Kwanan nan akan Rubutun Rubutun , wanda ya ba da rahoton cewa babban ayyukan tsaro na Elasticsearch, wanda aka saki a cikin buɗaɗɗen sararin samaniya fiye da shekara guda da ta wuce, yanzu kyauta ne ga masu amfani.
Shafin gidan yanar gizon hukuma ya ƙunshi kalmomin "daidai" waɗanda bude tushen yakamata su kasance kyauta kuma masu aikin gina kasuwancin su akan wasu ƙarin ayyuka waɗanda suke bayarwa don mafita na kasuwanci. Yanzu tushe yana gina nau'ikan 6.8.0 da 7.1.0 sun haɗa da ayyukan tsaro masu zuwa, a baya ana samun su kawai tare da biyan kuɗin zinare:
- TLS don sadarwar rufaffiyar.
- Fayil da yanki na asali don ƙirƙira da sarrafa shigarwar mai amfani.
- Sarrafa damar mai amfani zuwa API da gungu na tushen rawar; An ba da izinin samun dama ga masu amfani da yawa zuwa Kibana ta amfani da Wuraren Kibana.
Duk da haka, canja wurin ayyukan tsaro zuwa sashin kyauta ba wani abu ne mai faɗi ba, amma ƙoƙari na haifar da nisa tsakanin samfurin kasuwanci da manyan matsalolinsa.
Kuma yana da wasu na gaske.
Tambayar "Elastic Leaked" ta dawo da sakamakon bincike miliyan 13,3 akan Google. Abin burgewa, ko ba haka ba? Bayan da aka saki ayyukan tsaro na aikin don buɗe tushen, wanda sau ɗaya ya zama kamar kyakkyawan ra'ayi, Elastic ya fara samun matsala mai tsanani tare da leaks bayanai. A zahiri, sigar asali ta juya ta zama siffa, tunda babu wanda ya goyi bayan waɗannan ayyukan tsaro iri ɗaya.
Ɗaya daga cikin fitattun bayanan da aka fi sani daga uwar garken roba shine asarar bayanan mutane miliyan 57 na Amurka, wanda game da shi. a cikin Disamba 2018 (daga baya ya zama cewa an fitar da bayanan miliyan 82 a zahiri). Sannan, a cikin Disamba 2018, saboda matsalolin tsaro da Elastic a Brazil, an sace bayanan mutane miliyan 32. A cikin Maris 2019, "kawai" takaddun sirri 250, gami da na doka, an leko daga wani sabar na roba. Kuma wannan shine shafin farko na neman tambayar da muka ambata.
A zahiri, hacking yana ci gaba har zuwa yau kuma ya fara jim kaɗan bayan an cire ayyukan tsaro ta masu haɓakawa da kansu kuma aka canza su zuwa lambar tushe.
Mai karatu na iya cewa: “To me? To, suna da matsalolin tsaro, amma wa ba ya?
Kuma yanzu hankali.
Tambayar ita ce, kafin wannan Litinin, Elastic, tare da lamiri mai tsabta, ya karɓi kuɗi daga abokan ciniki don sikelin da ake kira ayyukan tsaro, wanda aka sake shi a cikin buɗaɗɗen tushe a cikin Fabrairu 2018, wato, kimanin watanni 15 da suka gabata. Ba tare da haifar da wani babban farashi don tallafawa waɗannan ayyukan ba, kamfanin a kai a kai yana karɓar kuɗi don su daga zinare da masu biyan kuɗi na ƙima daga ɓangaren abokin ciniki na kasuwanci.
A wani lokaci, matsalolin tsaro sun zama masu guba ga kamfanin, kuma korafe-korafen abokan ciniki sun zama masu barazana, cewa kwadayi ya koma wurin zama. Duk da haka, maimakon ci gaba da ci gaba da "patching" ramukan a cikin aikin nasa, saboda abin da miliyoyin takardu da bayanan sirri na jama'a suka shiga cikin jama'a, Elastic ya jefa ayyukan tsaro a cikin sigar elasticsearch kyauta. Kuma ya bayyana hakan a matsayin babban fa'ida da gudunmawa ga budaddiyar manufa.
A cikin hasken irin waɗannan hanyoyin "m" masu tasiri, ɓangaren na biyu na shafin yanar gizon ya dubi ban mamaki sosai, saboda wanda mu, a gaskiya, mun kula da wannan labarin. Yana da game da - ma'aikacin Kubernetes na Elasticsearch da Kibana.
Masu haɓakawa, tare da cikakkiyar magana mai mahimmanci a kan fuskokinsu, sun ce saboda haɗa ayyukan tsaro a cikin ainihin fakitin kyauta na ayyukan tsaro na elasticsearch, za a rage nauyin masu sarrafa masu amfani da waɗannan hanyoyin. Kuma a gaba ɗaya, komai yana da kyau.
"Za mu iya tabbatar da cewa duk gungu da aka ƙaddamar da kuma sarrafa ta ECK za a kiyaye su ta tsohuwa daga ƙaddamarwa, ba tare da ƙarin nauyi akan masu gudanarwa ba," in ji shafin yanar gizon hukuma.
Yadda mafita, watsi da gaske ba tare da goyan bayan masu haɓaka na asali ba, wanda a cikin shekarar da ta gabata ya zama ɗan bulala na duniya, zai ba masu amfani da tsaro, masu haɓakawa sun yi shiru.
source: www.habr.com