AI, Temp, FDE, ECH, SQL, Key-rotation

1. Helped two friends to install their own uncensored local artificial intelligence platforms with several different models. It's not "cloud only" anymore. I'm sure early adopters used to do this long before the popular cloud services came along.

2. GPT-4o (@ Wikipedia) is out, yet personally I don't really like it. Why should AI be as stupid and inefficient as people when they're are communication? Well, similar things have been shown historically with other technologies as well. But after a while the nonsense gets dropped and they'll focus more on the actual product. It's AI, why it should have personality? It's more like useless gimmick added to entertain stupid people. I would prefer more direct and technical NON humankind communication. - Yet, you can mostly fix this with your own system prompt.

3. You need unique temp-file name? Ok, nice to know: "Windows 11 supports file names up to 32,767 characters.", if enabled in the system configuration. I haven't ever needed that long filenames yet. Also because small files are inlined in the NTFS structure anyway, I don't see great benefits. Without inlining storing data directly into the filename could have been a nice trick in some situations. That's also one way to achieve crazy tail packing optimization. Put the data of the last partially utilized cluster / block, in the filename itself. Duh, duh, duh.

4. About TunnelVision (DHCP based VPN hijack, no link sorry), it only works, if you're using DHCP. I've got most of my systems configured with static configuration. There are many such things you can do, if you want to use untrusted networks, nothing new here in that sense. Also many networks efficiently filter DHCP traffic, so you can't run rogue DHCP servers.

5. Windows 11 24H2 to enable Full Disk Encryption (FDE) (@ Wikipedia) as default using BitLocker (@ Wikipedia). It remains to be seen how this is going to affect market. Some drives support hardware encryption, but enabling it is such hard job that I would expect that it's basically never used even if that option exists. And to matter at all, it would mean that new systems should be delivered with hardware encryption enabled by default. It remains to be seen if this happens. I've personally preferred LUKS2 (@ Wikipedia).

6. Had a long discussion how useless ECH (@ Wikipedia) is, because it never works. Firefox, Nginx, and so on, nope. But then a friend hinted me about native_https_query option for FF. If you turn that on, then ECH works. Nice. It's also nice that your fingerprintability just went up by at least (probably way more) 1000x because you're in the less than one per thousand of users using that option.

7. One friend said: but I deleted it. Ok, if you're not in full control of the systems, how did you ensure that the data got deleted at least from following data layers: First app marks it deleted using some flag in the database, then database marks records deleted, then file system marks deleted and finally possibly SSD marks deleted. Then we're waiting for the potential backups to expire and ... Yeah, deleted data or disappearing messages just don't disappear. Process could take days, weeks, years or decades. And this is the norm, it's not even a situation where copy is intentionally kept for whatever purpose because we do have enough storage, so we don't need to about actually deleting anything ever.

8. Database nightmares. Delete command caused system downtime for extended period (I mean really long time on wall clock as well). Delete from table where stuff. Doesn't sound that bad right? But the table contained over 500 million long rows to be deleted. Then the delete process took so long that the system encountered system updates, which caused reboot and after that rolling back the unfinished transaction started. Simple things can be really bad when those start taking long enough time. At least this time the journal didn't grow so big that the system would run out of disk space. But that disk space issue has happened at times with other systems.

9. Quite an operation, I checked and cleaned up expired PGP keys and pulled / requested new keys / subkeys when and if available. As well as rekeyed many of my semi-longterm keys including Matrix and SimpleX.

2025-01-05