Home » Computer » Network » Archive by category "Service" (Page 21)

各家 Session Replay 服務對個資的處理

Session Replay 指的是重播將使用者的行為錄下來重播,市面上有很多這樣的服務,像是 User Replay 或是 SessionCam

這篇文章就是在討論這些服務在處理個資時的方式,像是信用卡卡號的內容,或是密碼的內容,這些不應該被記錄下來的資料是怎麼被處理的:「No boundaries: Exfiltration of personal data by session-replay scripts」,主要的重點在這張圖:

後面有提到目前防禦的情況,看起來目前用 adblock 類的軟體可以擋掉一些服務,但不是全部的都在列表裡。而 DNT 則是裝飾品沒人鳥過:

Two commonly used ad-blocking lists EasyList and EasyPrivacy do not block FullStory, Smartlook, or UserReplay scripts. EasyPrivacy has filter rules that block Yandex, Hotjar, ClickTale and SessionCam.

At least one of the five companies we studied (UserReplay) allows publishers to disable data collection from users who have Do Not Track (DNT) set in their browsers. We scanned the configuration settings of the Alexa top 1 million publishers using UserReplay on their homepages, and found that none of them chose to honor the DNT signal.

Improving user experience is a critical task for publishers. However it shouldn’t come at the expense of user privacy.

EC2 的 X1e 推出更小台的機種

本來 EC2x1e 家族只有 x1e.32xlarge,現在拆小拿出來租了:「Amazon EC2 Update – X1e Instances in Five More Sizes and a Stronger SLA」。

這次算是補足中間的缺口,因為先前的洞有點大:r4.16xlarge 是 488GB RAM,而往上就變成 x1e.32xlarge 的 3904GB,中間都沒有其他選擇可以用。這次 x1e.8xlarge (976GB) 與 x1e.16xlarge (1952GB) 算是補上了這邊的缺口,拿來跑需要大量記憶體,但還不需要到 4TB RAM 等級的程式...

AWS 主動提高 Amazon EC2 與 Amazon EBS 的 SLA

AWS 主動提高 Amazon EC2Amazon EBSSLA:「Announcing an increased monthly service commitment for Amazon EC2」。

Amazon EC2 is announcing an increase to the monthly service commitment in the EC2 Service Level Agreement (“SLA”), for both EC2 and EBS, to 99.99%. This increased commitment is the result of continuous investment in our infrastructure and quality of service. This change is effective immediately in all regions, and is available to all EC2 customers.

之前是 99.95% monthly (參考前幾天的頁面:「Amazon EC2 SLA」),現在拉到 99.99% 了。第一階的賠償條件也從 99.95%~99% 改成 99.99%~99% 了 (賠 10%)。

AWS CodeDeploy 支援單機測試模式

AWS CodeDeploy 本來是個 client-server 服務架構,但現在讓你方便在本機測試,支援直接在本機下指令 deploy (不需要 server) 看看發生什麼狀況:「AWS CodeDeploy Supports Local Testing and Debugging」。

Previously, if you wanted to test and debug your deployment, you had to fully configure AWS CodeDeploy. This includes installing the agent on the target host, creating a CodeDeploy Application, and creating a CodeDeploy Deployment Group.

Now, you can execute a deployment directly on a local machine or instance where the CodeDeploy agent is installed. If your deployment has errors, you can easily find and view the error logs by accessing the agent with your terminal. This makes it faster and easier to find and fix bugs before configuring CodeDeploy for production.

是有很多人一直中獎然後跟 AWS 反應嗎... XD

GitHub 推出安全通知的功能

剛好是之前推出 Dependency Graph 後可以拿出來善用的利用:「Introducing security alerts on GitHub」,先前提到的 Dependency Graph 則是在「A more connected universe」這邊。

Vulnerability coverage 的部份有提到範圍,至少有公開 CVE 的會納入:

Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don't have them. We'll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our security partners in the GitHub Marketplace.

然後這系列功能目前只支援 JavaScriptRuby,下一個應該是 Python

The dependency graph and security alerts currently support Javascript and Ruby—with Python support coming in 2018.

AWS OpsWorks 支援 Puppet Enterprise

算是等很久的功能了... AWS 支援的是商業版本的 Puppet Enterprise,掛在 OpsWorks 產品下:「New – AWS OpsWorks for Puppet Enterprise」。

Master server 目前只支援 c4.large、c4.xlarge、c4.2xlarge 三種 instance (如上圖所顯示的),然後這一波支援的 region 只有 us-east-1、us-west-2 以及 eu-west-1,還沒看到亞洲的 region XD

At launch AWS OpsWorks for Puppet Enterprise is available in US East (N. Virginia) Region, US West (Oregon) Region, and EU (Ireland) Region.

計價方式是按照 node 來算,前面的 112,500 node hours 是 $0.017/hour,如果以一個月三十天來算,一個 node 的成本是 $12.24,不算便宜... 不過目前感覺在 AWS 上應該要吃 Packer 來玩,而不是 Puppet... 反正是多給使用者一個選擇就是了,總是有些情境下選擇這個服務是對的方向 (像是考量人的前提...)。

AWS 推出將 Classic Load Balancer 轉換成 Application Load Balancer 或 Network Load Balancer 的功能

AWS 應該是希望大家趕快把能換的 ELB 都換成新的 ALB 與 NLB,所以推出這個功能:「New One-step Migration Wizard to Migrate a Classic Load Balancer」。

Today, AWS announced the ability to migrate from a Classic Load Balancer to an Application Load Balancer or a Network Load Balancer in one step using a console-based migration wizard.

不過 ELB 有一些功能是目前 ALB 與 NLB 沒有的,像是一般性的 SSL offload (而非 HTTPS offload),以及舊客戶會有的 EC2-Classic:

不知道這兩個問題之後會推出什麼樣的方案解決...

Amazon Athena 可以透過 ODBC 連接了

Amazon Athena 支援 ODBC 了 (先前直接連結只支援 JDBC):「Amazon Athena adds support for querying data using an ODBC driver」。

With the availability of a new ODBC driver, you can now connect popular business intelligence tools to Athena. This allows you to report and visualize all of your data in S3 with the tools of your choice. In addition to the ODBC driver, Customers can now connect to Amazon Athena using a JDBC driver, an API and via the AWS Console.

這讓非 Java 的程式語言可以更方便的接上去了,像是 PHPPDO 支援 ODBC 但不支援 JDBC,要用就得想其他辦法:「PHP: PDO Drivers - Manual」。

Archives