Hang bugs — when software gets stuck, but doesn’t crash — can frustrate both users and programmers, taking weeks for companies to identify and fix. Now researchers from North Carolina State University have developed software that can spot and fix the problems in seconds.
“Many of us have experience with hang bugs — think of a time when you were on website and the wheel just kept spinning and spinning,” says Helen Gu, co-author of a paper on the work and a professor of computer science at NC State. “Because these bugs don’t crash the program, they’re hard to detect. But they can frustrate or drive away customers and hurt a company’s bottom line.”
With that in mind, Gu and her collaborators developed an automated program, called HangFix, that can detect hang bugs, diagnose the relevant problem, and apply a patch that corrects the root cause of the error. Video of Gu discussing the program can be found here.
The researchers tested a prototype of HangFix against 42 real-world hang bugs in 10 commonly used cloud server applications. The bugs were drawn from a database of hang bugs that programmers discovered affecting various websites. HangFix fixed 40 of the bugs in seconds.
“The remaining two bugs were identified and partially fixed, but required additional input from programmers who had relevant domain knowledge of the application,” Gu says.
For comparison, it took weeks or months to detect, diagnose and fix those hang bugs when they were first discovered.
“We’re optimistic that this tool will make hang bugs less common — and websites less frustrating for many users,” Gu says. “We are working to integrate Hangfix into InsightFinder.” InsightFinder is the AI-based IT operations and analytics startup founded by Gu.
The paper, “HangFix: Automatically Fixing Software Hang Bugs for Production Cloud Systems,”
The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports.
Wassime Bouimadaghene, a French security researcher, originally uncovered the vulnerability in September. But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to draw attention to an issue that put Grindr’s more than 3 million daily active users at risk.
Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords. Like many social media sites, Grindr uses account password reset tokens, a single-use, machine-generated code to verify that the person requesting a new password is the owner of the account. When a user asks to change their password, Grindr sends them an email with a link containing the token that, once clicked, lets them reset their password and regain access to their account.
However, Bouimadaghene discovered a serious issue with Grindr’s password reset page: Instead of solely sending the password reset token to a user’s email, Grindr also leaked it to the browser. “That meant anyone could trigger the password reset who had knowledge of a user’s registered email address, and collect the password reset token from the browser if they knew where to look,” TechCrunch reports.
In short, just by knowing the email address a user had associated with their Grindr account, a hacker could easily create their own clickable
Microsoft has released an optional preview update for Windows 10 version 2004 that addresses Windows Subsystem for Linux 2 issues that emerged after September’s Patch Tuesday update.
The preview update KB4577063 for Windows 10 version 2004, aka the May 2020 Update, bumps up this version to build number 19041.546.
This preview update brings many of the same fixes Microsoft released in last week’s 20H2 Beta preview for Insiders on the Release Preview Channels. Microsoft is expected to release 20H2, or the Windows 10 October 2020 Update, either this month or in November.
Two key issues addressed in this optional update for Windows 10 2004 are the WSL 2 bugs and a lingering connectivity issue with WWAN LTE modems.
The update addresses an issue in WSL that generates an ‘Element not found’ error when users try to start WSL.
The other is a connectivity issue affecting devices with certain WWAN LTE modems, which prompted Microsoft to impose a safeguard hold on August 31, preventing users on Windows 10 1903 and 1909 from upgrading to Windows 10 2004.
“Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet,” Microsoft notes.
With this LTE modem fix, Microsoft is preparing to remove the block on Windows 10 2004 upgrades in mid-October, likely after Microsoft releases the October Patch Tuesday update, which is scheduled for October 13.
This update adds a notification to Internet Explorer 11 to alert users that support for Adobe Flash ends December 2020. It also addresses an issue that causes games using spatial audio to stop working, and reduces distortions in Windows Mixed Reality head-mounted displays.
Like the update for 20H2, it ensures new Windows