A minor commentary on SED/Opal encrytion

Data-At-Rest Encryption is a common topic, but one which is often misunderstood. Having led engineering and architectural efforts involved with hardware standards for encryption compliance, including detailed analysis of performance impacts while operating in accordance to service level agreements, here are some bits of discussion on the SED/Opal implementation.

TL;DR

  • SED/Opal TCG spec’d drives are doing just fine. I trust it more than LUKS2 by a long shot.

Detailed Read

I have no issues trusting NAND and SAS firmware for the drive controllers that I’ve personally validated as part of a hardware acquisition process for global fleets which require federally mandated encryption.

Encryption compliance auditing is an involved process, as is the hardware validation process for identifying potential impacts to production storage performance workloads, and then there’s adapting encryption compliance requirements to an org’s procurement and provisioning pipelines, inc supply chain attack mitigations.

All of those concerns apply to hardware shipped outside of the country into export-regulated zones that have tight controls over encryption compliance.

Having been in charge of those workflows necessarily by job role, I can attest that it’s not exactly roses and rabbits and chocolate teddy bears every day of the week during audit season, but it is rigorous and it does create secure data persistence across geopolitical zones and high-risk locales*.

USA Enc Regs

LUKS2 CVEs

For non-USA regs there are similar standards for modern first-world countries, though I trust the US’s military industrial complex far more than anything from anywhere other than Germany (and to a lesser extent, also Japan).

Exo-Border Encryption IRL

  • My favorite story for that example are systems in several Taiwan datacenters which were seized by the CCP during the past N years. They didn’t want to cut the power, given the facility’s status and criticality, so the systems continued to run unabated until their dead-stage.

Effectively this created a situation of situationally enfoced uptime. As long as any system was online it was fine, but no maintenaces were possible, and any drive failures remained forever-failed as no person was authorized to replace any hardware (even a simple hot-swap drive bay flip). Most of those systems are still online, vastly exceeding any manufacturer specs or expectations of SLA. When shipping sensitive data and secure systems around the world one must expect the worst, and that issue certainly wasn’t the worst, at least the data is still live.

Combat zones are an entirely different thing, and one can look to the Special Forces requirements for their portables to see how encryption standards work during active live-fire scenarios. It’s often not enough to have encrypted drives; there must also be provisions for hot-swap/ejection of the hardware from its chassis, auto self-destruct features, and similar controls which seek to mitigate the less common edge-case concerns (torture, etc).

Original Conversation This conversation began as part of a comment on my Mastodon account: mastodon.bsd.cafe/@wintersc…

💜 To Those Who Know 💜

In recent weeks which have come to pass, unbeknownst and unexpected, currents of turmoil and change appear aligned to quarterly quells of extirpated expectations.

Heart-felt apologies are due for the sustained impact to availability: last-minute flights that changed planned presence at the OpenZFS conference, schedule overlaps on my favorite CFT meetings, and reduced activity on chat/social network presences. Ideally, a successful outcome of the past two week’s “all or nothing” focus, and its associated changes will facilitate settling into a pattern which resolves Q2-Q3’s high-priority disaster-prevention supply-chain table-flipping reaction-based event processing.

So then, the present data-driven life-revision necessitates a relocation of geographic presence for the second time this year. While I was hopeful that the PNW would be more than a near-term solution, the two corner-stones of that expectation have not turned out as originally planned. So, lest one avails to stagnate and risk an early health-expiration, there will soon unfold a new stage of career focus along with a re-introduction to one of the best medical groups in the country (Mayo Clinic). Those two requirements happen to be in Chicago and its adjacent geo-zones of insurance coverage.

Feeling very fortunate at present, and am often reminded that substantial positive change is rarely a singular achievement; so a big thank you to everyone who’s been supportive and caring along the way. Please know that you’re appreciated and I hope to continue the aforementioned endeavors which had made this period in the PNW feel so very welcomed and at peace.

Peculiar Perceptions of Privacy for Public Personas

Please pause this persistent predilection pertaining to periodically passionate patterns of pretentious perceptual processing.

Sometimes thought processes get stuck, disconnected, trailing sinew and silken tissue in tragic agony, alone in the vastness, discarded, forgotten. Language has always felt to these sensibilities as a game; a tangled tale of otherwise tired terms and pithy patterns of phrase, of accents and admonitions, just another mode of expressions to become lost within, an entertainment of the mind otherwise disengaged.

Silly games of phrase aside, what is this about personas? It’s once again for the fourty fifth time come to my attention a simple question which is worth a simple answer. The question goes like this:

“Eva who? Winter… sssh own? Winter–schOEn? Winterschön? Ok. Where did she work before? .. and before that?”

or perhaps more directly,

“Eva who? I thought her name was Madeline.”

Indeed, who indeed. Many in my professional life know my middle name, Madeline… though some prefer Madeleine (like the cookies). I too enjoy those cookies, but I don’t care for my middle name much at all. Nor did I care for it during the years of my maiden name. I also didn’t like those early years when the trauma started, of the family which failed to protect me, and their surname which had to be changed.

I certainly didn’t like having to deal with those later years of having a stalker, of sexual assaults, of the red tape required by a name change, of relocation and another relocation, of new email accounts and licenses and passports and registrations and everything else. Who I was was taken from me by force, not of choice.

Ageless Anthropomorphisms of the Eighties Era

When I was much younger and learning about hardware engineering there was a fun game called, “Anthropomorphization and Personifications”. This was a name which I could barely say, but otherwise which most children would engage in while playing with toys or dolls, except I was playing it with the innards of a IBM 5150 while holding a screwdriver and attempting not o lose any screws.

In this game ​the graphics board, the massive hard drive, floppies, serial and parallel devices, etc.. they had people names and people jobs and they operated the machine when the power was turned on. In my imagination there were little figures going about their day to day, carrying data, pouring bits and bytes through the (cabling/interconnects) plumbing, talking to others, just living their lives. Many entertaining day dreams for a first through whatever grade elementary school aged brain.

Somewhere prior to adulthood I’d have certain “technical conflicts” with broken hardware, and sometimes that hardware needeed to be shown what happens if it doesn’t fulfill its design. Details are irrelevant, but one could imagine a teenage me watching Office Space and rather enjoying the printer scene out in a grass field… oh that resonnated so well, nearly like a re-enactment of my travels to construction sites to drop burnt-out cards or locked-up drives or other hardware from heights or find its otherwise ensured demise by force. After all, it was my moral duty to ensure that no one else could ever be harmed by that equipment ever again, to prevent others of naïveté and youthful innocence from ever having to feel what I had felt. Clearly those inclinations were about more than the broken hardware in my hands, those core components of a dysfunctional machine, but where and when my youth occurred there was no support or awareness of childhood trauma therapy, and parents could not be trusted to avoid the risk of either victim blaming or creating somehow worse problems. So as would be the common endurace, I would manage it myself, alone and in silence.

Someone, some adult, any of them, should have understood what was happening and helped. Perhaps I was too well practiced at remaining silent, guarded, self-reliant, subdued, secretive. Those are learned behaviors, and they are learned not from positive or healthy life events. Perhaps those adults looked into my large blue eyes, set against porcelain skin, rosy-red hued cheeks, and perhaps what they saw was a truth they refused to accept, and so the pleading gaze was brushed off with a common refrain, “you are SO cute! look at those blue eyes, who could say no?” Indeed, how could I have said no when no one listened? Instead, I learned to say nothing at all.

Well, several decades later and those thoughts and truths are most often in the background, perhaps occasionally at the periphery, rarely surfacing until an unrelated recounting of youth unfolds; in this case a story of anthropomorphism in hardware, almost entirely unrelated to trauma from all those years ago. Regardless, PTSD interjects on unmitigated impulse, disrupts dopamine response programming out of the blue, and tries to pull the mind right back to the events to be relived. All methods of prevention and response are temporary. Trauma never truly goes away, even on the best of days, it may only be lived with, coped against, endured.

Returning to the present, that game never really stopped, and when I take apart systems - occasionally ones costing tens or hundreds of thousands of dollars - there are still daydreams and wandering imaginations of similar anthropomorphic events, but certainly they exist in a much more futuristic landscape from the sci-fi retro-future. I no longer retire equipment with the same dedication or passion; or perhaps modern construction sites are simply not as accessible as they once were, their heights no longer able to be explored.

Performance & Regressions -- How Orgs Ship Code to Production

See that image? Right around the mid-section we see a common problem with the manner in which code is shipped to production. That one little section, displayed as a subsection of “build & packaging”, happily named “regression + performance testing”. Whether the product is a user-facing site, or middle-ware component, or baremetal systems which provide cloud resources that we all know and (sometimes) love… the success of the product is gated by an org’s ability to prioritize testing and automations for “Performance XOR Regression” (some orgs consider them inclusive, some consider them separate).

So we see Performance and Regressions visualized as practically a footnote, which is representative of the present landscape: many orgs don’t understand regression at scale vs regression in labs vs regression modeling. Most concerning is that too many orgs fail to provide management directives which involve full Perf+Reg test coverage. Instead, as a result of the lack of understanding, many orgs expect that their engineering teams will miraculously “make time” in their fully allocated and often over-subscribed schedules. That is not possible, and when production suffers, we all suffer. (insert meme with person riding bike, then falling from their own mistakes, wincing in pain on the ground, painfully expressing “Why would the code do this to us?")

Secondly, a common misconception from engineering (eng teams and their management structure) is that Perf/Reg testing exists solely in that one stage. One simple misconception often causes an array of new and unnecessary tech debt, while often concurrently perpetuating existing tech debt.

Ok. So who is not failing at Performance and Regression testing? We can look to the ground-breaking engineering efforts on projects which have defined the human race: Voyager I and II, the J.Webb Space Telescope, CERN’s particle accelerators, and many others. What’s the difference? Time and planning, adhering to standards, routine audits, change controls, and many more.

How about simpler projects? Do they attend to P&R as well as JBL or CERN or Los Alamos? Unfortunately not. Over the course of nearly a quarter century of focus on this and related topics, the strong majority of orgs which I’ve had the pleasure of working at have engaged in “Spectrum Testing” instead of “Binary Testing” when it comes to performance + regression analysis, expecting that half-measures will be sufficient. They are not, and because this area of engineering requires investment of time, people, and hardware, it often becomes a budgetary line item to cross out during the times in which it is most critical. Such is the reality of simple and sometimes willful ignorance. Humans are fallible, expectedly so, but the beautiful thing is that we can change and learn and improve; but how… through awareness, analysis, and iterative adjustment (just like in engineering).

Investing partially, whether fiscally or in human hours, is not sufficient. Planning these elements for success always requires time, hardware, and people: investment and awareness. No one sends a telescope into Lagrange orbit one half-million miles from earth without proper test coverage (this isn’t the Hubble (sorry, sorry, I know it’s not funny)). The reasons are obvious. However, back on terra, faulty and insufficiently tested code can deploy to a hyperscaler’s cloud with sufficient impact that national and global infrastructure goes offline, and that code can ship without a second set of eyes? Yep. It happens, but it does not need to happen. We can expect better, and we should. Engineers and end-users and everyone else deserves better.

Easier said than done, sure, but there are no improvements without intention and action. Orgs must be dedicated to P&R coverage, and they must be receptive to potential improvements and course corrections. It requires management to be aware that “performance” does not imply “efficiency” and vice-versa. Quite simply, gaining any benefits from sufficient test coverage requires that management embrace improvements to “testing culture” within their org, and to ensure that sufficient time/cycles/bandwidth on each engineering team’s schedule is inclusive of engagement with org-wide performance engineering directives.

[1] LinkedIN image reference: www.linkedin.com/feed/upda…

Remission Requires More Than Medication

Remission is an interesting term in its lexical use.

  • “diminution of force or effects”, c. 1600.
  • “abatement of penalty or punishment”, c. 1736

In the context of those implications and meanings, yes absolutely that’s the impression from the past two months, a surprisingly rapid two months since a second front was opened during the “Hypophysis-Infundibular War”. Well, guess what? The tumour is in remission now.

Why, or how? This is the result of a new medication regimen, a recent geographic relocation, and many iterative improvements within response/activation programming for the Locus-Coeruleus, Substantia Nigra, and various other impossibly beautifully complex brain structures which define a personality.

The simplest expression which captures the reality of this war which has been raging inside for seven continuous years, with one failed front (07'22 - 06'23)..

  • Remission is a cause for and a direct result of “Hypothalamic Mediated Happiness” (HMH)
  • Remission requires a cyclical, self-reinforcing, positive feedback, loop-governed state of “Feeling and experiencing Happiness at its most capacitive level” – a prolonged and elevated experiential state resulting from biochemical-messengers otherwise referred to as ‘Love’.

Overly simplified version:

  • Prolonged existential unhappiness = makes tumour bigger (cyclical, each makes the other worse)
  • Prolonged existential happiness = makes tumour smaller (cyclical, each makes the other better)

Surely it cannot be that simple. Of course, it is not simple but then is the endless striving for love and happiness ever a simple endeavor? Not for me, not in this lifetime. It has been the forever, the endurance, the balance, it is the physiological state of homeostasis which results in cognitive/emotive pleasure as a means to encourage positive actions which keep us alive. Love and happiness keep us going, and so without those - well what’s the point?

So then, happiness is contingent upon dopamine being in balance with the rest of the neuro/endocrine system, otherwise there can be no homeostasis, no balance, no calm or quiet, only turbulence and misery. So then, remission necessarily involves finding ways to maintain cognitive-emotional states where Dopamine is maintained in a balance. This is not a single vector achievement at all.

Maintaining Dopaminergic balance cannot be obtained solely by medication. it must be inclusive of the ways in which we navigate the world, respond to events, and the manner in which our cognitive/apparitional states fluctuate.

During those seven years, non-coincidentally the entire time of being at $corp, the conditions exacerbated tumour growth. During those seven years of providing architecture solutions for global network infrastructure, seven years of investing my cognitive functions at the expense of a simplified notion of happiness, hoping and wanting and being patient for the ship to right the storms… years ago I knew that was a hopeless endeavor. I knew that no true happiness could exist in that place after a certain time, and not only for myself. I was only one woman.. one progressively unhappy woman who could not prevent the events which unfolded for too many others. That feeling of failure never went away, and ‘survivors guilt’ is not a happy place.

Everyone Loves Ansible

Test post. The variable value specifies the vicissitudes of vectorized validity of variablities.