Google Analytics 推出 Autotrack 工具幫助整合

Google Analytics 推出了 Autotrack 工具,讓開發者更容易整合:「Introducing Autotrack for analytics.js」。

可以看到有些地方是將 Unobtrusive JavaScript 的概念拿出來用,像是 Declarative event tracking 這邊用 data attribute:

<button data-event-category="Video" data-event-action="play">Play</button>

對於還沒有針對 Google Analytics 客製化整合的人都會有幫助:

While anyone could use and benefit from autotrack, the library is primarily geared toward sites that do not customize their current analytics implementation and would like to take advantage of the features described in this article.

GitHub 上的說明可以看到預設了非常多常用的功能,像是 socialTracker 預設就有提供 FacebookTwitter (咦,你們自己家的 Google Plus 呢?)

不過這個軟體有免責條款,不屬於 GA 的正式產品:

The autotrack library is not an official Google Analytics product and is not covered by Google Analytics Premium support. Developers that choose to use this library are responsible for ensuring that their implementation meets the requirements of the Google Analytics Terms of Service and the legal obligations of their respective country.

看起來先進很多,之後自己開發東西拿出來用用...

Decentraleyes:避免從 Public CDN 取得檔案

先前看到的,一個 Firefox 的 Extension,在本地端存了一份常用的 library,當瀏覽器想要去 CDN 取得的時候改從本地端的資料提供:「Decentraleyes」。

Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.

另外一個說明是:

A Firefox add-on that emulates Content Delivery Networks locally by intercepting requests, finding the required resource and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required.

原始程式碼在 GitHub 上:「Decentraleyes - Local emulation of Content Delivery Networks.」。

紐約公共圖書館放出十八萬張數位高畫質的數位資料

紐約公共圖書館這次放出了十八萬張數位資料,包括歷史照片、地圖以及信件:「The New York Public Library Lets You Download 180,000 Images in High Resolution: Historic Photographs, Maps, Letters & More」,圖書館官方的公告在「Free for All: NYPL Enhances Public Domain Collections For Sharing and Reuse」這邊:

The release of more than 180,000 digitized items represents both a simplification and an enhancement of digital access to a trove of unique and rare materials: a removal of administration fees and processes from public domain content, and also improvements to interfaces — popular and technical — to the digital assets themselves.

除了可以在「NYPL Digital Collections」這邊搜尋下載外,還有 API 可以用:「The New York Public Library Digital Collections API」,在 GitHub 上也有工具可以使用:「Digital Collections Public Domain Item Data and Tools」。

而且這 18 萬張資料是完全的開放,不需要事先取得館方授權:

No permission required, no hoops to jump through: just go forth and reuse!

將 public domain 的文物數位化,傳遞與保存變的更便利... (也讓做研究的人更容易取得資料)

Amazon 之前放出的 s2n 的安全性問題

Amazon 之前放 s2n 出來當作 TLS protocol 的方案,於是就有人摸出東西來:「Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS」。

即使是經過外部資安檢證,仍然還是有找到問題。這次找到的問題是 timing attack 類在 CBC-mode 下的 plaintext recovery:

At the time of its release, Amazon announced that s2n had undergone three external security evaluations and penetration tests. We show that, despite this, s2n - as initially released - was vulnerable to a timing attack in the case of CBC-mode ciphersuites, which could be extended to complete plaintext recovery in some settings.

攻擊分成兩個階段:

Our attack has two components. The first part is a novel variant of the Lucky 13 attack that works even though protections against Lucky 13 were implemented in s2n. The second part deals with the randomised delays that were put in place in s2n as an additional countermeasure to Lucky 13. Our work highlights the challenges of protecting implementations against sophisticated timing attacks.

最後還是酸了一下 Amazon:

It also illustrates that standard code audits are insufficient to uncover all cryptographic attack vectors.

Amazon 的官方說明則在「s2n and Lucky 13」這邊可以看到。

Facebook 提供 Android 效能分級的函式庫

一樣是在 OSNews 上看到的,Facebook 提供了一套 Library,可以將 Android 裝置依照年份分類:「Facebook's simple trick for serving many different Android devices」,原始報導是「Facebook's simple trick for serving so many different Android devices」。

可以在 GitHub 上的「Device Year Class」看到如何使用的範例程式碼:

int year = YearClass.get(getApplicationContext());
if (year >= 2013) {
    // Do advanced animation
} else if (year > 2010) {
    // Do simple animation
} else {
    // Phone too slow, don't do any animations
}

寫起來感覺沒什麼節操,但很實用 XDDD

AWS Storage Gateway 推出新的模式...

AWS Storage Gateway 推出新的「磁帶」模式:「Create a Virtual Tape Library Using the AWS Storage Gateway」。

原先的 AWS Storage Gateway 只支援兩種模式:

  • Gateway-Cached Volumes:實際資料在 Amazon S3 上,在本地有 cache。
  • Gateway-Stored Volumes:實際資料在本地,定時備份到 Amazon S3 上。

上面兩種方式對於 client 都還是 block storage (random access),可以用 iSCSI 掛上來用。

新的 Gateway-Virtual Tape Library (Gateway-VTL) 則是模擬磁帶架構,除了可以丟到 Amazon S3 上以外,也可以丟到 Amazon Glacier 上!XD

很有趣的架構啊... XD

紐約公共圖書館提供的 Library:將地圖 OCR 成向量資料...

紐約公共圖書館 (NYPL) 丟出個有趣的東西:「Map polygon and feature extractor」,敘述的地方就有這樣的說明:

Like OCR for maps

可以把這樣的地圖圖檔:

轉成:

這樣子... 也可以 GeoJSON 輸出 :p

這屬於 Open Data 的工作,紐約公共圖書館本身就是全世界第三大圖書館,美國第二大的圖書館 (僅次於第一的國會圖書館與第二的大英圖書館),做完後可以把館內的地圖館藏整個數據化讓人重複使用 (而非僅僅將紙本掃描成圖片資料的「電子化」),這包括了以前的手繪地圖啊...

程式主要是用 Python 寫,另外在 repository 有看到 RScheme 的存在... (GitHub 的統計)

Perl 中 local::lib 與 App::cpanminus 的搭配...

用過後才知道這兩個東西搭起來超方便 XD

首先是 App::cpanminus (一般會稱呼他可執行檔的檔名「cpanm」),可以很方便的將軟體裝在自己的目錄下,而不用動到 root 權限。預設的目錄是裝到 ~/perl5/ 下。

再來是 local::lib,預設的 use local::lib; 就會讓系統使用自己目錄 ~/perl5/ 的 module... (感謝 clkao 的推薦)

相當好用啊...