[azernik]

He's quite clear about his theory as to Intel's motives:

> The whole IBRS_ALL feature to me very clearly says "Intel is not serious about this, we'll have a ugly hack that will be so expensive that we don't want to enable it by default, because that would look bad in benchmarks".

> So instead they try to push the garbage down to us. And they are doing it entirely wrong, even from a technical standpoint."

[mcv]

That bit sounds to me like Intel is trying to pull a "Volkswagen": have it perform better in benchmarks than in real life (when hopefully secure execution will be enabled).

[HelloNurse]

More generally, an opt-in switch to disable unsafe behaviour expresses a clear intent to preserve the unsafe behaviour for the foreseeable future.

Disabling unsafe behaviour for good on current chips and removing it from future ones would be equally easy, and clearly it isn't Intel's intent.

Plausible reasons, apart from looking good in benchmarks, include ease of access for their three-letter friends and not bothering with the cost of designing safe and high performance processors.

[beached_whale]

I would hope that it would not be removed if there is a performance difference. Not all systems are multi user, thinking stuff like includeos or systems that can control their interaction such that the risk in very minimal and not worth the cost.

[jessaustin]

If it were removed, the new processors would simply be worth less than the ones that immediately preceded them. The systems you're thinking about would then cost less. What's the problem?

The problem, of course, is that vendors couldn't pretend to sell systems that are worth the prices they would have quoted before all of this awfulness was exposed. That would be a problem for the vendors only. The rest of us would be better off.

[beached_whale]

But that penalizes the single process systems, they exist. One already pays a cost of overhead for multiprocess/multiuser systems and this is part of it. Pay for what you use. But have sane defaults(protect the common case).

Then again, I cannot see this costing much in future chips.

[HelloNurse]

This debate is about desktop and server processors. You are imagining there is a market segment, worth caring about for non-niche companies like Intel, of non-hackable systems with no network access that use high-end microprocessors, but it isn't so.

Most relatively complex systems that use deluxe microprocessors and could be air-gapped are accessible for convenience instead, and more extreme actually inaccessible systems are likely to use different, specialized processors.

[mtanski]

On another forum somebody suggested laywer / legal reasons. That if default performance takes too big of a dive the case for lawsuits is stronger. They already have a class action filed against them. A benchmark performance dive would be one angle to use in court.

[jacques_chester]

Coming to a court with "unclean hands" won't help their case either. And showing bad faith can really crank up the damages awarded if it's a jury trial.

(I am not a lawyer, this is not legal advice.)

[rebuilder]

Would this be bad faith?

Assume no fix is available, at least for existing processors, that doesn't result in reduced performance. What should Intel do?

- Force users to take the performance hit?

- Let users decide whether to take the performance hit in exchange for security?

[lmm]

The processor's security features should perform as described - anything less is a very nasty surprise waiting for users. Intel could allow users to opt-in to insecure behaviour for performance, but insecurity absolutely must be opt-in rather than opt-out.

[pintxo]

"The processor should perform as described - anything less is a very nasty surprise waiting for users. Intel could allow users to opt-in to less performant behaviour for security, but bad performance absolutely must be opt-in rather than opt-out."

Take away: it all depends on the users preferences. I am with you, in most cases, it should be about security, but I guess there are legitimate use-cases for the opposite as well.

[mcv]

Users can already choose. They can buy old processors without the fix.

I really don't see what case anyone could have against Intel if they just fixed this. Having a fix but turning it off by default seems far more dangerous from a legal perspective. Or having the processor perform far worse in reality than advertised.

[jacquesm]

> They can buy old processors without the fix.

Tell me where you could buy old processors in sufficient quantity today and please explain how a modern motherboard with sufficient RAM would hold such an old processor?

[FridgeSeal]

Yeah if you could point me towards instructions on how I can install this old processor I just bought in my Macbook that'd be great, also if you know how I can install this old processor in my AWS instances that'd be awesome too.

[wyldfire]

Wow, I can imagine that expression becoming a very compelling analogy in a trial or competitor's marketing.

[ghostbrainalpha]

I winced as an owner of Volks Wagon stock when I read that. 3 people on this thread have now reacted to it.

If that type of behavior gets branded as "pulling a VW", that is the type of thing that could destroy VW in the long term. I agree it is a great analogy though.

[Iwan-Zotow]

> to pull a "Volkswagen"

Very specific model - The Bug

[logotype]

intelswagen

[rhizome]

"Intel: Where Security is Optional"