These are chat archives for akkadotnet/akka.net

4th
Feb 2016
Mikey
@BrainSlugs83
Feb 04 2016 02:40
Just logged issue #1687.
In the meanwhile -- how can I convert a string literal to a fully escaped hocon string?
(like the equivalent of Regex.Escape?)
Jeremy
@jeremybphillips
Feb 04 2016 05:29
Can a resizer be used with a cluster aware router? After adding a resizer section to my router config I get the following:
"Resizer can't be used together with cluster router."
John Nicholas
@MrTortoise
Feb 04 2016 08:06
Roger Johansson
@rogeralsing
Feb 04 2016 09:04
This message was deleted
@brainslug83 see #1689
John Nicholas
@MrTortoise
Feb 04 2016 09:13
oh sorry i completley misunderstood
alexgoeman
@alexgoeman
Feb 04 2016 13:48
Hi is there a way to intercept messages before they are sent and after they are received via remoting ? (and optionally reject them )
John Nicholas
@MrTortoise
Feb 04 2016 13:50
why not write 2 actors that sit either side of the remoting boundary?
alexgoeman
@alexgoeman
Feb 04 2016 13:59
because this still allows "attackers" to send messages to any actor, I was thinking about doing some checks when messages arrive (type of message, security token,...)
John Nicholas
@MrTortoise
Feb 04 2016 14:40
i'm not sure why you think that. Why do you think you can remotley execute arbitrary messages on an arbitrary actor?
John Nicholas
@MrTortoise
Feb 04 2016 14:46
how would you do those checks? perhaps in an authentication actor or the recieve end that delegates into your system? perhaps you would wrap the messages to the boundary that is secure by using an actor to wrap the message in the authentication wrapper? Look at tls handshake, sts and saml claims based stuff and i think you have a hard road. One way would be to outsource the remote stuff to something like grpc / wcf ... probably better than home rolling by gigantic proportions (but i know i don't know how to test this stuff).
alexgoeman
@alexgoeman
Feb 04 2016 14:50
"Why do you think you can remotley execute arbitrary messages on an arbitrary actor? " => Because "Server" is accessible via remoting, and since this has no security features, it allows being connected by everyone on the network (intranet). So if attacker knows the network name of some actor, he can send messages directly to some actor and bypassing some authorisation checks
Idea was to intercept all messages entering into the system, and rejecting all the ones that have no authentication info (e.g. requriing messages to be inherited from some base class that has provisioning for containing some security tokens,...) except messages required for authentication
When all messages have authentication info, then actors can make authorization decisions
alexgoeman
@alexgoeman
Feb 04 2016 14:56
outsouring to e.g. wcf is not wanted because I wanted to use the possibility to push messages to clients
Using remoting makes programming model transparent
John Nicholas
@MrTortoise
Feb 04 2016 14:56
thats a pretty good problem ;)
yeah
my point with wcf was simply a way out of hand rolling the whole tls thing.
but given your problem yeah
i'm 0 for 2 today im afraid ;p I don't want to waste your time. If you cant find anythign on akka.net this must be something that has been solved many times on the scala side of things
alexgoeman
@alexgoeman
Feb 04 2016 15:01
Got impression that scala side only concentrates on having the messages sent encrypted over the network, but also does not tackle anything related to authentication/ authorization message based
I really wandering how others tackle this issue ? I read about creating a safe network around the actorsystems in the network, but that is really avoiding the security issue. I have no problems with avoiding issues, but in this case this is not a solution
Bartosz Sypytkowski
@Horusiath
Feb 04 2016 15:11
@alexgoeman you could build encryption layer on top of akka.net serialization - encryption key would be shared only by trusted parties. Would that be enough secure?
alexgoeman
@alexgoeman
Feb 04 2016 15:14
I'm not mainly concerned with confidentiality (of course always nice to have) , but more with integrity and authentication (authorisation). It is in a corporate environment (Microsoft based), to I would like the the client could make use of single sign on of the user to authenticate itself (and its messages) to the server
distributing a shared secret in a client application does also not seem to be a secure way of doing things, I can imaging that such things can work on server side, where you can protect access of the secret on those machines, but in a client app this is difficult
Bartosz Sypytkowski
@Horusiath
Feb 04 2016 15:17
part of security will be built-in once Akka.NET switch to DotNetty (which supports TLS), and this is the part I'm referring to. When it comes to user authentication - in actor model there is no notion of user, you need to implement one if you need it
alexgoeman
@alexgoeman
Feb 04 2016 15:35
Indeed TLS would not solve problem. But I'm looking for some pattern to solve this with Akka.Net. I can add some interface to each message that allows some security info to be associated with the message, but it would be nice that I have to entrypoints in which I can set and verify this information without having this todo in each receive or during message construction. E.g. I could make my own ActorType, but then need probably create one for each already existing Actor class (not really maintainable), so some interception point would be very nice
Zetanova
@Zetanova
Feb 04 2016 15:50
@alexgoeman @Horusiath The SecurityContext has the same problem as the CallContext with the ActivityId, currently there is no way to hold an implecit ambient-value.
@alexgoeman Currently u need to store it in the message. A good performant solution for u would be to host an SSO server or an auth service inside akka to genrate a securityToken that u cant send with each message
As it would be in http/web2.0
Michel van den Berg
@promontis
Feb 04 2016 15:54
Normally you would sent a token with an http header
you could create some base actor with such a token
and then you can validate
alexgoeman
@alexgoeman
Feb 04 2016 15:55
Indeed, I agree but is there an easy way to associate every message leaving the client actor system with that token
Michel van den Berg
@promontis
Feb 04 2016 15:55
no not build in
akka.net is more low level
but you can easily add it yourself
alexgoeman
@alexgoeman
Feb 04 2016 15:56
@promontis : using a base class has disadvantage that there are already multiple base classes for actors, so I would need to create several base classes
Zetanova
@Zetanova
Feb 04 2016 15:56
@alexgoeman instide to send a message to a remote system, u can send it to a local proxy, thats warps it in a message with the securityToken and send it to the remote ForwardProxy
that unwarps it and check the security
Michel van den Berg
@promontis
Feb 04 2016 15:57
nice
alexgoeman
@alexgoeman
Feb 04 2016 15:57
Does someone know how e.g. Akka.net associates the Sender with each message ? This could be also used to dynamically add extra props with message
Michel van den Berg
@promontis
Feb 04 2016 15:57
I wouldn't do that
I would take Zetanova's route
much more transparent
Zetanova
@Zetanova
Feb 04 2016 15:58
all message are warpped in an envelope that contains the sender
Alex Achinfiev
@aachinfiev
Feb 04 2016 15:58

Hi guys. I have a question about Akka.Persistence plugin. I was following the example on https://petabridge.com/blog/intro-to-persistent-actors/ and setup a simple actor that has a list of messages on it which get auto snapshoted every 100 messages. I am using default persistence plugin which dumps a file on each snapshot.

void Main()
{
    var sys = ActorSystem.Create("ImportTest");
    var actor = sys.ActorOf<ImportActor>("Import");

    for (int i = 1; i <= 205; i++)
    {
        actor.Tell("msg" + Guid.NewGuid());
    }

    var result = actor.Ask(new ImportActor.GetMessages());
    result.Dump("Messages");
}

// Define other methods and classes here
public class ImportActor : ReceivePersistentActor
{
    public class GetMessages {}

    private List<string> msgs = new List<string>();
    private int msgsSinceLastSnapshot = 0;

    public override string PersistenceId
    {
        get { return "Import"; }
    }

    public ImportActor()
    {
        Recover<string>(str => msgs.Add(str));
        Recover<SnapshotOffer>(offer =>
        {
            var messages = offer.Snapshot as List<string>;
            if (messages != null) 
                msgs = msgs.Concat(messages).ToList();
        });

        Command<string>(str => Persist(str, s =>
        {
            msgs.Add(str);
            if (++msgsSinceLastSnapshot % 100 == 0)
            {
                SaveSnapshot(msgs);
            }
        }));
        Command<SaveSnapshotSuccess>(success =>
        {
            // soft-delete the journal up until the sequence # at
            // which the snapshot was taken
            DeleteMessages(success.Metadata.SequenceNr, false);
            msgs.Count.Dump("Remaining msgs");
        });
        Command<SaveSnapshotFailure>(failure =>
        {
            failure.Dump("Snapshot Save Failed");
        });
        Command<GetMessages>(get => Sender.Tell(msgs.AsReadOnly()));
    }
}

If I sent 105 messages at once everything will work great and snapshot will be created without errors. However, if I send over 200 messages during which process it will try to snapshot I get Collection was modified; enumeration operation may not execute exception in LocalSnapshotStore when it's trying to serialize it to JSON. I was under impression that processing further messages shouldn't affect what's being flushed to disk. Am I doing something wrong in this process? Thanks.

alexgoeman
@alexgoeman
Feb 04 2016 15:59
@Zetanova : using some proxies, would that not imply loosing location transparency, in some way, because you need to target proxy and not the actor
Zetanova
@Zetanova
Feb 04 2016 16:01
@aachinfiev SaveSnapshot(msgs.AsReadOnly());
or double buffer
Alex Achinfiev
@aachinfiev
Feb 04 2016 16:02
AsReadOnly() still causes error. I have to do ToList() then it seems to work fine.
Zetanova
@Zetanova
Feb 04 2016 16:02
@alexgoeman akka is to basic that u could archive an good abstraction
the ForwordProxy would be the sender and could even use child-actor as the Sender
Same goes for the initiator for the client side
if it gets a response, the sender would be the local ForwardProxy
if it need to send message to an address then this address is to be the proxy
Marc Piechura
@marcpiechura
Feb 04 2016 16:07
But you could keep the original sender if you set him explicit in the proxies
Zetanova
@Zetanova
Feb 04 2016 16:07
yes, and second message to this Sender would destroy the security context
Marc Piechura
@marcpiechura
Feb 04 2016 16:08
Yeah true 😬
alexgoeman
@alexgoeman
Feb 04 2016 16:11
@Zetanova "akka is to basic that u could archive an good abstraction" would do you mean with that ? Do you mean that we need to give up on the normal abstraction of akka because it is too simple/basic ? My concern is that when sending messages you need to know / decide if you need the proxy (because it is going remotely) or not because it stays in the same actorsystem. You can always send it to proxy also of course.
Zetanova
@Zetanova
Feb 04 2016 16:18
@alexgoeman with basic i mean low complexity. transparancy requires a high complexity implentation. Just try to implement an ObjectProxy like the -net-remoting RealProxy yourself, its gets very complex very fast.
alexgoeman
@alexgoeman
Feb 04 2016 16:19
@Zetanova: Ok thank you very much for the proxy suggestion
Zetanova
@Zetanova
Feb 04 2016 16:26
@alexgoeman It is not a suggestion, it's a warning not to do it. The best way to get your required security into akka, is with the securityToken in required message that needs it. You can have local a security token coordinator-actor that can cache tokens with the securityContext like it is done in WebAPI with OAuth. Its simple and performant. To make a transparant security into akka will require a high complexity => your time will burn away
Michel van den Berg
@promontis
Feb 04 2016 16:26
so basically some base class?
something like a BasicAuthenticationActor
btw, would be nice to get a petabridge article on this security thing @Aaronontheweb
also, I remembered other people suggesting to put the actor systems within a virtual network
and only expose the web api
isn't that an option?
alexgoeman
@alexgoeman
Feb 04 2016 16:31
@promontis : "only expose the web api" => only an option if you do not want client actorsystems connecting. And this makes you using another programming model on the client and losing push based notifications
Michel van den Berg
@promontis
Feb 04 2016 16:31
ah so you are using client actor systems
Anthony Brown
@bruinbrown
Feb 04 2016 16:31
@alexgoeman Adding security is an interesting problem, the best approach if you can't have any layers in between might be to use a proxy between remote systems which receives a message envelope containing 3 things, the message, the destination and something like a JWT or a similar stateless auth token. But this isn't good enough on it's own since a remote party could just send a message to every actor on the remote actor system bypassing the proxy. One way to solve this is to mark all of your messages with PossiblyHarmful which prevents them being sent over remoting and only allows them to be sent to a local actor system. The proxy can then unwrap a serialized possibly harmful message and then forward it on to the target actor, since it's sent through the proxy it would then be authorised
Michel van den Berg
@promontis
Feb 04 2016 16:33
@alexgoeman what kind of clients are you building? Like windows clients?
Alex Achinfiev
@aachinfiev
Feb 04 2016 16:34
Is there an example of use of AtLeastOnceDeliveryReceiveActor?
alexgoeman
@alexgoeman
Feb 04 2016 16:34
@promontis : wpf notification client
Michel van den Berg
@promontis
Feb 04 2016 16:35
ah yes
thought so... currently I have only mobile clients... would love to have support for that
alexgoeman
@alexgoeman
Feb 04 2016 16:38
@bruinbrown . Where is your proxy or proxies located ? On the client side or the server side. If server side then can it receive a PossiblyHarmful message ? So some proxy actor needs to exist in each actor system and this proxy actor serialized message to byte array send a wrapped message to other proxy actor which deserializes and forwards message ?
@bruinbrown : Or can the wrapped message be sent remotely if it contains a PossiblyHarmful message ?
John Nicholas
@MrTortoise
Feb 04 2016 16:40
@alexgoeman You want to know who the sender of a message is. But if you did exactly that and in receive handlers had an authorised list of senders and validated against this then you start to make progress. I'd use sts + saml claims based approach as i mentioned above. Then it doesnt matter if you can call anything from anywhere only authorised parties could make the call.
also do not confuse the address of an actor with what actor is there. Especially once you use authorisation.
no idea how you can get to that though
alexgoeman
@alexgoeman
Feb 04 2016 17:14
@bruinbrown PossiblyHarmful messages, is this supported in Akka.Net ?
Maxim Salamatko
@maxim-s
Feb 04 2016 17:18
@alexgoeman yes, IPossiblyHarmful interface and untrusted mode
JaspritBola
@JaspritBola
Feb 04 2016 17:37
@voltcode how are you hosting it?
Anthony Brown
@bruinbrown
Feb 04 2016 17:54
@alexgoeman Your proxy would exist on the server side, client side, you would add an extension onto IActorRef, something like SendRemote which takes an auth token and a message, wraps it all and automatically directs it through the proxy. No proxy needed on the client side, just a different version of Send required
voltcode
@voltcode
Feb 04 2016 18:15
@JaspritBola I run web app in Vs, the service I in another vs instance
Basically I want to know how best implement/configure self healing for seed nodes and non seed. The fact that one type of cluster disassociation happens in Vs is arbitrary - there would be other situations which cause the same effect.
Aaron Stannard
@Aaronontheweb
Feb 04 2016 19:36
@BrainSlugs83 @voltcode eh, I'll just write a blog post about my Azure bootstrapper this week
it's a technique I had to use with Akka.Remote or anything that doesn't use HTTP
had to use a bootstrapper even with Cassandra when I was managing a couple of those clusters
each node needs some reliable way of knowing which port and IP are publicly accessible within the appropriate zone
on AWS, which has a sane SDK compared to Azure, I could do that pretty easily
with Azure Cloud Services I have to plug into the service runtime
for self-hosted stuff I had to do something similar to what @christiansparre mentioned - I'd iterate over all of our IPs and round-trip them over the network to figure out what my public one was
and then use that
the other thing I did, because I care about the happiness of my DevOps people, was make sure that a set of whitelisted ports were always available on every machine within the secure zone
I left a range open, usually 10-15 ports
even if I only ever needed to use one of them
that way, if at some point in the future, I needed to listen on a second port
Aaron Stannard
@Aaronontheweb
Feb 04 2016 19:41
I wouldn't have to re-image our machines or mess with our infrastructure
in general the local Windows / Linux firewall on each individual VM should be looked at as a secondary / tertiary line of defense against instrusions
and I think it probably causes more problems than it solves, but I'm paranoid so I never turn it off
@rogeralsing @Horusiath I had like 40 people run WebCrawler at once in this conference in Montreal where I was teaching a workshop
we successfully saturated the 500 mbs network they set up and ruined the presentations for at least two other speakers :+1:
Roger Johansson
@rogeralsing
Feb 04 2016 19:46
lol :)
so did the cluster hold? any bugs?
Aaron Stannard
@Aaronontheweb
Feb 04 2016 19:46
yeah, found one bug
seed node left, new node tried to join, seed node came back, new node joined
but the gossip about it joining was never sent to the clustered group router
so it didn't get sent any work
so that's a bug
but otherwise, we were able to download like 1.5 million pages off of MSDN
each
I think Wikipedia blacklisted our NAT too since some people were crawling that
overall I'm feeling more and more confident about Akka.Cluster
1.0.6 was a major improvement
mostly because of the stuff inside Akka.Remote
@alexgoeman untrusted mode in Akka.Remote allows you to only send messages to a specific set of paths on each nodes
otherwise the messages are dropped
you can use that
and the actors who sit at those paths would basically be your "greeter" actors who see the remote messages first before they go anywhere else
after initial contact though
if one of the actors on your "secure" side of the connection replies back to another actor on the "insecure" side
they'll both have an actor reference to each other
and can freely communicate
it's just that the initial ActorSelection used to initiate contact can only go to a certain place
in the not too distant future we'll also have TLS
Aaron Stannard
@Aaronontheweb
Feb 04 2016 19:57
other thing I've done before is using authenticated hashes
a symmetric encryption technique that is session-based and relies on both ends of a connection having a shared secret and a handshake + key exchange before anyone can read the other's messages
that would solve the "authentication" problem for you, but not authorization
Akka.Remote is just a transport - it's kind of like how you wouldn't have authorization built into a socket
you'd need to deal with that in the design of your actors
solution I've seen before is one where messages that are responsible for triggering security-sensitive operations come with some Claims built in
expressed as tokens
and the actor can verify that those claims / tokens are valid from some sort of shared security service before it executes its job
EGirardi
@EGirardi
Feb 04 2016 20:01
@sean-gilliam , Thanks Sean - I used that config format as you typed it but still get an error: {"Configuration problem while creating [akka://MacActorSystem/user/MsgTakerActor/$b/CustomerFunctionsActor] with router dispatcher [akka.actor.default-dispatcher] and mailbox and routee dispatcher [akka.actor.default-dispatcher] and mailbox []."} Does anyone have an example config file that includes a Router setting ?
voltcode
@voltcode
Feb 04 2016 20:54
@Aaronontheweb I remember you mentioning the bootstrapper before, but how does it relate to actively self healing the cluster?
Or maybe I should just write another cluster listener for non seed nodes to rejoin manually after losing connection and be done with it?
Yin Zhang
@melcloud
Feb 04 2016 22:05
Hi guys, lately we got several following errors in Akka.net. Does anyone have a idea of why? We are still using 1.0.4 akka for now
System.ArgumentOutOfRangeException: intervalSum must be >= 0, got -1204428931
Parameter name: intervalSum
   at Akka.Remote.HeartbeatHistory..ctor(Int32 maxSampleSize, List`1 intervals, Int64 intervalSum, Int64 squaredIntervalSum)
   at Akka.Remote.HeartbeatHistory.op_Addition(HeartbeatHistory history, Int64 interval)
   at Akka.Remote.HeartbeatHistory.op_Addition(HeartbeatHistory history, Int64 interval)
   at Akka.Remote.PhiAccrualFailureDetector.HeartBeat()
   at Akka.Remote.DefaultFailureDetectorRegistry`1.Heartbeat(T resource)
   at Akka.Remote.RemoteWatcher.ReceiveHeartbeatRsp(Int32 uid)
   at Akka.Remote.RemoteWatcher.OnReceive(Object message)
   at Akka.Actor.UntypedActor.Receive(Object message)
   at Akka.Actor.ActorBase.AroundReceive(Receive receive, Object message)
   at Akka.Actor.ActorCell.ReceiveMessage(Object message)
   at Akka.Actor.ActorCell.Invoke(Envelope envelope)