Tag Archives: id

iOS App 的釣魚

在「iOS Privacy: steal.password - Easily get the user's Apple ID password, just by asking」這邊作者示範了怎麼釣魚:直接模擬 iOS 的系統視窗跟使用者要密碼。 看了只有「操」... 目前想的到的 workaround 只有在看到類似的視窗時跳回主畫面,透過 Settings 裡確認?

Posted in Computer, Murmuring, Network, Security, Telephone|Tagged , , , , , , , , , , , |1 Comment

Reddit 在處理 Page View 的方式

Reddit 說明了他們如何處理 pageview:「View Counting at Reddit」。 以 Reddit 的規模有提到兩個重點,第一個在善用 Redis 的 HyperLogLog 這個資料結構,當量大的時候其實可以允許有微小的誤差: The amount of memory varies per implementation, but in the case of this implementation, we could count over 1 million IDs using just 12 kilobytes of space, … Continue reading

Posted in Cassandra, Computer, Database, Murmuring, Network, Programming, Service, Software|Tagged , , , , , , , , , , , , , , , , , , , |Leave a comment

用 Amazon Elasticsearch 看 VPC Flow Logs

在「How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs」這篇雖然是講特定功能,但還是把怎麼架設從頭到尾都講了一次... 比較特別的幾張圖: 然後再回來看怎麼串:

Posted in AWS, Cloud, Computer, Murmuring, Network, Search Engine, Security, Software|Tagged , , , , , , , , , , , , , |Leave a comment

配合 Touch ID 的 sudo

大概是新的 Macbook 出來後想出來的點子?透過 Touch ID 驗證 sudo 權限:「A fork of `sudo` with Touch ID support.」。 sudo-touchid is a fork of sudo with Touch ID support on macOS (powered by the LocalAuthentication framework). Once compiled, it will allow you to authenticate … Continue reading

Posted in Computer, MacOS, Murmuring, OS, Programming, Security, Software|Tagged , , , , , , , , , |Leave a comment

PGP 短 ID 的安全問題

PGP 短 ID 的安全問題出來了,不見棺材不掉淚啊:「Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs.」。 重點在這段,已經有人發出攻擊了: Search Result of 0x00411886: https://pgp.mit.edu/pks/lookup?search=0x00411886&op=index Fake Linus Torvalds: 0F6A 1465 32D8 69AE E438 F74B 6211 AA3B [0041 1886] Real Linus Torvalds: ABAF 11C6 5A29 70B1 … Continue reading

Posted in Computer, Linux, Murmuring, Network, OS, Programming, Security, Social, Software|Tagged , , , , , , , , , , , , , , , , |Leave a comment

Facebook 上貼的所有的連結都是公開的

tl;dr:Facebook 認為這個功能是 feature,不是 bug。 在「Why you shouldn’t share links on Facebook」這邊作者發現在 Facebook 上貼的「任何一個連結」都會產生 object id,而任何一個 object id 都可以直接取得 url,無論權限設定,像是這樣: 而 Facebook 認定這是 feature 而非 bug: 可以想像 NSA 之類的單位與地下組織開始狂掃...

Posted in Computer, Murmuring, Network, Security, WWW|Tagged , , , , , , , , , , |1 Comment

PostgreSQL 對 Vacuum 效能的改善

在「No More Full-Table Vacuums」這邊提到了 PostgreSQL 在 vacuum 時效能的大幅改善,尤其是大型資料庫在 vacuum 時需要對整個表格從頭到尾掃一次以確保 transaction id 的正確性: Current releases of PostgreSQL need to read every page in the database at least once every 2 billion write transactions (less, with default settings) to verify that … Continue reading

Posted in Computer, Database, Murmuring, PostgreSQL, Software|Tagged , , , , , , , , , , |Leave a comment

新的 AWS 帳號將會自動啟用 Long EC2 Resource ID

新的 AWS 帳號將會自動啟用長版的 Resource ID:「New accounts default to long EC2 resource IDs on March 7」。 還是可以 opt-out 改回來,不過官方還是建議儘量用長的 ID 測試,因為今年年底將全面強迫使用: We recommend testing longer IDs before transitioning; however, if you have not yet tested your systems for compatibility with the … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network|Tagged , , , , , |Leave a comment

EC2 與 ELB 將會有更長的 Resource ID

EC2 與 ELB 將會有更長的 Resource ID:「Heads-Up – Longer EC2 & EBS Resource IDs Coming in 2016」。 重點在這段: The new IDs will be the same format as existing IDs, but longer. The current ID format is a resource identifier followed by … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Programming|Tagged , , , , , , |Leave a comment