在「California bosses can no longer ask you about your previous salary」這邊看到的消息。繼「麻州立法禁止詢問前一份工作的薪資」與「紐約市也將禁止雇主詢問薪資」後，加州也加入了這個行列。
The salary privacy bill, was enacted by Gov. Jerry Brown on Thursday, Oct. 12, at a celebratory signing ceremony at Women’s Empowerment, a Sacramento nonprofit for homeless women. He was surrounded by members of the California Legislative Women’s Caucus.
法案將於 2018 年生效：
The salary privacy bill takes effect on January 1, 2018.
TorrentFreak 的標題不夠精確，不過大概可以看出 Cloudflare 的想法：「Cloudflare Bans Sites For Using Cryptocurrency Miners」。
在沒有告知使用者，以及沒有提供選項關閉的情況下，Cloudflare 認定這是 Malware...
Amazon EMR 從改成以秒計費了：「Amazon EMR now supports per-second billing」。
Amazon EMR is now billed in one-second increments in all AWS Regions. There is a 1 minute minimum charge per instance in your Amazon EMR cluster, and per-second billing is applicable to clusters that are newly launched or already running. The Amazon EC2 instances in your cluster, including On-Demand, Spot, and Reserved instances, and Amazon EBS volumes attached to these instances are billed in per-second increments effective October 2. Pricing is still listed on a per-hour basis, but bills are now calculated down to the second and show times in decimal form. Please visit the Amazon EMR pricing page for more information on per-second billing.
來看看 RDS 什麼時候要生效... (不過實際的意義不大)
歐盟在 2014 年做了關於盜版與銷量的研究，結果一直被壓到最近才發表出來 (於是就大概可以猜到結論了...)：「EU Piracy Report Suppression Raises Questions Over Transparency」。
“In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements,” the study notes.
The study found that piracy had a slightly positive effect on the videogames industry, suggesting that those who play pirate games eventually become buyers of official content.
另外也描述了現有電影與 TV-series 定價策略偏高：
“Overall, the analysis indicates that for films and TV-series current prices are higher than 80 per cent of the illegal downloaders and streamers are willing to pay,” the study notes.
看到 Stripe 的幾個大動作：「Stripe in Hong Kong + Alipay and WeChat Pay globally」。
Today, we’re excited to officially launch Stripe in Hong Kong.
另外一個是 Alipay (支付寶) 以及 WeChat Pay (微信支付) 可以透過 Stripe 在全球使用：
So, today we’re introducing global support for Alipay and WeChat Pay, connecting Stripe businesses in 25+ countries to the hundreds of millions of Chinese consumers that actively use these payment methods.
然後錢就...：「After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts」。
O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.
禁止這類變相的羞辱行為：「New Mexico Outlaws School ‘Lunch Shaming’」。
In some schools, children are forced to clean cafeteria tables in front of their peers to pay the debt. Other schools require cafeteria workers to take a child’s hot food and throw it in the trash if he doesn’t have the money to pay for it.
On Thursday, Gov. Susana Martinez signed the Hunger-Free Students’ Bill of Rights, which directs schools to work with parents to pay their debts or sign up for federal meal assistance and puts an end to practices meant to embarrass children. It applies to public, private and religious schools that receive federal subsidies for students’ breakfasts and lunches.
去年麻州立法禁止雇主詢問前工作的薪資 (參考「麻州立法禁止詢問前一份工作的薪資」)，而紐約市也要加入這個行列了：「New York City bans employers from asking potential workers about their past salary」。
New York City joined Massachusetts, Puerto Rico, and Philadelphia in banning employers from asking job applicants about their pay at current or past jobs after the city council passed the measure in a vote on Wednesday.
在「Scaling your API with rate limiters」這篇 Stripe 的 Paul Tarjan 提到了四種如何保護 API 的作法。
前兩種都是 rate limit。第一種是最標準的「你一分鐘可以用幾次」的方式，這是最容易理解的方式。第二種是「你同時間可以用幾個 API request」，這通常會用在大量消耗資源的 API 上，避免短時間內被打爆。
第三種是拉到整體來看，把 API 分成重要與不重要的，然後直接保留確保重要的 API 有一定的 capacity 可以用：
We always reserve a fraction of our infrastructure for critical requests. If our reservation number is 20%, then any non-critical request over their 80% allocation would be rejected with status code 503.
Only 100 requests were rejected this month from this rate limiter, but in the past it’s done a lot to help us recover more quickly when we have had load problems. This load shedder limits the impact of incidents that are already happening and provides damage control, while the first three are more preventative.
不過還是有點怪，Stripe 應該是全部都建在 AWS 上面 (AWS Case Study: Stripe)，跟 auto scaling 的配合好像都沒提到？
在「Guessing Credit Card Security Details」這邊看到的攻擊手法，基本上無解，除非信用卡的網路交易也全面改成使用晶片...
- 先去找數家只需要「卡號 + 日期」的網站，用暴力法踹出日期 (假設五年就是 60 次)。
- 再去找數十家需要「卡號 + 日期 + CVV2」的網站，用暴力法踹出 CVV2 (1000 次)。
所以 1060 次就擺平了... 就算所有網站都需要 CVV2，也是 60000 次的嘗試而已 (找數千個網站來踹)，算是完全可行的方案。而目前只能靠 workaround 來防止，像是需要多輸入姓名與地址之類的資訊來擋...