Questions, Secure Transport, Duplicati, DDoS, Torrents, GDPR

  • Questions asked tells often much more than what people are telling directly. Is it ok, to leak customer data to partners. Should we care about data security, because those are partners. Well, yes. Why would you care if your all internet traffic or banking information is given to marketing company, because they're co-operating with the bank or telco? Shouldn't that be totally ok. They should be also naturally be allowed to store that data indefinitely and share it with their partners. - This is something I often hear from developers. Who gives a bleep about privacy, because we're working together on this. Yet, they still don't ask from the customers who's data is being shared, if it's ok or not. So it's done covertly, without end clients knowledge. Yet as said, there's no damage, as long as nobody tells the data owner, that the data has been shared. - Isn't that awesome? - This is one of the reasons why Cloud is just such a radically bad idea. - Unfortunately data security is often disastrously bad and totally irresponsibly handled. - But that's just because nobody actually cares about it.
  • Just wondered how often people still choose HTTP and FTP when HTTPS and FTPS would be available, even for confidential company / corporate data. Well, that's life and normal. It would require checking option like allow / require SSL. Which would make the system less reliable, and therefore nobody bothers. Because plaintext works just as well. As we know, nobody anyway bothers to snoop network traffic, so why worry?
  • Played with Duplicati - Compact feature. Noticed that the --threshold parameter is stored data set specific and not per storage block file. I thought it would have been per file. That's why I wondered why it hasn't triggered yet. Afaik, compacting whole storage at once, is worse than compacting on file basis. Because this causes one huge peak. This compacting is similar to garbage collection in Java VM etc. Old data is removed. But doing it gradually is better, than compacting everything at once. It seems that only storage blocks which aren't referenced at all, are removed without full compact. Also there's another compact routine to compact small blocks (default 25% smaller than the maximum size) to bigger chunks. It remains to be seen how long the full compact will take when it triggers with full data set. It might be quite a while, and that's what I'm slightly worried about. When that happens I'll probably write more about it, especially if I'm unsatisfied with what happened. - Can't go into details but backup data sets combined are in tens of terabytes. - At some point it might be possible that the current storage back-end will be replaced with something like S3 or Backblaze B2. - I personally don't believe in concept where servers and backups are handled by same organization / company. I prefer having backups handled by "3rd party" always. Just to be sure that no matter what happens, backups will be there there to be restored. Or of the backups are lost, the source data will be still available.
  • Again nice distributed denial of service attacks. Yet, I'm very happy to say that the distributed protection system is working very nicely. Some of the attacks seem to be highly coordinated as well as they're selecting targets which might seem to them as being high value targets. Of course because the infrastructure isn't obvious to outsiders, they might not find the actually high value targets.
  • Had a long and very boring discussion online about torrenting in Finland. Torrenting is 100% legal in Finland as well as all other P2P. Also downloading video material is totally legal too. So as far as I know, there's no problem whatsoever. Some people claim that Finland wouldn't be safe country to use BitTorrent and that you would need a VPN but that's not correct information. That's the generic consensus without going into different nuances, because there's plenty of those. Of course there are different types of content, which could still get you into trouble, especially if you're distributing it.
  • A very nice GDPR post, how it's going to affect Google and Facebook and similar services which currently hoard user data. My focus when developing stuff has always been, why even bother asking for personal data if it's not required from technical, practical or legal reasons.
  • Something different: AK-107