Is std::mdspan a Zero-overhead Abstraction? Oleksandr Bacherikov Snap IncWhat is std::mdspan? It’s a view over a multi-dimensional array. It’s designed primarily to be used as a function parameter right? 24 Wrong! std::layout_stride supports only all strides specified at runtime. If we target zero overhead, we have to specify one of the strides as 1 at compile time.What does the Standard offer

Privilege Escalation Who: •Ransomware gangs •advanced adversaries •Game hackers How: •Looking at the trust between medium to high integrity levels •Configurations •Filesystem Lateral movement Who: •Financial Controlled Heap MemoryWhy Remote Code Execution (RCE)? ● High Impact and Exploitability ○ High Value of Zero-Days ● Expanded Attack Surface ○ Cloud computing ○ Remote work ○ Increase in internet-connected Surface? Start by defining Trust BoundariesWhat is a Trust Boundary? Anytime there is a crossing of the trust between an untrusted component to a trusted componentDefining Trust Boundaries Downloads from

enables: correlated and centralized logs, container security, east/west traffic management, a zero-trust model, a whitelist, Role-Based Access Control (RBAC), continuous monitoring, signature-based the service mesh 6. Zero Trust down to the container level. Zero trust requires strict controls, never trust anything by default and always verify. Key aspects of zero trust at the container level

microservice security ● R&D on Next Generation Access Control (NGAC) ● Exclusively co-host annual zero trust multi-cloud conference Best in Class Team ● Creators of the service mesh Istio, gRPC, Apache configurations to be added to the group will directly use Istio APIs. Tetrate OSS Projects ● Wazero: the zero dependency WebAssembly runtime for Go developers ● Istio Security Scanner ● Envoy Gateway: Manages safe enterprise-grade Istio distro ● Func-e: Make running Envoy easy Wazero ● wazero is the only zero dependency WebAssembly runtime written in Go. ● Contribute to Go/TinyGo/Rust ● Using WasmPlugin API

problems? Pros: ● Default constructor before the function call is avoided Cons (unless we fully trust the user and don’t have exceptions): ● Stack unwind on exception is still necessary ● Extra bool problems? Pros: ● Default constructor before the function call is avoided Cons (unless we fully trust the user and don’t have exceptions): ● Stack unwind on exception is still necessary ● Extra bool do Reason It’s the simplest and gives the cleanest semantics. Note This is known as “the rule of zero”. C++ Core Guidelines 62C++ Core Guidelines C.20: If you can avoid defining default operations

circular-logic problem: you have to use the interface to test the interface, so at some point you have to trust something which you haven't tested. The "Black Box Conundrum" You never really know if a member believe we have 30 grams of coffee? Not 30g coffee! 18Basic lab procedure: weighing a sample Zero the scale with the container to duplicate the exact conditions of the experiment. 19Basic lab procedure: weighing a sample Only after calibrating our equipment for exactly the situation to be measured can we trust the result. Actually 30g of coffee 20This is exactly TDD's procedure for a bugfix TDD: 1. Write

the memory, the binary is not writable. 2. The binary is statically linked at a start address of zero, with the first byte of text at 64K. 3. All indirect control transfers use a nacljmp pseudo-instruction the memory, the binary is not writable. 2. The binary is statically linked at a start address of zero, with the first byte of text at 64K. 3. All indirect control transfers use a nacljmp pseudo-instruction To reiterate: NaCl knows nothing of the source code for the application it runs, neither does it trust the compiler which compiled it. It only looks at the object code, and if the 7 rules are followed

NVIDIA • Mistral • Arc Institute • & Others… +167% / Year Both models from DeepMind (AlphaGo Zero & Master) Publication Date19 ChatGPT AI User + Subscriber + Revenue Growth Ramps = Hard to Match with performance in line with Western competitors 1/25: DeepSeek releases its R1 & R1- Zero open- source reasoning models 2/25: OpenAI releases GPT-4.5, Anthropic releases Claude manually curates the data, some models considered notable by some may not be included. A count of zero academic models does not mean that no notable models were produced by academic institutions in 2023

between services • k8s ingress controller • Use MQTT plugin as IoT gateway • Use IdP plugin as Zero-Trust gateway Technology Architecture Custom plugin development in API Gateway Difficulties simple, how to reuse existing plugins？ • 2. Let the demand side (PM, OPS, Sec) realize the demand at zero cost as much as possible 1. How to reuse exist plugins？ • Micro-plugin：one plugin only do one think， permutation of more than 40 plugins have unlimited possibilities, enough to meet user needs 2. Zero Develop Cost • Non-Developer：No technical background, no programming, but they understand the needs

Ø拥抱微服务，云原生 • SOFA 5规划落地 • 兼容K8S的智能调度体系 Ø运维体系的有力支撑 • LDC • 弹性伸缩 • 蓝绿/容灾/.. Ø金融级网络安全 • 金融级鉴权体系 • 云原生zero trust网络安全趋势 Ø异构语言体系融合 • SOFA/NodeJS/C++/Python/.. • 业务低成本融入服务，运维体系为什么要自研Golang版本ServiceMesh 2 Ø跨团队协作需要考虑技术栈落地成本