September 2018. I was tired, I was exhausted.
I’ d just got back home from something,
and I didn’t have the energy to cook.
So I went to my phone,
opened up a certain food-delivery app that’s popular in the UK,
and I ordered pizza.
Now I know: that
food-delivery company’s employment practices are questionable
there are more ethical ways to get dinner delivered.
But I was tired, and I was hungry.
As are a lot of their drivers.
But that was the Night of the Multiple Orders,
when a bug in that app meant
that some people around Britain ended up with indentical food orders being delivered two or three times,
and others got nothing at all.
And I nearly got caught up in the chaos.
To explain what happened,
I need to tell you a story about two generals.
The Two Generals’ Problem is a classic of computer science,
and it goes like this: picture a valley.
In the middle of the valley is a heavily fortified castle.
On the edges of the valley are two armies.
The generals of those armies know
that the only way they can win a battle and overwhelm the castle
is if they both attack at the same time.
A single army isn’t going to make it.
They need the combined strengt from both sides of the valley to win.
And the only way they can communicate
is by sending messengers on a risky path through the valley.
And General A won’t know
what the right time to attack is until everyone’s already in position.
How can those two generals coordinate
to make sure they attack at the same time?
This is a magical computer-science-land problem by the way,
so reasonable suggestions like “semaphore” or “telescopes” don’ t apply
On the surface the problem seems trivial.
General A could just send a message to General B with a proposed time.
say 8 o’clock.
But the messenger has to pass through the valley,
and if they’re spotted,
they’re,um, not going to make it to the other side to deliver the message.
So how does General A know that General B received the message?
The messenger might not have made it if that happens
A will attack,B won’t…
and they’ll lose.
So maybe they arrange it so
General B has to send an acknowledgment back
and General A will only attack if that acknowledgement arrives.
But that now runs into the same problem:
how does B know that A has received the acknowledgement?
If it doesn’t get through,
A won’t attack, B will,
and a lose.
General A could send another
acknowledgement for the acknowledgement.
But how do they know that message has gotten through ball?
General B could send an acknowledgment for the acknowledgement
for the acknowledgement
and so on, and so on, and so on.
This problem is unsolvable.
I know, it feels like there should be some hacky workaround
like sending 200 messengers,
and sure, that would probably work in the real world.
But this is magical information-theory computer-science land.
Under these strict rules,
there is never a guarantee,
there is no certainty,
there is no arrangement that can be made,
there is no way that the two generals,
the two computers sending data
can agree that the message has definitely been received and acknowledged.
now with computers you’re not usually dealing with such high stakes.
If you are in computer science
and working on a problem that involves potential loss of life,
I really hope you aren’t watching a series called”The Basics”.
anyway, I was ordering food.
And I put my order together,I tapped ‘ pay ’,
I put fingerprint on my phone’s reader.
I got the little Apple Pay progress bar, and the little tick.
And then I got a message from the app saying that there had been a problem,
and my order had failed to go through.
Would I like to try again?
And I was about to I was about to hit ‘pay’ again.
And then something just in the back of my head,said: hang on.
There was a little tick saying payment had worked.
And I’m enough of a computer nerd to go
“I’m not sure I believe that failed”.
So I checked the ‘order history’ page.
it took a few tries to load,
but when it finnally did,
there was my order, processing.
It had gone through, but the acknowledgement hadn’t come back.
or rather, something had gone wrong on the app’s servers,
and the logic they’d written thought it had failed when it hadn’t.
So I sat tight,
I hoped that my food would arrive
and I figured that the engineers were probably having a very bad day.
They really were,
Because I wasn’t the only one.
People all over the UK ordering via the app again,
going to the payment screen,
hitting the button and getting”try again”.
And a lot of them did.
Again, and again, and again.
They were General A,
and the app’s server was General B,
and they were part of a real-life, complicated version of the Two Generals’ problem.
Imagine all the customers as General A
sending message after message to General B.
B received the messeage dutifully
took the money from the credit card
but something had happened that stopped the confirmation message getting through.
According to the flood of angry reports on Twitter,
sometimes the restaurant would realise the problem and just send one order.
Sometimes the restaurant wouldn’t realise
and three different drivers would arrive with three identical orders.
Sometimes no food would arrive at all.
The app’s customer service line was swamped.
To be clear:
this was not the sort of thing that is one engineer’s fault.
When something goes this drastically wrong,
there have been many poor decisions made over a long period of time.
A single human error is never a root cause.
So what else could the app team have done?
How can you solve the Two Generals’ problem in the real world?
well,first , maybe no-one should have been able to place two identical orders
好吧 首先 没人会在几分钟内
on the same credit card for the same restaurant,
within a few minutes of each other.
That seems like the sort of thing there should have been a check for?
But the real solution is
an “idempotency token” or an “idempotency key “.
That’s a unique vally generated on the app or on the website
and it’s a shopping card ID, basically,
and it’s sent along with the order.
it’s not just for shopping cards though
the idempotency token could be attached to
instructions to delete the oldest log file or send a text message
or anything that you only want to happen once.
The server stores the idempotency key to keep track of the request.
And if another request arrives with the same key attached,
then the server knows it’s already dealt with that request.
So it doesn’t fulfill it again;
instead it knows that the reply didn’t get through,
so it just sends back a copy of that first acknowledgement again.
now that still won’t help before none of the messengers get through
if the connection completely fails,
but for real-world problems, humans will notice that.
Idempotence means that you can request the same thing multiple times
and it’ll only ever happen once.
That’s the way to fix the Two Generals’ Problem.
I was lucky. I placed one order.
I was charged for one order.
and one order of food arrived half an hour later.
Next time, I’ll just cook for myself.
This series of The Basics is sponsored by Dashlane, the password manager.
The Basics系列由Dashlane 密码管理器赞助
I mentioned in the previous sponsored section
that they sync all your passwords
and payment details between all your devices without ever knowing those passwords.
Which sounds a bit like magic.
When you sign up to Dashlane,
you choose a master password.
And incidentally, you can do that by
going to dashlane.com/tomscott for a free 30-day trial.
anyway, when you sign up,
you pick a single Master Password,
and that is never transmitted over the internet.
Not even to Dashlane, or to their servers, nowhere.
If you don’t know that password,
all that private data just looks like random noise.
when you sign up to a new website
and Dashlane generates a long complicated password for you,
it is bundled up and encrypted using your master password,
that only you know.
That encryption takes just long enough, a few fractions of a second,
that there’s no way to brute-force it back open.
That encrypted bundle gets sent to Dashlane,
they just see random noise with a label saying “please synchronise this”.
So they pass the bundle on to your other devices,
and those devices,
and only those devices can decrypt it.
because at some point,
you’re gonna open up the app and type in your Master Password.
In truth, it’s actually a little more secure than that,
they also generate a different key for each device you log in to,
but that is a whole other level of security
that I have actually found it impossible to explain in a script.
but in the massively unlikely event that
someone did compromise Dashlane’s servers
or bribe some employee, it wouldn’t work.
All they could do is watch those packets of random noise get shuffled around.
All your data stays on your own devices.
Which means, if you lose your Master Password,
Dashlane can’t help you.
But that’s fine, because now you’ve just got a single password to remember.
That is massively more secure than reusing the same password
or a lot of variations everywhere online.
Like I said last time: you should use a password manager.
so dashlane.com/tomscott for
a free 30-day trial of Dashlane Premium
and if you like it
you can use the code ” tomscott “for 10 % off at purchase.
September 2018. I was tired, I was exhausted.