[Tracker] Fear and Loathing in Las Vegas

From: Philip Van Hoof <philip codeminded be>
To: Tracker mailing list <tracker-list gnome org>
Subject: [Tracker] Fear and Loathing in Las Vegas
Date: Sat, 03 May 2014 16:01:06 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

I think that not duplicate storage of metadata (a rightful reason to
wanting to store the metadata in the attrs of files) or the speed to
access it (why it's currently a sqlite 'index' instead of using UNIX
tools like find and locate - or why pipe() can't solve everything), is
going to be the issue in future.

The old-time reason of why we store metadata locally, so that to query
it content can be anywhere instead of just locally, also still holds.

Admitting that I'm a bit influenced by recent scandals related to
various intelligence agencies, I think that also the time is right for
secure metadata-storage. I .. don't think that much has changed. Just
the perception of our users. But perception too steers innovation.

A solution I have in mind is storing hashes instead of content with
references to a key-value storage storing stringly values strongly
encrypted.

        I think we must store stringly metadata as hashes in the index.

SPARQL functions like str() can be adapted to convert the input to a
hash, allowing operators to compare hashes instead.

At the point of return we use the client's provided public key to
encrypt the data and pass it on over IPC or using direct-access

        (libtracker-sparql can encrypt it in process in case of WAL
        direct-access, this of course requires leaking the private key
        to the process - of which I'm not a fan. With that Adrien's FD
        passing is yet again a good thing to have).

This idea, I admit, doesn't secure relationships. I have no solution
for that as we need the relationships between entities unencrypted for
them to be queryable efficiently.

Kind conspiracy regards,

Philip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTZPaiAAoJEEP2NSGEz4aDBd8H/j0jdXJeuhkmf1tOPJxulgD2
QmZAoqijsQKbJU68JXOEd8cir1kly15c4+Qfe6YtYnsIUupFXD2a610lmh+S5Wz+
pfAONasKLK//auUsr0WrInVmOjpAYZqpXbj/B702p+MWCfneUTooq7ei+avZdtlM
0adJG00WXtHVhTxD9tybEKB5kCVqIbxCBC0SiB9CNElVs00SZEkVPCsLAv4IgBN8
ID8uH32iUeD73fD8LxMVX8rw9dPdLMc5/Tj/c5+7xN6YxEAe2lxi7C75EBxpziyW
uG40H68PKqd6EFa20euPL3vH/EDh9nG2YnGp0HwrJ2nuIStX6NTq/D5ZQK041rE=
=MNbZ
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [Tracker] Fear and Loathing in Las Vegas
  - From: Philip Van Hoof
- Re: [Tracker] Fear and Loathing in Las Vegas
  - From: Vishesh Handa

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]