In today’s programming workshop for @coocook we’ve fixed a long-standing bug in the ingredients editor (image 1):

When you added ingredients to recipes there was a #RaceCondition. The new ingredient is always added to the database but SOMETIMES the view was updated before so the new ingredient wasn’t visible until next reload …

It was a nice engineering challenge to reproduce this issue reliably. Slowing down the connection did not help. Making any of the requests respond slower did not help. Using the #Starman application server for #Perl instead of the single-threaded dev server finally allowed to reproduce the issue 😅

The actual bug was in the #reactjs app: Requests for adding the new ingredient and updating the view were fired but the keyword "await" was missing to actually wait for the response 🙈 (image 2)

https://gitlab.com/coocook/web-components/-/commit/ca2b23914c59f71a3f11618d9328684480a0b778

race conditions are so annoying to debug. You can have a good reproduction setup, but the moment you change logs, it fails to trigger the bug.

#racecondition #debugging #workposting

Wenn du in Java zum ersten Mal über Konkurrenz und Threads stolperst, wirkt das Thema schnell größer, als es eigentlich sein muss. Das liegt vor allem daran, dass mehrere Begriffe durcheinandergeworfen werden. Mal ist von Parallelität die Rede, mal von Nebenläufigke...

https://magicmarcy.de/konkurrenz-und-threads-in-java-einfach-erklaert

#Threads #Java #Aufgaben #Coding #Konkurrenz #Nebenläufigkeit #Programming #Executor #Parallelität #RaceCondition #Prozesses #Speicher #ExecutorService

The Little Book of Semaphores

Free book explaining synchronization patterns, semaphores, and classic concurrency problems used in exploitation, OS internals, and race condition research.

https://greenteapress.com/wp/semaphores/

#Concurrency #RaceCondition

Wow so it turns out I was right, Javascript is a gross language that is impossible to read for anybody who isn't already familiar with its syntax.

I come from C/C++ and Python land when it comes to network request stuff, and I'm accustomed to code just executing one line after another. I can get used to the async stuff, but it's pretty damn frustrating that VS Code doesn't even have any indications to tell you when a function is going to be async or not.

There's also seemingly no immediately clean way to just say "don't continue, everything after this is going to rely on the result of this function".

Maybe I'm just bitching because I don't understand how await and Promises work.

#webdev #JS #html #async #raceCondition #programming

Single-endpoint Race Conditions
This vulnerability is an example of a Race Condition, specifically a single-endpoint Race Condition. The root cause was a flawed implementation of concurrent requests, where the application did not ensure proper synchronization of operations. This led to a scenario where a malicious user could submit a request before the first request was processed, resulting in the server treating the second request as the first, due to the order of operations being manipulated. The researcher discovered this by sending concurrent requests through a tool like Burp Suite and observing the server's response. The technical details involve a window of opportunity for manipulating the sequence of requests, leading to unintended consequences. This vulnerability could potentially lead to data corruption, unauthorized access, or privilege escalation. The researcher was awarded a bounty of $300 for the finding. To remediate, enforce proper synchronization of concurrent requests and validate the order of operations to prevent race conditions. Key lesson: Proper synchronization is crucial when handling concurrent requests to prevent race conditions. #BugBounty #Cybersecurity #WebSecurity #RaceCondition #ConcurrentRequests

https://infosecwriteups.com/single-endpoint-race-conditions-7a3879c09e79?source=rss------bug_bounty-5

Knock knock
Race condition
Who’s there?

(Credit: Ian Coldwater)

#Dev #Development #Jokes #RaceCondition