Metadata Matters | TechSNAP 306

chris

6 years ago

The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails.
This is a very short piece of legislation. You can read it quickly, but it is an amendment. Basically, it’s copy/cut/pasting into the existing act, so you have to read it in context of the OLD act.
Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.
Based on a 1986 law created in the days when cell phones did not contain email. Back then, the standard was store and forward, not the central storage so common today. There was no cloud.
EFF’s Surveillance Self-Defense guide.
This is very important. What is also important is protecting privacy when crossing borders. Your rights must be preserved when crossing borders. Trouble is, it seems we have no rights when doing so.

Advertising? I can see how this is useful for more than just advertising. Traffic flow. Knowing about time from A to B. Mention EZPass and monitoring of badges to determine flow.
Signs announced trial, opt out by disabling wifi.
The documents also seem to suggest that if TfL switched on tracking full time it could offer real time crowding information to passengers – so we could see a CityMapper of the not-too-distant future telling us which stations to avoid.
That sounds simlar to how Waze and Google Maps collect real-time data on traffic congestion.
Collecting information is one thing. Controlling access to that information is vital. As we’ve seen so many times in the past, it is the use of that data for unintended purposes which is of most concern.
Rainbow tables

This came from Shawn. We covered this incident in eposide 305.
I want to make it clear from the start, we are not mocking GitLab. There is no joy to be taken here.
On January 31st 2017, we experienced a major service outage for one of our products, the online service GitLab.com. The outage was caused by an accidental removal of data from our primary database server.
What a horrible feeling that engineer then had. Imagine, for a moment. Production has just been wiped out… OMG.
Backups could not be found, nor could they be used. It was all gone.
I can imagine lots and lots of waiting for stuff to finish. Very stressful. Much hope, but very stressful.
Wow, could not access their own projects. Ouch. Almost want their own repo offline, but then accusations of not dog fooding, etc.
Prometheus monitorin
Some places take the approach of making staging the hot backup for production. Exactly the same. Move production onto staging hardware if required.
“I don’t remember where I saw it (probably hackernews), but someone proposed to constantly recreate staging from production’s backup. This way we would have an up-to-date staging version and frequently tested backup recovery process.”