Man’s taking “double it and give it to the next person” to a whole new level
@kokostas879 Жыл бұрын
It’s like double it and give it to the next thread
@spoperty4940 Жыл бұрын
@@kokostas879 how, its more like double it and give to the next gift card. the threads dont get anything they just request at the same time basically
@kk.6699 Жыл бұрын
bro explained my operating system, networking, and cybersecurity courses in a 9 minute video better than my professors did
@danimunf Жыл бұрын
i was about to comment this😅
@xx-bihi-xx8435 Жыл бұрын
so dam true xD
@adamgoodwar Жыл бұрын
and you mother
@BetaPhish Жыл бұрын
Fuck it was a waste of money 😭😭
@WistrelChianti Жыл бұрын
Kinda annoyed no one ever explained race conditions to me before in terms of an actual race. Was just a word we were told was the name for the situation when two threads access the same resource with potential undesired consequences.
@aaronhandleman7277 Жыл бұрын
It's worth mentioning that depending on the architecture, race conditions can be worse than just not knowing which item will be selected. You can end up in situations where the outcome isn't one of the two options. On certain architectures this can happen to primitives like numbers, but its easier to think about with an object. Say you have two threads racing to designate something as a "Yellow Truck" and "Blue Van". The object might store the color and type of vehicle separately. Moreover, just because thread 1 gets to the color field first, doesn't mean it will always get to the vehicle field first. So we can end up in a situation where the outcome is "Blue Truck" which wasn't either of our original options. On some architectures this can happen with integers because they span over multiple bytes, but those bytes may not be written as an atomic operation, so you could get the high bytes from thread 1 and low bytes from thread 2.
@TheColorman Жыл бұрын
That sounds super interesting, do you have any resources for learning more? E.g., on which architectrues this happens?
@aaronhandleman7277 Жыл бұрын
@@TheColorman Afaik any architecture will make sure loads and stores are atomic up to the native word size, but that changes by architecture so arduinos could potentially have this happen with 32 bit integers since they have a 16 bit word. I don't have a specific resource, but you'll want to look into the architecture's memory model. The memory model defines how loads and stores interact when accessing memory.
@somdudewillson Жыл бұрын
Technically each individual outcome is still one of the two options in that case, the composite just isn't entirely one or the other.
@aaronhandleman7277 Жыл бұрын
@@somdudewillson Yeah, the point is just that not all architectures have atomics for some types we consider primitives. So if you're looking at a 32 bit int on a 16 bit wordsize architecture, technically the hardware instructions consider the int to be multiple concatenated pieces of information, but that isn't what we'd expect. There are also race conditions which can occur due to weirdness in the memory models. Most architectures assume that things are running on a single core. This allows the compiler or even the hardware to reorder some instructions however it wants. So, we could have some code where x and y both are initialized as 0 and we have 2 threads executing. Thread 1: store x = 15 store y = 25 Thread 2: read y read x print x, y Now you'd expect that the only options are (0,0), (15, 0), (15, 25), however we can also see (0, 25) due to hardware or software reordering on the write operations.
@lucaborletti8087 Жыл бұрын
Deadlock too
@itami2049 Жыл бұрын
underrated
@nang88 Жыл бұрын
trying
@BeatRunner69 Жыл бұрын
@@nang88 YOU ARE FUCKING GREAT
@floydontour Жыл бұрын
severely
@Dahlah.FightMe Жыл бұрын
NICE
@ollan-gi5hy Жыл бұрын
Right
@eitansegev Жыл бұрын
we can see how rich he is through this insane production. clearly, he put in at least 100m dollars, and he got no sponsors, so he is rich af.
@nang88 Жыл бұрын
This single video costs upwards in the 8 digits.
@jeetshah8513 Жыл бұрын
@@nang88 😂 you got to be kidding 🤣
@johonogon Жыл бұрын
@@nang88now how many of those digits are zeros?
@Dr.Schnizzle Жыл бұрын
@@johonogon7 of them, but you don’t know which 7
@adrianojose7172 Жыл бұрын
@@Dr.Schnizzle lmaoo
@azibros Жыл бұрын
He's like Michaels reeves but you actually learn something, Love it!
@jorgecruces185 Жыл бұрын
Accurate description of this channel
@elpatotroll9568 Жыл бұрын
Accurate
@suspiciousstew1169 Жыл бұрын
And probably has a better upload schedule
@cr_lucky7906 Жыл бұрын
@@suspiciousstew1169 it doesnt take that much to be fair😭
@sandou_osu Жыл бұрын
Michael Reeves is for insanity, nang is for practicality. Value each as you wish.
@Cadey Жыл бұрын
Fun fact: most modern apple processors don't have SMT (symmetric multithreading), which is what gives processor cores multiple threads because of the security concerns of SMT (namely: spectre). A 12 core M1 CPU will only have 12 threads (but even then only a few of them will be full power cores, the rest will be efficiency cores that run background tasks slower but at much less power, this is how M1 macbooks last all day on battery).
@SaqibMubarak Жыл бұрын
I don't think that's true bro, ARM based processors don't support SMT due to energy consumption reasons Hyper threading uses more power basically. AMD has also adopted SMT only in rect Zen architecture. It was an Intel proprietary technology. I don't think there is any security issue in using SMT, race condition can be easily solved by using semaphores(or soo many other methods). Also SMT means Simultaneous multithreading not Symmetric.
@spoperty4940 Жыл бұрын
@@SaqibMubarak i think 250 people liked his comment because he said stuff that sounded smart, he didnt even give the correct definiton to SMT lol
@SaqibMubarak Жыл бұрын
@@spoperty4940 yeahhhh right...when I read for the first time, I was sooo confused as to what he was trying to say with sooo much confidence 😂
@spoperty4940 Жыл бұрын
@@SaqibMubarak i never majored comp sci and i knew he was bull shitting, 90% of youtube comments that frame themselves as facts are people pulling shit out their arse(that statistic i pulled out my arse it is an arbitrary number)
@DominicI1 Жыл бұрын
Even if it did have symmetric multi-threading, multiple threads attributed to a core are not *actually* capable of running multiple processes simultaneously. In reality, regardless of the number of threads a core has (1 or 2), there can only be one process running on a core at a given time. Hyper threading achieves a parallelism effect via utilizing "waiting periods" in one process (thread) to contribute to another. While in practice this give the illusion of parallel processing, it is merely an illusion and not in fact the case. Because of this hyper-threaded (intel's term) CPU cores do not gain a 2x performance via single threaded cores. Instead the performance is generally between 1.3-1.6x and in any case where there are no halts in processing the performance will be identical to that of a single threaded core. Also, in the case of "ARM based processors don't support SMT due to energy consumption reasons", this use to be partially true. There were other reasons behind this, such as design simplicity and the fact that that the original devices intended to run on ARM processors (smartphones & tablets) benefited more from increased core numbers than symmetric multi-threading. Heat was also an issue, because utilizing the waiting time between processes on a CPU involves increased utilization and therefor increased thermals, which is harder to manage on devices such as smartphones with limited cooling options. The biggest error in the statement was that they "don't support SMT", which is no longer the case (since at least 2018 with the Arm Cortex-A65). All in all, I would say that the response by @SaqibMubarak is about just as truthful as @Cadey 's comment, possibly less so. Everyone could use some constructive criticism now and then, including myself.
@patrickt101 Жыл бұрын
This was so fun to watch and super informational too, love the style and hope we get to keep seeing more from you :)
@nang88 Жыл бұрын
Thank you!! Happy to have you
@WistrelChianti Жыл бұрын
yeh really liking the style. Kinda reminding me of sociallyineptweeb's videos
@NotAFanMan88 Жыл бұрын
This is typically why you'd put readlocks on a db or force sequential requests via queuing when they're affecting the same account.
@otrrsuns3t Жыл бұрын
Felt so nice saying the answers and actually feeling like I’m learning something in uni
@spoperty4940 Жыл бұрын
feeling like?, by your comment you are learning stuff in Uni.
@Ailun__ Жыл бұрын
Just watched this after your cracking video; First things to inspire some more interest in me after uni destroyed every single ounce of my soul that was interested in CS. Great work.
@nang88 Жыл бұрын
🙏
@youssefdarwich1085 Жыл бұрын
bro I literally spend hours and hours at uni trying to understand one single concept and then I watch a 9 minute video on youtube that explains everything clearly and is very fun. I hate uni so much ffs.
@borisburd2951 Жыл бұрын
i knew nothing of what you told on the video and i left knowing almost everything you said. Really informative and entretaining! Keep it up
@_chappie_ Жыл бұрын
Simply following ACID database principles and implementing some form of Optimistic/Pessimistic Locking would have probably helped them
@sayujyamalkan2660 Жыл бұрын
Ehee
@RahulArora-bv6rm Жыл бұрын
I'm an undergrad studying Comp. Sci. but nobody teaches this sort of stuff so i ask you what is the study of this topic called?
@_chappie_ Жыл бұрын
@@RahulArora-bv6rm same tbh. Uni only teaches you the basics. But after some experience in the field you come across these advanced topics, just by purely researching for me. I'd guess it falls into database and design. There you should find material on the ACID principles
@spoperty4940 Жыл бұрын
@@RahulArora-bv6rm it depends where you learn, what classes are available and how many years you learn. I'll advise to talk to your professor/teacher and ask if they know about classes you can take that part of their curriculum includes ACID principles as different classes can include them, and if there are no classes which teach it ask them if they have good documentation about ACID to learn from.
@Emporus Жыл бұрын
U know the video is fire if it teaches u something about cores and threads in a min, faster than a whole 10 min video on computer parts
@sadpikachu409 Жыл бұрын
This dude is gonna reach 100k subscribers in no time with content of this quality. Good job and keep it up. I appreciate your videos and if I wasn't a broke college student I would donate.
@3n3j0t4 Жыл бұрын
yep
@JH-vm7wl Жыл бұрын
Fun and educational, you going places with this style, remember that a lot of people like computers and understanding them, so you don't need to be a michael reeves to be rich, keep going!
@@EditorKody wtf how did you know i have 6588 eyes?
@MrTomas7777 Жыл бұрын
This reminded me of an Operating Systems course I took recently. When learning about thread synchronization we had this exact same example of transferring money... Never thought I'd hear about a bug like this happening on a real thing lol
@zafaris Жыл бұрын
Same fr, we just learnt about this in our Computer Architecture and Concurrency module lool
@spoperty4940 Жыл бұрын
it happens a bunch, its just rare to hear about it because its usually not really a problem in this sort of way. there are way worse use cases of this exploit, mainly certain types of DDOS(that exploit system uncertainty to apply additional load on the system with HTTP requests, and DDOS is substantially worse in certain cases then stealing some coffee)
@trucksucc8490 Жыл бұрын
I remember starbucks used to give you a free drink on your birthday, all you needed to do was sign up for an account with an email (you didn't even have to comfirm it) and say it was your birthday. Remember me and my friends in middle school would ride around to all the starbucks we could absolutely abusing this lmfao.
@fath2776 Жыл бұрын
“and that’s how I ended world hunger”
@stevenb3315 Жыл бұрын
You "multiple threads". Also you: "import multiprocessing"
@marya4798 Жыл бұрын
This was a really informative, interesting, and clearly explained video for someone with no prior understanding of this. Thank you!!
@seektosilence Жыл бұрын
You can technically have more than just 2x the threads on a core, and this concept you're referring to is called Hyperthreading, and it isn't available on all processors. Typically, in this scenario, the "threads" aren't actual threads as perceived by the processor. They're managed by the Operating System.
@joej3365 Жыл бұрын
conner omg hi
@seektosilence Жыл бұрын
@@joej3365 Who are you?
@joej3365 Жыл бұрын
@@seektosilence i like the headshot man, stay classy, they don’t make em like you anymore.
@seektosilence Жыл бұрын
@@joej3365 Haha thanks, I like to be upfront about who I am ya know?
@fairlyfactual451 Жыл бұрын
This is a lesson in the importance of atomicity and serialization in transactions. Always ensure either everything happens in order (check, subtract, add -> check, deny) and is completed or entirely undone (check, subtract, error, don't commit -> check, subtract, add, commit)
@jhin5588 Жыл бұрын
Subscribed. This is awesome content! I just graduated from Software Eng a year ago and I love all the topics you covered.
@nang88 Жыл бұрын
sweet!!! Happy to have you
@btheflyingxbox Жыл бұрын
i love the quality of your videos, you deserve way more than 59k subscribers
@robster7787 Жыл бұрын
That analogy was so good I stopped watching. As soon as you finished explaining the running box concept, it made complete sense of the exploit. It it’s also known as a double spend attack in a similar sense.
@thegreatchrispy Жыл бұрын
It's kinda wild how many modern applications are built without giving a single thought to multithreading.
@Nabikko Жыл бұрын
This is actually how many duping systems work in video games!
@MishaG4mer Жыл бұрын
is that a minecraft reference!?!?!?!?!
@antdok9573 Жыл бұрын
I've done it in ArmA 2 as well in some custom roleplay gamemode. As well as ArmA 2's DayZ mod.
@SKoowey Жыл бұрын
this guy at the end of the video: "anyways dont do this, but here's the code for unlimited money, cya"
@Mylzad Жыл бұрын
great video, since i would want some constructive criticism im going to do my best to try giving some tips 1. Id bump the music volume up SLIGHTLY (few decibels at an ABSOLUTE MOST) most of the time i didnt even realize music was playing until you had a pause in speech 2. Id try to cut out some more of the blank space in the video, the pacing at time felt a bit slow but that might just be a me thing 3. KEEP IT OTHERWISE! I think you did an amazing job breaking up this complicated topic into an easily digestible video that helps people understand exactly what happened and what you did! just a few things i wanted to mention since id always want others opinions on my own stuff i make, awesome video regardless!
@nang88 Жыл бұрын
Yo i appreciate this a ton. Need constructive criticism always, Thanks!!
@SyLens1 Жыл бұрын
Bro just made boba inflation
@MrCheesecakeGames Жыл бұрын
“I DDOSed a boba tea company to get free boba for life.”
@zelieusnamirian3519 Жыл бұрын
Man's a educator and a genius, cool ace up the sleeve @nang, I imagine your cv is a computer scientist's dream haha!
@jg6536 Жыл бұрын
Love when actual things are shown in real life examples, reminds me of arp posioning and how it back doored adobes security checks for a long time CS3-5 i believe
@KaseCami Жыл бұрын
1:28 Well actually 🤓 Your computer can still do multiple things "at the same time" with only one thread and one core. This is done by the OS scheduler. What the scheduler does is that he runs a process for some period of time, stores the state of the process for later, loads the state of another process, and so. This is called context switch and happens so fast that it gives the illusion of concurrency. I think this videos from Computerphile are quite whell explained: Multitasking: kzbin.info/www/bejne/g3OTqneDhs9korc Context switch: kzbin.info/www/bejne/enzQc4Wibc9md80
@DragoSpiro98 Жыл бұрын
illusion of concurrency ≠ concurrency
@518csgo9 Жыл бұрын
Love the style of your vids keep up the good work
@nang88 Жыл бұрын
Thank you
@everlong1533 Жыл бұрын
yo these race conditions are kinda lit, u should consider taking 15213 at cmu i heard it’s a super cool and challenging class
@asdgreersf Жыл бұрын
Plot twist: It was an elaborate sponsorship
@lydium2119 Жыл бұрын
Instructions unclear, accidentally DDOS'd my local Jollibee
@wraixu Жыл бұрын
“Hey guys this is how you make a nuclear bomb capable of destroying New York City in one explosion, but guys don’t make this”
@i3badiix Жыл бұрын
Man! That's educational and entertaining 👌keep going 💕
@nang88 Жыл бұрын
thanks sm!
@twangerrrrrr Жыл бұрын
my lawyer advised me not to answer wether i'd try this or not
@jessebusma5339 Жыл бұрын
This is my favorite KZbinr now.
@clownkid Жыл бұрын
Thanks nang! Now I can go to Chuck E Cheese and play Mario Kart until closing. I'm going to get so good, that those 6 year old's won't be able to make fun of me anymore!
@TrikzyOnWeb Жыл бұрын
Just found your channel. Really informative video and appreciate you explaining everything. Makes it easy to follow along. Cheers
@nang88 Жыл бұрын
thank you man. happy to have you here
@JellyMelodies Жыл бұрын
The Pokémon music makes this video 10x better
@ai_outline Жыл бұрын
Please make more videos applying Computer Science! This is just awesome!!!
@death78 Жыл бұрын
Bro have 5 cameras and can't decide which one to use 💀
@zachb3222 Жыл бұрын
I love the fidget ball that’s changing color throughout the video 😂
@paulcastonguay5252 Жыл бұрын
The unique style behind this work of art gives Quentin Tarantino a run for his money.
@mycul_ Жыл бұрын
This video is gonna be so much fun to watch in court.
@mugpad8269 Жыл бұрын
I was watching this video thinking im watching a big channel with millions of views on this video, and it blew me away when i saw it doesnt even have 50k views. So underrated.
@spazberrytoto Жыл бұрын
Kid Pix "Oh no" what a throwback
@keibodabedini-im9jk Жыл бұрын
The editing skillz is killin me
@presidentgamingz Жыл бұрын
I don't know if he thinks the effect is cool or he doesn't know how to edit at all
@wchorski Жыл бұрын
i'm thoroughly convinced that this technique came from pokemon item cloning
@nothingiseverperfect Жыл бұрын
This was actuslly so interesting and funny, I hope you make it big bro
@nang88 Жыл бұрын
Thanks so much man
@TheWesrocks123 Жыл бұрын
Good video. You showed up on my recommended so you should get a good boost here. Really enjoyed the actual educational side of it so keep doing that pls lol.
@tommie87 Жыл бұрын
the fact i’ve saw this dude graduate high school then college is crazy
@jimmykelly5928 Жыл бұрын
I’m about to go to my local Boba place and not do this.
@nang88 Жыл бұрын
Lmfaooo
@JustinBarak Жыл бұрын
Think if it’s unsigned, when you go negative $100 you actually flip positive to a massive number
@NyikaWachira Жыл бұрын
It’s people like this guy who make me want to do cs bru 😂
@HappyGuyPassingBy Жыл бұрын
Really like the content ,the visual edit and music have a good room for improvement. The topic is not easy to understand , so unfortunately it made it harder visually and musically.
@SetTheCurve Жыл бұрын
“Graduated from college so I’ll have time for videos.” lol, nice one. Sounds like someone who hasn’t graduated before.
@mysteryguitarhaziq Жыл бұрын
the oh no audio just hits the silliest of bones
@Pokepic Жыл бұрын
This is exactly like that minecraft glitch where if two players took something out of a chest at the same time, the item would get duped XD
@victorrafael-ys4is Жыл бұрын
ur explanations were super good and easy to understand. much much appreciated
@RedStone576 Жыл бұрын
explaining how stuff work to gen z and non programmers be like
@michaelfoulk Жыл бұрын
Just heard you got outta college. I'm excited for the extra content. The content so great such a throw back instant sub.
@joshuachan6317 Жыл бұрын
2:34 "we can now think of the people as threats"
@philingupspace Жыл бұрын
brooo you are way to entertaining XD and informative, you´ll make it far for sure :D
@VVillainous Жыл бұрын
Please keep doing hacking content, I recently discovered your account. Your humor with your skills are an amazing match. Keep it up brother
@no-ld3hz Жыл бұрын
pretty funny video to explain thread racing, if you ever do this style again might be good to throw in mutexes, semaphores, and locks.
@WistrelChianti Жыл бұрын
The historical explanation was interesting but yeh, didn't expect it to work. Even if they didn't make their code thread safe with semaphores, suspect the odds of being able to get 2 web requests handled close enough to each other to see an overlap are probably tiny with speeds today. It would probably take billions of attempts to luck out... if indeed there is anything to luck out over.
@astroorbis Жыл бұрын
Congrats on the graduation, and amazing video!
@reset5899 Жыл бұрын
Michael reeves with low level cybersecurity and budget 🤯❤
@qsz88 Жыл бұрын
Not me who did this with a school lunch card
@vanessafai06 Жыл бұрын
wasn’t expecting the f1 graphics but it was a pleasant surprise!
@Ry21Gu Жыл бұрын
Would you rather have unlimited boba but no games? Or boba, unlimited boba, but no boba?
@HabiasaDeveloper Жыл бұрын
I like how you respect Mongolian culture and music.
@outistheone5952 Жыл бұрын
So thats why I was taught about these in class, thanks for helping me understand how this makes some services vulnerable, never really cared about race conditions till now
@LachlanGB Жыл бұрын
fucking lost it when the throat singing started
@opghmino4834 Жыл бұрын
him: and.. oh no it didn't work .... or did it also him: *sips boba*
@sunjaitripathi705 Жыл бұрын
bro explained what years of comp sci couldn't
@Waseek69Ahmad Жыл бұрын
I didn't even flinch while watching this. Top notch production right there
@TakuroSpirit Жыл бұрын
Best use of music in an educational video. Great work.
@festivius Жыл бұрын
his teeth turn green at 2:15 😭
@camocamilionOLD Жыл бұрын
best greenscreen
@jabbarfromafar Жыл бұрын
NANG THAT 7 leaves is right next to my hosue
@waffleman4503 Жыл бұрын
free uncle kenny he ain’t do nothing wrong
@houstonbeckworth Жыл бұрын
"Don't do this" Proceeds to put the code in the description
@Murasame Жыл бұрын
The production of this video makes it quite entertaining.
@macchiato_1881 Жыл бұрын
Damn. Didn't know Rich Brian had a tech side hustle
@grey1185 Жыл бұрын
You are literally like the Michael Reeves that teaches people and explains the method behind the madness.
@user-nn9tk9fi6g Жыл бұрын
him: dont do it also him: * explains how to do it *
@ohohohoho Жыл бұрын
1:37 i was actually listening to music on spotify while watching your video
@xx-bihi-xx8435 Жыл бұрын
Bro the fact that you had a Boba cup in your hand tells that it worked xDDDD
@aaaduccs6667 Жыл бұрын
Woooww I don’t understand a thing about computer sci 😭😭 even the comments are confusing, I think I’ll stick to begging for boba
@MrAhvids Жыл бұрын
Thanks bro helped me connect some dots in my head with some concepts.