Adobe 的 Typekit 在嘗試純 CSS 版本的網頁字型了

先前 Typekit 需要使用 JavaScript,現在則是開始嘗試純 CSS 版本了:「Now in Early Access: Serve web fonts without JavaScript」。

然後另外發現 use.typekit.net 以前是 EdgeCast,現在變成 Akamai 了...

Amazon Aurora 支援快速複製

Amazon Aurora 宣佈支援快速複製:「Amazon Aurora Fast Database Cloning」。

對於 2TB 的資料大約五分鐘就完成了:

This means my 2TB snapshot restore job that used to take an hour is now ready in about 5 minutes – and most of that time is spent provisioning a new RDS instance.

主要是得力於後端 storage 的部份可以實做 copy-on-write 架構:

By taking advantage of Aurora’s underlying distributed storage engine you’re able to quickly and cheaply create a copy-on-write clone of your database.

可以快速複製就可以很快的驗證一些事情,像是可以直接測試 ALTER TABLE 需要的時間,或是事前演練...

Amazon 的 SES 推出 Dedicated IP Pool

Amazon SES 推出了 Dedicated IP Pool:「New – SES Dedicated IP Pools」,也就是發信時可以使用自己專屬的 IP address。

Today we released Dedicated IP Pools for Amazon Simple Email Service (SES). With dedicated IP pools, you can specify which dedicated IP addresses to use for sending different types of email.

價錢其實不算貴?每個 IP 的費用是 USD$24.95/month,對於量夠大的單位可以避免被其他人影響:

Dedicated IPs are $24.95 per address per month at the time of this writing – but you can find out more at the pricing page.

不過 SES 用起來最痛的問題還是在對於收信人不存在時的 bounce rate...

AWS 提供要回放掉的 Elastic IP 的功能

Twitter 上看到 AWS 可以要回放掉的 Elastic IP 了。當然,這不保證會成功:

文件在「Recovering an Elastic IP Address」這邊,目前只支援 API 以及對應的 command line 工具:

Currently, you can recover an Elastic IP address using the Amazon EC2 API or a command line tool only.

指令像這樣:

aws ec2 allocate-address --domain vpc --address 203.0.113.3

透過 AWS Budgets 管控 Reserved Instance 的使用率

現在可以透過 AWS Budgets 來看到 Reserved Instance 的使用率了:「Monitor your Reserved Instance utilization by receiving alerts via AWS Budgets」。

Starting today, customers can now monitor and receive alerts when their Reserved Instance (“RI”) utilization falls below the threshold they define.

算是個開頭,不過我更想請 AWS 分析有哪些機器是長年開著沒有 discount 的... 或者像是 GCP 那樣自動算 :o

Amazon Route 53 支援 CAA record 了

Amazon Route 53 宣佈支援 CAA record 了:「Announcement: Announcement: Amazon Route 53 now supports CAA records」、「Amazon Route 53 now supports CAA records」。

這是一個被動性的 workaround,要求 CA 本身要支援 DNS CAA,所以他沒辦法防止 CA 本身作惡誤簽,但因為負作用與技術債的可能性不高,在 CA/Browser Forum 上被通過強制要求支援了。(參考「未來 CA 將會強制要求檢查 DNS CAA record」)

Gandi 的 DNS 服務也支援了 (要透過 export mode,參考「How can I add a CAA record?」),不過 Linode 還沒做...

DynamoDB 也可以透過 VPC Endpoint 存取了

Amazon DynamoDB 也可以透過 VPC Endpoint 存取了:「New – VPC Endpoints for DynamoDB」。

這樣一來,除了 Amazon S3 可以在 private network 內存取外,DynamoDB 也可以直接存取了...

VPC Endpoint 主要是解決對於安全性與頻寬的需求,不過什麼時候會出一般性的 VPC Endpoint 啊,而非個別服務個別設計打洞...

打數學式子的工具

看到 Mathcha 這個網站,除了可以輸入 TeX 的公式外,也有 WYSIWYG 的方式輸入,而最後可以輸出成各種格式 (包括 TeX),或是直接丟連結給其他人:

輸入的部份,對於不知道的符號葉可以用畫的 XD

然後網站上的標示寫沒有支援 IE 與 Edge,不知道是真得不支援還是沒列上去而已... XD

AWS CloudHSM 支援 FIPS 140-2 Level 3 了

AWS CloudHSM 推出了一些新功能:「AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads」。

其中比較特別的是從以前只支援 Level 2 變成支援 Level 3 了:

More Secure – CloudHSM Classic (the original model) supports the generation and use of keys that comply with FIPS 140-2 Level 2. We’re stepping that up a notch today with support for FIPS 140-2 Level 3, with security mechanisms that are designed to detect and respond to physical attempts to access or modify the HSM.

在維基百科裡面有提到 Level 2 與 Level 3 的要求:

Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.

主動式偵測以及銷毀算是 Level 3 比 Level 2 安全的地方。

另外就是計價方式的修正,先前有一筆固定的費用,現在變成完全照小時計費了:

Pay As You Go – CloudHSM is now offered under a pay-as-you-go model that is simpler and more cost-effective, with no up-front fees.