/attention vulnerability with notification
Users can abuse the way Gajim manifest
/attention command, by flooding a Gajim user with
/attention messages and result in high rate of Disk I/O, which is the most critical part of this scenario.
[20:32:46] mmlosh: oh.. silly me.. I deliberately wrote //attention [20:32:59] mmlosh: cause I though it's a hack on top of XMPP [20:33:40] mmlosh: btw: they stack on top of each other above the screen height [20:36:25] mmlosh: which means anyone can send me kilometers of popups I could never get rid of
- Limit every session to X balloon popups.
- If user sends X (to be defined) /attention messages within 2 minutes, on average, Gajim will stop execute notify-send (or whatever it does to get a balloon popup) for this particular user. >[20:49:20] mmlosh: what is a point of having two notifications displayed from one user? >[20:49:34] mmlosh: making the sound again perhaps makes sense >[20:49:43] mmlosh: but displaying two messages? >[20:49:52] mmlosh: well.. unless you got no notification that the user closed it
- Limit balloon popup~~s~~ to one for each session.
- Limit balloon popup to one for each time we switch from tab that sent us an
/attentionmessage, that is to say, Gajim will make another balloon each time tab is inactive, once again.
I prefer number 3. Realisation:
Psi sends to Gajim one /attention message. (displayed) Psi sends to Gajim a second /attention message. (not displayed) Gajim opens conversation with Psi. Psi sends to Gajim a third /attention message. (not displayed) Gajim switches to not-Psi tab. Psi sends to Gajim a forth /attention message. (not displayed) Gajim closes Psi tab. Psi sends to Gajim a fifth /attention message. (displayed)
A popup is allowed only each time a tab is closed.