Let's Encrypt 從七月開始將會改用自己的 Root 簽發憑證

Let's Encrypt 宣佈了以後的憑證的簽發計畫:「Transitioning to ISRG's Root」。

主要的改變是 2019/07/08 之後提供的 intermediate CA 會改變,從現在的 cross-sign 變成只有自己的 Root CA:

On July 8, 2019, we will change the default intermediate certificate we provide via ACME. Most subscribers don’t need to do anything. Subscribers who support very old TLS/SSL clients may want to manually configure the older intermediate to increase backwards compatibility.

目前的簽發用的兩個中介憑證 (Let's Encrypt Authority X3Let's Encrypt Authority X4) 是由 Let's Encrypt 自己的 ISRG Root X1IdenTrustDST Root CA X3 所 共同簽署的:

這是因為 IdenTrust 的 DST Root CA X3 憑證很久前就被各家瀏覽器信任 (像是 Mozilla 的「Request to add two additional IdenTrust root CA certificates」這篇,可以看到 2007 年就被放進去了),而 Let's Encrypt 當時為了更快把可用的產品推出,所以跟 IdenTrust 合作,採用 cross sign 的方式讓 Let's Encrypt 簽出來的憑證被一般瀏覽器與函式庫所信任。

現在差不多過了三年半,Let's Encrypt 成為目前世界上最大的 SSL Certificate 發放單位,加上自己的 Root CA (ISRG Root X1) 也都差不多被整合進各家系統內了,所以打算要獨立自己簽了。

不過系統上可以設定,使用者如果有遇到相容性問題 (太舊的系統可能還是不包含 Let's Encrypt 自家的 ISRG Root X1),還是可以設定使用有 cross-sign 的版本 (維持現狀)。與 IdenTrust 的 cross-sign 會維持到 2021 年九月,大約再兩年多一些:

Our current cross-signature from IdenTrust expires on March 17, 2021. The IdenTrust root that we are cross-signed from expires on September 30, 2021. Within the next year we will obtain a new cross-signature that is valid until September 29, 2021. This means that our subscribers will have the option to manually configure a certificate chain that uses IdenTrust until September 29, 2021.

對於自用來說應該沒什麼大影響,主要是企業用戶要注意相容性...

Amazon EC2 推出 4TB 的機器

之前 Amazon EC2 記憶體最大的機器是 x1.32xlarge 的 2TB RAM (更精確是 1952GB),現在推出了 4TB RAM 的 x1e.32xlarge (3904GB):「Now Available – EC2 Instances with 4 TB of Memory」。

現在這個時間點在 us-east-1 的價錢是 USD$26.688/hour (一個月 USD$19215.36),用的到的人應該付得起?

另外值得注意的是,x1e.32xlarge 雖然比 x1.32xlarge 多了一倍的記憶體,但 vCPU 不變 (都是 128),而且 ECU 下降了 (從 349 降到 340)。

這個機器目前在 us-east-1us-west-2eu-west-1ap-northeast-1 四區提供服務:

The x1e.32xlarge instances can be launched in On-Demand and Reserved Instance form via the AWS Management Console, AWS Command Line Interface (CLI), AWS SDKs, and AWS Marketplace in the US East (Northern Virginia), US West (Oregon), EU (Ireland), and Asia Pacific (Tokyo) Regions.

AWS 最新的 x1.32xlarge...

Amazon EC2 推出了 x1.32xlarge:「X1 Instances for EC2 – Ready for Your Memory-Intensive Workloads」。

看這精美的規格:

Processor: 4 x Intel™ Xeon E7 8880 v3 (Haswell) running at 2.3 GHz – 64 cores / 128 vCPUs.
Memory: 1,952 GiB with Single Device Data Correction (SDDC+1).
Instance Storage: 2 x 1,920 GB SSD.

不過需要申請才能用,目前也只有其中幾區有提供:

If you are ready to start using the X1 instances in the US East (Northern Virginia), US West (Oregon), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), or Asia Pacific (Sydney) Regions, please request access and we’ll get you going as soon as possible.

這樣以後就不能說「用 C4 就對了」...

EC2 推出超大的 X1 系列與超小的 T2.Nano

都還沒上線,先公告而已:「EC2 Instance Update – X1 (SAP HANA) & T2.Nano (Websites)」。

Amazon EC2 將會推出了超大的 X1 系列,Intel Xeon E7 系列與 2TB RAM (比很多人硬碟大小還大 XDDD),拿來跑各種暴力應用的:

The X1 instances will be powered by up to four Intel® Xeon® E7 processors. The processors have high memory bandwidth and large L3 caches, both designed to support high-performance, memory-bound applications. With over 100 vCPUs, these instances will be able to handle highly concurrent workloads with ease.

X1 系列預定 2016 年上半年會開放使用:

We expect to have the X1 available in the first half of 2016. I’ll share pricing and other details at launch time.

另外是 T2.Nano,只有 512MB RAM,預定是今年會開放使用:

Later this year we will introduce the t2.nano instance. You’ll get 1 vCPU and 512 MB of memory, and the ability run at full core performance for over an hour on a full credit balance. Each newly launched t2.nano starts out with sufficient CPU Credits to allow you to get started as quickly as possible.