Use JeroMQ by default

Question

Use JeroMQ by default

Opened this issue 11 years ago · 6 comments

Answer 1 · 2013-12-22T16:41:08.000Z

I vote that this waits until jeromq implements libcurve.

Using 0mq from clojure is painful right now. It should be, if only because plain-text transmissions should never be the default.

The alternative (hey, everybody else does it) is tempting, but it's also wrong. If I really want to transmit a plain-text message, that should be my choice...but it really should be more painful than sending it securely.

Let's get the native wrapper working securely. Then we can worry about getting security experts to worry about translating the details into java. Then this step makes sense.

That's my vote, anyway. FWIW.

Answer 2 · 2013-12-22T18:42:48.000Z

Doing a secure transmission will always require more work; you have to
prepare long term keys at either side, configure the 0MQ sockets to use
them, and handle authentication requests at the server.

There's no sense in asking that plain text communications be more difficult
than this. No-one would use such software.

-Pieter

On Sun, Dec 22, 2013 at 5:41 PM, jimrthy notifications@github.com wrote:

I vote that this waits until jeromq implements libcurve.

Using 0mq from clojure is painful right now. It should be, if only
because plain-text transmissions should never be the default.

The alternative (hey, everybody else does it) is tempting, but it's also
wrong. If I really want to transmit a plain-text message, that should be my
choice...but it really should be more painful than sending it securely.

Let's get the native wrapper working securely. Then we can worry about
getting security experts to worry about translating the details into java.
Then this step makes sense.

That's my vote, anyway. FWIW.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/31#issuecomment-31090704
.

Answer 3 · 2014-01-02T05:01:43.000Z

Yes, you're absolutely correct. I went way too far and missed overstepped the basic point.

That doesn't change my vote (FWIW): I think it's a mistake to switch to jeromq as a default until it implements curve.

Answer 4 · 2014-02-07T11:20:23.000Z

Hello,
Is there a way to force cljzmq to use jeromq if both jzmq and jeromq are in classpath?

Thanks

Answer 5 · 2014-02-09T23:35:21.000Z

@kul I would try loading one earlier in the classpath and see what happens but you really shouldn't be loading both in the same classpath since you can get non-deterministic behaviour.

Answer 6 · 2016-10-09T03:12:06.000Z

I think using jzmq / native bindings is a more sensible default. It seems like libzmq is basically the "core product" of ZeroMQ, so the most straightforward way to provide ZeroMQ to Java developers is to allow them to use libzmq via native bindings.

That said, I prefer JeroMQ personally, as native dependencies in Java are a bit of a nightmare, and it's nice not to have to require end-users to install them.

It seems like it will take some time for JeroMQ to catch up to the state of the art in libzmq, but I think that even when that happens, using libzmq via native bindings is still probably a better default.

Also, FWIW, I don't find it too cumbersome to exclude jzmq from the dependencies and use JeroMQ when using cljzmq. Maybe instead of making JeroMQ the default, we could add a more obvious note about excluding jzmq to use JeroMQ in the README, instead of tucked away in the FAQ in the wiki.