This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-06-18
Channels
- # announcements (35)
- # babashka (31)
- # beginners (77)
- # biff (23)
- # calva (1)
- # clj-kondo (4)
- # cljsrn (3)
- # clojure (71)
- # clojure-dev (9)
- # clojure-europe (51)
- # clojure-france (3)
- # clojure-germany (1)
- # clojure-nl (3)
- # clojure-spec (9)
- # clojure-uk (42)
- # clojurescript (24)
- # clojureverse-ops (3)
- # component (16)
- # cursive (1)
- # data-science (8)
- # emacs (1)
- # fulcro (5)
- # graalvm-mobile (1)
- # graphql (2)
- # honeysql (36)
- # leiningen (3)
- # malli (3)
- # off-topic (16)
- # remote-jobs (1)
- # sql (3)
- # testing (19)
- # tools-deps (11)
- # xtdb (20)
Good news - Crux spike added to our next sprint ๐ Lots of question incoming :umbrella_with_rain_drops: ๐
Hi everyone! Newbie here so sorry if this has been covered. Does anyone know if it's possible to configure Crux with any of the back-ends to encrypt data at rest? Theoretically RocksDB supports this (I read through the C++ PR) but I haven't been able to find a single example of how to configure this in Rocks or any of the other back-ends. (I'm using Crux in embedded mode in a small low-volume server, not standalone.) Thanks in advance!
Hey ๐ I've looked into this briefly before, and seen (presumably) the same RocksDB PR, but I'm not aware of anybody attempting to use it with Crux thus far. Are you explicitly hoping to avoid unnecessary performance costs of fs/block/disk-level encryption?
> Are you explicitly hoping to avoid unnecessary performance costs of fs/block/disk-level encryption?
No; from a security point of view I'm more worried that my own server gets cracked than that the hosting provider does.
Thus: the desire for the database files themselves to be encrypted.
Ah okay, that's interesting. I suspect that even with Rocks' baked-in encryption, if your API server is compromised then all bets are off - although I appreciate that having multiple layers never hurts. Is there a compliance / regulatory motivation behind this also?
> compliance Yes. PII.
Got it :thumbsup: Well, if you'd be interested to meet & discuss the options next week I'd be more than happy to spend some time looking at this again in advance
yep ๐ pull-many still only needs one Crux query - it's essentially a select ... where id in (...) rather than select ... where id = ...
My SQL is really rusty, so Iโm not sure I follow the implication of the example. But Iโll interpret it as thereโs some overhead being eliminated :)
So, I guess pull-many will return results out of order (as compared to the inputs), and will omit entries where nothing is found. Is this documented somewhere? I looked around and couldn't find anything written about it.
If not, it'd be great to have it added to the documentation. This was surprising when working with Pathom, which relies on both qualities (correct order, same number of entries out as came in).
Sort of a wacky idea I had the other day: if you made a dynamically resolved transaction function, you could use it to create materialized views/whatever the accepted term is from domain events:
(ns foo.handlers)
(defmulti handle-event :handle-event)
(defmethod handle-event :foo
[ctx event]
...)
(crux/submit-tx
node
[[:crux.tx/put
{:crux.db/id :handle-event
:crux.db/fn '(fn [ctx event]
((requiring-resolve 'foo.handlers/handle-event)
ctx event))}]])
(crux/submit-tx
node
[[:crux.tx/fn :handle-event {:event/type :foo
...}]])interesting ๐ been wondering about how best to get Crux and event sourcing working together. we've also got a (mostly internal but I don't really see it going away) begin-tx API talking directly to the index store that I've considered using for this kind of use case
maybe there's room for a little component that sits between an external tx-log and Crux, transforms the events as necessary and calls that API
there's not a lot in Crux that requires our tx-log - submit-tx, obviously, but if you've got a separate log you likely won't be calling that. good ol' unbundling ๐
that sounds like it'd be pretty nifty. for a little while last year I thought we had reached nirvana because of the https://materialize.io launch... but after using it for a while I realized it has memory constraints that make it unsuitable for arbitrary web apps ๐