OpenSSH 要內建阻擋系統了

在「OpenSSH introduces options to penalize undesirable behavior」這邊看到 OpenSSH 要內建阻擋系統了,算是取代了 fail2ban 的一些功能?

還蠻... 特別的?不知道為什麼現在這個時間點會想要實作這個功能?

這個功能在 OpenBSD 7.6 上面預設會開啟,這點不確定其他 distribution 會怎麼安排:

So now we know: starting with OpenBSD 7.6, PerSourcePenalties will be enabled by default, and admins who do not themselves run PF or other network translation mechanisms will need to keep the consequences of inconsiderate NAT use in mind.

歐盟決定將挪威對 Meta 的禁令擴大到整個歐盟

挪威一開始禁止 Meta 旗下的產品 (也就包括了 FacebookInstagram) 透過蒐集使用者的行為投放廣告 (behavioural advertising):「Norway court rules against Facebook owner Meta in privacy case」。

接著是挪威跟歐盟提議一起跟上 (挪威不是歐盟成員):「Norway asks EU regulator to fine Facebook owner Meta over privacy breach」。

接著就是現在了,歐盟也決定跟上:「Facebook owner Meta faces EU ban on targeted advertising」。

這樣比起單獨一個挪威的禁令強多了,而且 Meta 被打下去了,隔壁棚的 GoogleTikTok 應該也有機會接著掃蕩?

美國 FTC 提案要阻擋退訂的 Dark Pattern

2021 年的時候寫過「最近很熱鬧的 New York Times 退訂截圖」這篇,在講紐約時報在退訂這塊的 dark pattern,這個方式後來被許多報社的網路服務使用 (像是 WSJ)。

後來加州政府通過法律阻擋這樣的 dark pattern,所以就有 Reddit 上面這樣的討論,教大家直接把 billing address 改到加州後就可以網路上退訂:「WSJ Subscription policy makes it easy to subscribe (online), but hard to unsubscribe (via phone).」。

現在看起來 FTC 打算推動變成全國性的法案,而且不只是網路服務,也包括了像是健身房與第四台的服務都必須提供對稱的方法 (訂閱與退訂):「The FTC wants to ban those tough-to-cancel gym and cable subscriptions」。

來繼續追進度,看看什麼時候通過...

Twitter 新政策禁止推廣其他社交平台的連結

看到 Paul Graham 這個宣告:

裡面提到的新政策在「Promotion of alternative social platforms policy」這邊,直接禁止其他社交平台:

At both the Tweet level and the account level, we will remove any free promotion of prohibited 3rd-party social media platforms, such as linking out (i.e. using URLs) to any of the below platforms on Twitter, or providing your handle without a URL:

  • Prohibited platforms:
    • Facebook, Instagram, Mastodon, Truth Social, Tribel, Post and Nostr
    • 3rd-party social media link aggregators such as linktr.ee, lnk.bio

Hacker News 的討論上面,Paul Graham 有回應 (帳號是 pg),他又提出了一些猜測與見解,包含了他覺得這個新政策會被收回:「Paul Graham is leaving Twitter for now (twitter.com/paulg)」。

I'm not leaving Twitter. It seems more likely than not that Elon will reverse the ban on links to other social media sites. I just don't want to hang out there in the meantime. Plus given the way things are going, it seemed like a good time to learn about alternatives.

I still think Elon is a smart guy. His work on cars and rockets speaks for itself. Nor do I think he's the villain a lot of people try to make him out to be. He's eccentric, definitely, but that should be news to no one. Plus I don't think he realizes that the techniques that work for cars and rockets don't work in social media. Those two facts are sufficient to explain most of his behavior.

He could still salvage the situation. He's the sort of person it would be a big mistake to write off. And I hope he does. I would be delighted to go back to using Twitter regularly.

不過的確如他說的,這是個好機會嘗試其他的 social network...

Git 裡面禁用的函式...

Hacker News Daily 上看到 Git 裡面禁用的函式 (透過 .h 在編譯階段就擋下來):「banned.h」,在開頭有說明原因:

/*
 * This header lists functions that have been banned from our code base,
 * because they're too easy to misuse (and even if used correctly,
 * complicate audits). Including this header turns them into compile-time
 * errors.
 */

就算用的正確也增加了稽核的難度... 這些被禁用的函式包括了:

  • strcpy()
  • strcat()
  • strncpy()
  • strncat()
  • sprintf()
  • vsprintf()

所以應該是用 strlcpy()strlcat() 這些函式來處理字串,另外用 snprintf()vsnprintf() 來處理格式...