[jira] [Commented] (GEODE-34) Introduce Reactive Streams and/or Reactor
[ https://issues.apache.org/jira/browse/GEODE-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16441552#comment-16441552 ] Praveendra Singh commented on GEODE-34: --- I second that. once we think of going with Reactive Programming, I would like to upgrade Spring Framework to 5.x as well as Junit 5. > Introduce Reactive Streams and/or Reactor > - > > Key: GEODE-34 > URL: https://issues.apache.org/jira/browse/GEODE-34 > Project: Geode > Issue Type: Improvement > Components: general, querying >Affects Versions: 1.0.0-incubating >Reporter: Stephane Maldini >Priority: Major > Labels: gsoc2016 > > Current threading strategy in various places involve blocking wait, e.g: > - Put/PutAll > - Function/ResultCollector > - CacheListener handling > There is a couple small projects to help addressing this issue which would > tie very well with Geode distributed nature. > A first micro-library is Reactor [1] depending on Reactive Streams [2] to > provide for error isolation and latency mitigation wherever it is required. > The purpose of Reactor and Reactive Streams is to introduce a reverse > non-blocking flow control to any producer: > - A component using put/putAll should not try accumulating unsafely pending > writes in an async queue such as the ones in threadPool executors if there > are current put/putAll in process. It should be actually driven by the > acknowledgement from a successful write (or the acknowledgement it has been > replicated etc). The propagation of the async backpressure would tell this > component to not even try, e.g. if it is an HttpServer, stop reading incoming > request, serve other requests and resume after put has been done. This gives > a predictive memory profile and a better CPU use overall in non blocking > applications, which is all the point about Reactive Streams. > - ResultCollector, Query shouldn't execute more than requested by the > consumer in order to avoid accumulating too much pending results. > - CacheListener dispatching could benefit from implementing Reactive contract > to provide for safe concurrency model (actor-like), error propagation and > like in the 2 previous examples, async flow control that avoids pending event > to accumulate somewhere in an uncontrolled fashion. > The issue here is about studying the benefits, experimenting on a branch and > report any interesting finding. Other reactive data providers can be found on > the vendor side (CouchDB, MongoDB both provide for a Reactive Streams ready > query mech) and mapping side (Slick 3.0 is a pure Reactive Streams > implementation for data queries). > [1] http://projectreactor.io/docs/reference/ > [2] http://reactive-streams.org -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (GEODE-5098) Integrate OWASP Dependency Check for known vulnerabilities
[ https://issues.apache.org/jira/browse/GEODE-5098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Praveendra Singh updated GEODE-5098: Fix Version/s: (was: 1.7.0) > Integrate OWASP Dependency Check for known vulnerabilities > -- > > Key: GEODE-5098 > URL: https://issues.apache.org/jira/browse/GEODE-5098 > Project: Geode > Issue Type: Improvement > Components: build >Reporter: Praveendra Singh >Priority: Major > > Given the sensitivity of the Geode system, we would like to avoid any > vulnerable dependencies sneaking into the final product. One way to be little > defensive is to leverage OWASP Dependency-Check. There are paid services > (e.g. Veracode) in the market however OWASP tool gives results which are very > close to the commercial services. > h2. OWASP Dependency-Check > Dependency-Check is a utility that identifies project dependencies and checks > if there are any known, publicly disclosed, vulnerabilities. > > ref: [https://www.owasp.org/index.php/OWASP_Dependency_Check] > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (GEODE-5098) Integrate OWASP Dependency Check for known vulnerabilities
Praveendra Singh created GEODE-5098: --- Summary: Integrate OWASP Dependency Check for known vulnerabilities Key: GEODE-5098 URL: https://issues.apache.org/jira/browse/GEODE-5098 Project: Geode Issue Type: Improvement Components: build Reporter: Praveendra Singh Fix For: 1.7.0 Given the sensitivity of the Geode system, we would like to avoid any vulnerable dependencies sneaking into the final product. One way to be little defensive is to leverage OWASP Dependency-Check. There are paid services (e.g. Veracode) in the market however OWASP tool gives results which are very close to the commercial services. h2. OWASP Dependency-Check Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. ref: [https://www.owasp.org/index.php/OWASP_Dependency_Check] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GEODE-5098) Integrate OWASP Dependency Check for known vulnerabilities
[ https://issues.apache.org/jira/browse/GEODE-5098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16441565#comment-16441565 ] Praveendra Singh commented on GEODE-5098: - this is something we should leverage in all Apache Open Source systems. > Integrate OWASP Dependency Check for known vulnerabilities > -- > > Key: GEODE-5098 > URL: https://issues.apache.org/jira/browse/GEODE-5098 > Project: Geode > Issue Type: Improvement > Components: build >Reporter: Praveendra Singh >Priority: Major > > Given the sensitivity of the Geode system, we would like to avoid any > vulnerable dependencies sneaking into the final product. One way to be little > defensive is to leverage OWASP Dependency-Check. There are paid services > (e.g. Veracode) in the market however OWASP tool gives results which are very > close to the commercial services. > h2. OWASP Dependency-Check > Dependency-Check is a utility that identifies project dependencies and checks > if there are any known, publicly disclosed, vulnerabilities. > > ref: [https://www.owasp.org/index.php/OWASP_Dependency_Check] > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
