C++Now 2019 Trip Report

This year marked my second trip to Aspen to attend C++Now as an attendee, speaker and member of the conference staff. The theme this year was The Art of Compile Time Programming. The first three days had keynotes by well known experts in the compile time community.

Daveed Vandevoorde, who is arguably the world’s leading expert on templates, gave the first keynote, C++ Constants. Hana Dusíková gave a interesting talk on compile time regular expressions, Compile Time Regular Expressions with Deterministic Finite Automaton, showing her revolutionary new library for regular expressions. And David Sankel talked about the C++ Reflection TS and what it brings to compile time programming.

I won’t review the talks themselves, but they are all well worth catching on video.

One surprise that hasn’t been revealed yet is that a new speaker swept all but one of the awards for the conference: Conor Hoekstra’s Algorithm Intuition talk was one that I didn’t make it to but won 5 of the top 6 prizes at this year’s conference. It’ll be one of the first talks I watch when they start coming out on video.

Among the talks I attended that stood out were:

Bob Steagall’s Linear Algebra for the Standard C++ Library. I recently joined the ISO Standards Committee and there are a lot of proposals pending that I personally don’t see as good candidates to the standard. I went into this talk thinking that a linear algebra library would be one of those. I came out of the talk with the exact opposite view. There were a number of other committee members present, some who are experts in mathematics, so this was a lively session where we worked through the proposal. I’m not sure what form the linear algebra library itself will take but it will be interesting to watch it go through the standardization process and I do think it will be accepted, probably into C++23.

Michael Caisse’s Embedded Domain Specific Languages for Embedded Bare Metal Projects. Michael always gives great talks and while this talk is about DSLs in the embedded world it really transcends the embedded world itself. Like declarative-style programming, DSLs are becoming more and more prevalent. And like Bob’s talk (above) there were a number of language experts in the audience so this led to a lively conversation (which is typical for C++Now). If you have any interest in DSLs, this is a good primer to start with.

Charley Bay’s Property-Based Declarative Containers. Charley’s talks are always a joy to watch and given that he spoke to a packed room, I am not alone in that. I’m surprised about how quickly the declarative style of programming has become main streamed and this talk is about how that style informs the development of the APIs we write. Writing a good API is something most developer’s struggle with and this talk helped to marry both API development and the declarative style.

Jeff Garland’s The C++20 Standard Library – Beyond Ranges. Jeff traces his history with C++ back to the early days of of the standards committee and this talk was a catch-up of the features that are coming in C++20 (sans Ranges). What I found interesting about this talk was all of the insights into how new features make it into the standard and how the process changes them over time. If you’re interested in Ranges specifically, Jeff has another talk at this same conference which I missed.

Nevin “:-)” Liber’s The Many Variants of std::variant. I don’t think that I’ve ever used union in my 30 years in C++ and am not sure if I have a need for std::variant. Until now. This is a fascinating talk not just on the value of std::variant but on the process the author went through just to get a single feature into the language. The complexity of the issues that have to be addressed for each new feature is just mind boggling.

This year I gave two talks:

If You Can’t Open It, You Don’t Own It – This was the hardest talk I’ve written so far but it also was the one that was the most fun to write. It focuses on the dark art of hardware hacking by looking at four real-world super-hacks: ShadowHammer, x86 God Mode, Diginotar and Supermicro. It uses those to frame the conversation on hacking hardware and how that informs software security in the systems we write. In this talk, we look at Roots of Trust, Physical Access, Side Channels and Supply Chains.

Threat Hunting – This talk started with Dick Chaney’s pacemaker, went through Intrusion Kill Chains & Project Aurora and ended with the short course on Threat Modeling a speculative project. Threat Modeling is fundamental to understanding risk in a system and identifying the attack vectors and surfaces. If you’re concerned about building a secure system and writing secure code, Threat Modeling this the first place to start.

Also this year, I announced my first book which is due to be released in Spring 2020. The cover art came in on time but the ISBN is still MIA.

Exploiting Modern C++: Writing Secure Code For An Insecure World is a primer for C++ developers with no background in security. It takes developers through the process of writing high-quality, bug-free code that is also secure. In it, I cover:

  • strategies hacker’s use to penetrate systems
  • the patterns of bugs that become vulnerabilities
  • code reviews
  • test strategies
  • threat hunting
  • penetration testing
  • and more

I’ll have more in a future post along with some sample chapters.

And I also announced my training class at CppCon 2019 in September,
Exploiting Modern C++ . This is a hands-on, instructor led version of the book along with a Capture-the-Flag exercise. Check out this blog post for more information.

The best part of C++now is it’s intimacy. This is a small conference where everybody knows everybody else. A lot of committee members attend and it’s the conversations during the breaks and the debates during the talks that makes C++Now so valuable.

You’ll meet some of the world’s leading experts but it’s also a place where you’ll feel welcome even if you’re new to the language.

See everyone next year!