On Wed, Jul 8, 2009 at 1:59 AM, Ian Hickson<ian at hixie.ch> wrote:
> I include below, for the record, a set of e-mails on the topic of settings
> limits on Workers to avoid DOS attacks.
> As with other such topics, the HTML5 spec allows more or less any
> arbitrary behaviour in the face of hardware limitations. There are a
> variety of different implementations strategies, and these will vary
> based on the target hardware. How to handle a million new workers will be
> different on a system with a million cores and little memory than a system
> with one core but terabytes of memory, or a system with 100 slow cores vs
> a system with 10 fast cores.
> I have therefore not added any text to the spec on the matter. Please let
> me know if you think there should really be something in the spec on this.

Shouldn't a per-user setting be the sanest approach for the worker
limit? For example, it would quite make sense for me to want a low
limit (let's say 10 or so) workers on my laptop's browser; but have no
restriction (or a much higher one, like some thousand workers) on my
Ian's point is key here: what's an appropriate limit for workers
depends almost entirely on hardware resources (and probably also on
implementation efficiency and other secondary aspects), and there is a
*huge* variety of hardware configurations that act as web clients, so
it's just impossible to hardcode a limit in the spec that works
properly for more than a minority. At most, I would suggest a note
like this in the spec "User agents SHOULD provide the user a way to
limit the ammount of workers running at a time.": emphasis on the
"SHOULD" rather than a "MUST", and also on the fact that the final
choice is for users to make. Then it'd be up to each implementor to
decide on default, out-of-the-box limits for their browser (it would
make sense, for example, if Chromium had a lower default limit than
FF, since C's workers are more "expensive").

