You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@river.apache.org by Dan Rollo <da...@gmail.com> on 2020/05/07 18:45:04 UTC
Re: dev Digest 7 May 2020 15:27:04 -0000 Issue 1659
+1
Oddly enough, I work remotely, and it seems things are busier than pre-pandemic.
Thankfully, healthy so far. Happy hermit life.
Dan
> On May 7, 2020, at 11:27 AM, dev-digest-help@river.apache.org wrote:
>
> From: Peter Firmstone <peter.firmstone@zeus.net.au <ma...@zeus.net.au>>
> Subject: Draft Report River - May 2020
> Date: May 7, 2020 at 3:31:09 AM EDT
> To: dev@river.apache.org <ma...@river.apache.org>
>
>
> Hello River Folk,
>
> Please review the May report draft below. With work starting to slow down, I should have some time to complete the modular build soon.
>
> How are you being impacted by Covid-19?
>
> Regards,
>
> Peter Firmstone.
>
> ## Description:
>
> - Apache River provides a platform for dynamic discovery and lookup
> search of network services. Services may be implemented in a number
> of languages, while clients are required to be jvm based (presently at
> least), to allow proxy jvm byte code to be provisioned dynamically.
>
> ## Issues:
> - There are no issues requiring board attention at this time.
>
> ## Activity:
>
> - Minimal activity at present, initial work on the modular build structure has commenced. The current monolithic build is complex, with it's own build tool classdepandjar, it adds complexity for new developers. In recent months I have had work commitments that have limited my ability to integrate the modular build. The other committers are waiting for the modular build and I have done a lot of work on this locally, this work has been a significant undertaking integrating the works of Dennis Reedy, Dan Rollo and myself. This is also a mature codebase, having been in development since the late 1990's.
>
> - The monolithic code has been svn moved into modules into an initial maven build structure, next step is to move junit tests to each module.
>
> - Until the monolithic build has been broken up into maven modules, we are likely to have difficulty attracting new contributors due to the appearance of complexity.
>
> Release roadmap:
>
> River 3.1 - Modular build restructure (& binary release)
> River 3.2 - Input validation 4 Serialization, delayed unmarshalling&
> safe ServiceRegistrar lookup service.River 3.3 - OSGi support
>
> ## Health report:
>
> - River is a mature codebase with existing deployments, it was primarily designed for dynamic discovery of services on private networks. IPv4 NAT limitations historically prevented the use of River on public networks, however the use of IPv6 on public networks removes these limitations. Web services evolved with the publish subscribe model of today's internet, River has the potential to dynamically discover services on IPv6 networks, peer to peer, blurring current distinctions between client and server, it has the potential to address many of the security issues currently experienced with IoT and avoid any dependency on the proprietary cloud for "things".
>
> - Future Direction:
>
> * Target IOT space with support for OSGi and IPv6 (security fixes
> required prior to announcement)
> * Input validation for java deserialization - prevents DOS and
> Gadget attacks.
> * IPv6 Multicast Service Discovery (River currently only supports
> IPv4 multicast discovery).
> * Delayed unmarshalling for Service Lookup and Discovery (includes
> SafeServiceRegistrar mentioned in release roadmap), so
> authentication can occur prior to downloading service proxy's,
> this addresses a long standing security issue with service lookup
> while significantly improving performance under some use cases.
> * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
> of support for insecure cypher's.
> * Secure TLS SocketFactory's for RMI Registry, uses
> the currently logged in Subject for authentication.
> The RMI Registry still plays a minor role in service activation,
> this allows those who still use the Registry to secure it.
> * Maven build to replace existing ant built that uses
> classdepandjar, a bytecode dependency analysis build tool.
> * Updating the Jini specifications.
>
> ## Project Composition:
>
> There are currently 16 committers and 12 PMC members in this project.
> The Committer-to-PMC ratio is 4:3.
>
> ## Community changes, past quarter:
>
> No new PMC members. Last addition was Dan Rollo on 2017-12-01.
> No new committers. Last addition was Dan Rollo on 2017-11-02.
>
> ## Project Release Activity:
> - Recent releases:
>
> River-3.0.0 was released on 2016-10-06.
> river-jtsk-2.2.3 was released on 2016-02-21.
> river-examples-1.0 was released on 2015-08-10.
>
Re: dev Digest 7 May 2020 15:27:04 -0000 Issue 1659
Posted by Peter Firmstone <pe...@zeus.net.au>.
I'm a bit of a Hermit myself now too. Looking forward to getting out
again when this is all over.
Good to hear you're all well.
Cheers,
Peter.
On 5/8/2020 4:45 AM, Dan Rollo wrote:
> +1
>
> Oddly enough, I work remotely, and it seems things are busier than
> pre-pandemic.
>
> Thankfully, healthy so far. Happy hermit life.
>
> Dan
>
>
>
>> On May 7, 2020, at 11:27 AM, dev-digest-help@river.apache.org
>> <ma...@river.apache.org> wrote:
>>
>> *From:*Peter Firmstone <peter.firmstone@zeus.net.au
>> <ma...@zeus.net.au>>
>> *Subject:**Draft Report River - May 2020*
>> *Date:*May 7, 2020 at 3:31:09 AM EDT
>> *To:*dev@river.apache.org <ma...@river.apache.org>
>>
>>
>> Hello River Folk,
>>
>> Please review the May report draft below. With work starting to
>> slow down, I should have some time to complete the modular build soon.
>>
>> How are you being impacted by Covid-19?
>>
>> Regards,
>>
>> Peter Firmstone.
>>
>> ## Description:
>>
>> - Apache River provides a platform for dynamic discovery and lookup
>> search of network services. Services may be implemented in a number
>> of languages, while clients are required to be jvm based
>> (presently at
>> least), to allow proxy jvm byte code to be provisioned dynamically.
>>
>> ## Issues:
>> - There are no issues requiring board attention at this time.
>>
>> ## Activity:
>>
>> - Minimal activity at present, initial work on the modular build
>> structure has commenced. The current monolithic build is complex,
>> with it's own build tool classdepandjar, it adds complexity for new
>> developers. In recent months I have had work commitments that have
>> limited my ability to integrate the modular build. The other
>> committers are waiting for the modular build and I have done a lot of
>> work on this locally, this work has been a significant undertaking
>> integrating the works of Dennis Reedy, Dan Rollo and myself. This is
>> also a mature codebase, having been in development since the late 1990's.
>>
>> - The monolithic code has been svn moved into modules into an initial
>> maven build structure, next step is to move junit tests to each module.
>>
>> - Until the monolithic build has been broken up into maven modules,
>> we are likely to have difficulty attracting new contributors due to
>> the appearance of complexity.
>>
>> Release roadmap:
>>
>> River 3.1 - Modular build restructure (& binary release)
>> River 3.2 - Input validation 4 Serialization, delayed unmarshalling&
>> safe ServiceRegistrar lookup service.River 3.3 - OSGi support
>>
>> ## Health report:
>>
>> - River is a mature codebase with existing deployments, it was
>> primarily designed for dynamic discovery of services on private
>> networks. IPv4 NAT limitations historically prevented the use of
>> River on public networks, however the use of IPv6 on public networks
>> removes these limitations. Web services evolved with the publish
>> subscribe model of today's internet, River has the potential to
>> dynamically discover services on IPv6 networks, peer to peer,
>> blurring current distinctions between client and server, it has the
>> potential to address many of the security issues currently
>> experienced with IoT and avoid any dependency on the proprietary
>> cloud for "things".
>>
>> - Future Direction:
>>
>> * Target IOT space with support for OSGi and IPv6 (security fixes
>> required prior to announcement)
>> * Input validation for java deserialization - prevents DOS and
>> Gadget attacks.
>> * IPv6 Multicast Service Discovery (River currently only supports
>> IPv4 multicast discovery).
>> * Delayed unmarshalling for Service Lookup and Discovery (includes
>> SafeServiceRegistrar mentioned in release roadmap), so
>> authentication can occur prior to downloading service proxy's,
>> this addresses a long standing security issue with service lookup
>> while significantly improving performance under some use cases.
>> * Security fixes for SSL endpoints, updated to TLS v1.2 with removal
>> of support for insecure cypher's.
>> * Secure TLS SocketFactory's for RMI Registry, uses
>> the currently logged in Subject for authentication.
>> The RMI Registry still plays a minor role in service activation,
>> this allows those who still use the Registry to secure it.
>> * Maven build to replace existing ant built that uses
>> classdepandjar, a bytecode dependency analysis build tool.
>> * Updating the Jini specifications.
>>
>> ## Project Composition:
>>
>> There are currently 16 committers and 12 PMC members in this project.
>> The Committer-to-PMC ratio is 4:3.
>>
>> ## Community changes, past quarter:
>>
>> No new PMC members. Last addition was Dan Rollo on 2017-12-01.
>> No new committers. Last addition was Dan Rollo on 2017-11-02.
>>
>> ## Project Release Activity:
>> - Recent releases:
>>
>> River-3.0.0 was released on 2016-10-06.
>> river-jtsk-2.2.3 was released on 2016-02-21.
>> river-examples-1.0 was released on 2015-08-10.
>>
>