The thing about this OpenPGP/SKS/GnuPG attack is that it's nothing sophisticated.
Like, at all.
gist.github.com/rjhansen/67ab9
Conversation
Someone added a few thousand entries to a list that lets anyone append to it.
GnuPG, software supposed to defeat state actors, suddenly takes minutes to process entries.
How big is that list you ask? 17 MiB. Not GiB, 17 MiB. Like a large picture.
dev.gnupg.org/T4592
3
24
70
I made multi-process transactions on SQLite databases of 600GiB, so I have no idea what they are talking about, but let's say I would trust SQLite more than, uh, whatever is currently failing at 17MiB.
4
8
77
Replying to
SQLite has supported the WAL journal mode for 9 years which is generally a better choice for any internal usage rather than usage as a file format.
sqlite.org/wal.html
Not sure why they're claiming that it requires making a copy of the database for transactions. It's 2019.
WAL journal mode also supports any number of concurrent readers with 1 concurrent writer. WAL makes it a great fit in many cases where you previously would have needed a database server. SQLite scales very well to fairly large amounts of data and just can't do concurrent writers.
1
1
Replying to
But even a rollback journal is not a copy of the whole database! WAL has better locking semantics, but even plain DELETE mode would work here.
Also, it does serialization of concurrent writes, so unless you have a lot of parallelizable writes (not the case), it's not a problem.
1
Show replies