InterNetNews (INN) 在測試 Git

在 mailing list 上看到「Test Git repository for INN」這個消息,看起來 InterNetNews 也在嘗試換到 Git 上了,目前是選擇用 GitHub,在「InterNetNews/inn」這邊。

整個從 CVS 換到 Subversion 再到現在開始進入 Git 的環境了。

沒有全部自己搞的理由也有提到,主要就是免費與方便,然後社群也已經知道 GitHub 是什麼了:

GitHub was chosen because it's (a) free (as in price), (b) widely understood and used already, and (c) easy for me to set up. I know some folks have reservations about GitHub because it's not free software, and I understand, but I don't think we're committing heavily to their platform (everyone who has a clone of the Git repository has all the important data and can move it elsewhere), and other things like GitLab are only open core anyway. Hosting everything on 100% free software (depending on the choice of free software) loses us some useful features (I plan to set up GitHub Actions for CI) and requires more resources that I don't really have to spend on it. That said, everyone is certainly welcome to mirror the Git repository elsewhere if they want.

之後會跑 CI,算是這些年軟體工程必備的工具了...

AWS 提供 VPC Traffic Mirroring 的功能

以前在機房可以在 switch 上用 port mirror 看流量內容找問題,現在在 AWS 上也提供類似的功能 VPC Traffic Mirroring:「New – VPC Traffic Mirroring – Capture & Inspect Network Traffic」。

所以所有以前在傳統機房使用 switch 的技術,都可以在 AWS 上重新發展出來,所以不算太意外的是第一波就有一堆 partner 提供服務,或是一些公司提供經驗。

另外 AWS 的 VPC Traffic Mirroring 比以前 switch 的 port mirror 更彈性,可以把整個網路當來源,或是指定特定的 ENI 當來源:

Mirror Source – An AWS network resource that exists within a particular VPC, and that can be used as the source of traffic. VPC Traffic Mirroring supports the use of Elastic Network Interfaces (ENIs) as mirror sources.

然後除了可以打到 ENI 上,也可以打到 NLB 上:

Mirror Target – An ENI or Network Load Balancer that serves as a destination for the mirrored traffic. The target can be in the same AWS account as the Mirror Source, or in a different account for implementation of the central-VPC model that I mentioned above.

不免俗的,可以過濾封包:

Mirror Filter – A specification of the inbound or outbound (with respect to the source) traffic that is to be captured (accepted) or skipped (rejected). The filter can specify a protocol, ranges for the source and destination ports, and CIDR blocks for the source and destination. Rules are numbered, and processed in order within the scope of a particular Mirror Session.

然後有判斷 session 的能力 (看這邊的敘述,應該就是指 stateful connection?):

Traffic Mirror Session – A connection between a mirror source and target that makes use of a filter. Sessions are numbered, evaluated in order, and the first match (accept or reject) is used to determine the fate of the packet. A given packet is sent to at most one target.

而且這一次公佈就幾乎開放所有區域了,費用看起來也不太貴:

VPC Traffic Mirroring is available now and you can start using it today in all commercial AWS Regions except Asia Pacific (Sydney), China (Beijing), and China (Ningxia). Support for those regions will be added soon. You pay an hourly fee (starting at $0.015 per hour) for each mirror source; see the VPC Pricing page for more info.

PHP 終止 mirror 站台計畫

Twitter 上看到的公告:

本來 PHP 開放讓各地區的自願者提供頻寬,使用 PHP 的網域名稱 (像是 tw.php.net 這樣),現在則是全部都收回,由官方統一提供有 HTTPS 的網頁版本 https://www.php.net/

目前看起來 latency 頗高,都是到美東的伺服器上?下載也都還是指在 https://www.php.net/ 上,不知道 CDN 是用在哪裡...

nginx 的 mirror 功能

nginx 1.13.4 出的新功能,ngx_http_mirror_module

The ngx_http_mirror_module module (1.13.4) implements mirroring of an original request by creating background mirror subrequests. Responses to mirror subrequests are ignored.

範例其實就講的還蠻清楚的:

location / {
    mirror /mirror;
    proxy_pass http://backend;
}

location /mirror {
    internal;
    proxy_pass http://test_backend$request_uri;
}

如果拿 nginx 當 load balancer 的人,可以用這個功能做些事情...

Debian 的 CloudFront

剛剛看到 Debian Mirrors via CloudFront 這個,原來 AWS 幫忙付掉了:

This service is kindly hosted by and paid for by Amazon Web Services, and we thank them for their contribution to Debian.

翻了 mailing list 發現是在 2013 年五月的時候弄出來的:「Debian archive distribution via CloudFront CDN」。

換 Ubuntu 的 mirror site...

Zeroplex 遇到類似的問題 (參考「NCHC for Ubuntu sources.list」這篇),放在台大的 tw.archive.ubuntu.com 常常連不上,所以就換掉 mirror site 了。UbuntuDebian 相同,都是用 APT,所以就是換掉 /etc/apt/ 下面的設定。

Zeroplex 使用的是 http://free.nchc.org.tw/,我則是用 http://ftp.twaren.net/。換完後再 apt-get update 一次就可以了。