[zeromq-dev] Vulnerability of devices to incoming messages
gonzalo diethelm
gdiethelm at dcv.cl
Thu Aug 12 00:26:03 CEST 2010
> Here's my view.
>
> Processes should be as vulnerable as possible to internal errors, and
> as robust as possible against external attacks and errors. To give an
> analogy, a living cell will self-destruct if it detects a single
> internal error, yet it will resist attack from the outside by all
> means possible.
>
> Assertions are absolutely vital to robust code, they just have to be
> on the right side of the cellular wall. (And there should be such a
> wall, if it's unclear whether a fault is internal or external, the
> design is broken IMO.)
This is an excellent way to phrase the principles of fail-fast and
resilient software. I think it should be placed into the User Guide,
perhaps in a section titled "0MQ Error-handling Philosophy: fail-fast
vs. resilient".
> It definitely seems more useful that zmq_send() returns an error
> rather than silently dropping a message it can't process, and I'll
> take a look at that tomorrow. It needs Sustrik's input, he presumably
> has some reason for the current strategy.
I agree.
--
Gonzalo Diethelm
More information about the zeromq-dev
mailing list