Home » Posts tagged "interface"

Amazon CloudWatch 支援縮放與拖拉調整時間區間

Amazon CloudWatch 的操作上支援 Zoom 與 Pan 了:「Amazon CloudWatch now supports two new chart visualization options in metrics and dashboards」。

Zoom 是改變時間的粒度:

You can use the CloudWatch console to graph metric data generated by AWS services and your applications. Now, you can zoom into a shorter time period such as one minute or five minutes while viewing the metric graph at a longer interval.

Pan 則是維持一樣的粒度,但改變開始與結束的時間:

Once zoomed, you can also pan the metric graph across your selected interval, but at a zoomed detail level.


AWS 提供 Hybrid Cloud 環境下 DNS 管理的說明

不知道為什麼出現在 browser tab 上,不知道是哪邊看到的... AWS 放出了一份文件,在講 hybrid cloud 環境下當你同時有一般 IDC 機房,而且使用內部 domain 在管理時,網路與 AWS 打通後要怎麼解決 DNS resolver 的問題:「Hybrid Cloud DNS Solutions for Amazon VPC」。

有些東西在官方的說明文件內都寫過,但是是 AWS 的特殊設計,這邊就會重複說明 XDDD

像是這份文件裡提到 Amazon DNS Server 一定會在 VPC 的 base 位置加二 (舉例來說, 的 VPC,Amazon DNS Server 會在

Amazon DNS Server
The Amazon DNS Server in a VPC provides full public DNS resolution, with additional resolution for internal records for the VPC and customer-defined Route 53 private DNS records.4 The AmazonProvidedDNS maps to a DNS server running on a reserved IP address at the base of the VPC network range, plus two. For example, the DNS Server on a network is located at For VPCs with multiple CIDR blocks, the DNS server IP address is located in the primary CIDR block.

在官方文件裡,則是在「DHCP Options Sets」這邊提到一樣的事情:

When you create a VPC, we automatically create a set of DHCP options and associate them with the VPC. This set includes two options: domain-name-servers=AmazonProvidedDNS, and domain-name=domain-name-for-your-region. AmazonProvidedDNS is an Amazon DNS server, and this option enables DNS for instances that need to communicate over the VPC's Internet gateway. The string AmazonProvidedDNS maps to a DNS server running on a reserved IP address at the base of the VPC IPv4 network range, plus two. For example, the DNS Server on a network is located at For VPCs with multiple IPv4 CIDR blocks, the DNS server IP address is located in the primary CIDR block.

另外也還是有些東西在官方的說明文件內沒看過,像是講到 Elastic Network Interface (ENI) 對 Amazon DNS Server 是有封包數量限制的;這點我沒在官方文件上找到,明顯在量太大的時候會中獎,然後開 Support Ticket 才會發現的啊 XDDD:

Each network interface in an Amazon VPC has a hard limit of 1024 packets that it can send to the Amazon Provided DNS server every second.

Anyway... 這份文件裡面提供三種解法:

  • Secondary DNS in a VPC,直接用程式抄一份到 Amazon Route 53 上,這樣 Amazon DNS Server 就可以直接看到了,這也是 AWS 在一般情況下比較推薦的作法。
  • Highly Distributed Forwarders,每台 instance 都跑 Unbound,然後針對不同的 domain 導開,這樣可以有效避開單一 ENI 對 Amazon DNS Server 的封包數量限制,但缺點是這樣的設計通常會需要像是 Puppet 或是 Chef 之類的軟體管理工具才會比較好設定。
  • Zonal Forwarders Using Supersede,就是在上面架設一組 Unbound 伺服器集中管理,透過 DHCP 設定讓 instance 用。但就要注意量不能太大,不然 ENI 對 Amazon DNS Server 的限制可能會爆掉 XD


AWS 推出 Cloud Native Networking,在每個 Container 內都有自己獨立的網路卡

AWSAmazon ECS 變得更好用了:「Introducing Cloud Native Networking for Amazon ECS Containers」。

Today, AWS announced task networking for Amazon ECS. This feature brings Amazon EC2 networking capabilities to tasks using elastic network interfaces.

awsvpc 模式下會給每個 container 一個獨立的網路卡 (Elastic Network Interface,ENI):

這樣有兩個好處。第一個是 port 就不需要拆開,所有 container 如果都是跑 nginx,都可以跑在同一個 port (80 或是 443),這對於前端應用程式會簡單一些。第二個整合了 AWS 的 security group,這對在 AWS 上本來就會使用 security group 的大多數人來說就可以輕鬆整合了。

Flat UI 反而造成使用者困擾

在「Flat UI Elements Attract Less Attention and Cause Uncertainty」這邊透過追蹤眼球的技術,發表了研究結果:

Summary: Flat interfaces often use weak signifiers. In an eyetracking experiment comparing different kinds of clickability clues, UIs with weak signifiers required more user effort than strong ones.

其中最明顯的一個例子就是大家被訓練「有底線的文字應該可以按」,這也是最能馬上被想到的問題... 不過這算是 Flat UI 的問題嗎?

The popularity of flat design in digital interfaces has coincided with a scarcity of signifiers. Many modern UIs have ripped out the perceptible cues that users rely on to understand what is clickable.

Tails 3.0 出了,然後又開始提供 BitTorrent 下載了...

Tails 是個 Tor 的獨立環境,可以直接用 USB 開機或是透過虛擬機上線,避免受到其他干擾而洩漏資訊。

剛剛看到了 Tails 發佈 3.0 版的消息:「Tails 3.0 is out」,比較特別的是在下載頁面發現 BitTorrent 的下載方式又被放回去了。

前陣子本來在「BitTorrent 對 SHA-1 的改善計畫?」這邊有提到 Tails 的團隊因應 SHA-1 的問題,在討論是否要繼續提供 BitTorrent 的問題 (因為 BitTorrent 裡使用 SHA-1 做很多事情),當時的決議其實是暫時使用 BitTorrent 發佈:「Biterrant attack」。

不過後續的更新這樣寫,所以看起來暫時會先恢復 BitTorrent 下載的方式:

After reading this discussion, my current conclusion is that we've totally misunderstood the impact of the attack, and that the security of our bittorrent downloads is still good enough. So I propose we revert to what we did before the 2.12 release, i.e. ship Torrents, for the foreseeable future when 2nd pre-image attacks are not realistic yet.

回到 Tails 3.0 本身,其中比較大的改變是放棄了 32bits 的支援:

Tails 3.0 works on 64-bit computers only and not on 32-bit computers anymore.


也許該再來測試看看注音輸入法好不好用的問題了 XD

AWS Storage Gateway 的新功能:File Gateway

AWS Storage Gateway 推出新功能 File Gateway:「File Interface to AWS Storage Gateway」。

可以讓使用者在前面用 NFS,後面實際接的是 Amazon S3

After you set it up in your data center or in the cloud, your configured buckets will be available as NFS mount points. Your application simply reads and writes files and directories over NFS; behind the scenes, the gateway turns these operations into object-level requests on your S3 buckets, where they are accessible natively (one S3 object per file).

以前自己用 FUSE 惡搞的方式,現在變成官方支援的功能?XDDD

Amazon Polly 與 Amazon Lex:人機介面中的語音處理

AWS 這次推出的這兩個服務剛好成對:「Amazon Polly – Text to Speech in 47 Voices and 24 Languages」、「Amazon Lex – Build Conversational Voice & Text Interfaces」。

Amazon Polly 負責把文字唸出來變成語音,而 Amazon Lex 則是將語音辨識回文字,不過目前都還不支援中文... 但畢竟讓 user interface 這塊變得更親民了,算是基礎建設中服務,讓 startup 專心在產品本身上。

把主力手機從 iPhone 換到 Android

上次主力用 Android 應該是 HTC Desire 時代了,那個時候跑得是 2.2。

總算把 LG G2 (D802) 刷完機器了 (刷了半年,每次都卡關 XDDD),這次刷了 CyanogenModOpen GApps,儘量都用 command line 來刷。

adb devices # 看裝置順便打 RSA public key 進去
adb shell # 進去後可以 ls/su 看一看
adb push filename.zip /sdcard/
adb reboot recovery

Android Marshmallow (6.0) 另外多了對權限的管理,這也是想刷到 6.0 的原因之一,使用者可以隨時 revoke 掉某些權限 (沒有處理好的會 crash XD):

Android Marshmallow introduces a redesigned application permission model: there are now only eight permission categories, and applications are no longer automatically granted all of their specified permissions at installation time. An opt-in system is now used, in which users are prompted to grant or deny individual permissions (such as the ability to access the camera or microphone) to an application when they are needed for the first time. Applications remember the grants, which can be revoked by the user at any time.

其他安裝的流程主要都是苦工了,尤其是 2FA 是少數為了安全性只能一個一個換的東西 (不提供 export,都是用手機提供的 HSM 避免被盜走),剛好趁機會把自己與公司用到的 2FA 帳號分開。

Android 上的 Google Authenticator 不怎麼好用 (不能調整位置,另外不希望隨時都給密碼),測了測 Red Hat 出的 FreeOTP Authenticator 算是比較好用的,就把 FreeOTP Authenticator 拿來給個人用,Google Authenticator 拿來給公司的帳號用。

繼續熟悉現在的 Android 環境,應該會有一陣子不習慣...