Re: [OpenVerse] bugs?

[Cruise <cruise@openverse.org>]

On Tue, 11 Apr 2000, you wrote:
> im lazy and didnt feel like typing this up twice, heres a copy/paste of a
> convo i had with sketch today while i was thinking about potential attacks
> on openverse servers/clients.
> 
> <swivel> you could be really annoying consistently by having a fast connect,
>           and a script simply connecting with same name avatar images as
>           everyone in the channel but filling the gif's with random data of
>           random length

Why is it that some people are more interested in breaking something than using
it I'll never understand this. ALL computer programs are subject to one form of
attack or another. Being resistant to them is tricky. The general design of OV
makes the DoS issue less of an impact than say, IRC, where taking out 1 server
can (and does) disrupt the entire network.

> <Sketch> heh, true
> <swivel> possibly flood the server depending on how many users are connected
> <Sketch> mail cruise :)
> <swivel> since it would be telling everyone to upload their images

The server never requests people upload their images when they connect, or when
they change avatars. It then verify's the image to make sure it is a valid GIF.
A valid GIF is not much to say about a file... A valid GIF is determined by the
first 10 bytes of the file. 

I planned on implementing a maximum file size setting for avatar images within
the server, this is still an open issue.


> <Sketch> only when they reconnect
> <Sketch> or change avatars
> <swivel> what happens if one person is connected with an image of n size, and
>           its being uploaded, then i connect with a same named image, but of x
>           size before their image is completely uploaded and saved?!

The server will not request the second image. The server maintains a list of
downloads in progress and should not request/send images already in progress.
There may be some flaws with this on the receive (it is not well tested) end and
there are a couple of known problems on the send end which need to be corrected.

> <swivel> now we get into the atomic file creation problem with the multiple
>           clients
> <Sketch> uhh..fusion? ;)
> 
> anyone have any comments?

My comment is, we are still in beta... The protocol is incomplete (this is
important) I'm spending my energy deciding what needs to be included in the
protocol before I spend it making it harder to break things. Granted, thinking
about how you can break something when designing it is a big part of the
process but for some things, such as preventing the ASSHOLE who come for the
sole purpose of breaking things, well... every group of three or more people
has at least one.

> - Vito Caputo

Swivel seems much to wimpy of a virtual name for a real name like the above.
Have you considered some alternates? Might I sugggest something like DonSwivel
or maybe SwimsWithFishes. but that wouldnt fit in OV.. I guess that you would
have to abbreviate it and then answer constant questions to what SWF realy
means and that you aren't single, white, or female.

-- 
Cruise - 
OpenVerse Visual Chat - http://openverse.org/
-------------------------------------------------------

-- 
Cruise - 
OpenVerse Visual Chat - http://openverse.org/
-----------------------------------------------------------------
To unsubscribe to the OpenVerse mailing list send a message
to openverse-request@openverse.org with the following word
in the BODY of the message.

UNSUBSCRIBE

If you need assistance from a human, email cruise@openverse.org
-----------------------------------------------------------------