A wee bit offtopic, but if we look at the VW/dieselgate, and the aftermath of it all, and the class-actions, returns, refunds, etc, and hyundai/kia lies about gas milage and people getting refunds for gas...
...when is something like this going to happen to intel?
We've bought CPUs with excpectations of promised performance (like people did with emission expectations and gas milage expectations), they messed up, and we get lower speed, and now no hyperthreading and still no refunds? If i bought a 60" TV and the picture was only 50" with a black border around, i'd return it immediately... why isn't there some action regarding CPUs?
If I sell you a lock, and then 10 years later someone finds a vulnerability with the lock I sold you, should I refund you? That seems absurd. You are basically saying the product has to be perfect and the architects have to be able to see the future. Even if your hardware is formally verified, people can do physical attacks like listening to high frequency chirps of your cpu and using that to break security. Do you still deserve a refund?
There is no such thing as perfect security. It is a cat and mouse game that will continue until the end of time, requiring ever greater resources. Therefore... all software and hardware should be free because all software and hardware is defective?
Downvoted for the straw man — Intel is currently selling processors with, e.g., 8 cores and 16 threads without any asterisks or caveats. That's in their official marketing materials. Currently.
All car makers put asterisk when talk about performance and mileage - it didn't help VW from being fined and prosecuted.
We were given certain benchmark numbers and performance target and it all went to shit with a single microcode update.
Somehow most people expect CPU not to give random javascript in the Internets a private key from encrypted file system.
Intel got off so easy from that drama. Imagine a car marker selling you a car 4 seats, but when backseats are used you might lose steering? Would that be okay? No where it says you get 4 usable seats.
> If I sell you a lock, and then 10 years later someone finds a vulnerability with the lock I sold you, should I refund you?
Kryptonite did exactly this when someone figured out they could open their U-locks with a Bic pen barrel. Full recall of vulnerable products, with free replacement, regardless of age.
10 years? Of course not.
But if i bought it yesterday, I'd expect a refund.
Just consider that they were still selling affected CPUs even when they knew about the vulnerabilities and even after the papers were published.
> Of course not. But if i bought it yesterday, I'd expect a refund.
If you bought it yesterday, why wouldn't you be able to get a refund? I don't know of any major vendor that would deny you a refund on grounds that the unit is defective.
I know of no mass refunds (as it was with volkswagen) due to spectre/meltdown, and slowing your pc down by 30% after the first patch, and as it seems losing hyperthreading seems like a defective unit to me.
Have you asked the vendor that sold you your PC for a refund? I don't know if it would work, but that's the avenue you would have to take - including sending your PC back. Then what are you going to buy? Another PC with the same issue?
This is a design defect, not a manufacturing defect.
In case of design defects in highly regulated fields (cars), there is often a campaign to make things right. When Intel processors couldn't divide properly, they had a campaign to replace them. In this case, it looks like we're not getting much.
When the Kaba Simplex (a commercial door lock) was discovered to be easily bypassed by holding a magnet near it, yes, it was in fact a design defect and the company had to correct it by giving repair kits out to purchasers.
Intel and others did give out a repair kit; they give you the option of disabling hyperthreading and a whole host of other optimizations. Those optimizations are both what provides this new side-channel of attack, and an immense speedup when they're enabled. You can't have one without the other.
Yet they are still advertising the number of threads without any mention of the vulnerabilities involved, well after those vulnerabilities have been disclosed. It's deceptive advertising at best.
Intel took shortcuts to make their CPUs faster. At least some of the chip architects working on their implementation of hyperthreading should have understood that they sacrificed security for speed - without telling anyone.
> should have understood that they sacrificed security for speed
And what if they didn't?
It's pretty much exactly like that. Intel has been making CPUs for well over a decade that are vulnerable to various side channel attacks, and the only thing that has changed is the community's understanding of the vulnerabilities (i.e. there's a new way to pick the lock).
It strains credulity to believe that Intel wasn't aware that they were trading side-channel resistance for performance. The problems are just too deep and pervasive. None of AMD, ARM, Power, or SPARC came close to the number and severity of issues in Intel chips. There were problems in those chips, but their nature and limited scope shows that everybody had a rough idea about how far they could go before they made privilege separation worthless from a confidentiality perspective. Yes, some went a little too far, but it seems clear that Intel just said, "f-it", and stood on the gas pedal.
Hyperthreading/SMT is a trickier issue because it had obvious and even proven side-channel potential from the beginning. But 1) everybody had to hold their nose in order to compete with Intel on SMT performance, and 2) technically the operating system communities should have made the effort to keep unrelated processes from sharing an SMT'd core. And that still needs to happen--we need smarter schedulers.
That doesn't look to me like "everybody had a rough idea about how far they could go."
It is really easy for me to believe that a ton of designers could add optimizations without consideration of side channels. Nobody appreciated the vulnerabilities that speculation introduced.
(And keep in mind Intel has probably 90+% market share in the search for exploitable behavior.)
> The problems are just too deep and pervasive
One could also say that it strains credulity that the entire community failed to realize the existence of these vulnerabilities that are so fundamental to speculation, and yet here we are - that's exactly what happened.
Not all those named side-channel exploits are the same in terms of severity and difficulty to mitigate, nor are the chips vulnerable in the same way.
For example, Meltdown exposed severe negligence in Intel's design. For ARM Meltdown was limited to values of a single register, for which there's no reason to believe it was anything other than an unintentional bug--i.e. you don't get any substantial performance benefits from permitting speculation through that single register, though it perhaps simplified some other aspect of the chip.
Basically, if you go down the line Intel's issues were both more severe and pervasive, as-if they just didn't care about preventing speculation across privilege domains.
Notwithstanding the ARM's Meltdown mistake, both ARM and AMD very clearly had designs that attempted to prevent speculation across privilege domains. And they mostly succeed. The major issues are at syscalls where intra-privilege (not cross-privilege) speculation can indirectly be exploited by unprivileged callers. But like with SMT, it was always sort of understood that it was the operating system's responsibility here; there really are no good hardware mitigations.
Basically, the exploits for AMD and ARM (notwithstanding the lone register issue) are intrinsic to speculative execution, period. And everybody sort of understood this, especially in the cryptographic community with work on constant-time algorithms. It's just that everybody was too lazy to take it seriously more generally until Meltdown/Spectre lit a fire under everybody's pants. And once they began to pay attention, it immediately became clear that Intel's designs made patently and grossly unsafe design choices.
The details on IBM Power chips are spartan. I think their Meltdown issue was similar to ARM--a bug with a register--but I can't confirm that. My impression is that Power pushed the envelope more heavily than AMD and ARM, but not like Intel. Power went all-in on SMT, though, and though SMT is fundamentally anathema to cross-privilege confidentiality, Intel's and IBM's SMT implementations seem to leak more than AMD's.
Indeed its the difference between lying and making a mistake. Off course they hoped with, plausible deniability, to mask those lies as mistakes: but they got caught. Hence the class action suits.
Isn't the reason that technically the CPU is still fast and it is the OS (that is outside Intel's control) that slows it down? And AFAIK all OSes can disable these mitigations (are they even a concern for personal computers, especially for cases like gaming?) so if you really want you can get your performance back.
If you look at it this way, then the computer manufactures are to blame, and you should be refunded by them.
That's the same as buying a car from CarCompany(TM) with an A/C and a Android Car touchscreen interface/radio/..., and an automatic android updates disables your A/C and changes the engine paramters so you have 20hp less... wouln't you expect "them" to fix it? As a consumer, you shouldn't have to worry if it's googles fault or CarCompanies(TM) fault, you should be able to take it to the dealer and have them fix it or give you a refund, or atleat 'do something'?
I'm not sure i follow the reasoning nor the example you gave. You can change and/or update the OS, both being outside of the computer manufacturer's control and that is assuming there was even a computer manufacturer and wasn't a desktop PC you built yourself (are you going to blame yourself for allowing Windows to install updates that slow down the CPU?).
If you strip away all the safety features of a car, the car will weigh quite a bit less, and thus be able to achieve better performance and gas mileage. Should VW be allowed to market their cars as having that performance? Of course not, because no one should be driving their cars without a fire wall. So why is Intel allowed to market their 8 core chips as having 16 threads when in practice you need to disable hyperthreading?
So there's a strong argument that Intel, which is currently marketing their chips this way, is committing fraud. Maybe it could be argued that Intel didn't previously commit fraud. But as soon as the bugs became known, and Intel continued to market their chips as having hyperthreading, from that point forward they were committing fraud.
...when is something like this going to happen to intel?
We've bought CPUs with excpectations of promised performance (like people did with emission expectations and gas milage expectations), they messed up, and we get lower speed, and now no hyperthreading and still no refunds? If i bought a 60" TV and the picture was only 50" with a black border around, i'd return it immediately... why isn't there some action regarding CPUs?