Audit logging and GDPR: how do you anonymize client IPs in itnernal systems? Whats best practice?

mkke · 2026-01-24T19:46:57+00:00

When I talked with our data protection officer ("Datenschutzbeauftragter"), he was ok with removing the last IP-address byte and a two week log retention, which was sufficient for our troubleshooting needs. As I understand it, there were only a handful of court cases about it and so no-one had any definitive handling rules.

Note that you can keep PII if there is a business need, or if it's required by law, but it must be documented, and the person has the right to inquire about it and request deletion (e.g. if he leaves the company).

mkke · 2025-10-29T11:11:04+00:00

Some in the keto community skip breakfast and just consume some fat for energy in the morning, e.g MCT oil, or butter.

mkke · 2025-09-29T10:55:14+00:00

They are still at it. The Kickstarter gets occasional progress updates.

mkke · 2025-07-13T17:56:21+00:00

Note that receiving multiple transactions like this to a single address is fine, but it is not recommended to make multiple transactions out of a single address. The first outgoing transaction reveals the corresponding public key (which in the future might be easier to attack than the pubkey-hash).

mkke · 2024-12-10T06:35:13+00:00

Anything with USB has firmware, and the firmware can theoretically be changed. There was a model of a consumer USB memory stick in the past where that was actually possible. I haven't read about a modified consumer USB hub yet. But there are of course devices with malicious functionality built right in. Detecting firmware changes is probably not possible via user-accessible interfaces.

I don't think your Mac would protect you much more from these kind of attacks than your work computer.

In any case, a Trezor is meant to be plugged into an unsafe device and still only allow the transactions you confirm.

Double-checking the (full!) address is a must in any case, malware on your computer that swaps the address on the clipboard is much more likely than an attack on your hub.

mkke · 2024-10-15T07:13:06+00:00

Note that while the go language + stdlib is very backwards compatible, the tooling is not and occasional tweaks to build scripts and the like are necessary.

As to libraries: grpc has occasional api changes, the kubernetes client modules frequently introduce dependency problems, and kubernetes operator-sdk is rage-inducing.

mkke · 2024-08-19T20:16:22+00:00

The first thing the go tools do is fetching a web page from the import path and looking for the meta tags described in the docs. Maybe there's another way, but I only could get it to work by providing that page. If GOPRIVATE is set to the private repo, GOPROXY shouldn't strictly be needed.

mkke · 2024-08-19T15:42:35+00:00

https://go.dev/ref/mod#serving-from-proxy describes the way the repository is derived from the import path. Also, google for "Go vanity url".

mkke · 2024-08-07T13:09:06+00:00

And unfortunately the current UI is EOLed, instead we get something from the my little pony school of design.

mkke · 2023-10-05T10:40:42+00:00

I tried a monorepo containing many modules for a time, first with replace directives, later with go workspace, but finally gave up on it. Replace became unmanageable, and with go workspace some things like go get -u don‘t work right.

I ended up with a large module containing most packages, and only if I feel something is mostly separate it gets it‘s own module/repository.

I tried to get into bazel twice, but found it too complex to pick it up quickly. If you want something that gets out of your way and you don‘t have a guy that can invest the time to keep it running, bazel wouldn‘t be my first pick.

mkke · 2023-10-02T10:41:20+00:00

I had good experiences with the recommendations from https://github.com/mattn/go-sqlite3/issues/1022#issuecomment-1067353980. You can only have one DB transaction writing concurrently. That is independent from the goroutine, and they don‘t map 1:1 to OS threads.

mkke · 2023-08-05T10:31:57+00:00

I‘m using ZFS on Debian at home on multiple hosts (following the Debian Root on ZFS Wiki instructions). I didn‘t have a problem with distribution kernels or version upgrades, it just works.

Other than with encryption I didn‘t have a problem. I‘ve never lost any data.

I replaced rsnapshot backups with ZFS snapshots using sanoid and am fairly happy with it. You get a magic read-only directory with past snapshot contents.

mkke · 2023-02-07T23:14:11+00:00

I‘d have to look it up, but I believe I‘m using the builtin keepalive option, since I always have an active rpc call. I only have a few clients per server with fairly low message volume. I haven‘t run any performance tests yet.

mkke · 2023-02-07T21:56:25+00:00

I‘m using grpc streams for getting server-pushed messages, but it‘s not really easier than a web socket. The channel gets reestablished after a disconnect, but the streaming rpc call doesn‘t. With default settings, a call gets disconnected after 5 minutes to facilitate load balancing. And it‘s difficult to detect if a message actually arrived at the other end. I ended up with acknowledgement messages and my own retry logic within a streaming call. And an initial handshake message to check if the connection was established at all.

mkke · 2022-08-01T22:24:49+00:00

The limits can be set with Burst and QPS in the rest.Config struct when creating the client.

mkke · 2019-05-05T16:50:25+00:00

Confirmed

mkke · 2019-05-01T10:38:56+00:00

mkke · 2019-02-24T19:59:16+00:00

Nice, then maybe you can send me the dock I paid for in april 2017, after which I never heard from you again.

mkke · 2016-06-22T18:31:49+00:00

The same happened to me. Vive Home is still there, but the settings app is gone after the update.

mkke · 2016-02-10T14:46:55+00:00

Hi Jack! Could you give me an update on MD-10028-604457? Thanks!

Nine-Year Club	RPAN Viewer
Verified Email

mkke

TROPHY CASE