A microcode update is a binary blob loaded to CPU on boot.
Modern Intel CPUs itself are sort of a runtime environment that has its language and program RAM. By placing said blob onto BIOS(UEFI firmware) ROM, CPU can find it, fetch it and load onto internal mini-RAM during power-up.
The structure of BIOS/firmware ROM differs among board manufacturers and it cannot reliably be altered from Windows by Microsoft(its all the same in actuality though). Thus the microcode update blob must be integrated into and installed by manufacturer or as per their instructions.
Personally I don’t care. I only care about speed. I want the latest AGESA, but I opt Meltdown patches be left off.
The OS can update the Intel microcode at runtime just fine as well, and e.g. Linux and Windows offer such updates (like the one described by this very article). So BIOS/UEFI update/involvement is not needed.
That asssrtion isn’t correct. Microcode updates are not installed permanently automatically; users need to patch their bios/firmware for that. But the OS can (and does) dynamically apply microcode updates at boot, every boot.
Quite literally the next line in the exact same paragraph with links and instructions.
> Links to the Intel Microcode update for the supported versions of Windows can be found below:
And then right after the links, suggestions on what you should do ( I guess it's not specific to software developers, but I somehow doubt it matters that much unless you are in HPC)
> While we highly recommend that users install new Microcode updates, it should be noted that previous updates have caused performance issues on older CPUs or system hangs in the past due to how they mitigated vulnerabilities.
I don't think that is what he means. I am guessing he means very few people will ever even know about this. So why should the people who randomly come across this information do anything about it?
It's regrettable that this is current state. Google equates a login and recent activity with them as being a "legit person". Anything short of that means you're a malicious bot. The traffic dominance of Cloudflare and Google deserves some real independent scrutiny.
Being asked to install arbitrary code to run in browser extension privileged context is perhaps one of the only things they could have done worse than google's captcha.
I'm getting the same thing (residential IP on a major home ISP, no weird VPN or Tor exit node / SMTP relay / any reason to have poor IP reputation). I have recently logged in to Google, so it's not that. I checked the console and noticed a warning about a cross-site request to a 3rd party Google attempting to set a cookie and that this behavior would be dropped in future versions of Chrome. I wonder if this is uBO blocking 3rd party cookies.
Same here. Firefox (RFP enabled) + ublock origin + VPN + Cookie autodelete (so no google cookies) and no captcha. I suspect it's mostly based on IP reputation.
I'm not logged in to google (I only logged in to google on chrome and use firefox for personal browsing) but I do have Privacy Pass extension installed. I haven't see cloudflare captcha for a long time ever since I installed Privacy Pass.
I could be totally wrong, but this was part of my justification for buying our new servers with AMD Epyc chips and not Intel. Mainly that the numbers made more sense, but also recent vulnerabilities and mediation issues.
Will these at some point be available through Windows update? If not then how does Microsoft expect the vast majority of non-tech savvy people to deploy these protections?
...AMD seems hurt a lot less than intel by these exploits so far, and are also releasing some really cool hardware. It might be good to buy some stock and see how the next few years go?
IIRC (not a down and dirty systems guy, not familiar with parlance) AMD CPUs weren't speculatively executing transitions to lower rings, which was the crux of Meltdown (as opposed to Spectre).
The big thing with AMD from my outsiders' perspective was their gambit on chiplets, which improved yields at 7nm quite immensely and could be done by Intel at 10/5nm down the road.
In terms of money though the thing to look at is power consumption, which dominates mobile and server spaces. Zen2 is a marvel because of its efficiency, and should start to appear among the big purchasers for cloud services in the coming months.
What does this mean? That only those who know that they need them should apply them? What should I do (as a software developer) with my machine?