Tag: backup

Google Authenticator 的備份功能不是 E2EE (end-to-end encryption)

前幾天提到了 Google Authenticator 總算是支援備份功能了:「Google Authenticator 支援備份到 Google Account 的功能」,當初操作的時候沒看到自訂密碼之類的功能,就有在猜應該不是 E2EE,直接攔傳輸內容也被證實沒有 E2EE 了,TOTP 的 secret token 都是直接傳輸的:「PSA: Google Authenticator's Cloud-Synced 2FA Codes Aren't End-to-End Encrypted」。

Google 的發言人回應 CNET 的詢問時只說會有計畫做,但沒有給更細的資料:

To ensure that we're offering a full set of options for users, we have also begun rolling out optional E2EE in some of our products, and we plan to offer E2EE for Google Authenticator in the future.

在意的人就還是先不要開...

備份 Xuite Blog 的公開文章

中華的 Xuite 前陣子宣佈了服務中止的公告:「Xuite隨意窩平台服務終止公告」(這邊就先拉 Internet Archive 的連結了,看起來之後會消失...)。

Blog 的部份,除了作者本身可以拉資料下來放到其他平台以外,外人也可以把這些歷史遺跡保留下來,像是丟到 Internet Archive 的 Wayback Machine 上面。

所以用 Perl 寫了一隻 script,把 url 掃出來後,後續就可以用其他工具 submit 到 Wayback Machine 上面:「xuite-urldump」。

當年有不少 ACG 相關的 blog 在上面,先來備份起來...

Amazon EFS 提供 Replication 功能

Jeff Barr 在官方 blog 上宣佈 Amazon EFS 提供 replication 功能:「New – Replication for Amazon Elastic File System (EFS)」。

可以看到跨區的設定畫面:

在建起來以後會是 read-only filesystem:

另外有提供 fail-over 機制,當 fail-over 過去後會從 read-only 變成 read-write。

不過要注意,架構上屬於 eventually consistent,預期是一分鐘內會更新。這點算是可以預期的,不然 latency 會太高:

All replication traffic stays on the AWS global backbone, and most changes are replicated within a minute, with an overall Recovery Point Objective (RPO) of 15 minutes for most file systems.

然後 replication 不會計算到 I/O 的 credit 與 throughput,算是比較特別的一點:

Replication does not consume any burst credits and it does not count against the provisioned throughput of the file system.

replication 這個服務本身不另外收費,只收取 EFS 使用的空間以及 replication 產生的頻寬費用:

You pay the usual storage fees for the original and replica file systems and any applicable cross-region or intra-region data transfer charges.

GitLab.com 將不支援免費使用者的 2FA reset

好像是在 Hacker News 的首頁上看到的,GitLab 宣佈他們的服務將不提供免費使用者 2FA reset:「GitLab Support is no longer processing MFA resets for free users」,對應的討論串在「Gitlab Support is no longer processing MFA resets for free users (gitlab.com)」這邊可以看到。

官方的公告,從今年的 8/15 開始就不再提供 reset:

As of Aug. 15th, 2020, GitLab Support will no longer process MFA resets for free accounts.

這反而是鼓勵使用者不要開啟 2FA,在討論裡面有人就講到這件事情,這個方法讓設定 2FA 的人受到處罰:

Think about the psychology of what you are telling people: "You have two choices - one is normal security, which you use on 80%+ of the rest of the internet, and one is 2fa which you only use on the annoying services that badger you into it. On the first one, if you lose your password you can do a password reset. On the second one, if your laptop and phone get fried in a rainstorm / car crash / act of children, you lose access to everything forever, no recourse and no recovery. And by the way, we totally encourage you to choose the second one... "

主因是,不是每個用 2FA 的人都知道要怎麼保護自己的帳號:像是同時有多把硬體的 U2F 放在不同地方,並且還有手機的 TOTP,另外還會把 backup code 放到安全的地方。

這次可以看出來 GitLab 的安全概念其實又出包了...

Backblaze 開了歐洲區機房

Backblaze 開了歐洲機房,所以包括了一般性的 Computer BackupB2 Cloud Storage 都可以選擇要放哪邊了...

歐洲的點是放在荷蘭:

Big news: Our first European data center, in Amsterdam, is open and accepting customer data!

價錢也都跟美國的相同:

Whether you choose EU Central or US West, your pricing for our products will be unchanged:

對於在意資料放美國機房的問題應該有緩解一些...

Amazon 的 Elasticsearch 服務提供十四天免費 hourly snapshot

Amazon Elasticsearch Service 提供 14 天免費的 hourly snapshot:「Amazon Elasticsearch Service increases data protection with automated hourly snapshots at no extra charge」。

Amazon Elasticsearch Service has increased its snapshot frequency from daily to hourly, providing more granular recovery points. If you need to restore your cluster, you now have numerous, recent snapshots to choose from. These automated snapshots are retained for 14 days at no extra charge.

不過這是 5.3+ 版本才有,舊版只有 daily:

  • For domains running Elasticsearch 5.3 and later, Amazon ES takes hourly automated snapshots and retains up to 336 of them for 14 days.
  • For domains running Elasticsearch 5.1 and earlier, Amazon ES takes daily automated snapshots (during the hour you specify) and retains up to 14 of them for 30 days.

In both cases, the service stores the snapshots in a preconfigured Amazon S3 bucket at no additional charge. You can use these automated snapshots to restore domains.

算是方便管理...

AWS 的備份服務 AWS Backup

AWS 把備份拉出來成為一個服務,AWS Backup:「AWS Backup – Automate and Centrally Manage Your Backups」。

常見的 AWS 的服務 (有資料的) 都可以放進去,包括雲端裡的 EFSRDSDynamoDBEBS,以及本地端的 Storage Gateway

在頁面上沒看到價錢,但登入 console 後可以看到說明,只有使用的 storage 費用:

With AWS Backup, you pay only for the amount of backup storage you use and the amount of backup data you restore in the month. There is no minimum fee and there are no set-up charges.

AWS 給 EBS 用的 Data Lifecycle Manager 在東京可以用了?

先前在「Amazon EBS Snapshot 支援 Lifecycle Management」這邊提到 AWS 設計了 Data Lifecycle Manager,讓 EBS 磁碟可以自動產生 snapshot 並且管理保留份數,可以當作某種備份機制。

七月公告當時只開放了少數幾區:

Availability – Data Lifecycle Manager is available in the US East (N. Virginia), US West (Oregon), and Europe (Ireland) Regions.

剛剛發現在東京也已經可以用了?但好像沒看到有公告提過... 設下去看看會不會動好了。