{"id":1111,"date":"2008-05-27T10:07:06","date_gmt":"2008-05-27T00:07:06","guid":{"rendered":"http:\/\/www.flamingspork.com\/blog\/?p=1111"},"modified":"2008-05-27T15:29:26","modified_gmt":"2008-05-27T05:29:26","slug":"encrypted-online-backup-design-thoughts-ask-the-lazyweb","status":"publish","type":"post","link":"https:\/\/www.flamingspork.com\/blog\/2008\/05\/27\/encrypted-online-backup-design-thoughts-ask-the-lazyweb\/","title":{"rendered":"Encrypted Online Backup (design, thoughts, ask-the-lazyweb)"},"content":{"rendered":"<p>So after a ever so temporary but loud moment of <span style=\"text-decoration: line-through;\">insanity<\/span><strong>[1]<\/strong> having a decision made which I very strongly disagreed with (wanting to release online encrypted backup as closed source), we&#8217;re back in the world of freedom and the MySQL Server is (and will be) free and open source software (dual licensed, so you can buy a commercial license of the same thing).<\/p>\n<p style=\"padding-left: 30px;\"><strong>[1] Addition<\/strong> (wanting to remove my use of the word): Marten (rightly) points out that although appreciating the new blog posts, he doesn&#8217;t appreciate having his decisions called insanity. He&#8217;s right. It&#8217;s the wrong way to put it. So, without wanting to censor or change history (instead preferring to illustrate my own stupidity and amazing ability to completely say the wrong thing every 6 months or so), I offer this clarification (that i have tried to express in about 3 drafts of blog posts, none of which have made the light of day as i was never really happy with them): the decision was made with all the right intentions (grow the company, end up producing more free software, making sales to enterprises easier, clearer differentiation etc) but it was one that I (and many others) rather strongly disagreed with. In the end, the dicision was made to have these parts as free software and I truly believe that this was made after more arguments were presented by myself (and others) about why having these parts as closed was a bad idea. It is quite the thing to make the decision to make modules for your free software product closed, it is about 15 steps higher to go back on it. I&#8217;ll share a phrase I used a few times when being a right nick-picker about things during employment contract negotiation this year (for MySQL Australia and then Sun): &#8220;Do I trust Marten? Absolutely. It&#8217;s the next guy. Remember, SCO was once Caldera and producing a linux distro and generally considered good.&#8221; So, that was more than I intended to write on the subject&#8230; but hopefully clarifies that I just thought the decision itself was bad, and am lucky enough to work at a place that encourages discussion when you don&#8217;t like things.<\/p>\n<p>So, now I&#8217;m involved with writing up the worklog for encryption for the MySQL server native online backup. I also wrote most of the original worklog for compression of online backup (I implemented compressed backup and LCP for MySQl Cluster) as well as some proof-of-concept code (written in &lt;5 minutes at 3am while jetlagged).<\/p>\n<p>There are two main approaches to encryption: symmetric and asymmetric (public key). I think we should support both (but we&#8217;ll see what others think).<\/p>\n<p>For symmetric (password based for those not up with the street lingo of crypto) we&#8217;re thinking of the following algorithms: 3DES, AES, Blowfish. Are there any others that people care about?<\/p>\n<p>DES is obviously out as it&#8217;s not considered secure, and really, we should be helping users to get things right.<\/p>\n<p>For public key: RSA and DSA are the obvious choices.<\/p>\n<p>As for libraries implementing all of these? well&#8230;.. I&#8217;m thinking about libgcrypt &#8211; it looks fairly nice and a bit similar to the kernel crypto api (which seems quite nice). Anybody got any other suggestions? Things you&#8217;d like to see? thoughts?<\/p>\n<p><strong>EDIT: <\/strong>Server not Service. We sell services, the server is free and open source. I fail.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So after a ever so temporary but loud moment of insanity[1] having a decision made which I very strongly disagreed with (wanting to release online encrypted backup as closed source), we&#8217;re back in the world of freedom and the MySQL &hellip; <a href=\"https:\/\/www.flamingspork.com\/blog\/2008\/05\/27\/encrypted-online-backup-design-thoughts-ask-the-lazyweb\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[14],"tags":[],"class_list":["post-1111","post","type-post","status-publish","format-standard","hentry","category-mysql"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5a6n8-hV","jetpack-related-posts":[{"id":1131,"url":"https:\/\/www.flamingspork.com\/blog\/2008\/07\/01\/mysql-encrypted-online-backup-preview-1\/","url_meta":{"origin":1111,"position":0},"title":"MySQL Encrypted Online Backup Preview 1","author":"Stewart Smith","date":"2008-07-01","format":false,"excerpt":"I've just pushed to launchpad, a set of patches that implement AES encryption support for MySQL Online Backup. You will need to build --with-ssl to get support for encrypted online backup. Encrypted backup files have no recognisable header - they're just a stream of random bytes. Encryption and compression also\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.flamingspork.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1145,"url":"https:\/\/www.flamingspork.com\/blog\/2008\/07\/10\/wl4271-encrypted-online-backup-preview-3\/","url_meta":{"origin":1111,"position":1},"title":"WL4271 Encrypted Online Backup: Preview 3","author":"Stewart Smith","date":"2008-07-10","format":false,"excerpt":"\u00e2\u20ac\u0153WL4271 Encrypted Online Backup: Preview 3\u00e2\u20ac\u009d branch in Launchpad Now with Windows support. Many thanks to Chuck Bell for helping get the code going on Windows. We can however, all sit around dumbfounded as to how Windows has so little of a POSIX like layer and yet doesn't define ENOTSUP.\u2026","rel":"","context":"In &quot;mysql&quot;","block_context":{"text":"mysql","link":"https:\/\/www.flamingspork.com\/blog\/category\/work-et-al\/mysql\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1133,"url":"https:\/\/www.flamingspork.com\/blog\/2008\/07\/01\/encrypted-online-backup-preview-2-des-and-aes\/","url_meta":{"origin":1111,"position":2},"title":"Encrypted Online Backup Preview 2 (DES and AES)","author":"Stewart Smith","date":"2008-07-01","format":false,"excerpt":"New preview includes: 3DES support AES support with 128 (default), 192 or 256 bit keysize bzr branch lp:~stewart-flamingspork\/mysql-server\/stew-encrypted-backup-preview2 (you can pull this directly into the previous preview1 branch, it's just 2 extra patches). Examples: BACKUP DATABASE test to 'test.ba' ENCRYPTION_ALGORITHM=3des PASSWORD='pants'; RESTORE FROM 'test.ba' ENCRYPTION_ALGORITHM=3des PASSWORD='pants'; BACKUP DATABASE test to\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.flamingspork.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":710,"url":"https:\/\/www.flamingspork.com\/blog\/2006\/06\/06\/call-for-comments-on-mysql-online-backup-api-jay-pipes\/","url_meta":{"origin":1111,"position":3},"title":"Call for Comments on MySQL Online Backup API &#8211; Jay Pipes","author":"Stewart Smith","date":"2006-06-06","format":false,"excerpt":"Call for Comments on MySQL Online Backup API - Jay Pipes It's been interesting watching the ideas develop for online, consistent Backup for MySQL. I should expand that... consistent across storage engines. Other RDBMS vendors get it easy - they just have one storage engine to back up. We have\u2026","rel":"","context":"In &quot;mysql&quot;","block_context":{"text":"mysql","link":"https:\/\/www.flamingspork.com\/blog\/category\/work-et-al\/mysql\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3976,"url":"https:\/\/www.flamingspork.com\/blog\/2015\/07\/08\/the-sad-state-of-mysql-and-numa\/","url_meta":{"origin":1111,"position":4},"title":"The sad state of MySQL and NUMA","author":"Stewart Smith","date":"2015-07-08","format":false,"excerpt":"Way back in 2010, MySQL Bug 57241 was filed, pointing out that the \"swap insanity\" problem was getting serious on x86 systems - with NUMA being more and more common back then. The swapping problem is due to running out of memory on a NUMA node and having to swap\u2026","rel":"","context":"In &quot;IBM&quot;","block_context":{"text":"IBM","link":"https:\/\/www.flamingspork.com\/blog\/category\/work-et-al\/ibm-work-et-al\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1597,"url":"https:\/\/www.flamingspork.com\/blog\/2009\/03\/27\/mysql-cluster-tutorial\/","url_meta":{"origin":1111,"position":5},"title":"MySQL Cluster Tutorial","author":"Stewart Smith","date":"2009-03-27","format":false,"excerpt":"This year I am again giving a MySQL Cluster Tutorial at the MySQL Conference and Expo. As those who have attended before can tell you, this is a hands on tutorial. I don't just stand up the front and talk at you for a day, that would be very boring\u2026","rel":"","context":"In &quot;mysql&quot;","block_context":{"text":"mysql","link":"https:\/\/www.flamingspork.com\/blog\/category\/work-et-al\/mysql\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/1111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/comments?post=1111"}],"version-history":[{"count":0,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/posts\/1111\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/media?parent=1111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/categories?post=1111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.flamingspork.com\/blog\/wp-json\/wp\/v2\/tags?post=1111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}