[jira] [Commented] (TINKERPOP-2677) Upgrade to Groovy 3.x to fix XStream security vulnerability
[ https://issues.apache.org/jira/browse/TINKERPOP-2677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469624#comment-17469624 ] Stephen Mallette commented on TINKERPOP-2677: - Linked to TINKERPOP-2373 - all of this is sorta bound together with the performance problems that come to play with TINKERPOP-2526. > Upgrade to Groovy 3.x to fix XStream security vulnerability > --- > > Key: TINKERPOP-2677 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2677 > Project: TinkerPop > Issue Type: Bug > Components: groovy >Affects Versions: 3.6.0, 3.5.2 >Reporter: Divij Vaidya >Priority: Major > > XStream has a number of documented vulnerabilities as specified in > [https://x-stream.github.io/security.html] which are fixed in 1.4.18. Note > that 1.4.18 is not backport compatible since it uses a new whitelisting > approach for serialization. > TinkerPop has a dependency on XStream via: [1] > TinkerPop -> Groovy 2.5.x -> XStream 1.4.10 > However, Groovy 2.5.x series does not consume the version of XStream (1.4.18) > which contains the fixes for the vulnerabilities [2] but Groovy 3.x uses > XStream (1.4.18) which has the fixes for vulnerabilities. > Hence, either we convince the Groovy project to backport the vulnerability > fixes to 2.5.x series or we upgrade Groovy to 3.x for TinkerPop. > IMO, upgrading TP to use Groovy 3.x might be much easier. > [1] https://github.com/apache/tinkerpop/blob/master/pom.xml#L162 > [2]https://github.com/apache/groovy/blob/GROOVY_2_5_X/build.gradle#L165 -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2373) Bump to Groovy 3.0
[ https://issues.apache.org/jira/browse/TINKERPOP-2373?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469622#comment-17469622 ] Stephen Mallette commented on TINKERPOP-2373: - The issues are stacking up on Groovy. > Bump to Groovy 3.0 > -- > > Key: TINKERPOP-2373 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2373 > Project: TinkerPop > Issue Type: Improvement > Components: groovy >Affects Versions: 3.5.0 >Reporter: Stephen Mallette >Priority: Major > > Groovy 3.0 has been out for a while now and has done several patch releases. > Time to upgrade on 3.5.0. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2678) jackson-databind medium security issue identified
[ https://issues.apache.org/jira/browse/TINKERPOP-2678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469621#comment-17469621 ] Stephen Mallette commented on TINKERPOP-2678: - thanks for reporting this. we are in the middle of a release and thus somewhat hesitant to try to move minor dependency versions. You wrote this as "medium level" and as I read the issue it seems like it only applies when: "The vulnerability is available only when using JDK serialization to serialize, deserialize JsonNode values" which i dont think we do. It feels like we could delay adding this fix until next release. If anyone thinks otherwise, please feel free to say so. > jackson-databind medium security issue identified > - > > Key: TINKERPOP-2678 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2678 > Project: TinkerPop > Issue Type: Improvement > Components: server >Affects Versions: 3.5.0 >Reporter: Aaron Coady >Priority: Major > > com.fasterxml.jackson.core_jackson-databind version 2.11.3 has this security > issue identified. The resolution is in versions 2.14, 2.13.1 and 2.12.6 > > [https://github.com/FasterXML/jackson-databind/issues/3328] > > Issue summary: > jackson-databind in certain versions from 2.10 is vulnerable to DoS attack, > only when using JDK serialization to serialize, deserialize JsonNode values. > An attacker can provide a 4-byte length payload, with the value of > Integer.MAX_VALUE, that will cause the decoder to allocate a large buffer > leading to out of heap memory - especially so if the attacker manages to > inject multiple broken messages. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (TINKERPOP-2680) Create call() step to allow for calling procedures
[ https://issues.apache.org/jira/browse/TINKERPOP-2680?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stephen Mallette updated TINKERPOP-2680: Component/s: language process Affects Version/s: 3.5.1 > Create call() step to allow for calling procedures > -- > > Key: TINKERPOP-2680 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2680 > Project: TinkerPop > Issue Type: Improvement > Components: language, process >Affects Versions: 3.5.1 >Reporter: Dave Bechberger >Priority: Major > > One of the gaps in the Gremlin query language is a step that enables > implemented to call procedures that are unique to that specific database. > Adding this ability allows implementers to leverage Gremlin by enabling them > to leverage it as a single interface for users to interact with the database > without having to separate interfaces to handle database-specific operations. > > With this feature we will create a step that allows implementors to provide > database specific functionality. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (TINKERPOP-2681) Create merge() step to codify best practice for upsert pattern
[ https://issues.apache.org/jira/browse/TINKERPOP-2681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stephen Mallette updated TINKERPOP-2681: Component/s: language process Affects Version/s: 3.5.1 > Create merge() step to codify best practice for upsert pattern > -- > > Key: TINKERPOP-2681 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2681 > Project: TinkerPop > Issue Type: Improvement > Components: language, process >Affects Versions: 3.5.1 >Reporter: Dave Bechberger >Priority: Major > > Create a step that codifies the best practice for the upsert functionality > into a single step to make it easier to use, more discoverable, and easier > for implementers to optimize. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Closed] (TINKERPOP-2671) Add tx() support to grammar
[ https://issues.apache.org/jira/browse/TINKERPOP-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stephen Mallette closed TINKERPOP-2671. --- Fix Version/s: 3.6.0 3.5.2 Assignee: Stephen Mallette Resolution: Done > Add tx() support to grammar > --- > > Key: TINKERPOP-2671 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2671 > Project: TinkerPop > Issue Type: Improvement > Components: language >Affects Versions: 3.5.1 >Reporter: Stephen Mallette >Assignee: Stephen Mallette >Priority: Major > Fix For: 3.6.0, 3.5.2 > > > Add `tx()` based syntax to the grammar so that it can provide transaction > support. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2671) Add tx() support to grammar
[ https://issues.apache.org/jira/browse/TINKERPOP-2671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469616#comment-17469616 ] ASF GitHub Bot commented on TINKERPOP-2671: --- spmallette merged pull request #1535: URL: https://github.com/apache/tinkerpop/pull/1535 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Add tx() support to grammar > --- > > Key: TINKERPOP-2671 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2671 > Project: TinkerPop > Issue Type: Improvement > Components: language >Affects Versions: 3.5.1 >Reporter: Stephen Mallette >Priority: Major > > Add `tx()` based syntax to the grammar so that it can provide transaction > support. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2569) Reconnect to server if Java driver fails to initialize
[
https://issues.apache.org/jira/browse/TINKERPOP-2569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469615#comment-17469615
]
ASF GitHub Bot commented on TINKERPOP-2569:
---
spmallette commented on pull request #1534:
URL: https://github.com/apache/tinkerpop/pull/1534#issuecomment-1006212524
Thanks for this follow-on work - merged!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Reconnect to server if Java driver fails to initialize
> --
>
> Key: TINKERPOP-2569
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2569
> Project: TinkerPop
> Issue Type: Bug
> Components: driver
>Affects Versions: 3.4.11
>Reporter: Stephen Mallette
>Assignee: Stephen Mallette
>Priority: Minor
> Fix For: 3.6.0, 3.4.13, 3.5.2
>
>
> As reported here on SO:
> https://stackoverflow.com/questions/67586427/how-to-recover-with-a-retry-from-gremlin-nohostavailableexception
> If the host is unavailable at {{Client}} initialization then the host is not
> put in a state where reconnect is possible. Essentially, this test for
> {{GremlinServerIntegrateTest}} should pass:
> {code}
> @Test
> public void shouldFailOnInitiallyDeadHost() throws Exception {
> // start test with no server
> this.stopServer();
> final Cluster cluster = TestClientFactory.build().create();
> final Client client = cluster.connect();
> try {
> // try to re-issue a request now that the server is down
> client.submit("g").all().get(3000, TimeUnit.MILLISECONDS);
> fail("Should throw an exception.");
> } catch (RuntimeException re) {
> // Client would have no active connections to the host, hence it
> would encounter a timeout
> // trying to find an alive connection to the host.
> assertThat(re.getCause(),
> instanceOf(NoHostAvailableException.class));
> //
> // should recover when the server comes back
> //
> // restart server
> this.startServer();
> // try a bunch of times to reconnect. on slower systems this may
> simply take longer...looking at you travis
> for (int ix = 1; ix < 11; ix++) {
> // the retry interval is 1 second, wait a bit longer
> TimeUnit.SECONDS.sleep(5);
> try {
> final List results =
> client.submit("1+1").all().get(3000, TimeUnit.MILLISECONDS);
> assertEquals(1, results.size());
> assertEquals(2, results.get(0).getInt());
> } catch (Exception ex) {
> if (ix == 10)
> fail("Should have eventually succeeded");
> }
> }
> } finally {
> cluster.close();
> }
> }
> {code}
> Note that there is a similar test that first allows a connect to a host and
> then kills it and then restarts it again called {{shouldFailOnDeadHost()}}
> which demonstrates that reconnection works in that situation.
> I thought it might be an easy to fix to simply call
> {{considerHostUnavailable()}} in the {{ConnectionPool}} constructor in the
> event of a {{CompletionException}} which should kickstart the reconnect
> process. The reconnects started firing but they all failed for some reason. I
> didn't have time to investigate further than than.
> Currently the only workaround is to recreate the `Client` if this sort of
> situation occurs.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2569) Reconnect to server if Java driver fails to initialize
[
https://issues.apache.org/jira/browse/TINKERPOP-2569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469614#comment-17469614
]
ASF GitHub Bot commented on TINKERPOP-2569:
---
spmallette merged pull request #1534:
URL: https://github.com/apache/tinkerpop/pull/1534
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Reconnect to server if Java driver fails to initialize
> --
>
> Key: TINKERPOP-2569
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2569
> Project: TinkerPop
> Issue Type: Bug
> Components: driver
>Affects Versions: 3.4.11
>Reporter: Stephen Mallette
>Assignee: Stephen Mallette
>Priority: Minor
> Fix For: 3.6.0, 3.4.13, 3.5.2
>
>
> As reported here on SO:
> https://stackoverflow.com/questions/67586427/how-to-recover-with-a-retry-from-gremlin-nohostavailableexception
> If the host is unavailable at {{Client}} initialization then the host is not
> put in a state where reconnect is possible. Essentially, this test for
> {{GremlinServerIntegrateTest}} should pass:
> {code}
> @Test
> public void shouldFailOnInitiallyDeadHost() throws Exception {
> // start test with no server
> this.stopServer();
> final Cluster cluster = TestClientFactory.build().create();
> final Client client = cluster.connect();
> try {
> // try to re-issue a request now that the server is down
> client.submit("g").all().get(3000, TimeUnit.MILLISECONDS);
> fail("Should throw an exception.");
> } catch (RuntimeException re) {
> // Client would have no active connections to the host, hence it
> would encounter a timeout
> // trying to find an alive connection to the host.
> assertThat(re.getCause(),
> instanceOf(NoHostAvailableException.class));
> //
> // should recover when the server comes back
> //
> // restart server
> this.startServer();
> // try a bunch of times to reconnect. on slower systems this may
> simply take longer...looking at you travis
> for (int ix = 1; ix < 11; ix++) {
> // the retry interval is 1 second, wait a bit longer
> TimeUnit.SECONDS.sleep(5);
> try {
> final List results =
> client.submit("1+1").all().get(3000, TimeUnit.MILLISECONDS);
> assertEquals(1, results.size());
> assertEquals(2, results.get(0).getInt());
> } catch (Exception ex) {
> if (ix == 10)
> fail("Should have eventually succeeded");
> }
> }
> } finally {
> cluster.close();
> }
> }
> {code}
> Note that there is a similar test that first allows a connect to a host and
> then kills it and then restarts it again called {{shouldFailOnDeadHost()}}
> which demonstrates that reconnection works in that situation.
> I thought it might be an easy to fix to simply call
> {{considerHostUnavailable()}} in the {{ConnectionPool}} constructor in the
> event of a {{CompletionException}} which should kickstart the reconnect
> process. The reconnects started firing but they all failed for some reason. I
> didn't have time to investigate further than than.
> Currently the only workaround is to recreate the `Client` if this sort of
> situation occurs.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2679) Update JavaScript driver to support processing messages as a stream
[
https://issues.apache.org/jira/browse/TINKERPOP-2679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469612#comment-17469612
]
ASF GitHub Bot commented on TINKERPOP-2679:
---
spmallette commented on pull request #1539:
URL: https://github.com/apache/tinkerpop/pull/1539#issuecomment-1006206668
Thanks for submitting this - it may have to wait for 3.5.3 though as we're
getting ready for release. Is that ok for you?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Update JavaScript driver to support processing messages as a stream
> ---
>
> Key: TINKERPOP-2679
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2679
> Project: TinkerPop
> Issue Type: Improvement
> Components: javascript
>Affects Versions: 3.5.1
>Reporter: Tom Kolanko
>Priority: Minor
> Fix For: 3.5.2
>
>
> The JavaScript driver's
> [_handleMessage|https://github.com/apache/tinkerpop/blob/d4bd5cc5a228fc22442101ccb6a9751653900d32/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/connection.js#L249]
> receives messages from the gremlin server and stores each message in an
> object associated with the handler for the specific request. Currently, the
> driver waits until all the data is available from the gremlin server before
> allowing further processing of it.
> However, this can lead to cases where a lot of memory is required to hold
> onto the results before any processing can take place. If we had the abilty
> to process results as they come in from the gremlin server we could reduce
> memory in some cases
> If you are open to it I would like to submit a PR where {{submit}} can take
> an optional callback which is run on each set of data returned from the
> gremlin server, rather than waiting for the entire result set.
> The following examples assume that you have 100 vertices in your graph.
> current behaviour:
> {code:javascript}
> const result = await client.submit("g.V()")
> console.log(result.toArray()) // 100 - all the vertices in your graph
> {code}
> proposed addition
> {code:javascript}
> await client.submit("g.V()", {}, { batchSize: 25 }, (data) => {
> console.log(data.toArray().length) // 25 - this callback will be called 4
> times (100 / 25 = 4)
> })
> {code}
> If the optional callback is not provided then the default behaviour is
> unchanged
> I have the changes running locally and the overall performance is unchanged,
> queries run about the same as they used to, however, for some specific
> queries memory usage has dropped considerably.
> With the process-on-message strategy the memory usage will be related to how
> large the {{batchSize}} is rather than the final result set. Using the
> default of 64 and testing some specific cases we have I can get the memory to
> go from 1.2gb to 10mb.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
Re: [DISCUSS] Removal of Marko A. Rodriguez from Apache TinkerPop
Understood. Marko. > On Jan 5, 2022, at 12:31 PM, Stephen Mallette wrote: > > Please allow some more time for a reply as I've been away for the New Years > Eve weekend. > > On Wed, Jan 5, 2022 at 12:50 PM Marko Rodriguez > wrote: > >> Hey Stephen, >> >> Any movement on what I presented below? Meaning, do you 1.) agree with >> inconsistent application of the “violated social norms” clause and if so >> 2.) do you plan to argue my point ‘in good faith’ (meaning, the following >> sentiment resonates with you: "every person has skeletons in their closet >> so why I are we attacking Marko after contributing his PhD work to Apache >> and then spending over a decade developing it only to kick him off the >> project for telling jokes on Twitter?”). >> >> If you don’t agree, then please tell me so I can move forward on my side. >> >> Thank you very much, >> Marko. >> >> >> >>> On Dec 31, 2021, at 2:14 PM, Marko Rodriguez >> wrote: >>> >>> Hello everyone, >>> >>> As you all may know, I was recently removed from TinkerPop for the crime >> of “being a Nazi troll.” When arguing I’m not a Nazi, I was told I >> “violated social norms.” Assuming I violated social norms, I inquired as to >> where such social norms are specified as I never signed anything when >> providing TinkerPop to Apache that mentioned ’social norms'. Moreover, if >> the crime of violating social norms is in fact how Apache wishes to judge >> people for the sake of removal by committee, then I believe this statute >> should be applied fairly and equally. Thus, please review the following >> “social norm violations” made by people in Apache and on Apache TinkerPop. >> Given that social norms are not specified anywhere, I offer simply what I >> believe fall within this fuzzy category. >>> >>> 1. Roy Fielding stating I’m a Nazi troll. When asked for evidence of me >> being part of the Nazi party, none was presented. As far as I know, the >> Nazi party dissolved post WW2 and seems to exist as a word use by modern >> folk to remove people they dislike from their positions. The question: is >> libel a violation of social norms? >>> >>> 2. Sam Ruby in the past had threatened me with physical violence. If >> threat of violence is not breaking social norms then that seems like a >> break from social norms in and of itself. Thus, was Sam Ruby removed from >> his position in Apache? The question: is threat of violence a violation of >> social norms? >>> >>> 3. danielfb@ is the mysterious character that had access to our >> private@tinkerpop mailing list and said that a picture I made in >> photoshop of one of my chickens in WW2 regalia was “offensive” to him (I >> assume ‘him' given the name ‘daniel’). My response was initially to joke >> (as I do), but then continued with (I paraphrase) “let’s talk more as I >> think you will find me to be a jokester.” That man was never heard from >> again. The question: is allowing seemingly random people on our private >> mailing list in order to entrap me a violation of social norms? >>> >>> 4. Roy Fielding was unhappy with the fact that no one on the TinkerPop >> PMC cared about danielfb@’s allegation of me being a racist. In fact, >> Jorge said (I paraphrase) "that’s not racism, he’s just being silly.” He >> went on to note organizations that Apache could get behind that help fight >> racism — unfortunately, that fell on deaf ears. Instead, Roy Fielding went >> ahead and ignored the PMC's brush off saying (I paraphrase) “I know you are >> friends and its hard to punish people you’ve worked with.” This seemed odd >> to me because the email prior I had said “no one ever stands up for me >> because most people never understand the point I’m trying to make with my >> craft.” (I consider much of the work I do ‘art’). Thus, Roy Fielding pushed >> an agenda placing thoughts/emotions in colleagues that did not exist. The >> question: is baiting the group so they do his 'dirty work' not a violation >> of social norms? >>> >>> 5. Stephen Mallette and I have worked together for over a decade. It >> came as a shock to me that he said nothing in favor of my person when I was >> deemed a “racist” and a “nazi.” The question: is not standing up for a >> friend who has been there for you for many years not a violation of social >> norms? >>> >>> 6. Stephen Mallette knows what I was “charged with” was just some social >> ploy using the rhetoric of the times to restructure power by removing those >> individuals that don’t tow some party line which I was never made aware of. >> While I assert these are whimsical and without merit, you know what real >> charges you have against yourself, Stephen, and I won’t get into those, but >> I believe you would feel much better (less social stressed) as a person if >> you were to say: “letting organizations condemn people so they can steal >> prestige or money from them is not right and I take my stand against it.” >> As such, the question: when a person living in a glass house thro
Re: [DISCUSS] consider 3.4.13/3.5.2/3.6.0 release
Hi folks, I've been away for a bit during the holiday but back now thinking about this release. The issue for 3.4-dev that made me want to hold release was resolved. The fix had nothing to do with the code itself and more to do with the fact that memory requirements for the tests we'd added over the years seemed to have quietly reached a point where they were sometimes exceeding the memory available of the GH Actions instances running them. After a bit of profiling Maven executions (something I've never had to do ever) I was able to pretty drastically reduce the memory consumption and now everything works smoothly. There is one PR out there that should be merged for 3.4-dev (it's been open for a while pending the CI problem): https://github.com/apache/tinkerpop/pull/1534 and will try to get that done immediately. As I'm not aware of any other work, for 3.5-dev and 3.4-dev I think we can proceed as if this were code freeze week and move to release. I think we should hold on release 3.6.0 and continue to land PRs on master during the release process and then keep the freeze on 3.5-dev until 3.6.0 is out the door (recall that 3.4-dev is basically retired now). Please let me know if there are concerns. On Wed, Dec 29, 2021 at 2:05 PM Stephen Mallette wrote: > I think we will need to take a bit of a delay on the code freeze for this > Friday. 3.4-dev is unstable in CI - i've been trying to get to the root of > the problem for a week now and it's still not completely resolved. That's > prevented me from looking at other issues I wanted to get done and I think > that there is definitely some outstanding work from folks who are off for > the holidays. So, let's revisit code freeze a week from now and see where > things are. Thanks! > > On Mon, Dec 13, 2021 at 3:37 PM Stephen Mallette > wrote: > >> In the worst case, if there were things we wanted added to 3.6.0 that >> weren't quite ready for code freeze we could release 3.5.2 and hold the >> freeze on its branch while 3.6.0 finished. I just wouldn't want a 3.6.0 to >> force a few commits into a fast turnaround release of 3.5.3. That might >> give some buffer if we wanted, but it would be nice if it could all just >> land at once. >> >> On Mon, Dec 13, 2021 at 3:07 PM Kelvin Lawrence >> wrote: >> >>> The work for adding a regex TextP is sitting on the TINKERPOP-2652 >>> branch. I still need to write the docs and add one last Java test but >>> otherwise it's close to PR ready. I would like to try and get that into 3.6 >>> which I think I should be able to do before the cutoff. >>> In general capturing what we have now into a set of releases makes sense >>> to start the year with a pretty clean mainline branch that we can iterate >>> on. >>> Kelvin >>> >>> On Monday, December 13, 2021, 06:44:46 AM CST, Stephen Mallette < >>> spmalle...@gmail.com> wrote: >>> >>> I'd like to propose we do a release for the new year, with code freeze >>> starting conveniently on Friday December 31. >>> >>> I think we should also consider making this the last release of 3.4.x. >>> >>> It occurred to me that 3.6.x doesn't have a name yet. Working in reverse >>> (never done it this way before), I have a Victorian/Steampunk sorta >>> Gremlin >>> image that could be used for a logo, and searching around for related >>> music >>> came across a whole genre of Steampunk Music. First artist group I >>> clicked >>> on, Deus Ex Vapore Machina, has a song called "Tinkerheart" - sorta just >>> fits I'd say. >>> >> >>
Re: [DISCUSS] Removal of Marko A. Rodriguez from Apache TinkerPop
Please allow some more time for a reply as I've been away for the New Years Eve weekend. On Wed, Jan 5, 2022 at 12:50 PM Marko Rodriguez wrote: > Hey Stephen, > > Any movement on what I presented below? Meaning, do you 1.) agree with > inconsistent application of the “violated social norms” clause and if so > 2.) do you plan to argue my point ‘in good faith’ (meaning, the following > sentiment resonates with you: "every person has skeletons in their closet > so why I are we attacking Marko after contributing his PhD work to Apache > and then spending over a decade developing it only to kick him off the > project for telling jokes on Twitter?”). > > If you don’t agree, then please tell me so I can move forward on my side. > > Thank you very much, > Marko. > > > > > On Dec 31, 2021, at 2:14 PM, Marko Rodriguez > wrote: > > > > Hello everyone, > > > > As you all may know, I was recently removed from TinkerPop for the crime > of “being a Nazi troll.” When arguing I’m not a Nazi, I was told I > “violated social norms.” Assuming I violated social norms, I inquired as to > where such social norms are specified as I never signed anything when > providing TinkerPop to Apache that mentioned ’social norms'. Moreover, if > the crime of violating social norms is in fact how Apache wishes to judge > people for the sake of removal by committee, then I believe this statute > should be applied fairly and equally. Thus, please review the following > “social norm violations” made by people in Apache and on Apache TinkerPop. > Given that social norms are not specified anywhere, I offer simply what I > believe fall within this fuzzy category. > > > > 1. Roy Fielding stating I’m a Nazi troll. When asked for evidence of me > being part of the Nazi party, none was presented. As far as I know, the > Nazi party dissolved post WW2 and seems to exist as a word use by modern > folk to remove people they dislike from their positions. The question: is > libel a violation of social norms? > > > > 2. Sam Ruby in the past had threatened me with physical violence. If > threat of violence is not breaking social norms then that seems like a > break from social norms in and of itself. Thus, was Sam Ruby removed from > his position in Apache? The question: is threat of violence a violation of > social norms? > > > > 3. danielfb@ is the mysterious character that had access to our > private@tinkerpop mailing list and said that a picture I made in > photoshop of one of my chickens in WW2 regalia was “offensive” to him (I > assume ‘him' given the name ‘daniel’). My response was initially to joke > (as I do), but then continued with (I paraphrase) “let’s talk more as I > think you will find me to be a jokester.” That man was never heard from > again. The question: is allowing seemingly random people on our private > mailing list in order to entrap me a violation of social norms? > > > > 4. Roy Fielding was unhappy with the fact that no one on the TinkerPop > PMC cared about danielfb@’s allegation of me being a racist. In fact, > Jorge said (I paraphrase) "that’s not racism, he’s just being silly.” He > went on to note organizations that Apache could get behind that help fight > racism — unfortunately, that fell on deaf ears. Instead, Roy Fielding went > ahead and ignored the PMC's brush off saying (I paraphrase) “I know you are > friends and its hard to punish people you’ve worked with.” This seemed odd > to me because the email prior I had said “no one ever stands up for me > because most people never understand the point I’m trying to make with my > craft.” (I consider much of the work I do ‘art’). Thus, Roy Fielding pushed > an agenda placing thoughts/emotions in colleagues that did not exist. The > question: is baiting the group so they do his 'dirty work' not a violation > of social norms? > > > > 5. Stephen Mallette and I have worked together for over a decade. It > came as a shock to me that he said nothing in favor of my person when I was > deemed a “racist” and a “nazi.” The question: is not standing up for a > friend who has been there for you for many years not a violation of social > norms? > > > > 6. Stephen Mallette knows what I was “charged with” was just some social > ploy using the rhetoric of the times to restructure power by removing those > individuals that don’t tow some party line which I was never made aware of. > While I assert these are whimsical and without merit, you know what real > charges you have against yourself, Stephen, and I won’t get into those, but > I believe you would feel much better (less social stressed) as a person if > you were to say: “letting organizations condemn people so they can steal > prestige or money from them is not right and I take my stand against it.” > As such, the question: when a person living in a glass house throws stones, > is that not a violation of social norms? > > > > 7. Stephen Mallette knows very well the quality of Josh Shinavier’s > contributions and the hollowness of his p
Re: [DISCUSS] Removal of Marko A. Rodriguez from Apache TinkerPop
Hey Stephen, Any movement on what I presented below? Meaning, do you 1.) agree with inconsistent application of the “violated social norms” clause and if so 2.) do you plan to argue my point ‘in good faith’ (meaning, the following sentiment resonates with you: "every person has skeletons in their closet so why I are we attacking Marko after contributing his PhD work to Apache and then spending over a decade developing it only to kick him off the project for telling jokes on Twitter?”). If you don’t agree, then please tell me so I can move forward on my side. Thank you very much, Marko. > On Dec 31, 2021, at 2:14 PM, Marko Rodriguez wrote: > > Hello everyone, > > As you all may know, I was recently removed from TinkerPop for the crime of > “being a Nazi troll.” When arguing I’m not a Nazi, I was told I “violated > social norms.” Assuming I violated social norms, I inquired as to where such > social norms are specified as I never signed anything when providing > TinkerPop to Apache that mentioned ’social norms'. Moreover, if the crime of > violating social norms is in fact how Apache wishes to judge people for the > sake of removal by committee, then I believe this statute should be applied > fairly and equally. Thus, please review the following “social norm > violations” made by people in Apache and on Apache TinkerPop. Given that > social norms are not specified anywhere, I offer simply what I believe fall > within this fuzzy category. > > 1. Roy Fielding stating I’m a Nazi troll. When asked for evidence of me being > part of the Nazi party, none was presented. As far as I know, the Nazi party > dissolved post WW2 and seems to exist as a word use by modern folk to remove > people they dislike from their positions. The question: is libel a violation > of social norms? > > 2. Sam Ruby in the past had threatened me with physical violence. If threat > of violence is not breaking social norms then that seems like a break from > social norms in and of itself. Thus, was Sam Ruby removed from his position > in Apache? The question: is threat of violence a violation of social norms? > > 3. danielfb@ is the mysterious character that had access to our > private@tinkerpop mailing list and said that a picture I made in photoshop of > one of my chickens in WW2 regalia was “offensive” to him (I assume ‘him' > given the name ‘daniel’). My response was initially to joke (as I do), but > then continued with (I paraphrase) “let’s talk more as I think you will find > me to be a jokester.” That man was never heard from again. The question: is > allowing seemingly random people on our private mailing list in order to > entrap me a violation of social norms? > > 4. Roy Fielding was unhappy with the fact that no one on the TinkerPop PMC > cared about danielfb@’s allegation of me being a racist. In fact, Jorge said > (I paraphrase) "that’s not racism, he’s just being silly.” He went on to note > organizations that Apache could get behind that help fight racism — > unfortunately, that fell on deaf ears. Instead, Roy Fielding went ahead and > ignored the PMC's brush off saying (I paraphrase) “I know you are friends and > its hard to punish people you’ve worked with.” This seemed odd to me because > the email prior I had said “no one ever stands up for me because most people > never understand the point I’m trying to make with my craft.” (I consider > much of the work I do ‘art’). Thus, Roy Fielding pushed an agenda placing > thoughts/emotions in colleagues that did not exist. The question: is baiting > the group so they do his 'dirty work' not a violation of social norms? > > 5. Stephen Mallette and I have worked together for over a decade. It came as > a shock to me that he said nothing in favor of my person when I was deemed a > “racist” and a “nazi.” The question: is not standing up for a friend who has > been there for you for many years not a violation of social norms? > > 6. Stephen Mallette knows what I was “charged with” was just some social ploy > using the rhetoric of the times to restructure power by removing those > individuals that don’t tow some party line which I was never made aware of. > While I assert these are whimsical and without merit, you know what real > charges you have against yourself, Stephen, and I won’t get into those, but I > believe you would feel much better (less social stressed) as a person if you > were to say: “letting organizations condemn people so they can steal prestige > or money from them is not right and I take my stand against it.” As such, the > question: when a person living in a glass house throws stones, is that not a > violation of social norms? > > 7. Stephen Mallette knows very well the quality of Josh Shinavier’s > contributions and the hollowness of his promises as over the years we have > joked many times about it. So why would he be put on the PMC right after I > was removed as you and I both know he is a
New Committer: Lyndon Bauto
The Project Management Committee (PMC) for Apache TinkerPop has asked Lyndon Bauto to become a committer and we are pleased to announce their acceptance. During the second half of last year, Lyndon made important release critical contributions to gremlin-python introducing a whole new transport with aiohttp and adding remote transaction support. You may also see his name elsewhere in the wider TinkerPop Community as one of the folks who have revived work Ted Wilmes started with sql-gremlin. We look forward to future contributions from Lyndon as we begin the new year. Welcome Lyndon!
[jira] [Commented] (TINKERPOP-2679) Update JavaScript driver to support processing messages as a stream
[
https://issues.apache.org/jira/browse/TINKERPOP-2679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469416#comment-17469416
]
ASF GitHub Bot commented on TINKERPOP-2679:
---
tkolanko opened a new pull request #1539:
URL: https://github.com/apache/tinkerpop/pull/1539
This PR implements a change to javascript driver for allowing an optional
callback which will be run with the result set of each chunk of data returned
from the gremlin server rather than waiting for the entire query to finish.
docker/build.sh -t -i -n passes all tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Update JavaScript driver to support processing messages as a stream
> ---
>
> Key: TINKERPOP-2679
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2679
> Project: TinkerPop
> Issue Type: Improvement
> Components: javascript
>Affects Versions: 3.5.1
>Reporter: Tom Kolanko
>Priority: Minor
> Fix For: 3.5.2
>
>
> The JavaScript driver's
> [_handleMessage|https://github.com/apache/tinkerpop/blob/d4bd5cc5a228fc22442101ccb6a9751653900d32/gremlin-javascript/src/main/javascript/gremlin-javascript/lib/driver/connection.js#L249]
> receives messages from the gremlin server and stores each message in an
> object associated with the handler for the specific request. Currently, the
> driver waits until all the data is available from the gremlin server before
> allowing further processing of it.
> However, this can lead to cases where a lot of memory is required to hold
> onto the results before any processing can take place. If we had the abilty
> to process results as they come in from the gremlin server we could reduce
> memory in some cases
> If you are open to it I would like to submit a PR where {{submit}} can take
> an optional callback which is run on each set of data returned from the
> gremlin server, rather than waiting for the entire result set.
> The following examples assume that you have 100 vertices in your graph.
> current behaviour:
> {code:javascript}
> const result = await client.submit("g.V()")
> console.log(result.toArray()) // 100 - all the vertices in your graph
> {code}
> proposed addition
> {code:javascript}
> await client.submit("g.V()", {}, { batchSize: 25 }, (data) => {
> console.log(data.toArray().length) // 25 - this callback will be called 4
> times (100 / 25 = 4)
> })
> {code}
> If the optional callback is not provided then the default behaviour is
> unchanged
> I have the changes running locally and the overall performance is unchanged,
> queries run about the same as they used to, however, for some specific
> queries memory usage has dropped considerably.
> With the process-on-message strategy the memory usage will be related to how
> large the {{batchSize}} is rather than the final result set. Using the
> default of 64 and testing some specific cases we have I can get the memory to
> go from 1.2gb to 10mb.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2651) Update to .NET 6
[ https://issues.apache.org/jira/browse/TINKERPOP-2651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469381#comment-17469381 ] ASF GitHub Bot commented on TINKERPOP-2651: --- FlorianHockmann opened a new pull request #1538: URL: https://github.com/apache/tinkerpop/pull/1538 https://issues.apache.org/jira/browse/TINKERPOP-2651 Note that this only affects our build process and the Gremlin.Net.Template. Users of Gremlin.Net will not be affected by this change as that still targets .NET Standard 2.0 (and additionally .NET Standard 1.3 in `3.4-dev`). This does not necessarily have to be merged before code freeze for 3.4.13/3.5.2/3.6.0. I'm just opening the PR now as I have the contribution ready, but I can also simply retarget this on `3.5-dev` if we don't get it merged before code freeze. I verified that the Docker build also still works with `docker/build.sh -t`. VOTE +1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Update to .NET 6 > > > Key: TINKERPOP-2651 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2651 > Project: TinkerPop > Issue Type: Improvement > Components: dotnet >Affects Versions: 3.4.12, 3.5.1 >Reporter: Florian Hockmann >Priority: Minor > > [.NET 6 was released on November > 8|https://devblogs.microsoft.com/dotnet/announcing-net-6/] and it is now the > latest LTS release. > This includes (at least) updates in these places: > * the Docker build > * GH Actions > * Updating the Gremlin.Net.Template > * the contributing docs > We need to do that on all release branches so contributors only need to have > one version of .NET installed on their systems. > We can optionally also improve the codebase by using newer language features > as a part of this. > This will also enable us to add support for nullable annotations / checks: > TINKERPOP-2348. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2651) Update to .NET 6
[ https://issues.apache.org/jira/browse/TINKERPOP-2651?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469336#comment-17469336 ] Florian Hockmann commented on TINKERPOP-2651: - Just as a reminder: After updating to .NET 6, we can also update the System.Text.Json dependency to version 6. For more information, see [this comment|https://github.com/apache/tinkerpop/pull/1521#issuecomment-1005726077]. > Update to .NET 6 > > > Key: TINKERPOP-2651 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2651 > Project: TinkerPop > Issue Type: Improvement > Components: dotnet >Affects Versions: 3.4.12, 3.5.1 >Reporter: Florian Hockmann >Priority: Minor > > [.NET 6 was released on November > 8|https://devblogs.microsoft.com/dotnet/announcing-net-6/] and it is now the > latest LTS release. > This includes (at least) updates in these places: > * the Docker build > * GH Actions > * Updating the Gremlin.Net.Template > * the contributing docs > We need to do that on all release branches so contributors only need to have > one version of .NET installed on their systems. > We can optionally also improve the codebase by using newer language features > as a part of this. > This will also enable us to add support for nullable annotations / checks: > TINKERPOP-2348. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (TINKERPOP-2639) Remove previously deprecated GryoMessageSerializer infrastructure
[
https://issues.apache.org/jira/browse/TINKERPOP-2639?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469219#comment-17469219
]
ASF GitHub Bot commented on TINKERPOP-2639:
---
FlorianHockmann commented on a change in pull request #1536:
URL: https://github.com/apache/tinkerpop/pull/1536#discussion_r778742241
##
File path: docs/src/reference/intro.asciidoc
##
@@ -434,13 +434,9 @@ touch upon important concepts to focus on here.
The first of these points is serialization. When Gremlin Server receives a
request, the results must be serialized to
the form requested by the client and then the client deserializes those into
objects native to the language. TinkerPop
-has three such formats that it uses with
link:https://tinkerpop.apache.org/docs/x.y.z/dev/io/#graphbinary[GraphBinary],
-link:https://tinkerpop.apache.org/docs/x.y.z/dev/io/#gryo[Gryo] and
-link:https://tinkerpop.apache.org/docs/x.y.z/dev/io/#graphson[GraphSON]. Among
these serialization formats, users
-should prefer GraphBinary as it combines the best features of both GraphSON
and Gryo and it provides the most even
-user experience across different programming languages. There are areas
however where this is not quite true, as
-Gremlin Language Variants don't have full GTMs present and therefore don't
have the complete means to accomplish what
-a pure JVM solution would.
+has two such formats that it uses with
link:https://tinkerpop.apache.org/docs/x.y.z/dev/io/#graphbinary[GraphBinary],
Review comment:
(nitpick) with GraphBinary _and_ GraphSON.
##
File path: docs/src/dev/io/gryo.asciidoc
##
@@ -160,6 +160,8 @@ As of TinkerPop 3.3.0, there is now a new version of Gryo
in 3.0 that is only pa
to use 3.0 serializers with 1.0 serializers will likely lead to failure. For
best results, users should always
utilize the same version of TinkerPop on the client as on the server.
+IMPORTANT: As of 3.6.0, Gryo `MessageSerializer` implementations have been
removed from the codebase.
Review comment:
Shouldn't we also at least remove this sentence from line 127:
> This characteristic makes it ideal for use in Gremlin Server, which is
designed to return arbitrary results of varying types
as Gryo can now only be used a file I/O format?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@tinkerpop.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Remove previously deprecated GryoMessageSerializer infrastructure
> -
>
> Key: TINKERPOP-2639
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2639
> Project: TinkerPop
> Issue Type: Improvement
> Components: io
>Affects Versions: 3.4.12
>Reporter: Stephen Mallette
>Assignee: Stephen Mallette
>Priority: Minor
> Labels: breaking
> Fix For: 3.6.0
>
>
> {{application/vnd.gremlin-v1.0+gryo-lite}} was deprecated in 3.2.6 and and
> Gryo message serializers in general were serialized around the time
> GraphBinary was added. They have just managed to hang in there. Seems safe to
> remove it in 3.6.0.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
