Lions and Tigers and Locks Oh My


3 mins


I just experienced something that should not have happened, at least not today, in 2019 - the 42nd year of general use of personal computers & the software industry that powers them.

As part of my routine tasks, I was preparing to do some online banking. I typically use Safari on my iMac for this work as it gives me nominally better control of password handling. I opened the browser + went to the login page, where I was met with the userid & password form as expected. I have saved my username and password in the keychain - this is a trusted desktop physically located in my home office - and so, the keychain prefilled the credentials as it always does.

The credentials were rejected.

I thought ‘weird’, reloaded the page and tried again. Same result, twice more. The bank locked me out, in fact.

So what happened?

Moments after I opened Safari, it (or rather, Software Update) determined that an update was ready and began applying it. I’d set ‘Automatically keep my Mac up to date’ in my Software Update preferences, so it was doing exactly as I’d configured it to do. How it handled this update is where things fell apart.

Now, I can’t say with certainty whether the update was already underway before I loaded my banking login page or sent the credentials, but it’s clear that something in the update process inhibited the keychain’s stored credentials from being successfully used to login to the bank.

The moment that the update process began, it should have locked Safari from attempting any authentication actions or even simply closed Safari with a warning that it can’t be used while it is being updated. Perhaps those actions are supposed to happen, but they didn’t. This is a classic computer science problem that has been solved for decades.

Locks

Locks, in the simplest definition, are used to block access to some set of resources while another action[s] is in progress. This is generally meant to prevent race conditions or unknown state errors, i.e. if a subsystem that one action is altering is changed by another action in the middle of the first action, then the results cannot be determined. The system will be left in an unknown state.

Since the Safari locks failed - if they’re even present - I’m now locked out of my online banking account and will have to deal with either convincing a human that what I just described actually happened or I’ll have to change my password.

One lock failed and another lock succeeded.

- jbminn