はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
オーストラリアの研究チームが「1時間に3回というペースで地球に向けて膨大なエネルギーを放出する謎の物体」を新たに報告しました。太陽系から約4000光年という距離に位置する問題の物体は、観測史上前例のない光り方をしていたとのことで、研究チームは「全く予想外」「ちょっと不気味」とコメントしています。 A radio transient with unusually slow periodic emission | Nature https://www.nature.com/articles/s41586-021-04272-x Mysterious object unlike anything astronomers have seen before - ICRAR https://www.icrar.org/repeating-transient/ Unexplained Radio Sig
Over the past few months, during the lead-up to the TypeScript 5.0 beta, our team spent a good portion of our time looking for ways to improve the performance of our compiler so that your projects build faster. One of the ways we improved was by looking into an oft overlooked aspect of many JavaScript VMs: inline caching. A Brief Primer on Inline Caching Inline caching is an optimization often use
WebKit Features in Safari 16.4
Mar 27, 2023 by Patrick Angle, Marcos Caceres, Razvan Caliman, Jon Davis, Brady Eidson, Timothy Hatcher, Ryosuke Niwa, and Jen Simmons ContentsWeb Push on iOS and iPadOSImprovements for Web AppsWeb ComponentsCSSHTMLJavaScript and WebAssemblyWeb APIImages, Video, and AudioWKWebViewDeveloper ToolingWeb InspectorSafari Web ExtensionsSafari Content BlockersNew Restrictions in Lockdown ModeMore Improve
パフォーマンスの改善 続いてパフォーマンスです。パフォーマンスについて言うと、どんな言語も速すぎるということはあまりありません。必ず「遅い」って文句言う人がいます。Rubyは伝統的に文句付けられっぱなしの言語なので、それはそれで「どうなの?」って感じですけども。 もっとたくさんのトラフィックを捌くために、いろいろ改善が必要だと思っています。 昨年中国に行って「Ruby Conf China」で中国の人たちと話す機会があったんですが、昨年のことなので「MJIT」がちょうど開発中で、パフォーマンス改善が非常にホットなトピックスでした。 中国の人たちといろいろ話をしたんですが、「JITコンパイラは明日いるものではない」と。「私たちにとって一番必要なのは、メモリーでのボトルネックの改善である」ということなんですね。中国でも、例えばアリババなどわりと大きなサイトでRubyが使われているようです。 そ
A Guide to the Go Garbage Collector - The Go Programming Language
Introduction This guide is intended to aid advanced Go users in better understanding their application costs by providing insights into the Go garbage collector. It also provides guidance on how Go users may use these insights to improve their applications' resource utilization. It does not assume any knowledge of garbage collection, but does assume familiarity with the Go programming language. Th
Why SQLite Uses Bytecode
1. Introduction Every SQL database engine works in roughly the same way: It first translates the input SQL text into a "prepared statement". Then it "executes" the prepared statement to generate a result. A prepared statement is an object that represents the steps needed to accomplish the input SQL. Or, to think of it in another way, the prepared statement is the SQL statement translated into a fo
CVE-2020-19909 is everything that is wrong with CVEs | daniel.haxx.se
This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system. CVE-2020-19909 On August 25 2023, we got an email to the curl-library mailing list from Samuel Henrique that informed us that “someone” had r
Taming Go’s Memory Usage, or How We Avoided Rewriting Our Client in Rust — Akita Software
Taming Go’s Memory Usage, or How We Avoided Rewriting Our Client in Rust A couple months ago, we faced a question many young startups face. Should we rewrite our system in Rust? At the time of the decision, we were a Go and Python shop. The tool we’re building passively watches API traffic to provide “one-click,” API-centric visibility, by analyzing the API traffic. Our users run an agent that sen
はじめに Open Table Formatは次世代のデータレイクの基盤となり得る技術で、徐々に導入事例(末尾に列挙)が増えてきているものの、日本での認知度は発展途上な印象がある。本記事ではOpen Table Format登場の背景を紹介する。執筆にあたって、Apache Iceberg: An Architectural Look Under the CoversとAWSにおける Hudi/Iceberg/Delta Lake の 使いどころと違いについてを特に参考にした。 Open Table Formatとは? Open Table Formatとは、従来のデータレイクの技術的な課題&ユースケースの要請に応える形で登場した、データレイクに最適化されたテーブルフォーマットを指す概念で、上手く活用することでクエリプランニング、実行性能の最適化、効率的なUpdateやDelete、タイム
Testing sync at Dropbox
…and how we rewrote the heart of sync with confidence. Executing a full rewrite of the Dropbox sync engine was pretty daunting. (Read more about our goals and how we made the decision in our previous post here.) Doing so meant taking the engine that powers Dropbox on hundreds of millions of user’s machines and swapping it out mid-flight. To pull this off, we knew we would need a serious investment
1 Introduction Compilers, assemblers and similar tools generate all the binary code that processors execute. It is no surprise then that these tools play a major role in security analysis and hardening of relevant binary code. Often the only practical way to protect all binaries with a particular security hardening method is to have the compiler do it. And, with software security becoming more and
Using localStorage in Modern Applications: A Comprehensive Guide When it comes to client-side storage in web applications, the localStorage API stands out as a simple and widely supported solution. It allows developers to store key-value pairs directly in a user's browser. In this article, we will explore the various aspects of the localStorage API, its advantages, limitations, and alternative sto
Byte Down: Making Netflix’s Data Infrastructure Cost-Effective
By Torio Risianto, Bhargavi Reddy, Tanvi Sahni, Andrew Park Background on data efficiencyAt Netflix, we invest heavily in our data infrastructure which is composed of dozens of data platforms, hundreds of data producers and consumers, and petabytes of data. At many other organizations, an effective way to manage data infrastructure costs is to set budgets and other heavy guardrails to limit spendi
プログラミング必須英単語600+
1 A accept【動詞】受諾する access【動詞/名詞】アクセスする /アクセス account【名詞】アカウント、口座 algorithm【名詞】アルゴリズム allow【動詞】可能にする、許可する alternative【形容詞】代替の application【名詞】アプリケーショ ン apply【動詞】適用する argument【名詞】引数 array【名詞】配列 attribute【名詞】属性 audio【名詞】オーディオ、音声 author【名詞】作成者 available【形容詞】利用可能な、入 手可能な avoid【動詞】回避する B backup【名詞】バックアップ base【形容詞/動詞】ベースの、基 底の/〜に基づく(based on で) bit【名詞】ビット blank【形容詞】空白の block【名詞/動詞】ブロック/ブ ロックする boolean【形容詞
Compiling typed Python
It’s been nine whole years since PEP 484 landed and brought us types from on high. This has made a lot of people very angry and been widely regarded as a bad move1. Since then, people on the internet have been clamoring to find out: does this mean we can now compile Python to native code for more speed? It’s a totally reasonable question. It was one of my first questions when I first started worki
Error Handling In Rust - A Deep Dive May 13, 2021 8550 words 43 min This article is a sample from Zero To Production In Rust, a hands-on introduction to backend development in Rust. You can get a copy of the book at zero2prod.com. TL;DR To send a confirmation email you have to stitch together multiple operations: validation of user input, email dispatch, various database queries. They all have one
Introducing AWS Step Functions redrive to recover from failures more easily | Amazon Web Services
AWS Compute Blog Introducing AWS Step Functions redrive to recover from failures more easily Developers use AWS Step Functions, a visual workflow service to build distributed applications, automate IT and business processes, and orchestrate AWS services with minimal code. Step Functions redrive for Standard Workflows allows you to redrive a failed workflow execution from its point of failure, rath
systemd, 10 years later: a historical and technical retrospective
systemd, 10 years later: a historical and technical retrospective by V.R. I am not sure I am such a big fan of reimplementing NetworkManager… – Lennart Poettering’s famous last words, March 2011 10 years ago, systemd was announced and swiftly rose to become one of the most persistently controversial and polarizing pieces of software in recent history, and especially in the GNU/Linux world. The qua
Visiteurs depuis le 27/01/2019 : 4720 Connectés : 1 Record de connectés : 94 This page contains information about installing the latest Kingston DataTraveler 101 G2 DT101G2/64GB driver downloads using the Kingston Driver Update Tool. Kingston DataTraveler 101 G2 DT101G2/64GB drivers are tiny programs that enable your USB hardware. Server Memory Trust Kingston for all your server memory needs. Our
SQLite Wasm in the browser backed by the Origin Private File System - Chrome Developers
In our blog post Deprecating and removing Web SQL, we promised a replacement for Web SQL based on SQLite. The SQLite Wasm library with the Origin Private File System persistence backend is our fulfillment of this promise. # About SQLiteSQLite is a popular, open-source, lightweight, embedded relational database management system. Many developers use it to store data in a structured, easy-to-use man
This was co-authored with Yao Yue This is a collection of information on severe (SEV-0 or SEV-1, the most severe incident classifications) incidents at Twitter that were at least partially attributed to cache from the time Twitter started using its current incident tracking JIRA (2012) to date (2022), with one bonus incident from before 2012. Not including the bonus incident, there were 6 SEV-0s a
OpenSSH: Release Notes
OpenSSH Release Notes OpenSSH 9.7/9.7p1 (2024-03-11) OpenSSH 9.7 was released on 2024-03-11. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed
06 Dec 2019 0. How to read me? Yes, I know, it’s a long text, and it was my conscious decision to write it in this way. But fear not! Imagine that you read a book, take a look at the introduction and first few interesting sections, think about it and then find time to read further. I hope I’ve left enough references, so if you don’t get some ideas you’ll be able to read more information about inte
What’s New in Emacs 28.1? Learn what's new in Emacs 28.1 It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up your Emacs experience. A critical issue surrounding the use of ligatures also fixed; without it, you couldn’t use li
However much studio trickery is considered 'normal' in a genre, the unwanted side-effects of processing can rob your mixes of impact. But it doesn't have to be that way Most of us are so accustomed to the side-effects of routine processing such as EQ and compression that we take them for granted. Indeed, some people will never have learned to identify them, but most will have experienced the cumul
V8 Torque is a language that allows developers contributing to the V8 project to express changes in the VM by focusing on the intent of their changes to the VM, rather than preoccupying themselves with unrelated implementation details. The language was designed to be simple enough to make it easy to directly translate the ECMAScript specification into an implementation in V8, but powerful enough t
Rust Language Cheat Sheet 26. August 2021 Contains clickable links to The Book , Rust by Example , Std Docs , Nomicon , Reference . Data Structures Data types and memory locations defined via keywords. Example Explanation struct S {} Define a struct with named fields. struct S { x: T } Define struct with named field x of type T. struct S (T); Define "tupled" struct with numbered field .0 of type
Archived Reliability Pillar AWS Well-Architected Framework This paper has been archived. The latest version is now available at: https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/welcome.html Archived Reliability Pillar AWS Well-Architected Framework Reliability Pillar: AWS Well-Architected Framework Copyright © 2020 Amazon Web Services, Inc. and/or its affiliates. All rights res
Secure Payment Confirmation
Secure Payment Confirmation W3C Candidate Recommendation Draft, 13 December 2023 More details about this document This version: https://www.w3.org/TR/2023/CRD-secure-payment-confirmation-20231213/ Latest published version: https://www.w3.org/TR/secure-payment-confirmation/ Editor's Draft: https://w3c.github.io/secure-payment-confirmation/ Previous Versions: https://www.w3.org/TR/2023/CRD-secure-pa
AWS serverless data analytics pipeline reference architecture | Amazon Web Services
AWS Big Data Blog AWS serverless data analytics pipeline reference architecture May 2022: This post was reviewed and updated to include additional resources for predictive analysis section. Onboarding new data or building new analytics pipelines in traditional analytics architectures typically requires extensive coordination across business, data engineering, and data science and analytics teams t
dbs-002.dvi
Foundations and Trends R � in Databases Vol. 1, No. 2 (2007) 141–259 c � 2007 J. M. Hellerstein, M. Stonebraker and J. Hamilton DOI: 10.1561/1900000002 Architecture of a Database System Joseph M. Hellerstein1 , Michael Stonebraker2 and James Hamilton3 1 University of California, Berkeley, USA, hellerstein@cs.berkeley.edu 2 Massachusetts Institute of Technology, USA 3 Microsoft Research, USA Abstra
Guidance for investigating attacks using CVE-2023-23397 | Microsoft Security Blog
February 15, 2024 update – On January 20, 2024, the US government conducted a disruption operation against infrastructure used by a threat actor we track as Forest Blizzard (STRONTIUM), a Russian state-sponsored threat actor, as detailed here: https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian December 4, 2023 update – Microsoft has ide
Typestate - the new Design Pattern in Swift 5.9 | Swiftology
SwiftologyMonthly articles on advanced Swift topics, functional programming, and software design. written byAlex Ozun This article will teach you 3 ideas: 1. Typestate Design Pattern. 2. The power of generic constraints. 3. Swift 5.9 new Noncopyable types and consuming functions. What is a Typestate design pattern?Typestate is a powerful design pattern that emerged in languages with advanced type
Using the circuit breaker pattern with AWS Step Functions and Amazon DynamoDB | Amazon Web Services
AWS Compute Blog Using the circuit breaker pattern with AWS Step Functions and Amazon DynamoDB This post is written by Anitha Deenadayalan, Developer Specialist SA, DevAx Modern applications use microservices as an architectural and organizational approach to software development, where the application comprises small independent services that communicate over well-defined APIs. When multiple micr
The etcd key-value store is a distributed database based on the Raft consensus algorithm. In our 2014 analysis, we found that etcd 0.4.1 exhibited stale reads by default. We returned to etcd, now at version 3.4.3, to investigate its safety properties in detail. We found that key-value operations appear to be strict serializable, and that watches deliver every change to a key in order. However, etc
This post introduces the concept of durable execution, which is used by Stripe, Netflix, Coinbase, HashiCorp, and many others to solve a wide range of problems in distributed systems. Then it shows how simple it is to write durable code using Temporal’s TypeScript/JavaScript SDK. For an updated version of this post, see durable-execution.pdf Distributed systems When building a request-response mon
Horizontally scaling the Rails backend of Shop app with Vitess
Opens in a new windowOpens an external siteOpens an external site in a new window Good problems We experienced hockey stick growth after we launched the Shop app. We were glued to our dashboards and saw millions of users onboard onto the app. This was gratifying, but we were becoming more nervous as our backend was pushed closer to its limit. We wrote the backend in Ruby on Rails, and used a MySQL
The behavior of the graphics pipeline is practically standard across platforms and APIs, yet GPU vendors come up with unique solutions to accelerate it, the two major architecture types being tile-based and immediate-mode rendering GPUs. In this article we explore how they work, present their strengths/weaknesses, and discuss some of the implications the underlying GPU architecture may have on the
TXT; STAYC; BaekhyunCourtesy of BIGHIT MUSIC; Courtesy of High Up Entertainment; Courtesy of SM Entertainment; Getty Images While social gatherings of all kinds are beginning to return in parts of the world, it will be a while before concerts—especially ones that require international travel—make a full comeback. For the K-pop audiences eagerly waiting their favorite idols to perform in their coun
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
天文学者が「地球に向けて膨大なエネルギーを発する謎の物体」を報告 - GIGAZINE
Introducing Deopt Explorer - TypeScript
Rubyのパフォーマンスをいかにして改善するか まつもとゆきひろ氏がRubyKaigi 2019で語ったこと - Part2
データレイクの新しいカタチ:Open Table Formatの紹介 - 流沙河鎮
Low-Level Software Security for Compiler Developers
Using localStorage in Modern Applications - A Comprehensive Guide | RxDB - JavaScript Database
Error Handling In Rust - A Deep Dive | Luca Palmieri
Download Pagan Holidays 1.0 Work For Mac
A decade of major cache incidents at Twitter
PostgreSQL at low level: stay curious! · Erthalion's blog
What's New in Emacs 28.1?
How Not To Mess Up Your Mix
V8 Torque user manual · V8
https://cheats.rs/rust_cheat_sheet.pdf
Reliability Pillar AWS Well-Architected Framework
Jepsen: etcd 3.4.3
Building Reliable Distributed Systems in Node.js
GPU architecture types explained – RasterGrid
The Best K-Pop Songs of 2021 So Far