Sign in / up

back to article Use Debian? Want Intel's latest CPU patch? Small print sparks big problem

At least one Linux distribution is withholding security patches that mitigate the latest round of Intel CPU design flaws – due to a problematic license clash. Specifically, the patch is Chipzilla's processor microcode update emitted this month to stop malware stealing sensitive data from memory by exploiting the L1 Terminal …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

Page:

    1. GrumpenKraut
      Reply Icon
      Joke

      Re: Groan...

      > ...what the hell are you going to do with Intel processor microcode except use it to program an Intel processor?

      I used it on my moped. Now it's super duper fast! Sadly, it also leaks.

      5 0 Reply
      1. Alistair
        Reply Icon
        Windows

        Re: Groan...

        @GrumpenKraut:

        So, now the Copyright infringement folks can follow your trail and hunt you down!

        3 0 Reply
    2. Alistair
      Reply Icon
      Coat

      Re: Groan...

      @Rich2:

      Ask wallstreet about "over inflated worth". You might be surprised about the perspective of over inflated.

      1 0 Reply
      1. JohnFen
        Reply Icon

        Re: Groan...

        I would never trust a Wall Street type to be able to judge the value of a company. Their only yardstick is profitability, but there are so many other relevant factors that need to be included.

        1 0 Reply
  2. Cynic_999

    What to do?

    Should we install updated microcode that will with 100% certainly cause a significant hit to the performance of our computer, or should we live with a bug that has a miniscule but finite probability of being exploited in a way that would cause us any harm?

    3 0 Reply
    1. GreenReaper
      Reply Icon
      Trollface

      Re: What to do?

      How can you be so certain when nobody's allowed to benchmark it?

      2 0 Reply
  3. phord

    "fetching and stalling" should be "fetching and installing".

    "Fetching and stalling" sounds like what you do on Windows updates.

    1 0 Reply
  4. Claptrap314 Silver badge

    Finally

    After seven months of defending Intel on this thread for decisions which were reasonable at the time, we get a clear case of Intel being Intel. **** Intel. **** their marketing team and their lawyers. This ******** behavior is precisely why the industry has carried AMD on their backs for decades. ******* **** ******** **** ***************.

    There. I feel much better now.

    6 0 Reply
    1. whitepines
      Reply Icon
      Coat

      Re: Finally

      As I've pointed out here a few times, AMD's no saint either. They only exist because Intel allows them to exist, and they have picked up some very nasty habits from Intel over the years, from signed black-box firmware binaries (PSP) to disabling features semi-arbitrarily to increase profit (overclocking on server parts, ECC on consumer parts). Two sides of the same coin from my perspective.

      Icon, 'cause it might be chilly on the streets outside the cozy x86 world....

      1 0 Reply
      1. Chronos
        Reply Icon
        Mushroom

        Re: Finally

        Cozy? Perhaps. Mined in a random pattern? Damned right.

        I just hope RISC-V isn't just another good idea poorly executed, if you'll pardon the pun.

        Icon -> I trod on an IME. Give me your bayonet, Jones.

        2 0 Reply
  5. onefang

    "Also, the patches are picked up during the usual monthly routine of fetching and stalling operating system software updates."

    Others have pointed out the "stalling" typo, I'm taking umbrage with the "usual monthly routine" bit. Since this article is specific to Debian, I'll point out that Debian doesn't do monthly update releases. They release updates when the updates are ready. Personally I do weekly updates on my Linux based systems, though I also check daily to see if there's anything in urgent need of an update.

    4 0 Reply
  6. dwheeler

    This is a DeWitt clause, and DeWitt clauses should be illegal

    Contract and license clauses that forbid benchmark publication (unless the vendor likes them) are often called DeWitt clauses. The clause was originally created to squelch database research being performed by Dr. David DeWitt. These should be illegal everywhere, but Oracle (their original creator) rigorously enforces them. These clauses harm society by making it impossible to publish truthful information about software.

    1 0 Reply
  7. Nick Kew
    Pint

    Brilliant response

    From a Debian team member on his blog.

    2 0 Reply
  8. eldergeek

    Seems a bit SNL...

    All that scary stuff and then "never mind" at the end. You're a credit to Gilda Radner. :)

    1 0 Reply
    1. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      Re: Seems a bit SNL...

      Well, the original article made Intel rewrite its license - it wasn't quite "never mind" for a day or so.

      C.

      2 0 Reply

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon