Great video! Your example at 2:52 is close but incorrect. The CPU would raise an exception trying to convert the virtual memory address associated with `readCharacter(1000)` as the permission bit would indicate that it is trying to access restricted memory so secret is never cached like you state in the video. Instead what would be correct is if you speculatively execute some array access after like `probe_array[4096 * secret]` (Assuming 4096 byte pages) which would then correctly cache the data associated with that array. There are other reasons for indexing into an array which deal with the hardware prefetcher caching adjacent lines of memory if they are not spread out enough. Then you can go through `probe_array` with flush+reload and look for the page access with the fastest time. I do think your explanation provides utility to those that haven't read the paper however because it demonstrates the concept of the cache as a side channel used in the attack and the attack mentioned in the paper can be hard to wrap your head around the first time you read through. Well done on this video!
what strikes me most about this number is gangnam style has this amount of views not even an hour of being posted and not a single person has ever looked into it. ever!
Was wondering why the maximum amount of damage shown in a few games ive played was -2.147b or 2.147b its such a weird number i figured it had something to do with computers
Question: now day we’re using virtual memory, the memory space is isolated each other, How can spectre meltdown load memory space that not belong to its? Or if is spectre meltdown must be a injection to access it, But if it is an injection that can access memory directly, why should it use the bug of speculative execution to do so? Could any one explain to me?
Have you worked with LIT + Accessibility and how to work with Shadow? We have used Stencil and had issues with shadow and accessing ID's for aria and other accessibility challenges. Do you know of any good resources or tips on how Lion was able to work with Shadow and be accessible? Any tips would be greatly appreciated. Your video was a nice intro to LIT. We are looking to switch from Stencil to LIT. Stencil offers shadow being on or off but my understanding it LIT is just shadow.
If you're facing issues with other frameworks, I suspect they will be same with Lit because the problem is the shadow DOM and not the framework/library... I've heard that many developers have decided to drop using the shadow DOM (that's something you can easily do with Lit but you won't enjoy the consistency of shadow dom especially with regards to styling).. Have you checked #2 here nolanlawson.com/2022/11/28/shadow-dom-and-accessibility-the-trouble-with-aria/ and alice.pages.igalia.com/blog/how-shadow-dom-and-accessibility-are-in-conflict/ ?
Thank you! I’ve purchased the Html & Css course as well as the JavaScript course and they’re the best courses out! I definitely plan on getting the React course next.
Nice video! I’m starting on my Lit journey coming from react and angular world. Are there any component libraries for Lit (or web component library) that you would recommend? Same with design systems?
@7:51 you conflate property and attribute, and its important to know the difference when using web components, and beginners have a tough time with this, so its important to use the correct terms.
What if we are using external gps tracking device which uses SIMCARD within it and want to connect it within our own Map in application...may do I know,how can we code for this.
I am eagerly waiting for the stacking context (z index) video as mentioned in the HTML course. That particular topic is quite confusing for me. I bought all your courses, it's amazing. Learned so much in last 6 months from your courses.
Thank you! That's great to hear! If you want, you can watch this presentation in the meantime ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-W8yF76MUHB4.html ;)
Best video I've seen about introduction to Lit! The way you explain is amazing, simple and straight to the point :D Hope your channel keeps growing! We need your content 😀
Hey want to give cudos to your course. The interactive challenges provide so much more value than mindlessly following a tutorial or lesson. This is the 3rd Js course I've purchased and the only one that delivered real value. Very tempted to buy the react course next even after purchasing Josh Comeau's Joy of React course.
Thank you so much Alexander, glad to hear that it worked for you! As for React, I would recommend you build stuff rather than staying in tutorial hell ;) Also, if you've joined the GitHub discussions for the Learn JavaScript course, maybe you want to give the Pair Programming Challenge a try! (it's a pinned discussion)
My coordinates were not very accurate and some locations were from the other side of the street, causing the map to create false circular routes. How to correct this.
I'll explain it with meltdown, since it is more specific and I am more confident in understanding it: What we are basically doing is clearing the cache, then we do the whole tricking the branch predictor stuff and what we then do is some operation on an address that we have access to, that address being a pointer we have and offsetting it with a value we're not allowed to read. The reason this works is because, during speculative execution, the CPU will defer the privilege check, i.e. it will check if you were allowed to do this later on, because it is a rare occurrence that programs actually violate their memory space and doing it before would severely reduce performance (you'd have to do it for most instructions), and if it finds this to be the case it will just undo the operation. However, if this operation takes place before the privilege check it will result in the value at the address "pointer+secret" to have been cached, and since the cache for this exploit has no knowledge of which privilege is required to read it, our program can then just try to read all possible addresses of pointer+n until it finds one that returns quicker, meaning you've just hit this not cleaned up value and you know the byte you weren't allowed to read is n In code: pointer = malloc(...) //allocate a large chunk so we have space to work with (...) //maybe assign values to everything in base, ENSURE THE CACHE IS FLUSHED if(...) { *(pointer+secret) ... //do something that will require us to read the address of pointer offset by the secret value, which is currently not in cache } (...) //now do a timing attack on the cache until you find which address was cached The more scary thing about this was that spectre, the papers presenting more general ways to do this, found it possible to do this with JavaScript by playing around with the code to force your computer's compiler (JS is compiled locally just-in-time) to predictably make something that flushes the cache, as this is not a command available to you in JS. AFAIK the missed branch ensures your program doesn't crash because a segmentation fault (memory violation) is handled by the operating system, also I seem to remember being in a speculative branch is key to ensuring the privilege check is done late enough EDIT: I realize I might not have answered your question, it's a value that we add to our pointer. i.e. we take our address, 0x7f45bd4f, and add a number to it which we must not know and is firmly outside of our program's memory, it's a byte sitting somewhere like 0x2e4f3d47 and maybe it's the value 0x23 which, when added, gives us 0x7f45bd72. Once the CPU performs an operation (or even just prepares to do so) on this address, the specific byte at the position 0x7f45bd72 will then be loaded into cache
