[UPDATE] Intel gets multiple class action lawsuits over CPU vulnerability

[Mira Yurizaki]

9 hours ago, RefresherMan said:

How is this fraud when it's a bug? Am I missing something here?

It's likely that part of the complaint will get thrown out.

6 hours ago, Bit_Guardian said:

Well, you could by mistake. It's happened to me before during code reviews.

Internal static analysis will only get you so far. You need independent third party analysis to build confidence that your implementation is actually sound. This is why people say Linux is inherently more secure than Windows, because other people can examine Linux while only Microsoft can examine Windows.

5 hours ago, Morgan MLGman said:

Well, Intel knew about all this since at least June - Not only they kept selling CPUs they knew were vulnerable and had a design flaw, but also deliberately released another generation of CPUs in that time without fixing the flaw in their design, two different chipsets actually (X299, Z370). They didn't announce it earlier and they didn't announce it now, they said they were "about to" do that, but what else could they say  

Do you think that's okay?

The problem with the design issue is that it's a fundamental building block in Intel's implementation of x86. To fix something like that is likely going to take a long time and can't simply be fixed with a revision, unlike the FDIV bug or Phenom's TLB bug.

 

While sure, it doesn't sound morally right to still release a product with a flaw you know exists. But is it morally right for Adobe to keep pumping out Flash even though it's riddled with holes? For Oracle to distribute JVM? For Microsoft to keep selling Windows? Any computer system you use very likely has a known security flaw that may or may not be patched. Now this isn't to say "everyone is doing it wrong, so it's okay", but if you force people to stop selling something just because it has a known security flaw, then the whole tech industry would come to a screeching halt.

[mynameisjuan]

4 minutes ago, M.Yurizaki said:

It's likely that part of the complaint will get thrown out.

God I hope so. If this is the case to sue then I lost faith in humanity. 

[ItsMitch]

Just now, mynameisjuan said:

God I hope so. If this is the case to sue then I lost faith in humanity. 

I've lost faith in it already, been a great start to the new year, 

[JohnMiller92]

3 minutes ago, SC2Mitch said:

I've lost faith in it already, been a great start to the new year, 

Logan Paul, Intel...

 

great start! will be a wild ride! "Buckle up!" 

[asus killer]

everything in the world is relative. Maybe shitty for the costumers, for the employees, the shareholders, but the CEO is swimming in cash 

 

dumping stocks before this came out and already knowing of the problem. I just don't get it if this guy does not end in jail, this would be a major flaw on the US judicial system

[Ryujin2003]

6 hours ago, RefresherMan said:

 

How can Intel be at blame, when the SOFTWARE you use on top of THEIR hardware is what creates this exploit? It's a "hardware" issue yes, however, where does negligence come into play on Intel's part? A CPU at the physical level doesn't care about what software you use.

 

Snip

 

.... If I got a dollar EVERYTIME a hardware engineer asked me to write my software around their issues because they think it's easier to change software (they just didn't want to fix their hardware faults), I'd be richer than an Intel CEO...

 

Software at some point can have some responsibility, yes. But if the hardware is freaking jacked up, software can only mitigate it within reason.. temporarily... Until it's exploited purposefully due to the continually existing hardware fault...

[mynameisjuan]

13 minutes ago, Ryujin2003 said:

.... If I got a dollar EVERYTIME a hardware engineer asked me to write my software around their issues because they think it's easier to change software (they just didn't want to fix their hardware faults), I'd be richer than an Intel CEO...

 

Software at some point can have some responsibility, yes. But if the hardware is freaking jacked up, software can only mitigate it within reason.. temporarily... Until it's exploited purposefully due to the continually existing hardware fault...

Depends. If they already produces batches and found an issue....well no duh its better to change software. 

[mr moose]

7 hours ago, Jito463 said:

1) It's not that they should have stopped selling all processors, it's more that they rushed their new generation to market after learning about this bug from Google.

 

2) You keep conflating Spectre with Meltdown (and I suspect you're doing it on purpose).  The biggest issue by far is Meltdown, which does not affect AMD.

 

 

A threat is a threat, you can't say one is immune therefore both are.  At the time people are complaining Intel should have stopped selling AMD were selling.  SO the same rules apply. And this is strictly form a "we're gunna sue" perspective.  

[Bit_Guardian]

7 hours ago, Jito463 said:

That's exactly what I was thinking, though IntMD and MLGman beat me to it.

They may have a case given the way Intel rushed Coffee Lake to market, even after knowing about the bug (or possibly because of it).

 

1) It's not that they should have stopped selling all processors, it's more that they rushed their new generation to market after learning about this bug from Google.

 

2) You keep conflating Spectre with Meltdown (and I suspect you're doing it on purpose).  The biggest issue by far is Meltdown, which does not affect AMD.

 

See my respond to Moose above.  Spectre (one variant, anyway) affects AMD, but is difficult to implement.  Meltdown does not.

 

I'm no fan of Trump (he's the reason I switched from Republican to independent in 2016, after more than 21 years), but a lot of the stories in the media are just crap designed to make him look bad.  Ironically, if he'd run as a Dem, the media would have probably loved him.  Most of our "media" in this country, are just propaganda arms of the DNC.  Any President with an (R) after his name is an automatic target for them even if they're not conservative, and Trump is definitely not a conservative (then again, neither were either Bush).

 

Also, while it's a bit of a toss-up, I still say Clinton was the worst choice of the two.  While I'm not glad Trump won, I am most definitely glad Hillary lost.

Nah, if it had been Rand Paul or Carly Fiorina, there'd be pretty much no negative press.

 

But, let's not derail the thread.

 

 

[mr moose]

8 hours ago, Morgan MLGman said:

Yeah, though nothing can justify rolling out another generation of CPUs (two actually, if you count Skylake-X as well) when they were aware of the design flaw in them...

 

Except that there is no difference between rolling out new CPU's and continuing your business selling old stuff. Besides the fact that it is no different to any other product with known/unknown bugs which continually get sold, most lawyers recommend during times of legal action to continue business as normal.  AMD continued selling Processors, even when they knew about the memory bug that prevented people from using high speed ram even though they advertised it as a performance Processor.  I am not lambasting AMD here, I am merely pointing out that hamstringing sales and revenue on questionably moral/ethical grounds is not good for the industry and not explicitly warranted in this situation. 

 

I do agree superficially it looks bad, especially if you already have a beef with Intel, but being fair about it, they aren't exactly doing this on purpose to hurt consumers,  There's no money in that and they are heavily dependent on returning custom.

[Jito463]

30 minutes ago, mr moose said:

Except that there is no difference between rolling out new CPU's and continuing your business selling old stuff.

Yes there is.  It's one thing to release a product and then discover a bug, it's another entirely to force the launch of a product after you've discovered a bug exists.  It wasn't even that it was on schedule for launch (which would mean they had most of the processors already manufactured and just waiting to ship out), they forced the launch ahead of schedule when they were still trying to mass produce them in sufficient quantities.

30 minutes ago, mr moose said:

AMD continued selling Processors, even when they knew about the memory bug that prevented people from using high speed ram even though they advertised it as a performance Processor.

A compatibility issue (not bug) that doesn't affect operation of the processor, is a far cry different from a bug that can potentially lead to data theft.

30 minutes ago, mr moose said:

I am not lambasting AMD here

No, you're just being an Intel apologist, and trying to use AMD as a scapegoat to stave off criticism of Intel.

30 minutes ago, mr moose said:

they aren't exactly doing this on purpose to hurt consumers

No, they did it to prop up their bottom line before the news broke.  If consumers get hurt, that's just a byproduct of their actions.

[mr moose]

11 minutes ago, Jito463 said:

Yes there is.  It's one thing to release a product and then discover a bug, it's another entirely to force the launch of a product after you've discovered a bug exists.  It wasn't even that it was on schedule for launch (which would mean they had most of the processors already manufactured and just waiting to ship out), they forced the launch ahead of schedule when they were still trying to mass produce them in sufficient quantities.

Your assuming that's not business as usual and was motivated by the bug.

 

Quote

A compatibility issue (not bug) that doesn't affect operation of the processor, is a far cry different from a bug that can potentially lead to data theft.

It's still an issue that prevents the processor from doing it's job.  Are we talking about selling something you know is defective or selling something on a scale of defectiveness?

 

Quote

No, you're just being an Intel apologist, and trying to use AMD as a scapegoat to stave off criticism of Intel.

It was just an example, I was defending AMD and even recommending people by ryzen over the i5 not 4 months ago.  Having a different perspective on things doesn't make me an apologist.

 

Quote

No, they did it to prop up their bottom line before the news broke.  If consumers get hurt, that's just a byproduct of their actions.

That's still an assumption that their motive was about lost sales due to this news.

Remember when CL came out the news was it was rushed because of Ryzen, people were absolutely sure about it then.  I still am today.

 

[Jito463]

1 hour ago, mr moose said:

Your assuming that's not business as usual and was motivated by the bug.

Regardless of their motivations, they knew about a bug in an upcoming product and then still rushed it to market.  No matter the reason, it reeks of shadiness.

1 hour ago, mr moose said:

It's still an issue that prevents the processor from doing it's job.

No, it prevents it from operating as quickly as it could, but the processor (referring to Ryzen) still performs all the functions it was supposed to.

1 hour ago, mr moose said:

Having a different perspective on things doesn't make me an apologist.

No, but constantly trying to defend Intel by saying, 'Hey, look at AMD!' does.  I get it, Spectre (to varying degrees) affects Intel, AMD and ARM, but this is about Meltdown.

1 hour ago, mr moose said:

That's still an assumption that their motive was about lost sales due to this news.

Remember when CL came out the news was it was rushed because of Ryzen, people were absolutely sure about it then.  I still am today.

I'm still convinced that was part of the reason, but now I'm not convinced it was the whole reason.

 

I'm not saying AMD processors are perfect, but this is about the issue that affects only Intel processors; and it's about Intel's behavior from June on, which at the very least bears some scrutiny given recent revelations.  I don't know if a lawsuit is justified, but I can certainly see some merit in the claim.

[LAwLz]

39 minutes ago, Jito463 said:

I'm not saying AMD processors are perfect, but this is about the issue that affects only Intel processors; and it's about Intel's behavior from June on, which at the very least bears some scrutiny given recent revelations.  I don't know if a lawsuit is justified, but I can certainly see some merit in the claim.

AMD has released several CPUs after they were informed that they were vulnerable to Spectre (which is the attack that has no fix as of the time writing).

Should AMD get sued too?

Ryzen 3, Ryzen Pro, Threadripper and Epyc are all vulnerable to Spectre, and they were all released after AMD had been informed.

AMD has acted exactly the same way as Intel. Both have launched products after they were informed. Both are vulnerable to the same or similar bugs. Both of them released statements about it at the same time.

[Jito463]

23 minutes ago, LAwLz said:

AMD has released several CPUs after they were informed that they were vulnerable to Spectre (which is the attack that has no fix as of the time writing).

You're still not getting it.  My issue is with the fact Intel pushed the launch date way up, even after knowing about Meltdown (bolded, italicized and underlined so you can't miss it).  Also, Spectre is the one that is hardest to exploit, Meltdown is quite simple by comparison from everything I've read.  And unless I've completely misread the situation (feel free to point out if I have), Spectre only allows one user level process to access another, while Meltdown allows user level code to access kernel memory.  That seems significantly more serious.

23 minutes ago, LAwLz said:

Should AMD get sued too?

I never said Intel should get sued, I simply acknowledged that there may be some merit to it.  I don't know if there's justification for the suit, the courts will determine that.

23 minutes ago, LAwLz said:

AMD has acted exactly the same way as Intel.

Has AMD rushed a product to market well ahead of schedule after being informed of a critical flaw?  Based on the availability, Coffee Lake likely wouldn't have launched until early-mid 2018.  Intel rushed it out before they even had the new updated chipset (which they're going to later release as the Z390), instead they just retrofitted the Z270 and released it as the Z370 to get something out the door.

23 minutes ago, LAwLz said:

Both are vulnerable to the same or similar bugs.

This is where we have a significant difference of opinion.  Spectre and Meltdown are based off the same concept, but - so far as I understand them - are different in implementation and actual effectiveness.

Edited January 6, 2018 by Jito463
Typo

[leadeater]

58 minutes ago, Jito463 said:

I'm not saying AMD processors are perfect, but this is about the issue that affects only Intel processors; and it's about Intel's behavior from June on, which at the very least bears some scrutiny given recent revelations.  I don't know if a lawsuit is justified, but I can certainly see some merit in the claim.

Considering the news broke early and fixes needed to be rushed maybe Intel was working on microcode updates for CL, and earlier, that were going to be released at or before the planned announcement.

 

Maybe CL could have been launched with an updated microcode if it hadn't been brought forward maybe not, fixes were being worked on so exact dates wouldn't have been known.

 

If it turns out architecture changes are going to be required to fully fix this without a performance hit then CL was already too far along anyway, so it's a release it anyway or lose however much they spent on designing CL by not releasing it. In relation to Spectre that requires a lot of work and depending on how much ram is in the system 30 minutes to hours to specially condition the system to the gain read access to protected memory, Intel could have deemed that significantly low enough risk to go ahead with the release.

[ItsMitch]

1 minute ago, Jito463 said:

(bolded, italicized and underlined so you can't miss it)

can you repeat it? I didn't quite get the message, are you trying to say intel did a naughty? /s

[Jito463]

1 minute ago, leadeater said:

If it turns out architecture changes are going to be required to fully fix this without a performance hit then CL was already too far along anyway, so it's a release it anyway or lose however much they spent on designing CL by not releasing it. In relation to Spectre that requires a lot of work and depending on how much ram is in the system 30 minutes to hours to specially condition the system to the gain read access to protected memory, Intel could have deemed that significantly low enough risk to go ahead with the release.

If it had been released on schedule, I might agree with you.  However, almost everyone agrees that Intel rushed Coffee Lake to market.  It's their rushing it out after the flaw was revealed to them, that I have an issue with.

[leadeater]

38 minutes ago, Jito463 said:

If it had been released on schedule, I might agree with you.  However, almost everyone agrees that Intel rushed Coffee Lake to market.  It's their rushing it out after the flaw was revealed to them, that I have an issue with.

I know, that is a valid point but what if there is nothing that could have been done on Intel's end? Not release the product at all? Ever.

 

Knowingly releasing a product with a significant flaw such as this I don't like either but fortunately I'm not the one having to make the call between doing that or losing hundreds of millions in lost return on investment.

 

Do you just cede market share to a competitor because of an unannounced flaw that you're confident no one is exploiting and is going to exploit with a, at the time, likely possible fix that can be done if required at the cost of performance in urgency.

 

Edit:

Don't forget Skylake-X/SP was also released after Intel was notified of the issue and Kaby Lake-X was being released just as they were being notified.

[JohnMiller92]

4 hours ago, Jito463 said:

If it had been released on schedule, I might agree with you.  However, almost everyone agrees that Intel rushed Coffee Lake to market.  It's their rushing it out after the flaw was revealed to them, that I have an issue with.

How did Intel rush CFL to the market when the availability of the 8400 and other chips were extremely scarce after release. (still is). That will be hard to prove in court 

[LAwLz]

10 hours ago, Jito463 said:

You're still not getting it.  My issue is with the fact Intel pushed the launch date way up, even after knowing about Meltdown (bolded, italicized and underlined so you can't miss it).  Also, Spectre is the one that is hardest to exploit, Meltdown is quite simple by comparison from everything I've read.  And unless I've completely misread the situation (feel free to point out if I have), Spectre only allows one user level process to access another, while Meltdown allows user level code to access kernel memory.  That seems significantly more serious.

I never said Intel should get sued, I simply acknowledged that there may be some merit to it.  I don't know if there's justification for the suit, the courts will determine that.

Has AMD rushed a product to market well ahead of schedule after being informed of a critical flaw?  Based on the availability, Coffee Lake likely wouldn't have launched until early-mid 2018.  Intel rushed it out before they even had the new updated chipset (which they're going to later release as the Z390), instead they just retrofitted the Z270 and released it as the Z370 to get something out the door.

This is where we have a significant difference of opinion.  Spectre and Meltdown are based off the same concept, but - so far as I understand them - are different in implementation and actual effectiveness.

To me it sounds like you're drawing an arbitrary line so that Intel is on the "baddie" side and AMD is "good guy" side.

Let's face it, this lawsuit is idiotic and if it passes then AMD, ARM, Nvidia, Apple, and basically any hardware or software company can be sued for the same reasons.

 

Let's ignore that the whole "they rushed it" is based on assumptions and speculation rather than solid evidence for a while.

I still don't see how rushing a product out to market, rather than releasing it on time somehow makes it worse. Regardless of whether or not the launch date was changed it would still have been a vulnerable product being put on shelves and sold to customers. If it happened a month sooner or later doesn't matter in my mind. Especially not if either dates were before the publication of the exploits.

 

And I don't think we should start mixing in the severity of security issues into the law. At least not on such a fine grain scale to the point where Meltdown and Spectre starts being treated as "one is OK but the other one is not".

[Jito463]

6 hours ago, JohnMiller92 said:

How did Intel rush CFL to the market when the availability of the 8400 and other chips were extremely scarce after release. (still is).

That's exactly my point.  You do understand how a new processor distribution occurs, right?  They mass produce a ton of them (which sit in a warehouse somewhere), until they reach a sufficient quantity to justify releasing the product for sale.  The fact that quantity was so limited shows that they weren't ready to release the product yet.  That's the whole reason why I'm not pointing out x299 in this issue, because they had sufficient quantity for release (meaning they had already been mass producing them).  This stuff doesn't happen overnight, it takes months to reach a sufficient level of production.

 

The very fact that Intel couldn't keep up with demand proves that they weren't ready to launch Coffee Lake.

[Jito463]

51 minutes ago, LAwLz said:

To me it sounds like you're drawing an arbitrary line so that Intel is on the "baddie" side and AMD is "good guy" side.

Not at all, though I do tend to cut AMD a little more slack due to their financial situation.  Intel could have easily sat on Coffee Lake for several more months (maybe even longer) until a patch was in place and they could have launched it as being "secure" (which would have made it made it even more appealing over 7th gen and earlier processors).  It's not like Intel is hurting for money.

 

53 minutes ago, LAwLz said:

Let's face it, this lawsuit is idiotic and if it passes then AMD, ARM, Nvidia, Apple, and basically any hardware or software company can be sued for the same reasons.

Again, you're not reading what I'm writing.  I never said Intel should be sued.  Never.  I even said I don't know if there was any justification for it, I simply said I could potentially see some merit in it, based on them rushing CFL.

 

55 minutes ago, LAwLz said:

Let's ignore that the whole "they rushed it" is based on assumptions and speculation rather than solid evidence for a while.

See my respond to JohnMiller92 above.

 

55 minutes ago, LAwLz said:

I still don't see how rushing a product out to market, rather than releasing it on time somehow makes it worse. Regardless of whether or not the launch date was changed it would still have been a vulnerable product being put on shelves and sold to customers. If it happened a month sooner or later doesn't matter in my mind. Especially not if either dates were before the publication of the exploits.

See my first point.

 

56 minutes ago, LAwLz said:

And I don't think we should start mixing in the severity of security issues into the law.

Again, you seem to be under the mistaken impression that I'm all gung-ho for this lawsuit.  I've never said that, not one single time.

 

57 minutes ago, LAwLz said:

At least not on such a fine grain scale to the point where Meltdown and Spectre starts being treated as "one is OK but the other one is not".

I've never said "one is OK".  What I've said is that Spectre is much more difficult to implement, at least based on everything I've read so far.

[Misanthrope]

"LOL Americans and their frivolous lawsuits!"

"LMAO Warranty claims? Like how?"

"Just some Lawyers will get rich because they're opportunistic"

 

And so and so on.

 

To all people making this comments: Perhaps we should force AMD off the market, put you all back on 4 core chips for another 5 years and double their prices instead, would that make you happy? No?

 

Then focus on the important thing which is Intel getting punished into not ever fucking up this bad again. 

[LAwLz]

1 hour ago, Misanthrope said:

"LOL Americans and their frivolous lawsuits!"

"LMAO Warranty claims? Like how?"

"Just some Lawyers will get rich because they're opportunistic"

 

And so and so on.

 

To all people making this comments: Perhaps we should force AMD off the market, put you all back on 4 core chips for another 5 years and double their prices instead, would that make you happy? No?

 

Then focus on the important thing which is Intel getting punished into not ever fucking up this bad again. 

How exactly will this "force Intel into not fucking up again"?

Also, do you believe AMD, ARM, Nvidia, Apple, Samsung, IBM, etc, etc should get sued too? 

To me it is pretty clear. Either Intel did something that warrants a lawsuit, and if they did then everyone did. Or they didn't and then nobody deserves it. 

 

The fact that they have been holding back because a lack of competition is completely irrelevant to the lawsuit.