有 Lazy Connection 功能的 PDO object

Posted on October 20, 2017 by Gea-Suan Lin

在「Aura.Sql」這邊看到有提供 Lazy Connection 的 PDO object,而且是繼承自本來的 PDO object:

Provides an extension to the native PDO along with a profiler and connection locator. Because ExtendedPdo is an extension of the native PDO, code already using the native PDO or typehinted to the native PDO can use ExtendedPdo without any changes.

Lazy connection. ExtendedPdo connects to the database only on method calls that require a connection. This means you can create an instance and not incur the cost of a connection if you never make a query.

之後可以拿來跟 LaravelEloquent 一起用看看。本來的 PDO 物件在建立時就會建立連線,對於連線的開銷其實蠻大的,用這個應該是個方向...

另外是 Profiler 的能力,需要用的時候應該會很好用:

Profiler. An optional query profiler is provided, along with an interface for other implementations, that logs to any PSR-3 interface.

引一下來源,當初是從「Atlas.Orm 2.0 Is Now Stable」這邊在看文件時一路看到的。

Posted in Computer, Database, Library, Murmuring, Network, Programming, Software | Tagged , , , , , , , , , , | Leave a comment

在 Mac 上快速換輸入法的方法:Kawa

Posted on October 20, 2017 by Gea-Suan Lin

三月的時候在「在 Mac 上快速切換輸入法」這邊提到了 IMEShortcuts,但有時候還是不會生效...

在「GitHub 中那些不错的免费软件」這篇裡面提到了 open source 的 utatti/kawa 這個專案,裡面有針對 CJKV 輸入法的 bug 提供 workaround,就給個機會測試看看:

There is a known bug in the TIS library of macOS that switching keyboard layouts doesn't work well when done programmatically, especially between complex input sources like CJKV.

而且最近變得可以用 Homebrew 管理了,這樣之後升級比較方便。

Posted in Computer, MacOS, Murmuring, OS, Software | Tagged , , , , , , , , , , , , , , | Leave a comment

Amazon 的多變數最佳化

Posted on October 19, 2017 by Gea-Suan Lin

在「An efficient bandit algorithm for real-time multivariate optimization」這邊提到了 Amazon 不是走傳統的 A/B testing,而是同時進行多變數的最佳化:

Consider the problem of trying to find a near-optimal version of a promotional message such as this one, which has 5 variable parts and 48 different combinations in total.

在這樣的測試數量下,作者預估需要 66 天才能夠得到有效的結果,而這也表示當變數更多的時候問題就更大了:

Based on the Amazon success rate and traffic size, the authors calculated it would take 66 days to conduct a 48 treatment randomized experiment. Often this isn’t practical.

也就是開頭提到的,如何一個禮拜就提昇 21% conversion rate:

Aka, “How Amazon improved conversion by 21% in a single week!”

作者也提到了這個方法其實打臉了他先前提到的另外一篇論文,在 2014 年提出測試應該要盡可能簡單 XDDD:

Yesterday we saw the hard-won wisdom on display in ‘seven myths‘ recommending that experiments be kept simple and only test one thing at a time, otherwise interpreting the results can get really complicated.

只能說狀況愈來愈複雜,導致需要新方法解決問題。而且這些電商會遇到在測試時不同的 factor 之間有可能會有相依性 (也就是說這些 factor 不是 i.i.d.),你用本來的方式反而會測不出來。

Posted in Computer, Murmuring, Network, WWW | Tagged , , , , , , , , | Leave a comment

Node.js 預定在十月 24 號發表安全性更新

Posted on October 19, 2017 by Gea-Suan Lin

在「DOS security vulnerability, October 2017」這邊先發佈了日期與影響範圍,細節預定在 10/24 發表:

The Node.js project will be releasing new versions of 4.x, 6.x, and 8.x the week of the 24th of October to incorporate a security fix.

Versions 4.8.2 and later of Node.js are vulnerable.
Versions 6.10.2 and later of Node.js are vulnerable.
Versions 8.x of Node.js are vulnerable.

有心人應該可以去翻 4.8.2 改了什麼 (或是 6.10.2),不知道是不是跟前陣子的「V8 對 Hash Flooding 的防禦措施」有關...

Posted in Computer, Murmuring, Programming, Security, Software | Tagged , , , , | Leave a comment

PHP 7.2 的效能改善

Posted on October 18, 2017 by Gea-Suan Lin

作者在「PHP 7.1 vs 7.2 Benchmarks (with Docker and Symfony Flex)」這邊拿 Symfony 測試 PHP 7.2 的效能,發現效能提昇主要來自於多個連線時的情境:

前面的數字是前端頁面 (用了 Twig),後面的數字是純 API 呼叫。都可以看出 conc = 1 時其實沒有顯著差異,但只要有多個連線同時存取時,效能的提昇就會展現出來。對於繁忙的站台感覺會有不少幫助...

作者的猜測是 opcache 模組的改善,也就是在這段提到的:

- Opcache:
  . Added global optimisation passes based on data flow analysis using Single
    Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP),
    Dead Code Elimination (DCE), and removal of unused local variables
    (Nikita, Dmitry)
Posted in Computer, Murmuring, Network, Programming, Service, Software, WWW | Tagged , , , , | Leave a comment

Amazon Device Farm 支援讓使用者直接連上去 debug 了...

Posted on October 18, 2017 by Gea-Suan Lin

Amazon Device Farm 推出這樣的功能又朝著設備租賃服務更進一步了:「Amazon Device Farm Launches Direct Device Access for Private Devices」。

Now, with direct device access, mobile applications developers can use individual devices in their private test set as if they were directly connected to their local machine via USB. Developers can now test against a wide array of devices just like they would as if the devices were sitting on their desk.

這樣就可以使用更底層的東西了...

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Programming, Service, Telephone | Tagged , , , , , , , , , | Leave a comment

AWS WAF 支援 Regex (PCRE)

Posted on October 18, 2017 by Gea-Suan Lin

首先是 AWS WAF 支援 Regex 了:「AWS WAF Now Supports Regular Expressions (Regex)」。

而且是以 PCRE 版本為主:

AWS WAF supports most of the standard Perl Compatible Regular Expressions (PCRE).

這樣設定變得方便很多啊,大家都算熟 regex,而且也夠強大...

另外一個公告是 AWS WAF 可以將地區的當條件進行設定了:「AWS WAF Now Supports Geographic Match」。

除了針對某些地區擋掉或是開放以外,也可以針對不同地區設定 rate limit。當條件設定就是了...

Posted in AWS, Cloud, Computer, Library, Murmuring, Network, Programming, Security, Service, Software, WWW | Tagged , , , , , , , , , , , | Leave a comment

ROCA:Infineon Technologies 的 RSA 實做問題

Posted on October 18, 2017 by Gea-Suan Lin

最近的另外一個大包,不過這包是 Infineon Technologies 在實做 RSA 算法時的問題,倒不是 RSA 算法本身有問題。之所以會「大」是因為有太多人用了:「ROCA: Vulnerable RSA generation (CVE-2017-15361)」。

起因於 Infineon Technologies 在產生 key 時的組合有限,於是要猜測的 keyspace 小很多。

以研究者的估算,可以看出 CPU year 都被大幅減少了,都是屬於「可行」的範圍:

The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):

512 bit RSA keys - 2 CPU hours (the cost of $0.06);
1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 - $40,000).

而且這邊是用 CPU year 估算,如果考慮 FPGA 加速計算,應該會短更多...

另外從發現到公開的時間線也拉得很長,可以看到中間一直在找解決方案:

2nd of November 2017 - Presentation of all details at the ACM CCS conference (to come)
16th of October 2017 - The initial version of the public disclosure published
May to October 2017 - Cooperation with the manufacturer and other affected parties to help evaluate and mitigate the vulnerability
1st of February - The vulnerability disclosed to Infineon Technologies AG
End of January - The vulnerability found

過一陣子就會去 conference 上報告了...

Posted in Computer, Murmuring, Privacy, Security | Tagged , , , , , , , , , , | Leave a comment

YouTube 史上第一個破四十億次播放的影片:Despacito

Posted on October 17, 2017 by Gea-Suan Lin

前幾天 2017/10/11 達到了:「Luis Fonsi & Daddy Yankee's 'Despacito' Is First Clip to Hit 4 Billion Views on YouTube」。


出自「Gangnam Style (music_video)」這頁。

不到一年的時間 XD

依照這個速度,應該是下個月會破 UINT_MAX (4294967295)?當年 YouTube 的人有在 Google+ 上發了一則關於超過 INT_MAX 的 PR 稿 (不過後來刪除了):「Gangnam Style overflows INT_MAX, forces YouTube to go 64-bit」。

所以這次會發嗎?

Posted in Computer, Murmuring, Music, Network, Recreation, Service, WWW | Tagged , , , , , , | Leave a comment

Amazon Lightsail 支援 Windows 了

Posted on October 17, 2017 by Gea-Suan Lin

Amazon Lightsail 決定支援 Windows 了,算是其他目前幾家領頭的 VPS 還沒進入的領域:「Amazon Lightsail Update – Launch and Manage Windows Virtual Private Servers」。

由於多了 Windows 的授權費用,價錢貴了不少:

不過還是提供一個月免費的額度:

You can try out a 512 MB server for one month (up to 750 hours) at no charge.

不過不是所有 Amazon Lightsail 有開的區域都支援 Windows:

This feature is available today in the US East (Northern Virginia), US East (Ohio), US West (Oregon), EU (London), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Mumbai), Asia Pacific (Sydney), and Asia Pacific (Tokyo) Regions.

不過還是不知道 Amazon Lightsail 進入這塊市場的想法是什麼...

Posted in AWS, Cloud, Computer, Murmuring, Network, OS, Software, Windows | Tagged , , , , , | Leave a comment