Home » Archive by category "Political"

台美之間的租稅協定 (還在橋)

看到「因應美稅改 賴揆:加速洽簽台美租稅協定」這則消息,如果沒記錯的話,有不少服務都是美國公司出帳... (像是 AWSSlackGitHub 這類在公司裡很常用的服務)

參考「我國股利、利息及權利金扣繳率(%)一覽表」這邊的資料,應該有機會從 20% 降到 10%?也就是說實付 100 萬的金額本來要多繳 25 萬 (帳要做成 100 萬 / (1 - 0.2) = 125 萬,其中的 20% 是 25 萬萬稅,100 萬實際支付),現在只要繳 11.1 萬 (100 萬 / (1 - 0.1) = 111.1 萬)?

不過有些特殊情況本來就有更優惠的稅務方式 (像是使用國外平台提供服務 (e.g. AWS),而服務的對象也是境外使用者的情況),這些組合可以研究看看要怎麼搞...

ExpressVPN 在土耳其的 VPN server 被抄...

ExpressVPN 在土耳其的 VPN server 被抄,為了調查大使的刺殺案件:「VPN Server Seized to Investigate Russian Ambassador’s Assassination」。

A VPN server operated by ExpressVPN was seized by Turkish authorities to investigate the assassination of Andrei Karlov, the Russian Ambassador to Turkey. Authorities hoped to find more information on people who removed digital traces of the assassin, but the server in question held no logs.

ExpressVPN 官方的回覆在「ExpressVPN statement on Andrey Karlov investigation」,主要的部份是:

As we stated to Turkish authorities in January 2017, ExpressVPN does not and has never possessed any customer connection logs that would enable us to know which customer was using the specific IPs cited by the investigators. Furthermore, we were unable to see which customers accessed Gmail or Facebook during the time in question, as we do not keep activity logs. We believe that the investigators’ seizure and inspection of the VPN server in question confirmed these points.

至於是不是真的,就需要時間確認了...

俄羅斯的 BGP traffic reroute...

前幾天 (12 號) BGPmon 發現有很多知名的網段被導去俄羅斯:「Popular Destinations rerouted to Russia」。

Early this morning (UTC) our systems detected a suspicious event where many prefixes for high profile destinations were being announced by an unused Russian Autonomous System.

可以看到相當多知名的網段都被導走:

Starting at 04:43 (UTC) 80 prefixes normally announced by organizations such Google, Apple, Facebook, Microsoft, Twitch, NTT Communications and Riot Games were now detected in the global BGP routing tables with an Origin AS of 39523 (DV-LINK-AS), out of Russia.

從圖中也可以看出來 AS39523 透過 AS31133 發出這些 routing,然後主要是透過 AS6939 (Hurricane Electric) 擴散:

這幾年俄羅斯在網路上的動作多很多...

俄羅斯在英國脫歐的議題上,也利用 Social Network 的廣告影響民意

TechCrunch 上看到的,俄羅斯政府不只在美國選舉時這樣做,同時也在英國脫歐公投的議題上進行操作:「Twitter says Russians spent ~$1k on six Brexit-related ads」。

不過金額比美國選舉時小了很多:

In response to the Commission’s request for information concerning Russian-funded campaign activity conducted during the regulated period for the June 2016 EU Referendum (15 April to 23 June 2016), Twitter reviewed referendum-related advertising on our platform during the relevant time period.

Among the accounts that we have previously identified as likely funded from Russian sources, we have thus far identified one account—@RT_com— which promoted referendum-related content during the regulated period. $1,031.99 was spent on six referendum-related ads during the regulated period.

With regard to future activity by Russian-funded accounts, on 26 October 2017, Twitter announced that it would no longer accept advertisements from RT and Sputnik and will donate the $1.9 million that RT had spent globally on advertising on Twitter to academic research into elections and civil engagement. That decision was based on a retrospective review that we initiated in the aftermath of the 2016 U.S. Presidential Elections and following the U.S. intelligence community’s conclusion that both RT and Sputnik have attempted to interfere with the election on behalf of the Russian government. Accordingly, @RT_com will not be eligible to use Twitter’s promoted products in the future.

AWS 推出 AWS Secret Region

AWS 推出給情報單位用的 AWS Secret Region:「Announcing the New AWS Secret Region」。

AWS GovCloud (US) 類似的架構,這個雲的範圍再小一些,給情報單位以及有對應授權的單位用的:

The AWS Secret Region is readily available to the U.S. Intelligence Community (IC) through the IC’s Commercial Cloud Services (C2S) contract with AWS.

The AWS Secret Region also will be available to non-IC U.S. Government customers with appropriate Secret-level network access and their own contract vehicles for use of the AWS Secret Region.

成田機場第二航廈需要過兩個閘門的問題將在 2019 被解決

從 JR 進入成田機場第二航廈,需要過兩個閘門的情況 (先過一次進到京成線,再過一次進到第二航廈),一直是個讓人不太能理解的問題... 這個問題因為 2020 年的東京奧運而被拿出來討論,決定在 2019 年要改善:

本來進入第二航廈有檢查站,這是為了防止當地居民抗議而設置的 (參考日文版維基百科「成田国際空港」裡的「警備・検問・入場制限」這段說明),而這項限制在 2015 年三月底取消後,本來 JR 會需要先進到京成線的設計就變得多餘了:

成田空港第2ターミナルの最寄り駅・空港第2ビル駅では1992年の駅の開業当初から2015年3月下旬までの間、駅の出口で手荷物検査が行われていました。このため、JR線を利用して駅に訪れた人は、京成線の改札を経由してターミナルに向かう必要があったため、この状態は現在も解消されずに続いています。

不過新聞雖然這樣講,其實我還是沒搞懂... 都先進到檢查站不就好了嗎,當初是有什麼因素造成先進到京成線這個 workaround 嗎 XDDD

俄羅斯展現「錢要花在刀口上」的功力?

TechCrunch 這篇「Trump and Clinton spent $81M on US election Facebook ads, Russian agency $46K」講到 Facebook 目前階段所判斷出來,能夠識別是俄羅斯政府投入的資金,只有 USD$46K,相較於美國兩黨投入了 USD$81M 差了 1760 倍:

While there might have been other Russian disinformation groups, the IRA spent $46,000 on pre-election day Facebook ads compared to $81 million spent by Clinton and Trump together, discluding political action committees who could have spent even more than that on the campaigns’ behalf.

而俄羅斯投入的廣告散佈率超過 1.26 億的 Facebook 使用者,以及 2000 萬 Instagram 的使用者:

Facebook today said that the Russians still reached 126 million Facebook users, as well as 20 million Instagram users.

俄羅斯這團隊的水準真不賴... 只可惜大概沒辦法寫在 resume 上。

聽證會的資料可以從「Hearings」這邊看到。

被告了就把證據滅掉... XD

這個好讚,在告知安全漏洞後還是不更新選舉用伺服器,於是就被告了,而在被告以後選舉單位就把證據給幹掉 XD:「Georgia election server wiped after lawsuit filed」。

The lawsuit, filed on July 3 by a diverse group of election reform advocates, aims to force Georgia to retire its antiquated and heavily criticized election technology. The server in question, which served as a statewide staging location for key election-related data, made national headlines in June after a security expert disclosed a gaping security hole that wasn’t fixed six months after he reported it to election authorities.

然後現在還找不到是誰下令幹掉的...

It’s not clear who ordered the server’s data irretrievably erased.

執政者用的方法都差不多...

以色列黑了 Kaspersky 的系統,然後通報美國機密資料外洩...

前幾天在「俄羅斯政府透過卡巴斯基的漏洞,偷取美國國安局的文件」這邊提到了俄羅斯是透過 Kaspersky 的漏洞取得,後續又有些消息揭露出來了...

這件事情會被抓包,是因為以色列黑進去 Kaspersky 的系統 (???),然後發現美國的機密資料外洩 (??????),於是通報盟友美國後追查出來的 (?????????):「Israel hacked Kaspersky, then tipped the NSA that its tools had been breached」。

這過程是殺小 XDDD

Archives