Tag Archives: program

Yubico 宣佈推出 Lightning 的 U2F 界面...

YubicoCES 2019 上宣佈推出兩用版的 YubiKey,同時支援 USB-CLightning 接頭:「Yubico Launches the Security Key NFC and a Private Preview of the YubiKey for Lightning at CES 2019」。

從照片可以看出來是直接做成兩側各一個頭:

目前是 Private Preview,開發者需要跟 Yubico 申請:

If you are a developer or service that would like to support strong hardware authentication on iOS, we invite you to work with us by applying to participate in the YubiKey for Lightning Program. Selected participants will have access to the private preview of YubiKey for Lightning and also the Yubico Mobile iOS SDK for Lightning.

不過看起來是硬體限制沒辦法朝 NFC 支援?另外如果蘋果下一代 iPhone 換掉變成 USB-C 就搞笑了...

歐盟對十四套 Open Source 軟體推出 Bug Bounty Program

歐盟對於 14 套 open source 軟體推出 bug bounty program,協助改善這些軟體的品質 (主要是資安這塊):「EU to fund bug bounty programs for 14 open source projects starting January 2019」、「In January, the EU starts running Bug Bounties on Free and Open Source Software」。

這十四套軟體的選擇應該可以參考「EU aims to increase the security of password manager and web server software: KeePass and Apache chosen for open source audits」這邊...

然後看到「Intigriti/Deloitte」這個才知道原來 Deloitte 也有做這個啊...

AWS 多了一卡車服務符合 PCI DSS

碰到信用卡卡號時會需要的 PCI DSS,在 AWS 上面多了一卡車服務過了這個認證:「AWS Adds 16 More Services to Its PCI DSS Compliance Program」。

多了這些,有不少其實蠻常用的東西:

  • Amazon Inspector
  • Amazon Macie
  • Amazon QuickSight
  • Amazon S3 Transfer Acceleration
  • Amazon SageMaker
  • Amazon Simple Notification Service
  • AWS Batch
  • AWS CodeBuild
  • AWS Lambda@Edge
  • AWS Shield
  • AWS Snowball
  • AWS Snowball Edge
  • AWS Snowmobile
  • AWS Systems Manager
  • AWS X-Ray

Lambda@Edge 可以用表示信用卡處理頁面上也可以卡這個服務進來了,另外比較意外的是,SNS 之前居然沒在 PCI DSS 清單裡面喔 XDDD

2017 年 CA/Browser Forum 在台北辦的見面會議的會議記錄出爐了...

2017 年 CA/Browser Forum 在台北舉辦的見面會議,會議記錄總算是出爐了:「2017-10-04 Minutes of Face-to-Face Meeting 42 in Taipei - CAB Forum」。

由於是辦在台北,所以台灣很多單位都有出席,像是中央警察大學 (1)、中華電信 (11)、日盛聯合會計師事務所 (1)、TWCA (3):

Attendance: Peter Bowen (Amazon); Geoff Keating and Curt Spann (Apple); Jeremy Shen (Central Police University); Franck Leroy (Certinomis / Docapost); Wayne Chan and Sing-man Ho (Certizen Limited); Wen-Cheng Wang, Bon-Yeh Lin, Wen-Chun Yang, Jenhao Ou, Wei-Hao Tung, Chiu-Yun Chuang, Chung-Chin Hsiao, Chin-Fu Huang, Li-Chun Chen, Pin-Jung Chiang, and Wen-Hui Tsai (Chunghwa Telecom); Alex Wight and JP Hamilton (Cisco), Robin Alden (Comodo), Gord Beal (CPA Canada), Ben Wilson and Jeremy Rowley (DigiCert), Arno Fiedler and Enrico Entschew (D-TRUST); Kirk Hall (Entrust Datacard); Ou Jingan, Zhang Yongqiang, and Xiu Lei (GDCA); Atsushi Inaba and Giichi Ishii (GlobalSign); Wayne Thayer (GoDaddy); Devon O’Brien (Google); David Hsiu (KPMG); Mike Reilly (Microsoft); Gervase Markham and Aaron Wu (Mozilla); Hoang Trung La (National Electronic Authentication Center (NEAC) of Vietnam); Tadahiko Ito (Secom Trust Systems); Leo Grove and Fotis Loukos (SSL.com); Brian Hsiung (Sunrise CPA Firm); Steve Medin (Symantec); Frank Corday and Tim Hollebeek (Trustwave); Robin Lin, David Chen, and Huang Fu Yen (TWCA); and Don Sheehy and Jeff Ward (WebTrust).

開頭有提到會議記錄 delay 的情況:

Preliminary Note: The CA/Browser Forum was delayed in completing the minutes for its last Face-to-Face meeting Oct. 4-5, 2017 in Taipei, and the proposed final Minutes were only sent by the Chair to the Members on December 13, 2017 for their review. There was not enough time for Members to review the draft before the next teleconference of December 14, and the teleconference of December 28 was cancelled due to the holidays. The next Forum teleconference is scheduled for January 11, 2018.

會議記錄很長,主要是有不少主題被拿到見面會議上討論,另外有一半的篇幅是在說明各家 root program policy 的變化。

下次的見面會議會在三月,然後會由 Amazon 辦在東岸:

Peter confirmed the next F2F meeting will be hosted by Amazon on March 6-8, 2018 at its Herndon, Virginia location. More information will be provided in the coming months.

去電視廣告的服務又來了...

看到「Plex’s DVR now lets you skip the commercials… by removing them for you」這篇文章,介紹 Plex 要推出去電視廣告的服務...

維基百科上的介紹比較清楚:「Plex (software)」,主要有兩個元件組成,media server 與 player:

  • The Plex Media Server desktop application runs on Windows, macOS and Linux-compatibles including some types of NAS devices. The 'server' desktop application organizes video, audio and photos from your collections and from online services, enabling the players to access and stream the contents.
  • The media players. There are official clients available for mobile devices, smart TVs, and streaming boxes, a web app and Plex Home Theater (no longer maintained), as well as many third-party alternatives.

然後這次要推出的功能是直接在錄影的時候把廣告拿掉:

Plex confirmed it’s rolling out a new feature that will allow cord cutters to skip the commercials in the TV programs recorded using its software, making the company’s lower-cost solution to streaming live TV more compelling. Unlike other commercial-skip options, Plex’s option will remove commercials from recordings automatically.

這讓我有些印像... 當年 TiVo 也有類似的功能,不過文章裡有提到 TiVo 是提供 skip 而非直接拿掉:

The new feature works by locating the commercials in your recorded media. It then actually removes them before the media is stored in your library. That sounds like it could be even better than TiVo’s commercial skipping option, for example, because you don’t have to press a button to skip the ads — they’re being pulled out for you, proactively.

不過主要是認識了 Plex 這個軟體... 如果是電視兒童的話應該用的到 XD 台灣目前的電視節目好像看的比較少...

CMU 推出 Product Management 的課程

CMUCS (Computer Science) 發的新聞稿:「Carnegie Mellon Offers New Master's Degree in Product Management」。

副標也清楚寫出是一年的課程:

One-Year Program Turns Computer Professionals Into "CEOs of the Product"

除了 CMU CS 外,也結合了 CMU 的 Tepper Business School 一起開:

A joint program of the university's School of Computer Science (SCS) and Tepper School of Business, the Master of Science in Product Management (MSPM) program will start January 2018.

另外一個不同角度的 Product Management。

Mozilla 也在考慮對 Certificate Transparency 的掌握度

由於 Firefox 要支援 Certificate Transparency 的緣故,在「Mozilla CT Policy」這邊 Mozilla 在討論要建立自己的 CT policy 以及自己的架構:

CT is coming to Firefox. As part of that, Mozilla needs to have a set of CT policies surrounding how that will work. Like our root inclusion program, we intend to run our CT log inclusion program in an open and transparent fashion, such that the Internet community can see how it works and how decisions are made.

這樣就有個開頭了...

Go 上面的白箱安全性檢查

HP 的 open source 專案「Go AST Scanner」,分析 Go 的原始程式碼拉出 AST 進行分析 (Static program analysis),再找出可能的安全性問題。

雖然是 alpha 階段,但看起來是個好東西啊... 至少寫的太誇張的 SQL injection 可以掃出來。

印度對軟體專利的限制

印度對軟體專利加以限制:「No patent if invention lies only in computer program, says Indian Patent Office」,新的規定規範了如果是程式內所跑出來的創新 (invention),那麼就不可以被專利化:

The new guideline says that if the contribution of the invention lies only in computer program, the examiner should deny the patent claim.

基於程式本身不可專利,那麼完全由程式所產生出來的創新也不應該有專利權:

"The computer program in itself is never patentable. If the contribution lies solely in the computer program, deny the claim. If the contribution lies in both the computer program as well as hardware, proceed to other steps of patentability," it added.

把家裡的機器換上 Let's Encrypt 的 SSL certificate

依照「Beta Program Announcements」這邊的指示去填單申請 Let's Encrypt 的 SSL certificate (先幫 home.gslin.org 申請),等了好幾天,在剛剛收到信就弄了弄,還蠻順利就設好了。

可以看到 Let's Encrypt Authority X1DST Root CA X3 簽名的情況,而後者已經被大多數瀏覽器所確認了:

首先是先把 letsencrypt client 拉下來:

$ git clone https://github.com/letsencrypt/letsencrypt

接著執行認證:

$ cd letsencrypt
$ ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly

執行時會先建立環境 (由於需要寫到 /etc/letsencrypt 裡面,會需要 root 或 sudo 權限)。

接下來會跳出一些畫面讓你設定,包括 hostname 以及聯絡資訊,再來就是認證的方式 (我是跳出使用 apache 或是 standalone web server),由於我的 port 443 已經被 apache 吃掉,所以需要用 apache。

最後認證成功會出現:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/home.gslin.org/fullchain.pem. Your cert will
   expire on 2016-02-02. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.

有效期限 90 days,雖然裡面是講 fullchain.pem,但其實每個檔案都有拆開放,看一下 /etc/letsencrypt/live/home.gslin.org/ 路徑裡的檔案,設定對應的 cert/chain/key 應該還是比較習慣的作法。

官方目前的建議是 60 days 重新 renew 一次,也許可以設成 cron,每兩個月自動更新一次 (並且 reload apache)。