Load balancing, SLO CRE, Email, DUHK, CX Freeze, MS SQL, TIKKA

  • Linux socket load balancing. Nothing new, if you're writing server apps in this post. I've never had so far situation where I would need to use other than single accept thread sofar. Also using that allows much better load balancing, because you can load balance on facts and data. Round-robin isn't actually a very good load balancer after all. First free, is actually better than round robin, depending on situations. But usually I prefer load based weighted round-robin. Of course parameters and adjust rates are very important, because such approach can lead to heavy fluctuation between threads / execution units. But this is the only way to go, when there are different kind of execution units with different performance in the same pool.
  • SLO CRE - Quite a nice post from Google about SLO and SLA.
  • Why ProtonMail is more secure than Gmail. Afaik, this is partially a lie, from security perspective. Nothing at all, prevents them from capturing the key data. This is the essential difference, on secure system you technically can't get access to data. On insecure system, you can access the data, but by policy, you usually won't. But it doesn't mean the data access can not be obtained if required. So on this case, the zero knowledge encryption isn't true, in technical sense.
  • Donated money to Tor Project. Got a way cool Powering Digital Resistance t-shirt.
  • DUHK attack - Wow, using bad RNG for key generation is bad idea? News? Nope. Result is exactly what should be expected.
  • CX_Freeze and win32com.register is quite annoying combination. I've solved dozens of problems related to that setup, but I'm afraid that I've got another dozen to solve. Now the packaging and installation works, but calls to the COM object still fail. Ahh, so much joy. But this is what unfortunately using new techniques often is, it's just problem after problem, until you'll figure out all the kinks and even after that it might be very brittle and barely working, after you'll figure out even more stuff, how to actually make it working and deployable efficiently and reliably. All the joys, checking Windows Registry, etc. Business as usual. When exploring the HKLM\software\classes\wow6432Node\CLSID\{ID} it seems that the cx_freezed registeration process is completely different from the non frozen version. So it's possible that something is seriously broken here. Also it's striking that some of the paths still use 8.3 file naming. I thought we've gotten over that ages ago, that's horrible! Like "ModuleNotFoundError: No module named 'extens~1__init__'". At least that's something which allows to continue troubleshooting.
  • Something Rotten In The Core - Yes, brittle badly written code, which assumes lots of things, and works, well, if it works. Unfortunately there's nothing new about that at all. As example, one Windows program works perfectly if it's installed in it's default path on C drive. But if you install it to any other path, it just breaks over and over again. Same reason applies to the usage of default login and credentials. Because everybody's using defaults, nobody bothers to add parameters for alternate credentials or prompts. And because those are lacking, it forces everyone to use default credentials, because if you change those, everything stops working. - Yep, nothing new, at all.
  • Studied MS SQL Query Notifications using SQL Server Native Client, using Transact-SQL RECEIVE. Ref: SqlNotificationRequest, SqlDependency
  • Studied TIKKA Risk Management tool for Small and Medium Enterprises (SMB) by Finnish Communications Regulatory Authority. Good very basic guide to security. Also all the examples in the document are very very basic and traditional. No ├╝ber security, just practical stuff. Which so often unfortunately completely fails.

2019-03-03