Home » 2017 » September (Page 2)

MySQL 8.0 的功能

之前陸陸續續寫了一些關於 MySQL 8.0 的新改善 (參考「MySQL 8.0 的 performance_schema 加上 index 了...」、「MySQL 8.0 將會實作「真正的」Descending Indexes」、「MySQL 8.0 對 4 bytes UTF-8 的效能改善」),官方在 RC1 的時候整理了一篇出來:「MySQL 8.0 RC1 – Highlights」。

我覺得比較值得看的是「Better Handling of Hot Rows」、「Invisible Indexes」這兩個吧,前面這點對於效能可以有些幫助 (針對某些情境不要 waiting,直接 skip lock),後面這點對於維運應該也有不錯的幫助 (像是拔掉 index 的過渡驗證階段)。

當 MySQL 8.0 真的出了之後,Percona 應該也會出文章,到時候可以看出從不同面向的觀察與想法...

Cloudflare 新推出的 Geo Key Manager

Cloudflare 對新推出的 Geo Key Manager 寫了兩篇文章說明:「Introducing the Cloudflare Geo Key Manager」、「Geo Key Manager: How It Works」。

這個服務是之前推出的 Keyless SSL 的延伸應用。

Keyless SSL 是將 Private Key 放在自己家,透過加密協定讓 Cloudflare 使用 (有點像是 HSM 的概念,也就是 Hardware security module,不讓應用的人存取到 Private Key)。這次推出的 Geo Key Manager 則是取中間值,希望針對效率與 High Availability 做出改善。

改善的方法還是將 Private Key 上傳到 Cloudflare 裡,但不是 Cloudflare 所有的機房,而是讓使用者挑選某些風險比較低的地區。

像是只放在美國,或是只放在歐盟,或是以安全度來選擇:

這其實是不信任政府單位而設計出來的系統,雖然效果如何還不知道...

Apache 的 Optionsbleed

Apache 也出了類似 Heartbleed 的包:「Apache bug leaks contents of server memory for all to see—Patch now」,原文出自「Optionsbleed - HTTP OPTIONS method can leak Apache's server memory」。

這掛上 CVE-2017-9798 了,影響版本包括了:

This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27.

發生在對 OPTIONS 處理出問題:

Optionsbleed is a use after free error in Apache HTTP that causes a corrupted Allow header to be constructed in response to HTTP OPTIONS requests. This can leak pieces of arbitrary memory from the server process that may contain secrets. The memory pieces change after multiple requests, so for a vulnerable host an arbitrary number of memory chunks can be leaked.

就... 更新吧 @_@

用 BazQux 訂閱文章

也已經用 BazQux 一陣子了,算是比較滿意的 Web-based RSS reader,拿出來寫一下...

可以試用 30 天,付費會員的費用是 USD$19/year 或是 USD$29/year (功能沒有差異,只是多付一些錢支持網站維護者),或是一次性的 USD$149/lifetime。

網站放在德國而且沒有支援 HTTP/2,但速度比其他同性質的網站都快多了 (對我就是在說 Feedly),讓人想到當年 Google Reader 還活著的時候。

用起來比較不習慣的應該是單一 feed 未讀項目最多 500 筆,對於一些圖片類的東西會比較麻煩...

Uber 在倫敦將會被停業

Uber 在倫敦將會被停業:「Uber has license to operate in London revoked」、「London regulator announces Uber ban」、「Uber London loses licence to operate」。

更精確的說是不再續發 license,舊的 license 只到 9/30:

Transport for London (TfL), which operates public transport in the capital, has made the decision not to renew the app-based taxi’s license in the city.

The license was renewed in May, but for a period of only five months. It will run out on 30th September, though the company will be allowed to continue to operate during the appeal process.

看起來主要原因是圍繞於 Greyball (利用演算法躲避執法人員的工具):

According to the TfL regulatory board, the ‘approach and conduct’ of Uber showed a lack of corporate responsibility, which could have resulted in public safety and security issues. It also raised concerns with the company’s ‘approach to explaining the use of Greyball, software that could be used to block regulatory bodies from gaining full access to the app.’

新任 CEO 則是出來道歉:「Uber CEO apologizes for “mistakes” in London」。

其實是利益團體之間的衝突... 這戲還在繼續演。

歐盟對於盜版是否帶來傷害的研究

歐盟在 2014 年做了關於盜版與銷量的研究,結果一直被壓到最近才發表出來 (於是就大概可以猜到結論了...):「EU Piracy Report Suppression Raises Questions Over Transparency」。

“In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements,” the study notes.

甚至:

The study found that piracy had a slightly positive effect on the videogames industry, suggesting that those who play pirate games eventually become buyers of official content.

另外也描述了現有電影與 TV-series 定價策略偏高:

“Overall, the analysis indicates that for films and TV-series current prices are higher than 80 per cent of the illegal downloaders and streamers are willing to pay,” the study notes.

難怪被壓著...

Facebook 把 InnoDB 換成 MyRocks 的計畫

在「Migrating a database from InnoDB to MyRocks」這邊講到了 FacebookMySQL 的 InnoDB 換成 MyRocks 的計畫。

Facebook 已經大量導入全 Flash 的環境,於是現在 InnoDB (Compressed) 的情況類似於這樣:

可以看到空間是最大的問題 (Space-bound),而非 CPU 或是 I/O,這在純 Flash 的機器上還蠻有可能的,因為純 Flash 能提供的 I/O capacity 超高,加上 Facebook 把 MySQL 當作後端儲存設備而已,CPU 的使用量可以預期不高...

然後他們估算 MyRocks 可以省下一半的空間,於是有可能變成:

不過對於一般單位來說,這些前提就未必成立了... 但還是可以看到 Mark Callaghan 花不少力氣在調校一般性的效能,希望讓使用者多一點...

MySQL 的 XA Transaction

Percona 的「How to Deal with XA Transactions Recovery」這篇提到 MySQLXA Transaction 的復原問題。

XA Transaction 主要拿來做分散式上的事物交易,在官方文件上就有提到對應的標準:

The MySQL XA implementation is based on the X/Open CAE document Distributed Transaction Processing: The XA Specification. This document is published by The Open Group and available at http://www.opengroup.org/public/pubs/catalog/c193.htm.

不過我覺得比較有趣的是這點,Percona 直接建議不要用 5.6 的 XA:

But there is a limitation in 5.6: you can only XA commit/rollback transactions that belong to your session. That means after a crash you are out of luck. To get rid of these you need to promote a slave or perform a logical dump and restore. The best plan is to avoid the use of XA transactions with 5.6.

不過翻了 bug report,Oracle 官方的 5.7 還是沒解決,看起來是 Percona 自己 patch 掉 XDDD

AWS NLB 也可以指定 IP address 當後端了

月初的時候 AWS ALB 支援 IP address 當後端 (AWS ALB 可以設定 IP address 當作後端伺服器了),然後推出 AWS NLB (AWS 推出新的 Load Balancer:NLB (Network Load Balancer)),然後這個功能也被做到 NLB 上了:「Elastic Load Balancing: Network Load Balancer now supports load balancing to IP addresses as targets for AWS and on-premises resources」。

就如同說明的,這樣可以透過 VPN 架構 (無論是 AWS Direct Connect 或是一般的 IPsec VPN) 共用機房與雲端上的資源:

We are pleased to announce that Network Load Balancers can now distribute traffic to AWS resources using their IP addresses as targets in addition to the instance IDs. You can now also load balance to resources in on-premises locations reachable over AWS Direct Connect and resources in EC2-Classic. Load balancing across AWS and on-premises resources using the same load balancer makes it easy for you to migrate-to-cloud, burst-to-cloud, or failover-to-cloud.

除了中國區以外的 region 都可以用這個功能了:

Load balancing using IP addresses is available today for existing and new Network Load Balancers in all public AWS regions except the China (Beijing) region. You can get started using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDK.

AWS CodeBuild 可以管 Secret 了...

AWS CodeBuild 可以管理 secret 了:「AWS CodeBuild Now Provides Ability To Manage Secrets」。

AWS CodeBuild now further enhances securing your build environment. CodeBuild can now store sensitive information as secrets, which can now get directly passed to your build jobs. This can be achieved by modifying the parameter store directly in your buildspec.yml, or via the CodeBuild console.

在文件裡提到:

We strongly discourage using environment variables to store sensitive values, especially AWS access key IDs and secret access keys. Environment variables can be displayed in plain text using tools such as the AWS CodeBuild console and the AWS CLI. For sensitive values, we recommend you use the parameter-store mapping instead, as described later in this section.

這次算是補上其他家已經有蠻久的功能...

不過在找資料的時候,發現 AWS CodeBuild 提供了每個月一百分鐘的 free quota,不論是新帳號還是現有帳號都一直有?(這點是之前沒注意到的...)

The AWS CodeBuild free tier includes 100 build minutes of build.general1.small per month. The CodeBuild free tier does not expire automatically at the end of your 12-month AWS Free Tier term. It is available to new and existing AWS customers.

Archives