阿肯色州成為第一個要求高中教 coding 的州

Slashdot 上看到「Arkansas Is Now the First State To Require That High Schools Teach Coding」,報導自「Arkansas is Now the First State to Require That High Schools Teach Coding」。

2015~2016 這個年度將會開始招募大量教師,在高中內教 coding,大約花費一億五千萬台幣。

Training programs for teacher preparation will be available, but with the majority of the infrastructure already primed, the execution of this new law should hopefully be painless and seamless.


Cisco 會將硬體寄送到貨運商,以提高 NSA 攔截安裝後門的難度

在「To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses」這篇看到的報導,出自「Cisco posts kit to empty houses to dodge NSA chop shops」這篇。

去年 Snowden 揭露的資料顯示 NSA 會攔截 Cisco 的硬體,並且在上面安裝後門再打包寄出:「Greenwald alleges NSA tampers with routers to plant backdoors」:

"The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers."

The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users.

不過 Cisco 的反應好慢,去年五月就有的消息,現在才提出改善方案。

改善的方法是寄送到集散地,再請人去拿。讓 NSA 之類的單位想要攔截的成本提高。

Google 利用搜索的壟斷優勢打擊競爭對手

最近很熱門的新聞:「FTC: Google Altered Search Results For Profit」,國內也有媒體已經報導 (報導:FTC機密文件指控Google不當商業行為壟斷搜尋市場),不過沒受到太多注意?

起因自 The Wall Street Journal (WSJ) 透過 FOIA (資訊自由法) 要資料的時候,意外拿到 2012 年 FTCGoogle 壟斷而做出評估的文件,整個案件於 2013 年年初達成和解。

WSJ 的報導可以參考「Inside the U.S. Antitrust Probe of Google」這篇。(有 Paywall,可以透過 Google 搜尋這個標題後再點進去 XDDD)

另外 Google 內部知道他們的市占率比外部估出來的高出不少 (外部估算 65%,但內部自己評估 69% 到 84%),但也因此感到欣慰 (避免了反壟斷的壓力):

Data included in the report suggest Google was more dominant in the U.S. Internet search market than was widely believed. The company estimated its market share at between 69% and 84% during a period when research firm comScore put it at 65%. “From an antitrust perspective, I’m happy to see [comScore] underestimate our share,” the report quoted Google Chief Economist Hal Varian as saying, without specifying the context.


KING BLADE 第十三代:沃槽...

直接貼 tweet:

日本人戰力無限啊,如果配合 public key 機制,說不定還可以做到可重複使用讓主辦單位 remote control 的版本?

溫水煮青蛙:Windows 10 與 Secure Boot

Microsoft 的 Windows 10 更進一步限制了 Secure Boot 的選擇:「Linux’s worst-case scenario: Windows 10 makes Secure Boot mandatory, locks out other operating systems」。

之前是關閉,現在則是必須要 optional (包裝用語啦,意思是預設值打開,使用者可以進 UEFI console 關閉):

OEMs are still required to ship Secure Boot, but the previously mandatory disable switch is now optional

是個「溫水煮青蛙」的概念,如果這次沒擋下來,下一次 Microsoft 就會規定 OEM 出版只能在安裝在強制打開 Secure Boot 的機器上使用 (不能關閉)。

Comodo 發出微軟 live.fi 的 SSL Certificate...

在「Microsoft Blacklists Fake Finnish Certificate」這邊看到出包,引用的報導來自「Microsoft Blacklists Fake Certificate」,微軟的安全性通知則是在「Microsoft Security Advisory 3046310 (Improperly Issued Digital Certificates Could Allow Spoofing)」這邊。

原因是因為 hostmaster 這個使用者名稱沒有擋下來不讓使用者註冊:

In fact, he reports that he was able to register the alias "Hostmaster@live.fi", which he then used to obtain a legitimate HTTPS certificate for Live.fi via Comodo, which is the world's largest digital certificate authority.

這件事情拉出了對於「認證」一直沒有標準可以遵循的問題,大致上只有「RFC 2142 - Mailbox Names for Common Services, Roles and Functions」有列出一些常用的 username,其他的就沒印象了。CA/Browser Forum 不知道有沒有對應的標準...

Amazon 在巴爾的摩與邁阿密推出「一個小時到貨」服務...

從「Amazon Launches One-Hour Delivery Service In Baltimore and Miami」這邊看到的,引用的報導是「Amazon launches one-hour delivery service in Baltimore」。

有付 Amazon Prime 費用的人在這兩個地區將提供兩小時到貨 (free),或是一小時到貨 (多收 USD$7.99):

The service will be available in select zip codes to Amazon Prime subscribers, who pay $99 a year for unlimited free two-day delivery on more than 20 million items. The one-hour service, available through the Prime Now mobile app, costs $7.99, while two-hour delivery will be free.

去年在曼哈頓的實驗算是成功吧... 只是 FAA 同意無人小型貨運機的實驗授權一下來就這樣公佈啊... (Amazon Gets Experimental Airworthiness Certificate)

教育部三本字辭典改用 CC BY-ND 3.0 TW 授權

剛剛看到的消息,教育部國語辭典公眾授權網採用 CC BY-ND 3.0 TW 授權,將《重編國語辭典修訂本》、《國語辭典簡編本》、《國語小字典》三本字辭典公開授權,並且提供結構化的資料下載:

ND 有點可惜啊,不過是一大步了...

OpenSSL 的安全性更新 (2015/03/19)

前幾天 OpenSSL 就已經先發出通知,將會有安全性更新:「Forthcoming OpenSSL releases」。

剛剛看到更新了,總共 14 個 (但官網上寫「Security Advisory: twelve security fixes」,這是怎樣...):「OpenSSL Security Advisory [19 Mar 2015]」,其中有兩個 Severity: High 的更新,有一個是之前就已經公開了。

不過一堆 segmentation fault、memory corruption 的安全性更新...

Google Chrome 41 的加速改善

在「New JavaScript techniques for rapid page loads」這篇提到了 Google Chrome 41 對網頁速度的改善,尤其是 JavaScript 很多的情況下:

另外 Google Chrome 42 則會再透過 cache 加速 (目前的穩定版是 41):

Chrome 42 introduces an advanced technique of storing a local copy of the compiled code, so that when the user returns to the page the downloading, parsing, and compiling steps can all be skipped. Across all page loads, this allows Chrome to avoid about 40% of compile time and saves precious battery on mobile devices.

jQuery 這類經常被重複載入的程式碼將會被 compile + cache,大幅加快頁面呈現的速度。

從另外一方面觀察,已經進展到使用 cache 機制加速,看起來其他的都做的差不多了?