越来越多的证据表明,银河系中心有一个质量400万倍于太阳的神秘物体,称为人马座A *的物体被众多天文学家认为是超大质量黑洞,形成于创世大爆炸一亿年后。超大质量黑洞吸引了大量气体尘埃,最终形成了我们今天的银河系。但一个问题是,一亿年不足以让一个黑洞成长到如此巨大。人马座A *的另一种替代解释是:它是虫洞,连接银河与宇宙的另外一个区域,甚至可能是连接另一个多重宇宙。
宇宙学家相信,虫洞能在创世大爆炸后的瞬间形成,能在暴涨过程中幸存下来,这些超大质量物体会像黑洞一样藏身于视界之内。上海复旦大学物理系的两位科学家在预印本网站上发表论文(PDF),提出了区分虫洞和黑洞的方法,但目前还没有望远镜能提供区分两者的高分辨图像。位于智利的超大望远镜干涉阵列(Very Large Telescope Interferometer)的升级仪器GRAVITY 或许能在未来几年解开这一谜团。
英语将在2016年退出高考是谣言,真相是2017年退出。中国教育学会会长顾明远透露,全国将在2017年执行高考新方案,语文、数学重要性提升,英语退出高考。
他说,“教育部前天刚举行相关会议,近期估计就要发文了。在新高考方案里,英语不叫退出高考,而是改成社会考试。也就是说,英语不再和以前一样,集中在6月7、 8、9日统一考试,而是由社会机构组织考试,学生高中三年可以考多次,成绩和大学英语四六级一样分等级,全国都如此。高考招生时,不同的学校会对英语提出 不同的等级要求。不太会按照等级折算成分数,计入高考成绩,而是以等级为主。”社会机构组织的英语等级考试,不意味就是现在的高中英语会考。顾明远透露,以后高校自主招生考试会增加,比如大学要招生物专业的,自主招生时就会多考生物这块,以后大学自主招生会偏重,你要学什么就考什么。
Everyone in the DNS community agrees that DNS’s security model is woefully outdated. Conceived at a time when there were fewer computers on the Internet than are housed by even today’s smallest data centers, DNS unfortunately has no strong protection against malicious parties hoping to exploit web users. What little protection it does offer is mostly derived from novel uses of non-security features (e.g., UDP source port and transaction ID randomization).
For more than 15 years, the IETF has been working on DNSSEC, a set of extensions to apply digital signatures to DNS. Millions of dollars in government grants and several reboots from scratch later, DNSSEC is just starting to see real world testing. And that testing is minimal — only about 400 of the more than 85,000,000 .com domains support DNSSEC, fewer than 20% of US government agencies met their mandated December 31, 2009 deadline for DNSSEC deployment, and only two of the thirteen root zone name servers is testing with even dummy DNSSEC data.
Aside from its lack of adoption, DNSSEC isn’t even a very satisfactory solution. It adds tremendous complexity to an already fragile protocol, significantly increases DNS traffic in size, encourages questionable security practices, and hamstrings many modern uses of DNS.
DNSCurve is more like TLS for DNS servers, in comparison to DNSSEC, which is signed records. DNSCurve uses point-to-point cryptography to secure communication, while DNSSEC uses pre-calculated signatures to ensure the accuracy of the supplied records.
So we can summaraize it like this:
DNSSEC: Accurate Results
DNSCurve: Encrypted Traffic
Theoretically you can use traffic encryption to ensure accuracy, the way TLS does for websites. Except that it’s not really the encryption that’s ensuring your accuracy, is the authentication provided through the PKI. And there’s a set of critical problems with the basic DNSCurve PKI.
The first problem here is that with DNSCurve, each and every DNS server involved needs a private key, and since the key signature is encoded into the resolver’s address, then in the case of anycast DNS servers, each server needs the same private key. But even if they use different keys, you’re still trusting the local security where the DNS Server is installed. If the server is installed somewhere hostile, then the results can be compromised. This is not true with DNSSEC.
ICANN has stated that, in the case of the DNS Root zone servers, DNSCurve will not be implemented, ever. Many of the root servers operate in less-trusted locations, and the potential for abuse by local governments would be enormous. This is precisely why DNSSEC was designed such that signing happens outside the DNS server. DNS relies on a vast network of server which may not be individually trustworthy, so DNSSEC was designed such that the trust is based solely on the informationthey serve, not the honesty of the operator.
The second problem is that DNSCurve secures the public key by encoding it into the resolver name. But DNSSEC does not sign the resolver name. This means that DNSSEC (which is implemented in the root zone) cannot be used as a trust root for DNSCurve, because the one thing that DNSCurve requires to be accurate is in fact the very thing for which DNSSEC cannot ensure accuracy.
So essentially DNSCurve is pretty much a non-starter. While it can be used to guarantee the security of your communication with a single DNS resolver, there currently is no way of globally anchoring your trust in a way that could guarantee the accuracy of any results you retrieve.
Unless DNSCurve is re-designed to allow for trusted key distribution, it will have to remain a client-side security tool rather than a tool for ensuring the authenticity of DNS records.
Since DNSCurve is relatively new and was developed largely by djb in isolation, presumably these show-stopping issues were simple oversights on his part, and may be fixed at some future date. Though given Dr. Bernstein’s track record of maintaining his inventions, I wouldn’t hold my breath.
2014年5月14日凌晨12:53:20分,代表着UNIX纪元1400000000秒,这是一个具有历史意义的时间。UNIX时间是UNIX或类UNIX系统使用的时间表示方式,从协调世界时1970年1月1日0时0分0秒起至现在的总秒数,不包括闰秒。下一次1500000000秒是在2017年7月14日。
阿里云技术团队 发表于2014年5月8日 | 阅读(17,385) 评论 (211)
我们迈向全球化的第一站,选在了国际金融中心——香港。
5月12日,大家期待已久的阿里云香港数据中心将正式投入使用,同时我们已着手在全球更多地区选址数据中心。
我们已整装待发,阿里云正式进军全球云计算市场。
香港数据中心将成为中国企业拓展海外市场和海外公司服务中国用户的网络通道。以前,如果中国的互联网公司希望服务海外用户,需要在当地租用部署服务器,面临语言、当地法律政策、换汇等各种麻烦。现在通过阿里云平台,在中国本地即可便捷、快速地实现网站、服务后台的部署。进军海外市场不用大动干戈,只需要键盘鼠标点一点。
今后,世界各地任何一家互联网企业,都可以选择中国高性价比的云计算服务,来开发运营他们的产品。我们拥有完整的云计算服务产品线,是中国云计算领域的首选品牌,并拥有英国标准协会颁发的全球首张云安全国际认证金牌。此前,我们已为达能等国际品牌提供服务。
香港,是我们在杭州、青岛、北京之后,全球第四个部署数据中心的地区。香港数据中心由阿里云与香港名气通电讯共同建设运营,网络光纤除接通中国大陆外,还包括香港、新加坡、英国、美国及欧洲等国际级电信商。我们将可借此,为香港、东南亚乃至全球用户提供快速、稳定的云计算服务。
为何选香港作为“出海”第一站?——我们希望将云计算服务先铺设到需求量最大的地方。中国企业对拓展东南亚业务有较大的需求,很多游戏开发者、消费电子和电商类企业,都将东南亚市场作为走出国门的第一站。对于东南亚地区来说,香港的地理及市场优势十分明显。另外,香港对欧美的网路连接也相对快速,容量充足,可以满足国际化用户的需求。
另一个重要原因是香港的国际金融中心地位。金融行业对计算能力、稳定性及数据安全的要求,是所有行业中最为严苛的,阿里云计算则在这方面积累了丰富的经验,众安保险、天弘基金、浙商证券等数十家金融机构在阿里云的帮助下成功“去IOE”(IBM小型机、Oracle数据库、EMC存储设备),采用金融云的服务。选址香港,也是瞄准了香港众多的金融行业客户。
合作伙伴名气通总经理黄耀宗表示,该数据中心位于将军澳工业邨,该园区得到香港政府大力支持,大型海底光缆相继登陆于此,未来将发展成为亚洲的数据中心枢纽。且该地临近多个世界级数据中心,如大型银行及交易所的数据中心等。阿里云香港数据中心拥有这些竞争优势,便于服务更多金融界客户。 Continue reading »