policy

Twitter 新政策禁止推廣其他社交平台的連結

看到 Paul Graham 這個宣告：

This is the last straw. I give up. You can find a link to my new Mastodon profile on my site.https://t.co/bbmZ4yvAJH

— Paul Graham (@paulg) December 18, 2022

裡面提到的新政策在「Promotion of alternative social platforms policy」這邊，直接禁止其他社交平台：

At both the Tweet level and the account level, we will remove any free promotion of prohibited 3rd-party social media platforms, such as linking out (i.e. using URLs) to any of the below platforms on Twitter, or providing your handle without a URL:

Prohibited platforms:

Facebook, Instagram, Mastodon, Truth Social, Tribel, Post and Nostr

3rd-party social media link aggregators such as linktr.ee, lnk.bio

在 Hacker News 的討論上面，Paul Graham 有回應 (帳號是 pg)，他又提出了一些猜測與見解，包含了他覺得這個新政策會被收回：「Paul Graham is leaving Twitter for now (twitter.com/paulg)」。

I'm not leaving Twitter. It seems more likely than not that Elon will reverse the ban on links to other social media sites. I just don't want to hang out there in the meantime. Plus given the way things are going, it seemed like a good time to learn about alternatives.

I still think Elon is a smart guy. His work on cars and rockets speaks for itself. Nor do I think he's the villain a lot of people try to make him out to be. He's eccentric, definitely, but that should be news to no one. Plus I don't think he realizes that the techniques that work for cars and rockets don't work in social media. Those two facts are sufficient to explain most of his behavior.

He could still salvage the situation. He's the sort of person it would be a big mistake to write off. And I hope he does. I would be delighted to go back to using Twitter regularly.

不過的確如他說的，這是個好機會嘗試其他的 social network...

白宮宣佈由政府資助的研究，都必須馬上公開

一樣是 Hacker News 上看到的：「Guidance to make federally funded research freely available without delay (whitehouse.gov)」，白宮的公告在「OSTP Issues Guidance to Make Federally Funded Research Freely Available Without Delay」這邊。

開頭有重點，不得限制以及收費。所以 paywall 是一定不行，另外要註冊才能看也算是一種限制，應該也會被這次的政策要求改善：

In a memorandum to federal departments and agencies, Dr. Alondra Nelson, the head of OSTP, delivered guidance for agencies to update their public access policies as soon as possible to make publications and research funded by taxpayers publicly accessible, without an embargo or cost.

時間表的部份，短期是 2023 年中更新 policy，並且在 2025 年年底前全部施行：

In the short-term, agencies will work with OSTP to update their public access and data sharing plans by mid-2023. OSTP expects all agencies to have updated public access policies fully implemented by the end of 2025.

這次的算政府方面的政策，至少這些論文會有地方可以公開下載。

找了一下之前寫下來跟 open access 有關的消息，從學校方面給壓力的也不少，不過我記錄下來的主要都是跟 Elsevier 的中止合約：

2019 的「加州大學宣佈不與 Elsevier 續約」，
2020 的北卡大學系統對 Elsevier 的不續約「Upcoming Elsevier Cancellations」，
2020 的紐約大學系統對 Elsevier 的不續約「State University of New York Steps Away From the “Big Deal” with Elsevier」，
2020 的「MIT 終止與 Elsevier 的合約」。

看起來不同角度都有一些推進...

Auto Scaling 就不能綁個 Lambda 嗎...

看到 AWS 宣佈 Amazon EC2 的 auto scaling 有新花樣：「New – Attribute-Based Instance Type Selection for EC2 Auto Scaling and EC2 Fleet」。

你都有 Lambda 了，就不能整合 Lambda 每分鐘跑一次，讓使用者直接用個 turing complete 的方式自己設計要的 policy 嗎... 會用到 auto scaling 的使用者不會在意 Lambda 的那幾毛錢的。

這樣做對 OKR 是比較好沒錯啦，但用的人已經懶的看了...

GitHub 宣佈在 github.io 上抵制 FLoC

GitHub 的公告簡單明瞭，也不用你操作，直接在 github.io 上抵制 FLoC：「GitHub Pages: Permissions-Policy: interest-cohort=() Header added to all pages sites」，在「[Feature request] Set HTTP header to opt out of FLoC in GitHub Pages」這邊有些討論，另外在 Hacker News 上的討論也可以看一下：「GitHub blocks FLoC across all of GitHub Pages (github.blog)」。

不過不確定為什麼 custom domain 的就不加上去，可能微軟內部的法務團隊討論出來的結果？

All GitHub Pages sites served from the github.io domain will now have a Permissions-Policy: interest-cohort=() header set.

Pages sites using a custom domain will not be impacted.

Backblaze 採購硬碟的策略

在「How Backblaze Buys Hard Drives」這篇裡面提到了 Backblaze 採購硬碟的策略，可以看到完全都是偏成本走向，所以裡面的策略一般個人用不太到，一般企業也不應該照抄，但拿來看看還蠻有趣的...

像是因為硬碟太多，所以硬碟的使用電量是他們在評估成本時蠻重要的一環，這點在一般的情境下不太會考慮到：

Power draw is a very important metric for us and the high speed enterprise drives are expensive in terms of power cost. We now total around 1.5 megawatts in power consumption in our centers, and I can tell you that every watt matters for reducing costs.

另外也提到了 SMR 硬碟的特性，在單位成本雖然有比較高的容量，但導致架構面需要配合 (cache)，而也會有工程端的成本提昇，所以不是很愛：

SMR would give us a 10-15% capacity-to-dollar boost, but it also requires host-level management of sequential data writing. Additionally, the new archive type of drives require a flash-based caching layer. Both of these requirements would mean significant increases in engineering resources to support and thereby even more investment. So all-in-all, SMR isn’t cost-effective in our system.

成本面上，他們觀察到的現象是每季會降 5%～10%：

Ideally, I can achieve a 5-10% cost reduction per terabyte per quarter, which is a number based on historical price trends and our performance for the past 10 years.

另外提到了用 SAS controller 可以接多個 SATA 硬碟的事情 (雖然還是成本考量)，但這塊也蠻有趣的：

Longer term, one thing we’re looking toward is phasing out SATA controller/port multiplier combo. This might be more technical than some of our readers want to go, but: SAS controllers are a more commonly used method in dense storage servers. Using SATA drives with SAS controllers can provide as much as a 2x improvement in system throughput vs SATA, which is important to me, even though serial ATA (SATA) port multipliers are slightly less expensive. When we started our Storage Pod construction, using SATA controller/port multiplier combo was a great way to keep costs down. But since then, the cost for using SAS controllers and backplanes has come down significantly.

Amazon EFS 提供 7 天的 IA 選項

Amazon EFS 有 IA 的儲存方案，儲存的價位便宜很多，但需要另外收存取費用。不過這對於丟 log 之類的倒是還算方便，很多現有的程式就可以直接往裡面丟...

不過系統的設計上不是讓你指定哪些檔案放到 IA，而是設定 Lifecycle Management Policy 以及時間，當超過指定的時間後就會安排搬到 IA 裡面。

先前最低的時間是 14 天，剛剛看到 AWS 宣佈有 7 天的選項了，從 web console 上就可以看到選項可以選了：「Amazon Elastic File System Infrequent Access Now Supports a 7-day Lifecycle Management Policy」。

這樣對於開始堆資料的人，一開始塞東西進去而需要付 Standard Storage 的時間可以少蠻多的...

uBlock Origin 的開發版 (Dev) 被 Chrome Web Store 拒絕的事件...

uBlock Origin 是一個在瀏覽器上擋廣告的軟體，以前在推廣的時候都只提到可以過濾掉網站上的廣告，大家興趣其實都不太高 (還會有「留口飯讓別人吃」之類的 XDDD)，但最近跟同事推廣的時候改用「可以擋 YouTube 的影音廣告喔」，大家接受度意外的爆高，不過這有點扯遠了，回到原來的主題上...

先介紹一下 uBlock Origin 的開發模式，除了一般的 stable 版本外 (「uBlock Origin」這組)，另外會有另外一個 dev 版本上傳到 Chrome Web Store (CWS) 上 (「uBlock Origin development build」這組)，這樣讓使用者比較容易安裝與測試，這個方式也可以在 Tampermonkey 上看到。

這次主要維護者 Raymond Hill (gorhill) 在 1.22.5rc1 版上傳到 CWS 上後收到被拒絕上架的通知：「Dev build 1.22.5rc1 "REJECTED" from Chrome Web Store」。

拒絕的原因是 CWS 要求要有套件必須符合「目的單一性」，也就是不能把目的不同的東西強迫使用者綁在一起使用：

Your item did not comply with the following section of our policy: An extension should have a single purpose that is clear to users. Do not create an extension that requires users to accept bundles of unrelated functionality, such as an email notifier and a news headline aggregator. If two pieces of functionality are clearly separate, they should be put into two different extensions, and users should have the ability to install and uninstall them separately. For example, an extension that provides a broad array of functionalities on the New Tab Page/ Start-up Page but also changes the default search are better delivered as separate extensions, so that users can select the services they want. For more information on the new Chrome extensions quality policy, please refer to the FAQ: https://developer.chrome.com/extensions/single_purpose

後續的 1.22.5rc2 也被拒絕，然後他回信詢問了 CWS 官方，得到的仍然是罐頭回應，然後他就決定丟著 (而這個作法還蠻聰明的)，接著這件事情就被丟著變成 PR 事件上了一些媒體，然後昨天就突然解了...

Google 最近的動作愈來愈多了，一方面在嘗試避免觸動反托拉斯法的情況，儘可能打壓這些擋廣告的套件...

Apple 對 Tracking 機制的宣言 (宣戰)

Apple 透過 WebKit 的 blog 公佈了對 tracking 技術的宣言 (或者說「宣戰」)：「Announcing the WebKit Tracking Prevention Policy」，完整的文件在「WebKit Tracking Prevention Policy」可以看到。

相關的報導可以參考「Apple will soon treat online web tracking the same as a security vulnerability」。這篇會這樣下標題主要是這點：

We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.

不過技術上還是很困難，現在在瀏覽氣上有太多方式可以被拿來追蹤分析。

另外也不用認為蘋果是什麼善類，他只是不太靠廣告賺錢，所以會決定站出來把隱私保護當產品在推銷，哪天有什麼奇怪的特例跑出來的時候也不用太意外...

Google 公告了 Chrome Extension 對於權限的新規範

是收到信件通知 (因為之前有開發一些 extension)，裡面提到的重點主要是出自「Developer Program Policies」裡的兩項。

第一項是要求權限最小化：

Request access to the narrowest permissions necessary to implement your Product’s features or services. If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality.

第二個是你現在沒有實做的功能就不能要權限：

Don't attempt to "future proof" your Product by requesting a permission that might benefit services or features that have not yet been implemented.

這些新條文將會在 2019/10/15 生效：

Your extensions must be compliant with this policy by October 15th, 2019. You can learn more about these changes and how they may apply to you in our User Data FAQ.

紐約時報的 The Privacy Project 分析了這二十年來 Google 的隱私條款

紐約時報的 The Privacy Project 分析了 Google 在這二十年來的 Privacy Policy (英文版)，可以看出網路廣告產業的變化，以及為什麼變得極力蒐集個資與使用者行為：「Google’s 4,000-Word Privacy Policy Is a Secret History of the Internet」。整篇看起來有點長，可以先看裡面的小標題，然後看一下列出來的條文差異，把不同時間的重點都列出來了。

最早期的轉變是「針對性」：

1999-2004
No longer talks about users ‘in aggregate’

1999 年的版本強調了整體性，後來因為針對性廣告而被拿掉：

1999
Google may share information about users with advertisers, business partners, sponsors, and other third parties. However, we only talk about our users in aggregate, not as individuals. For example, we may disclose how frequently the average Google user visits Google, or which other query words are most often used with the query word "Microsoft."

接下來的是蒐集的項目大幅增加，讓分析更準確：

2005-2011
Google shares more data for better targeting

然後是更多產品線互相使用使用者行為資訊：

2012-2017
Its complicated business requires a more complicated policy

接下來是因為法規而配合修改條文 (最有名的就是 GDPR)：

2018-PRESENT
Policy adjusts to meet stricter regulation