APT/AI, Backups, T-SQL, Docker, RISC-V, Certs

1. Read several reports about malware and APT teams using AI for productivity gains. Ha, not really surprised. Basically everyone has liked AI approach, as soon as they understand how to use it. It's just like car navigators, you'll need to know how to deal with it and not follow any instructions blindly. But when you're familiar with it, it allows you to navigate in foreign environments quite efficiently, as long as you know how to interact with the specific navigator. Because those all behave slightly differently and without knowing it, you'll end up in more or less trouble. I always remember in Washing D.C. when the navigator said make a u-turn, and there was huge sign (I think it was even larger than normal traffic signs) hanging on the crossing which forbids the u-turn. I did guess I wasn't the first one whom received those instructions from the navigator.

2. Made final adjustments to my automated backup, off-site, off-line, snap-shooting, and versioning backups and now I think it's pretty darn good. I've also automated (securely ans safely) stuff using sudoers (@ Wikipedia) configuration files which need root, and that's pretty good. I'm happy with it, and hopefully the process will remain the same for a long time. Maybe I'll just need to add or drop some source paths at some points in time, but otherwise it's now crafted to the perfection. I don't really know anything I would add to it, to make it better. It's purrrfect! - It took quite many iterations and some effort, but that's what it takes to making a good stuff.

3. T-SQL (@ Wikipedia) - One developer friend uses always updlock, holdlock with every select. Hnnggh. Depending on the update logic, that shouldn't be necessary. Especially if updating the existing rows where other rows do not affect the operation, using holdlock just keeps the rows and other rows matching the query unnecessarily locked for too long.

4. Docker (@ Wikipedia) - I hate the situation where I've got container which stops, I need to start it and then launch shell in it, but it stops immediately... One solution is to commit the current container and then run new copy of it with alternate entrypoint (like bash), but I just don't feel like that's the ultimate solution. It works, but it's kind of silly. start and exec combo doesn't work, because the container exits (stops) faster than the exec can be run.

5. Tried Linux system with alternate 64 bit quad core architecture RISC-V (@ Wikipedia), worked well: isa : rv64imafdcsu, mmu : sv39

6. Encountered a classic trap, one system seems to use nvarchar (varchar @ Wikipedia) with many "text" columns. It means that stuff like WHERE Stuff LIKE '%SUFFIX' wont work as expected, because after the suffix there's plenty of white space in the database, which prevents matching. Du-uh. Sure, you can add trailing % or use TRIM with it, but uh oh... And this isn't the first time such issue has been causing serious problems with that design.

7. Ahaha, these expensive certification programs are absolute joke. When the certification authority, itself has issues like this. One of their own certification management portals now returns error. '''PHP Warning: Undefined array key "OrganizationIdentifier" in D:\Webspace\the-site\wwwroot\index.php on line 367''' - Honesty? I really don't think what I should think about this... High trust and perfection and yet they've got them selves the most bleeping stupid issues possible. Usually those won't work too well together. - Maybe companies providing ISO 9001 certification them selves have such a bleeping organizational processes that they're always completely lost about what they're doing? - Sounds likely. Yeah, we provide certifications, but nah, we don't follow any processes or protocols our selves. We just hire random people to generate these documents or something.

8. I think I've posted about Matrix encryption security, it's scope and privacy implications. It's bad data hygiene and metadata "leaks". Well those aren't technically leaks, it's just not designed to protect the metadata. Now some users are getting banned by being members of encrypted rooms. Because the membership itself isn't being encrypted, even if the room content is.

2025-08-31