what's surprising to me about cache hit detection timing hacks is that cpu's with speculative execution weren't designed to invalidate some cached data during a rollback

Bru, I love how you just explained SPECTRE with pizza.

How many pizzas were ordered before the Nordstream pipeline was blown up? And before the Hamas massacre of the Israeli song festival?

This is one of the best explainer video I've seen. You simplify something very complex, and yet do not skip anything. All within a very short time frame.

"Accidentally"

JavaScript has always been trash, and Node JS is just one massive heap of crap.

We got SPECTRE on our hands. Somebody call James Bond.

Could someone explain how instructions were speculatively executed in the time it takes for MEM to load from memory? (so much so they are now in cache) I'd imagine that cache miss would be more than likely for instructions1,2,3 etc. Is this simply the matter of simplification to explain the concept , when in reality, the equivalent of loading MEM would be a more time-consuming task??

The solution is very simple for operating systems to implement. First whenever loading drive memory onto ram it just loads it twice, giving 2 copies of the same memory. When an illegal access is encountered it just reads back a few instructions from the active user execution page and identifies any writes to restore the value of the page from the copy. This will naturally cause the cache to get overwritten effectively eliminating spectre's ability to indirectly grab unauthorised data. Since the page will have a 2nd copy on ram it's feasible to load the memory onto ram once then tell the ram to copy that page to another mapping on it. The speed hit should be much less than disabling pre-emptive execution altogether.

This is a very good succinct explanation of the problem thank you.

I wonder what happens if the speculatively executed code accesses MMIO. Reading from MMIO can actually trigger an action. Is there a way to tell the CPU to never read speculatively from a certain address?

Reading through the comments, I see that _some_ CPUs are immune to this because they lack branch prediction and speculative execution, and _some_ CPUs are immune to this because the MMU sanely limits illegal behavior by the speculative executor; with extra-dumb microcontrollers being often in the former, and PowerPC being an example of the latter. What other CPUs exemplify the latter, there?

Yeah, there is no way it was "accidental". Anyone who ever wrote anything resembling transactional mechanism knows for sure that CPU engineers were well aware of cache not being rolled back (duh!). And "cache attacks" (for short) have been known to mankind since medieval times. I guess some people really didn't want to lose a market share, and some were also backed by NSA&Co to simply close their eyes. For one, NSA has been describing what is basically a meltdown/spectre attacks at least since 90s. They effectively "predicted" it in their TPEP, and here we are, "surprised" by the actual findings made in modern CPUs 30 years later, when this feature simply served its time. And who informed us on it? Goolagol of all actors. This whole thing reeks of backdoor.

Thanks for explaining it 😁👍

Christ, My head hurts now.

So thy di di themselves... No kil swichi ... No wachimen on live action vs tha posile plans etc . Plus peg prog not for live use ... In live tranzation so yea fail .

You cant predict a war by a fast food amount. Just how much work a department has at the moment. Nothing more.

Average AWACS Long Caster food order

"accidentally"

Very easy to follow and cleverly illustrated explanation. Nice video!

Great video

Me looking at the 10 performance degrading security patches applied on my processor on linux because of intel x86 memery

Dominos seems pretty garbage for the Whitehouse

John W. Campbell, who was the editor of Astounding Science Fiction during WW2, claimed that he knew there was a big science project underway in Los Alamos, because many of his regular subscribers moved there suddenly.

Nah pause you didn’t just have pizza order correlation to the starting of operation desert storm. 😂 I’m done bro US intelligence is wild.

I ain't no stock trader. However it does make me happy seeing these con artists panicking and losing money. Unfortunately no major loss was on the execs who ran everything.

This is gold! Thanks, chief.

Between this and that unsolvable CIA puzzle it's pretty funny how you can just sidestep rules to solve puzzles.

Pizza and hotdogs

Listening to ackustic sig from touchscreen u kidding.. right ?

This was done purposely and with ill intent

These bugs lowered my CPUs performance by up to 20% luckily I was able to roll back the updates and got the performance back. Garbage patches.

I'm happy when youtube recommendeds me intelligent content.

As soon as you mentioned metadata, my first thought was "somebody used it to inject code into memory." Sometimes the worst issues come from the simplest oversights.

its not possible to extract fingerprints by listening to fingers swiping. Thats entirely made up.

"accidentally"

Spectre made my job hell for like 18mos. To patch Spectre on certain generations of Intel CPU in VMWare they had to kneecap vmware EVC mode for those generation CPUs when using VM versions higher than 11. Unfortunately we had just started a hardware refesh to new systems and the diminished EVC mode disabled live vMotion from those generation CPUs and made what should have been a simple refresh into an 18mos of constant hell trying to move out our manufacturing critical systems.

Fantastic use of the Pizza index to explain side-channel attacks!

200 nanoseconds is 0.0000002 seconds, just for context.

That's the issue with arbitrage bots, when they fail they lose years of profits in just minutes. Title should be "Manual Deployment ends up costing $440 Million. Maybe we need to hire some devops? "

Since we're reading 1 byte at a time, the big array can be 256 elements long to accommodate for every possoble value. Then you can check all those values very quickly especially using C. Next problem would be how to flush the cache so as to not get galse positives. I'm gonma research some more, possibly even try this on my own computer.

Intel 486 enters the chat.... Oh hai!

Subsieequently

Instant subscribed!

Nothing is impossible if you seg fault hard enough

truly the root of all eval

Is there a reason we can’t fix this bug by just rolling back cache operations when the branch prediction is wrong?

This is why we should go back to good 'ol stored program computers. No fancy thinking about thinking, just doing.

So you're saying that pizza is the cause for war? got it.

Some crazy shit, my power button on my phone was actually a sonic finger print reader and I just a few months learned about. I sat it up and its actually really accurate.