[zeromq-dev] Vulnerability of devices to incoming messages

gonzalo diethelm gdiethelm at dcv.cl
Thu Aug 12 00:26:03 CEST 2010

> Here's my view.
> Processes should be as vulnerable as possible to internal errors, and
> as robust as possible against external attacks and errors.  To give an
> analogy, a living cell will self-destruct if it detects a single
> internal error, yet it will resist attack from the outside by all
> means possible.
> Assertions are absolutely vital to robust code, they just have to be
> on the right side of the cellular wall.  (And there should be such a
> wall, if it's unclear whether a fault is internal or external, the
> design is broken IMO.)

This is an excellent way to phrase the principles of fail-fast and
resilient software. I think it should be placed into the User Guide,
perhaps in a section titled "0MQ Error-handling Philosophy: fail-fast
vs. resilient".

> It definitely seems more useful that zmq_send() returns an error
> rather than silently dropping a message it can't process, and I'll
> take a look at that tomorrow.  It needs Sustrik's input, he presumably
> has some reason for the current strategy.

I agree.

Gonzalo Diethelm

More information about the zeromq-dev mailing list