[Info-vax] Python for x86?

[Simon Clubley]

On 2023-04-17, Dave Froble <davef at tsoft-inc.com> wrote:
> On 4/17/2023 8:00 PM, Arne Vajhøj wrote:
>
>> There is a little extra twist here. If the service
>> had been a standard web service, then it would not
>> have been necessary to implement the request rate
>> limit in the service itself. Instead a setup like:
>
> Guess you got a problem with apps that work quite well?
>

Someone was able to bring it to its knees because they didn't read
the documentation. I wouldn't call that working well.

>> client--API gateway--service
>>
>> could have been used and the API gateway could
>> do rate limiting defined in configuration (it could
>> also do caching, access control and other useful
>> stuff all defined in configuration).
>
> Same result, the hacker would have had poor performance.
>

But everyone else would have had a functional (if slow) server to connect to.

Arne is absolutely correct here. In a server application, you should always
aim to be the one in control of the situation, which means you don't enforce
it in the documentation, you enforce it in the server application.

BTW, when it comes to rate limiting based on general server load instead
of a raw number of connections, has VMS made any progress towards providing
an ongoing load average and making that information available to server
applications ?

That's one thing in Unix which is very useful and which is also easily
available to programs.

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.