Ok well, what was the success rate of your claimed API defense?
-
-
Replying to @dakami
This would've literally happened to *any* API with a streaming design. All the available error signaling mechanisms were used. It doesn't matter if it's text or C functions. If the caller chooses to ignore error codes, that's the caller's fault.
1 reply 0 retweets 1 like -
Replying to @marcan42
No, it wouldn’t have happened in any API that blocked plaintext retrieval by default, like modern anything does.
1 reply 0 retweets 1 like -
Replying to @dakami
We've already gone over how gpg supports streaming for huge files (and yes, people *do* use this feature. All the time. Dumping huge backup tarballs through gpg is quite standard practice.)
1 reply 0 retweets 1 like -
Replying to @marcan42
Shit didn’t work. Don’t care why not. Shit didn’t work for anyone downstream of gpg. Do care where not.
1 reply 0 retweets 2 likes -
Replying to @dakami
I just don't think piling on gnupg when they did everything reasonably within their design is useful. Sometimes all the downstream users just fuck things up ¯\_(ツ)_/¯
1 reply 0 retweets 4 likes -
Replying to @marcan42
It’s not about piling on. There’s an old textpipe interface mode that doesn’t work very well, and there aren’t exactly resources to replace. The game is dispassionately understanding the engineering problems and not just blamestorming.
1 reply 0 retweets 5 likes -
Replying to @dakami
Okay, so what's the plan here? Convert it to a shared library, hope people pay attention to *those* return codes? Add a non-streaming command line option (and plead everyone uses it)? How is this better than just checking the damn exit code?
2 replies 0 retweets 4 likes -
*Clearly* the answer is to have GPG use /proc to find out which pid owns the other side of stdout and send a SIGKILL to it if something goes wrong.
2 replies 0 retweets 9 likes -
That's both clever and radical, I've just learn something :)
1 reply 0 retweets 0 likes
(It was a joke, don’t actually do it) :)
-
-
(Still, I'm eager to test. For science ! Won't put anything on production tonight, I promise)
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.