Elasticsearch 提供免費版本的安全功能

Elasticsearch 決定將基本的安全功能從付費功能轉為免費釋出,很明顯的是受到 Open Distro for Elasticsearch 的壓力而做出的改變:「Security for Elasticsearch is now free」。

要注意的是這不是 open source 版本,只是將這些功能放到 basic tier 裡讓使用者免費使用:

Previously, these core security features required a paid Gold subscription. Now they are free as a part of the Basic tier. Note that our advanced security features — from single sign-on and Active Directory/LDAP authentication to field- and document-level security — remain paid features.

這代表 Open Distro for Elasticsearch 提供的還是比較多:

With Open Distro for Elasticsearch, you can leverage your existing authentication infrastructure such as LDAP/Active Directory, SAML, Kerberos, JSON web tokens, TLS certificates, and Proxy authentication/SSO for user authentication. An internal user repository with support for basic HTTP authentication is also avaliable for easy setup and evaluation.

Granular, role-based access control enables you to control the actions a user can perform on your Elasticsearch cluster. Roles control cluster operations, access to indices, and even the fields and documents users can access. Open Distro for Elasticsearch also supports multi-tenant environments, allowing multiple teams to share the same cluster while only being able to access their team's data and dashboards.

目前看起來還是可以朝 Open Distro for Elasticsearch 靠過去...

維基百科的使用條款更新,強制揭露利益衝突問題

維基百科昨天的使用條款修訂公告中,提到了「揭露利益衝突」的問題:「Making a change to our Terms of Use: Requirements for disclosure」,這份文件的最後方有簡體中文版的說明,對於看英文比較不通順的人可以先看中文版的說明。

在新版的「Terms of Use」裡面,有一個專門的章節「Paid contributions without disclosure」:

These Terms of Use prohibit engaging in deceptive activities, including misrepresentation of affiliation, impersonation, and fraud. As part of these obligations, you must disclose your employer, client, and affiliation with respect to any contribution for which you receive, or expect to receive, compensation. You must make that disclosure in at least one of the following ways:

  • a statement on your user page,
  • a statement on the talk page accompanying any paid contributions, or
  • a statement in the edit summary accompanying any paid contributions.

這段修正可以從「Difference between revisions of "Terms of Use" - Wikimedia Foundation」這邊看到完整的 diff。

這是對於「付費編輯」的反制:國外甚至有專門收費找人編輯維基百科的公司在運作 (可以參考 2013 年 10 月的「Wikimedia Foundation Executive Director Sue Gardner’s response to paid advocacy editing and sockpuppetry」這篇文章),這次在使用條款內直接增訂這一部份,將本來只是社群規範的項目變成直接上法院反制。

早該這麼做了,這件事情意義重大...