Race Control Github

[Eddie Boyum]

Timeis your most valuable asset; avoid wasted hours by learning industry-accepted best practices from the start. Share your goals with us and we will provide you with a detailed and customized plan on how to reach them faster.

Our Software Maintenance Service assures that your original license investment will keep its business value while ensuring your access to the latest software releases, technical support, and ability to purchase add-on products.

Get the most out of MathWorks, COMSOL, and Speedgoat products. Our events, guided training courses, and webinars are designed to help you learn how to use software, keep up with industry trends, and learn the best practices.

Our events, guided training courses, and webinars are designed to help you learn how to use MATLAB, Simulink, and COMSOL Multiphysics software and Speedgoat hardware, keep up with industry trends, and learn the best practices.

Universities and research institutions use COMSOL Multiphysics to enhance teaching and learning through simulation. The software enables students, faculty, and researchers to explore complex, coupled physics problems.

As the control software has become more sophisticated, the same practices used in earlier times resulted in a complicated Simulink model that was hard to understand as a whole, even for experienced developers. Also, as more students joined the group, the GitHub version control had to be streamlined to support contributions from several developers in order to fend off merge conflicts.

Developing control software for a four-wheel drive electric racecar is a complicated task, even for experienced developers, but it is even more complicated for incoming students to jump in and build upon existing code. Three main aspects cause most of the headaches:

The above-mentioned steps streamlined onboarding for new students, shortened the time needed to develop some functionalities, and corrected time-consuming bugs before any code was generated that would be used in the actual race car.

Today we are living in a renaissance of artificial intelligence, Machine Learning, and Deep Learning, and everyone wants to be a part of this movement. But the question is if you interested in using deep learning technology, where do you begin?

Discover three areas where Power Electronics Control Design with Simulink can transform your engineering projects. Reduce project time by 50%, access thousands of electrical modeling components, and build and tune motor control algorithms with ease.

Gain deep insights into battery pack dynamics, optimize operational cases, and elevate software architectures. Learn how to conduct early hardware testing, all while ensuring safer, more efficient, and longer-lasting battery pack performance.

DerbyNet is the new standard in race management software for Pinewood Derby events. It's free, and it's open source. With DerbyNet, multiple browsers connect to a web server running on your laptop or in the cloud.

An event dashboard running on the race coordinator's tablet, from which s/he can see the overall state of the event, control information displays, generate racing schedules, and directly control racing by group;

Distributed: Support as many check-in stations as you need, and as many information presentations. Computers, tablets, laptops, TV displays, or even phones connect to a small, local web server, running on one laptop or computer, to access live race information. The web server can even be hosted on a Raspberry Pi3 for a truly turn-key set-up!

Multi-platform: Anything that has a browser can connect to DerbyNet: smart TVs, laptops, tablets, you name it. The DerbyNet web server itself can be hosted on Mac, Windows, or Linux, and requires minimal computational resources.

Although DerbyNet is a full-featured race management system on its own, ifyou already use GrandPrix Race Manager (Pro or Lite or whatever), DerbyNet canconnect to the same database used by GPRM. That means you can adopt DerbyNet toprovide enhanced features (remote displays, etc.) while continuing to use yourexisting GPRM installation. (Please note that DerbyNet is not endorsed orsupported by Lisano Enterprises, LLC., the makers of GrandPrix Race Manager.Don't confuse DerbyNet with the commercial GPRM product, "DerbyWeb.")

On March 8, we shared that, out of an abundance of caution, we logged all users out of GitHub.com due to a rare security vulnerability. We believe that transparency is key in earning and keeping the trust of our users and want to share more about this bug. In this post we will share the technical details of this vulnerability and how it happened, what we did to respond to it, and the steps we are taking to ensure this does not happen again.

On March 2, 2021, we received a report via our support team from a user who, while using GitHub.com logged in as their own user, was suddenly authenticated as another user. They immediately logged out, but reported the issue to us, as it rightfully worried them.

Given that this bug was new behavior, we immediately suspected it to be tied to a recent change in our infrastructure and started by reviewing changes. We had recently upgraded components in our load balancing and routing tier. We identified that we had fixed an issue with HTTP keepalives which seemed like it could be related.

After investigating these changes, we were able to determine this was not the root cause. The requests of the affected users followed an entirely different path through our load balancing tier, touching different machines. We ruled out the possibility that the responses were being swapped at that level. Having ruled out the recent infrastructure changes as possible root causes, and with confidence the problem did not exist at the connection and protocol layers, we moved on to other potential causes.

The benefit of starting our investigation with recent infrastructure changes was that we did uncover that the requests that caused the incorrect session to be returned were handled on the same exact machine and in the same process. We run a multi-process setup using the Unicorn Rack web server for our main Rails application that handles things like viewing issues and pull requests.

From reviewing logs, we could gather that the HTTP body in the response to the client we sent was correct and only the cookies in the response to the user were wrong. The affected users from the support reports received a session cookie from a user who very recently had a request handled inside the same process. In one case, the two requests were handled sequentially, one after the other. In the second case, there were two other requests in between.

Threads were already used in other places in this application, but the new background thread produced a novel and unforeseen interaction with our exception handling routines. When exceptions were reported from a background thread, such as a query timeout, the error log would contain information from both the background thread and the currently running request, showing that the data was being pulled across threads.

We initially thought this to be an internal reporting problem only and that we would see some data logged for an otherwise unrelated request from the background thread. Though inconsistent, we considered this safe since each request has its own request data and Rails creates a new controller object instance for each request. It was still unclear to us how this could cause the problems we were seeing.

The breakthrough was when the team identified that Unicorn, the underlying Rack HTTP server used in our Rails application, does not create a new and separate env object for each request. It instead allocates one single Ruby Hash that is then cleared (using Hash#clear) between each request that it handles. This led to the realization that the thread safety issue in our exception logging could result in not only inconsistent data being logged in these exceptions, but the sharing of request data on GitHub.com.

Our initial analysis led us to the hypothesis that two requests occuring within a short period of time were required to trigger the race condition. With this information, we tried to reproduce the issue in a development environment. When we attempted to sequence the exact requests, we found that one additional condition was needed and that was an anonymous request that started the whole sequence. The complete list of steps as follows:

In summary, if an exception occurred at just the right time and if concurrent request processing happened in just the right sequence across multiple requests, we ended up replacing the session in one response with a session from an earlier response. Returning the incorrect cookie only happened for the session cookie header and as we noticed before, the rest of the response body, such as the HTML, was all still based on the user who was previously authenticated. This behavior lined up with what we saw in our request logs and we were able to clearly identify all of the pieces that made up the root cause of this race condition.

This bug required very specific conditions: a background thread, shared exception context between the main thread and the background thread, callbacks in the exception context, reusing the env object between requests, and our particular authentication system. This complexity is a reminder of many of the points presented in How Complex Systems Fail and how multiple failures are required to cause a bug like this one.

After identifying the root cause, we immediately prioritized eliminating two of the conditions that were essential in triggering this bug. First, we removed the new background thread introduced in the previously mentioned performance re-architecture. By knowing exactly what was added for this work, it was easy to revert. The change to remove this thread was deployed to production on March 5. With this change, we knew that the conditions required for the race condition could no longer be met and that our immediate risk of returning incorrect sessions was mitigated.

3a8082e126