1. 1

    Sounds like the request and response object formats could do with having a request id field, so that it would be possible to reply to requests out of order?

    1. 1

      They do have an id, and they can come out of order. However, the implementation for .net is is not taking advantage of this right now. It’s something that I’m planning to do in the future

      1. 1

        Ah! Makes sense. So, you want to optionally make each request run asynchronously. C# has futures, right? Are those nice and easy to work with in C#? (And if there’s CPU blocking work, the application code could hand it off to a thread pool presumably.)

        1. 1

          The requests already run asynchronously but the way the code is done right now there’s an await on each async request before picking up the next one. In theory it’s not to hard to make it fully async using a concurrent queue for the responses.

          C# does have something that can be thought of as a future/promise, it’s called Task. They are pretty easy to work with, in fact async/await came from C#.

          1. 1

            Thanks. I’m not really into that whole ecosystem so I didn’t have any idea of whether async was easy and widely supported, or whether it was more like Twisted back in the bad old days where you could try to be async but every single library available on pypi would screw it up for you by blocking, save a tiny handful which had been written specially to work with Twisted.

    1. 1

      So that’s it, I hope I’ve helped explain why we should use passwords with … combinations of several numbers, symbols and characters

      Unfortunately not. And it’s not recommended.

      https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

      1. 1

        That’s not really a fair criticism since what Troy’s article says is that making people pick passwords with, for example symbols, does not necessarily improve security, e.g. “P@assw0rd” is not much better than “Password”.

        However that doesn’t change the fact that if more symbols are used than just letters the search space that an attacker has to go through is larger.

        The post is from the point of view of what hoops an attacker has to go through to get to a password, and about what developers should do to make that as hard as possible.

        Troy’s post is from the perspective of the user who has to pick a password and how restrictions such as having to use numbers and symbols or not being able to copy and paste do not lead to users picking better passwords.

        1. 2

          Adding characters is far more effective at increasing the state space than expanding the alphabet. For example, assume you have a 10-character alphanumeric password; that’s 62^10 = 59.5 bits of state. If you add some special characters to your alphabet (let’s say eight of them), you’re up to 70^10 = 61.3 bits. If you add a single alphanumeric character, for 11, you now have 62^11 = 65.5 bits.

          Alphabet is, for most intents and purposes, a complete waste of time. Passwords need to be longer and not in known dictionaries. Any other requirement is between useless and actively counterproductive.

          1. 1

            Any other requirement is between useless and actively counterproductive

            It was never suggested that using symbols should be a requirement. The only suggestion in the post regarding this matter is that a password manager should be used.

            Also, there were no suggestions about password lengths other than longer passwords are better than shorter ones, and the more character types the better. All of that is all true irrespectively of the discussion about making symbols in passwords be mandatory.

            I agree that that type of requirement is counter productive, but I don’t see how the post has anything to do with that.

      1. 1

        One consequence of always having to chase the shiny new thing is that often good programming practices are not center stage. Robert Martin speaks of this in .Net Rocks and he also has a blog post where he says this continuous relearning requires massive amounts of time and effort and does not pay off very well in terms of extra productivity.

        As a contractor though, I think you need to “ride the waves”. The highest paying gigs are always on the shiny new thing…

        1. 1

          The Churn post was posted here previously, here is the discussion: https://lobste.rs/s/1pylbt/churn