SQL, Flash, S3, Element, WireGuard, SMR, Cloudflare, PMF

  1. Plenty of tuning with SQL Server permissions is right management, roles, triggers, stored procedures and schemas. Phew. But got required stuff done, and stuff learned during the process.

  2. It's a good time to check, that you're not running Flash anymore. See: Flash Player Test Page​​​ (@ codegeek.net)

  3. Protocols, Not Platforms: A Technological Approach to Free Speech (@ knightcolumbia.org) - Great essay, about the closed platforms versus open protocols providing distributed systems. Actually this is one of the reasons, why Matrix (@ Wikipedia) and Mastodon / Pleroma / GNU Social / ActivityPub (@ Wikipedia) in general are much better than any of the closed platforms like Signal, WhatsApp, Telegram or Twitter, Facebook, etc.

  4. One backend had serious reliability issues, careful examination of logs showed that there's some inconsistency with S3 buckets. First put object in the bucket, and then retrieve it to verify and whoops, it isn't there. Caused some really annoying problems. Don't know the exact root cause for this, but yet another good example how some cloud services can cause serious unreliability, when things aren't just as reliable as those would be locally. Issue got fixed quite quickly by abandoning the S3 storage and using more reliable solutions.

  5. Element - Inconsistent error messages. When media isn't available, the web-client says "Error Decrypting Image" and the Android client just shows some empty space. - I can't stop deeply hating software like this. - Sorry to say something like this about project I do love, but it's still totally unacceptable and confusing.

  6. Another interesting observation about Element. Only 64 first bits of media encryption IV are set randomly, rest is fixed. Strange. I don't know the practical meaning of this, but it still for sure does look strange. The encryption key itself is full 256 bits of random, as it's supposed to be.

  7. WireGuard (@ Wikipedia) Ubuntu (@ Wikipedia) NetworkManager - Why no?! Yes, there's one project in GitHub which you can compile, but why it isn't available prebuilt in the package directory, that's a good question. It's not a problem for me, but it's a show stopper for those handicapped ones, whom can't deal with configuration files. I know it's upcoming in version 1.16 but it isn't yet delivered with Ubuntu 20.04.1 version.

  8. Made some calculations and figured out that SMR (@ Wikipedia) drive write speeds can drop well below 100 kiBytes/s with 4 kiBytes clusters / blocks. That sounds bad. I might run such test just for fun. But I don't have spare SMR drives, and I probably don't want to use a drive which isn't continuously powered nor is in some kind of actual use. Because it might take a week for the drive to recover from the test. Update: Made some worst case tests later on purpose, and the recovery was surprisingly fast!

  9. Google banning Element (Matrix client) from Play store (@ element.io) - This was an interesting event. Apart from politics and general censorship on current platforms ... On some level, this shows exactly what's wrong with cloud providers. They can shutdown your operations with any kind of excuse at anytime without any warning. Who says cloud is secure or reliable? Well, it isn't. Especially never used a provider which uses proprietary software / protocols causing vendor lock-in situation. If you can't quickly relocate to another service provider in such situation, you're screwed. The craziest people even keep backups on the same cloud as the production systems. When the cloud goes down, they've got nothing, nothing at all. Is that a good business continuity plan?

  10. Cloudflare seems to block requests which lack User-Agent and Host headers. They'll just respond with 403 Forbidden.

  11. Studied Airtime Fairness (ATF) and Protected Management Frames (PMF) WiFi (WLAN) features.

  12. Lots of discussion about email deliverability with fellow system and email admins. Sometimes I feel, we should already give up on email completely.

  13. TOTP authentication codes can be used for shared secret, zero knowledge, mutual identity verification. Plenty of apps available for that purpose. It seems that many people don't know that. Doing so would stop about 99,9999% of scams (yes, you could use even more authentication digits if required lowering the probability). Oh yeah, you ask for that, and the authentication code is?

2022-04-10