[_Nat_]

Are you suggesting that we recall the great bulk of modern CPU's? Like, literally gut everyone's computers, including those in data centers and running critical infrastructure, until replacements are eventually manufactured?

Or did you mean something else?

[cr0sh]

I'd think it'd be reasonable to get a refund in some manner, provided you could provide proof-of-purchase for the CPU in question.

I wouldn't expect them to replace any CPU, unless it was manufactured recently and still being manufactured.

But a refund in some capacity? That's reasonable, I think. In the meantime, we would have to settle for the software fixes.

[swozey]

Why would you need a proof of purchase? Intel can verify that it's its own unpatched chip out in the wild being returned for a recall. It doesn't matter if it's the original owner or a woman 15 owners down the line, it's still a loose security flaw out in the wild; who knows where or who whose network it will wind up. I don't need a proof of purchase when I bring my Ford in for its 10 recalls a year. I don't even need to care about which dealer I bring it into. It has to be fixed. They look at the VIN and if it's not marked as fixed they fix it.

Is there a market of 99%+ seemingly authentic fake Intel chips out there?

[krick]

I think this is pretty weird thing to talk about, because it's kinda pointless. Do I think Intel ought to refund us somehow? Hell yeah I do, especially given the fact that I have bought a laptop with Intel processor recently and why even bother buying products with a warranty if any fatal design flows don't qualify as refundable anyway? Do I believe Intel will refund or replace something? Of course not, it's hardly even realistic. Even if they wanted to (which they surely don't) what kind of loan do they have to get to afford even a partial refund of every single Intel CPU out there?

[Consultant32452]

Boxed Intel processors carry a 3 year warranty. It certainly seems reasonable for everyone who bought a CPU within the last 3 years to expect a warranty replacement with the manufacturer defect fixed.

In the EU virtually every product comes with a 2 year warranty. So every CPU sold in the EU in the last two years should be replaced for free by Intel, even through OEMs.

I wonder what potential class action lawsuits Intel might be facing.

[rlanday]

Any sufficiently complex CPU surely contains some number of defects, perhaps even serious security defects, just as any sufficiently complex piece of software contains bugs and security holes. I wouldn't be surprised if someone tries to sue Intel over this, or even if they win, but this is way outside the scope of what a warranty would traditionally cover, which in the case of a CPU would be hardware failure. If a warranty had to cover every possible defect, a bunch of people would be constantly trying to get free CPUs out of Intel every time they updated their errata:

https://www.intel.com/content/dam/www/public/us/en/documents...

Note that the cost of overly onerous regulation (e.g. requiring that every computer manufacturer replace these chips even though the problems can largely be worked around in software) is of course passed onto consumers.

[flukus]

> but this is way outside the scope of what a warranty would traditionally cover

The warranty and any other legalese from intel is irrelevant here, this is about consumer protection laws of various countries that supersede an intel warranty. A serious post sale drop in performance would be enough for a refund on any computer purchased in many countries. In Australia if I bought a computer 6 months ago I'd be entitled to take it back to the store for a refund, then it's up to them to argue with dell and dell to argue with intel.

> Note that the cost of overly onerous regulation (e.g. requiring that every computer manufacturer replace these chips even though the problems can largely be worked around in software) is of course passed onto consumers.

Demanding that a product works and in lieu of that offering a replacement or refund is not overly onerous regulation, it's a very basic standard protection.

[rlanday]

I’m not convinced that a software update slowing down your phone or computer a few percent while performing certain operations should automatically qualify you for a refund. It’s widely understood that keeping your computer secure requires installing software updates, and it’s even more widely understood that installing updates often slows down your computer. If that’s going to be your bar, I think an iPhone would have to sell for about $25,000 so Apple could afford to give you a replacement every year for the rest of your life.

[Consultant32452]

Of course the cost of producing products that actually perform at the level they're advertised to perform is passed onto the consumer, regardless of regulation.

[rlanday]

I guess it depends if everyone agrees on whether or not the product performs "as advertised" as not. If you have a defect that affects e.g. 1% of your users, but the government forces you to compensate 100% of your customers, that seems like an unnecessary cost.

For something like Meltdown/Spectre, the patches/workarounds reportedly barely affect some workloads, but cause drastic slowdowns for others. So already not everyone's affected to the same extent. Then you have computers with easily replaceable CPUs vs. stuff like phones and laptops which probably were only designed to work with a single CPU, and the manufacturer's already working on their next model and doesn't want to waste money building replacement parts for the previous one. At that point, maybe you have a complaint with e.g. Apple for selling you an iPhone that doesn't work as performed because they had to work around a security problem, and Apple might themselves go after Intel. The whole situation is a lot more complicated than "it should totally be covered under the warranty."

[collinmanderson]

Intel would just say it functions exactly as designed. :)

(because it's a design flaw)

[deathanatos]

They did say that:

> Intel and other technology companies have been made aware of new security research describing software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed.

> […]

> Recent reports that these exploits are caused by a “bug” or a “flaw” and are unique to Intel products are incorrect.

(https://newsroom.intel.com/news/intel-responds-to-security-r... ; emphasis mine.)

[collinmanderson]

Right, right. And they'll just keep saying it. :)