Splitgraph 把公開資料轉成 PostgreSQL 服務

看到「Port 5432 is open: introducing the Splitgraph Data Delivery Network」這個,Splitgraph 把 public dataset 轉成 PostgreSQL 服務:

We launch the Splitgraph Data Delivery Network: a single endpoint that lets any PostgreSQL application, client or BI tool to connect and query over 40,000 public datasets hosted or proxied by Splitgraph.

這樣看起來可以讓很多 BI 工具直接接進來用,如果再支援 ODBC 或是 JDBC 的話通用性就更好了,但目前沒看到定價策略 (感覺應該頗好賣的?),應該是還在開發階段?

丟給公司內 data team 看一下好了,如果資料的品質沒問題的話,感覺會是個好用的服務...

Cloudflare 也推出自己的 Speed Test 服務

Cloudflare 推出了自己的 Speed Test 服務:「Test your home network performance」。

這個服務跟 Netflix 推出的 fast.com 類似,測試的是使用者端到 Netflix (或是 Cloudflare) 中間的速度,主要的目的還是公關 (PR),所以看看就好,實際上用 Speedtest 測出來會比較有參考價值,而且可以選擇不同的點測試...

不過這讓我想到之前有人測出來遠傳會對偵測使用者要使用 Speedtest 測試時開放速限的情況 (像是「遠傳吃到飽只有 Speedtest 沒限速」這篇),然後就有各種定時去打 Speedtest 觸發開放速限的方法...

目前好像只剩下這篇活著,內文提到的是 Android 上的方法,另外推文有人提到 iOS 下的方法:「[心得] 在Android破解遠X限速」,如果有遇到的可以用看看...

ICANN 否決 .org 與 .ngo 的交易

ICANN 否決了 .org.ngo 網域控制權的交易:「ICANN Board Withholds Consent for a Change of Control of the Public Interest Registry (PIR)」。

Today, the ICANN Board made the decision to reject the proposed change of control and entity conversion request that Public Interest Registry (PIR) submitted to ICANN.

事情主要是起於 PIR (Public Interest Registry) 在 2019/11/13 宣佈他們的母單位 ISOC (Internet Society) 將被 Ethos Capital 併購,而這包含了 .org.ngo 網域的資產,這也代表了由 PIR 控制的網域會從非營利單位移到營利單位下 (總共有七個網域,其中最重要的是 .org,有超過一千萬個網域在上面),於是引發許多人的關注:

On 13 November 2019, PIR announced that ISOC, its parent organization, had reached an agreement with Ethos Capital, under which Ethos Capital would acquire PIR and all of its assets from ISOC. Under the agreement, PIR would also be converted from a Pennsylvania not-for-profit corporation to a for-profit Pennsylvania limited liability company. ISOC created and agreed to the transaction details that are under review.

而在隔天 2019/11/14,PIR 依照規定向 ICANN 送出「Notice of Indirect Change of Control and Entity Conversion」申請,依照規定,ICANN 需要在 2020/05/04 前批准或是否決,也就是這幾天就要做出決定。

而 ICANN 昨天宣佈了否決這項提案,暫時搞定了這件事情... 接下來看 Ethos Capital 會不會有什麼反擊 (上訴或是上法院)。

Facebook 提供 Public NTP Service

在「Building a more accurate time service at Facebook scale」這邊 Facebook 講了不少跟 NTP 有關的東西,不過重點在他們提供 Public NTP service:

Having five independent geographically distributed endpoints helps us provide better service — even in the event of a network path failure. So we provide five endpoints:

  • time1.facebook.com
  • time2.facebook.com
  • time3.facebook.com
  • time4.facebook.com
  • time5.facebook.com

Each of these endpoints terminates in a different geographic location, which has a positive effect on both reliability and time precision.

看起來是混了 anycast 進去,從台灣 (HiNet) 走的話,time1.facebook.com 會到東京,time2.facebook.com 到大阪 (難得在 traceroute 上看到 ITM 這個代碼,代表 伊丹機場),time3.facebook.com 則是台灣,time4.facebook.com 到香港,time5.facebook.com 好像是馬來西亞?看 latency 與 maa 這個詞... (Update:應該是清奈國際機場)

可以考慮看看,另外 Google Public NTP 也是個選項。

hiQ 爬 LinkedIn 資料的無罪判決

hiQ 之前爬 LinkedIn 的公開資料而被 LinkedIn 告 (可以參考 2017 時的「hiQ prevails / LinkedIn must allow scraping / Of your page info」),這場官司一路打官司打到第九巡迴庭,最後的判決確認了 LinkedIn 完全敗訴。判決書在「HIQ LABS V. LINKEDIN」這邊可以看到。

這次的判決書有提到當初地方法院有下令 LinkedIn 不得用任何方式設限抓取公開資料:

The district court granted hiQ’s motion. It ordered LinkedIn to withdraw its cease-and-desist letter, to remove any existing technical barriers to hiQ’s access to public profiles, and to refrain from putting in place any legal or technical measures with the effect of blocking hiQ’s access to public profiles. LinkedIn timely appealed.

而在判決書裡其他地方也可以看到巡迴庭不斷確認地方法院當時的判決是合理的,並且否定 LinkedIn 的辯解:(這邊只拉了兩段,裡面還有提到很多次)

In short, the district court did not abuse its discretion in concluding on the preliminary injunction record that hiQ currently has no viable way to remain in business other than using LinkedIn public profile data for its Keeper and Skill Mapper services, and that HiQ therefore has demonstrated a likelihood of irreparable harm absent a preliminary injunction.

We conclude that the district court’s determination that the balance of hardships tips sharply in hiQ’s favor is not “illogical, implausible, or without support in the record.” Kelly, 878 F.3d at 713.

到巡迴庭差不多是確定的判決了,沒有其他特別的流程的話...

Square 在使用條款裡禁止 AGPLv3+ 的軟體

雖然 AGPL 系列的確不是什麼好貨色,也的確有不少人批評過,但 Square 直接透過自家的平台服務攻擊 AGPLv3+ 就很稀奇了?

在「Square’s terms of service forbid use of AGPL-licensed software in online stores (squareup.com)」這邊看到的,公告的條款 (尚未生效) 是「Additional Point of Sale Terms of Service」這個站台,出自於這段:

B. Content Restrictions. In addition to the restrictions set forth in these Additional Product Terms, the General Terms and Payment Terms, you will not:

[...]

15. use, under any circumstance, any open source software subject to the GNU Affero General Public License v.3, or greater;

是直接指名而不是誤殺,不知道是發生什麼事情...

現在 Hacker News 上有些人猜測是律師團認為 AGPL 會反過來影響 Square 自己的程式碼也被感染?反正現在變成 PR 事件了,加上資訊也不足,先蹲著看...

靜態網頁服務的選擇

Hacker News 上看到「Show HN: Scar – Static websites with HTTPS, a global CDN, and custom domains (github.com)」這篇,除了文章連結外,留言提到了不少工具...

一種是透過 GitHub Pages 的方式提供服務,或是透過 Netlify,需求真的需要動到 AWS 元件的情況其實還是考慮用傳統一點的架構 (EC2 或是 VPS) 會更有彈性。

算是提出一個雞肋後,其他人把真正有用的工具整理了出來...

Slack 丟出 S-1 要 IPO...

最近一波 IPO 潮,現在輪到了 Slack

Form S-! 的資料可以在「slacks-1.htm」這邊抓到,裡面有些數字可以看看,懶的看的話可以看 TechCrunch 的整理:「Slack files to go public, reports $138.9M in losses on revenue of $400.6M」。

算是相當快的,2013 年八月到現在還不到六年...

美國政府發行的字型 Public Sans

Public Sans 是一套美國政府出資而產生的無襯線字型,專案放在 GitHub 上 (uswds/public-sans)。這套自行不是全部都自己刻,而是改自於 Libre Franklin Font (以 SIL Open Font License v1.1 授權,而 Public Sans 沿用同樣授權)。

第一個目標是授權:

Be available as a free, open source webfont on any platform.

另外是使用的廣度:

Have a broad range of weights and a good italic.
Perform well in headlines, text, and UI.

Have good multilingual support.
Allow for good data design with tabular figures.

在 GitHub 頁面上有整理與 Libre Franklin 的差異,可以看到配合現在的呈現媒體而做了不少調整。

Facebook 員工爆料內部密碼存了明碼

Krebs on Security 這邊看到的:「Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years」,Facebook 官方的回應在「Keeping Passwords Secure」這邊。

幾個重點,第一個是範圍,目前已經有看到 2012 的資料都有在內:

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords dating back to 2012.

另外的重點是這些資料已經被內部拿來大量搜尋 (喔喔):

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

另外是 Legal 與 PR 都已經啟動處理了,對外新聞稿會美化數字,降低傷害:

“The longer we go into this analysis the more comfortable the legal people [at Facebook] are going with the lower bounds” of affected users, the source said. “Right now they’re working on an effort to reduce that number even more by only counting things we have currently in our data warehouse.”

另外也會淡化後續的程序:

Renfro said the company planned to alert affected Facebook users, but that no password resets would be required.

去年的另外一則新聞可以交叉看:「Facebook’s security chief is leaving, and no one’s going to replace him」:

Instead of building out a dedicated security team, Facebook has dissolved it and is instead embedding security engineers within its other divisions. “We are not naming a new CSO, since earlier this year we embedded our security engineers, analysts, investigators, and other specialists in our product and engineering teams to better address the emerging security threats we face,” a Facebook spokesman said in an email. Facebook will “continue to evaluate what kind of structure works best” to protect users’ security, he said.

看起來又要再換一次密碼了... (還好已經習慣用 Password Manager,所以每個站都有不同密碼?)

喔對,另外補充一個概念,當他們說「我們沒有證據有人存取了...」的時候,比較正確的表達應該是「我們沒有稽核這塊... 所以沒有證據」。