為 Open Source Hardware 發放 USB Product ID 的 pid.codes

pid.codes 的說明就很清楚了:「Welcome to pid.codes」。

由於 USB-IF 對每個 vendor 收 USD$5000,而且不可以跟其他單位共用:

If you’re a maker, hobbyist, or startup company producing your own USB device, you’ve probably discovered that you need a USB Vendor ID and Product ID to uniquely identify your device to computers. The USB-IF’s position is that the only way to do this is for each organisation to pay $5000 for a unique Vendor ID, which they may not share with other individuals or organisations.

所以就造成很多人惡搞 Vendor ID 與 Product ID:

For many makers and small companies, this is a prohibitive amount of money, and forces them to resort to workarounds, such as using other organisations' VIDs without permission, or simply making up a VID and PID. These solutions make things worse for everyone, by damaging the assumption that a VID/PID combination is unique to a given device.

而他們尋求解決方案,取得了一份在 USB-IF 禁止共用前的 Vendor ID,從而解決這個問題:

pid.codes seeks to solve this issue for anyone producing open-source hardware. We have been gifted a Vendor ID by a company that was issued one by USB-IF and has since ceased trading; they obtained the Vendor ID before the USB-IF changed their licensing terms to prohibit transfers or subassignments.

用 Intel 網卡上的 Flow Director 過濾封包

在「Traffic filtration using NIC capabilities on wire speed (10GE, 14Mpps)」這邊看到的技巧。

作者建議另外安裝 driver,因為 Linux kernel 內的 driver 功能有限:「Intel Ethernet Drivers and Utilities」。

重點在 ethtool 這個工具,可以看到條件設定:

ethtool --help:
        ethtool -N|-U|--config-nfc|--config-ntuple DEVNAME    Configure Rx network flow classification options or rules
        rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|tcp6|udp6|ah6|esp6|sctp6 m|v|t|s|d|f|n|r... |
        flow-type ether|ip4|tcp4|udp4|sctp4|ah4|esp4
            [ src %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
            [ dst %x:%x:%x:%x:%x:%x [m %x:%x:%x:%x:%x:%x] ]
            [ proto %d [m %x] ]
            [ src-ip %d.%d.%d.%d [m %d.%d.%d.%d] ]
            [ dst-ip %d.%d.%d.%d [m %d.%d.%d.%d] ]
            [ tos %d [m %x] ]
            [ l4proto %d [m %x] ]
            [ src-port %d [m %x] ]
            [ dst-port %d [m %x] ]
            [ spi %d [m %x] ]
            [ vlan-etype %x [m %x] ]
            [ vlan %x [m %x] ]
            [ user-def %x [m %x] ]
            [ action %d ]
            [ loc %d]] |
        delete %d

看起來 stateless 的過濾可以在上面做...

對 Tor 的攻擊開始了...

先前幾天 Tor 官方才猜測會被攻擊 (Tor 官方預測將會被攻擊),在今天的 Hacker News Daily 就看到有機器被扣:「[tor-talk] Warning: Do NOT use my mirrors/services until I have reviewed the situation」。

Tonight there has been some unusual activity taking place and I have now lost control of all servers under the ISP and my account has been suspended. Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.

偵測到機器被打開,並且插入 USB device,接下來失去對機器的控制權。

自動將流量轉到 Tor 上面的硬體

Zite 上看到「Tiny Anonabox to offer online anonymity through Tor」這篇文章。

Kickstarter 上可以看到更完整的資料:「anonabox : a Tor hardware router」。

可以想像出來大概是什麼技術組合起來。分別處理 DNS query 以及實際連線的部份應該就可以搞定很多應用了。

不知道隱私的部份可以做到什麼程度,畢竟在 Tor 上面仍然有監聽的風險,如果讓 HTTP traffic 在上面跑的話等於是裸奔...

Stack Overflow 的現況...

Update:2016 年的架構可以在「Stack Overflow 公開 2016 的架構」這邊看到。

Stack OverflowNick Craver 貼出目前 Stack Overflow 的現況:「What it takes to run Stack Overflow」。

公開出來的資料不包括 CDN 的部份,可以看出整個架構很精簡啊... 然後還貼出機房照片:

可以看出很多機器都很大台,尤其是 RAM 的部份。而資料庫主機則是 384GB RAM + 1.8TB SSD...

資料庫的讀寫比是 40% read + 60% write,應該是 cache 擋下非常大的讀取量?

然後有一句粗體字:

The cost of inefficient code can be higher than you think.

這句話... XD

RSA SecurID 800 被破...

在「Scientists crack RSA SecurID 800 tokens, steal cryptographic keys」這篇報導裡提到了已經有辦法從 RSA SecurID 800 內取出 secret key,方法將會在 CRYPTO 2012 上發表...

RSA SecurID 800

(取自「RSA SecurID SID800 Authenticator Token」)

如果攻擊者可以碰觸到實體 token 並取出 secret key,他就可以準備一顆新的 token (HSM,Hardware security module) 把取出來的 secret key 灌進去,而原來的使用者不太容易會發現...

所以硬體式的 OTP 系統除了提供一次性密碼外,另外需要有能力阻擋從硬體取出 secret key 的能力。這次有能力在 13 分鐘就取出來,表示有不少辛苦事情要善後了...

Google 推出 VP8 的硬體設計

Google 推出了 VP8 編碼與解碼的硬體設計,代號「Anthill」:「Introducing "Anthill," the First VP8 Hardware Encoder IP Release」。

透過 Anthill,對於 GPU 的 loading 及電源消耗會大幅降低:(這是在 ARM 平台上的估算)

不過比較奇怪的是只有寫 H1 encoder RTL 不收錢?重點在 decoder 吧?

Google does not require payment of any license fee or royalty in connection with use of the H1 encoder RTL.

另外 source code 不直接公開,必須填表格索取...

Adobe Flash Player 10.2

有很多地方都有報導,引官方 Adobe Flash Player Team Blog 的新聞稿好了:「Flash Player 10.2 is Here: Available Now for Windows, Mac, and Linux」。

新版的 Flash Player 主打「Stage Video」(參考「Getting started with stage video」這篇文章),將 video rendering 的部份丟給顯卡加速。(雖然還是有很多限制)

不透過 DLM 安裝的方式可以參考「直接安裝 Adobe Flash Player 而不安裝 DLM」這篇。另外要透過 AD 派送的可以到「Download Adobe® Flash® Player」這邊下載 msi 檔。

以目前的發展來看,Flash 只剩下 Video 這塊功用了...