So it turns out I was wrong on the internet again, and the reason I was not blogging more had nothing to do with technology, but more with other tasks eating away my time 😅
I’m not sure how much interesting stuff I will have to talk about, anyway, but to get myself into the habit of writing things here regularly (if only for myself) I will start things off easily and just collect interesting things I’ve stumbled upon over the last few days.
TreeMap
A nice writeup here (found on HN), TLDR: concurrent access to objects that are not thread-safe does not necessarily cause exceptions. In data structures like TreeMap
it may lead to infinite loops, so it looks like a performance issue when troubleshooting.
Fortunately this vulnerability was apparently found before it was exploited (found on HN), but otherwise this could have been a total disaster, because todesktop.com has some high-profile customers and such a vulnaribility could result in a “code execution on millions of people”, as the author points out. The attack vector is the deployment pipeline:
[…] with the credentials i have, i could deploy an auto update to any app of my liking, having clients receive it immediately when they restart the app.