[dsl]

This library is dangerous and should not be used.

It contains hardcoded values that could result in the library not working as intended, or unintentional DoS attacks against innocent third parties if it were implemented in a widely distributed piece of software.

[ay]

In general “checking whether the connectivity to internet exists” is an idea that may create a massive pain down the road when implemented, because the heuristics used are not equal to actual connectivity, thus will break one day.

Just attempt to perform the operation you want, and if it fails, give the feedback to the user that it failed. Why does it have to be more complicated than that ? (It is not a rhetorical question)

[spuz]

Way back in the dial-up days, I wrote a program to measure the periods of time that a user was online and the corresponding phone call charges which varied depending on the time of day. This meant I had to know to the second whether or not the user was 'online'. Since the days of per-minute charges for internet are long gone, I find it hard to imagine other reasons you would need to know if the user is online rather than able to access a specific server.

[jesusprubio]

It's only my first crate I made to learn about the environment.

But I truly believe in this micro modules way of building things. If it reduces complexity it's welcome. :)

[jesusprubio]

Agree, answered in other comments but the idea is I truly believe in this micro modules way of building things. If it reduces complexity it's welcome. :)

[jesusprubio]

About the option to pass other services I agree, answered here: https://news.ycombinator.com/item?id=20028483

About DoS attack, I think you need to review how those work, the library is not implementing amplification or something similar.

[dsl]

Did you get permission from OpenDNS and Icanhazip? If not, you are effectively launching a distributed attack against them with worthless traffic.

If you don't understand what I mean - just pull the project and do some more research before you release something like this.

[jesusprubio]

Launching a distributed attack by publishing a crate which makes one request? XD

You can relax, I know how they work. My final year project was about DoS. I would send you the link but it's Spanish.

But I can say you I've written a tool to implement this vector (among others) against VoIP services and it was presented even at the BlackHat conference.

[dsl]

http://pages.cs.wisc.edu/~plonka/netgear-sntp/

[d33]

It's pretty easy to measure how many projects your library is tied to and scale the service up. Yes, ideally it would have a large pool of servers to test against, but I think it's a good idea to abstract the problem away and then work on it.

EDIT: it looks like I'm getting downvoted for this opinion - could any of the downvoters also reply as to why it's a bad idea?

[martin_a]

Did not downvote you, but I think you might have missed the point: If the package is widely in use, one could change the host that is pinged/whatever. People probably don't look in depth at such packages and will just update it. This leads to probably MASSIVE traffic to endpoints which are not expecting this.

That is pretty much what happend with this dubious WordPress plugin developers that changed their "license check" or keep-alive check or whatever to do some hundred thousand (or so) "checks" to their competitors website per hour.

[dsl]

> It's pretty easy to measure how many projects your library is tied to and scale the service up.

You are being downvoted because the author pointed at random services not under his control. So if a mobile app with million of users deployed this, an innocent third party that has nothing to do with the author would be hit with millions of requests they didn't ask for.