美國政府禁止 NVIDIA 將高階顯卡輸出到中國與俄羅斯

Hacker News 首頁上看到「US Government Bans Export of Nvidia A100 and H100 GPUs to China and Russia (sec.gov)」這篇,是 NVIDIA 發出了 Form 8-K,說明美國政府禁止 A100 與 H100 或是更高階 (更快) 的卡以及產品輸出到中國 (包括香港) 與俄羅斯:「nvda-20220826.htm」。

先是指出 A100、H100 以及 A100X (Ampere) 被管制:

On August 26, 2022, the U.S. government, or USG, informed NVIDIA Corporation, or the Company, that the USG has imposed a new license requirement, effective immediately, for any future export to China (including Hong Kong) and Russia of the Company’s A100 and forthcoming H100 integrated circuits. DGX or any other systems which incorporate A100 or H100 integrated circuits and the A100X are also covered by the new license requirement.

另外是禁止新產品的部份,效能與 A100 相等或是更好的卡也被禁止輸出,除非有取得授權:

The license requirement also includes any future NVIDIA integrated circuit achieving both peak performance and chip-to-chip I/O performance equal to or greater than thresholds that are roughly equivalent to the A100, as well as any system that includes those circuits.

然後有提到軍事相關考量:

A license is required to export technology to support or develop covered products. The USG indicated that the new license requirement will address the risk that the covered products may be used in, or diverted to, a ‘military end use’ or ‘military end user’ in China and Russia. The Company does not sell products to customers in Russia.

有看到一些報導指出 AMD 也有收到類似的禁令 (畢竟也是個顯卡大廠),但在「SEC Filings」這邊沒看到...

Raspberry Pi 4 將可以透過有線網路安裝系統了

在「Raspberry Pi 4 to support Network install to a blank MicroSD card」這邊看到 Raspberry Pi 4 將可以透過有線網路安裝系統了:

The Raspberry Pi 4 will soon be able to install Raspberry Pi OS without the need for external hardware to flash the image.

先前都是透過其他機器先刷好 SD card 再放進去開機,之後可以透過有線網路直接裝,讓步驟簡單一些... 另外有提到這次會支援的只有 RPi4 與 CM4 機種,先前的版本還是得透過其他機器生出可開機的 SD card:

The Raspberry Pi Foundation simply changed the bootloader code to enable the Network install feature, and yes, it will only work with Raspberry Pi 4, CM4, and Raspberry Pi 400 keyboard PC, but not Raspberry Pi 3 and earlier models.

Amazon EC2 推出 VT1 Instance

看到 Amazon EC2 推出新機種 vt1,專門為影片壓縮而推出的 family type:「New – Amazon EC2 VT1 Instances for Live Multi-stream Video Transcoding」。

主要是透過 Alveo U30 Data Center Accelerator Card 這張卡加速,號稱比 GPU 機器還要省 30% 的費用 (CPU 的話可以到 60%):

These VT1 instances feature Xilinx® Alveo™ U30 media accelerator transcoding cards with accelerated H.264/AVC and H.265/HEVC codecs and provide up to 30% better price per stream compared to the latest GPU-based EC2 instances and up to 60% better price per stream compared to the latest CPU-based EC2 instances.

看規格支援 H.264H.265,不過看起來沒支援 royalty-free 的 VP9AV1...

另外這跟 AWS Elemental MediaConvert 以及 AWS Elemental Live 好像稍微有點打對台?另外專利的費用不知道怎麼算...

Stripe 原來支援 JCB 了啊...

剛剛在買東西的時候故意丟 JCB 的卡號進去,發現 Stripe 認得,找了一下公告資料,發現是去年 2020 年五月支援的:「Expanding support for JCB payments」。

先前在日本買 Live 物販的時候 (2019 年年底,應該是 H-el-icalSee-Saw 這兩場),看到現場是使用 iPad + Stripe 的組合,一開始還驚訝了一下,但被告知不支援 JCB 的時候心裡「...」了一陣子,只能刷 Mastercard 或是 Visa

看起來在去年推出的時候,日本地區是自動開放:

Businesses using Stripe in Japan can now automatically accept payments with JCB, in most cases without any additional work.

其他地區則是逐步開放:

We are rolling out JCB acceptance to businesses in more countries, starting with Canada, Australia, and New Zealand, with more to come. This lets global businesses, from e-commerce sites in Canada to subscription services in Australia, easily transact with JCB cardholders.

如果 2022 年有機會去日本的話,應該會看到更多使用 Stripe 的方案了...

Visa 網站上面的 Opt-Out 功能被拿來玩 Timing Attack...

Hacker News Daily 上看到「Visa Advertising Solutions (VAS) Opt Out (visa.com)」這篇講 Visa 的 Visa Advertising Solutions (VAS) Opt Out,本來以為是在討論企業賣資料的問題 (下面的討論的確是有在討論這個),但最上面的討論居然是在討論 timing attack,像是這篇:

morpheuskafka 2 days ago [–]

Checked and the Mastercard one someone posted below doesn't seem to be vulnerable to this. My real card number and a dummy mastercard number with valid prefix and check digit both returned a 200 OK in around 1.01s. A random 16digit number without valid check digit returned 400 Bad Request in about 800ms. Decided to check that one since they have a completely useless machine-readable catchpa.

For Visa it was 835ms for valid, 762ms for dummy, prefix and check digit appears to be checked client side.

我印象中這類方式已經發展很久了 (透過網路反應時間的 timing attack),討論裡面有提到「Exploiting remote timing attacks」這篇,也是十多年前的資料了... 不過官方網站玩起來總是有中特別爽的感覺 XDDD

不過 Visa 的這個網站前面用了 Cloudflare,用機器人掃感覺很容易被擋,這又是另外一回事了...

在 Hacker News 上看到 Raspberry Pi 400 使用心得

Hacker News 看到 Raspberry Pi 400 的使用心得:「I've now played with a Raspberry Pi 400 for a week and here are my conclusions」,先前在「Raspberry Pi 400」這邊有提到 Raspberry Pi 400,主要就是一台 Raspberry Pi 4 Model B 的主機,但跟鍵盤整合在一起。

在文章裡提到了 Raspberry Pi 4 可以 USB Boot 後帶來的改變 (參考之前寫的「Raspberry Pi 4 可以透過 USB 開機了」這篇),主要是透過 USB3 外接硬碟可以讓讀寫速度大幅提昇 (尤其是 SSD),這一直都是 Raspberry Pi 上面用 SD card 的問題,看起來唯一的問題還是 CPU 的速度還是沒有像目前常見的 x86-64 強。

If you give it fast enough "disk" storage it really moves. I plugged in a Kingston brand 120GB SSD on a USB3 adapter. hdparm -t gave 292MB/s read speed and the default LXDE environment was really crisply responsive, with even a first launch of Chromium taking less than two seconds. With such good storage, the only real limitation is that heavy Javascript stuff is too slow - 5+ seconds to switch between folders in Chrome, or for the thumbnail gallery to appear in Youtube. Also, video calling is marginal. Aside from that the CPU is fast enough.

另外討論裡面也有人希望 Raspberry Pi 考慮引入 eMMC 或是提供 M.2 界面改善讀寫速度,不過我覺得 SD card 的設計算是 Raspberry Pi 當初的方向,本來就有取捨,不太可能什麼都做進去...

回到作者的心得,雖然 USB3 轉 SSD 看起來 i/o 速度快不少,但我好像主要不是遇到 i/o 速度問題,反倒是最近 chromium 的硬體解碼好像有些進度,也許看影片有機會用硬體處理 (至少一部份?),希望至少可以輕鬆看 1080p60 啊...

四個 HDMI 的顯示卡

Facebook 上正妹 wens 問是不是用華碩的 GT710-4H-SL-2GD5 這張顯示卡:「The Most Innovative ~$50 Graphics Card For Linux Users」,看了一下是一張蠻有趣的顯示卡,而且價位還蠻有競爭力的,拉一篇出來記錄好了...

我自己是用四螢幕,先前一直都是用 1080 Ti 在接 (2 HDMI + 2 DP),但覺得好像太吃電,後來在網路上弄了一張有四個 miniDP 輸出的 Quadro P600 顯示卡,另外又找了四條 miniDP 轉 DP 的線。

換上去後發現有時候不是那麼順,後來發現是因為常常開一堆 Twitch 反而吃了不少 GPU 資源 (在 Linux 下可以用 nvidia-smi 觀察),而且有時候還是希望跑個 KataGo 分析圍棋棋局,所以還是需要 GPU 計算能力,就換回用 1080 Ti 了...

不過這張 GT710 是四個 HDMI,用一般的 HDMI 線就可以了,相較於 P600 提供的 miniDP 需要 miniDP 轉 DP 的線,取得上應該容易不少:

另外他只需要 PCI Express 2.0 (x1) 而且是被動散熱,手上的 P600 得用到 PCI Express 3.0 (x16) 而且上面還是有一顆風扇,我猜 GT710 這張應該是更省電?不過官網上沒寫 GT710 這張的功耗,不過在「GeForce 700 series」這邊是寫 19W,而 P600 的最大功耗是 40W。

目前有看到的缺點應該是多顆 4K 解析度下時的更新頻率只有 30Hz:

* Detailed digital max. resolution:
3840×2160@60Hz for 1 monitor
3840×2160@30Hz for more than 2 monitors

對於想要有多螢幕輸出的人可以考慮看看,目前查到的價位上在新台幣 2000 上下,比 Quadro 便宜不少,畢竟定位還是不太一樣...

把 SSH Key 放進 Secure Enclave 裡保護

看到 Secretive 這個專案,是利用蘋果的 Secure Enclave 機制,把 SSH private key 放進去在裡面進行運算,避免 private key 檔案被惡意程式讀取就洩漏出去了。

從 Secure Enclave 的介紹頁面可以看到這個需要有 T1 或是 T2 晶片才有 Secure Enclave 功能:

Mac computers that contain the T1 chip or the Apple T2 Security Chip

而從 Apple Silicon 這邊可以看到 Apple T1 chip 是 2016 年後的機種引入的:

The Apple T1 chip is an ARMv7 SoC (derived from the processor in S2 SiP) from Apple driving the System Management Controller (SMC) and Touch ID sensor of the 2016 and 2017 MacBook Pro with Touch Bar.

然後對於沒有 Secure Enclave 的古董機,可以透過有支援 smart card 的硬體掛上去,像是 YubiKey

For Macs without Secure Enclaves, you can configure a Smart Card (such as a YubiKey) and use it for signing as well.

照著他講的建議去翻了「YubiKey Smart Card Deployment Guide」這邊的資料,看起來 YubiKey 在 4 系列之後就有產品支援 Smart Card 了,不過要注意純 U2F 的版本沒支援。

Mastercard 對實體物品提供免費試用後的訂閱條款

Mastercard 規定在免費試用後 (實體物品),需要另外再讓使用者再同意一次才能開始收訂閱費用:「Free Trials Without The Hassle」。

The rule change will require merchants to gain cardholder approval at the conclusion of the trial before they start billing. To help cardholders with that decision, merchants will be required to send the cardholder – either by email or text – the transaction amount, payment date, merchant name along with explicit instructions on how to cancel a trial.

新聞一開始出來時其實讓蠻多人關注的,因為一堆網路服務都是靠這招... 所以 Mastercard 在文章後更新說明,目前只有實體物品套用這個規則:

*This blog was updated on January 17, 2019 to clarify that the rule change is applicable to physical products such as skincare, healthcare items etc.

前員工監控公司網路的抓包過程...

看到「The curious case of the Raspberry Pi in the network closet」這篇有趣的過程,先從開頭與最後面開始看。首先是他們在辦公室裡面發現有個奇怪的設備:

追查後發現不是公司的人放的,最後發現是前員工放的,後來轉給法務部門處理了:

I checked the DNS logs and found the exact date and time when the Pi was first seen in the network. I checked the RADIUS logs to see which employee was at the premises at that time and I saw multiple error messages that a deactivated account tried to connect to wifi.

That deactivated account belongs to an ex employee who (for some reason) made a deal with management that he could still have a key for a few months until he moved all his stuff out of the building (don't ask..).

中間的過程還蠻有趣的,包括研究是什麼擴充卡 (以及用途),然後從 SD card 上面挖資料,配合 Google 找線索,還有透過 WiGLE 定位,以及透過內部系統交叉比對,最後找到兇手...

然後發現是離職員工以搬東西當作理由,讓他在離職後還有辦公室鑰匙而導致的 XDDD