Ashutosh Singh Ashutosh is a JavaScript developer and a technical writer. He writes about the fundamentals of JavaScript, Node.js, React, Next, Vue, and tutorials on building projects. Visual Studio Code is one of the most widely used code editors in the developer community. One of the reasons for VS Code’s popularity is its many extensions that speed up the development process. In this guide, we’
1. 始めに こんにちは、morioka12 です。 本稿では、バグバウンティの入門として、主に Web アプリケーションを対象にした脆弱性の発見・報告・報酬金の取得について紹介します。 1. 始めに 免責事項 想定読者 筆者のバックグラウンド Start Bug Bounty Bug Bounty JP Podcast [Blog] Intigriti Q1 2024 の成績 インタビュー記事 2. バグバウンティとは バグバウンティプラットフォーム Program Type Private Programs VDP (Vulnerability Disclosure Program) Asset Type 3. プログラムの選び方 Scope OoS (Out of Scope) 4. 脆弱性の探し方 (初期調査編) Subdomain Google Dorks Wayback Mac
統計学とは何か、そしてベイズ統計学の話 - hidekatsu-izuno 日々の記録
細々と統計学を調べ続けているが、最近ようやく統計学というものが何なのか、おぼろげながらわかるようになってきた(なお、統計学ができるようになってきたわけではない) 統計学を知る前の自分と今の自分をくらべたとき、間違いなく違うのは統計学に対する信頼だろう。以前は、統計学は数学の一分野であり、正しい分析手法を使えば真の答えが得られるものだと思っていた。しかし、実際には統計学者ジョージ・ボックスが言ったとされる「すべての(統計)モデルは間違っている、だが中には役立つものもある)」という言葉の方が実態に近い。 統計学は基本的に「不可能なことを可能にする(不良設定問題を扱う)」学問だ。例えば、1、3、5 という数字の列から何が言えるだろうか。確実なことは3つの実数値が観測された、ということだけで、それ以上のことは想像するしかない。奇数列かもしれないし、乱数から3つの値を取得した際に偶然それっぽい数字が
iPhone 16 Battery Before You Begin Warning Read Battery Safety and follow workspace and battery handling guidelines before you begin. A battery should be replaced only by individual technicians with the knowledge and experience to repair electronic devices. Improper battery replacement, improper handling of parts, or failure to follow the provided instructions could result in fire, injury, data lo
How Pokémon GO scales to millions of requests? | Google Cloud Blog
Priyanka VergadiaStaff Developer Advocate, Google Cloud Have you caught Pokémons? Pokémon GO is a popular game played by millions, but it scales extremely well. This blog is a behind-the-scenes look into how the Pokémon GO engineering team manages and maintains the scale. Joining me is James Prompanya, Senior Engineering Manager at Niantic Labs who leads the server infrastructure team for Pokémon
Design patterns in JavaScript are reusable solutions applied to commonly occurring problems in writing JavaScript web applications. It is quite appropriate to refer JavaScript design patterns as templates to provide solutions to problems but not quite to say that these patterns can replace the developers. Design patterns help combine experiences of many developers to structure the codes in an opti
I’ve got some bad news. Behavioral economics is dead. Yes, it’s still being taught. Yes, it’s still being researched by academics around the world. Yes, it’s still being used by practitioners and government officials across the globe. It sure does look alive… but it’s a zombie—inside and out. Why do I say this? Two primary reasons: Core behavioral economics findings have been failing to replicate
Linux Hardening Guide | Madaidan's Insecurities
Last edited: March 19th, 2022 Linux is not a secure operating system. However, there are steps you can take to improve it. This guide aims to explain how to harden Linux as much as possible for security and privacy. This guide attempts to be distribution-agnostic and is not tied to any specific one. DISCLAIMER: Do not attempt to apply anything in this article if you do not know exactly what you ar
Next.js 12.3
We've shipped some quality-of-life improvements to Next.js with 12.3: Improved Fast Refresh: .env, jsconfig.json, and tsconfig.json files now hot reload. TypeScript Auto-Install: Add a .ts file to automatically configure TypeScript and install deps. Image Component: next/future/image is now stable. SWC Minifier: Minification with the Next.js compiler is now stable. New Router + Layouts Update: Imp
GPU Dashboards in Jupyter Lab
IntroductionWe are excited to announce NVDashboard, an open-source package for the real-time visualization of NVIDIA GPU metrics in interactive Jupyter environments. NVDashboard is a great way for all GPU users to monitor system resources, but it is especially valuable for users of RAPIDS, NVIDIA’s open-source suite of GPU-accelerated data-science software libraries. Given the computational intens
Exclusive: Japan businessman paid $8.2 million by Tokyo Olympics bid lobbied figure at center of French corruption probe
Exclusive: Japan businessman paid $8.2 million by Tokyo Olympics bid lobbied figure at center of French corruption probe TOKYO/PARIS (Reuters) - A businessman who received millions of dollars for his work on Tokyo’s successful campaign to host the 2020 Olympics, which was postponed last week due to the coronavirus, said he played a key role in securing the support of a former Olympics powerbroker
このコーナーでは、2014年から先端テクノロジーの研究を論文単位で記事にしているWebメディア「Seamless」(シームレス)を主宰する山下裕毅氏が執筆。新規性の高い科学論文を山下氏がピックアップし、解説する。 X: @shiropen2 英ブリストル大学などに所属する研究者らが発表した論文「Super Mario in the Pernicious Kingdoms: Classifying glitches in old games」は、スーパーマリオシリーズ4作品(スーパーマリオブラザーズ、スーパーマリオブラザーズ3、スーパーマリオワールド、スーパーマリオ64)を対象に、これまでに報告されている237件のバグを調査した研究報告である。 ゲームをどれだけ速くクリアできるかを競い合う「RTA」という遊び方がある。彼らは「RTA走者」などと呼ばれ、常人にはまねできないようなスーパープレイ
Gain write permission of repositories with a bug in GitHub Actions
Gain write permission of repositories with a bug in GitHub Actions 2021/04/02 22:28:00 GitHub Actions is a useful feature for the jobs, for example, building, publishing. I found a bug which allows unauthorized users to edit the main branch of the repositories in GitHub. Repositories which enables GitHub Actions are affected but fortunately, the bug exists in a brief window from 2021/02/04 18:42 U
バグバウンティにおける XSS の具体的な脅威の事例まとめ - blog of morioka12
1. 始めに こんにちは、morioka12 です。 本稿では、バグバウンティで実際にあった脆弱性報告の事例をもとに、XSS の具体的な脅威(Impact)についていくつか紹介します。 1. 始めに 免責事項 想定読者 2. XSS (Cross Site Scripting) HackerOne Top 10 Vulnerability Types Escalation (Goal) 3. XSS の脅威 (Impact) 3.1 Response Body から Session ID の奪取 3.2 Local Storage から Access Token の奪取 3.3 IndexedDB から Session Data の奪取 3.4 メールアドレスの改ざん 3.5 パスワードの改ざん 3.6 管理者アカウントの招待 3.7 POST Based Reflected XSS 4.
The new unstable version of GIMP, 2.99.2, marks the first step towards GIMP 3 based on the GTK3 user interface toolkit. Release highlights: GTK3-based user interface, with native support for Wayland and HiDPI displays. Major refactoring and cleanup Multiple layers selection More (color) space invasion Render caching available for better performance New plug-in API Plugins now possible with Python
Pro Gamer Fired After Saying Men Under 5 ft 7 in 'Don't Have Human Rights' [Update]
Tanukana showing off her gaming skills for the press. Professional Tekken player Tanukana has been booted from Osaka-based esports team Cyclops Athlete Gaming for remarks she made about men’s heights during a livestream, following a recent spate of far more incendiary remarks. Cyclops Athlete Gaming competes in first-person shooters like PUBG, Call of Duty, and Rainbow Six Siege as well as fightin
![Pro Gamer Fired After Saying Men Under 5 ft 7 in 'Don't Have Human Rights' [Update]](https://cdn-ak-scissors.b.st-hatena.com/image/square/85b3c351019ba2b9fa8e0749b44a9e6697fea835/height=288;version=1;width=512/https%3A%2F%2Fs.yimg.com%2Fuu%2Fapi%2Fres%2F1.2%2FytEcT7N2gEzspQj2dV7VKw--~B%2FaD0zNTg7dz02MzY7YXBwaWQ9eXRhY2h5b24-%2Fhttps%3A%2F%2Fmedia.zenfs.com%2Fen%2Fkotaku_564%2F38be5a5fd5896efb52c659d9bc587f93)
2021年11月9日、AMDがWindows 10向けグラフィックスドライバーの脆弱性27個、Epycプロセッサの脆弱性22個、μProfの脆弱性1個の計50個の脆弱性を修正しました。対するIntelもWi-Fi製品関連の脆弱性10個など、計25個の脆弱性を修正しています。 AMD reveals an Epyc security 50 flaws, Intel has 25 • The Register https://www.theregister.com/2021/11/12/amd_and_intel_flaws/ AMD fixes dozens of Windows 10 graphics driver security bugs https://www.bleepingcomputer.com/news/security/amd-fixes-dozens-of-windows
<g> <g> <defs> <rect id="SVGID_1_" x="-468" y="-1360" width="1440" height="3027" /> </defs> <clippath id="SVGID_2_"> <use xlink:href="#SVGID_1_" style="overflow:visible;" /> </clippath> </g> </g> <rect x="-468" y="-1360" class="st0" width="1440" height="3027" style="fill:rgb(0,0,0,0);stroke-width:3;stroke:rgb(0,0,0)" /> <path d="M13.4,12l5.8-5.8c0.4-0.4,0.4-1,0-1.4c-0.4-0.4-1-0.4-1.4,0L12,10.6L6.2
The COVID-19 pandemic is one of the most manipulated infectious disease events in history, characterized by official lies in an unending stream lead by government bureaucracies, medical associations, medical boards, the media, and international agencies.[3,6,57] We have witnessed a long list of unprecedented intrusions into medical practice, including attacks on medical experts, destruction of med
JSer.info #705 - webpackとの互換性を持つようにRustで書かれたbundlerであるRspack 1.0がリリースされました。 Announcing Rspack 1.0 - Rspack 0.7からの破壊的な変更もいくつか含まれているため、マイグレーションガイドも公開されています。 Migrating from Rspack 0.x - Rspack Safari Technology Preview 202がリリースされました。 Release Notes for Safari Technology Preview 202 CSSのbackground-clip: border-area/ruby-align、shape() function/@pageでjis-b4とjis-b5のサポートなどが追加されています。 また、ECMAScript Proposal
All times are PDT. Summary Discord was unavailable for most users for a period of an hour. The root cause is well understood and fixed. The bug was in our service discovery system, which is used by services within our infrastructure to discover one another. In this instance, service discovery is used by our real time chat services services in order to discover the RPC endpoint that they use to loa
oss-security - CVE-2021-33909: size_t-to-int vulnerability in Linux's filesystem layer
Follow @Openwall on Twitter for new release announcements and other news [<prev] [next>] [thread-next>] [day] [month] [year] [list] Message-ID: <20210720123335.GA19170@localhost.localdomain> Date: Tue, 20 Jul 2021 12:36:11 +0000 From: Qualys Security Advisory <qsa@...lys.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE-2021-33909: size_t-to-int vulnerabilit
The former President, at Mar-a-Lago on April 12, is rallying the right at home and seeking common cause with autocratic leaders abroad.Photograph by Philip Montgomery for TIME Donald Trump thinks he’s identified a crucial mistake of his first term: He was too nice. We’ve been talking for more than an hour on April 12 at his fever-dream palace in Palm Beach. Aides lurk around the perimeter of a gil
by Michael Vadon 2019年10月、アメリカ国防総省が推進してきたクラウド事業「Joint Enterprise Defense Infrastructure(JEDI)」を、事前の予想を覆してMicrosoftが受注したことが報じられました。この入札競争について、Amazonが「入札に関してドナルド・トランプ大統領による不正な介入があった」と主張し、裁判所に対して異議申し立てを行っています。 amazon-jedi-appeal.pdf (PDFファイル)https://regmedia.co.uk/2019/12/09/amazon-jedi-appeal.pdf Amazon: Trump photon-torpedoed our $10bn JEDI dream because he hates CEO Jeff Bezos • The Register https
ニューヨーク司法長官事務所「アンドリュークオモ元知事のセクハラ疑惑に弟のCNNキャスターのクリスが助言工作」 - 事実を整える
クオモを賞賛していた人たち、大丈夫だろうか? CNN「クオモ元知事の弟のクリスクオモキャスターを無期限出演停止」 ニューヨーク司法長官事務所のクオモ前知事のセクハラ疑惑報告書 2021年8月にニューヨーク司法長官事務所がクオモのセクハラを認定 隠蔽されているクオモ元知事の療養所での新型コロナクラスター発生死亡者数偽装事件の隠蔽 新型コロナの患者を病院から追い出して老人ホームに押し付けた州知事命令 老人ホームでの新型コロナウイルスによる死亡者数を少なく偽装していたと発覚 コロナ対策を美化して自叙伝を出版して金儲けしていたアンドリュー・クオモ CNN「クオモ元知事の弟のクリスクオモキャスターを無期限出演停止」 CNN suspends Chris Cuomo indefinitely - CNN(11月30日UPDATE時の魚拓) CNN is suspending prime time an
I've been using zig for ~4 months worth of side projects, including a toy text editor and an interpreter for a relational language. I've written ~10kloc. That's not nearly enough time to form a coherent informed opinion. So instead here is an incoherent assortment of thoughts and experiences, in no particular order :) This is not meant to be an introduction to zig - check out the excellent languag
GraphQL vs. REST APIs: Why you shouldn’t use GraphQL - LogRocket Blog
Editor’s note: This post was last updated on 14 December 2023 to inform readers about REST API and GraphQL security concerns, as well as alternatives to GraphQL, such as tRPC and gRPC. GraphQL is great if you want to work in a declarative style, as it enables you to select only the information or operations you need. However, depending on your use case, performance requirements, and tolerance for
モバイルアプリケーション開発 10大チェックポイント 2023(JSSEC Mobile Top 10 2023)は、2016年のリリースを最に更新されていない「OWASP Mobile Top 10プロジェクト」を再解釈し、現在の状況にあった「Mobile Top 10」を選定しました。 OWASP(Open Web Application Security Project)※1 のLabプロジェクトである「OWASP Mobile Top 10 ※2」は、OWASPが数多く公開する啓発文書「Top 10」シリーズの一つで、スマートフォン(モバイル)アプリケーション開発者に対する意識向上を目的とした文書です。この文書は、スマートフォンアプリケーションの開発に気を付けなければならない10項目がわかりやすくまとめられており、開発者が最低限理解しておくべきことを記述した文章で構成されています。
Windows code-execution zeroday is under active exploit, Microsoft warns
Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday. The font-parsing remote code-execution vulnerability is being used in “limited targeted attacks,” against Windows 7 systems, the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Lib
CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect
Required Configuration for ExposureThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both). Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability. You can verify whether you have a GlobalProtect gateway or GlobalProtect portal confi
Another one-line npm package breaks the JavaScript ecosystem
An update to a tiny JavaScript library has thrown a large part of the JavaScript ecosystem into chaos on Saturday, with millions of projects believed to have been impacted. Making the entire situation ridiculously absurd is that the whole mess was caused by a "one-liner" JavaScript library, marking this the second time when a tiny JavaScript project has caused widespread issues. The is-promise one
SonicWall: Patch critical SQL injection bug immediately
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products. "SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately," warns SonicWall in an advisory. The flaw, tracked as CVE-2022-22
ESLint's new config system, Part 1: Background - ESLint - Pluggable JavaScript Linter
When ESLint was first released in 2013, the config system was fairly simple. You could define the rules you wanted to enable or disable in a .eslintrc file. When a file was linted, ESLint would first look in the same directory as that file for a .eslintrc file and then continue up the directory hierarchy until reaching the root, merging configurations from all the .eslintrc files found along the w
2020年4月、家庭用のホームセキュリティシステムを提供する「ADT」の技術者が、顧客の家に設置したカメラに不正なアクセスを繰り返し、セックスなどの行為をのぞき見していたことが判明しました。技術者は問題が発覚した後にADTを解雇されており、裁判で自身の罪を認めているとのことです。 ADT Lawsuit: Internal Investigation Reveals Improper Behavior | ADT® https://www.adt.com/adt-privacy-notice Home alarm tech backdoored security cameras to spy on customers having sex | Ars Technica https://arstechnica.com/information-technology/2021/01/home-a
Why Rust
Exclamation If you're looking for someone like me on your team, I'm available. Check my resume and get in touch if you're hiring. Or: A Trip Report from my Satori with Rust and Functional Programming Software is a very odd field to work in. It is simultaneously an abstract and physical one. You build systems that can deal with an unfathomable amount of input and output at the same time. As a job,
Github Actions Security Best Practices - Salesforce Engineering Blog
Introduction In the world of Continuous Integration and Continuous Deployment, Github Actions provide a nifty edge to quickly build end-to-end automation right into the repository. This makes integration of Actions into an organization’s Github repositories pretty straightforward and convenient. Github Actions bring velocity to the Software Development Lifecycle. However, if it is swiftly adopted
Microsoft briefly restricted employee access to OpenAI's ChatGPT, citing security concerns
Microsoft has invested billions of dollars in OpenAI. But for a brief time on Thursday, employees of the software company weren't allowed to use the startup's most famous product, ChatGPT, CNBC has learned. "Due to security and data concerns a number of AI tools are no longer available for employees to use," Microsoft said in an update on an internal website. CNBC also viewed a screenshot that sho
こんにちは、GMOアドマーケティングのryoutakoです。 普段はRuby on Railsを使った開発やプロダクトの脆弱性診断などセキュリティ関連の業務をしています。 今回はパストラバーサルを悪用した脆弱性とその対策方法、OWASP Top 10内の分類について書いていきたいと思います。 OWASP ZAPでの脆弱性診断については以下↓をチェック!(宣伝) この記事は GMOアドマーケティング Advent Calendar 2020 14日目の記事です。はじめにこんにちは、GMOアドマーケティングのR.Yです。今回はタイトルの通り、Railsで作った脆弱性をOWASP ZAPで診断してみたいと思います。自分は主にRailsを使ったWebアプリの開発やWebアプリの脆弱性診断を行うことが多いので、この記事を書くことによってRailsのセキュリティ周りや脆弱性診断を行うツールについての理
How Amazon is solving big-data challenges with data lakes
How Amazon is solving big-data challenges with data lakesJanuary 20, 2020 • 2157 words Back when Jeff Bezos filled orders in his garage and drove packages to the post office himself, crunching the numbers on costs, tracking inventory, and forecasting future demand was relatively simple. Fast-forward 25 years, Amazon's retail business has more than 175 fulfillment centers (FC) worldwide with over 2
http://url-qr.tk/Adipex - Online Adipex $ Kaufen Sie Adipex mit Bitcoin
http://url-qr.tk/Adipex - Online Adipex $ Kaufen Sie Adipex mit Bitcoin Diskutiere http://url-qr.tk/Adipex - Online Adipex $ Kaufen Sie Adipex mit Bitcoin im Windows 7 Forum im Bereich Windows; Deutsche Apotheke - Online Adipex URL == Klicken Sie hier, um zur... Deutsche Apotheke - Online Adipex URL == Klicken Sie hier, um zur Apotheke zu gelangen. - Niedriger Preis für hochwertige Medikamente - B
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Top 10 VS Code extensions for 2021 - LogRocket Blog
バグバウンティ入門(始め方) - blog of morioka12
iPhone 16 Battery - Apple Support
7 JavaScript Design Patterns Every developer should know
The Death Of Behavioral Economics
RTA走者が利用する“バグ”を分析 ソフトウェア開発に役立つか? 「スーパーマリオシリーズ」4作で調査
GIMP - Development release GIMP 2.99.2 is out
AMDが50個の脆弱性を修正するセキュリティパッチを配布、Intelは25個
Developer Agreement – X Developers
COVID UPDATE: What is the truth?
2024-09-01のJS: Rspack 1.0、Safari Technology Preview 202、Material UI v6
Server Outages and Increased API Errors
How Far Trump Would Go
Amazonが米国防総省のクラウド事業入札競争に敗れたのは「トランプ大統領の政治的介入のせいだ」と異議申し立て
Assorted thoughts on zig (and rust)
JSSEC技術部会 モバイルアプリケーション開発 10大チェックポイント 2023 | JSSEC
女性の裸や住民のセックスがホームセキュリティ用監視カメラでのぞき見されていたと判明
【OWASP Top 10】パストラバーサルの脆弱性とその対策