Questions by gweedo; split from: Kick-off Discussion

[augustocroppo]

I have already asked him to ask me questions over PM so that the threads we were in did not derail with the explicit promise that those PM would be made public to all forum users. He has not done so. He continues to attack developers even after we've answered his questions with remarks about how we are either incompetent, slow, or otherwise.

But he is right, you are completely incompetent for the job. You did not provided any evidence you deserve R$350000 (+R$750000) to build a forum software from the scratch. He did not attacked you, he merely told the truth. Your incapacity to implement GPG support in the forum software because is "CPU intensive" is the real source of laugh around here, d00d.

[Maged]

Your incapacity to implement GPG support in the forum software because is "CPU intensive" is the real source of laugh around here, d00d.

He never said that he was incapable. On the contrary, he was smart enough to think through the consequences that such a feature would have to the point where he realized that there might be a theoretical DoS vulnerability introduced by adding it. That is, unfortunately, a very rare quality among software developers these days. We are fortunate to be employing such a person for this task.

I sure that if he thinks about it further, he will figure out how best to avoid the DoS issue. Or he'll just recommend in the documentation to run that part in the cloud where more servers can be spun up on demand. Node.js scales quite well for parallel CPU-bound tasks.

[taesup]

Wow all this talk over a fictitious scenario.

In the end, it's all what ifs. We'll know more when we've figured out the requirements.

Also Augusto, such strong words. I'm sure kinder words would get you answers much quicker.

As for the DB access issue, Maged is quite spot on. Although, we didn't work with live data, we did work with a blanked out set. We ended up using a stored procedure I believe.

[theymos]

Maybe it can be tried out later once the main features are done. The server currently sends an average of about 20 mails per minute, which is not so bad. Though troubles might start occurring if this ever increased to a few mails per second (over a long period of time), as public-key crypto is extremely slow. No amount of software trickery is going to help if the hardware just can't keep up.

If standard public-key crypto isn't possible, the forum and the user could establish a long-term shared secret and then use symmetric crypto, which is very fast.

But IMO this is a pretty low priority. Emails usually don't contain sensitive info.

[Maged]

Do you know how queuing works? It is so trivial to implement a queue system, that is bounded by time, so these DoS can't happen. It would make this theoretical DoS vulnerability unable to be execute.

Yes, I do. And so does Slickage:

There are ways to mitigate the CPU issue by locking it down to a few or just one core but that comes with its own trade offs. The speed at which the emails are being sent out may be drastically lower. If the email isn't time-sensitive but contains sensitive information, this is fine. But what if a system wide breach of the DB were to occur and all user's login/pass were compromised. A time-sensitive and possibly information sensitive email needs to go out...

Maybe it can be tried out later once the main features are done. The server currently sends an average of about 20 mails per minute, which is not so bad. Though troubles might start occurring if this ever increased to a few mails per second (over a long period of time), as public-key crypto is extremely slow. No amount of software trickery is going to help if the hardware just can't keep up.

Remember, the sweet part about Node.js is that it practically forces you to design your application in such a way that it can be scaled to multiple servers. It would be nice if you didn't have to add another server for cost reasons, but the option is certainly available.

[Raize]

But IMO this is a pretty low priority. Emails usually don't contain sensitive info.

This got me thinking. On the current forum there is an option to include the text of a reply to a post I've made to myself via email. I've left this option off. For PMs, I'd like to get a notification, but it seems to always include the text of the PM itself. I don't know if I just have my settings wrong, but in a future system, it'd be nice to have a clear distinction between "notification" and "contents" when it comes to PMs.