Basically. They were using a pseudo-random (software, implemented in the programming language) random number generator, most of which are predictably reversible. For example, if I generate a few hundred or thousand 12-word-seeds, I can effectively everse the random number generator and reproduce its behavior predictably on a different system. The shorter the output, the less data you need to crack it.
Once cracked, based on the output you get when generating a 12-word-seed, you can predict what the next 12-word-seed that will be generated is.
While the attack requires some knowledge, this is a novice mistake on part of the developers. Virtually every programming language warns its users not to use those functions for anything security-related.
They should have been using secure random (hardware-based) randomness.
https://www.exoscale.com/syslog/random-numbers-generation-in-virtual-machines/
Example of reversing a RNG algorithm used in many languages: https://github.com/eboda/mersenne-twister-recover
Basics on query execution and indexes
I'm assuming MySQL in my examples, but this stuff generally holds true for RDBMS', tho specific keywords may differ in different SQL dialects.
Key take-aways about indexes (simplified):
firstname
is better than an index on sex
. An index on username
is better than firstname
.)Important side notes - The larger a table, the more important indexes are. - Indexes on small enums or booleans are useless - An index restructures the data in a table. So multiple indexes mean that you're storing (a reference to) every record multiple times, using a lot of disk space. - Indexes make INSERT and UPDATE statements 'slower' as it also needs to update all indexes. - Indexes have no influence on stuff that's in your SELECT clause (with the exception of some statistical queries like MIN or MAX)
If you want to know which indexes are used in a query, use the EXPLAIN
keyword in front of your query. Instead of doing the query, it'll just explain to you how it will get the data (using which indexes) and how many rows it needs to fetch to get the desired result. With proper indexes, the number of fetched rows should be low. Here's a decent intro in the explain keyword.
How do indexes magically make a multi-million (or even billion) record tables searchable in miliseconds? Through the magic of binary trees.
>There is a WordPress plugin called Query Monitor which I use to check the database queries and execution time. The plugin which handles Memberships has a query which takes about 0.6 seconds, when all other queries are < 0.1 seconds. Most are a few milliseconds.
0.6 seconds is a very long time, which to me indicates that it's doing something wrong. It might be missing indexes or unnecessary joins for example. If you can see the raw query, can you try running it with EXPLAIN
in MySQL directly? It might give you some insight into what is wrong. From there you can start optimizing.
If you are not familiar with EXPLAIN
read one of these blog posts:
> they have to respect the laws
But do they?
I found this Swiss firm, but I know nothing about them: https://www.exoscale.com/compare/
I guess I am glad you are considering privacy at all in regards to your startup. :)
Fuga.Cloud (dutch company).
ExoScale (more costly but only focused on EU market and provides better features then other kubernetes providers).
Scaleway is heavily into the US market and subject to US laws.
ovh has horrendous customer service and bad uptimes.
> It’s up to you to make the migration backwards-compatible
I guess this statement might work in your world, but not in mine. Sometimes, you need to actually do breaking changes. It's possible (see this post but it has a lot of issues.
This is an alternative, that has limitations but depending on one's context, can be a better fit.
If you believe blue-green fits your use-case, please continue. But some others might have different requirements or limitations than you, and if I learned something from all those years working in IT, it's that there's no one-size-fits-all approach.
With only 16k size, you could look at an object storage approach like: https://www.exoscale.com/syslog/object-storage-cassandra-pithos/
Or potentially at stuff like Elassandra (to take care of the metadata at the same time).
This approach could leave you with less worry for the actual underlying hardware. But I could also be way off here - input welcome. =]
Liquibase, Flyway, those are just the beginning of the story. Now, you've to make every database schema change forward and backward compatible. This is a great upfront effort. I wrote a [https://www.exoscale.com/syslog/kubernetes-zero-downtime-deployment/](post) on the subject if you're interested.
I've been using a HE tunnel with the Frankfurt endpoint, but as you said, there's additional latency. There's a closer endpoint in Budapest, but there we have latency because of this exact routing policy discussed earlier. I have a workaround though. I have a VM at Exoscale. Exoscale gives you only a /64, so to do this without hacks I use the Budapest HE tunnel (/48) on my VM (it only adds 5ms). I then set-up my VM as a VPN using IPSec/IKEv2 (here is my config).
Interesting thing is that with this VPN set-up I usually get less latency than without the VPN!
I wrote an article on how to get started with a simple pipeline using Docker, Docker Hub and CircleCI that may help you: https://www.exoscale.com/syslog/continuous-delivery-circleci/ it’s using CircleCI but the concept is the same for gitlab too - possibly easier as they have their own docker registry.
There is no “best” scenario, there are many ways to achieve a similar result and as always it depends on your use case. I’d start with something small though and let it grow as your needs grow, but implementing CD is something I like to do right at the start of a project when it’s nothing more than a status page, then to build on top of that.
Enabling an easy deployment of Rain in standards cloud environments such as AWS is one of our priorities for the next release. For now, we have (an experimental) deployment script for Exoscale cloud that, after some tweaks, should work with any CloudStack deployment. We keep track of our Roadmap in project's Github issues. If there is anything you miss or would like to see in one of the upcoming releases feel free to comment there or open a new issue.