Congrats and good luck with the thesis man. I know how you feel, I finally decided what master I want to do thanks to this channel and got also inspired to take CS

@@naxneedssomeprivacy You can find a playlist right in this channel.

The reason they make this is to make sure no one else finds their backdoor like they did on the celeron.

@@MikaelIsaksson that... Doesn't make any sense

@@DanKaschel sure it does. Now they can have a bunch of really smart people trying to find it. If they don't, great. Now we can feel like bit more sure it won't be found in the wild. If they do, oops, a "vulnerability" better fix it. To be clear, it's really hypocritical from them to care about hardware vulnerabilities when they have put them in on purpose in the past. If you didn't know they crammed in a small operating system in the CPU that could be accessed from user level by calling secret opcodes, elevating following commands to above ring 0. Basically a hardware trojan.

​@@MikaelIsaksson Did they become self conscious and stop doing that in newer generations of cups, or do they more effort into hiding the hw trojans better?

Also, when accessing a virtual address, the processor places the virtual page number and the corresponding physical frame number in tlb for faster lookup, which also speeds up data access.

@@TheAirr13 and to ensure that no process can access the virtual memory of other processes, each entry in the TLB is tagged with its corresponding process ID, which is what Sebastian was talking in the video, wondering if the tag check can be circumvented.

Also 1’or1’ doesn’t always = 1

These aren't Linux process IDs. The hardware functionality is called PCID. There exist only 4096 different ones. Linux uses effectively only 6 (+ the upper bits for meltdown mitigation). So whenever a new thread is scheduled the TLB doesn't have to be flushed all the time. And to my knowledge the check cannot be circumvented. I did some experiments and wasn't successful

@DNA I am not a Linux kernel engineer but to my understanding you are right. The PCID stuff is necessary to mitigate a TLB flush everytime a process switches between Kernel and userspace. Each process has a part which is running in userspace and a part which is running in kernelspace. PCID increases the switching speed. I remember I read that a few months ago but I did not understand it fully yet. But from within the kernel you can leak everything.

🙂 yes

This video doesn't really talk about branch prediction, but rather only speculative execution. Branch prediction is only concerned with conditional jumps like JNZ (jump if not zero). It is a function in the CPU looking for patterns in whether a certain conditional jump is taken or not and tells the CPU which branch to load into the pipeline (for older CPUs, before speculative execution) or which branch to speculatively execute (for modern CPUs). Note that some CPUs may speculatively execute both branches (jump taken as well as not taken), the branch predictor would merely tell the CPU which branch to prefer when neither branch is stalled (waiting for memory or slow computation result).

@DNA Cortex-A75 and IBMs Power microarchitecture seem to be also affected…but basically all modern (till 2019 I guess) Intel CPUs, so, this is basically a Intel-issue. the IMHO more useful speculative execution vulnerability, which can be triggered without a signal handler and therefore could not be mitigated by the kernel that simple and can also be done in non-native code like javascript, also affects a lot of other CPUs.

@@RepublikSivizien Meltdown is far not Intel only. Btw, "signal handler" can be avoided by self-modifying code, like changing nops into jmp right before transient instructions. Have never heard about this method before but it was also worked.

@@PS-bp4ju: That is spectre, not meltdown. You might have luck with the illegal out-of-order instruction in a thread. It should be possible that an illegal instruction in a child does not kill the parent, but it must be on the same core due to cache, iirc.

The dude probably has the Intel architecture documents as light bedside reading lol. He did write "reductio ad absurdum" which is a program with 13 lines of x64 assembly and is turing complete.

I mean, they do. Scientific journals very frequently publish negative results.

Fourty-tooth. I looked it up. English is still weird about number names, where the 1st, 2nd, and 3rd numbers in each group of 10 starting at 20 have separate names -- but at least it ain't French or Danish! 21: twenty-first (21st) note ...th 22: twenty-second (22nd) note ...nd 23: twenty-third (23rd) note ...rd 24: twenty-fourth (24th) note ...th 25: twenty-fifth (25th) note...th etc. Same for 31, 32, 33, ... 41, 42, 43... etc. I'm also a German and French speaker so I can relate -- I ALWAYS forget that 81 and 91 in French DOESN'T use the "-et-" before the "un" or "onze" but it does in 21, 31, 41, 51, 61, 71 ("...et-onze") -- but not 81 and 91 as they are "too long" for adding the "-et-". GAHHHHH!!!!

maybe the interest is a "you-problem"

This is more of a defcon-style approach, which the general hacker community has. I'm sure if you want a more professional-audience catered style, you could look at Def Con or BlackHat conference talks. If you're looking for much different I'll tell you now that most of the audience does not want that.

You can find Club Mate in a lot of normal supermarkets, e.g. REWE or Edeka, but your best chances are in beverage markets, where there might also be other types of Mate (e.g. Mio Mio) or other lesser known types of beverages.

@@felixe2890 thanks!

Meh, I'm of the opinion that it's not up to us, the viewers, to tell the creators what to work on and not to work on. I like the minecraft stuff. And I like this stuff. For all I know all this interesting content is only able to be produced because it's fulfilling to the creator. And as soon as I start imposing my own will on it it becomes less fulfilling and goes to hell. TL;DR; Leave the creative decisions to the creators.

@@JeanQPublique I like Minecraft, spend probably way too much time playing it and at least 3/4 of all the code I've ever written is MC related, but the Minecraft series is pretty boring. It's mostly just things that most people who are interested in Minecraft already know or basic coding/hacking concepts.

@@4cps777 And that's fine if you feel that way. Just like it's fine that others feel different. I think we agree, though, that overall the channel is really good. And hopefully we both agree that that's a result of creative decisions that extend beyond our personal preferences.

EDIT: ok, if it's just another user process, it's not weird. But reading kernel memory still eludes me.

subscribe :P

@@LiveOverflow Thanks, I'm a subscriber for quite a while now. Anyway, any reading material? U don't need to name any book/manual, just tell me what to look for.

To be fair, it did take collaboration between several security researchers to find this class of bugs. I don't know if Intel is to blame here when it seems this could affect any type of processor of any architecture.

@D M except intel has the source code (VHDL or Verilog) for the circuitry. They could analyse it much easier.

the reality is intel couldn't hire enough people to find these kind of bugs. The best situation is having countless people trying to exploit the systems and having a meaningful reward for finding them so that they can then be fixed. This is true of all companies not just intel. bug bounties are great as they are open to everyone who wants to give it a try they just need to have good enough rewards to make them be worth turning in over the black market.

Then intel would just end up with all the people working security research (hardware and software) and keep going on in that loop. There is something called a product development cycle and there are a lot of additional new things being researched on. No one writes bug free code, its how they approach their mistakes and fixes makes them better. Plus this is a global scale research and thats how all bug bounties work.

@@tomaspecl1082 The issue comes not from the source code for the circuitry. It comes from architecture, and this is a hard topic to reason about till the field exploded in 2018.

This might mitigate out-of-order-execution vulnerabilities like meltdown, but not speculative-execution vulnerabilities like spectre. In the latter, there are no segfaults.