Duplicati, Tests, OKD, RISC-V, RDP, B3XOF

1. Duplicati 2 Backup - For a quite a while it has been working fine with latest versions. But now I encountered error: "Detected N file(s) in FilesetEntry without corresponding FileLookup entry" - Good thing is that it didn't destroy the backup. The backup was still restorable after that error. Bad thing is that it prevented updating the backup set. So any subsequent attempts to add, delete or update data would fail. Also attempt to repair database failed. Full rebuild of database would have probably worked, but I dislike that approach. So I ended up deleting database, and saving data for "retention period" whatever is agreed and started backup from fresh. - Far from perfect, but better than completely corrupted backup. - Me best guess of the problem root cause is system reboot during dataset update. Yet, with correctly working transactional system it shouldn't case ANY problems. And the database itself (SQLite3) did pass integrity test, so it's applation logic flaw, not database issue.

2. One project has a few ultra messy test cases. I don't know who thinks that's a good way to test logic. I personally think tests should be incremental in complexity. If you start with the most complex possible thing, it's quite hard to often tell where it actually fails and why.

3. OKD - https://okd.io/ - Lightly checked out OKD. I don't have use for it right now, but it's good to know, that options that try to build more or less "standard stack" and "standard" configuration on top of Kubernetes (k8s) exist. This is always classic problem, standard "it" and it's simple. Or "do anything you want to", and then it's super complicated. What's the level in between you're going to select?

4. Checked status of RISC-V and related domestic chip production in China. Technologically very interesting times, it seems that quite large shift is coming on this ecosystem in years to come. Including new operating systems which aren't based on Linux as well as rise of firmware and software written in Rust.

5. Installed Ministral-3 locally and DeepSeek-V3.2 (distilled) versions. - Awesome! Going to test SmolAgents with those as well. I know it's going to be somewhat slow, but so what. It can churn over weekends if necessary, I don't care.

6. Had long discussion about email security with a friend. Uh oh, email security. Well, email shouldn't be used for anything. Well, to the point, there's PQC standard update for s/mime, I didn't know that. It's nice, it's good that the option exists officially. Only thing is again, that it isn't practically being used.

7. RDP certificate - Microsoft enraging malpracitces, they keep constantly replacing ceriticates, making whole certificate thing a clown show. - Well, once again fixed it. - The worst part is that there are NOT SETTINGS to tell Windows NOT TO change the RDP / host key information all the time. The only way to fix it, is to remove permissions form the auto-updater and prevent it from doing it's job. But there's no correct way of telling that it's all good, don't touch it! Now it fails, due to permission error, but the original key remains. - Crazy. I have script to all that, create new long term cert and disable the annoyances, but whoa, it took many steps and long time. kw: Remote Desktop Services (RDS)

8. b3xof - This is NOT a cipher, this is just uh oh, hash and light obfuscation using BLAKE3 Extendable-Output Function (XOF) as key stream with 128 bit nonce prefix. So, if encryption or ciphers are banned or forbidden and or needs to be backdoored, this method isn't affected.

#!/usr/bin/env python3

import sys, os, base64

from blake3 import blake3

from argon2.low_level import hash_secret_raw, Type

# Usage: ./script.py [e|d] [password] [text]

mode, pwd, text = sys.argv[1], sys.argv[2].encode(), sys.argv[3]

is_enc = mode.lower().startswith('e')

raw = text.encode() if is_enc else base64.b64decode(text)

# Manage 40-byte metadata blob (16b salt + 24b nonce) and isolate payload data

blob = os.urandom(40) if is_enc else raw[:40]

salt, nonce = blob[:16], blob[16:40]

data = raw if is_enc else raw[40:]

# Key Derivation: Argon2id memory-hard derivation for the 32-byte BLAKE3 key

key = hash_secret_raw(secret=pwd, salt=salt, time_cost=3, memory_cost=65536, parallelism=4, hash_len=32, type=Type.ID)

# Keystream generation: BLAKE3 XOF in keyed mode bound to the nonce

stream = blake3(nonce, key=key).digest(len(data))

# XOR operation. Encrypt prepends metadata blob; Decrypt processes raw data.

out = (int.from_bytes(data) ^ int.from_bytes(stream)).to_bytes(len(data))

res = (blob + out) if is_enc else out

# Output: Base64 for encrypted payloads, raw text for decrypted payloads.

print(base64.b64encode(res).decode() if is_enc else res.decode())

2026-05-17