Skip to content

Gea-Suan Lin's BLOG

幹壞事是進步最大的原動力

Gea-Suan Lin's BLOG

Tag: account

AWS IAM 總算能掛多個 MFA 進同一個帳號了

AWS IAM 總算可以掛多個 MFA 到同一個帳號下了:「You can now assign multiple MFA devices in IAM」。

先前的 workaround 是開多個一樣權限的帳號,一個帳號掛 TOTP MFA,另外的每個帳號掛一隻 U2F MFA,但偶而會遇到會認 IAM account 的權限檢查,就會比較麻煩...

先說明一下,目前這個功能看起來還在 rolling update (也有可能是 bug?),我的公司帳號就成功把本來只有 TOTP MFA 的加掛 U2F MFA 上去,但我自己的 AWS 帳號就怎麼樣都看不到這個新功能。

這是加好的:

這是我自己的 AWS 帳號,沒有像上面那樣可以管理多個 MFA,而點開 Manage 也只會看到移除的選項:

到另外一個掛 U2F MFA 的帳號下一樣也看不到:

另外我在刪除 IAM 帳號時也發現會有無法刪除 MFA 設定的錯誤訊息 (但點進去看 IAM user 可以確認 MFA 已經背山掉了),這時候再刪一次就會成功,看起來 console bug 還不少... 也許再放個兩天看看?

Author Gea-Suan LinPosted on November 19, 2022November 19, 2022Categories AWS, Cloud, Computer, Murmuring, Network, Security, ServiceTags account, amazon, aws, cloud, iam, login, otp, security, service, u2fLeave a comment on AWS IAM 總算能掛多個 MFA 進同一個帳號了

Elastic IP 可以轉移了

Twitter 上看到 Jeff Barr 提到 AWS 的 Elastic IP 可以轉移到不同帳號下了:

This is a new & very helpful feature for #AWS VPCs: Transfer of Elastic IP Addresses Between AWS Accounts:

📰What's New - https://t.co/ex0eFvMFEX

📓Docs - https://t.co/OZGa3s1IxW pic.twitter.com/RiuGTAkOMB

— Jeff Barr ☁️ (@ 🏠 ) 💉 (@jeffbarr) November 1, 2022

公告在「Amazon Virtual Private Cloud (VPC) now supports the transfer of Elastic IP addresses between AWS accounts」這邊:

Today, we are announcing Elastic IP transfer, a new Amazon VPC feature that allows you to transfer your Elastic IP addresses from one AWS Account to another, making it easier to move Elastic IP addresses during AWS Account restructuring.

這點在架構的 refactoring 上會有蠻大的幫助,遇到鎖 IP address 的金流系統就不會被這點卡住了,以前得重新掛新的 IP 進去白名單...

Author Gea-Suan LinPosted on November 2, 2022November 2, 2022Categories AWS, Cloud, Computer, Murmuring, Network, ServiceTags account, address, amazon, aws, cloud, elastic, ip, service, transferLeave a comment on Elastic IP 可以轉移了

Cloudflare 開放 RBAC 給所有人用

Cloudflare 宣佈讓所有人用 RBAC:「Now all customers can share access to their Cloudflare account with Role Based Access Controls」。

產品線夠多,所以支援的 role 也很多 (原文裡面有,另外截圖放在最後面)。

看起來真正的神仙權限要開 Administrator (Can access the full account, except for membership management and billing) + Billing (Can edit the account’s billing profile and subscriptions),但不確定 Billing 有沒有包括前面 Administrator 所去掉的「membership management」。

剛好拿來當內部系統的教材 :o

Author Gea-Suan LinPosted on October 4, 2022October 4, 2022Categories CDN, Computer, Murmuring, Network, Security, ServiceTags access, account, based, cloudflare, control, permission, rbac, role, securityLeave a comment on Cloudflare 開放 RBAC 給所有人用

Raspberry Pi 的 OS 將不會有 pi 這個預設帳號與 raspberry 的密碼,改在裝機時詢問使用者帳號與密碼

Raspberry Pi OS 改掉預設的帳號 pi 與密碼 raspberry 這個 security hole 了:「An update to Raspberry Pi OS Bullseye」。

取而代之的是在安裝時要求使用者建立帳號密碼:

如果是 terminal-based 的會是這樣:

之前裝完都要自己用 vipw 改掉,然後接著修改 /etc/group... (沒有習慣用 vigr)

Author Gea-Suan LinPosted on April 10, 2022April 10, 2022Categories Computer, Murmuring, Security, SoftwareTags account, default, hole, os, pi, raspberry, raspberrypi, security, user, usernameLeave a comment on Raspberry Pi 的 OS 將不會有 pi 這個預設帳號與 raspberry 的密碼,改在裝機時詢問使用者帳號與密碼

Wikimedia 的安全性事件

Wikimedia 收到通報,有一個使用者變身成其他使用者,目前調查仍在進行中,但合理的保護措施包括了將所有使用者都 logout (也就包括了維基百科):「Logging everyone out」。

事件的後續追蹤在「User authentication security issue (Oct 1)」這張 ticket 進行中,裡面有看到另外一張 ticket 被提到:「1.36.0-wmf.11 deployment blockers」,但目前看起來還沒有完全確認相關性...

目前只能先等看看了,只能說還在進行中...

Author Gea-Suan LinPosted on October 4, 2020Categories CMS, Computer, Murmuring, Network, Security, Service, Software, WikiTags account, authentication, logout, mediawiki, security, user, wiki, wikimedia, wikipediaLeave a comment on Wikimedia 的安全性事件

Notion 推出免費版 (個人版)

Notion 把本來收費 USD$4/month 的個人版拆開多推出一個層級,改成 Personal 與 Personal Pro,其中 Personal 包括了:

Unlimited pages & blocks
Share with 5 guests
Sync across devices

而 Personal Pro 則是多了:

Everything in Personal, plus
Unlimited file uploads
Unlimited guests
Version history
API access COMING SOON

不知道這個免費策略跟「Announcing Microsoft Lists - Your smart information tracking app in Microsoft 365」有沒有關係,以拆分 Personal 帳號來說,應該是事前就有先規劃了... 當然也有可能是內部先拿到消息?

Notion 對一般個人要丟東西應該還不錯,現在 Personal 版本少了之前免費版的 1000 blocks 限制,對於 issue tracking 這種會長期一直增加使用量的應用來說應該會方便不少,不過我自己 Trac + MediaWiki 用習慣了,再加上考慮到資料的自主性,應該就不會考慮跳到 Notion 上...

另外之前有抱怨過多帳號登入的部份看起來還是沒解,目前看到的解法還是使用不同的瀏覽器登入管理 (甚至是建議直接用不同的裝置登入),再來就是 Firefox 提供的 container 處理,其實都是在 client 端拆 cookie 的方案,這對於同時有公司帳號與個人帳號的人會變得頗麻煩的...

Author Gea-Suan LinPosted on May 25, 2020May 25, 2020Categories Computer, Murmuring, Network, Service, WWWTags account, free, lists, microsoft, notion, personal, pricing, pro, tierLeave a comment on Notion 推出免費版 (個人版)

Twitter 要清帳號了

看到 Twitter 要清沒有在用的帳號的消息:「Twitter will remove inactive accounts and free up usernames in December」,官方的「Inactive account policy」裡面也可以看到。

看起來定義上是六個月沒有動,官方就可以當作 inactive account 處理:

We encourage people to actively log in and use Twitter when they register an account. To keep your account active, be sure to log in and Tweet at least every 6 months. Accounts may be permanently removed due to prolonged inactivity.

讓我想到先前 arashi_5_official 帳號的取名原因 XDDD

另外不知道會怎麼處理權限上的配套措施,像是有不少網站支援 Twitter 帳號登入,如果被其他人拿到後代表有機會取得其他非 Twitter 系統的權限...

Author Gea-Suan LinPosted on November 27, 2019Categories Computer, Murmuring, Network, Security, Service, Social, WWWTags account, inactive, login, network, oauth, security, sns, social, tweet, twitter, usernameLeave a comment on Twitter 要清帳號了

StackOverflow 講 cache 的文章...

這篇是 StackOverflow 在講 cache 的文章,裡面不是什麼新東西,只是看到有趣的項目所以拿出來講:「How Stack Overflow Caches Apps for a Multi-Tenant Architecture」。

在講 cache 前通常都會說明各種儲存空間速度的差異,但裡面混了一個奇怪的東西:

  • L1: 1.3ns
  • L2: 3.92ns (3x slower)
  • L3: 11.11ns (8.5x slower)
  • DDR4 RAM: 100ns (77x slower)
  • NVMe SSD: 120,000ns (92,307x slower)
  • SATA/SAS SSD: 400,000ns (307,692x slower)
  • Rotational HDD: 2–6ms (1,538,461x slower)
  • Microsoft Live Login: 12 redirects and 5s (3,846,153,846x slower, approximately)

裡面混了一個不是 storage 的東西進去比較,你們是對 Microsoft 的帳號系統有多不爽 XDDD

另外他們列出了目前 Redis 的使用情況:

For the curious, some quick stats from last Tuesday (2019-07-30) This is across all instances on the primary boxes (because we split them up for organization, not performance…one instance could handle everything we do quite easily):

  • Our Redis physical servers have 256GB of memory, but less than 96GB used.
  • 1,586,553,473 commands processed per day (3,726,580,897 commands and 86,982 per second peak across all instances – due to replicas)
  • Average of 2.01% CPU utilization (3.04% peak) for the entire server (< 1% even for the most active instance)
  • 124,415,398 active keys (422,818,481 including replicas)
  • Those numbers are across 308,065,226 HTTP hits (64,717,337 of which were question pages)

然後更長的版本可以在作者自己的 blog 上讀到,裡面講到的 cache invalidate (purge) 這部份有談到一些他們的作法:「Stack Overflow: How We Do App Caching - 2019 Edition」。

Author Gea-Suan LinPosted on August 26, 2019Categories Computer, Joke, Murmuring, Network, Programming, Recreation, Service, Software, WWWTags account, cache, invalidate, live, login, microsoft, performance, purge, speed, stackoverflow, storage, system, timeLeave a comment on StackOverflow 講 cache 的文章...

G Suite 的管理員可以關閉簡訊與電話語音的 2FA 了

看到「Disable SMS or voice codes for 2-Step Verification for more secure accounts」這邊的說明,G Suite 的管理員可以將 SMS 與 Voice 強制關閉 (也就是不認為這兩個管道是安全的 2FA)。

主要是因為行動網路一直都不怎麼安全,像是 GPRS 與 3G network 使用的 KASUMI,或是 downgrade attack (用 2G network)。

目前 G Suite 登入有提供的 2FA 除了上面這兩個以外,應該還有 TOTP 與 U2F 類的認證方式,這次影響最大的應該是堅持用非智慧型手機的人?這種:


取自「File:Mobile phone evolution.jpg」

Author Gea-Suan LinPosted on March 15, 2019Categories Computer, Murmuring, Network, Security, Service, SMS, TelephoneTags 2fa, 2g, 3g, account, g, google, key, login, mfa, network, phone, security, sms, suite, totp, u2f, voiceLeave a comment on G Suite 的管理員可以關閉簡訊與電話語音的 2FA 了

Flickr 宣佈推出自己的登入系統,不過得排隊等...

Flickr 在被 SmugMug 收購後就開始在整理架構,其中一塊是把本來綁定 Yahoo! 的登入拿掉,現在官方推出計畫了:「Flickr login freedom is here.」。

不過不是所有人都馬上可以用,而是逐步開放給使用者:

The first page of the login experience has already been updated with a new look, but you will continue to log in to your Flickr account with your Yahoo credentials as you always have until the rollout reaches you.

來繼續等...

Author Gea-Suan LinPosted on March 6, 2019Categories Computer, Murmuring, Network, ServiceTags account, flickr, login, smugmug, yahoo2 Comments on Flickr 宣佈推出自己的登入系統,不過得排隊等...

Posts navigation

Page 1 Page 2 … Page 4 Next page
  • Live 記錄
  • 訂閱 (subscribe)
  • 關於我 (about me)

Recent Comments

  • Tommy on Alpaca.cpp 有 13B 與 30B 的 model 可以玩了
  • Alpaca.cpp 有 13B 與 30B 的 model 可以玩了 on Stanford Alpaca 與 Alpaca.cpp
  • video plus on 用 YouTube 影片當作免空的方式
  • 日落 on AWS 官方推出了自己的 Amazon S3 FUSE 套件
  • Stanford Alpaca 與 Alpaca.cpp on 玩最近 Facebook Research (Meta) 放出來的 LLaMA

Archives

  • March 2023 (23)
  • February 2023 (22)
  • January 2023 (19)
  • December 2022 (22)
  • November 2022 (32)
  • October 2022 (36)
  • September 2022 (18)
  • August 2022 (38)
  • July 2022 (36)
  • June 2022 (28)
  • May 2022 (31)
  • April 2022 (35)
  • March 2022 (43)
  • February 2022 (40)
  • January 2022 (22)
  • December 2021 (28)
  • November 2021 (26)
  • October 2021 (31)
  • September 2021 (44)
  • August 2021 (24)
  • July 2021 (28)
  • June 2021 (31)
  • May 2021 (32)
  • April 2021 (24)
  • March 2021 (51)
  • February 2021 (34)
  • January 2021 (29)
  • December 2020 (38)
  • November 2020 (42)
  • October 2020 (40)
  • September 2020 (23)
  • August 2020 (32)
  • July 2020 (35)
  • June 2020 (22)
  • May 2020 (36)
  • April 2020 (33)
  • March 2020 (18)
  • February 2020 (28)
  • January 2020 (34)
  • December 2019 (43)
  • November 2019 (22)
  • October 2019 (24)
  • September 2019 (33)
  • August 2019 (30)
  • July 2019 (40)
  • June 2019 (37)
  • May 2019 (39)
  • April 2019 (30)
  • March 2019 (62)
  • February 2019 (35)
  • January 2019 (38)
  • December 2018 (36)
  • November 2018 (45)
  • October 2018 (19)
  • September 2018 (37)
  • August 2018 (28)
  • July 2018 (29)
  • June 2018 (25)
  • May 2018 (37)
  • April 2018 (36)
  • March 2018 (30)
  • February 2018 (57)
  • January 2018 (53)
  • December 2017 (84)
  • November 2017 (117)
  • October 2017 (93)
  • September 2017 (60)
  • August 2017 (37)
  • July 2017 (41)
  • June 2017 (37)
  • May 2017 (59)
  • April 2017 (55)
  • March 2017 (55)
  • February 2017 (35)
  • January 2017 (42)
  • December 2016 (48)
  • November 2016 (32)
  • October 2016 (35)
  • September 2016 (78)
  • August 2016 (69)
  • July 2016 (19)
  • June 2016 (42)
  • May 2016 (61)
  • April 2016 (51)
  • March 2016 (74)
  • February 2016 (87)
  • January 2016 (31)
  • December 2015 (36)
  • November 2015 (61)
  • October 2015 (72)
  • September 2015 (53)
  • August 2015 (42)
  • July 2015 (38)
  • June 2015 (30)
  • May 2015 (18)
  • April 2015 (57)
  • March 2015 (41)
  • February 2015 (50)
  • January 2015 (35)
  • December 2014 (50)
  • November 2014 (56)
  • October 2014 (41)
  • September 2014 (37)
  • August 2014 (37)
  • July 2014 (28)
  • June 2014 (50)
  • May 2014 (32)
  • April 2014 (46)
  • March 2014 (38)
  • February 2014 (29)
  • January 2014 (52)
  • December 2013 (50)
  • November 2013 (45)
  • October 2013 (40)
  • September 2013 (48)
  • August 2013 (22)
  • July 2013 (25)
  • June 2013 (13)
  • May 2013 (16)
  • April 2013 (28)
  • March 2013 (37)
  • February 2013 (36)
  • January 2013 (57)
  • December 2012 (44)
  • November 2012 (10)
  • October 2012 (12)
  • September 2012 (21)
  • August 2012 (21)
  • July 2012 (25)
  • June 2012 (8)
  • May 2012 (10)
  • April 2012 (11)
  • March 2012 (10)
  • February 2012 (11)
  • January 2012 (5)
  • December 2011 (13)
  • November 2011 (12)
  • October 2011 (10)
  • September 2011 (7)
  • August 2011 (5)
  • July 2011 (11)
  • June 2011 (21)
  • May 2011 (22)
  • April 2011 (36)
  • March 2011 (43)
  • February 2011 (23)
  • January 2011 (24)
  • December 2010 (34)
  • November 2010 (19)
  • October 2010 (16)
  • September 2010 (15)
  • August 2010 (10)
  • July 2010 (12)
  • June 2010 (3)
  • May 2010 (3)
  • April 2010 (4)
  • March 2010 (8)
  • February 2010 (14)
  • January 2010 (13)
  • December 2009 (16)
  • November 2009 (28)
  • October 2009 (24)
  • September 2009 (12)
  • August 2009 (7)
  • July 2009 (10)
  • June 2009 (11)
  • May 2009 (22)
  • April 2009 (21)
  • March 2009 (18)
  • February 2009 (7)
  • January 2009 (32)
  • December 2008 (19)
  • November 2008 (12)
  • October 2008 (15)
  • September 2008 (14)
  • August 2008 (15)
  • July 2008 (18)
  • June 2008 (20)
  • May 2008 (19)
  • April 2008 (27)
  • March 2008 (22)
  • February 2008 (21)
  • January 2008 (15)
  • December 2007 (22)
  • November 2007 (17)
  • October 2007 (29)
  • September 2007 (31)
  • August 2007 (34)
  • July 2007 (31)
  • June 2007 (36)
  • May 2007 (23)
  • April 2007 (22)
  • March 2007 (30)
  • February 2007 (50)
  • January 2007 (75)
  • December 2006 (48)
  • November 2006 (59)
  • October 2006 (89)
  • September 2006 (29)
  • August 2006 (48)
  • July 2006 (14)
  • June 2006 (35)
  • May 2006 (62)
  • April 2006 (63)
  • March 2006 (72)
  • February 2006 (83)
  • January 2006 (56)
  • December 2005 (46)
  • November 2005 (60)
  • October 2005 (27)
  • September 2005 (54)
  • August 2005 (83)

Tags

  • amazon
  • api
  • apple
  • aws
  • browser
  • cdn
  • certificate
  • chrome
  • cloud
  • cloudflare
  • cpu
  • data
  • database
  • db
  • dns
  • ec2
  • engine
  • facebook
  • firefox
  • github
  • google
  • https
  • image
  • instance
  • javascript
  • js
  • linux
  • mysql
  • network
  • open
  • percona
  • performance
  • php
  • privacy
  • rdbms
  • security
  • server
  • service
  • source
  • speed
  • ssl
  • storage
  • tls
  • ubuntu
  • web

Blogroll

  • Ashley's BLOG
  • Gea-Suan Lin’s BLOG for Class^H^H^H^H^H ACG
  • Gea-Suan Lin’s BLOG for Networking
  • Gea-Suan Lin’s BLOG for Work
  • Gea-Suan Lin's Blog
  • Gea-Suan Lin's Wiki
  • Zonble
  • 蔡依林的部落格
Gea-Suan Lin's BLOG Proudly powered by WordPress