OpenTF 開張

前陣子有提到因為 HashiCorp 沒有正面回應 (如預期的) 授權的爭議,所以決定將最後一個 open source 版本的 Terraform 給 fork 出來:「OpenTF 宣佈從 Terraform 最後一個 Open Source 版本 fork 出來」。

剛剛在 Hacker News 上看到「OpenTF repository is now public (github.com/opentffoundation)」這個,OpenTF 正式開張了。

瞄了一下 issues,初期還有蠻多雜事得處理的,但跨出第一步了,可以看看社群的能量到底有沒有超過 HashiCorp 自家的能量...

ReiserFS 被標為 Obsolete

八月底的時候看到「ReiserFS Officially Declared "Obsolete"」這則新聞,這個有進到 Linux kernel 的是 Reiser3,不是後來有人接手但沒有進到 Linux kernel 裡的 Reiser4

在 5.18 的時候先標成 deprecated:「Linux 5.18 Moves Ahead With Deprecating ReiserFS」。

這次的 6.6 則是標成 Obsolete,逐步從 Linux kernel 裡面拔除:

As part of updates to the older file-system drivers for Linux 6.6, the ReiserFS file-system is no longer marked as "Supported" but is officially treated as "Obsolete" within the Linux kernel.

目前各大 Linux 套件的預設檔案系統應該都是 ext4,另外有些特殊情境下 XFS 也蠻好用的 (像是資料庫),對於追求極限性能的情境下比 ext4 快一些。

憑著印象,加上查了說明確認,ResierFS 應該是在小檔時會有優勢:

Compared with ext2 and ext3 in version 2.4 of the Linux kernel, when dealing with files under 4 KiB and with tail packing enabled, ReiserFS may be faster.

不過這是前 SSD 時代的產物了,但也沒有看到後續的比較了...

EC2-Classic 完全退役

Amazon 家的老大 (CTO & VP) Werner Vogels 貼了關於 EC2-Classic 完全退役的文章:「Farewell EC2-Classic, it’s been swell」。

2021 年的時候 AWS 的 Jeff Barr 宣布了 EC2-Classic 的退役計畫:「EC2-Classic Networking is Retiring – Here’s How to Prepare」,我當時也整理了「AWS 宣佈 EC2-Classic 退役的計畫」這篇。

當時的時間表是期望在 2022/08/15 全部退役:

On August 15, 2022 we expect all migrations to be complete, with no remaining EC2-Classic resources present in any AWS account.

但後來還是晚了整整一年,到 2023/08/15 (剛好晚了一年) 才全部退役:

On August 15, 2023, we shut down the last instance of Classic.

而公告上面的更新則是在 2023/08/23 更新:

Update (August 23, 2023) – The retirement announced in this blog post is now complete. There are no more EC2 instances running with EC2-Classic networking.

因為真的太久沒用了,看了 Werner Vogels 的描述才能回想起來當時的架構,似乎是有一大鍋這件事情,靠 security group 拆開大家:

When we launched EC2 in 2006, it was one giant network of 10.2.0.0/8. All instances ran on a single, flat network shared with other customers. It exposed a handful of features, like security groups and Public IP addresses that were assigned when an instance was spun up.

順便提一下 Werner Vogels 文章的開頭提到了 AWS 很少將服務退役,即使是 2007 年推出的 Amazon SimpleDB 也還是繼續在跑,即使現在主推的是 DynamoDB

Retiring services isn’t something we do at AWS. It’s quite rare. Companies rely on our offerings – their businesses literally live on these services – and it’s something that we take seriously. For example SimpleDB is still around, even though DynamoDB is the “NoSQL” DB of choice for our customers.

用「List of AWS Services Available by Region」這頁查了一下,SimpleDB 的區域意外的還不少,在 us-east-1us-west-1us-west-2ap-southeast-1ap-southeast-2ap-northeast-1eu-west-1 以及 sa-east-1

不過話說這開頭是不是在偷臭隔壁棚 XDDD

Usenet 的回春?

看到「Usenet, the OG social network, rises again like a text-only phoenix (theregister.com)」這個討論,原文「USENET, the OG social network, rises again like a text-only phoenix」這篇標題講 Usenet 的回春?

我是覺得 Usenet 要真的回春一定有困難... 但有些客群跑到上面倒是不太意外。

主要是文末提到這幾個 newsgroup 好像可以去看看:

As a big science fiction reader, this vulture enjoys dipping into rec.arts.sf.written and rec.arts.sf.fandom. The computer history group alt.folklore.computers is still pretty busy. There is life in several retrocomputing channels, and we've been enjoying talking about Acorn RISC OS and Fortran among other things.

我自己是因為興趣,所以搞了一個 news server 跑 (在 newsfeed.hasname.com 這邊),然後去接了幾個 peer,架了一個 BBS site 抓一些群組,像是 comp.lang.c 這種很經典的群... 但這也是自己弄起來玩玩而已。

Anyway,也許晚點去看看上面提到的群?

Kagi 常態公開他們的訂閱數量

在「Kagi Search Stats (kagi.com)」這邊看到 Kagi 公開了訂閱數量:「Kagi Search Stats」。在「Changelog」裡面可以看到發表的資訊,可以看到也沒有給太多解釋。

現在是 7945 users + 232 family plan 的收入 (但不確定到底是合併算還是分開算),另外大約是 150K/day (週間) 與 110K/day (週末) 的 query 量。

成長速度看起來不太快,目前看起來是一個禮拜大概多 100 users,如果等比例的話,一年大概多 5k users?

交叉看一下去年九月的時候寫的資料,差不多就剛好是一年前的文章:「Kagi status update: First three months」。

一年前支出的部分大約是 $26K/mo 左右;粗粗算一下現在的 query 量,假設還是一樣的成本結構,現在大約是 $50K/mo,但今年多了很多 AI 的 API cost,所以應該還會再加上去...

We are currently serving around 2.1M queries a month, costing us around $26,250 USD/month.

一年前提到有 2.6k users,當時只有單一方案 US$10/mo;現在是 7.9k users,不過方案比較多,而且後來進來的人費用有調漲,如果還是拿以前的單價來算的話大約是 US$79k。

Kagi search is currently serving ~2,600 paid customers.

當年提到 $26k/mo 的收入差不多就只能 cover 基礎建設,人事費用就還得從各種 funding 支付;現在應該是能夠額外 cover 一些些人事的部分?

Between Kagi and Orion, we are currently generating around $26,500 USD in monthly recurring revenue, which incidentally about exactly covers our current API and infrastructure costs.

用 zrepl over ZFS 每十分鐘做一次 incremental backup 的設計

前陣子在 Hacker News 上看到「I only lost 10 minutes of data, thanks to ZFS (mastodon.social)」這篇,講他的硬碟故障,但是靠著 zrepl 每十分鐘將本地的 ZFS filesystem 同步一次到 NAS 上,所以他只掉了十分鐘的資料的故事...

Hacker News 上最熱的討論居然是在討論 WDSanDisk 的 SSD disk issue,反倒不是這個想法或是 zrepl 這個工具...

看了一下這個方法還蠻有趣的,有需求的人好像是可以這樣搞沒錯...

Anyway,想當初 OpenZFS 剛出的時候,因為 license 是 CDDL 而被 FSF 認為無法與 GPLv2 相容,所以 Linux 這邊無法內建或是散佈 binary,想玩 ZFS 就得用 OpenSolaris 或是 porting 到 FreeBSD 的版本。

結果後來 Ubuntu 的法律顧問認為可以透過 kernel module (binary) 的方式散佈相容,在 Ubuntu 16.04 包進去後就開始盛行了...

而且當年記憶體 overhead (GB 等級) 要求對於 desktop 是個不能忽略的問題,現在回頭來看也不是大問題了,桌機與筆電常常都是 16GB+ 在跑...

OpenSSH 加入了 noise (keystroke timing obfuscation) 功能

Hacker News 上看到在 OpenSSH 裡加入 keystroke timing obfuscation 的功能:「Keystroke timing obfuscation added to ssh(1) (undeadly.org)」。

如同 commit log 裡面提到的,這個功能會想要故意沒事就送一些沒用的資料 (增加一些噪音),降低從 side channel 被判讀的資訊量:

This attempts to hide inter-keystroke timings by sending interactive traffic at fixed intervals (default: every 20ms) when there is only a small amount of data being sent. It also sends fake "chaff" keystrokes for a random interval after the last real keystroke. These are controlled by a new ssh_config ObscureKeystrokeTiming keyword/

基於 OpenSSH 算是 SSH 這塊的 de-factor standard 了,接下來看其他家像是 Dropbear 會不會也實作?

GitLab 想要支援 ActivityPub

看到「Support ActivityPub for merge requests」這則消息,這個 epic 的作者 Derek Ferguson 可以看到是 GitLab 家的「Group Manager, Product」,看起來是產品團隊的主管職 (不是很確定)。

這張 epic 想建立跨 GitLab 服務之間的 ecosystem:

There already has been several very popular discussions around this (see here, here and the epic here). The gist of it is: what people really want is to have one global "Gitlab network" to be able to interact between various projects without having to register on each of their hosts.

不過目前像是在討論階段?但既然是由內部提出來的,目前的討論看起來也還算... 正面?應該是有機會看到後續的更新...

Amazon SES 寄到 Gmail 受到阻擋的情況

我自己沒遇過,但是 Hacker News 上看到有人有遇到,所以記錄起來:「Tell HN: Gmail rate limiting emails from AWS SES」。

Amazon SES 預設是共用 IP pool,所以遇到這種情況不算太意外,但應該是暫時性的,不過發問的作者有提到後來的解法是花 US$25/mo 使用 Dedicated IP 解決 IP reputation 的問題 (在 id=37177533 這邊):

Thanks you all for comments. I have made a decision to subscribed to dedicated IPs (credits: @slau).

The differentiating factor between our current AWS SES plan and the competitors (mentioned in the comments) is having a dedicated IP. With our current volume, none of the competitors are anyway near AWS SES costs. So, moving to a dedicated IPs thats cost 25$ extra not only solves our issue, but also no change in code/infrastructure.

記得以前另外一個教訓是,寄信還是儘量用 IPv4 address 去寄,因為 IPv6 address 的 reputation 得養頗久... 不過這個也是很久前的事情了。

AWS 弄出了 AWS Dedicated Local Zones,很像 AWS Outposts...

AWS 推出了 AWS Dedicated Local Zones:「Announcing AWS Dedicated Local Zones」。

先講 AWS Outposts,他就是提供 AWS 自己的硬體,放到用戶的機房裡面,所以依照需求有不同大小的機器,甚至是整個機櫃:

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience. Outposts solutions allow you to extend and run native AWS services on premises, and is available in a variety of form factors, from 1U and 2U Outposts servers to 42U Outposts racks, and multiple rack deployments.

在「What is AWS Outposts?」這邊有詳細列出有哪些服務可以跑在上面,可以看到主要就是基礎服務,以及一些吃 local 特性的服務。

另外在「How AWS Outposts works」這邊可以看出架構上會在同一個 VPC 裡面,但是不屬於同一個 AZ 下:

而這次推出的 Dedicated Local Zones 還是有些地方沒看懂跟 AWS Outposts 差在哪裡,看起來很像是重新包裝而已...

首先是首頁提到的,這邊有提到 AWS Nitro System,所以猜測這是 AWS 的硬體,而不是自己的硬體:

Build with AWS managed secure cloud infrastructure

Benefit from the same AWS security standards that apply to AWS Regions and AWS Local Zones and are delivered with the security of the AWS Nitro System to help ensure confidentiality and integrity of customer data.

另外在公告裡面提到的服務,跟 Outposts 有些差異:

AWS services, such as Amazon EC2, Amazon Virtual Private Cloud (Amazon VPC), Amazon Elastic Block Store (Amazon EBS), Elastic Load Balancing (ELB), Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), and AWS Direct Connect are available in Dedicated Local Zones.

另外在「AWS Dedicated Local Zones FAQs」這邊則試著說明兩者差異,但就這些句子看起來,只是不同面向的東西:

Q: How are AWS Dedicated Local Zones different from AWS Outposts?

AWS Outposts is designed for workloads that need to remain on-premises due to latency requirements, where customers want those workloads to run seamlessly with their other workloads in AWS. AWS Outposts racks are fully managed and configurable compute and storage racks built with AWS-designed hardware that allow customers to run compute and storage on-premises, while seamlessly connecting to AWS’s broad array of services in the cloud.

AWS Dedicated Local Zones are designed to eliminate the operational overhead of managing on-premises infrastructure at scale. Some customers have long-term, complex cloud migration projects and need infrastructure that seamlessly scales to support their large-scale demand. Some of these customers represent the interests of a customer community and also need multi-tenancy features to efficiently coordinate across their stakeholders. Dedicated Local Zones enable these customers to reduce the administrative burden of managing their own infrastructure on-premises with scalable, resilient, and multitenant cloud infrastructure that is fully AWS-managed and built exclusively for their use.

另外回到首頁看使用單位,目前是 GovTech Singapore,看起來就是重新包裝?

另外一個猜測是在客戶的機器上面裝 AWS Nitro System,然後裝 AWS 的軟體?這就有點怪了,而且這樣相容性之類的問題也頗麻煩,也許要指定配合的機種?

等有機會遇到的時候再跟 AWS 的人問問看好了,目前也還用不到...