This is exactly what #GNOME #Calendar felt like to me. Great if they are getting closer to fix it. #heisenbug #raceCondition

https://mastodon.social/@nekohayo/110939643457489280

RT @NullAhm
📢 NullAhmedabad March Meetup 📢

Date: 26th March 2023, 10:30AM IST

Session #2
Learn to identify potential instances of #racecondition from #codeanalysis with @itsdivyanshjain

RSVP: https://null.community/events/881-ahmedabad-monthly-meet

#nullahm

#Teammates past and present confirmed the solution to my #rbac #racecondition woes. Got it implemented, got the #operator installed in the #kubernetes cluster, and got that first line-of-business #workload deployed via its pipeline, without any modifications from developers.

Tomorrow we try to get the other 80+ workloads deployed into that cluster. Automator gonna #automate.

But for now, there is #soup. Tasty, comforting soup on a chilly day.

You know something is #hinky when the #operator you installed in the #kubernetes cluster to make #rbac easier is in a #racecondition against fairly ordinary #kustomize stacks that manage service accounts in namespaces where business workloads will actually run. Because arbitrarily changing service account tokens is exactly what I want to #debug on my first day back from a long break. 🙃 It’s important work for the cluster, but it doesn’t feel like progress.

Cryptocurrency startup fails to subtract before adding, loses $31m - Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take... https://nakedsecurity.sophos.com/2021/12/06/cryptocurrency-startup-fails-to-subtract-before-adding-loses-31m/ #cryptocurrency #racecondition #cryptocoin

#CyberSecurity
> #FourBytesOfPower: exploiting #CVE-2021-26708 in the #Linux kernel
> I like this #exploit. The #RaceCondition can be leveraged for very limited #MemoryCorruption, which I gradually turn into arbitrary read/write of kernel memory, and ultimately full power over the system.
https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html
http://zer0con.org/#speaker-section

#InfoSec
> #Firejail: #Insecure Use of #OverlayFS as #Sandbox File System
> Firejail is a #SUID security sandbox program that reduces the risk of #security breaches by restricting the running environment of untrusted applications using #Linux #namespaces and #seccomp-#bpf.
> [...] a #RaceCondition [...] allows creation of or granting write access to arbitrary files.
https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/

Critical Adobe Flaw Fixed in Out-of-Band Security Update - Adobe has fixed a critical flaw in its Creative Cloud Desktop Application for Windows. more: https://threatpost.com/critical-adobe-flaw-out-of-band-security-update/154075/ #adobecreativeclouddesktopapp #arbitraryfiledeletion #vulnerabilities #outofbandupdate #cve-2020-3808 #racecondition #criticalflaw #adobeflaw #windows #adobe #patch

It seems like such a natural instinct when faced with a #RaceCondition: oh, just give your favourite horse a head start so they always win the race.

There's some lesson to be learned about how the way to solve races is to eliminate races, not to partially rig them and hope for the best.