what's surprising to me about cache hit detection timing hacks is that cpu's with speculative execution weren't designed to invalidate some cached data during a rollback
@brovid-1912 сағат бұрын
Bru, I love how you just explained SPECTRE with pizza.
@lesterchua2677Күн бұрын
How many pizzas were ordered before the Nordstream pipeline was blown up? And before the Hamas massacre of the Israeli song festival?
@MertonDingle11112 күн бұрын
This is one of the best explainer video I've seen. You simplify something very complex, and yet do not skip anything. All within a very short time frame.
@KyleBaran903 күн бұрын
"Accidentally"
@EkoJr13373 күн бұрын
JavaScript has always been trash, and Node JS is just one massive heap of crap.
@cheezemonkeyeater4 күн бұрын
We got SPECTRE on our hands. Somebody call James Bond.
@jaegye5 күн бұрын
Could someone explain how instructions were speculatively executed in the time it takes for MEM to load from memory? (so much so they are now in cache) I'd imagine that cache miss would be more than likely for instructions1,2,3 etc. Is this simply the matter of simplification to explain the concept , when in reality, the equivalent of loading MEM would be a more time-consuming task??
@zxuiji7 күн бұрын
The solution is very simple for operating systems to implement. First whenever loading drive memory onto ram it just loads it twice, giving 2 copies of the same memory. When an illegal access is encountered it just reads back a few instructions from the active user execution page and identifies any writes to restore the value of the page from the copy. This will naturally cause the cache to get overwritten effectively eliminating spectre's ability to indirectly grab unauthorised data. Since the page will have a 2nd copy on ram it's feasible to load the memory onto ram once then tell the ram to copy that page to another mapping on it. The speed hit should be much less than disabling pre-emptive execution altogether.
@davel2027 күн бұрын
This is a very good succinct explanation of the problem thank you.
@__christopher__9 күн бұрын
I wonder what happens if the speculatively executed code accesses MMIO. Reading from MMIO can actually trigger an action. Is there a way to tell the CPU to never read speculatively from a certain address?
@codegeek989 күн бұрын
Reading through the comments, I see that _some_ CPUs are immune to this because they lack branch prediction and speculative execution, and _some_ CPUs are immune to this because the MMU sanely limits illegal behavior by the speculative executor; with extra-dumb microcontrollers being often in the former, and PowerPC being an example of the latter. What other CPUs exemplify the latter, there?
@user-pm8je4fo7e11 күн бұрын
Yeah, there is no way it was "accidental". Anyone who ever wrote anything resembling transactional mechanism knows for sure that CPU engineers were well aware of cache not being rolled back (duh!). And "cache attacks" (for short) have been known to mankind since medieval times. I guess some people really didn't want to lose a market share, and some were also backed by NSA&Co to simply close their eyes. For one, NSA has been describing what is basically a meltdown/spectre attacks at least since 90s. They effectively "predicted" it in their TPEP, and here we are, "surprised" by the actual findings made in modern CPUs 30 years later, when this feature simply served its time. And who informed us on it? Goolagol of all actors. This whole thing reeks of backdoor.
@thelazy0ne11 күн бұрын
Thanks for explaining it 😁👍
@jaybird5711 күн бұрын
Christ, My head hurts now.
@claucmgpcstuf510311 күн бұрын
So thy di di themselves... No kil swichi ... No wachimen on live action vs tha posile plans etc . Plus peg prog not for live use ... In live tranzation so yea fail .
@rimka1112 күн бұрын
You cant predict a war by a fast food amount. Just how much work a department has at the moment. Nothing more.
@azedthebruhplayer275212 күн бұрын
Average AWACS Long Caster food order
@LethalBubbles13 күн бұрын
"accidentally"
@XenoghostTV14 күн бұрын
Very easy to follow and cleverly illustrated explanation. Nice video!
@YT2go4me14 күн бұрын
Great video
@1creeperbomb15 күн бұрын
Me looking at the 10 performance degrading security patches applied on my processor on linux because of intel x86 memery
@moss508015 күн бұрын
Dominos seems pretty garbage for the Whitehouse
@MaxChaplin15 күн бұрын
John W. Campbell, who was the editor of Astounding Science Fiction during WW2, claimed that he knew there was a big science project underway in Los Alamos, because many of his regular subscribers moved there suddenly.
@gizmothepiefaceman306215 күн бұрын
Nah pause you didn’t just have pizza order correlation to the starting of operation desert storm. 😂 I’m done bro US intelligence is wild.
@braixeninfection631216 күн бұрын
I ain't no stock trader. However it does make me happy seeing these con artists panicking and losing money. Unfortunately no major loss was on the execs who ran everything.
@jacobzucula463916 күн бұрын
This is gold! Thanks, chief.
@Anon_Spartan18 күн бұрын
Between this and that unsolvable CIA puzzle it's pretty funny how you can just sidestep rules to solve puzzles.
@kandipoopipants179418 күн бұрын
Pizza and hotdogs
@Arshar19 күн бұрын
Listening to ackustic sig from touchscreen u kidding.. right ?
@kitchnerlesley19 күн бұрын
This was done purposely and with ill intent
@craigjoe869119 күн бұрын
These bugs lowered my CPUs performance by up to 20% luckily I was able to roll back the updates and got the performance back. Garbage patches.
@dsagent19 күн бұрын
I'm happy when youtube recommendeds me intelligent content.
@user-tv6sw3vt9q19 күн бұрын
As soon as you mentioned metadata, my first thought was "somebody used it to inject code into memory." Sometimes the worst issues come from the simplest oversights.
@ololh4xx19 күн бұрын
its not possible to extract fingerprints by listening to fingers swiping. Thats entirely made up.
@biblical_figure20 күн бұрын
"accidentally"
@JessSimpson131321 күн бұрын
Spectre made my job hell for like 18mos. To patch Spectre on certain generations of Intel CPU in VMWare they had to kneecap vmware EVC mode for those generation CPUs when using VM versions higher than 11. Unfortunately we had just started a hardware refesh to new systems and the diminished EVC mode disabled live vMotion from those generation CPUs and made what should have been a simple refresh into an 18mos of constant hell trying to move out our manufacturing critical systems.
@MrSammyTeee21 күн бұрын
Fantastic use of the Pizza index to explain side-channel attacks!
@matthewszwandt412423 күн бұрын
200 nanoseconds is 0.0000002 seconds, just for context.
@somebodythatiusedtoknoooooooow23 күн бұрын
That's the issue with arbitrage bots, when they fail they lose years of profits in just minutes. Title should be "Manual Deployment ends up costing $440 Million. Maybe we need to hire some devops? "
@norielgames476523 күн бұрын
Since we're reading 1 byte at a time, the big array can be 256 elements long to accommodate for every possoble value. Then you can check all those values very quickly especially using C. Next problem would be how to flush the cache so as to not get galse positives. I'm gonma research some more, possibly even try this on my own computer.
@daedalus54724 күн бұрын
Intel 486 enters the chat.... Oh hai!
@arnizz530125 күн бұрын
Subsieequently
@Froschkoenig75125 күн бұрын
Instant subscribed!
@mou1998ssa26 күн бұрын
Nothing is impossible if you seg fault hard enough
@Janos020626 күн бұрын
truly the root of all eval
@raydaypinball26 күн бұрын
Is there a reason we can’t fix this bug by just rolling back cache operations when the branch prediction is wrong?
@Atoll-ok1zm26 күн бұрын
This is why we should go back to good 'ol stored program computers. No fancy thinking about thinking, just doing.
@BoliceOccifer26 күн бұрын
So you're saying that pizza is the cause for war? got it.
@user-ow2yr4nu4z27 күн бұрын
Some crazy shit, my power button on my phone was actually a sonic finger print reader and I just a few months learned about. I sat it up and its actually really accurate.