uBlock Origin 的開發版 (Dev) 被 Chrome Web Store 拒絕的事件...

uBlock Origin 是一個在瀏覽器上擋廣告的軟體,以前在推廣的時候都只提到可以過濾掉網站上的廣告,大家興趣其實都不太高 (還會有「留口飯讓別人吃」之類的 XDDD),但最近跟同事推廣的時候改用「可以擋 YouTube 的影音廣告喔」,大家接受度意外的爆高,不過這有點扯遠了,回到原來的主題上...

先介紹一下 uBlock Origin 的開發模式,除了一般的 stable 版本外 (「uBlock Origin」這組),另外會有另外一個 dev 版本上傳到 Chrome Web Store (CWS) 上 (「uBlock Origin development build」這組),這樣讓使用者比較容易安裝與測試,這個方式也可以在 Tampermonkey 上看到。

這次主要維護者 Raymond Hill (gorhill) 在 1.22.5rc1 版上傳到 CWS 上後收到被拒絕上架的通知:「Dev build 1.22.5rc1 "REJECTED" from Chrome Web Store」。

拒絕的原因是 CWS 要求要有套件必須符合「目的單一性」,也就是不能把目的不同的東西強迫使用者綁在一起使用:

Your item did not comply with the following section of our policy: An extension should have a single purpose that is clear to users. Do not create an extension that requires users to accept bundles of unrelated functionality, such as an email notifier and a news headline aggregator. If two pieces of functionality are clearly separate, they should be put into two different extensions, and users should have the ability to install and uninstall them separately. For example, an extension that provides a broad array of functionalities on the New Tab Page/ Start-up Page but also changes the default search are better delivered as separate extensions, so that users can select the services they want. For more information on the new Chrome extensions quality policy, please refer to the FAQ: https://developer.chrome.com/extensions/single_purpose

後續的 1.22.5rc2 也被拒絕,然後他回信詢問了 CWS 官方,得到的仍然是罐頭回應,然後他就決定丟著 (而這個作法還蠻聰明的),接著這件事情就被丟著變成 PR 事件上了一些媒體,然後昨天就突然解了...

Google 最近的動作愈來愈多了,一方面在嘗試避免觸動反托拉斯法的情況,儘可能打壓這些擋廣告的套件...

歐盟在推動的設備維修權...

歐盟在推動設備的維修權:「EU brings in 'right to repair' rules for appliances」,歐盟的新聞稿在「New rules make household appliances more sustainable」這邊。

主要是因為現在很多廠商會故意將維修成本拉高,推動使用者去買新的,反而導致浪費:

Owners are usually unable to repair the machines themselves - or find anyone else to do it at a decent price - so are forced to buy a replacement.

新法會在 2021 年實施,主要是以家電為主,強迫製造商必須設計可被更換,並且需要提供備料讓使用者採購。

兩則跟 Uber 有關的消息,裁員與加州的新法...

Uber 從上市後的股價就不太好看,五月的時候以 $45 開盤,最近來到了 $33 左右,走到裁員這步不算太意外:「Uber lays off 435 people across engineering and product teams」。

以人數來算大約是 8%,有蠻大一部份是工程團段 (也不太意外):

Uber has laid off 435 employees across its product and engineering teams, the company announced today. Combined, the layoffs represent about 8% of the organization, with 170 people leaving the product team and 265 people leaving the engineering team.

另外一個相關的消息是加州通過法律,補上漏洞,對於這種以「合約關係」而認為不是員工的行為加以約束,認定這其實就是聘顧關係,所以相關的資方義務都必須被履行:「California Bill Makes App-Based Companies Treat Workers as Employees」。

法律上的官方文件可以參考「AB-5 Worker status: employees and independent contractors.」這邊,先用翻譯快速看了一下... 可以看出來勞方市場的行業被放進排除條款,因為這些領域勞方有比較強勢的談判籌碼,應該讓市場決定規則。而對於資方強勢的行業則是朝著保護勞工的條款而設計。

現在已經有感覺共享經濟的神話開始不斷的被戳破...

Perl 6 的名字被拿出來談...

在「Is Perl 6 Being Renamed?」這邊看到提到 Perl 6 名字的問題,主要是因為 Perl 6 跟現有 Perl 5 已經是不同的東西 (有點類似於當初 Python 2 到 Python 3 的計畫,但是差異比 Python 那邊多很多),而導致被提出來討論是否還要繼續使用 Perl 這個名字了:「"Perl" in the name "Perl 6" is confusing and irritating」。

When Perl 6 was announced, it was seen the way that Perl 2, Perl 3, Perl 4, and Perl 5 were seen: replacements for "$VERSION - 1". Over time, it became clear that though Perl 6 was in the same family as Perl 5, a straightforward migration path was unlikely. One only needs to look at the problems with Python 2 and Python 3 and the upgrade obstacles with their minor syntactic differences to understand that an upgrade from Perl 5 to Perl 6 isn't trivial.

如果把 Perl 5 與 Perl 6 當作不同的程式語言來看,這個問題就變成非技術性的問題了 (甚至是政治問題)。

接下來應該會是一連串混亂的討論,但解決問題的第一步永遠是先面對問題,至少這個問題被拿到檯面上「討論」了...

摸進俄羅斯的外包廠商,意外發現的專案:降低 Tor 匿名性的工具

俄羅斯政府的外包廠商 SyTech 被摸進去後,被發現裡面有些「有趣」的軟體:「Hackers breach FSB contractor, expose Tor deanonymization project and more」。

這次被放在標題的軟體叫做 Nautilus-S,透過被加過料的 Tor server 與 ISP traffic 交叉分析,試著找出俄羅斯內的 Tor 使用者:

Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers.

這不是新東西,之前就有被提出來,但並沒有這次直接給整包軟體出來:

The first was Nautilus-S, the one for deanonymizing Tor traffic. BBC Russia pointed out that work on Nautilus-S started in 2012. Two years later, in 2014, academics from Karlstad University in Sweden, published a paper detailing the use of hostile Tor exit nodes that were attempting to decrypt Tor traffic.

而且看起來有不少節點正在運行:

Researchers identified 25 malicious servers, 18 of which were located in Russia, and running Tor version 0.2.2.37, the same one detailed in the leaked files.

不知道 Tor 會不會有行動...

英國新的紙鈔將會使用 Alan Turing 頭像

新版 50 英鎊的紙鈔將使用 Alan Turing 的頭像設計:「New face of the Bank of England's £50 note is revealed as Alan Turing」。

不知道要怎麼介紹 Alan Turing... 對於現代計算理論的貢獻、對於二戰盟軍的貢獻,以及對於人工智慧的貢獻都無與倫比,另外一方面,在 1952 年時因同性戀身份被定罪,1954 年時食用氰化物自殺過世,然後到了 2013 年議會爭論赦免的過程中,英國女皇決定直接行使赦免權。現在則是決定以他的頭像作為五十英鎊的人物。

既然靠這個圈子吃飯的,應該會蒐藏一張起來吧,紀念這位英雄...

美國政府對於書面文字的要求

好像是在 Twitter 上看到的,但一時間找不到是誰推的...

美國在 2010 年簽署的「Plain Writing Act of 2010」要求各種政府文件都必須用簡單的文字書寫,甚至還弄一個官方網站「Home | plainlanguage.gov」列出說明...

在網站裡面的「Use simple words and phrases」給了一個蠻長對應表,可以將一些艱澀的法律慣用詞彙換成平常常用的詞彙...

維基百科給的 Before & After 範例還蠻不錯的,在比較極端的情況下,讀起來的確輕鬆很多:

(Before) The amount of expenses reimbursed to a claimant under this subpart shall be reduced by any amount that the claimant receives from a collateral source. In cases in which a claimant receives reimbursement under this subpart for expenses that also will or may be reimbursed from another source, the claimant shall subrogate the United States to the claim for payment from the collateral source up to the amount for which the claimant was reimbursed under this subpart.

(After) If you get a payment from a collateral source, we will reduce our payment by the amount you get. If you get payments from us and from a collateral source for the same expenses, you must pay us back the amount we paid you.

市場上有很多 VPN 都是由中國公司在後面營運

在「Hidden VPN owners unveiled: 97 VPN products run by just 23 companies」這篇分析了 VPN 產業裡面背後的公司。

其中有兩個比較重要的事情,第一個是很多公司 (或是集團) 都擁有多個 VPN 品牌 (甚至有到十個品牌的),所以如果想要透過多家 VPN 分散風險時,在挑的時候要看一下:

另外一個是後面有多中國人或是中國公司在營運:

We discovered that a good amount of the free mobile-only VPNs are owned by Chinese companies, or companies run by Chinese nationals.

  • Innovative Connecting (10 VPN apps): Director Danian “Danny” Chen is a Chinese national (Chen’s LinkSure is the sole shareholder and shares the same address as Innovative Connecting)
  • Hotspot VPN (5 VPN apps): Director Zhu Jianpeng has a residential address in Heibei Province in China
  • Hi Security (3 apps): the VPN apps are part of Shenzhen HAWK Internet, a subsidiary of the Chinese major company TCL Corporation
  • SuperSoftTech (2 apps): while officially owned by Singapore-based SuperSoftTech, it actually belongs to independent app publisher Jinrong Zheng, a Chinese national based in Beijing.
  • LEILEI (2 apps): by the titles of the VPNs (all written in Chinese characters), it’s likely that this developer is Chinese or based in China
  • Newbreed Network Pte.Ltd (6 apps): again, while it has a Singapore address, the websites for its VPN apps SGreen VPN and NodeVPN are completely in Chinese, while NodeVPN’s site lists the People’s Republic of China as its location.

這些公司與產品都應該要直接避開... 在有能力的情況下,在 public cloud 上自己架設還是會比較保險。

Apache Software Foundation 走掉一批人...

在「Changes at the Apache Software Foundation」這邊看到的消息,ASF 突然走了三位都超過十年的資深成員,其中一位還是 ASF 的共同創辦人。關於 ASF 官方的公告,可以在「Statement by The Apache Software Foundation Board of Directors」這邊讀到。

如同 LWN 說的,為什麼三個人突然同時離開的狀況還不清楚:

There is no indication of why all these people decided to leave at the same time.

假新聞產生器與偵測器

Hacker News 上看到的消息,是關於「使用類神經網路產生新聞」(也就是透過程式大量產生假新聞),這次的結果包括了「產生」與「偵測」兩個面向:「Grover – A State-of-the-Art Defense Against Neural Fake News (allenai.org)」。

實驗的網站在「Grover - A State-of-the-Art Defense against Neural Fake News」這邊,另外也有論文「Defending Against Neural Fake News」可以讀。

幾個月前,OpenAI 利用類神經網路,研發出「自動寫新聞」的程式,當時他們宣稱因為效果太好,決定不完整公開成果:「Better Language Models and Their Implications」,中文的報導可以參考 iThome 這篇:「AI文字產生技術引發假新聞爭議,OpenAI決定只公開部份技術成果」。

而現在 The Allen Institute for Artificial Intelligence 則是成功重製了 OpenAI 的成果,取名叫 Grover,發現訓練出來的模型除了可以拿來寫新聞外,也可以拿來偵測文章是不是機器產生的,而且就他們自己測試,辨識成功率還蠻高的:

To study and detect neural fake news, we built a model named Grover. Our study presents a surprising result: the best way to detect neural fake news is to use a model that is also a generator. The generator is most familiar with its own habits, quirks, and traits, as well as those from similar AI models, especially those trained on similar data, i.e. publicly available news. Our model, Grover, is a generator that can easily spot its own generated fake news articles, as well as those generated by other AIs. In a challenging setting with limited access to neural fake news articles, Grover obtains over 92% accuracy at telling apart human-written from machine-written news. Please read our publication for more information.

不過看起來 source code 與 model 還是沒放出來,但看起來遲早會有對應的 open source clone...

我想到在攻殼電視動畫裡面的情報管制戰,雖然電視動畫裡沒有講得很詳細,但感覺這類工具就是其中一環...