Sync server and client time? [duplicate] - javascript

This question already has answers here:
The best way to synchronize client-side javascript clock with server date
(8 answers)
Closed 9 years ago.
So my question is really two parts, firstly; I want to measure the total latency of my requests and client-side js, including time spent waiting for dns to resolve etc.
This all works fine in development because my server and web browser are all on the same machine, so when I compare Time.now.to_i, with the current time as determined with Javascript in the browser it's the true latency of the entire request end-to-end.
The second part of my question is, am I just thinking about this whole thing in the wrong way? Should I be measuring my requests in a different fashion?
P.S., this is not a rails app.

You can't reliably sync time in a browser.
If you just want to measure request time, you don't really need to care what time the server thinks it is. In the browser, just measure the time between initiating the request and when you get a response.
var start = Date.now();
$.get('/url', function() { // or equivalent in whatever JS framework
var latency = Date.now() - start; // in ms
});

Related

How can I design a webpage that will display data that takes the server a long time to generate? [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I have a django-powered website and I have a (slow) python function
def slow_func(arg1, arg2):
# some magic goes here
return result
In particular, say it takes 45 seconds for slow_func to return.
I want to present a form to the user with fields where they can enter values for arg1 and arg2. When they submit the form, I would like them to see some interim message like "server thinking really hard about how to turn arg1 and arg2 into your result" while the server chugs away at computing the output of slow_func(arg1, arg2). Then, as soon as the server has computed the result, I'd like the user to see something like "Man, that was hard...I finally finished working and the answer is (blah)"
What is the right way to set that sort of thing up? In particular, say the web server timeout I'm dealing with is significantly less than the 45 seconds it will take my server to compute the value I want...what combination of technologies do I need to set up to get this done?
It seems like there needs to be some way to kick off the task on the server side (no thoughts here), and then have the browser keep checking somewhere to see if the job is done (javascript?)...and then once it knows the job is done (javascript) it could hit the server at some newly created url to gather up the result asynchronously and display it (javacript ajax?) or maybe just redirect to a newly generated url to view the result?
I'm sure this is a solved problem, but I can't seem to get the right set of terms to google for it productively.
Finale note: it would be great if the answers given could accommodate a range of possible types for the result of slow_func. I.e. some use cases might involve slow_func returning a float...other cases might involve it returning an image, etc.
Your question will probably be closed because its rather general. But here's a break down how to tackle your problem, of course there's several more approaches this is just a rough sketch to get you started.
fire an ajax request to the server
at the server trigger a celery task or subprocess and save an initialization flag in cache or db
return an 'OK' or message from the server immediately after the
task was trigged so your users don't actually have to wait
display the message
keep polling the server in the background every x seconds (ajax) to check if the process is done, you will need some endpoint that can validate such by looking at the status of the flag you've set earlier
return a success or still waiting message to the user
display that message
save the result somewhere in cache or database when the process is done so that the polling script will halt once your flag status changed to done
don't repeat yourself

Time ticks on client [duplicate]

This question already has answers here:
The best way to synchronize client-side javascript clock with server date
(8 answers)
Closed 9 years ago.
I have a scenario in which I have to show ticking time to the user of a post. The post will come with is original DateTime string from server then the values will be calculated on client to find the difference of the time elapsed. The issue is that client time can't be relied upon. So the decision is that to retrieve the server current time and find the difference between the client and server and add that difference to the client date and then add the difference to the client time before calcuating the time elapsed.. however I don't know how to find the difference in javascript and add it client date variable.. Can someone talk on this scenario and codify it.. I am not sure whether I am doing right or is there alternative to it?
So I come up with the solution now.. as I mentioned to use the variable to store the server current time and update that variable after each specific interval in setinterval. This variable is going to work as our client side clock and compare the post time with it.. the issue with client clock is that it can't be trusted..

Is there a harder to break way to obfuscate a javascript function than hieroglyphy?

I'm developing an online chess variant game. I want to create a javascript function that has the purpose of communicating to the server on behalf of the player the exact time spent on a move.
This message will be encrypted, of course, but in order to trust this function, I want to obfuscate it to the point that I can rely on the obfuscation algorithm.
I only know a few obfuscation algorithms, hieroglyphy being the most interesting. But it isn't unbreakable. Speed of execution and size are not critical, I can deduct the time spent by the function that sends the message in that same function, and the size can be even up to 2MB.
I'm pretty sure that there is no unbreakable algorithm because as long as it is required to run in a browser, anyone with enough patience can take it piece by piece and see what it does.
Do I have an alternative that would require more effort and time from a user with bad intentions?
Edit I've done some tests in every browser on WindowsXP and it appears that in FF, IE, Opera and Chrome the setTimeout function will trigger after a delay that is passed as the second parameter, regardless of any changes to system time during the delay. If no other information is presented to suggest otherwise, the logical conclusion would be that time can be measured client-side regardless of system time changes, using the setTimeout function but not the Date() object, up to a precision given by the setTimeout delay time.
Hamish mentioned in an answer below that modifying the browser date/time APIs is trivial. In that case, the javascript code is vulnerable to a modification that will increase the setTimeout real delay time. Some code should be set in place so that the server should start suspecting of cheating someone who has unreasonable lag time. This will always be a problem if lag time isn't included in thinking time.
There's a reason I can't use server side timing. The lag times would sometimes exceed a reasonable amount and that will leave users dissatisfied. And sometimes the lag can make all the difference.
Which brings me back to the original question. I'm looking for the best obfuscation method, where best is measured in the effort an attacker has to make to deobfuscate. Ideally, I would want to change the obfuscation algorithm faster than an attacker can deobfuscate, and then never to use that algorithm again or use it rarely, at a time the attacker won't expect.
I could set my computer's clock to three hours ago and your script would happily send -10800 seconds. NEVER rely on JavaScript to handle information in a trusted manner. Use your server-side code to time the difference between when the player's turn started and when they made their move, and absolutely keep a representation of the game on the server and make sure the move is valid.
Obfuscating your code doesn't help, for two reasons:
Users can still inspect the messages being sent from the browser to the server. You would also have to sign the message somehow, to prevent it being intercepted and modified. Generally, it will be even easier to unpack the message than the function used to generate it.
You're trying to measure the time taken on the move, which means your obfuscated function still has to trust the system clock and the browser date/time APIs. Both are trivial to modify.
A sensible solution would be to measure the time messages are sent and received on your server, and measure the latency of the connection to correct for transmission speeds (if you need to be very accurate).

Why is there a difference between JavaScript and PHP timestamp

I have created a JavaScript timestamps and also a PHP timestamp. There is about 170 sec difference between them.
1302162686 PHP - time()
1302162517 JavaScript - Math.round(new Date().getTime() / 1000)
Can anyone please tell me why I'm having this issue?
PHP is executed on the server side, and in your example, JavaScript works on the client-side.
Both sides have their own time configuration. For the server, time zone settings etc. will stay the same (unless you change them), but the server has no idea which time zone the current visitor is in. There’s no way for you to control that.
If I change my system clock on my laptop, it will influence client-side JavaScript date/time, but your server timer won’t be affected.
PHP and JavaScript, both look at the system time. Whose system? The one they are running on. The server could be located in another country with different time, hence the difference.
Also, the client's (or less often, server's) clock could be incorrect.
One way, which I often use to counter this problem is like this:
var referenceTime = new Date('<?php echo date("M n, Y"); ?>');
// referenceTime is now the same as server time
PHP looks at the system time, which is the server running it.
JavaScript looks at the client's system, which could be any time.
php uses the time on your server, javascript will use the time on the client (users) machine.
Mathias is correct. Generally this should not happen with that big a difference because modern computers recognize their clocks drift over time and employ protocols such as NTP to keep their clocks in sync.
Nevertheless you should never assume the time at client and server is the same, for two reasons:
Some clients/servers don't have clock adjustments (such as NTP) and their clocks drift away over time
More importantly, many users/admins can be clueless or late in setting their time zone or adjusting daylight savings times, so the time given to you may be accurate to a second but be several hours off.
When comparing/calculating times, I would rely on the server only. You have no control over the client.
If you are concerned about consistency for whatever purpose, I recommend using the server as your time source and do timezone conversions if necessary:
This may be of interest: handling timezone conversion with php

JavaScript Countdown Timer Using Server Time

I'm trying to create a countdown timer that's based on a time on the server.
I originally had the server set the time left, and just did a setTimeout for 1 second that would decrement the time.
I found 2 problems with this:
There is a lag from the server setting the time until the client's page is rendered and the JavaScript begins to run. The lag amount depends on the speed of the users internet connection and computer/JavaScript engine.
I think setTimeout of 1 second may have been getting behind a little on slower computers.
I changed it so the server would set the ending time and the JavaScript on the client would take the time (in UTC) and calculate the remaining time left. It would then do this on every setTimeout callback. This makes the time and countdown perfect. If the client has a fast computer/JavaScript engine, the timer stays on page. If the computer/JavaScript engine is slower, you may see a second be skipped here and there, but the time is never off.
I found 1 problem with this method so far:
Every client's clock may be different.
So, the time left may be a couple seconds, or 30 seconds, or even days off if the clients time is not correct on their computer.
Is there a way that I can have the time left be exact based on the server's ending date?
I don't know what kind of resolution you need, but given network and page rendering latencies, it's going to be impossible to get client-server agreement to much better than a second. I would suggest you do an ajax poll every 5 or 10 seconds, and adjust your timer accordingly. There is also comet which is essentially "reverse" ajax, which can push the times to the client. But either way, you still have network and renderign latencies to contend with.

Categories

Resources