59 comments

[ 2.6 ms ] story [ 124 ms ] thread
No explanations, no apologies, just this:

We are updating the license now to address this and will have a new version available soon. As an active member of the open source community, we continue to welcome all feedback.

Would it change anything if they said "we are sorry"?
Yes.

"That was a mistake, won't happen again" is an acknowledgement that they got it wrong and a promise not to do it again.

"We're changing it" is neither one.

It'd be the same kind of "We're sorry" as the South Park BP oil spill commercial.
A proper apology is not just “sorry,” but includes an acknowledgment of what they did wrong and that they’ll avoid doing the same thing again. Showing that they realize the nature of the problem and will at least pretend to not do it again would be good.
Well, at least they didn't make excuses or delay things, just said "don't worry I fixed it" basically. That's about the same thing I tell datacenters when they catch me seeding torrents.
> same thing I tell datacenters when they catch me seeding torrents

Well, it is right there in your username :)

I up voted you both. Not because of added value to the discussion but you made me laugh out loud. (not the lol, but the real thing)
Not adding value in a humorous way describes more of my life than I would like to admit.
> soon

IIRC, at the time they talked about the delivery of the initial patches for Meltdown and Spectre, Intel's definition of "soon" was somewhere between "4 weeks" and "never"

How do you gaffe this bad? How is someone that incompetent in the decision making loop? Some random engineer creating the ucode or uploading it to the web doesn't come up with this kind of idea to change license language. These are edicts from management. I'd love for that conversation to leak in full.
That language is likely derived from a path similar to this:

"Marketing department" -- We are sick of seeing the world complain that our patches to these problems reduce performance by X percent. Hey "Legal Dept", can anything be done about that?

"Legal Dept" -- We will see what we can do...

Result, a new clause appears in the license file that says "no bench-marking".

With no one in the path ever having heard of the Streisand effect (https://en.wikipedia.org/wiki/Streisand_effect) (yes, Streisand effect is not a perfect fit here, but the 'publicity' part of the effect is what in fact has occurred).

I suspect its something more banal.

I believe intel does distribute test/beta microcode to certain partners, and likely security researchers, this kind of statement is something you would put in a beta version, I wonder if someone simply used the wrong license file when they deployed this to the website.

This story has been out for days, if such a thing was at play Intel would have put out a statement by now.
Days is about right for a large company to respond
I refuse to believe the entire marketing department is dense enough not to see how that would backfire.
Legal probably thought they could silently issue C&D letters to offending sites and bully compliance.
Does it really take the entire marketing department for the story to play out this way? It just takes one marketing person to send one email to the right one lawyer in legal, right?
I saw a tweet somewhere (IIRC in the anandtech sidebar, unfortunately I'm not finding it right now) where the poster speculated that it was the EULA for a beta version of the microcode which leaked into the final version.
That makes much more sense. If that's what happened, Intel should just come out and say it. Own your mistakes, or at least adopt this lie if it wasn't a mistake, simply because it's plausible and will help them save face from a PR perspective. (The Nobel Lie as it would be).
> the poster speculated that it was the EULA for a beta version of the microcode

I don't see how this changes anything at all.

If it's a limited access beta version, restricting redistribution and benchmark publishing makes a lot more sense.
If they had given it to specific companies before it was finished the benchmarks would not represent reality while it was under development, and as part of the embargo on these beta clients, they wouldn't be allowed to publish it.

Obviously not good if it makes it into the public release.

Because people are irrational and clickbait runs rampant.

If they contract testing of the beta to a 3rd party, they don't want them running benchmarks because if they get released, news organizations will jump on it, broadcasting the performance hit.

This matters because when later beta versions improve performance, the news about the improved performance doesn't spread nearly as much. Even if it does, the first impression sticks, and there's nothing Intel will be able to do about it.

Amazing how many people are still doing mental gymnastics to give Intel the benefit of the doubt. This should have stopped being the default position a while ago.
This is also what I suspect
Helpful side-effect of this leak: benchmark public reaction.
Companies like IBM or Oracle have had these clauses for decades to prevent users from comparing performance.

Such EULA clauses need to be put to the test and overturned for the anti-consumer monopolistic garbage they are.

I was casually wondering the other day if Intel had hired some Oracle lawyers recently :)
Yep. It's like buying a box of cookies that says you agree to not compare the taste of these cookies with the tastes of other cookies.
Kudos to the debian team for their uncompromising stand - this may have set a precedent otherwise.
This seems like someone testing the waters. I fear as they fall further behind the behaviour may become more desperate.
I think Hanlon's razor is more correct here.

"Never attribute to malice that which is adequately explained by stupidity"

This is Intel, Hanlon doesn't apply.
"I", as a multinational multi billion dollar corporation could then carry out the most vile acts, but as long as I can feign 'oops' I ought never be held to account as if my acts had intent? I mean come on, they're killing their processor performance due to their own security vulnerabilities and oopsie daisy we just accidentally included a 'no benchmarking' clause? I've got a better razor for - Occam's.
I've worked for multinational multi billion dollar corporations - a certain level of institutional incompetence is honestly the norm.
But at the end of the day who would have given a shit about the license on a cpu? It would have been ignored.
Maybe some larger tech sites would choose not to publish?
The EULA was never the stick for them. Intel can say "kill this story or you never get swag and engineering samples again" and it's done.
People who play by the rules in this space, which includes (many) open source developers. Flaunting the ill-conceived license is one choice, getting it fixed is a better choice.
(comment deleted)
ARM and RISC-V can't come soon enough
From a legal point of view can you limit free speech through a end user license agreement? Free speech is protected by the first amendment, many countries basic legal laws. If some challenged it and it went to the high court how would it likely judge?
Free speech is a protection that the government can't take away, but you can give it away of your own volition.

Think NDAs.

I'm not a US citizen but I seem to be more aware of what the 1st amendment actually entails more than a seemingly large proportion of actual citizens, surely you guys learn that stuff at school? Is it just presented really dryly and so kids don't pay attention?
Our civics education has really gone downhill for decades.
This argument has been repeated so much, I'm going to try to explain. I'm not a lawyer, but this is what I learned in school in the US. There are numerous examples of voluntarily giving up your right to free speech. In the United States there are criminal and civil suits. You won't be criminally charged by the government for your free speech about CPU benchmarks, but if you actually agreed as part of a contract to not disclose benchmarks in order to get something, then you can be successfully sued by an organization or individual in a civil suit. They can't throw you in jail but they can take your money.

I highly suspect the same thing is true in most first world countries, otherwise a lot of companies wouldn't be able to do business because it would be illegal to keep trade secrets. What did they tell you in school?

I'm originally from UK, we don't learn about US Constitution, but my understanding is the 1st is about the government not being allowed to restrict your right to free speech, however a lot of people seem to be under the impression this means no-one is allowed to restrict your speech.
Yes, free speech in some legal systems (including the US) includes the right to sell your speech (and restraint from speech is also a form of speech.)
I have trouble believing this was anything other than some random employee selecting the wrong license. I'm glad they fixed it.
Curious, if Intel stood by their "no benchmarking" rule, can someone post the detailed benchmark results anonymously via say pastebin or something? Sure, you can't trust it like you from something like phoronix, but the results can then be freely shared on social media right?

What am i missing?

The problem is trust though. Benchmarks are only worth considering if the source is reliable. Unknown sources by definition aren't, because it's easy to fudge the numbers and give fake methodology. There's no consequences for the unknown benchmarker if he intentionally misleads. Anandtech et al. have reputations to protect.