Should owners of processors affected by security problems receive compensation?

[Konceptz]

I'd be happy with 40% off MSRP on any next gen Intel CPU. I'm still not entirely clear on the performance impacts of all the fixes, however my boss is ready to toss every Intel platform out(Desktop/laptop/server vmhost) and move to AMD.

 

[erocker]

I haven't experienced any issues. What would I get compensated for exactly? Would folks of other brands of processors also get this deal since all processors are affected?

 

[EarthDog]

Everyone wants something for nothing...

 

[Konceptz]

Everyone wants something for nothing...

So the supposed 30% performance loss in VMs is exaggerated? I'm only asking as I haven't been following that closely.

 

[trickson]

With all the Meltdown & Spectre drama slowly clearing up, what should processor companies do that sold you such a processor?

Very Compelling question, I think if they provide a fix that is 100% secure then cool issue solved. Now if they continue to provide broken un-secure hardware and can't fix it then I think money back guaranty should be issued. If some one is affected then that becomes a bigger issue to me, say the breach causes money lose or some kind of harm? Then what? I think even MORE should be offered! They KNEW and KNOW good and well just what there product is and all about more than anyone of us consumers can EVER know about it.

 

[lexluthermiester]

So the supposed 30% performance loss in VMs is exaggerated? I'm only asking as I haven't been following that closely.

It's a bit more complicated than that. It depends on the VM being used, how it implements storage and how the base OS handles the VM resources. However some machines will take a hit on storage performance regardless of whether or not a VM is being used.

 

[EarthDog]

So the supposed 30% performance loss in VMs is exaggerated? I'm only asking as I haven't been following that closely.

The biggest losses I have seen so far have come from storage testing. Storage takes a hit almost regardless when using very fast drives (I dont think this affects HDDs or SATA SSDs - not sure on the latter). That isn't to say we won't find that 30% value being tossed around as true in some cases. But, we are also not AWS or Google or another large cloud provider. This question is to the users of TPU which it really doesn't affect at all (outside of ultra fast storage being handcuffed). Hell we have seen improvements, albeit a % or two, in some games. But really, this doesn't much affect the home user outside of a security perspective. So I say, 'everyone wants something for nothing' under that guise... a person, like 99% of people here, who it hampers so little if at all.

A business like AWS... that would be an entirely different story and would have to be based off performance analytics etc...

 

[Konceptz]

The biggest losses I have seen so far have come from storage testing. Storage takes a hit almost regardless when using very fast drives (I dont think this affects HDDs or SATA SSDs - not sure on the latter). That isn't to say we won't find that 30% value being tossed around as true in some cases. But, we are also not AWS or Google or another large cloud provider. This question is to the users of TPU which it really doesn't affect at all (outside of ultra fast storage being handcuffed). Hell we have seen improvements, albeit a % or two, in some games. But really, this doesn't much affect the home user outside of a security perspective. So I say, 'everyone wants something for nothing' under that guise... a person, like 99% of people here, who it hampers so little if at all.

A business like AWS... that would be an entirely different story and would have to be based off performance analytics etc...

It's a bit more complicated than that. It depends on the VM being used, how it implements storage and how the base OS handles the VM resources. However some machines will take a hit on storage performance regardless of whether or not a VM is being used.

Thanks for the clarification.

 

[toyo]

I'd be happy if they just fixed stuff properly. There's word of the Retpoline method that doesn't impact performance, yet Intel seems to not embrace that. I don't like losing performance if it's possible not to.
Other than that, the damage is already done. Intel had months to fix it yet we had to wait until it broke out and panic ensued. That is simply bad business practice and makes my 8700k purchase just a bit more bitter. I mean, common Intel, get your shit together, you and Nvidia have all the money in the world and at this point, a huge part of our future as a species is in Intel/Nvidia/Google's hands - I don't think it's an exaggeration saying this. When you're at this point, you gotta take responsibility for what you do, doing shady things like all the dumb run of the mill capitalist ventures should be a thing of the past, gotta evolve past that.
PS: yeah I know that probably won't happen, money is just money :\

 

[Sasqui]

Where is the free pony option? Or credit monitoring for eternity.

When they figure out how to really fix this mess, let's see some performance numbers.

 

[trickson]

Everyone wants something for nothing...

If I am paying $200+ For a CPU that is UN-Secure and vulnerable to hackers or other things that can make or break my computer then I am for a FULL recompense for my troubles! Why is it "They" (Big corporations) get to get away with selling us crap that is faulty or UN-secure? Why is it just fine for them to sell millions of faulty pieces of equipment with out any one saying Sh*** about it?
It's not like "They" Will compensate anyone nor really give a rat's A##.
THe only thing they listen to is the cash if that stops then "They" LISTEN UP!
Only thing I can say is do not buy from them.

 

[EarthDog]

Ill suggest you read a bit more as you seem to have a 'world is crumbling' type mentality over this issue.

Im not saying its a non issue, but, it isnt as bad as you seem to feel either.

 

[OneMoar]

trickson go smoke a bowl or something man chill out, you are gonna blow a o-ring
while you are at it get up to speed on current tech

 

[trickson]

trickson go smoke a bowl or something man chill out, you are gonna blow a o-ring
while you are at it get up to speed on current tech

UMM that's why i'm here! But the current tech is crap IMHO! Nothing like the good old days!

I have been smoking all day BTW good stuff grown in the backyard too!

 

[OneMoar]

ill say it again if your system is pwned enough to where a attacker can execute any of these exploits to any usable end

you are already rekt

drive by attacks by this are basically not a thing after java and browser patches if a attacker penetrates your system far enough to execute these its gg over ez
sometimes I think these security researchers have a little too much free time

there are far far easier attack vectors to use then this this requires effort and pretty intimate knowledge of the windows kernel,memory addresses and your attack surface

 

[trickson]

ill say it again if your system is pwned enough to where a attacker can execute any of these exploits to any usable end

you are already rekt

This sounds like a Clinton server or the FBI data base!

 

[OneMoar]

This sounds like a Clinton server or the FBI data base!

Not touching that

 

[lexluthermiester]

If I am paying $200+ For a CPU that is UN-Secure and vulnerable to hackers or other things that can make or break my computer then I am for a FULL recompense for my troubles!

Except that the worst vulnerabilities effect ALL CPU's made since the early 90's. So you want a refund for every CPU you've ever bought, including the one in your phone?

In a court of law, any company would argue, correctly, that the CPU functions as intended, that you have received full use from it and that they are not the only company to be affected by the unforeseen and unintentional vulnerabilities. They would also argue that they are doing their due diligence to resolve the problem. From a legal standpoint, no one has any claim. The problem will be fixed. Till then, the best people can do is to improve their computing ethic and digital security methodologies. Also keep in mind, that while scary, neither Meltdown nor Spectre can be easily exploited on datacenter servers and especially on consumer PC's and mobile devices. It's so difficult that unless an attacker knows what they want and that you have it, such an attack wouldn't be worth the effort or risk of getting caught.

Much-a-do-about-nothing...

 

[trickson]

Except that the worst vulnerabilities effect ALL CPU's made since the early 90's. So you want a refund for every CPU you've ever bought, including the one in your phone?

In a court of law, any company would argue, correctly, that the CPU functions as intended, that you have received full use from it and that they are not the only company to be affected by the unforeseen and unintentional vulnerabilities. They would also argue that they are doing their due diligence to resolve the problem. From a legal standpoint, no one has any claim. The problem will be fixed. Till then, the best people can do is to improve their computing ethic and digital security methodologies. Also keep in mind, that while scary, neither Meltdown nor Spectre can be easily exploited on datacenter servers and especially on consumer PC's and mobile devices. It's so difficult that unless an attacker knows what they want and that you have it, it wouldn't be worth the effort or risk of getting caught.

Much-a-do-about-nothing...

Actually it isn't much ado about nothing if say it affects a companies bottom line, I can guarantee if any company lost any cash due to some security vulnerability built into a CPU there would be far more than just a stale argument about functionality and you got what you wanted for a lame argument in court. This is something that THEY knew full well about and continue to keep making it would seem it is something that is built in and can't be fixed! Security is a MUST in this digital age and if some one can exploit it they will for cash! This is why I feel YES "They" Should pay up and IN full if (And only if) the built in security flaw causes any harm monetarily or physically!
It comes down to culpability and that would fall on the maker of a failed product plain and simple.

 

[lexluthermiester]

It comes down to culpability and that would fall on the maker of a failed product plain and simple.

But that would mean that you have to blame ALL makers of CPU's and hold all of them accountable. No court is ever going to hold one company accountable and not others. The legal system doesn't work that way. In civil law you have to prove actual damage, in this case you have to prove that the vulnerabilities were exploited and caused damages, either physical or financial. None of that has happened as there are no known active exploits for these vulnerabilities. But even if there were, you also have to prove either intent or negligence. Neither of those conditions exist and will not meet burden of proof standards. No one has a case that will stand up to legal scrutiny. And any case that is brought before a court will have to include every maker of CPU's as defendants. No ethical law firm is going to pursue actions with facts as is currently known.

 

[R0H1T]

This sounds like a Clinton server or the FBI data base!

Benghazi, pizzagate

 

[lexluthermiester]

This sounds like a Clinton server or the FBI data base!

Benghazi, pizzagate

Can we not have politics please?

 

[Regeneration]

Yes. Intel should burn for not providing microcode update via the OS for older CPUs.

 

[trickson]

But that would mean that you have to blame ALL makers of CPU's and hold all of them accountable. No court is ever going to hold one company accountable and not others. The legal system doesn't work that way. In civil law you have to prove actual damage, in this case you have to prove that the vulnerabilities were exploited and caused damages, either physical or financial. None of that has happened as there are no known active exploits for these vulnerabilities. But even if there were, you also have to prove either intent or negligence. Neither of those conditions exist and will not meet burden of proof standards. No one has a case that will stand up to legal scrutiny. And any case that is brought before a court will have to include every maker of CPU's as defendants. No ethical law firm is going to pursue actions with facts as is currently known.

No that is NOT true at all. You only need to take one to court, the one that got hacked or is defective. How can you even state that as a fact? if someone was harmed say by having this vulnerability exploited and had proof (hypothetically ) then they would only have to sue the one company making the faulty product. how can you even state that you would have to take on all CPU manufacturers? NO! You would only have to take the very computer that was affected prove that it was the one prove the damages say it took out your entire data base and stopped production of your products and cost you thousands, once proven case closed. It isn't hard to prove exploitation if the exploit is built into the product and it's well known! LOL!

 

[lexluthermiester]

How can you even state that as a fact?

Simple, I've had dealings with the civil legal system. Experience and knowledge of case law.

if someone was harmed say by having this vulnerability

You would have to prove Intel was a party to the damage done, either by negligence or by willful action. Neither applies.

then they would only have to sue the one company making the faulty product.

But that is the point I was trying to make above. Meltdown is effectively patched and solved. No longer a serious problem. Spectre affects ALL CPU's, not just AMD, Intel, etc., etc.

You would only have to take the very computer that was affected prove that it was the one prove the damages say it took out your entire data base and stopped production of your products and cost you thousands, once proven case closed.

That is not the way it works. Meltdown and Spectre are not design defects or flaws. They are vulnerabilities that can exploit the normal functionality of the hardware in question. As such any claim against a company would need to be backed up by evidence that some form of negligence or willful act was taken by the company in question in regards to the the act of attack. That has not happened and is very unlikely as the vulnerabilities that are difficult to patch have been around for 25 years and have no known exploits. The defense attorneys will argue that because they have been around for so long and were unforeseen, they are not liable. They could argue statues of limitations, which has worked in past cases, or they could argue that they did not carry out the attack, nor could reasonably prevent it. There are mountains of arguments that could be used as a valid defense.

No company is going to offer refunds, credits, discounts or anything like that. Not the way the world works, and for good reason.