非 Google 的 Android 手機環境

主要是記錄下來,完全不靠 Google 目前還是有點難度:「De-Googling my phone」。

主要是刷機成 LineageOS (還是 Android),然後上面不裝 OpenGApps,而是靠其他軟體來補足... 在英文版維基百科的「List of free and open-source Android applications」也有不少資訊可以看。

另外一個蠻重要的應該是 microG Project,不過在文章裡沒提到...

一路從 MySQL 5.5 升級到 MySQL 8.0 的故事...

在「Migrating to MySQL 8.0 without breaking old application」這邊看到這個有趣的故事 XD 這是作者的應用程式 DrupalMySQL 5.5 一路升級到 8.0 的過程記錄...

真正的問題發生在 5.7 到 8.0:

原因是 Drupal 用到關鍵字了:

In fact, this old Drupal, uses a table name that is now part of the reserved keywords. It’s always advised to verify what are the new keywords reserved for MySQL itself. New features can also mean new keywords sometimes.

修正後就好了:

話說依照「File:Drupal release timeline.png」這邊的資訊,Drupal 6.2 也十年左右了?應該是 PDO 剛開始要推廣的年代,不知道他跑哪個版本的 PHP...

另外 MySQL 的升級意外的順利?雖然是一步一步升,但沒遇到什麼大問題...

拿來分析 Android APK 檔的 Droidefence

忘記在哪邊看到的,分析 Android APK 檔的軟體:「Droidefense: Advance Android Malware Analysis Framework」。

Droidefense (originally named atom: analysis through observation machine)* is the codename for android apps/malware analysis/reversing tool. It was built focused on security issues and tricks that malware researcher have on they every day work. For those situations on where the malware has anti-analysis routines, Droidefense attemps to bypass them in order to get to the code and 'bad boy' routine. Sometimes those techniques can be virtual machine detection, emulator detection, self certificate checking, pipes detection. tracer pid check, and so on.

Droidefense uses an innovative idea in where the code is not decompiled rather than viewed. This allow us to get the global view of the execution workflow of the code with a 100% accuracy on gathered information. With this situation, Droidefense generates a fancy html report with the results for an easy understanding.

看起來是輔助用的工具... 先記錄下來 XD

AWS WAF 提供隨時更新的 Managed Rules

AWS WAF 推出了隨時更新的 Managed Rule:「Ready-to-Use Managed Rules Now Available on AWS WAF」。

這些 ruleset 是由 3rd-party 提供的:

Choose from preconfigured RuleGroups provided in the AWS Marketplace by industry leading security experts: Alert Logic, Fortinet, Imperva, Trend Micro and TrustWave.

然後隨時更新:

Rules are automatically updated as new threats emerge and offer a wide range of protections, including OWASP Top 10 mitigations, bad-bot defenses, and virtual patching against recent CVE’s.

然後是要收費的:

Each RuleGroup is the product of a Seller’s unique expertise, made available to you at an affordable pay-as-you-go price.

AWS Marketplace 的「Managed Rules for AWS WAF - Web Application Firewall」裡拿兩家來看看。

趨勢的「Trend Micro Managed Rules for AWS WAF - WebServer (Apache, Nginx)」與「Trend Micro Managed Rules for AWS WAF - Content Management System (CMS)」都是:

Charge per month in each available region (pro-rated by the hour) $5.00 / unit
Charge per million requests in each available region $0.20 / unit

Imperva 則是提供不一樣的選擇,在「Imperva - Managed Rules for WordPress Protection on AWS WAF」是:

Charge per month in each available region (pro-rated by the hour) $30.00 / unit
Charge per million requests in each available region $0.60 / unit

而「Imperva - Managed Rules for IP Reputation on AWS WAF」則是:

Charge per month in each available region (pro-rated by the hour) $40.00 / unit
Charge per million requests in each available region $0.40 / unit

AWS 推出將 Classic Load Balancer 轉換成 Application Load Balancer 或 Network Load Balancer 的功能

AWS 應該是希望大家趕快把能換的 ELB 都換成新的 ALB 與 NLB,所以推出這個功能:「New One-step Migration Wizard to Migrate a Classic Load Balancer」。

Today, AWS announced the ability to migrate from a Classic Load Balancer to an Application Load Balancer or a Network Load Balancer in one step using a console-based migration wizard.

不過 ELB 有一些功能是目前 ALB 與 NLB 沒有的,像是一般性的 SSL offload (而非 HTTPS offload),以及舊客戶會有的 EC2-Classic:

不知道這兩個問題之後會推出什麼樣的方案解決...

AWS NLB 也可以指定 IP address 當後端了

月初的時候 AWS ALB 支援 IP address 當後端 (AWS ALB 可以設定 IP address 當作後端伺服器了),然後推出 AWS NLB (AWS 推出新的 Load Balancer:NLB (Network Load Balancer)),然後這個功能也被做到 NLB 上了:「Elastic Load Balancing: Network Load Balancer now supports load balancing to IP addresses as targets for AWS and on-premises resources」。

就如同說明的,這樣可以透過 VPN 架構 (無論是 AWS Direct Connect 或是一般的 IPsec VPN) 共用機房與雲端上的資源:

We are pleased to announce that Network Load Balancers can now distribute traffic to AWS resources using their IP addresses as targets in addition to the instance IDs. You can now also load balance to resources in on-premises locations reachable over AWS Direct Connect and resources in EC2-Classic. Load balancing across AWS and on-premises resources using the same load balancer makes it easy for you to migrate-to-cloud, burst-to-cloud, or failover-to-cloud.

除了中國區以外的 region 都可以用這個功能了:

Load balancing using IP addresses is available today for existing and new Network Load Balancers in all public AWS regions except the China (Beijing) region. You can get started using the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDK.

CodeDeploy 跟 ELB/ALB 整合了...

看到 CodeDeployELB/ALB 整合的消息:「AWS CodeDeploy now integrates with Elastic Load Balancer」。

不過看同事在「AWS 替 CodeDeploy 加入 Load balancer 的功能」這邊提到的效能問題,看起來頗慘...

至少是個整合後的方法... 也許之後會改善吧。

ALB (Application Load Balancer) 支援對 Host 的分流了

大概是有時候 cluster 太小,ELB 或是 ALB 的費用反而比 cluster 還貴,再加上 ALB 提供起來算方便,所以就推出這樣的功能了:「New – Host-Based Routing Support for AWS Application Load Balancers」。

現在可以針對 Host 欄位決定導到不同的 cluster 上了:

然後讓 ALB 可以設的 rule 數量增加:

As part of today’s launch we are raising the maximum number of rules per Application Load Balancer from 10 to 75, and also introducing a new rule editor.

這個功能有種微妙的感覺 XDDD

AWS 正式進入 IPv6 的世界

AWS 總算是進入全面支援 IPv6 了:「AWS IPv6 Update – Global Support Spanning 15 Regions & Multiple AWS Services」。

之前不少服務都支援了,主要是差 EC2 與新出的 ALB,這一次大量服務都上了 IPv6 (但還不是全部),算是讓 AWS 正式進入 IPv6 的世界:

Today I am happy to share the news that IPv6 support for EC2 instances in VPCs is now available in a total of fifteen regions, along with Application Load Balancer support for IPv6 in nine of those regions.

Jenkins 的 Blue Ocean 計畫,改善使用者操作的友善度...

JenkinsBlue Ocean 計畫打算改善讓人頭痛很久的操作體驗了:

Blue Ocean is a new project that rethinks the user experience of Jenkins.

Jenkins 讓人頭痛有兩個面向,一個是界面很難讀,另外一個是操作流程很沒有規則,所謂「熟悉 Jenkins」其中一個很艱難的任務就是要背下一堆功能「蔵在哪邊」。而這次 Blue Ocean 想改善的事情看起來主力放在界面,對於流程修的比較少... 即使如此,這還是可以讓使用的人減少一些痛苦就是了...

成功與爆炸的表現:

在專案頁面的後面有提到 Blue Ocean 用的技術:

Blue Ocean is built as a collection of Jenkins plugins itself. There is one key difference, however. It provides both its own endpoint for http requests and delivers up html/javascript via a different path, without the existing Jenkins UI markup/scripts. React.js and ES6 are used to deliver the javascript components of Blue Ocean. Inspired by this excellent open source project (react-plugins) an <ExtensionPoint>pattern was established, that allows extensions to come from any Jenkins plugin (only with Javascript) and should they fail to load, have failures isolated.

又是個不需要用 SPA 呈現的東西跑去用 React 了...