MS SQL, Mixcloud, GDPR, BrachScope, JonDonym, Loopix, Riffle, Smart Sticker

  • Finalized diff analysis of different MS SQL Server bak (backup) files and were happy. As hoped, those contained mostly equal and replace sections. Which means that has based de-duplication works well. If there are any inserts or deletes at other locations than the file end, it totally breaks the block based de-duplication. Anyway, computing diff on byte level for 5 megabyte file, oh my god it was slow (took several hours) and CPU intensive. I do understand why differential compression / files aren't always used. Generating those can take ages for larger data sets. Unless there's some higher level source which allows creating those in more sane way. Of course there are many optimizations and shortcuts you can take. I guess the difflib isn't really optimized at all. It could be even pure Python implementation. Didn't bother to check. Because it's so slow, it shows some inherit algorithmic / implementation weaknesses. It really shouldn't be insanely slow.
  • For unknown reason Mixcloud requires me to reload the site once after logging in. Otherwise the playlist data isn't available and adding anything to play queue will actually erase the existing (yet not present) list. Wonderful small fails, world is so full of those. (Note: They have actually fixed this in the last two years this post has been in the backlog)
  • About Windows 10 exFAT encryption and PFILE extension. It seems that even the Microsoft experts get it wrong. This is kind of hilarious. Yes, copying files DO change the extension in this case. So the reply is absolutely incorrect.
  • Had long talk with colleagues, which organization we're going to GDPR target. We're compiling ready list and request documents. So when the law becomes enforceable, we're sending out bunch of requests. There are obvious organizations like huge retail chains and health services etc. But those are pretty much guaranteed to have it right. But then there are smaller organizations with bonus systems and all kind of web services and online stores which require user account or store your address, even IP address and so on. Those are absolutely great targets, because I'm pretty sure they haven't thought about this matter at all. And it's easy to forget that identifying information like email address, phone number or car license plate etc, is enough to make it a register subject to GDPR.
  • BranchScope - More branch predictor / CPU "feature" based exploits and vulnerabilities also checked out the new variants of Meltdown and Spectre called MeltdownPrime and SpectrePrime.
  • Checked out anonymity network JonDonym. But it didn't look too interesting after initial check. Therefore I won't be studying it more. Also their architecture overview was way too short that it didn't really interest me. I would have liked to see descriptions of algorithms, what considerations they're doing against different adversaries and what kind of actions they're taking protecting from different attack vectors. Also their customer survey clearly were targeting for expensive commercial accounts with very limited bandwidth. Nope, no thank you. As example documentation of Vuvuzela (a scalable private messaging system) is just so much better.
  • Loopix a new anonymity network. Unfortunately now in mood to dig in right now. Detailed comparison with known alternatives like Freenet, GNUnet and Tor would be very welcome. What's different, how and why. At least it's obvious that it's low latency, which also indicates that it can only protect from limited threats. But it still utilizes cover traffic and Poisson mixing.
  • Riffle Anonymity Network with AnyTrust model, their basic Riffle description document (PDF) is very nice.
  • It's kind of depressing that these solutions are all having serious trade-offs, and there hasn't been anything really new in decades. It's just the good old stuff with slight twists.
  • Experimented in one place with smart stickers, which identify products and monitor the manufacturing, transportation, storage times and temperatures. Alerting if the product isn't safe to eat anymore. Really nice invention. You can also track the history of the product using the QR code on the sticker.

2019-08-11