search

hotsh / rstat.us

Simple microblogging network based on the ostatus protocol.
http://rstat.us/
Other
722 stars 215 forks source link

Export status #696

Closed tlatsas closed 11 years ago

tlatsas commented 11 years ago

This implements https://github.com/hotsh/rstat.us/issues/653

tlatsas commented 11 years ago

@wilkie Sorry. Can I force-push in this branch (after I rebase and squash)? Or create a new branch and PR?

wilkie commented 11 years ago

It's fine. :) You don't have to edit out that last commit if you don't want to.

Do you think this could be exploited to create a long running process because it gathers and transmits an arbitrarily large amount of data?

tlatsas commented 11 years ago

Hi, FWIW I squashed all 3 and pushed here again.

Concerning the possible security issue, I think you are right (didn't think about it beforehand). Any ideas on how to approach this?

wilkie commented 11 years ago

Thank you for squashing the commit. I was just projecting my embarrassment that I didn't see the revert until after I commented. :D

It's a bit of nitpicking, but if a PR can be a single commit, it's pretty awesome. :)

I'm not sure it's a terribly big deal. I was just noting it. There are no other operations that we have that are unbounded like this one. But... how big could exporting an entire feed be? 200B per update is around 5000 per MB... with network speeds as they are, not likely to be a huge problem for most people... there are easier ways to take down a server. If it is a problem, we can cache it!

Looks good. This feature is the awesomesauce that twitter doesn't have (until the end of the year, they say!) and drives the point that you own the data. Thank you! :heart:

steveklabnik commented 11 years ago

The right way to do it is to put it in a background job, which has a natural timeout. This would remove the security issue.

That said, we don't have one right now, and I'd rather have the feature in and worry about getting DoS'd later. :+1:

wilkie commented 11 years ago

It's an important feature. A background job for this is typical. With a 'come back later' and a download of a zip or something. Basically, an explicit cache and is filled by a background task.

But whatevs. You can just issue a bunch of requests for the /updates page... MUCH better way to bring down the site. (Until somebody writes that indirect feed thing I want :P)

steveklabnik commented 11 years ago

Agreed on all points.

carols10cents commented 11 years ago

:metal: :squirrel: :birthday: this is sweet. thank you @tlatsas!!!