はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
jQuery 4.0.0 has been in the works for a long time, but it is now ready for a beta release! There’s a lot to cover, and the team is excited to see it released. We’ve got bug fixes, performance improvements, and some breaking changes. We removed support for IE<11 after all! Still, we expect disruption to be minimal. Many of the breaking changes are ones the team has wanted to make for years, but co
Introducing workerd: the Open Source Workers runtime09/27/2022 Today I'm proud to introduce the first beta release of workerd, the JavaScript/Wasm runtime based on the same code that powers Cloudflare Workers. workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more p
Peter Jay Salzman, Michael Burian, Ori Pomerantz, Bob Mottram, Jim Huang 1 Introduction 1.1 Authorship 1.2 Acknowledgements 1.3 What Is A Kernel Module? 1.4 Kernel module package 1.5 What Modules are in my Kernel? 1.6 Is there a need to download and compile the kernel? 1.7 Before We Begin 2 Headers 3 Examples 4 Hello World 4.1 The Simplest Module 4.2 Hello and Goodbye 4.3 The __init and __exit Mac
There have been several updates appended to this page as of 2020-11-16, please see below. Also available in: Türkçe Français Español Português Português brasileiro русский 简体中文 日本語 others: email translations in markdown format to sneak@sneak.berlin It’s here. It happened. Did you notice? I’m speaking, of course, of the world that Richard Stallman predicted in 1997. The one Cory Doctorow also warne
linux-kernel.vger.kernel.org archive mirror help / color / mirror / Atom feed* Linux kernel in-tree Rust support @ 2020-07-09 18:41 Nick Desaulniers 2020-07-09 20:52 ` Miguel Ojeda ` (5 more replies) 0 siblings, 6 replies; 28+ messages in thread From: Nick Desaulniers @ 2020-07-09 18:41 UTC (permalink / raw) To: alex.gaynor, geofft, jbaublitz, Masahiro Yamada, Linus Torvalds, Greg KH, Miguel Ojeda
“Build once, deploy anywhere” is really nice on the paper but if you want to use ARM targets to reduce your bill, such as Raspberry Pis and AWS A1 instances, or even keep using your old i386 servers, deploying everywhere can become a tricky problem as you need to build your software for these platforms. To fix this problem, Docker introduced the principle of multi-arch builds and we’ll see how to
jQuery 3.5.0 has been released! As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. We hope you’re staying healthy and safe while so many of us are stuck at home. With a virus ravaging the planet, we realize that jQuery may not b
There will be cases like the serverless compute engine ECS Fargate, Google Cloud Run, etc., where some of these pieces are out of our control, so we work on a shared responsibility model. The provider is responsible for keeping the base pieces working and secured And you can focus on the upper layers. Prevention: 8 steps for shift left security Before your application inside a container is execute
Goodbye to the C++ Implementation of Zig ⚡ Zig Programming Language
Goodbye to the C++ Implementation of ZigHow we used WebAssembly to annihilate 80,000 lines of legacy codeAuthor: Andrew Kelley It’s funny - I have shared this story a handful of times with friends of mine who are qualified, competent software engineers, and each time the response was confusion about why any of this would be necessary or even remotely helpful. WebAssembly?! After ten minutes of puz
Introduction 11 May 2021 — This website presents FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard
SameSite Updates
Confused? Start here. Developers: Check out our testing and debugging tips. Adding `SameSite=None; Secure` to your cookies? Check the list of incompatible clients here. Check the list of Frequently Asked Questions (FAQ) for common scenarios and use cases. Launch Timeline Last updated Mar 18, 2021. Latest update: Mar 18, 2021: The flags #same-site-by-default-cookies and #cookies-without-same-site-m
Introduction to Go 1.21 The latest Go release, version 1.21, arrives six months after Go 1.20. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility; in fact, Go 1.21 improves upon that promise. We expect almost all Go programs to continue to compile and run as before. Go 1.21 introduces a small ch
Executive Perspectives The Future of Sales and Marketing Is Here February 2022 Executive Perspectives 1. Metaverse market proxied by 'extended reality' - a term referring to all real-and-virtual combined environments and human-machine interactions generated by computer technology and wearables. Note: Augmented reality (AR) adds digital elements to a live view often by using the camera on a smartph
By now most of us have heard about the role human error plays in causing data breaches. Many security incidents that can be traced back to a misconfigured infrastructure or security setting. As organizations accelerate their use of containers and Kubernetes and move their application development and deployment to cloud platforms, preventing avoidable misconfigurations in their environment becomes
Passkeys を完全に理解するために Rails で実装してみた with Remix - STORES Product Blog
この記事は STORES Advent Calendar 2023 22日目の記事です。 こんにちは STORES 予約開発チームでエンジニアリングマネージャーをしています Natsume です。 昨今 Passkeys が各サービスで導入されており、勢いを感じています。 個人では 1Password のパスワードマネージャーを使っており、1Password が Passkeys 対応してから試しています。 Passkeys でのログインは ID/PW/OTP の autofill などに比べて 1step 省略される程度ですが、ログイン体験が良いと思っており、導入されていたらどんどん切り替えています。 ほどんどのサービスでは ID/PW との併用となっているケースが多く、セキュリティ面でのメリットを享受できるのはまだ先になりそうです。 個人的に Passkeys の実際の挙動や導入する時
Raccoon Attack
Paper Q&A Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication. Raccoon allows attackers under certain conditions to break the encryption and read sensitiv
How to improve Python packaging, or why fourteen tools are at least tw
There is an area of Python that many developers have problems with. This is an area that has seen many different solutions pop up over the years, with many different opinions, wars, and attempts to solve it. Many have complained about the packaging ecosystem and tools making their lives harder. Many beginners are confused about virtual environments. But does it have to be this way? Are the current
SSID Confusion Attack WiFi Vulnerability (CVE-2023-52424)
This vulnerability exploits a design flaw in the WiFi standard, allowing attackers to trick WiFi clients on any operating system into connecting to a untrusted network. A new vulnerability arising from a design flaw in the WiFi standard allows attackers to trick victims into connecting to less secure networks and intercept their traffic. Additionally, the attack can exploit the auto-disconnect fea
I first learned Kubernetes ("k8s" for short) in 2018, when my manager sat me down and said "Cloudflare is migrating to Kubernetes, and you're handling our team's migration." This was slightly terrifying to me, because I was a good programmer and a mediocre engineer. I knew how to write code, but I didn't know how to deploy it, or monitor it in production. My computer science degree had taught me a
tl;dr: Use MessagePack, rather than CBOR. Introduction I recently wanted to choose a binary encoding. This was for a project using Rust serde, so I looked at the list of formats there. I ended up reading about CBOR and MessagePack. Both of these are binary formats for a JSON-like data model. Both of them are "schemaless", meaning you can decode them without knowing the structure. (This also provid
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Introduction These release notes for Ubuntu 20.04 LTS (Focal Fossa) provide an overview of the release and document the known issues with Ubuntu 20.04 LTS and its flavors. For details of the changes applied since 20.04, please see the 20.04.6 change summary. The release notes for 20.04, 20.04.1, 20.04.2, 20.04.3, 20.04.4 and 20.04.5 change summary are available as well. Support lifespan Maintenanc
COVID ECONOMICS VETTED AND REAL-TIME PAPERS FROM THE GREAT RECESSION TO THE PANDEMIC RECESSION Francis X. Diebold ELECTORAL POLITICS AND SMALL BUSINESS LOANS Ran Duchin and John Hackney GROWTH FORECASTS AT END-2020 Javier G. Gómez-Pineda STOP-AND-GO EPIDEMIC CONTROL Claudius Gros and Daniel Gros CONSUMPTION RESPONSES TO STIMULUS PAYMENTS So Kubota, Koichiro Onishi and Yuta Toyama CHILD CARE CLOSUR
Story: Redis and its creator antirez | Brachiosoft Blog
This article is translated from the original Chinese edition. In the world of databases, Redis stands out as unique. Instead of the usual tables or documents that are the central focus of most databases, with Redis, you interact directly with low-level data structures such as linked lists and hash tables. This is all thanks to the innovative design of Redis creator Salvatore Sanfilippo, known onli
Swift on Mac OS 9
It’s April 1, and that means it’s both April Fools’ Day and the anniversary of the founding of Apple Inc. While this year is a sober one due to current events, I think a lot of people still appreciate what people are creating and sharing to keep spirits up, whether that be music or art or…impractical programming projects. And while pranks on April Fools’ seem less and less fun1, obvious jokes and
The Architecture of a Modern Startup | by Dmitry Kruglov | Nov, 2022 | Better Programming
workflow — all images by authorThe Tech side of startups can sometimes be very fluid and contain a lot of unknowns. What tech stack to use? Which components might be overkill for now but worth keeping an eye on in the future? How to balance the pace of business features development while keeping the quality bar high enough to have a maintainable codebase? Here I want to share our experience buildi
Eyes Above The Waves Robert O'Callahan. Christian. Repatriate Kiwi. Hacker. Archive 2024 June So You Want To Build A Browser Engine Real-Time Settlers Of Catan April Auckland Waterfront Half Marathon 2024 Whanganui River Journey 2024 2023 December Rees-Dart Track 2023 Caples/Routeburn Track 2023 Abel Tasman Kayaking November Mount Pirongia 2023 Blog Migrated April Why I Signed The "Pause" Letter A
環境 第1章 Deviseをはじめよう 001 Deviseを使ってみよう 002 ヘルパーを使ってみよう 第2章 モジュールを使う 003 モジュールとは? モジュールの種類 モジュールのカラム モジュールのルーティング モジュールのコントローラーとビュー モジュールのメソッド モジュールのメール送信 モジュールの設定 004 Registerableモジュール コントローラーとルーティング 設定 参考 005 Database Authenticatableモジュール コントローラーとルーティング カラム 設定 メソッド メール 参考 006 Rememberableモジュール カラム 設定 メソッド 参考 007 Recoverableモジュール コントローラーとルーティング カラム 設定 メソッド メール 参考 008 Validatableモジュール バリデーション項目 設定 参
Where Programming, Ops, AI, and the Cloud are Headed in 2021
In this report, we look at the data generated by the O’Reilly online learning platform to discern trends in the technology industry—trends technology leaders need to follow. But what are “trends”? All too often, trends degenerate into horse races over languages and platforms. Look at all the angst heating up social media when TIOBE or RedMonk releases their reports on language rankings. Those repo
OpenSSH: Release Notes
OpenSSH Release Notes OpenSSH 9.8/9.8p1 (2024-07-01) OpenSSH 9.8 was released on 2024-07-01. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed
systemd, 10 years later: a historical and technical retrospective
systemd, 10 years later: a historical and technical retrospective by V.R. I am not sure I am such a big fan of reimplementing NetworkManager… – Lennart Poettering’s famous last words, March 2011 10 years ago, systemd was announced and swiftly rose to become one of the most persistently controversial and polarizing pieces of software in recent history, and especially in the GNU/Linux world. The qua
Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances This post is also available in: 日本語 (Japanese) Executive Summary Azure Container Instances (ACI) is Azure's Container-as-a-Service (CaaS) offering, enabling customers to run containers on Azure without managing the underlying servers. Unit 42 researchers recently identified and disclosed critical security issues in
Building a large-scale distributed storage system based on Raft
Guest post by Edward Huang, Co-founder & CTO of PingCAP In recent years, building a large-scale distributed storage system has become a hot topic. Distributed consensus algorithms like Paxos and Raft are the focus of many technical articles. But those articles tend to be introductory, describing the basics of the algorithm and log replication. They seldom cover how to build a large-scale distribut
SELECT code_execution FROM * USING SQLite; - Check Point Research
Gaining code execution using a malicious SQLite database Research By: Omer Gull tl;dr SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption
EngineeringOpen SourceGit’s database internals V: scalabilityThis fifth and final part of our blog series exploring Git's internals shows several strategies for scaling your Git repositories that match related database sharding techniques. This week, we are exploring Git’s internals with the following concept in mind: Git is the distributed database at the core of your engineering system. When the
OSS Engineer - TypeScript, Azure, React, Node.js, .NET This post is a a little different from most that sit on my site. It's the story of the Definitely Typed project, of which I was an early member. It had a seismic impact on the development of TypeScript. When exchanging messages with Andrew Branch (member of the TypeScipt team), I realised it was an untold story, and perhaps I should tell it, b
Modern Web Development on the JAMstack: Modern Techniques for Ultra Fast Sites and Web Applications
Really pause and think about how much time and effort web teams around the world have spent building and managing infrastructure. For many years, launching a site or web application has been as much about deploying complex server environments as it’s been about building actual application code. The cloud made provision- ing all these resources faster but no less complicated. The JAMstack was born
Domesticating Kubernetes
This is a guide to run K8S in a home network, and use it as a home server — run your blog, media library, smart home, pet projects, etc. The cluster is actually straight-forward to set up, but we, developers are so cuddled, we are forgetting some basic networking and other low-level stuff — I found the experience educational. The cluster will serve real workloads — we will deal with exposing it to
中山です この記事はApp2Containerをとりあえず触ってみた、チュートリアル的な記事となります。 App2Containerとは App2Containerは、ASP.NETおよびJavaアプリケーションをコンテナ化するツールです。 AWS App2Container の発表 - アプリケーションをコンテナ化して AWS クラウドに移行する これによって、既存のアプリケーションをAWSのコンテナプラットフォームサービスであるECSもしくはEKSに簡単にデプロイできるようになります。 やってみた 公式のチュートリアルに沿って試していきたいと思います。今回は、tomcat上で動作するアプリケーションの移行をやってみます。 Containerizing a Java application on Linux 動作要件 動作要件は以下の通りです。 移行元の環境を用意する際にこれらが満たされ
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
jQuery 4.0.0 BETA! | Official jQuery Blog
Introducing workerd: the Open Source Workers runtime
The Linux Kernel Module Programming Guide
Jeffrey Paul: Your Computer Isn't Yours
Linux kernel in-tree Rust support
Multi-arch build and images, the simple way | Docker
jQuery 3.5.0 Released! | Official jQuery Blog
Container security best practices: Comprehensive guide
FragAttacks: Security flaws in all Wi-Fi devices
Go 1.21 Release Notes - The Go Programming Language
PowerPoint Presentation
12 Kubernetes Configuration Best Practices
Solving common problems with Kubernetes
diziet | MessagePack vs CBOR (RFC7049)
0.8.0 Release Notes ⚡ The Zig Programming Language
FocalFossa/ReleaseNotes - Ubuntu Wiki
Macroprudentialism
So You Want To Build A Browser Engine
Devise入門 64のレシピ - 猫Rails
Git's database internals V: scalability
Definitely Typed: The Movie | johnnyreilly
App2Containerでtomcat環境をコンテナ化してみた | DevelopersIO