Hacker News Daily 上看到的服務「Arxiv Vanity – Read academic papers from Arxiv as web pages」:
Arxiv Vanity renders academic papers from Arxiv as responsive web pages so you don’t have to squint at a PDF.
不過實際測試發現只有有提供 TeX 格式原始檔才有辦法轉,沒提供的就不行了...
幹壞事是進步最大的原動力
Hacker News Daily 上看到的服務「Arxiv Vanity – Read academic papers from Arxiv as web pages」:
Arxiv Vanity renders academic papers from Arxiv as responsive web pages so you don’t have to squint at a PDF.
不過實際測試發現只有有提供 TeX 格式原始檔才有辦法轉,沒提供的就不行了...
看到 GitHub 上的「mikeal/webtorrent-component」這個專案,可以很方便直接嵌入 BitTorrent 的資源,像是這樣嵌:
<script src="https://cdn.jsdelivr.net/npm/webtorrent-component@latest/dist/webtorrent-component.min.js"></script> <web-torrent src="magnet:?xt=urn:btih:08ada5a7a6183aae1e09d831df6748d566095a10&dn=Sintel&tr=wss%3A%2F%2Ftracker.btorrent.xyz&tr=wss%3A%2F%2Ftracker.fastcast.nz&tr=wss%3A%2F%2Ftracker.openwebtorrent.com&ws=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2F&xs=https%3A%2F%2Fwebtorrent.io%2Ftorrents%2Fsintel.torrent" file="Sintel.mp4" />
如果拿來跟「Using BitTorrent with Amazon S3」用的話可以在量大的時候省一些頻寬,並且在量小的時候還是維持有 seed (透過 Amazon S3 的服務做)。
這個禮拜被 AlphaGo 洗臉後,又看到來搶工作的東西了:「pix2code: Generating Code from a Graphical User Interface Screenshot」。
直接把 Mockup 圖檔丟進去,然後就把 iOS 或是 HTML 程式碼生出來:
不過「刻 UI」的確是工程師最討厭的事情啦,這部份能自動化要怎麼說呢... 好像也是不錯的事情啦 @_@
看到「Now Anyone Can Embed a Pirate Movie in a Website」這邊介紹的東西,直接輸入 IMDb 的編號 (包括 tt
開頭的那串編號),他就自動拉出 embed code:
然後可以直接線上觀看:
然後還支援字幕 (唔):
Interestingly, should one of those sources be Google Video, Vodlocker says its player offers Chromecast and subtitle support.
官網有寫來源是到處找:
VoDLocker searches all general video hosters like youtube, google drive, openload...
看起來整塊技術其實都是現成的。透過 search engine 加上定期的檢查機制與回報機制就可以做完 @_@
Cloudflare 把完整的時間軸與影響範圍都列出來了:「Incident report on memory leak caused by Cloudflare parser bug」。
出自於 2/18 時 Google 的 Tavis Ormandy 直接在 Twitter 上找 Cloudflare 的人:
Could someone from cloudflare security urgently contact me.
— Tavis Ormandy (@taviso) February 18, 2017
Google 的 Project Zero 上的資料:「cloudflare: Cloudflare Reverse Proxies are Dumping Uninitialized Memory」。
起因在於 bug 造成有時候會送出不應該送的東西,可能包含了敏感資料:
It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.
不過這邊不包括 SSL 的 key,主要是因為隔離開了:
For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.
不過由於這些敏感資料甚至還被 Google 收進 search engine,算是相當的嚴重,所以不只是 Cloudflare 得修好這個問題,還得跟眾多的 search engine 合作將這些資料移除:
Because of the seriousness of such a bug, a cross-functional team from software engineering, infosec and operations formed in San Francisco and London to fully understand the underlying cause, to understand the effect of the memory leakage, and to work with Google and other search engines to remove any cached HTTP responses.
bug 影響的時間從 2016/09/22 開始:
2016-09-22 Automatic HTTP Rewrites enabled
2017-01-30 Server-Side Excludes migrated to new parser
2017-02-13 Email Obfuscation partially migrated to new parser
2017-02-18 Google reports problem to Cloudflare and leak is stopped
而以 2/13 到 2/18 的流量反推估算,大約是 0.00003% 的 request 會可能產生這樣的問題:
The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).
不過不得不說 Tavis Ormandy 真的很硬,在沒有 source code 以及 Cloudflare 幫助的情況下直接打出可重製的步驟:
I worked with cloudflare over the weekend to help clean up where I could. I've verified that the original reproduction steps I sent cloudflare no longer work.
事發後完整的時間軸:
2017-02-18 0011 Tweet from Tavis Ormandy asking for Cloudflare contact information
2017-02-18 0032 Cloudflare receives details of bug from Google
2017-02-18 0040 Cross functional team assembles in San Francisco
2017-02-18 0119 Email Obfuscation disabled worldwide
2017-02-18 0122 London team joins
2017-02-18 0424 Automatic HTTPS Rewrites disabled worldwide
2017-02-18 0722 Patch implementing kill switch for cf-html parser deployed worldwide
2017-02-20 2159 SAFE_CHAR fix deployed globally
2017-02-21 1803 Automatic HTTPS Rewrites, Server-Side Excludes and Email Obfuscation re-enabled worldwide
另外在「List of Sites possibly affected by Cloudflare's #Cloudbleed HTTPS Traffic Leak」這邊有人整理出受影響的大站台有哪些 (小站台就沒列上去了)。
vSphere HTML5 Web Client 算是 VMware 對 HTML5 的嘗試,在 HTML5 技術夠彈性的情況下避開使用 Flash 技術的 Web Client。
就畫面上看起來還不錯... 基本的操作應該可以搞定了,之後應該有機會可以拿來玩看看 :o
Markdown 的 RFC:「The text/markdown Media Type」。
This document registers the text/markdown media type for use with Markdown, a family of plain-text formatting syntaxes that optionally can be converted to formal markup languages such as HTML.
雖然是 Category: Informational
,但有個標準後是不是有機會在瀏覽器裡面原生支援?
芝加哥的高中將 Computer Science 列入畢業要求:「Computer science could become graduation requirement for CPS students」。
看起來沒有標準,有的學校以基本的 HTML 編寫為主:
Claypool announced the proposed requirement outside a technology classroom at Curie, where he'd earlier spent some time talking to introductory computer science students about the day's lesson on basic HTML coding.
在「Preconnect」這邊看到 Preconnect 這個功能,目前在 Mozilla Firefox、Google Chrome 以及 Opera 都有支援,用法也很簡單:
<link rel="preconnect" href="//example.com"> <link rel="preconnect" href="//cdn.example.com" crossorigin>
感覺如果要用的話,可以先送出 head 的部分,打 flush 讓瀏覽器先收到後再送出其他部分?不過對 MVC 架構來說好像變複雜了,不知道有什麼設計比較好...
另外一個是 Prerender,目前是 IE11+、Google Chrome 以及 Opera 有支援,看起來也頗有趣的...