Thank you so much!

David Glaude wow thanks for the lovely and kind words. Glad you enjoy this stuff, it's absolutely my passion :). Finding ways to share it with more folks is my goal

Sound isn't too quiet for me. I appreciate the clear, no-fuss presentation style. A better mic may provide fewer artifacts, environment noise, etc., but this is still pleasantly listenable.

Thanks! I'm using a somewhat decent mic (well a Snowball mic). Most of the issue is being too far away from it and being in a house with a 7- and 9-year old nearby :)

You might want to consider using audio normalization, compression and limiting to get a good consistent level. There are plenty of free plugins for that kind of stuff.

Thanks. Plugins for what though? I'm on Linux and I'm using a pretty simple screen capturer - do you have recommendations for what to post-produce these with? I was hoping KZbin would have a "fix my audio" button, but alas...

Ah no not really. I'm a Linux user too but I keep a Windows machine specially for audio/video work as AV on Linux has traditionally been a bit of a dogs dinner. Ardour and Audacity are the two big fish and they may be better now than they were last time I tried to use them (about 5 years ago). For video I used to use KDEN live which had an awesome interface but used to crash every 10 minutes. In the end I just couldn't swallow the reliability issues, plugin compatibility issues, and the Pulse vs Alsa vs Jack nightmare. I was spending more time debugging than recording/editing. As I say the situation may be better now, the newer Steinberg VST3 plugins may run in Linux. Personally I use reaper for audio and the devs claim it runs well under wine though I've never tried it. It's just audio editing but that's no biggie, I just strip the audio off with ffmpeg, process it and save it then use ffmpeg to knit it all back together again.

Thanks for the feedback!

Thank you!

Thank you very much!

+disco__ thanks! Will look to putting more of my presentations online over the next few months

D0senpf4nd I use reveal.js here

Thanks for the reply!

Hi! Thanks for your comment. The read() function does not operate on the detectArray, it's a regular function call (inline or non-inline, it doesn't matter) to the read() function outlined earlier. The result of the call to read() is then used on the detectArray. The CPU doesn't distinguish between "function calls" or "inlining" -- it's just a stream of instructions to run as far as the Out-of-Order core is concerned. The fact that "read()" is speculated while the fault on "array size" is loaded from cache, but the results return to the caller and can be used (at least speculatively), is all that matters. Whether read() is CALLed or inlined doesn't matter. I hope that helps! If you have any more questions feel free to ask here or over email or twitter :)

+Matt Godbolt thank you for the quick answer. I think, I'll send further questions to email.

Not as far as I understand it, no. The nearest thing one has is transactional memory, but that's more like an undo/redo buffer (like a mispredicted branch), and for competing memory accesses.

There's no segfault actually happening. The fault only happens when the faulting instruction retires. And as a speculatively executed instruction which was incorrectly predicted, it is discarded before it retires. So, no segfault actually happens.

Sorry, I should have been clearer: When a _speculative_ segfault happens, then flush all caches (to make the caching attack fail) and wait a random time (to make timing attacks fail). Do we know how often a _speculative_ segfault happens in ordinary programs? Would it be acceptable to pay a high penalty if a speculative segfault happens?

Ole Tange but that's the thing: the speculative segfault doesn't happen. Faults are processed when the instruction that caused the fault retires. And these speculative page faults don't retire as they were incorrectly speculated

@@OleTange hi. I am about a year late, but I just wanted to point out that the following code is commonly used: char *a = get_some_ptr(); if (a) { *a; // dereference a and do something with it } If in this code the branch is mispredicted, a would be a null pointer, thus a *speculative* segfault will happen.

Right that's my point: it's so common as to be inevitable unless someone tries to access out of bounds (usually a bug).

@@MattGodbolt Now I see what you meant by "not taken" is that the if statement is useless because, in most cases, it would always be "true", so we can execute the body without executing the if condition. Now, I see the whole point of speculative execution.

In this instance arraySize is stored in ram and can be cached (or otherwise). Index is a variable passed in a register and so its always available.

@@MattGodbolt Hah because index is passed directly as an argument is it? So it gets stored directly in CPU registers that are predetermined for that purpose rather than memory (cache or otherwise)? Sorry, my knowledge in these issues is not the best, but I'm really interested in them!

The data is used to affect the cache. Then, afterwards, although the instructions that used the privileged data never complete... The attacker probes the cache and can use the influence the earlier (privileged) data had on it to infer the value