透過 /etc/hosts 擋廣告與追蹤的軟體

Hacker News Daily 上看到 Maza ad blocking,這是一個擋廣告與追蹤的軟體,原理就是在 DNS 上檔掉某些網域。

運作方式跟 Pi-hole 接近,其中 Pi-hole 是提供一個 DNS server 擋,這套軟體則是透過 /etc/hosts 來擋。

目前只支援 macOSLinux,不過這樣看起來使用的族群有點怪,因為在 desktop 上有更多手段可以擋,透過 DNS 類的擋法主要還是拿來對手機上無法無天的 app...

不過先關注一下好了,之後也許會在某些場合下用到?

用 hosts 搞出來的 Adblock...

在「Amalgamated hosts file」這邊看到超大包的 hosts,拿來擋廣告:

This repo consolidates several reputable hosts files and merges them into a single amalgamated hosts file with duplicates removed.

Currently this amalgamated hosts file contains 27,148 unique entries.

一包 hosts 有兩萬七千筆資料會不會太多了點...

話說不知道能不能 import 進 BIND 或是 Unbound 裡面直接讓整個組織用?

Amazon EC2 的 Dedicated Hosts 正式推出

Amazon EC2 在十月預告了 Dedicated Hosts (參考「Amazon EC2 預定要推出的 Dedicated Hosts」),在今天正式推出來讓大家用:「Now Available – EC2 Dedicated Hosts」。

價錢在「Amazon EC2 Dedicated Host Pricing」這邊,租用就是整台一起租用,所以價錢都是以 Instance Family 在計算,在一台 Dedicated Host 上面可以跑的虛擬機數量與 Instance Type 有關,舉例來說:c4 只能跑一個 8xlarge,也可以跑兩個 4xlarge。

一台 Dedicated Host 當然可以跑很多 Instance,不過只能跑一樣的大小的 Instance Type:

I choose the instance type (Dedicated hosts for M3, M4, C3, C4, G2, R3, D2, and I2 instances are available), the Availability Zone, and the quantity (each Dedicated Host can accommodate one or more instances of a particular type, all of which must be the same size).

另外 Dedicated Hosts 一定要放到 VPC 內 (理論上新帳號都有強迫這樣了),不過可以跨 VPC 就是了:

Instances launched on a Dedicated Host must always reside within a VPC. A single Dedicated Host can accommodate instances that run in more than one VPC.

目前能開的數量有限制,有需要更多的人可以開 support ticket 去要:

You can allocate up to 2 Dedicated Hosts per instance family (M4, C4, and so forth) per region; if you need more, just ask.

Amazon EC2 預定要推出的 Dedicated Hosts

Amazon EC2 愈定要推出新的購買方案:「Coming Soon – EC2 Dedicated Hosts」。

Dedicated Hosts 的租用是以整台主機為單位,以確保整台實體機器不會有其他人使用,對安全性的要求會比較好。這邊拿 c3.xlarge 來舉例,一次就是八台的費用:(這邊「八台」的數字是未定的,真正的數字要等正式公告上線後才知道)

Each host has room for a predefined number of instances of a particular type. For example, a specific host could have room for eight c3.xlarge instances (this is a number that I made up for this post). After you allocate the host, you can then launch up to eight c3.xlarge instances on it.

會有這樣的需求主要還是因為有些軟體還沒有適當的 cloud-based licensing (授權方式),當 BYOL 時 (Bring Your Own License),會需要能夠對實體機器有更多控制權:

We want to make sure that you can continue to derive value from these licenses after you migrate to AWS. In general, we call this model Bring Your Own License, or BYOL. In order to do this while adhering to the terms of the license, you are going to need to control the mapping of the EC2 instances to the underlying, physical servers.

另外這對於安全性理由也多了個解決方案,像是需要實體分離避開各種 side-channel attack。不過 AWS 之前就有提供其他的方法。

對於軟體有支援 CloudHSM 的,可以考慮直接使用這個解決方案,private key 直接放在 HSM 上,而且 AWS 有符合常見的安全標準。

而另外對於有跟美國政府簽約的數據需求,可以用 AWS GovCloud (US),讓一般人根本接觸不到。

對於一般單位的需求,也可以用 Dedicated Instances 來確保實體機器上只有單一客戶,而這也能買 Reserved Instances 確保使用權,以及對應的折扣。

所以這次 Dedicated Hosts 比較像是商業授權上的需求而產生出來的解決方案,而不是安全性需求...