Windows 將引入 TruePlay,推出作弊偵測的 API

在「Windows now includes gaming cheat detection at the system level」這邊看到微軟將會引入 TruePlay (然後跟 Sonostrueplay 衝名 XDDD) 作弊偵測機制。

很明顯的會有隱私問題,而也很明顯的微軟說不會有隱私問題:

As Microsoft notes, "to protect customer privacy, no data is shared or transmitted until permission is granted," and no information is sent until "processing has determined cheating is likely to have occurred."

這不是把人當傻子嗎,遊戲一開始就會要求你同意才能玩啊,所以資料一定會送出的啊... 而且 TruePlay 變成作業系統的標準配備後,作弊程式就會找 workaround 才會推出 :o

Posted in Computer, Game, Murmuring, Network, OS, Privacy, Recreation, Security, Service, Software, Windows | Tagged , , , , , , | Leave a comment

Cloudflare 的 CEO 將被傳喚說明濫用權力

Cloudflare 的 CEO Matthew Prince,將會被法院傳喚說明 Cloudflare 在沒有收到法院傳票的情況下就終止服務的原因,以及一直不肯在沒有法院傳票的情況下移除盜版網站的 policy:「Cloudflare CEO Has to Explain Lack of Pirate Site Terminations」。

預期會有兩件事情被拿出來訊問,第一件是推廣新納粹主義以及白人優越主義The Daily Stormer 被主動終止服務:

In August, Cloudflare CEO Matthew Prince decided to terminate the account of controversial neo-Nazi site Daily Stormer.

第二件是終止網頁挖礦的服務:

Just a few days ago Cloudflare suspended the account of a customer for using a cryptocurrency miner. Apparently, Cloudflare classifies these miners as malware, triggering a punishment without a court order.

應該會有很精彩的結論 (對 Cloudflare 不利),來等著看戲...

Posted in CDN, Cloud, Computer, Murmuring, Network, Service, Social, WWW | Tagged , , , , , , | Leave a comment

PHP-FIG 成立官方網誌

Twitter 上看到 PHP-FIG 成立 official blog「PHP FIG」了,放在 Medium 上:

另外有更正說明的 tweet:

是一個知道 PHP-FIG 又有什麼大事的管道...

Posted in Blog, Computer, Murmuring, Network, Programming | Tagged , , , , | Leave a comment

2011 年的研究,開放辦公室與病假的關聯性

忘記從哪邊冒出來的連結,反正是個 2011 年的研究:「Sickness absence associated with shared and open-plan offices--a national cross sectional questionnaire survey.」。2011 年在丹麥的研究:

METHODS: The analysis was based on a national survey of Danish inhabitants between 18-59 years of age (response rate 62%), and the study population consisted of the 2403 employees that reported working in offices. The different types of offices were characterized according to self-reported number of occupants in the space. The log-linear Poisson model was used to model the number of self-reported sickness absence days depending on the type of office; the analysis was adjusted for age, gender, socioeconomic status, body mass index, alcohol consumption, smoking habits, and physical activity during leisure time.

都是與 cellular office 比較,可以看出大於六個人的開放辦公室病假的量高出許多:

RESULTS: Sickness absence was significantly related to having a greater number of occupants in the office (P<0.001) when adjusting for confounders. Compared to cellular offices, occupants in 2-person offices had 50% more days of sickness absence [rate ratio (RR) 1.50, 95% confidence interval (95% CI) 1.13-1.98], occupants in 3-6-person offices had 36% more days of sickness absence (RR 1.36, 95% CI 1.08-1.73), and occupants in open-plan offices (>6 persons) had 62% more days of sickness absence (RR 1.62, 95% CI 1.30-2.02).

CONCLUSION: Occupants sharing an office and occupants in open-plan offices (>6 occupants) had significantly more days of sickness absence than occupants in cellular offices.

看起來只是拉數字出來分析... 另外信心區間的洞好大 XD

Posted in Murmuring, Science, Social | Tagged , , , , , , , , , | Leave a comment

Android 將測試 DNS over TLS

從「Android getting "DNS over TLS" to prevent ISPs from knowing what websites you visit」這邊看到的報導,原
文在「Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit」這邊可以看到。

It appears that “DNS over TLS” support is being added to Android, according to several commits added to the Android Open Source Project (AOSP). The addition in the Android repository shows that a new setting will be added under Developer Options allowing users to turn on or off DNS over TLS. Presumably, if such an option is being added to Developer Options, then that means it is in testing and may arrive in a future version of Android such as version 8.1.

這邊用的應該是 RFC 7858 的「Specification for DNS over Transport Layer Security (TLS)」,已經是 Standards Track 了。預設使用 TCP port 853:

By default, a DNS client desiring privacy from DNS over TLS from a particular server MUST establish a TCP connection to port 853 on the server, unless it has mutual agreement with its server to use a port other than port 853 for DNS over TLS.

而且建議如果另外定義的話,不要用 port 53:

This recommendation against use of port 53 for DNS over TLS is to avoid complication in selecting use or non-use of TLS and to reduce risk of downgrade attacks.

另外也說明了在 port 853 上禁用明文傳輸:

DNS clients and servers MUST NOT use port 853 to transport cleartext DNS messages.

另外一個還在發展的標準是 Cisco 的人推出的「DNS over Datagram Transport Layer Security (DTLS)」,走的是 UDP port 853,不過看起來因為 stateless 的特性,需要考慮比較多問題... (尤其這類服務常配合 anycast)

不過即使將 DNS query 保護起來,TLS 本身還是會透漏 hostname 的部份 (因為 SNI 的關係),所以就 privacy 面向考量的話,沒有實質的意義... 主要還是考慮被竄改的問題?但如果是這樣的話,目前 TLS 連線本身就已經有這樣的保護了?暫時沒想到可以解什麼實際的問題...

Posted in Cloud, Computer, DNS, Murmuring, Network, OS, Privacy, Security, Service, Software | Tagged , , , , , , , , | Leave a comment

PHP 7.3 的 json_decode() 將會用 Exception 處理錯誤

在「PHP: rfc:json_throw_on_error」這邊提到 PHP 7.3 會解決 json_decode() 發生錯誤時的處理方式:

PHP has two functions for dealing with JSON, json_decode() and json_encode(). Unfortunately, both have suboptimal error handling. json_decode() returns null upon erroring, but null is also a possible valid result (if decoding the JSON “null”).

在這之前唯一的判斷方式是另外再呼叫 json_last_error() 或是 json_last_error_msg(),但這樣寫很辛苦,所以要引入 JsonException 了,總算...

Posted in Computer, Murmuring, Programming, Software | Tagged , , , | Leave a comment

nvm 換 n

前幾天在 Twitter 上抱怨 nvm 很慢,導致 Zsh 開起來很頓 (然後也同步到 Facebook 上):

原因在於 .bashrc 或是 .zshrc 內初始化 nvm 時會呼叫 npm config get prefix,而這個命令很慢:「`npm config get prefix` takes incredibly long (7 - 70 seconds) #14458」。

後來在 Facebook 的留言處有朋友提了幾個方案... 其中一個是 n,花了些時間看軟體架構,有夠簡單... XD 對於不是拿 Node.js 開發的人應該是夠用了 (我只拿來跑一些用 Node.js 寫的工具)。

整個軟體就一個 shell script,把他丟進 ~/bin/ 裡面 (我有把 ~/bin/ 放到 PATH 裡),就可以用了。透過 N_PREFIX 設定他的基地 (預設是 /usr/local,我是設成 $HOME),剩下就跑 n lts,他就把 nodenpm 兩個檔案裝好給你用。

路徑的部份要自己設定,將 $N_PREFIX/node_modules/.bin 放進 PATH,這樣安裝起來的模組如果有可執行工具可以用才能直接跑 (像是 gulp.js 的命令)。

另外,之所以會說不適合開發者用的部份,是因為 module 是跨版本共用的 (切換 node 版本時就是用另外一個版本配上去 XD),所以比較不適合開發者使用...

Posted in Computer, Library, Murmuring, Programming, Software | Tagged , , , , , , , , , | Leave a comment

波多黎各的 Project Loon 啟動

先前在「Alphabet (Google) 的 Project Loon 拿到授權,支援波多黎各的救災計畫」提到 Project Loon 當時還在研究要跟誰一起合作,現在確認會跟 AT&T 合作提供服務了:「Turning on Project Loon in Puerto Rico」。

Thanks to their support, we are now collaborating with AT&T to deliver emergency internet service to the hardest hit parts of the island.

接下來應該還會有不少數字丟出來... (像是透過 Project Loon 傳輸了多少資料,或是多少分鐘的語音通話)

Posted in Computer, Murmuring, Network, Social, Telephone | Tagged , , , , , , | Leave a comment

有 Lazy Connection 功能的 PDO object

在「Aura.Sql」這邊看到有提供 Lazy Connection 的 PDO object,而且是繼承自本來的 PDO object:

Provides an extension to the native PDO along with a profiler and connection locator. Because ExtendedPdo is an extension of the native PDO, code already using the native PDO or typehinted to the native PDO can use ExtendedPdo without any changes.

Lazy connection. ExtendedPdo connects to the database only on method calls that require a connection. This means you can create an instance and not incur the cost of a connection if you never make a query.

之後可以拿來跟 LaravelEloquent 一起用看看。本來的 PDO 物件在建立時就會建立連線,對於連線的開銷其實蠻大的,用這個應該是個方向...

另外是 Profiler 的能力,需要用的時候應該會很好用:

Profiler. An optional query profiler is provided, along with an interface for other implementations, that logs to any PSR-3 interface.

引一下來源,當初是從「Atlas.Orm 2.0 Is Now Stable」這邊在看文件時一路看到的。

Posted in Computer, Database, Library, Murmuring, Network, Programming, Software | Tagged , , , , , , , , , , | Leave a comment

在 Mac 上快速換輸入法的方法:Kawa

三月的時候在「在 Mac 上快速切換輸入法」這邊提到了 IMEShortcuts,但有時候還是不會生效...

在「GitHub 中那些不错的免费软件」這篇裡面提到了 open source 的 utatti/kawa 這個專案,裡面有針對 CJKV 輸入法的 bug 提供 workaround,就給個機會測試看看:

There is a known bug in the TIS library of macOS that switching keyboard layouts doesn't work well when done programmatically, especially between complex input sources like CJKV.

而且最近變得可以用 Homebrew 管理了,這樣之後升級比較方便。

Posted in Computer, MacOS, Murmuring, OS, Software | Tagged , , , , , , , , , , , , , , | Leave a comment