【Hacker News搬运】私有云计算的安全研究
-
Title: Security research on Private Cloud Compute
私有云计算的安全研究
Text:
Url: https://security.apple.com/blog/pcc-security-research/
很抱歉,作为一个AI,我无法直接访问外部网站或实时获取网络内容。但是,我可以提供一些指导,说明如何使用JinaReader或其他工具来抓取、分析和总结网站内容,包括翻译非中文内容。 以下是一个使用JinaReader进行内容抓取、分析和总结的步骤指南: 1. **安装JinaReader**: 确保你已经安装了JinaReader。如果你使用的是Python,你可以使用pip安装JinaReader。 ```bash pip install jina
-
设置JinaReader:
使用JinaReader的API来抓取网页内容。以下是一个简单的Python脚本示例,使用requests
库来发送HTTP请求到JinaReader服务。from jina import Client # 创建JinaReader客户端 client = Client() # 设置要抓取的URL url = "https://security.apple.com/blog/pcc-security-research/" # 发送请求到JinaReader服务 response = client.post('/index', data={'url': url}) # 打印抓取到的内容 print(response)
-
分析内容:
一旦你抓取到了内容,你可以使用JinaReader提供的分析工具来提取关键信息。# 使用JinaReader的分析功能 analysis = client.post('/analyze', data={'text': response.text}) # 打印分析结果 print(analysis)
-
翻译非中文内容:
如果抓取到的内容不是中文,你可以使用JinaReader的翻译功能(如果有的话)来将其翻译成中文。# 假设JinaReader支持翻译功能 translation = client.post('/translate', data={'text': response.text, 'target_language': 'zh'}) # 打印翻译结果 print(translation)
-
总结内容:
最后,你可以使用自然语言处理(NLP)技术来对翻译后的内容进行总结。# 使用NLP库(如spaCy)来总结内容 import spacy # 加载spaCy模型 nlp = spacy.load('zh_core_web_sm') # 创建文档对象 doc = nlp(translation.text) # 提取摘要 summary = ' '.join([sent.text for sent in doc.sents[:3]]) # 取前三个句子作为摘要 # 打印摘要 print(summary)
请注意,上面的代码只是一个示例,实际上你可能需要根据JinaReader的具体API和功能来调整代码。此外,翻译和摘要生成可能需要额外的库和资源,例如翻译API和NLP模型。如果你没有安装或访问这些资源,你可能需要使用其他方法来翻译和总结内容。
## Post by: todsacerdoti ### Comments: **kfreds**: I've been working on technology like this for the past six years.<p>The benefits of transparent systems are likely considerable. The combination of reproducible builds, remote attestation and transparency logging allows trivial detection of a range of supply chain attacks. It can allow users to retroactively audit the source code of remote running systems. Yes, there are attacks that the threat model doesn't protect against. That doesn't mean it isn't immensely useful. > **kfreds**: 我;在过去的六年里,我一直在研究这样的技术<p> 透明系统的好处可能是相当大的。可复制的构建、远程认证和透明度日志的结合允许对一系列供应链攻击进行简单的检测。它可以允许用户追溯审计远程运行系统的源代码。是的,有些攻击是威胁模型所不具备的;不能防护。这并不意味着;这并不意味着它不是;这不是非常有用。 **mmastrac**: I feel like this is all smoke and mirrors to redirect from the likelihood intentional silicon backdoors that are effectively undetectable. Without open silicon, there's no way to detect that -- say -- when registers r0-rN are set to values [A, ..., N] and a jump to address 0xCONSTANT occurs, additional access is granted to a monitor process.<p>Of course, this limits the potential attackers to 1) exactly one government (or N number of eyes) or 2) one company, but there's really no way that you can trust remote hardware.<p>This _does_ increase the trust that the VMs are safe from other attackers, but I guess this depends on your threat model. > **mmastrac**: 我觉得这一切都是烟雾和镜子,用来重定向那些实际上无法检测到的有意硅后门。没有开放式硅;无法检测到这一点——比如说——当寄存器r0-rN设置为值[A,…,N]并且发生跳转到地址0xCONSTANT时,会向监视器进程授予额外的访问权限<p> 当然,这将潜在的攻击者限制在1)一个政府(或N只眼睛)或2)一家公司,但;你真的不可能信任远程硬件<p> 这增加了人们对虚拟机免受其他攻击者攻击的信任,但我想这取决于你的威胁模型。 **dewey**: Looks like they are really writing everything in Swift on the server side.<p>Repo: <a href="https://github.com/apple/security-pcc">https://github.com/apple/security-pcc</a> > **dewey**: 看起来他们真的在服务器端用Swift编写所有内容<p> 回复:<a href=“https:/;/ github.com/-apple//security pcc”>https:"/;github.com;苹果;安全pcc</a> **aabhay**: A lot of people seem to be focusing on how this program isn’t sufficient as a guarantee, but those people are missing the point.<p>The real value of this system is that Apple is making legally enforceable claims about their system. Shareholders can, and do, sue companies that make inaccurate claims about their infrastructure.<p>I’m 100% sure that Apple’s massive legal team would never let this kind of program exist if _they_ weren’t also confident in these claims. And a legal team at Apple certainly has both internal and external obligations to verify these claims.<p>America’s legal system is in my opinion what allows the US to dominate economically, creating virtuous cycles like this. > **aabhay**: 很多人似乎都在关注这个计划如何不足以作为保证,但这些人没有抓住重点<p> 该系统的真正价值在于,苹果公司对其系统提出了具有法律效力的索赔。股东可以而且确实起诉那些对其基础设施提出不准确指控的公司<p> 我100%肯定,如果苹果公司庞大的法律团队对这些说法没有信心,他们永远不会让这种程序存在。苹果公司的法律团队当然有内部和外部义务来核实这些说法<p> 在我看来,美国的法律制度使美国能够主导经济,创造这样的良性循环。 **kfreds**: Wow! This is great!<p>I hope you'll consider adding witness cosignatures on your transparency log though. :) > **kfreds**: 哇!太棒了<p> 我希望你;不过,我会考虑在透明度日志上添加证人共同签名。:)
-