcode.
On the other hand so far Intel seems to have been the one with the most risky pipeline designs and are now "reaping" the worst vulnerabilities, while AMD and ARM based designs seem way less impacted. L1TF is a pure Intel vulnerability.

@tbr @stevelord @aidalgol @tek imho Intel is currently hit by most recent publications because they are a juicy target: known to have design defects and huge popularity. I've heard of a handful of research groups working on AMD currently because the easy Intel finds are done now. I guess this whole cpu bug rigmarole will go on for at least another three years with at most two months between new findings.

@oliof @tbr @stevelord @tek
This is most definitely going to get worse before it gets better.

Sign in to participate in the conversation
Society of Trolls

A nice little Mastodon instance. Mild trolling encouraged (keep it local), but not required. Malicious behaviour is not tolerated. Follow Wheaton's law and you'll be fine.