dcsimg

Intel Actions on Security/Performance Problems Should Drive Recall and Government Oversight

Rob Enderle

This is starting to get annoying. It seems like every week I’m seeing yet another Intel screw up, and these things are all avoidable. It is as if Intel lives in its own reality bubble and doesn’t seem to realize that there are a ton of folks watching it that publish (it literally seems to be rotting from the inside). This latest problem is, in my opinion, serious. Apparently, Intel has released a patch for the Foreshadow exploit that uniquely impacts Intel’s processors. This patch is having a nasty effect on performance and likely has a lot of folks thinking that Intel should do a recall on processors that have this defect. I personally think we passed the recall bar some time ago.

Intel Behaving Badly

Initially, to keep people from talking about the massive adverse performance impact, along with the patch, came a EULA (basically a contract) that says that if you use the patch, you aren’t allowed to then publish benchmarks. This is so you can’t complain about how that incredibly expensive new system (PC, workstation, or server) now totally sucks when it comes to performance. This is evidently so that the complaints can’t get to critical mass and drive the recall that Intel should instead be funding.

I guess Intel figured no one would read the EULA, which is kind of weird given that folks would likely otherwise publish the benchmarks, because they didn’t anticipate customers getting angry. I mean, if GM had a problem where its engines exploded and issued a patch that disabled four of eight cylinders to prevent the exposure and prevented any of the car magazines or Consumer Reports from talking about it, the company would likely get a call from the U.S. Department of Transportation, which would then go executive hunting and set some kind of legendary fine while demanding a recall.

Reddit went vertical on this Intel mistake and Intel subsequently revised the EULA, which now just seems to prevent reverse engineering of the code. This was strangely announced on Twitter and connected to open source. This open source connection seems, given the restriction, just a tad counterintuitive to “open source.” It is also interesting that the license has a broad exclusion of any related liability: If you use this patch and it blows up your system, according to Intel, you are simply out of luck.

Here is the full current disclaimer:

“THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ‘AS IS’ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.”

That isn’t what I’d call great customer care.

Intel Has Another FDIV Problem and Should Recall the Processors


There is no doubt in my mind that, at this point, Intel should be recalling these processors. Its behavior is very likely to focus a number of government agencies on the firm’s practices and the result, if Intel doesn’t get ahead of this, is likely to be crippling for the company. I’m actually kind of surprised that the European Commission and Chinese government haven’t demanded a recall while the U.S. government was snoozing.

You buy processors for their performance; if to keep your enterprise secure, you have to install a patch that destroys that performance, you should be entitled to some type of compensation (this seems a natural for a class action suit), with the easiest path being a new processor. I should note: Given that Intel doesn’t have a part out yet that doesn’t have these exposures, it really can’t execute a recall even if it wanted to, but it clearly doesn’t want to.

This is reminding a lot of us way too much of the old FDIV bug, when Intel initially tried to avoid a recall and ended up having to undergo it in almost catastrophic fashion. In my opinion, these growing security problems, most of which are connected to Intel’s unique high-performance memory architecture, are worse than FDIV was. (The cost to Intel was about $475M back then, the cost of a recall now would likely reach well over 10 times this, but governments generally don’t factor in costs when it comes to demanding a recall.)

Wrapping Up: How Much Abuse Will the Market Take?

I was around for the FDIV recall and it was painful to watch. Intel’s executives so badly handled the problem that even though the issues were far less than the collective security problems with Intel’s current processors, it eventually forced a massively expensive recall. The attempt to falsely spread the exposures to Qualcomm and AMD, coupled with this latest attempt to conceal the impact of the patches and place all the risks with the customers (either the OEMs or end customers) is not only frightening, it should have forced government intervention.

My expectation is that this will have governments talking more about having a Department of Transportation-like entity that can oversee tech companies like that organization oversees car companies. My only question right now is whether Intel, Google or Facebook will be the ultimate trigger for this organization, given that all are in the news for allegedly bad behavior.

My only other question is how much abuse OEMs and customers take before saying enough and moving to another vendor or architecture?  AMD, ARM, and Open Power are all viable alternatives, and they aren’t repeatedly screwing their customers.  

Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm.  With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.