Skip to content

Gea-Suan Lin's BLOG

幹壞事是進步最大的原動力

Gea-Suan Lin's BLOG

Tag: login

美國政府的 SSO 網站 login.gov

在 2017 年的時候 18F 推出了美國政府的 SSO 服務 login.gov:「Government launches login.gov to simplify access to public services」,當時只支援聯邦政府的系統。

這幾天看到了新的公告,宣佈 login.gov 的服務範圍打算擴大到州政府與地方政府的計畫:「Login.gov to provide authentication and identity proofing services to a limited number of federally funded state and local government programs.」。

翻了一下開發網站「Welcome to the login.gov developer guide | login.gov」,可以看到使用的技術應該是 OpenID 與 SAML:

Select between OpenID Connect (OIDC) or SAML protocol implementation protocols. Please note that we recommend OIDC.

難得看到 OpenID 被拿出來用,記起來好了...

Author Gea-Suan LinPosted on February 20, 2021Categories Computer, Murmuring, Network, Political, Security, Service, WWWTags 18f, federal, government, login, on, openid, saml, security, sign, single, sso, states, united1 Comment on 美國政府的 SSO 網站 login.gov

Cloudflare 導入 Security Key 了 (WebAuthn)

Cloudflare 總算是導入 security key 了,之前都得開 app 用 TOTP 認證:「Cloudflare now supports security keys with Web Authentication (WebAuthn)!」。

把 security key 設定好之後,登入就會跳提示要你用 security key 登入:

當你手上沒辦法用 security key 時,還是可以選擇用 TOTP:

這樣方便多了,而且也更安全 (比起六碼數字,以及防 phishing 的能力)。

Author Gea-Suan LinPosted on April 1, 2020Categories CDN, Cloud, Computer, Murmuring, Network, Security, Service, WWWTags cloudflare, key, login, security, totp, webauthnLeave a comment on Cloudflare 導入 Security Key 了 (WebAuthn)

Twitter 要清帳號了

看到 Twitter 要清沒有在用的帳號的消息:「Twitter will remove inactive accounts and free up usernames in December」,官方的「Inactive account policy」裡面也可以看到。

看起來定義上是六個月沒有動,官方就可以當作 inactive account 處理:

We encourage people to actively log in and use Twitter when they register an account. To keep your account active, be sure to log in and Tweet at least every 6 months. Accounts may be permanently removed due to prolonged inactivity.

讓我想到先前 arashi_5_official 帳號的取名原因 XDDD

另外不知道會怎麼處理權限上的配套措施,像是有不少網站支援 Twitter 帳號登入,如果被其他人拿到後代表有機會取得其他非 Twitter 系統的權限...

Author Gea-Suan LinPosted on November 27, 2019Categories Computer, Murmuring, Network, Security, Service, Social, WWWTags account, inactive, login, network, oauth, security, sns, social, tweet, twitter, usernameLeave a comment on Twitter 要清帳號了

StackOverflow 講 cache 的文章...

這篇是 StackOverflow 在講 cache 的文章,裡面不是什麼新東西,只是看到有趣的項目所以拿出來講:「How Stack Overflow Caches Apps for a Multi-Tenant Architecture」。

在講 cache 前通常都會說明各種儲存空間速度的差異,但裡面混了一個奇怪的東西:

  • L1: 1.3ns
  • L2: 3.92ns (3x slower)
  • L3: 11.11ns (8.5x slower)
  • DDR4 RAM: 100ns (77x slower)
  • NVMe SSD: 120,000ns (92,307x slower)
  • SATA/SAS SSD: 400,000ns (307,692x slower)
  • Rotational HDD: 2–6ms (1,538,461x slower)
  • Microsoft Live Login: 12 redirects and 5s (3,846,153,846x slower, approximately)

裡面混了一個不是 storage 的東西進去比較,你們是對 Microsoft 的帳號系統有多不爽 XDDD

另外他們列出了目前 Redis 的使用情況:

For the curious, some quick stats from last Tuesday (2019-07-30) This is across all instances on the primary boxes (because we split them up for organization, not performance…one instance could handle everything we do quite easily):

  • Our Redis physical servers have 256GB of memory, but less than 96GB used.
  • 1,586,553,473 commands processed per day (3,726,580,897 commands and 86,982 per second peak across all instances – due to replicas)
  • Average of 2.01% CPU utilization (3.04% peak) for the entire server (< 1% even for the most active instance)
  • 124,415,398 active keys (422,818,481 including replicas)
  • Those numbers are across 308,065,226 HTTP hits (64,717,337 of which were question pages)

然後更長的版本可以在作者自己的 blog 上讀到,裡面講到的 cache invalidate (purge) 這部份有談到一些他們的作法:「Stack Overflow: How We Do App Caching - 2019 Edition」。

Author Gea-Suan LinPosted on August 26, 2019Categories Computer, Joke, Murmuring, Network, Programming, Recreation, Service, Software, WWWTags account, cache, invalidate, live, login, microsoft, performance, purge, speed, stackoverflow, storage, system, timeLeave a comment on StackOverflow 講 cache 的文章...

StackOverflow 最近的一些負面新聞

大致上有兩則,一個是 StackOverflow 首頁改版,以前的首頁是各種熱門或是新的問題的列表 (像是下面第一張圖),而在改版後,沒有登入的使用者將只會看到各種廣告 (可以透過無痕模式測試,像是第二張圖):

這件事在「New home page makes it seem like SO doesn't allow free use any more」被拿出來討論,而且目前看起來沒打算改回來... 公司大了以後的常態之一。

第二個是有人在瀏覽器的 console 上發現 StackOverflow 上出現 AudioContext 的請求,一路追發現是廣告嘗試透過瀏覽器特性追蹤使用者 (也就是 Fingerprint):「Why is Stack Overflow trying to start audio?」。

StackOverflow 的官方回應覺得這個廣告不適合,有提出一些方案,不過看了一下這邊方案都還是不可行 (需要瀏覽器實做新功能,或是修正 bug),目前還是推薦用 uBlock Origin 直接擋掉,節省 CPU resource 與 bandwidth...

Author Gea-Suan LinPosted on July 2, 2019Categories Browser, Computer, Murmuring, Network, Privacy, Service, SoftwareTags ad, audiocontext, browser, console, homepage, login, origin, page, privacy, stackoverflow, ublockLeave a comment on StackOverflow 最近的一些負面新聞

G Suite 的管理員可以關閉簡訊與電話語音的 2FA 了

看到「Disable SMS or voice codes for 2-Step Verification for more secure accounts」這邊的說明,G Suite 的管理員可以將 SMS 與 Voice 強制關閉 (也就是不認為這兩個管道是安全的 2FA)。

主要是因為行動網路一直都不怎麼安全,像是 GPRS 與 3G network 使用的 KASUMI,或是 downgrade attack (用 2G network)。

目前 G Suite 登入有提供的 2FA 除了上面這兩個以外,應該還有 TOTP 與 U2F 類的認證方式,這次影響最大的應該是堅持用非智慧型手機的人?這種:


取自「File:Mobile phone evolution.jpg」

Author Gea-Suan LinPosted on March 15, 2019Categories Computer, Murmuring, Network, Security, Service, SMS, TelephoneTags 2fa, 2g, 3g, account, g, google, key, login, mfa, network, phone, security, sms, suite, totp, u2f, voiceLeave a comment on G Suite 的管理員可以關閉簡訊與電話語音的 2FA 了

Flickr 宣佈推出自己的登入系統,不過得排隊等...

Flickr 在被 SmugMug 收購後就開始在整理架構,其中一塊是把本來綁定 Yahoo! 的登入拿掉,現在官方推出計畫了:「Flickr login freedom is here.」。

不過不是所有人都馬上可以用,而是逐步開放給使用者:

The first page of the login experience has already been updated with a new look, but you will continue to log in to your Flickr account with your Yahoo credentials as you always have until the rollout reaches you.

來繼續等...

Author Gea-Suan LinPosted on March 6, 2019Categories Computer, Murmuring, Network, ServiceTags account, flickr, login, smugmug, yahoo2 Comments on Flickr 宣佈推出自己的登入系統,不過得排隊等...

Android 的 FIDO2

在「Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins」這邊看到 Android 7.0 支援 FIDO2 了:

If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified.

所以在 browser 有配合的情況下,可以用手機當作 MFA,而且 anti-phishing...

Author Gea-Suan LinPosted on February 28, 2019Categories Browser, Computer, Hardware, Murmuring, Network, Security, SoftwareTags android, browser, fido, fido2, google, login, mfa, password, passwordless, phishing, play, secure, security, serviceLeave a comment on Android 的 FIDO2

把 FreeOTP 搞掛了,只好換一套...

再弄 WordPress 的 U2F 時發現他也可以共存其他 2FA 機制 (也就是可以挑一種方式當 2FA,像是 TOTP),就開始重設 OTP...

結果手賤把 FreeOTP 的 &#039; 改成 ' (因為看起來不順眼 XD),就遇到「FreeOTP stuck crashing at startup if name contains certain characters · Issue #100 · freeotp/freeotp-ios」這個問題,結果 FreeOTP 直接閃退開不起來,而且沒有 workaround 的方式存取其他的 OTP token...

找了一下替代方案,目前先用「mattrubin/Authenticator: Two-Factor Authentication Client for iOS」這套了,要注意有同名而且界面很像的 app 在上面,要確認作者名稱...

然後接下來就是一連串 reset 2FA token 的步驟了,有些當初沒有留 backup code 超麻煩 @_@

Author Gea-Suan LinPosted on October 24, 2018October 26, 2018Categories Computer, Murmuring, Security, SoftwareTags 2fa, app, authentication, backup, bug, client, code, factor, freeotp, ios, login, otp, reset, security, store, token, totp, two, u2f, wordpressLeave a comment on 把 FreeOTP 搞掛了,只好換一套...

把 Trac 改成 Form Login 後 XMLRPC 不會動的問題...

我自己再用的 Trac 本來是走 HTTP 的 Authorization header 登入,但這樣每次重開瀏覽器就要登入一次,覺得麻煩... 就想要找套件改成用 HTML form login。

目前比較有在維護的應該是 AccountManagerPlugin 這套,內建就支援本機密碼,也支援 plugin 掛其他外部服務進去。

但掛進去後發現本來的自動開票機 (i.e. 用 crontab 開票) 就沒辦法登入了,最後找到得用 HttpAuthPlugin 處理。這個套件一開頭就寫了他也是為了 XmlRpcPlugin 而寫的:

This plugin allows you to protect certain paths with HTTP authentication. The AccountManagerPlugin is used to check passwords.

Primarily this is meant to be used with the XmlRpcPlugin, so it will work while using AccountManager's form-based logins.

就是遇到同樣的問題...

Author Gea-Suan LinPosted on October 6, 2018Categories Computer, Murmuring, Network, Service, SoftwareTags account, auth, authorization, extension, form, header, html, http, login, manager, plugin, rpc, trac, xml, xmlrpcLeave a comment on 把 Trac 改成 Form Login 後 XMLRPC 不會動的問題...

Posts navigation

Page 1 Page 2 Next page

Recent Comments

  • wens on 用 git-notify 提醒重要的訊息
  • 2021-Mar-02 – For The Record on AWS 大阪區開放
  • 2021-Mar-01 – For The Record on Android 上不讓 App 取得真實的電話簿資料
  • 2021-Feb-25 – For The Record on 挖 Ethereum 加熱房間...
  • 2021-Feb-27 – For The Record on DigitalOcean 送出 Form S-1

Archives

  • March 2021 (14)
  • February 2021 (34)
  • January 2021 (29)
  • December 2020 (38)
  • November 2020 (42)
  • October 2020 (40)
  • September 2020 (23)
  • August 2020 (32)
  • July 2020 (35)
  • June 2020 (22)
  • May 2020 (36)
  • April 2020 (33)
  • March 2020 (18)
  • February 2020 (28)
  • January 2020 (34)
  • December 2019 (43)
  • November 2019 (22)
  • October 2019 (24)
  • September 2019 (33)
  • August 2019 (30)
  • July 2019 (40)
  • June 2019 (37)
  • May 2019 (39)
  • April 2019 (30)
  • March 2019 (62)
  • February 2019 (35)
  • January 2019 (38)
  • December 2018 (36)
  • November 2018 (45)
  • October 2018 (19)
  • September 2018 (37)
  • August 2018 (28)
  • July 2018 (29)
  • June 2018 (25)
  • May 2018 (37)
  • April 2018 (36)
  • March 2018 (30)
  • February 2018 (57)
  • January 2018 (53)
  • December 2017 (84)
  • November 2017 (117)
  • October 2017 (93)
  • September 2017 (60)
  • August 2017 (37)
  • July 2017 (41)
  • June 2017 (37)
  • May 2017 (59)
  • April 2017 (55)
  • March 2017 (55)
  • February 2017 (35)
  • January 2017 (42)
  • December 2016 (48)
  • November 2016 (32)
  • October 2016 (35)
  • September 2016 (78)
  • August 2016 (69)
  • July 2016 (19)
  • June 2016 (42)
  • May 2016 (61)
  • April 2016 (51)
  • March 2016 (74)
  • February 2016 (87)
  • January 2016 (31)
  • December 2015 (36)
  • November 2015 (61)
  • October 2015 (72)
  • September 2015 (53)
  • August 2015 (42)
  • July 2015 (38)
  • June 2015 (30)
  • May 2015 (18)
  • April 2015 (57)
  • March 2015 (41)
  • February 2015 (50)
  • January 2015 (35)
  • December 2014 (50)
  • November 2014 (56)
  • October 2014 (41)
  • September 2014 (37)
  • August 2014 (37)
  • July 2014 (28)
  • June 2014 (50)
  • May 2014 (32)
  • April 2014 (46)
  • March 2014 (38)
  • February 2014 (29)
  • January 2014 (52)
  • December 2013 (50)
  • November 2013 (45)
  • October 2013 (40)
  • September 2013 (48)
  • August 2013 (22)
  • July 2013 (25)
  • June 2013 (13)
  • May 2013 (16)
  • April 2013 (28)
  • March 2013 (37)
  • February 2013 (36)
  • January 2013 (57)
  • December 2012 (44)
  • November 2012 (10)
  • October 2012 (12)
  • September 2012 (21)
  • August 2012 (21)
  • July 2012 (25)
  • June 2012 (8)
  • May 2012 (10)
  • April 2012 (11)
  • March 2012 (10)
  • February 2012 (11)
  • January 2012 (5)
  • December 2011 (13)
  • November 2011 (12)
  • October 2011 (10)
  • September 2011 (7)
  • August 2011 (5)
  • July 2011 (11)
  • June 2011 (21)
  • May 2011 (22)
  • April 2011 (36)
  • March 2011 (43)
  • February 2011 (23)
  • January 2011 (24)
  • December 2010 (34)
  • November 2010 (19)
  • October 2010 (16)
  • September 2010 (15)
  • August 2010 (10)
  • July 2010 (12)
  • June 2010 (3)
  • May 2010 (3)
  • April 2010 (4)
  • March 2010 (8)
  • February 2010 (14)
  • January 2010 (13)
  • December 2009 (16)
  • November 2009 (28)
  • October 2009 (24)
  • September 2009 (12)
  • August 2009 (7)
  • July 2009 (10)
  • June 2009 (11)
  • May 2009 (22)
  • April 2009 (21)
  • March 2009 (18)
  • February 2009 (7)
  • January 2009 (32)
  • December 2008 (19)
  • November 2008 (12)
  • October 2008 (15)
  • September 2008 (14)
  • August 2008 (15)
  • July 2008 (18)
  • June 2008 (20)
  • May 2008 (19)
  • April 2008 (27)
  • March 2008 (22)
  • February 2008 (21)
  • January 2008 (15)
  • December 2007 (22)
  • November 2007 (17)
  • October 2007 (29)
  • September 2007 (31)
  • August 2007 (34)
  • July 2007 (31)
  • June 2007 (36)
  • May 2007 (23)
  • April 2007 (22)
  • March 2007 (30)
  • February 2007 (50)
  • January 2007 (75)
  • December 2006 (48)
  • November 2006 (59)
  • October 2006 (89)
  • September 2006 (29)
  • August 2006 (48)
  • July 2006 (14)
  • June 2006 (35)
  • May 2006 (62)
  • April 2006 (63)
  • March 2006 (72)
  • February 2006 (83)
  • January 2006 (56)
  • December 2005 (46)
  • November 2005 (60)
  • October 2005 (27)
  • September 2005 (54)
  • August 2005 (83)

Tags

  • amazon
  • api
  • aws
  • browser
  • cdn
  • certificate
  • chrome
  • cloud
  • cloudflare
  • cpu
  • data
  • database
  • db
  • dns
  • ec2
  • facebook
  • firefox
  • github
  • google
  • http
  • https
  • image
  • instance
  • javascript
  • js
  • linux
  • mozilla
  • mysql
  • network
  • open
  • percona
  • performance
  • php
  • privacy
  • rdbms
  • security
  • server
  • service
  • source
  • speed
  • ssl
  • storage
  • tls
  • ubuntu
  • web

Blogroll

  • Ashley's BLOG
  • Gea-Suan Lin’s BLOG for Class^H^H^H^H^H ACG
  • Gea-Suan Lin’s BLOG for Networking
  • Gea-Suan Lin’s BLOG for Work
  • Gea-Suan Lin's Wiki
  • Zonble
  • 蔡依林的部落格
Gea-Suan Lin's BLOG Proudly powered by WordPress