Intel Hit With Three Class-Action Lawsuits Over Meltdown and Spectre Bugs (theguardian.com) 74
An anonymous reader quotes a report from The Guardian: Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel's delay in public disclosure from when it was first notified by researchers of the flaws in June. Intel said in a statement it "can confirm it is aware of the class actions but as these proceedings are ongoing, it would be inappropriate to comment." The plaintiffs also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor. "Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time," Intel said in an earlier statement.
Interesting article. Dave Cutler is a genius - even if NT never managed to beat Unix on big iron hardware I think the idea of designing from the ground up to run well on SMP and non x86 was a very foresighted one given it was made in 1993.
Most operating systems after NT 3.5 are still based on it. NT 4.0, NT 5.0 (2000), NT 5.1 (Vista), and it continued through 7, 8, 10. We're all still using NT.
You seem to have a design fault: an extra inverter somewhere.
Naturally.. (Score:5, Insightful)
This is an obvious outcome. It's worth keeping in mind that filing a suit does not vindicate or disprove anyone, as there's no way to ascertain whether there will be merit in the suit at this point. All it means is there's enough lawyers willing to make a wager when faced with such a *huge* potential payout.
Intel ME (Score:2, Interesting)
...while nobody's suing them for their Management Engine garbage. The two bugs may or may not be intentional, but the Intel Management Engine is absolutely intentional and cannot be disabled.
Of course nothing will ever come out of these lawsuits other than the lawyers getting richer.
Of course nothing will ever come out of these lawsuits other than the lawyers getting richer.
Shut up! We're all going to get free replacement i5s and i7s with the bug fixed! I want to believe!
Stop buying Intel chips. (Score:3)
If you just look at Intel's legal history, you'll see they have been mired in accusations and convictions of unethical and anti-competitive business practices since the early 1980s. Buying from Intel has always been a devil's bargain, it's just now that you are realizing what you have done because it's directly affecting you.
"Power tends to corrupt and absolute power corrupts absolutely". - Lord Acton, 1887
A corporation like Intel represents a very great concentration of power. It has enormous wealth, and controls not only the working lives of all its employees but the computing abilities of all its customers, and their customers all the way downstream.
In a near-monoculture of Microsoft-on-Intel, any serious defects such as Meltdown and Spectre are inevitably inflicted on millions of individuals, corporations and governments, a
This Will Go Nowhere (Score:2, Interesting)
Court: "OK, so your chip turned out to have a flaw, the company took extra time to investigate, and now your computer is slower sometimes. How is that different than the average Microsoft or Apple update?"
Intel's lawyers will delay this until the hype is forgotten, and either kill it in court or settle for some absurdly low sum, so that all of the plaintiffs get checks for $0.64 if they remember to sign up at IntelProcessorSlowdownLawsuit.com before December 31, 2019.
Re:This Will Go Nowhere (Score:4, Interesting)
As I understand it, it's not the cheating, it's sloppy cheating that's the problem. If they did a privilege check like AMD claims to then speculation in a user process couldn't lead to fetching kernel data into the cache. Zeroing the unnecessarily fetched data after speculation would mean it wasn't left sitting in the cache. Intel could have done either of these things, probably with no real performance penalty but they didn't think to.
If you want a CPU that doesn't 'cheat', go get yourself a 2011 Intel Atom. They run like ass. Have fun.
They run like ass.
Buddy, there's a pill for that.
It's not sloppy cheating, it's following the machine model. The way we all understood this 3 weeks ago is that speculative execution can have no visible side effects on the program-observable state of registers/memory. Now we've changed the model to extend the idea that speculative execution across privilege boundaries must also not have any observable side-channels.
This really is a change to the x86 machine model.
Re:This Will Go Nowhere (Score:4, Informative)
The current approach is to do any bounds checking *after* the speculative execution in the event that the branch is to be executed, which is what enables the kernel memory to be leaked to userspace programmes. The secure way of doing it would be to do the bounds checking *during* the speculative execution, just as you would with normal execution, and in the event of a page fault fall back to the non-speculative execution approach. That would still be slightly slower, but not as bad as forcing the non-speculative execution approach every time, which is what the patches have now enforced.
It's a deliberate design decision, they should have known what the risks were, and there are a growing number of real world instances of applications showing repeatable ~30% performance hits directly attributable to the "fixes" (I've seen one myself firsthand that resulting in a public transport time tabling system failing). It might not work out so lucrative for an individual John Q. Public in a class action lawsuit, but it's starting to look quite likely that Intel is going to get reamed in the courts over this if they can't come up with a better workaround P.D.Q.
They did do bounds tests. That generates exceptions, but a thread or process can catch those exceptions and ignore them, Because the CPU is pipelined, and different instruction sub-tasks take different amounts of time, it's more efficient to assume reads will be successful and to start those sub-tasks that take the longest time first. A memory fetch from off-CPU memory chips takes way longer than a bounds check. So it's better off sending out the request to load that memory location into cache on the chance
Thank you for the more thoughtful analysis. This wasn't a subtlety that would be apparent to an analyst focused on a particular task: it took a broader view of the flow of data, one that would not show up for a developer or tester focused on one specific task or feature. It's part of a class of flaws that can occur when developers and designers focus on one very particular task without being encouraged, or permitted, to examine related behavior.
It's also a firm reminder of various principles. One is that se
Funny how cheating... always comes back to bite you in the ass.
Only in this case it hasn't bitten Intel in the ass. It's bitten Intel's loyal customers in the ass... hard. And they are being told to shut up and bite on it.
Well linux provides a toggle for the fix. AFAIK, windows does not.
That's a bit different IMHO. But TBH IANAL.
"How is that different than the average Microsoft or Apple update?"
If the update referred to really slows down the computer's execution speed, why would that be so? It can hardly be explained as a necessary or desirable improvement, can it? If it slows down the computer in exchange for some very desirable new feature, then customers should be given the option of accepting or declining it.
If it slows down the computer in order to fix a catastrophic security weakness that should never have been there in the first place, that is unacceptable.
It's like a car manufacturer selli
Bloody idiots (Score:4, Insightful)
Re:Bloody idiots (Score:5, Insightful)
What makes you think Intel knew that a year ago?
All Intel CPUs with speculative execution are affected by Meltdown, and all CPUs with speculative execution, including those by AMD and ARM are vulnerable to Spectre. Intel discovering that a year before Google would be a coincidence. It is not just a bug, it is a fundamental issue in the way all modern CPUs are designed.
It is not just a bug, it is a fundamental issue in the way all modern CPUs are designed.
To be precise, it is a fundamental bug in the way all modern CPUs are designed.
Nice try at evasion, though.
Intel has been aware for quite a long time, a year or more probably.
That just doesn't ring true to me. Intel's last round of processors it released in October were vulnerable. Had they known for a year or more, that would have been plenty of time to roll out a permanent fix in those models before shipment, and they certainly could have done that silently, without breaking the embargo. If you're saying they continued to roll out new flawed chips they had time to fix before release, that's a level of conspiracy theory that's hard to buy into without some concrete evidence.
Computer? (Score:2)
And what about servers?
Computers are undecidable (Score:1)
Computers have sense because they are general usage (i.e. universal) machines.
Then, it is possible to do many things with them, even more than the original designers visualized. This is why we have Windows, Linux, MacOS, Virtualization and many embedded applications using exactly the same chips, making the effort to create complex solutions extremely cheap and in timely fasion.
But this means that the undecidable nature of what can be done with the computer brain, the CPU, tends to create some undesire
Suits may be dismissed (Score:3, Insightful)
Since there are zero cases where the flaw has been exploited to cause any problems, no one has suffered any economic harm. You need to have been harmed in some way to have standing to sue.
And Intel will also argue that they never promised any different chip behavior. They are not issuing any errata. The chips work correctly as designers intended, just like other vendors’ chips.
I expect at least a couple of these lawsuits to be thrown out by judges. Maybe all of them will be dismissed.
this kind of class action is useless (Score:2)
This kind of class action is useless as it gives nothing to people affected by this issue. The only ones to profit here are the lawyers and there isn't even the nebulous "correct their behavior" part as Intel will fix it next time anyway regardless of the suit.