Keeping data confidential from the system administrator


Problem

How do I ensure that I cannot access confidential data manually through the database? Practically speaking, this is a firestore database on google cloud, and I have access to the administrator google account. For the purposes of this question, we assume the code is perfect, and is trusted to be not malicious in any way.

I’m developing software for a client, and one of the requirements is that the data is only accessible by two other people, and I am not one of them. It’s a small project, and I’m both the sole developer and system administrator. I’m capable of ensuring data confidentiality when the only point of access is the application, but due to the system administrator role I also have direct access to the database.

Possible Solutions

  1. Remove my admin access to the database.

    While it would solve the problem, it would also make further development and support rather difficult.

  2. Use encryption

    Possible, if I only encrypted the records that were confidential. It would slightly impact support but not to any major extent. The main problem here is how to ensure I don’t have access to the decryption key, while the server does.

  3. Use database permissions

    As far as I can tell, google firestore only has permissions for different actions, where I would need to have row or column based permission. I could probably do it with table based permission too. Technically speaking as administrator I could add permission back, but so long as it kept a history of permission changes this should be fine.

Solving a system of differential equations whose one of the coefficients is imported data

Suppose we have a coupled system of differential equations: \begin{equation} \frac{db}{dt}=(- \gamma_b -i\omega_b)b-i\frac{g}{2}p;\quad \frac{dp}{dt}=i\frac{g}{2}\Delta N(t) b-(\gamma_a+\gamma_b+2iJ)p. \end{equation} If $ \Delta N$ was fixed, the solution of the system would be like \begin{equation} \begin{pmatrix} b(t)\ p(t) \end{pmatrix}=\begin{pmatrix} a_{11}&a_{12}\ a_{21}&a_{22} \end{pmatrix}\begin{pmatrix} b(0)\ p(0) \end{pmatrix} \end{equation} Using the following code, I have found a $ 2\times 2$ matrix (called sol) whose entries are $ a_{ij}$ in the above equation:

rb=630;wb=75*10^6;g=0.63;ra=2.6*10^6;rm=3.6*10^6;J=6.3*10^7;DeltaN=0.164*10^5; m ={{-rb-I wb,-I g/2},{I g DeltaN/2,-(ra+rm+2 I J)}}; eigvec = Eigenvectors[m] // Transpose // Simplify; eigval = Eigenvalues[m] // Simplify; inv = Inverse[eigvec] // Simplify; v1 = eigval[[1]]; v2 = eigval[[2]]; sol = eigvec.{{E^(v1 t), 0}, {0, E^(v2 t) }}.inv; 

If we suppose that $ p(0)=0$ , then one can easily plot $ |b(t)/b(0)|^2$ : simply plot $ a_{11}(t)$ . But the problem is that $ \Delta N$ is not fixed. It is a $ N\times 1$ matrix which I have obtained from another code written with Fortran and its type is data.txt. The elements of this file are calculated by assuming the time interval between each one is $ 0.001$ . That is, for $ t=0.001$ we have $ \Delta N_1$ , for $ t=0.002$ we have $ \Delta N_2$ , etc. But the time intervals are not included in the txt file.

One way that comes to my mind is this: Assuming we know the analytical form of solfor a fixed $ \Delta N$ , we set time, i.g., equal to $ 0.001$ and then substitute the first row of the txt file (I call it $ \Delta N_1$ ) into sol and find $ a_{11}$ . Then we raise time to $ 0.002$ , substitute $ \Delta N_1$ into sol, find $ a_{11}$ , and repeat the procedure to the last row of the txt file.

Now the question is this: how can I import the txt file to the code and do the procedure that I explained above to get some data like $ \{\{0.001,a11(0.001)\},\{0.002,a11(0.002)\},….\}$ where the first elements are time intervals and the second ones are $ a_{ij}$ corresponding to that particular time?

I had asked a similar question here enter link description here, but in that problem I did not have an external file with txt format.

I could not upload my txt file, so I write the first 10 elements if necessary:

0.164E+05

0.655E+05

0.146E+06

0.258E+06

0.400E+06

0.572E+06

0.776E+06

0.101E+07

0.129E+07

0.159E+07

Operating system , synchronization

Consider the methods used by processes P1 and P2 for accessing their critical sections whenever needed, as given below. The initial values of shared boolean variables S1 and S2 are randomly assigned. Method used by P1

while (S1 == S2);Critical Section S1 = S2;

Method used by P2while (S1 != S2);Critical SectionS2 = not(S1);

Which one of the following statements describes the properties achieved?

Mutual exclusion but not progress

Progress but not mutual exclusion

Neither mutual exclusion nor progress

Both mutual exclusion and progress

EDIT why in such codes we cannot preempt during executing while? is while an atomic expression here?

Choosing an experience point system for a new RPG

I am creating my own tabletop RPG and keep coming back to the question of fairly and easily distributing experience points. I have it narrowed down to two systems that I like, but would like the wisdom (and opinions) of the community. The game involves "skillsets" that are basically mini-classes, like Pyromancy, Covert Ops, and Hacking. You start with two, and as you gain experience you become more powerful with those and add new ones. Every three levels is a rank, and any time you increase your rank (4th, 7th, 10th, etc.) you get to add a new skillset at 1st level. Your character has stats, like Agility and Strength, and each skillset is tied to a stat. You’re able to level-up your stats only by learning a new skillset tied to that stat.

Design goals:

  1. A simplified game that will appeal to new role-players, but which has enough depth for the GM to create long, deep campaigns.
  2. A fun, playable balance between realism and ease-of-use.
  3. I don’t want the GM to be involved in awarding XP, other than rare bonus XP for excellent game play, and nobody should ever have to consult a chart or calculate how much XP an encounter/enemy is worth.
  4. Characters with a balanced number of skillsets: flexibility vs. paperwork.

In my original system, you would earn 1 XP every time you used a skillset in a round, and 1 bonus XP if you failed. Harder combats automatically earn more XP, and you grow in the skillsets you’re actually using, which makes sense to me. In a test game the players also liked that even when they were losing, they were earning more XP. I like that players will have to choose between using their top-level skillset for maximum effect versus a lower-level one they’re trying to build up.

However, players need to track every skillset used every round, and you can take multiple actions in a round. We found that a simple tick mark on your character sheet does it, but it’s paperwork. It also fails where you take an action not covered by a skillset, like riding a bicycle through the middle of a melee: I doubt there will be a Combat Bicycle skillset, so you will make a roll using your stats instead of skillsets, and you don’t earn XP when using a stat.

Method #2 is to make experience more generic and let you "spend" it where you like. You earn 1 XP every round, plus one if you have to make a defensive roll, plus another if you fail that roll. You could then "spend" a little to add a new skillset or a lot to increase your Pyromancy skillset from 6th to 7th level, for example. Players "in the thick of it" will earn more XP, and tougher combats will earn more XP, just like in the original system. You can add interesting bonus rules, like the first player to drop an opponent gets bonus XP, etc. This makes for less paperwork for the player while providing even more flexibility.

However, XP is no longer tied to the skillset from whence it came and I’m worried it feels a bit computer-gamey. Also, method #1 limits the rate at which you learn new skillsets – in method #2 you can buy ALL OF THEM and have a ridiculously well-rounded, not-very-powerful character, which also feels ingenuous. It also removes the choice between your powerful skillset and the weak one you want to improve.

  1. Which system sounds easier to play?
  2. Which system sounds more interesting to play?
  3. Is there a better system I’m not seeing?

SQL server backup fail “A system assertion check has failed”

I just installed SQL Server 2017 EVAL in a Windows Server 2012 R2 VM. Most default options.

Default installation folder. SYSTEM databases in default folder. User databases in the D:\ drive. Created some databases, some users, installed Brent Ozar and Ola Hallengren scripts. Next thing I was configuring the backups on the E:\ and getting an error. So i tried to run manually:

BACKUP DATABASE [DABOL12] TO  DISK = N'E:\BACKUP\teste.bak' WITH NOFORMAT, NOINIT,  NAME = N'DABOL12-Completo Banco de Dados Backup', SKIP, NOREWIND, NOUNLOAD,  STATS = 10 GO 

and getting this error:

Location:    mediaWrite.cpp:603 Expression:  (m_pWriteBuffer->GetCurrentSize ()% GetBlockSize ()) == 0 SPID:        56 Process ID:  1104 Mensagem 3013, Nível 16, Estado 1, Linha 1 BACKUP DATABASE está sendo encerrado de forma anormal. Mensagem 3624, Nível 20, Estado 1, Linha 1 Falha em uma verificação de asserção do sistema. Verifique o log de erros do SQL Server para obter detalhes. Em geral, uma falha de asserção é causada por bug do software ou danos nos dados. Para procurar danos no banco de dados, considere a execução de DBCC CHECKDB. Se você concordou em enviar despejos à Microsoft durante a instalação, um minidespejo será enviado. Uma atualização poderá ser disponibilizada pela Microsoft no último Service Pack ou em um Hotfix do Suporte Técnico.  Horário de conclusão: 2020-08-13T21:57:22.6904999-03:00 

Is in Portuguese, and telling me to check the SQL Server logs, which point me to this dump file [1] where it have the same message but in english:

 2020-08-13 19:07:27.81 spid54      Erro: 17066, Gravidade: 16, Estado: 1. 2020-08-13 19:07:27.81 spid54      SQL Server Assertion: File: <mediaWrite.cpp>, line=603 Failed Assertion = '(m_pWriteBuffer->GetCurrentSize ()% GetBlockSize ()) == 0'. This error may be timing-related. If the error persists after rerunning the statement, use DBCC CHECKDB to check the database for structural integrity, or restart the server to ensure in-memory data structures are not corrupted. 2020-08-13 19:07:27.81 spid54      Erro: 3624, Gravidade: 20, Estado: 1. 2020-08-13 19:07:27.81 spid54      A system assertion check has failed. Check the SQL Server error log for details. Typically, an assertion failure is caused by a software bug or data corruption. To check for database corruption, consider running DBCC CHECKDB. If you agreed to send dumps to Microsoft during setup, a mini dump will be sent to Microsoft. An update might be available from Microsoft in the latest Service Pack or in a Hotfix from Technical Support. 2020-08-13 19:07:27.81 Backup      Erro: 3041, Gravidade: 16, Estado: 1. 2020-08-13 19:07:27.81 Backup      BACKUP failed to complete the command BACKUP DATABASE DABOL12. Check the backup application log for detailed messages. 2020-08-13 19:13:11.98 spid54      **Dump thread - spid = 54, EC = 0x000000D63F84C160 2020-08-13 19:13:11.98 spid54      ***Stack Dump being sent to C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\LOG\SQLDump0035.txt 

If I try to run this same command on the D:\ drive, it runs without any problems.

Details:

  1. After getting the errors a few times, I installed CU21, but the error persist.
  2. Both SQL Server and SQL Agent account have full control over E:\ drive. I went nuts and granted full control to everyone for the sake of testing.
  3. I was pretty sure that the databases weren’t corrupt, since I don’t get the same error when backuping to another drive and had just created them), but I run the DBCC CHECK anyway, and it’s everything ok.

Any thoughts?

[1] https://pastebin.com/0BhhMN6p

UPDATE 1

This VM is hosted on a XenServer, which I’m not a admin nor thus have any access. After finding out that I can successfully perform the backup to drives C: and D:, but could not perform to E:, I decided to check the devices.

Drive C: XENSRC PVDISK SCSI Disk Device
Drive D: XENSRC PVDISK SCSI Disk Device
Drive E: FreeNAS iSCSI Disk SCSI Disk Device

Searching a bit more a found this reddit post [2] with the same problem as I, shedding some light on the problem.

This is a SQL Server Bug, a Windows bug, a Xensrv bug or a FreeNAS bug?

[2] https://www.reddit.com/r/sysadmin/comments/2ofo4k/help_with_an_iscsi_issue/

Difference between the logic and the type system of a proof assistant?

In Comparing Mathematical Provers (section 4.1), Wiedijk classifies logics and type systems of different proof assistants? I do not see what he means by type system of the assistant. He only says:

A system is only considered typed when the types are first class objects that occur in variable declarations and quantifiers.

I can only think of types in goals. For instance, in Isabelle if you write a goal using variables (I don’t think you "declare" variables", you can check the type of these variables. But this type is certainly a type in the logic I’m using.

It would be interesting to clarify this and apply this example in the cases of Isabelle, Coq and Metamath (which is untyped and apparently based on proof trees, which could give a hint).

What editions of D&D are derived from the d20 system?

The tag wiki on this website says:

For questions about the d20 System, an RPG system originally published in 2000 by Wizards of the Coast. The d20 System was developed alongside D&D 3e and is a derivative of it, but it forms the mechanical backbone for a variety of RPGs entirely departed from the D&D system.

And the wiki page says:

The d20 System is a role-playing game system published in 2000 by Wizards of the Coast, originally developed for the third edition of Dungeons & Dragons.1 The system is named after the 20-sided dice which are central to the core mechanics of many actions in the game.

Much of the d20 System was released as the System Reference Document (SRD) under the Open Game License (OGL) as Open Game Content (OGC), which allows commercial and non-commercial publishers to release modifications or supplements to the system without paying for the use of the system’s associated intellectual property, which is owned by Wizards of the Coast.

It looks, at least to me, to be more of a trademark/legal matter.

But in any case, which roleplaying systems are covered by/derived from the d20 system?

It looks like D&D 4E is not covered by it, or at least the associated OGL, but I appreciate they are not the same thing.

What is the name of the crypto system used by ICANN’s DNS recovery system?

I once heard about a type of crypto system that behaves in the following way: I have x secret keys that work together to decrypt messages encrypted with a public key d. If I get at least n of the x secret keys together, I can decrypt messages encrypted with d in their entirety. If I have anything less than n, I get no information about those messages.

When this system was being described to me, I was told that an example of this system in the real world is ICANN’s system for recovering the DNS registry in the event of some catastrophic failure. In their case, x = 7.

I heard about this a little while ago, and I don’t remember exactly what the system is called. I have tried to research it with the ICANN website, but I can’t seem to find an actual name of the system that I can use to then do a deeper dive into this. Does anyone know the name of the system I just described? Also, since I am trying to dive rather deeply into this, I would also appreciate any resources (research papers, open-source implementations, additional real-world examples, etc.) that could be listed.

Thank you!