Well Done...
El Reg has dropped Debian a line to find out if Intel's response deals with its licensing concerns. Holschuh
Wot! No 'reached out'? /s /sic.
Well done El Reg for using 'dropped Debian a line'. Have one of these on me
Use Debian? Want Intel's latest CPU patch? Small print sparks big problem
At least one Linux distribution is withholding security patches that mitigate the latest round of Intel CPU design flaws – due to a problematic license clash. Specifically, the patch is Chipzilla's processor microcode update emitted this month to stop malware stealing sensitive data from memory by exploiting the L1 Terminal …
-
-
-
Wednesday 22nd August 2018 09:32 GMT Pascal Monett
Re: What's wrong with "contacted"?
Not part of NewSpeak any more.
Marketing has rewritten the dictionary, and all those stuffy words that have worked and had meaning for the past 200 years are gone, to be replaced by iWords that are nice and shiny and make marketers look smart and professional.
Emphasis on "look".
-
-
Wednesday 22nd August 2018 10:52 GMT Norman Nescio
Re: What's wrong with "contacted"?
Emphasis on "
lookvisualisationoptics".FTFFY
(No, I'm not being serious. I've just noticed the trend, that's all. I come from an era when optics meant the plural of a spirit measure/dispenser behind a bar.)
-
-
Thursday 23rd August 2018 07:40 GMT Spanners
Re: What's wrong with "contacted"?
replaced by iWords that are nice and shiny and make marketers look smart and professional.
Those words don't make anyone look smart or professional. The use of misunderstood US "sports" jargon and management speak to replace perfectly good words just makes people look silly.
Whenever I get messages containing this rubbish, my automatic reaction is to wonder how this could be put better. In meetings, I act as if they have been rephrased. For example, instead of "step up to the plate", I may say "volunteer" if that is what they actually mean.
Has someone made a dictionary of this newspaeak? I have certainly seen people playing BS Bingo.
-
-
-
Tuesday 21st August 2018 20:07 GMT Alan J. Wylie
Section 3
You will not, and will not allow any third party to ... (v) publish or provide any Software benchmark or comparison test results.
I can see why Debian aren't happy, seeing as without new instructions made available by microcode updates, some of the mitigations incur a significant performance hit.
-
-
This post has been deleted by its author
-
-
Wednesday 22nd August 2018 10:41 GMT Nick Kew
Re: Section 3
There may be a reason for that: namely, benchmark tests are often propaganda and spin. Nevertheless, it should be obvious that a clause like that can only make things worse.
Perhaps governments could pick up on that. Declaring such clauses unenforceable would have limited effect, but banning the sale of goods with such onerous restrictions - or requiring such sales to be approved by a licensing authority through an onerous process including public consultation - would surely cause vendors to stop and think what's reasonable.
-
Monday 27th August 2018 07:54 GMT MRS1
Re: Section 3
Nice idea, but more governmental regulation will just result in (a) more costs and bureaucracy, to be passed on to us, the customers, and (b) more governmental corruption with more civil servants and politicians in the pocket of businesses with money.
Having the private sector effectively block vendor-created problems and excesses like this one, where possible, does seem to work better overall (less bureaucracy, less cost, less corruption) than getting the government to do it.
Admittedly, Debian isn't perfect in this regard but they've done us all a favour here that I would not have trusted any government to do.
-
Wednesday 22nd August 2018 13:26 GMT bombastic bob
Re: Section 3
Debian is shooting themselves in the foot by not at least putting the update into the 'non-free' package distribution...
what, is Stallman behind this or something? Sounds like something he'd do/say...
/me imagines a bunch of hippies at a Santa Cruz beach wearing peace sign necklaces, love beads, psychadelic tie-dyed shirts, beaded headbands, and carrying protest signs worthy of the Laugh-In wall, talking like Tommy Chong and complaining that "Intel isn't giving us what we want, man!"
Debian, and every other distro depending on you: GET A CLUE! Just put the package into 'non-free' and be DONE with it!!!
icon, because, *FACEPALM*
-
Wednesday 22nd August 2018 15:54 GMT JohnFen
Re: Section 3
"Debian is shooting themselves in the foot by not at least putting the update into the 'non-free' package distribution..."
Placing this in the non-free collection would not mitigate the problem. The non-free collection is for packages that are not open source. The problem with this update isn't whether or not it's open source, it's about unacceptable licensing terms.
-
-
-
-
-
-
Wednesday 22nd August 2018 13:08 GMT Korev
Re: I'm fine with that
At the moment it is looking like you will be waiting for at least AMD Zen 2 then.
Which is slated for 2019 at the earliest.
That's kind of what I'm thinking. I think I'll just change the discs as they're getting on a bit. Hopefully the rumours are true about the forthcoming SSD price crash :)
-
Wednesday 22nd August 2018 17:58 GMT whitepines
Re: I'm fine with that
IBM's POWER9 chips are right here right now, no Spectre vulnerability and certainly no licensing agreements like the Intel one seeing as IBM releases everything for the POWER9 chips under a straight MIT / GPL license.
It won't run Windows, but let's face it: if you're running Windows you don't really care about the terms this license agreement (hint: you've already either accepted them by proxy in the Windows EULA somewhere).
-
Wednesday 22nd August 2018 22:45 GMT Anonymous Coward
Re: I'm fine with that
"IBM's POWER9 chips are right here right now, no Spectre vulnerability and certainly no licensing agreements like the Intel one seeing as IBM releases everything for the POWER9 chips under a straight MIT / GPL license."
Great! How much for a basic desktop configuration? Can I get it in NUC size?
What POWER laptops are available?
-
Wednesday 22nd August 2018 23:14 GMT whitepines
Re: I'm fine with that
Looks like $2,099 USD for a desktop:
https://twitter.com/RaptorCompSys/status/1029195940874342400
For NUC form factor, maybe ARM would be a better choice? There are Rockchip parts that might fit the bill there.
As POWER9 is just coming into the desktop space this year, I wouldn't expect laptops for a little while yet. I don't have a good answer for laptops, they're hard to do right and Microsoft / Apple / Google seem to dominate that market.
-
-
Thursday 23rd August 2018 07:56 GMT Korev
Re: I'm fine with that
IBM's POWER9 chips are right here right now, no Spectre vulnerability and certainly no licensing agreements like the Intel one seeing as IBM releases everything for the POWER9 chips under a straight MIT / GPL license.
It appears that Power 9 is vulnerable too eg Redhat info on the bugs
-
Thursday 23rd August 2018 20:42 GMT whitepines
Re: I'm fine with that
Looking around it seems POWER9 was not shipped with the vulnerable features turned on. The one area where the this becomes a bit questionable is the kernel mitigation for their version of Meltdown., but the chips never shipped with vulnerability to Spectre from what I can tell.
-
-
-
-
Wednesday 22nd August 2018 15:38 GMT JohnFen
Re: I'm fine with that
"Sadly pretty much every modern CPU has been hit with bugs like these..."
Yes, but there are CPUs that don't engage in speculative execution, so those are attractive. I'd prefer to have a faster CPU, of course, but I'm not as concerned that my CPU is as fast as it can possibly be as I am that my hardware is as free of security problems as possible.
-
-
Wednesday 22nd August 2018 12:41 GMT A Non e-mouse
Re: I'm fine with that
I don't believe the fairly recent MegaProcessor suffers from these recent CPU issues. Maybe you could start there?
-
-
-
Tuesday 21st August 2018 22:26 GMT Doctor Syntax
"It wouldn't be Linux if it wasn't inconsistent and interminable bickering over licensing terms and conditions."
We FOSS folk take this stuff seriously because we can. It must be awful just having to put up with whatever rapacious T&Cs proprietary S/W vendors impose. But perhaps you're used to having to bend over.
-
-
Wednesday 22nd August 2018 14:33 GMT wolfetone
Re: Take it
"Sounds like you're the one bending over. Most people don't care because we have actual things to worry about based outside in the real world."
Most people don't care because:
a) They're thick, or
b) They're ignorant
Neither of which is a better way to be than being concerned about what you agree to. But if you don't mind reading stuff before agreeing to it, thanks for gifting me your house. I'll be ensure to enjoy it, along with your wife. You didn't read the contract, but you agreed to it. Sorry bud x
-
Wednesday 22nd August 2018 15:12 GMT Sonic531
Re: Take it
I'm aware of these Spectre based exploits and have a good understanding of how they're executed. Fact is, I use a lot of Windows only programs. I ain't got time to mess around with Linux and wine. Like I said I've got other things to worry about out here in the real world. Also, fortunately in my country there's certain laws which protect us from stood clauses in contacts because nobody bloggers to read them.
-
Thursday 23rd August 2018 10:47 GMT Doctor Syntax
Re: Take it
"Like I said I've got other things to worry about out here in the real world."
Go and read the W10 privacy clause. As you're obviously not used to reading this sort of thing I'll give you big hint. Pay attention to what's missing, what they don't exclude themselves from taking.
"The data we collect can include the following:"
Notice it says "include". It doesn't say it's the complete list.
"Credentials. Passwords, password hints and similar security information used for authentication and account access. "
"Payment data. Data to process payments, such as your payment instrument number (such as a credit card number) and the security code associated with your payment instrument."
Compare that with something a little further down the list::
"Interactions. Data about your use of Microsoft products."
Do you notice something different between the first two and the third? The third has a restriction to Microsoft products. Do you see such restrictions in the first two?
Your real world includes Windows. Does your country's laws actually prevent Microsoft's "telemetry" from seeing stuff you might not want it to see and that you weren't "bloggered" to read about?
Frankly, I doubt you have much idea about the real world.
-
-
-
-
-
Biting the hand that feeds IT
