Amazon EC2 推出 D2 instance (超大硬碟空間)

在「The Next Generation of Dense-storage Instances for EC2」這邊公佈了 Amazon EC2 新的 D2 instance:

最大台有 48TB 硬碟與 244GB 記憶體,這規格好熟悉...

然後這次是全地區一起上,不過看起來不包括美國政府用的 AWS GovCloud (US)

You can launch d2 instances today in the US East (Northern Virginia), US West (Oregon), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), and Asia Pacific (Sydney) regions as On-Demand, Reserved Instances, or Spot Instances.

RSA Conference 2015 禁止 Show Girl

前幾天的消息:「RSA Conference Bans "Booth Babes"」。報導出自於「RSA Conference bans ‘booth babes’」。

規範的文字:

All Expo staff are expected to dress in business and/or business casual attire. Exhibitors should ensure that the attire of al staff they deploy at their booth (whether the exhibitor’s direct employees or their contractors) be considered appropriate in a professional environment. Attire of an overly revealing or suggestive nature is not permitted. Examples of such attire may include but are not restricted to:

  • Tops displaying excessive cleavage;
  • Tank tops, halter tops, camisole tops or tube tops;
  • Miniskirts or minidresses;
  • Shorts;
  • Lycra (or other Second-Skin) bodysuits;
  • Objectionable or offensive costumes.

These guidelines are applicable to all booth staff, regardless of gender, and will be strictly enforced. We reserve the right to request that individual booth staff change their attire or leave the premises immediately if we feel their appearance might be offensive to other exhibitors or attendees.

讓我想起 2009 年 Yahoo! 辦的 Taiwan Open Hack Day:「Yahoo Sorry About Lap Dancers at Hack Day in Taiwan–So What's the Excuse for Last Year's Go-Go Girls?」。

用 Intel 網卡上的 Flow Director 過濾封包

在「Traffic filtration using NIC capabilities on wire speed (10GE, 14Mpps)」這邊看到的技巧。

作者建議另外安裝 driver,因為 Linux kernel 內的 driver 功能有限:「Intel Ethernet Drivers and Utilities」。

重點在 ethtool 這個工具,可以看到條件設定:

ethtool --help:
        ethtool -N|-U|--config-nfc|--config-ntuple DEVNAME    Configure Rx network flow classification options or rules
        rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|tcp6|udp6|ah6|esp6|sctp6 m|v|t|s|d|f|n|r... |
        flow-type ether|ip4|tcp4|udp4|sctp4|ah4|esp4
            [ src %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
            [ dst %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
            [ proto %d [m %x] ]
            [ src-ip %d.%d.%d.%d [m %d.%d.%d.%d] ]
            [ dst-ip %d.%d.%d.%d [m %d.%d.%d.%d] ]
            [ tos %d [m %x] ]
            [ l4proto %d [m %x] ]
            [ src-port %d [m %x] ]
            [ dst-port %d [m %x] ]
            [ spi %d [m %x] ]
            [ vlan-etype %x [m %x] ]
            [ vlan %x [m %x] ]
            [ user-def %x [m %x] ]
            [ action %d ]
            [ loc %d]] |
        delete %d

看起來 stateless 的過濾可以在上面做...

2014 年 Turing Award 得主:Michael Stonebraker

今年的 Turing Award 頒給了在資料庫領域上有重要貢獻的 Michael Stonebraker

For fundamental contributions to the concepts and practices underlying modern database systems.

ACM 的頁面上列了不少成就,比較熟的是 PostgreSQL,他是 PostgreSQL 發展重要的關鍵人物:(出自維基百科「PostgreSQL」條目)

PostgreSQL evolved from the Ingres project at the University of California, Berkeley. In 1982 the leader of the Ingres team, Michael Stonebraker, left Berkeley to make a proprietary version of Ingres. He returned to Berkeley in 1985 and started a post-Ingres project to address the problems with contemporary database systems that had become increasingly clear during the early 1980s. The new project, POSTGRES, aimed to add the fewest features needed to completely support types. These features included the ability to define types and to fully describe relationships – something used widely before but maintained entirely by the user.

Amazon WorkMail 使用感想...

Amazon WorkMail 在今年一月底時推出 Preview (參考「Amazon 跨足 Email 市場」),需要填單申請。

昨天發現申請到了,由於 Amazon WorkMail 只有 us-west-1 與 eu-west-1 有服務,所以在 us-east-1 開了一個 domain 測試。

帳號與 IAM 分開,另外吃 AWS Directory Service,我是透過 Simple AD 管理帳號。

由於目前不支援 POP3 與 IMAP,所以也不用在這折騰了:(Amazon WorkMail FAQs)

Q: Can I use Amazon WorkMail with my existing POP3 or IMAP clients?
No, Amazon WorkMail currently does not offer support for POP3 or IMAP clients.

所以這次先只看 webmail 的部份。

以一個用 Gmail 用習慣的人 (而且用快速鍵已經很順手了),邊翻文件邊用,過十分鐘後就覺得「好陽春啊」...

快速鍵能做的事情相當少,大多都還是要用鍵盤操作。另外看得出來沒有 preload,翻下一封信的時候還是要等待一下。

另外沒有 Send as 的功能 (舉例來說,我雖然是 ooxx@gmail.com,但我可以透過認證後以 ooxx@kkbox.com 的 From 寄出信件),對外很不方便。

還有一些是 bug,修掉應該只是時間的問題。像是我把 preview 位置改成 bottom 後,再把 preview 視窗拉大,切到 setting 再切回來又變回原來的視窗大小了。

離「可以用」的等級還有點遠 (現在是屬於「不能用」的等級),先這樣放著吧...

Slack 密碼外洩

Slack 由於發現密碼外洩,剛剛發佈了資安通報:「March 2015 Security Incident and the Launch of Two Factor Authentication」。

這次也因此推出了兩個功能:

  • Two Factor Authentication (2FA),使用者可以設定 2FA 登入。
  • Password Kill Switch,管理者可以強制重設所有人的密碼。

另外也透漏使用 bcrypt 為密碼演算法,只要密碼強度夠強,即使透漏出去應該也是不會有問題 (當然換掉還是比較好)。

Amazon S3 的 Cross-Region Replication

AWS 宣佈的新功能,自動 replicate 到其他區域的 Amazon S3 上:「New – Cross-Region Replication for Amazon S3」。

需要打開 Versioning 的功能,然後就可以設定了:

新上傳的 object 才會被 replicate,原先的 object 是不會有改變的。

CNNIC 所發出的 MCS Holdings 發出 Gmail 的 SSL 憑證,攻擊 Gmail 使用者

Google Online Security Blog 來的消息,CNNIC 授權 MCS Holdings 的 Intermediate certificate 被拿來發 www.gmail.com 的憑證:「Maintaining digital certificate security」。

Mozilla 也發出警告:「Revoking Trust in one CNNIC Intermediate Certificate」。


取自「谷歌称CNNIC发布中间人攻击证书

當初有習慣把 CNNIC 的 root certificate 拔掉的人這次不受影響。

Facebook 的「Augmented Traffic Control」模擬網路環境

Facebook 推出 Augmented Traffic Control,模擬網路環境:「Augmented Traffic Control: A tool to simulate network conditions」。

可以測這五種變數:

  • bandwidth
  • latency
  • packet loss
  • corrupted packets
  • packets ordering

Facebook 的成果是 Python + Django 寫的前端管理界面,實際運作還是透過 Linuxiptables

也有提供 Vagrant 的操作方式讓人「試用」,主要是讓人在本機上就可以用吧?