Debian 社群想做的事情是「給足夠的資訊以及 source code，就能產生出一模一樣的 binary package」，這樣就不需要盲目信任 Debian 官方。
這件事情再次證實了 DMCA takedown notice 被濫用的情況，明明不是侵權的情況卻被拿來濫用 (因為對原提出者唯一的處罰必須過反過來提告，然後要得自己舉證因為這樣受損)。
目前看起來 EFF 願意介入，就來看看後續了。
在「[ANNOUNCE] Git v2.14.1, v2.13.5, and others」這邊看到
These contain a security fix for CVE-2017-1000117, and are released in coordination with Subversion and Mercurial that share a similar issue. CVE-2017-9800 and CVE-2017-1000116 are assigned to these systems, respectively, for issues similar to it that are now addressed in their part of this coordinated release.
這算是老問題了，Git 對應的修正主要是朝 filter input 的方向修正，包括了禁用
- 開頭的 hostname，以及禁止
- 的 repository name：
- A "ssh://..." URL can result in a "ssh" command line with a hostname that begins with a dash "-", which would cause the "ssh" command to instead (mis)treat it as an option. This is now prevented by forbidding such a hostname (which should not impact any real-world usage).
- Similarly, when GIT_PROXY_COMMAND is configured, the command is run with host and port that are parsed out from "ssh://..." URL; a poorly written GIT_PROXY_COMMAND could be tricked into treating a string that begins with a dash "-" as an option. This is now prevented by forbidding such a hostname and port number (again, which should not impact any real-world usage).
- In the same spirit, a repository name that begins with a dash "-" is also forbidden now.
然後中華電信的 DNS server (184.108.40.206 & 220.127.116.11) 都查不到
marc.info，改用 Google 的 18.104.22.168 才查得到... =_=
Cloudflare 分析了這次 815 停電對網路造成的影響：「Power outage hits the island of Taiwan. Here’s what we learned.」。
以 Cloudflare 在是方機房的 QPS 來看，停電後反而沒有太大變化：
這點從 HiNet 的使用頻寬也可以看出來，頻寬使用量降了 25% (從光世代與 ADSL/VDSL 換到行動網路上？)：
其中比較特別的是從以前只支援 Level 2 變成支援 Level 3 了：
More Secure – CloudHSM Classic (the original model) supports the generation and use of keys that comply with FIPS 140-2 Level 2. We’re stepping that up a notch today with support for FIPS 140-2 Level 3, with security mechanisms that are designed to detect and respond to physical attempts to access or modify the HSM.
在維基百科裡面有提到 Level 2 與 Level 3 的要求：
Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.
In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.
主動式偵測以及銷毀算是 Level 3 比 Level 2 安全的地方。
Pay As You Go – CloudHSM is now offered under a pay-as-you-go model that is simpler and more cost-effective, with no up-front fees.
Amazon EFS 也支援使用 KMS 加密了，這對於一些要求「落地要加密」的 certification 方便不少：「New – Encryption of Data at Rest for Amazon Elastic File System (EFS)」。
不過東京還沒有 EFS 啊... (繼續敲碗)
2013 的時候提過「加州的手機防竊提案...」，後來在 2015 年生效：
In a press release sent to reporters on Thursday, George Gascón said that since the law went into effect on July 1, 2015[,]
Such a kill switch has become standard in all iPhones ("Activation Lock") and Android phones ("Device Protection") since 2015.
而執行到現在已經兩年了，手機的失竊率下降不少：「San Francisco DA: Anti-theft law results in huge drop in stolen phones」。
[S]martphone-related robberies have fallen 22 percent from 2015 to 2016. When measured from the peak in 2013, "overall robberies involving smartphones have declined an astonishing 50 percent."