我第一眼看到的時候還在想是哪個 content farm 的標題,我應該沒有訂到 content farm 的 RSS feed 才對... 結果發現是 Google Cloud Platform 上的文章:「12 best practices for user account, authorization and password management」。
然後看完內容後還是有種 content farm 的感覺... (歡樂)
Tag: account
PostgreSQL 的官方 Twitter 帳號
看到 PostgreSQL 發表官方 Twitter 帳號的消息:「Announcing @postgresql」。
The PostgreSQL Global Development Group is pleased to announce the launch of the official community Twitter handle: https://twitter.com/postgresql
看起來是把官網資訊延伸出去... 在另外一個平台上也可以看到而已:
@postgresql will contain a mix of automatic and manually curated postings from a group of volunteers that feature various aspects of PostgreSQL and the community-at-large. Content will contain a mix of news, advice, and highlights around PostgreSQL, and enable the PostgreSQL Global Development Group to further engage with the community. If you would like for @postgresql to highlight PostgreSQL-oriented content, we encourage you to reach out to @postgresql via Twitter’s direct message feature.
本來的 Planet PostgreSQL 也會繼續服務:
The live feed for blog entries syndicated from Planet PostgreSQL will continue to be available at https://twitter.com/planetpostgres
還是繼續用 RSS 訂閱就好 XD
AWS 推出 AWS Single Sign-On
AWS 推出了 AWS Single Sign-On:「Introducing AWS Single Sign-On」、「Announcing AWS Single Sign-On (SSO)」。
將 SSO 當成一個服務來賣的概念,可以將既有的 Active Directory 服務掛上去當後端,然後對外透過 SAML 2.0 接上各種服務:
目前掛在 us-east-1 上,AWS SSO 的部份不另外收費:
There is no additional cost to enable AWS SSO. It is now available in the US East (N. Virginia) Region.
從官方的截圖可以看到包括了蠻多常用的 SAML 2.0 服務,也可以自己設定:
Amazon SES 的細部調整 (甚至部份停用) 的功能
Amazon SES 的新功能,讓使用者可以設定 policy,以確保 mail reputation 不會掉的太差:「Amazon SES introduces email pausing and reputation metrics for configuration sets」,介紹的文章在「Protect your Reputation with Email Pausing and Configuration Set Reputation Metrics」。
所以你可以設定某些條件,停用某個 configuration set,或是停用整個帳號:
This release includes API operations that allow you to temporarily pause email sending for a specific configuration set, or across your entire Amazon SES account. You can use this feature to automatically pause email sending when your reputation metrics cross certain thresholds that you define.
這應該是在一個帳號有多個服務使用的情境下,用來降低風險的方式... 某個服務突然送出一堆 bounce mail 時可以只停用有問題的服務,而不是被 Amazon SES 整包停用。
另外因為經過 Amazon CloudWatch,所以可以串上 Amazon SNS 後將 AWS Lambda 接上去做更複雜的處理:
在 Ubuntu 下列印:用 ACCOUNTNUMBER 解決用戶號碼的問題...
因為要處理帳務的關係,公司的印表機需要設定帶出設定用戶號碼 (其實是部門編號) 才有辦法列印。
這點在 Windows 下不是問題,但在 Ubuntu 下就頭痛了... 今天總算是花時間去找方法在 Ubuntu 上直接列印了。(以前都是自暴自棄開 Windows VM 印文件...)
解法是在「Printer Job Options for User Accounts」這邊翻到的。
裡面有人提到,先去官網上下載 ppd 檔 (有可能是 .gz 的形式,如果是的話就改完再壓回去),然後找到 %== constraints 的地方,在前面加上:
*% **** Account number *JCLOpenUI *JCLMXaccount/numero: PickOne *OrderDependency: 80 JCLSetup *JCLMXaccount *DefaultJCLMXaccount: A##### *JCLMXaccount A#####/#####: "@PJL SET ACCOUNTNUMBER=<22>#####<22><0A>" *JCLCloseUI: *JCLMXaccount
其中 ##### 就是使用者代碼,這邊有四個地方要改。
ppd 檔改完後的下一步是設定網路印表機,透過 LPD 偵測到後,選印表機的時候直接選擇用這個 ppd 檔,這樣就解決了...
AWS 支援跨帳號丟 CloudWatch Events 了
以前要記錄行為會透過 AWS Lambda 轉丟到其他帳號下記錄,有一堆眉眉角角的東西要注意,現在則是直接支援了:「New – Cross-Account Delivery of CloudWatch Events」。
文章裡有提到兩種用途,其中一種就是做安全性的記錄:
Separation of Concerns – Customers would like to handle and respond to events in a separate account in order to implement advanced security schemes.
另外一種則是為了將記錄丟到同一個地方:
Rollup – Customers are using AWS Organizations and would like to track certain types of events across the entire organization, across a multitude of AWS accounts.
價錢看起來沒什麼問題,每一百萬次收 USD$1:
Events forwarded from one account to another are considered custom events. The sending account is charged $1 for every million events (see the CloudWatch Pricing page for more info).
透過手機的 SS7 缺陷破解銀行的 MFA 機制
然後錢就...:「After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts」。
O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.
AWS Organizations 正式開放一般使用
在「AWS Organizations:多帳號的管理」這邊提到 AWS Organizations,當時都還是 preview,現在變成 GA 開放給大家用了:「AWS Organizations – Policy-Based Management for Multiple AWS Accounts」。
如果因為很多專案而開不同的 AWS 帳號時,帳號的管理就會變得超麻煩,現在可以用 AWS 提供的方案來管了:
晚點來用看看,看可以省多少功夫 :o
pt-show-grants
在「Reinstall MySQL and Preserve All MySQL Grants and Users」這邊看到了 pt-show-grants 這個工具可以直接將權限表輸出成對應的 SQL 指令,像是這樣:
$ pt-show-grants -u root -pmydbr00tpassword -- Grants dumped by pt-show-grants -- Dumped from server Localhost via UNIX socket, MySQL 5.7.16-10-log at 2017-01-12 14:19:45 -- Grants for 'mysql.sys'@'localhost' CREATE USER IF NOT EXISTS 'mysql.sys'@'localhost'; ALTER USER 'mysql.sys'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS '*THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT LOCK; GRANT SELECT ON `sys`.`sys_config` TO 'mysql.sys'@'localhost'; GRANT TRIGGER ON `sys`.* TO 'mysql.sys'@'localhost'; GRANT USAGE ON *.* TO 'mysql.sys'@'localhost'; -- Grants for 'root'@'localhost' CREATE USER IF NOT EXISTS 'root'@'localhost'; ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' AS 'x' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK; GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION; GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION;
針對權限的部份可以整批搬...
AWS Organizations:多帳號的管理
之前 AWS 的多帳號管理只是合併計費,要自己在不同帳號內設一堆 Role 互相切換,現在可以透過 AWS Organizations 掛起來一起管理了:「Announcing AWS Organizations: Centrally Manage Multiple AWS Accounts」。
現在還在 Preview,不過可以看到一些說明:
另外原來的計費管理 (consolidated billing) 也會轉移過去:
Note: If you currently use Consolidated Billing, your Consolidated Billing family is migrated automatically to AWS Organizations in Billing mode, which is equivalent to Consolidated Billing. All account activity charges accrued by member accounts are billed to the master account.