Google Chrome 上面的畫面截圖套件

記得之前有提到最多人裝的那幾個 extension 都有嵌入各種 malware 或 spyware,所以試著找有哪個是正常的... 後來想到用 GoogleGitHub 上的 open source 專案,找到這個:「One-click full page screen captures in Google Chrome」,官方說明頁面在「Full Page Screen Capture Chrome Extension」:

It’s open source (on github) and malware free.

看起來這個應該是可以用的... 看起來很久沒更新了,不過實際測試還是會動的 :p

VPC VPN 的新功能

Amazon VPC 的 VPN 推出新功能了:「EC2 VPC VPN Update – NAT Traversal, Additional Encryption Options, and More」。

其中「Reusable CGW IP Addresses」這個功能讓大家等超久的:(CGW 是 Customer Gateway,通常是放在自己的機房裡跟 Amazon VPC 設 site-to-site VPN 對接)

You no longer need to specify a unique IP address for each customer gateway connection that you create. Instead, you can now reuse an existing IP address. Many VPC users have been asking for this feature and I expect it to be well-used.

之前得弄一堆 IP address 來接來接去,現在總算是改善了...

歐盟廢止境內漫遊的費用

歐盟廢止了在歐盟境內漫遊的費用:「Europe finally abolishes mobile phone roaming charges」:

Members of the European parliament have voted through new rules that will scrap mobile roaming charges and stop holidaymakers returning home to the nightmare of a massive phone bill racked up on their travels.

不過接下來還有要戰:

The abolishment of roaming charges was not met with universal approval. In the days before the vote Roger Helmer MEP tabled an amendment to reject the agreement on behalf of Ukip.

搭板凳看吧...

Oracle 也要推動自己的 EC2 了...

在「Oracle finally launches Elastic Compute Cloud, 9 years after Amazon debuted EC2」這邊看到 Oracle 也要推動自己的 Amazon EC2 了。Oracle 官方的新聞稿在「Oracle Updates Oracle Cloud Infrastructure Services」這邊可以看到。

官方網站在「Oracle Cloud Infrastructure as a Service (IaaS)」這邊,價錢理論上可以在「Compute Cloud Pricing」這邊可以看到,不過沒看到 Price 欄位啊...

不知道什麼人會去用... 綁專案?

Slack 支援多人討論群組

Slack 宣佈支援多人討論群組了:「Group Messages Come to Slack」。之前要找一群人討論事情必須要開一個 Private Channel,但每次開 channel 都要想一個名字出來很討厭,後來都用 #test_201510290916 這種沒有意義的名字,而現在可以直接拉人進來了:

另外一個是跟著的改變:「Private Groups become Private Channels」。

With the introduction of group DMs, which will cover many of the use cases that previously required private groups, we’ve transformed private groups into the brand new “private channels”. Private channels will be shown mixed in with your existing open channels alphabetically, with small lock icons next to the private ones. When the time comes to create a new channel, you’ll find a new public/private toggle on the configuration screen.

原先的 Private Channel 就跟 Public Channel 混在一起了...

RFC7686:保留 .onion 給 Tor 的 Hidden Services 使用

看到 Tor Project 很高興的宣佈 .onion 這個 TLD 在 RFC 7686 成為 Standards Track:「Landmark for Hidden Services: .onion names reserved by the IETF」。

而且也因為成為 IETF 的標準,在 CA/Browser Forum 上更有依據討論在上面的 CA 架構:

With this registration, it is should also be possible to buy Extended Validation (EV) SSL/TLS certificates for .onion services thanks to a recent decision by the Certification Authority Browser Forum.

nginx 1.9.6 釋出

nginx 的官網上可以直接看到連結,點進 CHANGES 後可以看到兩項關於 HTTP/2 的修正:

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2.
       Thanks to Piotr Sikora and Denis Andzakovic.

    *) Bugfix: the $server_protocol variable was empty when using HTTP/2.

    *) Bugfix: backend SSL connections in the stream module might be timed
       out unexpectedly.

    *) Bugfix: a segmentation fault might occur in a worker process if
       different ssl_session_cache settings were used in different virtual
       servers.

    *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had
       appeared in 1.9.4.
       Thanks to Kouhei Sutou.

    *) Bugfix: time was not updated when the timer_resolution directive was
       used on Windows.

    *) Miscellaneous minor fixes and improvements.
       Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora.

關於 HTTP/2 的錯誤修正意外的少 (畢竟 1.9.5 是第一個正式版),看起來 codebase 已經穩下來了?話說 NGINX Mainline 這邊是不打算更新了嗎...

對 Zeus Web Server 的 Timing Attack

Update:這應該是在講 Zeus C&C 系統,不是 Zeus Web Server... ~_~

在「Timing attack vulnerability in most Zeus server-sides」這邊看到難得的 HTTP-based timing attack,藉由程式的漏洞而產生出能夠偵測出來的 timing attack:

雖然 Zeus Web Server 已經收攤了,不過這還是示範了很好玩的攻擊手法...

透過 API 在 EC2 instance 上下命令

EC2 的新功能,可以在 Web Console 或是透過 API 直接在 EC2 instance 上面執行命令:「New EC2 Run Command – Remote Instance Management at Scale」。

另外這需要在 EC2 instance 先安裝軟體,目前只支援這三個地區:

You can use Run Command today in the US East (Northern Virginia), US West (Oregon), and Europe (Ireland) regions.

比較意外的是不額外收費:

There is no charge for this this feature; you pay only for the AWS resources that you consume.