在 C 裡 Concurrency 的 Library

看到「libdill: Structured Concurrency for C」這個東西,在 C 裡實作了兩個不同種類的 concurrency,一個是 proc (process-based) 一個是 go (corouting-based)。

支援的 function 算是蠻清晰的,範例也很清楚:

#include <libdill.h>
#include <stdio.h>
#include <stdlib.h>

coroutine int worker(const char *text) {
    while(1) {
        printf("%s\n", text);
        msleep(now() + random() % 500);
    return 0;

int main() {
    msleep(now() + 5000);
    return 0;

也有 channel 的觀念可以用,之後需要寫玩具的話應該是個好東西...

用 JavaScript 寫的 NLP Library

nlp-compromise/nlp_compromise 是一個 JavaScript 寫的 NLP library,網頁上給的用法也很特別...


nlp.text('She sells seashells').to_past()
// She sold seashells


// "dinosaurs"


nlp.statement('She sells seashells').negate().text()
// She doesn't sell seashells


nlp.sentence('I fed the dog').replace('the [Noun]', 'the cat').text()
// I fed the cat


nlp.text("Tony Hawk did a kickflip").people();
// [ Person { text: 'Tony Hawk' ..} ]


// "a"


nlp.person("Tony Hawk").pronoun();
// "he"


nlp.value("five hundred and sixty").number;
// 560

好像是好玩的東西... XD

OpenSSL 1.1.0 的 Release Notes 先放出來了 (現在是 Beta 1)

雖然才 Beta 1,但 OpenSSL 先放出 1.1.0 的 Release Notes 了:「OpenSSL 1.1.0 Series Release Notes」。

有幾個新的功能以及重大的改變,包括了對 ChaCha20Poly1305 的支援,並且把 SSLv2、RC4、所有 40bits 與 56bits 的 cipher 拔掉,然後支援 Certificate Transparency

讓人頗期待... 不知道來不來得及跟上 Ubuntu 16.04

Google Analytics 推出 Autotrack 工具幫助整合

Google Analytics 推出了 Autotrack 工具,讓開發者更容易整合:「Introducing Autotrack for analytics.js」。

可以看到有些地方是將 Unobtrusive JavaScript 的概念拿出來用,像是 Declarative event tracking 這邊用 data attribute:

<button data-event-category="Video" data-event-action="play">Play</button>

對於還沒有針對 Google Analytics 客製化整合的人都會有幫助:

While anyone could use and benefit from autotrack, the library is primarily geared toward sites that do not customize their current analytics implementation and would like to take advantage of the features described in this article.

GitHub 上的說明可以看到預設了非常多常用的功能,像是 socialTracker 預設就有提供 FacebookTwitter (咦,你們自己家的 Google Plus 呢?)

不過這個軟體有免責條款,不屬於 GA 的正式產品:

The autotrack library is not an official Google Analytics product and is not covered by Google Analytics Premium support. Developers that choose to use this library are responsible for ensuring that their implementation meets the requirements of the Google Analytics Terms of Service and the legal obligations of their respective country.


Decentraleyes:避免從 Public CDN 取得檔案

先前看到的,一個 Firefox 的 Extension,在本地端存了一份常用的 library,當瀏覽器想要去 CDN 取得的時候改從本地端的資料提供:「Decentraleyes」。

Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.


A Firefox add-on that emulates Content Delivery Networks locally by intercepting requests, finding the required resource and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required.

原始程式碼在 GitHub 上:「Decentraleyes - Local emulation of Content Delivery Networks.」。


紐約公共圖書館這次放出了十八萬張數位資料,包括歷史照片、地圖以及信件:「The New York Public Library Lets You Download 180,000 Images in High Resolution: Historic Photographs, Maps, Letters & More」,圖書館官方的公告在「Free for All: NYPL Enhances Public Domain Collections For Sharing and Reuse」這邊:

The release of more than 180,000 digitized items represents both a simplification and an enhancement of digital access to a trove of unique and rare materials: a removal of administration fees and processes from public domain content, and also improvements to interfaces — popular and technical — to the digital assets themselves.

除了可以在「NYPL Digital Collections」這邊搜尋下載外,還有 API 可以用:「The New York Public Library Digital Collections API」,在 GitHub 上也有工具可以使用:「Digital Collections Public Domain Item Data and Tools」。

而且這 18 萬張資料是完全的開放,不需要事先取得館方授權:

No permission required, no hoops to jump through: just go forth and reuse!

將 public domain 的文物數位化,傳遞與保存變的更便利... (也讓做研究的人更容易取得資料)

Amazon 之前放出的 s2n 的安全性問題

Amazon 之前放 s2n 出來當作 TLS protocol 的方案,於是就有人摸出東西來:「Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS」。

即使是經過外部資安檢證,仍然還是有找到問題。這次找到的問題是 timing attack 類在 CBC-mode 下的 plaintext recovery:

At the time of its release, Amazon announced that s2n had undergone three external security evaluations and penetration tests. We show that, despite this, s2n - as initially released - was vulnerable to a timing attack in the case of CBC-mode ciphersuites, which could be extended to complete plaintext recovery in some settings.


Our attack has two components. The first part is a novel variant of the Lucky 13 attack that works even though protections against Lucky 13 were implemented in s2n. The second part deals with the randomised delays that were put in place in s2n as an additional countermeasure to Lucky 13. Our work highlights the challenges of protecting implementations against sophisticated timing attacks.

最後還是酸了一下 Amazon:

It also illustrates that standard code audits are insufficient to uncover all cryptographic attack vectors.

Amazon 的官方說明則在「s2n and Lucky 13」這邊可以看到。

Facebook 提供 Android 效能分級的函式庫

一樣是在 OSNews 上看到的,Facebook 提供了一套 Library,可以將 Android 裝置依照年份分類:「Facebook's simple trick for serving many different Android devices」,原始報導是「Facebook's simple trick for serving so many different Android devices」。

可以在 GitHub 上的「Device Year Class」看到如何使用的範例程式碼:

int year = YearClass.get(getApplicationContext());
if (year >= 2013) {
    // Do advanced animation
} else if (year > 2010) {
    // Do simple animation
} else {
    // Phone too slow, don't do any animations

寫起來感覺沒什麼節操,但很實用 XDDD

AWS Storage Gateway 推出新的模式...

AWS Storage Gateway 推出新的「磁帶」模式:「Create a Virtual Tape Library Using the AWS Storage Gateway」。

原先的 AWS Storage Gateway 只支援兩種模式:

  • Gateway-Cached Volumes:實際資料在 Amazon S3 上,在本地有 cache。
  • Gateway-Stored Volumes:實際資料在本地,定時備份到 Amazon S3 上。

上面兩種方式對於 client 都還是 block storage (random access),可以用 iSCSI 掛上來用。

新的 Gateway-Virtual Tape Library (Gateway-VTL) 則是模擬磁帶架構,除了可以丟到 Amazon S3 上以外,也可以丟到 Amazon Glacier 上!XD

很有趣的架構啊... XD

紐約公共圖書館提供的 Library:將地圖 OCR 成向量資料...

紐約公共圖書館 (NYPL) 丟出個有趣的東西:「Map polygon and feature extractor」,敘述的地方就有這樣的說明:

Like OCR for maps



這樣子... 也可以 GeoJSON 輸出 :p

這屬於 Open Data 的工作,紐約公共圖書館本身就是全世界第三大圖書館,美國第二大的圖書館 (僅次於第一的國會圖書館與第二的大英圖書館),做完後可以把館內的地圖館藏整個數據化讓人重複使用 (而非僅僅將紙本掃描成圖片資料的「電子化」),這包括了以前的手繪地圖啊...

程式主要是用 Python 寫,另外在 repository 有看到 RScheme 的存在... (GitHub 的統計)