Skip to content →

Jesper Jarlskov's blog Posts

Race conditions

We just had an issue at work. A system that had been working fine suddenly started losing data. This had never been an issue before, and it seemed to happen at random which made it pretty hard to debug and reproduce.

The system consisted of a JavaScript-heavy web frontend, interacting with an API based on a PHP and MySQL backend.

After a lot of digging around in network requests and code on both the front- and backend, we discovered that the issue was caused by a race condition in the PHP code due to simultaneous AJAX requests from the frontend.

How it was designed to work

The subsystem we were having issues with consisted of a large form used to create drafts of items in the database. When the value of any form field was changed the frontend would fire an AJAX request to the backend with the property name and the new value. The PHP backend would then load the draft from the database, add or update the new property, and save it again. Simple stuff.

Diagram: Everything running sequentially, no race condition
Everything running sequentially, no race condition

How it actually worked

This design worked fine for a start, but as the subsystem grew and got slower stuff was starting to happen. In theory, saving each field on update worked fine. It meant that the user didn’t have to click save buttons all the time (they are usually under heavy time constraints when using the system) and that nothing would be lost on page refreshes, or if the browser window was closed.

The problem with the design, though, was that it didn’t take into account the asynchronous nature of AJAX calls (the first A in AJAX stands for Asynchronous). As the data handled by the system grew it was slowing down however slightly, which meant that requests were starting to get to the PHP backend at the same time causing several PHP processes to start adding data to the same draft.

Request runs asynchronous, meaning we have a race condition
Request runs asynchronous, meaning we have a race condition

As the diagrams (tries to) show two processes running side by side would request the same draft store from the database, they would then each add their own property to the draft bringing them out of sync. The first request would then save the original draft to the database including the new data property added in Request 1, and right after that the second request would save the same draft with the new data property from request 2, but excluding the property from Request 1, which did not exist when the draft was first read from the database.

This meant that when several requests hit the server at roughly the same time only the last one to save to the database would actually have its data saved.

The solution

The right solution here would be to make sure all data properties wasn’t send one at a time, improving the design of both the frontend and the backend. But this would require a large refactoring of both subsystems including a lot of testing. Since the bug meant people were having a hard time doing their job, we did not have the luxury of this kind of time.

Instead, we implemented a queue in the frontend to make sure only one request would be sent at a time. This allowed us to implement a solution relatively quickly thus allowing sales to get back to work, so the business could continue running. First, make it work, then make it pretty.

Leave a Comment

January-2018.php

It’s a new year, but the tech scene doesn’t show any signs of slowing down and January has been yet another fast paced interesting month.

Explainshell

We start out with a handy little tool for those of us with just enough command-line-fu to be dangerous, but not enough to be really productive without the help of StackOverflow. Explainshell.com is a nice little tool that explains what happens in every part of a command line command. This is the least you could do before pasting random commands from StackOverflow into your terminal.

17 composer tips

I’ve previously talked about the wonders of the PHP dependency manager Composer. Earlier this month Martin Hujer shared 17 Tips for Using Composer Efficiently to help you up your Composer game.

Harvesting credit card numbers

Everybody who works at least peripherally with security knows that security is hard. That doesn’t make it any less important, though. David Gilbertson tells the (maybe true, maybe not) story of how he exploits weak website security and ubiquitous npm packages for harvesting credit card numbers and passwords from insecure websites.

Spectre & Meltdown

A new year means new security holes (YAY!). 2018 decided to not beat around the bush, and just start off with a massive security hole affecting most CPUs in use across the world. To make matters better, it even included 2 flaws. The 2 flaws was discovered by people working at Google’s Project Zero in collaboration with a bunch of other security researchers has been named Spectre and Meltdown.

A faster Firefox

For the last while, the Firefox team has had a heavy focus on improving the browser’s performance starting with Firefox Quantum. A new post on the Mozilla Hacks blog dives into the geeky side of how Firefox speeds up WebAssembly.

Leave a Comment

December-2017.php

The pages of the calendar has turned, and our dates now start with 2018, at least for those of us following ISO-8601. Still in this new year, I’m planning to keep doing my monthly lists of interesting tech-related articles to read.

Starting from today I’m starting a new job as a backend developer at the Danish food waste startup Too Good To Go, so the content of these summaries might change a bit since reading will likely follow the technologies I use in my daily life, but the main focus point will still be PHP.

Symfony 4 released

Just over a month ago the next major Symfony version, Symfony 4, was released. Jani Tarvainen listed some of the new major changes in his article 4 things I like about Symfony 4. On the Symfony blog they also posted a year in review.

Besides a new major version, Symfony also announced their new Diversity Initiative. I’m looking forward to see what this will entail, and how it will work out.

Secure coding practices

The beginning of a new year is often a time of reflection and making changes. Over at the Paragon IE they released a long-form Guide to building secure PHP software that can hopefully inspire some people to pick the habit of focusing more on security when writing software.

Don’t make objects that end with ‘er’

On a more curious note, Travis Griggs tells the story about one of the best bits of programming advice he ever got.

Leave a Comment

November-2017.php

Oh yes, Unix

The Unix philosophy focuses on minimalist, modular software. A beautiful example of this is the yes command, which repeatedly prints the character ‘y’. This sounds really simple, but Matthias Endler wrote a little story about the yes Unix command where he dives into writing his own copy of the tool and runs into some quite interesting issues.

PHP Versions Stats

Once again Jordi Boggiano has released the PHP version stats collected from packagist.org.

Software architectures, putting it all together

Last month I mentioned Herberto Graca‘s Event Driven Architecture article. The article is a part of a larger theme on software architecture. In his new article DDD, Hexagonal, Onion, Clean, CQRS, … How I put it all together he talks about just that, putting it all together.

PHP 7.2 release

The release of the newest feature release of the PHP 7 branch, PHP 7.2 has been announced. All new features can be found in the PHP 7.2 RFC and more details on the changes and upgrading can be found in the PHP 7.2 migration guide

Some notable features worth mentioning are:

2 Comments

October-2017.php

Asynchronous stack traces: why await beats .then()

First up, Mathias Bynens has an interesting look into how JavaScript stack traces are generated, and why await beats .then() when it comes to debugging.

Writing speaking code & ineffective coding habits

As always I’ve been watching a bunch of recorded talks, but two of them really spoke to me. The first one is Caleb Porzio’s talk at this year’s Erie Day of Code. His talk Writing Code That Speaks reiterates how code is written way more times than it’s written as he dives into the language expressed in the code.

The second talk is Kevlin Henney‘s talk from the 2016 Istanbul Teck Talks where he discusses Seven Ineffective Coding Habits that makes code harder to maintain.

HTTP/2 and APIs

I’ve previously written about some of the advantages of HTTP/2, and I’m generally a proponent of the protocol upgrade. In his article Let’s Stop Building APIs Around a Network Hack Phil Sturgeon argues how HTTP/2 will help make APIs simpler and more performant, by deprecating concepts like compound documents.

Event-Driven Architecture

In his article about Event-Driven Architecture Herberto Graca gives some background to the concept and some of it’s advantages and disadvantages. He also has some interesting examples of where using events can help clean an application’s structure, as well as where it shouldn’t be used.

Software architecture is failing

On a more negative note Alex Hudson has a piece claiming that Software architecture is failing in which he argues that some architectural patterns are being hyped so much that we as developers forget to be critical when choosing which makes sense for the problem we’re trying to solve.

Leave a Comment

September-2017.php

Another month is coming to an end, and again that means I’ll try to summarize some of the most interesting articles I’ve read. Because of holidays, it’s been a pretty short month for me work-wise. That also means that this month’s list is pretty short, but the content is really high quality.

For a while, I’ve been considering how to prevent my controllers to get too bloated. Laravel 5.5 introduces the responsable interface, which I believe will help provide a nice convention for where to put the logic that often ends up in the controllers. Another option suggested by Jens Segers, is to turn the normal entity-based controllers into callable request handlers, narrowing their focus, which I also think is an interesting approach.

I first heard about Event Sourcing at last year’s Laracon EU at Mitchell van Wijngaarden’s talk Future is a thing of the past. Mitchell’s background was very theoretic, though, meaning that at the time he hadn’t built any large-scale applications using the approach. That’s why I found it really interesting when Barry O Sullivan wrote his article Event Sourcing: What it is and why it’s awesome, providing an introduction to the concept of event sourcing, from somebody who works with it in the trenches of every day development.

I also found this list of 5 interesting Vuex plugins, for the Vue state management plugin Vuex.

Leave a Comment

August-2017.php

Once again a month is coming to an end and, as is becoming the habit, I’ve gathered a bunch of interesting tech articles that caught my eye during the last month.

First up, Matthias Noback has a 3-part series about his approach to application architecture and layered architecture. First part is a preface where he tells about his early experiences, and how he became interested in layered architecture. In the second part, he talks about layers and gives an outline of what a layered architecture is, and how he approaches the class structure in his applications. In the third and last article, he talks about ports and adapters, and he goes more into depth with how he handles communication between different layers of his applications.

Josh Justice from CodingItWrong has an interesting piece about his experiences with adding functional programming to his toolbox, on top of his existing knowledge on OO programming.

Christian Maioli writes about a project he took over. The people who had written it was really solid and experienced developers, but the project still ended up being a complete mess. This made him consider some of the barriers that can be set for developers, and some of the things that can cause terrible code to be written by perfectly sane people.

On a more curious note, Bruno Skvorc posted an article where he introduces bitwise operators, and whether they’re still relevant today. Bitwise operators, in my view, is a pretty core concept and knowing more about where the technology comes from helps make it easier to understand how stuff works, so I’d definitely recommend giving it a read, whether you’ll be needing bitwise operators or not.

Laracon US was held about a month ago, and now the videos are available. The page itself doesn’t provide a lot of info about the talk, besides the name or company of the speaker, and the website itself is not at all helpful in that regard, but luckily Sid K has done a Laracon US 2017 recap where he provides a short description of all of the talks, to give some hints to which might be of interest.

Laracon EU just ended, and as what seems to be becoming a habit, Taylor Otwell spent some of his conference time finishing up the new Laravel release. This means that Laravel 5.5 LTS has been released.

Leave a Comment

July-2017.php

Even though July was a pretty quiet month online due to everybody being on vacation, I still came across some interesting articles.

Earlier in the year, there was a big discussion in the PHP community after some people suggested that pretty much everything in your code was cruft, and that code should be as concise as possible. One argument for being the opposite is to type-hint all the things which present an argument for how type hinting reduces the cognitive load of reading code.

In security training, Brute Logic presents The 7 main XSS cases everyone should know.

We’ve recently moved our entire front-end build process at work to WebPack. This has very much been a black box to me, so I was happy to see WebPack core contributor Sean Larkin announce his new online course WebPack the core concepts.

Of course, there’s also something Laravel related. First a tweet by Mohammed Said, subtlely announcing a nice new way for queue jobs in Laravel to determine whether they should actually go to the queue.

Matt Stauffer posed the question What packages do you install on every Laravel application you create?. The result is a list of interesting packages I’d recommend looking through. Most of them are not Laravel specific, so other PHP developers might find something interesting as well.

Leave a Comment

June-2017.php

Summer is on, June is over, and it’s time for yet another summary of a month passed. This month’s focus will be on PHP and Laravel, with an emphasis on performance, but many of the tricks are also useful if you work with other technologies. There’s also a gem about database encryption.

I’ve had a hard time finding a proper plugin to provide proper syntax highlighting and folding capabilities when working with JavaScript, but Vim-vue seems to meet most of my needs when working with Vue components, finally!

The entire symfony.com frontend was refactored. This provided a lot of useful insights that was documented in a post on refactoring the symfony.com frontend. This process also formed the basis for the new Symfony frontend component, a Webpack wrapper and asset manager Webpack Encore which will be introduced in a coming version of Symfony.

StyleCI founder Graham Campbell has an interesting post on the architecture of a Laravel package. Besides the Laravel specifics it also contains some interesting points on advanced composer usage.

Performance is always an interesting topic. Chris Fidao from the awesome Servers for Hackers released a new section dedicated to Laravel Performance. The focus is on low-hanging fruits, and I believe most people will find something they can do right now to improve the performance of their application. Even though the emphasis is on Laravel, most of the tips are around object caching that can be used on any PHP projects, and different database optimisations, that can be used in any project where a database is in use.

Olav van Schie also has a performance focus in his Make your Laravel app fly with PHP OPCache. Again, even though the title says Laravel, OPCache optimisations can help improve performance on any PHP project, and the article gets a bit deeper into how to set up your OPCache settings.

The last article of the month focuses on security. Scott Arciszewski from the Paragon Initiative has a very interesting article about Building searchable encrypted databases. He both talks about the implementations of database encryption, both good and bad, and how to setup your database to make it possible to search your encrypted data in a performant way, without lowering your security.

Leave a Comment

May-2017.php

The month of May is over, and as usual, it’s time for a summary of interesting tech related articles I’ve found during the month.

We start out with some numbers. Jordi Boggiano published a new updated version of his PHP version stats. A range of stats on the PHP version usage, based on the install stats on packagist.org. This does not comprise the full worldwide PHP usage, but provides some nice insights on the current trends.

On a meta-programming note, Robert Basic posted an article about how open source taught him to work with legacy code. It provides some nice points about working with legacy code and the thoughts of the people who came before you.

DHH posted an interesting view on his love of the implicit parts of programming. A nice piece about questioning common assumptions and defining best practices around your actual context, instead of expecting the same best practices to be the best in every circumstance.

On the geeky side, I really enjoyed a Stack Overflow response explaining the difference between language constructs and built-in functions. It is not knowledge that is useful in a programmer’s day-to-day life, but it’s always good to know more about how your tools actually work.

Leave a Comment