Software spots and fixes hang bugs in seconds, rather than weeks — ScienceDaily

Hang bugs — when software gets stuck, but doesn’t crash — can frustrate both users and programmers, taking weeks for companies to identify and fix. Now researchers from North Carolina State University have developed software that can spot and fix the problems in seconds.

“Many of us have experience with hang bugs — think of a time when you were on website and the wheel just kept spinning and spinning,” says Helen Gu, co-author of a paper on the work and a professor of computer science at NC State. “Because these bugs don’t crash the program, they’re hard to detect. But they can frustrate or drive away customers and hurt a company’s bottom line.”

With that in mind, Gu and her collaborators developed an automated program, called HangFix, that can detect hang bugs, diagnose the relevant problem, and apply a patch that corrects the root cause of the error. Video of Gu discussing the program can be found here.

The researchers tested a prototype of HangFix against 42 real-world hang bugs in 10 commonly used cloud server applications. The bugs were drawn from a database of hang bugs that programmers discovered affecting various websites. HangFix fixed 40 of the bugs in seconds.

“The remaining two bugs were identified and partially fixed, but required additional input from programmers who had relevant domain knowledge of the application,” Gu says.

For comparison, it took weeks or months to detect, diagnose and fix those hang bugs when they were first discovered.

“We’re optimistic that this tool will make hang bugs less common — and websites less frustrating for many users,” Gu says. “We are working to integrate Hangfix into InsightFinder.” InsightFinder is the AI-based IT operations and analytics startup founded by Gu.

The paper, “HangFix: Automatically Fixing Software Hang Bugs for Production Cloud Systems,”

Grindr fixes issue that let hackers easily hijack accounts

Illustration for article titled Serious Grindr Vulnerability Let Hackers Hijack User Accounts With Just an Email Address

Photo: Leon Neal (Getty Images)

The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports.

Wassime Bouimadaghene, a French security researcher, originally uncovered the vulnerability in September. But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to draw attention to an issue that put Grindr’s more than 3 million daily active users at risk.

Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords. Like many social media sites, Grindr uses account password reset tokens, a single-use, machine-generated code to verify that the person requesting a new password is the owner of the account. When a user asks to change their password, Grindr sends them an email with a link containing the token that, once clicked, lets them reset their password and regain access to their account.

However, Bouimadaghene discovered a serious issue with Grindr’s password reset page: Instead of solely sending the password reset token to a user’s email, Grindr also leaked it to the browser. “That meant anyone could trigger the password reset who had knowledge of a user’s registered email address, and collect the password reset token from the browser if they knew where to look,” TechCrunch reports.

In short, just by knowing the email address a user had associated with their Grindr account, a hacker could easily create their own clickable

Windows 10: Microsoft’s new 2004 update fixes bug that stopped WSL 2 working

Microsoft has released an optional preview update for Windows 10 version 2004 that addresses Windows Subsystem for Linux 2 issues that emerged after September’s Patch Tuesday update. 

The preview update KB4577063 for Windows 10 version 2004, aka the May 2020 Update, bumps up this version to build number 19041.546.

This preview update brings many of the same fixes Microsoft released in last week’s 20H2 Beta preview for Insiders on the Release Preview Channels. Microsoft is expected to release 20H2, or the Windows 10 October 2020 Update, either this month or in November.

SEE: Windows 10 Start menu hacks (TechRepublic Premium)

Two key issues addressed in this optional update for Windows 10 2004 are the WSL 2 bugs and a lingering connectivity issue with WWAN LTE modems.

The update addresses an issue in WSL that generates an ‘Element not found’ error when users try to start WSL. 

The other is a connectivity issue affecting devices with certain WWAN LTE modems, which prompted Microsoft to impose a safeguard hold on August 31, preventing users on Windows 10 1903 and 1909 from upgrading to Windows 10 2004. 

“Addresses an issue with certain WWAN LTE modems that might show no internet connection in the notification area after waking from sleep or hibernation. Additionally, these modems might not be able to connect to the internet,” Microsoft notes. 

With this LTE modem fix, Microsoft is preparing to remove the block on Windows 10 2004 upgrades in mid-October, likely after Microsoft releases the October Patch Tuesday update, which is scheduled for October 13. 

This update adds a notification to Internet Explorer 11 to alert users that support for Adobe Flash ends December 2020. It also addresses an issue that causes games using spatial audio to stop working, and reduces distortions in Windows Mixed Reality head-mounted displays. 

Like

Spellbreak Update 1.1 Fixes Bugs, Adds Anti-Cheat Measures, And Smooths Out Aiming Issues

Spellbreak, a free-to-play battle royale where every player has an elemental power to fight with, has received its first major update. The game, which launched on PC, Switch, PS4, and Xbox One on September 3, has updated to version 1.1, and has fixed numerous bugs and issues in the process.

Update 1.1 brings several fixes to Spellbreak across all platforms, as well as some system-specific changes for each different version of the game. It doesn’t add any major new features, but instead focuses on tweaking and improving what is already there.

“We wanted the focus of this one to be on stability and performance across all of our platforms,” the Spellbreak blog reads before detailing the patch notes.

The complete patch notes for Spellbreak Update 1.1 are below.

Gameplay

  • The Lighting Bolts spell’s recovery animation can now be interrupted by casting a sorcery.
  • Fix edge case where reviving or exiling someone could be canceled in order to get faster spell firing.
  • Fixed an issue that caused projectiles to sometimes not register damage even though they hit.

Aim Assist

  • Smoothed out difference in aim assist strength between different framerates.
    • This results in more consistent behavior for all players and eliminates advantages that came from very high framerate.
  • Fixed an exploit where aim assist could be much stronger than intended under certain combinations of distance to target and input sensitivity.
    • This meant it was possible for players under certain circumstances to make their spells incredibly easy to hit. This was mostly clearly seen with the Lightning Gauntlet on PC.
  • Adjusted aim assist values for various console platforms.
  • Aim assist now decreases over distance.
  • Default Look Deadzone setting on Switch is now 0%.
    • This is generally what you want, because deadzones are handled by the OS itself.

Miscellaneous

  • Enabled some extra anti-cheat mechanisms.