AWS WAF 提供隨時更新的 Managed Rules

AWS WAF 推出了隨時更新的 Managed Rule:「Ready-to-Use Managed Rules Now Available on AWS WAF」。

這些 ruleset 是由 3rd-party 提供的:

Choose from preconfigured RuleGroups provided in the AWS Marketplace by industry leading security experts: Alert Logic, Fortinet, Imperva, Trend Micro and TrustWave.

然後隨時更新:

Rules are automatically updated as new threats emerge and offer a wide range of protections, including OWASP Top 10 mitigations, bad-bot defenses, and virtual patching against recent CVE’s.

然後是要收費的:

Each RuleGroup is the product of a Seller’s unique expertise, made available to you at an affordable pay-as-you-go price.

AWS Marketplace 的「Managed Rules for AWS WAF - Web Application Firewall」裡拿兩家來看看。

趨勢的「Trend Micro Managed Rules for AWS WAF - WebServer (Apache, Nginx)」與「Trend Micro Managed Rules for AWS WAF - Content Management System (CMS)」都是:

Charge per month in each available region (pro-rated by the hour) $5.00 / unit
Charge per million requests in each available region $0.20 / unit

Imperva 則是提供不一樣的選擇,在「Imperva - Managed Rules for WordPress Protection on AWS WAF」是:

Charge per month in each available region (pro-rated by the hour) $30.00 / unit
Charge per million requests in each available region $0.60 / unit

而「Imperva - Managed Rules for IP Reputation on AWS WAF」則是:

Charge per month in each available region (pro-rated by the hour) $40.00 / unit
Charge per million requests in each available region $0.40 / unit

Facebook 操弄 Trending 裡的新聞

看了 GizmodoFacebook 的對話,就有種之前某長輩常說的「沒被抓到就不算犯罪喔~」的感覺:「Former Facebook Workers: We Routinely Suppressed Conservative News」。

Gizmodo 接到前員工的線報後,再加上透過關係問到其他的前員工,證實了標題的消息:

Facebook workers routinely suppressed news stories of interest to conservative readers from the social network’s influential “trending” news section, according to a former journalist who worked on the project. This individual says that workers prevented stories about the right-wing CPAC gathering, Mitt Romney, Rand Paul, and other conservative topics from appearing in the highly-influential section, even though they were organically trending among the site’s users.

Several former Facebook “news curators,” as they were known internally, also told Gizmodo that they were instructed to artificially “inject” selected stories into the trending news module, even if they weren’t popular enough to warrant inclusion—or in some cases weren’t trending at all. The former curators, all of whom worked as contractors, also said they were directed not to include news about Facebook itself in the trending module.

當然 Facebook 對於這種沒辦法證實的事情是全盤否認,不過再重複一次某長輩的「沒被抓到就不算犯罪喔~」的經典台詞...

GitHub 上程式語言的趨勢

GitHub 給了從 2008 年到 2015 年現在,放在 GitHub 上專案所使用程式語言的排名:「Language Trends on GitHub」。

這同時包括了公開與私人 repository:

The rank represents languages used in public & private repositories, excluding forks, as detected by Linguist.

可以看到 Java 專案的排名逐步上升,應該是愈來愈多 Java 專案放到 GitHub 上 (應該是跟 Android 有關)。而 Perl 是掉出去很久了,PHP 則是萬年不動... XD