Home » Posts tagged "program"

2017 年 CA/Browser Forum 在台北辦的見面會議的會議記錄出爐了...

2017 年 CA/Browser Forum 在台北舉辦的見面會議,會議記錄總算是出爐了:「2017-10-04 Minutes of Face-to-Face Meeting 42 in Taipei - CAB Forum」。

由於是辦在台北,所以台灣很多單位都有出席,像是中央警察大學 (1)、中華電信 (11)、日盛聯合會計師事務所 (1)、TWCA (3):

Attendance: Peter Bowen (Amazon); Geoff Keating and Curt Spann (Apple); Jeremy Shen (Central Police University); Franck Leroy (Certinomis / Docapost); Wayne Chan and Sing-man Ho (Certizen Limited); Wen-Cheng Wang, Bon-Yeh Lin, Wen-Chun Yang, Jenhao Ou, Wei-Hao Tung, Chiu-Yun Chuang, Chung-Chin Hsiao, Chin-Fu Huang, Li-Chun Chen, Pin-Jung Chiang, and Wen-Hui Tsai (Chunghwa Telecom); Alex Wight and JP Hamilton (Cisco), Robin Alden (Comodo), Gord Beal (CPA Canada), Ben Wilson and Jeremy Rowley (DigiCert), Arno Fiedler and Enrico Entschew (D-TRUST); Kirk Hall (Entrust Datacard); Ou Jingan, Zhang Yongqiang, and Xiu Lei (GDCA); Atsushi Inaba and Giichi Ishii (GlobalSign); Wayne Thayer (GoDaddy); Devon O’Brien (Google); David Hsiu (KPMG); Mike Reilly (Microsoft); Gervase Markham and Aaron Wu (Mozilla); Hoang Trung La (National Electronic Authentication Center (NEAC) of Vietnam); Tadahiko Ito (Secom Trust Systems); Leo Grove and Fotis Loukos (SSL.com); Brian Hsiung (Sunrise CPA Firm); Steve Medin (Symantec); Frank Corday and Tim Hollebeek (Trustwave); Robin Lin, David Chen, and Huang Fu Yen (TWCA); and Don Sheehy and Jeff Ward (WebTrust).

開頭有提到會議記錄 delay 的情況:

Preliminary Note: The CA/Browser Forum was delayed in completing the minutes for its last Face-to-Face meeting Oct. 4-5, 2017 in Taipei, and the proposed final Minutes were only sent by the Chair to the Members on December 13, 2017 for their review. There was not enough time for Members to review the draft before the next teleconference of December 14, and the teleconference of December 28 was cancelled due to the holidays. The next Forum teleconference is scheduled for January 11, 2018.

會議記錄很長,主要是有不少主題被拿到見面會議上討論,另外有一半的篇幅是在說明各家 root program policy 的變化。

下次的見面會議會在三月,然後會由 Amazon 辦在東岸:

Peter confirmed the next F2F meeting will be hosted by Amazon on March 6-8, 2018 at its Herndon, Virginia location. More information will be provided in the coming months.

去電視廣告的服務又來了...

看到「Plex’s DVR now lets you skip the commercials… by removing them for you」這篇文章,介紹 Plex 要推出去電視廣告的服務...

維基百科上的介紹比較清楚:「Plex (software)」,主要有兩個元件組成,media server 與 player:

  • The Plex Media Server desktop application runs on Windows, macOS and Linux-compatibles including some types of NAS devices. The 'server' desktop application organizes video, audio and photos from your collections and from online services, enabling the players to access and stream the contents.
  • The media players. There are official clients available for mobile devices, smart TVs, and streaming boxes, a web app and Plex Home Theater (no longer maintained), as well as many third-party alternatives.

然後這次要推出的功能是直接在錄影的時候把廣告拿掉:

Plex confirmed it’s rolling out a new feature that will allow cord cutters to skip the commercials in the TV programs recorded using its software, making the company’s lower-cost solution to streaming live TV more compelling. Unlike other commercial-skip options, Plex’s option will remove commercials from recordings automatically.

這讓我有些印像... 當年 TiVo 也有類似的功能,不過文章裡有提到 TiVo 是提供 skip 而非直接拿掉:

The new feature works by locating the commercials in your recorded media. It then actually removes them before the media is stored in your library. That sounds like it could be even better than TiVo’s commercial skipping option, for example, because you don’t have to press a button to skip the ads — they’re being pulled out for you, proactively.

不過主要是認識了 Plex 這個軟體... 如果是電視兒童的話應該用的到 XD 台灣目前的電視節目好像看的比較少...

CMU 推出 Product Management 的課程

CMUCS (Computer Science) 發的新聞稿:「Carnegie Mellon Offers New Master's Degree in Product Management」。

副標也清楚寫出是一年的課程:

One-Year Program Turns Computer Professionals Into "CEOs of the Product"

除了 CMU CS 外,也結合了 CMU 的 Tepper Business School 一起開:

A joint program of the university's School of Computer Science (SCS) and Tepper School of Business, the Master of Science in Product Management (MSPM) program will start January 2018.

另外一個不同角度的 Product Management。

Mozilla 也在考慮對 Certificate Transparency 的掌握度

由於 Firefox 要支援 Certificate Transparency 的緣故,在「Mozilla CT Policy」這邊 Mozilla 在討論要建立自己的 CT policy 以及自己的架構:

CT is coming to Firefox. As part of that, Mozilla needs to have a set of CT policies surrounding how that will work. Like our root inclusion program, we intend to run our CT log inclusion program in an open and transparent fashion, such that the Internet community can see how it works and how decisions are made.

這樣就有個開頭了...

印度對軟體專利的限制

印度對軟體專利加以限制:「No patent if invention lies only in computer program, says Indian Patent Office」,新的規定規範了如果是程式內所跑出來的創新 (invention),那麼就不可以被專利化:

The new guideline says that if the contribution of the invention lies only in computer program, the examiner should deny the patent claim.

基於程式本身不可專利,那麼完全由程式所產生出來的創新也不應該有專利權:

"The computer program in itself is never patentable. If the contribution lies solely in the computer program, deny the claim. If the contribution lies in both the computer program as well as hardware, proceed to other steps of patentability," it added.

把家裡的機器換上 Let's Encrypt 的 SSL certificate

依照「Beta Program Announcements」這邊的指示去填單申請 Let's Encrypt 的 SSL certificate (先幫 home.gslin.org 申請),等了好幾天,在剛剛收到信就弄了弄,還蠻順利就設好了。

可以看到 Let's Encrypt Authority X1DST Root CA X3 簽名的情況,而後者已經被大多數瀏覽器所確認了:

首先是先把 letsencrypt client 拉下來:

$ git clone https://github.com/letsencrypt/letsencrypt

接著執行認證:

$ cd letsencrypt
$ ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly

執行時會先建立環境 (由於需要寫到 /etc/letsencrypt 裡面,會需要 root 或 sudo 權限)。

接下來會跳出一些畫面讓你設定,包括 hostname 以及聯絡資訊,再來就是認證的方式 (我是跳出使用 apache 或是 standalone web server),由於我的 port 443 已經被 apache 吃掉,所以需要用 apache。

最後認證成功會出現:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/home.gslin.org/fullchain.pem. Your cert will
   expire on 2016-02-02. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.

有效期限 90 days,雖然裡面是講 fullchain.pem,但其實每個檔案都有拆開放,看一下 /etc/letsencrypt/live/home.gslin.org/ 路徑裡的檔案,設定對應的 cert/chain/key 應該還是比較習慣的作法。

官方目前的建議是 60 days 重新 renew 一次,也許可以設成 cron,每兩個月自動更新一次 (並且 reload apache)。

Let's Encrypt 的 Limited Beta

Let's Encrypt 在拿到 IdenTrust 提供的 cross sign (參考「Let's Encrypt 正式出發」) 後所啟動的計畫:「Beta Program Announcements」。

要先透過 Google Forms 填單等待,等通過後要指定 production server 才會發出來。

要注意的是,Let's Encrypt 發出來的 SSL certificate 會比較短,只有 90 天有效,設計上是依靠自動機制在更新,所以理論上不會有問題:

Certificates from Let's Encrypt are valid for 90 days. We recommend renewing them every 60 days to provide a nice margin of error. As a beta participant, you should be prepared to manually renew your certificates at that time. As we get closer to General Availability, we hope to have automatic renewal tested and working on more platforms, but for now, please play it safe and keep track.

再來是有註冊限制,分成 Registrations/IP address 與 Certificates/Domain 兩個限制:

There are two rate limits in play: Registrations/IP address, and Certificates/Domain.

前者的限制是每天 10 次:

Registrations/IP address limits the number of registrations you can make in a given day; currently 10. This means you should avoid deleting the /etc/letsencrypt/accounts folder, or you may not be able to re-register.

後者的限制是每個 domain 只給 4 個 certificate:

Certificates/Domain you could run into through repeated re-issuance. This limit measures certificates issued for a given combination of Top Level Domain + Domain. This means if you issue certificates for the following domains, at the end you would have what we consider 4 certificates for the domain example.com.

拿來測試應該是夠用。

Archives