spectre | simple UI for browsing and inspecting diffs | Image Editing library

In this case, it is a false positive, as you suspected. This is a rule that sometimes gets used in stricter code bases. (This particular warning is an error in MISRA, for example.)

A lot of warnings are like this... the compiler writers are trying to detect a situation where the behavior of the program is unexpected or unintentional, but the warnings are not always correct. For example,

There's too much for me to put this in a comment, so I will summarize here. Maybe it will help you, or someone else. I should also mention this is for RHEL EC2 instances behind a corporate proxy (not Arch Linux), but I still feel like it may help. I had to do the following to get puppeteer working. This is straight from my docs, but I had to hand-jam the contents because my docs are on an intranet.

I had to install all of these libraries manually. I also don't know what the Arch Linux equivalents are. Some are duplicates from your question, but I don't think they all are:
pango libXcomposite libXcursor libXdamage libXext libXi libXtst cups-libs libXScrnSaver libXrandr GConf2 alsa-lib atk gtk3 ipa-gothic-fonts xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic xorg-x11-fonts-Type1 xorg-x11-fonts-misc liberation-mono-fonts liberation-narrow-fonts liberation-narrow-fonts liberation-sans-fonts liberation-serif-fonts glib2

If Arch Linux uses SELinux, you may also have to run this:
setsebool -P unconfirmed_chrome_sandbox_transition 0

It is also worth adding dumpio: true to your options to debug. Should give you a more detailed output from puppeteer, instead of the generic error. As I mentioned in my comment. I have this option ignoreDefaultArgs: ['--disable-extensions']. I can't tell you why because I don't remember. I think it is related to this issue, but also could be related to my corporate proxy.

Adding those headers via a service worker is equivalent from a security perspective, and it will enable equivalent functionality. There are a few things to keep in mind, though:

• A service worker can't control a client page during the first time a user navigates to a site, or following a shift-reload. Setting these headers via the actual web server is the only way to guarantee that they will apply to those scenarios. Generally speaking, you should be careful to degrade gracefully if there are any features in your main web app that depend on the presence of a service worker.

• There's a slight overhead involved with having a service worker controlling a page. If you were responding to requests by going straight to a local cache instead of the network, that would normally outweigh the overhead. Since it does not look like you plan on doing any caching in your service worker, you should feature-detect for navigation preloads and enable it if it's supported. This will mitigate the potential performance impact.

• The headers only need to be set on responses that can create a client, like responses for documents or workers. I'd recommend checking in your service worker whether or not the request's destination is for one of those things before calling event.respondWith(). This will help your fetch handler play nicely with any other fetch handlers that might also be registered and which, e.g. respond to subresource requests using a caching strategy. Something like the following should work:

It looks like you're asking why variables defined in the first IF body aren't accessible in other IF bodies:

Those compiler options work by generating special asm, whether it's retpolines or lfence or whatever. When you're writing asm by hand, obviously it's still up to you whether to manually include special asm or not.

Changes to OSes are the relevant thing for you. The OS, on a CPU with updated microcode, can defend you from other threads by telling the CPU not to allow branch history from past code to influence future code. (The ability to ask it to do this was added in microcode updates, and usually works by just flushing the branch prediction caches).

Another software thread executing on the other logical core of the same physical core can "attack" your code on most CPUs, because branch predictors are shared. At least in theory; ASLR might make that implausible if both tasks would need to be using the same virtual addresses for their branch targets to prime the predictors.

So in user-space, I think you only need to defend yourself from Spectre if you're worried about code running in the same thread (e.g. a JIT engine running untrusted code inside a browser or JVM has to defend itself) or on the same physical core.

Here's how I solved that issue:

1. Explicitly add interface ICommandLimiter to the Command subclasses that use inheritance in the settings from AddSettings.
2. Change the AddBranch call to infer the generic argument by only annotating the IConfigurator's type: config.AddBranch("add", fun (add: IConfigurator) -> ....

There is no simple way to accomplish your goal. The automatic processing implied for the sequence under [:b :c] is also problematic.

You can get partway there using the Tupelo Forest library. See the Lightning Talk video from Clojure/Conj 2017.

I did some additional work in data destructuring that you may find useful building the tupelo.core/destruct macro (see examples here). You could follow a similar outline to build a recursive solution to your specific problem.

A related project is Meander. I have worked on my own version which is like a generalized version of tupelo.core/destruct. Given data like this

Building on an answer given here, You can do the following:

memfd_secret() allows a user-space process to have a "secret" memory area. In this context, "secret" means that other processes cannot have access to that memory area (not even the kernel itself, or at least not by accident).

This syscall allows a process to store confidential information (like a password or a private key) in a more secure way, because it's harder for a malware to access that secret memory area. This syscall should also protect from vulnerabilities like Spectre, because the secret memory area is uncached; and should also protect (albeit not completely, but at least partially) from kernel bugs, since the kernel has no access to that memory area.

In order to use this syscall (that will be available in Linux 5.14), you first make a call to memfd_secret() in order to obtain a file descriptor; then you make a call to ftruncate() in order to choose the size of the secret memory region; and finally you use mmap() in order to map the secret memory, so you can access it via pointers as usual.

Other details are available here.

EDIT: unfortunately, the "uncached" feature that made memfd_secret() less vulnerable to attacks like Spectre has been removed because there was a concern for perfomance.

EDIT 2: additional details about why secret memory areas obtained with memfd_secret() makes programs safer (source, slightly modified by me for clearness):

• Enhanced protection (in conjunction with all the other in-kernel attack prevention systems) against ROP attacks. Secret memory makes "simple" ROP insufficient to perform exfiltration, which increases the required complexity of the attack. Along with other protections like the kernel stack size limit and address space layout randomization which make finding gadgets is really hard, absence of any in-kernel primitive for accessing secret memory means the one gadget ROP attack can't work. Since the only way to access secret memory is to reconstruct the missing mapping entry, the attacker has to recover the physical page and insert a PTE pointing to it in the kernel and then retrieve the contents. That takes at least three gadgets which is a level of difficulty beyond most standard attacks.

• Prevent cross-process secret user-space memory exposures. Once the secret memory is allocated, the user can't accidentally pass it into the kernel to be transmitted somewhere. The secret memory pages cannot be accessed via the direct map and they are disallowed in GUP.

• Harden against exploited kernel flaws. In order to access secret memory, a kernel-side attack would need to either walk the page tables and create new ones, or spawn a new privileged user-space process to perform secrets exfiltration using ptrace.

EDIT 3: just a note that I think may be relevant: secret memory areas can be accessed by child processes created using fork(), so one must be cautious. At least, using flag O_CLOEXEC (passed to memfd_secret()), the process will not make the secret memory available to processes created with execve().