並び順

ブックマーク数

期間指定

  • から
  • まで

1 - 40 件 / 143件

新着順 人気順

transient objectの検索結果1 - 40 件 / 143件

  • 【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい

    はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ

      【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
    • 天文学者が「地球に向けて膨大なエネルギーを発する謎の物体」を報告 - GIGAZINE

      オーストラリアの研究チームが「1時間に3回というペースで地球に向けて膨大なエネルギーを放出する謎の物体」を新たに報告しました。太陽系から約4000光年という距離に位置する問題の物体は、観測史上前例のない光り方をしていたとのことで、研究チームは「全く予想外」「ちょっと不気味」とコメントしています。 A radio transient with unusually slow periodic emission | Nature https://www.nature.com/articles/s41586-021-04272-x Mysterious object unlike anything astronomers have seen before - ICRAR https://www.icrar.org/repeating-transient/ Unexplained Radio Sig

        天文学者が「地球に向けて膨大なエネルギーを発する謎の物体」を報告 - GIGAZINE
      • オープンソースの S3 互換オブジェクトストレージ MinIO を DuckDB で使う

        前提 DuckDB が使える環境 Docker Compose が使える環境 まとめ DuckDB から S3 互換オブジェクトストレージを利用する際、MinIO を使う事で、ローカルに気軽に S3 互換オブジェクトストレージ環境を用意できる。 DuckDB とは こちらをどうぞ。 DuckDB雑紹介(1.1対応版)@DuckDB座談会 - Speaker Deck MinIO とは MinIO はオープンソースの S3 互換オブジェクトストレージです。 DuckDB は S3 API 機能を持っており、S3 互換オブジェクトストレージとの相性がとても良いです。 ローカルで試したい時などは Docker Compose で MinIO を用意して利用すると、とても便利です。 Docker Compose ローカルということでセキュリティは一切考慮していません MinIO のイメージを pu

          オープンソースの S3 互換オブジェクトストレージ MinIO を DuckDB で使う
        • Introducing Deopt Explorer - TypeScript

          Over the past few months, during the lead-up to the TypeScript 5.0 beta, our team spent a good portion of our time looking for ways to improve the performance of our compiler so that your projects build faster. One of the ways we improved was by looking into an oft overlooked aspect of many JavaScript VMs: inline caching. A Brief Primer on Inline Caching Inline caching is an optimization often use

            Introducing Deopt Explorer - TypeScript
          • Tauri 2.0 Stable Release

            import CommandTabs from '@components/CommandTabs.astro'; import TableCompatibility from '@components/plugins/TableCompatibility.astro'; import Cta from '@fragments/cta.mdx'; import FeaturesList from '@components/list/Features.astro'; We are very proud to finally announce the stable release for the new major version of Tauri. Welcome to Tauri 2.0! What is Tauri? :::note[Definition] Tauri is a frame

              Tauri 2.0 Stable Release
            • WebKit Features in Safari 16.4

              Mar 27, 2023 by Patrick Angle, Marcos Caceres, Razvan Caliman, Jon Davis, Brady Eidson, Timothy Hatcher, Ryosuke Niwa, and Jen Simmons ContentsWeb Push on iOS and iPadOSImprovements for Web AppsWeb ComponentsCSSHTMLJavaScript and WebAssemblyWeb APIImages, Video, and AudioWKWebViewDeveloper ToolingWeb InspectorSafari Web ExtensionsSafari Content BlockersNew Restrictions in Lockdown ModeMore Improve

                WebKit Features in Safari 16.4
              • Why SQLite Uses Bytecode

                1. Introduction Every SQL database engine works in roughly the same way: It first translates the input SQL text into a "prepared statement". Then it "executes" the prepared statement to generate a result. A prepared statement is an object that represents the steps needed to accomplish the input SQL. Or, to think of it in another way, the prepared statement is the SQL statement translated into a fo

                • A Guide to the Go Garbage Collector - The Go Programming Language

                  Introduction This guide is intended to aid advanced Go users in better understanding their application costs by providing insights into the Go garbage collector. It also provides guidance on how Go users may use these insights to improve their applications' resource utilization. It does not assume any knowledge of garbage collection, but does assume familiarity with the Go programming language. Th

                    A Guide to the Go Garbage Collector - The Go Programming Language
                  • Recommended alarms - Amazon CloudWatch

                    The following sections list the metrics that we recommend that you set best practice alarms for. For each metric, the dimensions, alarm intent, recommended threshold, threshold justification, and the period length and number of datapoints is also displayed. Some metrics might appear twice in the list. This happens when different alarms are recommended for different combinations of dimensions of th

                    • データレイクの新しいカタチ:Open Table Formatの紹介 - 流沙河鎮

                      はじめに Open Table Formatは次世代のデータレイクの基盤となり得る技術で、徐々に導入事例(末尾に列挙)が増えてきているものの、日本での認知度は発展途上な印象がある。本記事ではOpen Table Format登場の背景を紹介する。執筆にあたって、Apache Iceberg: An Architectural Look Under the CoversとAWSにおける Hudi/Iceberg/Delta Lake の 使いどころと違いについてを特に参考にした。 Open Table Formatとは? Open Table Formatとは、従来のデータレイクの技術的な課題&ユースケースの要請に応える形で登場した、データレイクに最適化されたテーブルフォーマットを指す概念で、上手く活用することでクエリプランニング、実行性能の最適化、効率的なUpdateやDelete、タイム

                        データレイクの新しいカタチ:Open Table Formatの紹介 - 流沙河鎮
                      • CVE-2020-19909 is everything that is wrong with CVEs | daniel.haxx.se

                        This is a story consisting of several little building blocks and they occurred spread out in time and in different places. It is a story that shows with clarity how our current system with CVE Ids and lots of power given to NVD is a completely broken system. CVE-2020-19909 On August 25 2023, we got an email to the curl-library mailing list from Samuel Henrique that informed us that “someone” had r

                        • Taming Go’s Memory Usage, or How We Avoided Rewriting Our Client in Rust — Akita Software

                          Taming Go’s Memory Usage, or How We Avoided Rewriting Our Client in Rust A couple months ago, we faced a question many young startups face. Should we rewrite our system in Rust? At the time of the decision, we were a Go and Python shop. The tool we’re building passively watches API traffic to provide “one-click,” API-centric visibility, by analyzing the API traffic. Our users run an agent that sen

                            Taming Go’s Memory Usage, or How We Avoided Rewriting Our Client in Rust — Akita Software
                          • Testing sync at Dropbox

                            …and how we rewrote the heart of sync with confidence. Executing a full rewrite of the Dropbox sync engine was pretty daunting. (Read more about our goals and how we made the decision in our previous post here.) Doing so meant taking the engine that powers Dropbox on hundreds of millions of user’s machines and swapping it out mid-flight. To pull this off, we knew we would need a serious investment

                              Testing sync at Dropbox
                            • Low-Level Software Security for Compiler Developers

                              1 Introduction Compilers, assemblers and similar tools generate all the binary code that processors execute. It is no surprise then that these tools play a major role in security analysis and hardening of relevant binary code. Often the only practical way to protect all binaries with a particular security hardening method is to have the compiler do it. And, with software security becoming more and

                              • WebKit Features in Safari 18.0

                                Safari 18.0 is here. Along with iOS 18, iPadOS 18, macOS Sequoia and visionOS 2, today is the day another 53 web platform features, as well as 25 deprecations and 209 resolved issues land in WebKit, the rendering engine driving Safari. New in Safari 18 Distraction Control Distraction Control lets you hide distracting items as you browse the web, such as sign-in banners, cookie preference popups, n

                                  WebKit Features in Safari 18.0
                                • Using localStorage in Modern Applications - A Comprehensive Guide | RxDB - JavaScript Database

                                  Using localStorage in Modern Applications: A Comprehensive Guide When it comes to client-side storage in web applications, the localStorage API stands out as a simple and widely supported solution. It allows developers to store key-value pairs directly in a user's browser. In this article, we will explore the various aspects of the localStorage API, its advantages, limitations, and alternative sto

                                    Using localStorage in Modern Applications - A Comprehensive Guide | RxDB - JavaScript Database
                                  • Maestro: Netflix’s Workflow Orchestrator

                                    By Jun He, Natallia Dzenisenka, Praneeth Yenugutala, Yingyi Zhang, and Anjali Norwood TL;DRWe are thrilled to announce that the Maestro source code is now open to the public! Please visit the Maestro GitHub repository to get started. If you find it useful, please give us a star. What is MaestroMaestro is a horizontally scalable workflow orchestrator designed to manage large-scale Data/ML workflows

                                      Maestro: Netflix’s Workflow Orchestrator
                                    • Byte Down: Making Netflix’s Data Infrastructure Cost-Effective

                                      By Torio Risianto, Bhargavi Reddy, Tanvi Sahni, Andrew Park Background on data efficiencyAt Netflix, we invest heavily in our data infrastructure which is composed of dozens of data platforms, hundreds of data producers and consumers, and petabytes of data. At many other organizations, an effective way to manage data infrastructure costs is to set budgets and other heavy guardrails to limit spendi

                                        Byte Down: Making Netflix’s Data Infrastructure Cost-Effective
                                      • News from WWDC24: WebKit in Safari 18 beta

                                        The last year has been a great one for WebKit. After unveiling Safari 17 beta at WWDC23, we’ve shipped six releases of Safari 17.x with a total of 200 new web technologies. And we’ve been hard at work on multiple architectural improvement projects that strengthen WebKit for the long-term. Now, we are pleased to announce WebKit for Safari 18 beta. It adds another 48 web platform features, as well a

                                          News from WWDC24: WebKit in Safari 18 beta
                                        • Error Handling In Rust - A Deep Dive | Luca Palmieri

                                          Error Handling In Rust - A Deep Dive May 13, 2021 8550 words 43 min This article is a sample from Zero To Production In Rust, a hands-on introduction to backend development in Rust. You can get a copy of the book at zero2prod.com. TL;DR To send a confirmation email you have to stitch together multiple operations: validation of user input, email dispatch, various database queries. They all have one

                                            Error Handling In Rust - A Deep Dive | Luca Palmieri
                                          • Compiling typed Python

                                            It’s been nine whole years since PEP 484 landed and brought us types from on high. This has made a lot of people very angry and been widely regarded as a bad move1. Since then, people on the internet have been clamoring to find out: does this mean we can now compile Python to native code for more speed? It’s a totally reasonable question. It was one of my first questions when I first started worki

                                            • Introducing AWS Step Functions redrive to recover from failures more easily | Amazon Web Services

                                              AWS Compute Blog Introducing AWS Step Functions redrive to recover from failures more easily Developers use AWS Step Functions, a visual workflow service to build distributed applications, automate IT and business processes, and orchestrate AWS services with minimal code. Step Functions redrive for Standard Workflows allows you to redrive a failed workflow execution from its point of failure, rath

                                                Introducing AWS Step Functions redrive to recover from failures more easily | Amazon Web Services
                                              • OpenSSH: Release Notes

                                                OpenSSH Release Notes OpenSSH 9.8/9.8p1 (2024-07-01) OpenSSH 9.8 was released on 2024-07-01. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed

                                                • systemd, 10 years later: a historical and technical retrospective

                                                  systemd, 10 years later: a historical and technical retrospective by V.R. I am not sure I am such a big fan of reimplementing NetworkManager… – Lennart Poettering’s famous last words, March 2011 10 years ago, systemd was announced and swiftly rose to become one of the most persistently controversial and polarizing pieces of software in recent history, and especially in the GNU/Linux world. The qua

                                                  • Hallucination (artificial intelligence) - Wikipedia

                                                    A Sora-generated video of the Glenfinnan Viaduct, incorrectly showing a second track where the real viaduct has only one, and second chimney on its apparent interpretation of the train The Jacobite. In the field of artificial intelligence (AI), a hallucination or artificial hallucination (also called bullshitting,[1][2] confabulation[3] or delusion[4]) is a response generated by AI which contains

                                                      Hallucination (artificial intelligence) - Wikipedia
                                                    • A decade of major cache incidents at Twitter

                                                      This was co-authored with Yao Yue This is a collection of information on severe (SEV-0 or SEV-1, the most severe incident classifications) incidents at Twitter that were at least partially attributed to cache from the time Twitter started using its current incident tracking JIRA (2012) to date (2022), with one bonus incident from before 2012. Not including the bonus incident, there were 6 SEV-0s a

                                                      • PostgreSQL at low level: stay curious! · Erthalion's blog

                                                        06 Dec 2019 0. How to read me? Yes, I know, it’s a long text, and it was my conscious decision to write it in this way. But fear not! Imagine that you read a book, take a look at the introduction and first few interesting sections, think about it and then find time to read further. I hope I’ve left enough references, so if you don’t get some ideas you’ll be able to read more information about inte

                                                        • What's New in Emacs 28.1?

                                                          Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y

                                                          • How Not To Mess Up Your Mix

                                                            However much studio trickery is considered 'normal' in a genre, the unwanted side-effects of processing can rob your mixes of impact. But it doesn't have to be that way Most of us are so accustomed to the side-effects of routine processing such as EQ and compression that we take them for granted. Indeed, some people will never have learned to identify them, but most will have experienced the cumul

                                                            • V8 Torque user manual · V8

                                                              V8 Torque is a language that allows developers contributing to the V8 project to express changes in the VM by focusing on the intent of their changes to the VM, rather than preoccupying themselves with unrelated implementation details. The language was designed to be simple enough to make it easy to directly translate the ECMAScript specification into an implementation in V8, but powerful enough t

                                                              • https://cheats.rs/rust_cheat_sheet.pdf

                                                                Rust Language Cheat Sheet 26. August 2021 Contains clickable links to The Book , Rust by Example , Std Docs , Nomicon , Reference . Data Structures Data types and memory locations defined via keywords. Example Explanation struct S {} Define a struct with named fields. struct S { x: T } Define struct with named field x of type T. struct S ​(T); Define "tupled" struct with numbered field .0 of type

                                                                • Secure Payment Confirmation

                                                                  Secure Payment Confirmation W3C Candidate Recommendation Draft, 13 December 2023 More details about this document This version: https://www.w3.org/TR/2023/CRD-secure-payment-confirmation-20231213/ Latest published version: https://www.w3.org/TR/secure-payment-confirmation/ Editor's Draft: https://w3c.github.io/secure-payment-confirmation/ Previous Versions: https://www.w3.org/TR/2023/CRD-secure-pa

                                                                  • AWS serverless data analytics pipeline reference architecture | Amazon Web Services

                                                                    AWS Big Data Blog AWS serverless data analytics pipeline reference architecture May 2022: This post was reviewed and updated to include additional resources for predictive analysis section. Onboarding new data or building new analytics pipelines in traditional analytics architectures typically requires extensive coordination across business, data engineering, and data science and analytics teams t

                                                                      AWS serverless data analytics pipeline reference architecture | Amazon Web Services
                                                                    • dbs-002.dvi

                                                                      Foundations and Trends R � in Databases Vol. 1, No. 2 (2007) 141–259 c � 2007 J. M. Hellerstein, M. Stonebraker and J. Hamilton DOI: 10.1561/1900000002 Architecture of a Database System Joseph M. Hellerstein1 , Michael Stonebraker2 and James Hamilton3 1 University of California, Berkeley, USA, hellerstein@cs.berkeley.edu 2 Massachusetts Institute of Technology, USA 3 Microsoft Research, USA Abstra

                                                                      • Guidance for investigating attacks using CVE-2023-23397 | Microsoft Security Blog

                                                                        February 15, 2024 update – On January 20, 2024, the US government conducted a disruption operation against infrastructure used by a threat actor we track as Forest Blizzard (STRONTIUM), a Russian state-sponsored threat actor, as detailed here: https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian December 4, 2023 update – Microsoft has ide

                                                                          Guidance for investigating attacks using CVE-2023-23397 | Microsoft Security Blog
                                                                        • Typestate - the new Design Pattern in Swift 5.9 | Swiftology

                                                                          SwiftologyMonthly articles on advanced Swift topics, functional programming, and software design. written byAlex Ozun This article will teach you 3 ideas: 1. Typestate Design Pattern. 2. The power of generic constraints. 3. Swift 5.9 new Noncopyable types and consuming functions. What is a Typestate design pattern?Typestate is a powerful design pattern that emerged in languages with advanced type

                                                                            Typestate - the new Design Pattern in Swift 5.9 | Swiftology
                                                                          • Using the circuit breaker pattern with AWS Step Functions and Amazon DynamoDB | Amazon Web Services

                                                                            AWS Compute Blog Using the circuit breaker pattern with AWS Step Functions and Amazon DynamoDB This post is written by Anitha Deenadayalan, Developer Specialist SA, DevAx Modern applications use microservices as an architectural and organizational approach to software development, where the application comprises small independent services that communicate over well-defined APIs. When multiple micr

                                                                              Using the circuit breaker pattern with AWS Step Functions and Amazon DynamoDB | Amazon Web Services
                                                                            • Building Reliable Distributed Systems in Node.js

                                                                              This post introduces the concept of durable execution, which is used by Stripe, Netflix, Coinbase, HashiCorp, and many others to solve a wide range of problems in distributed systems. Then it shows how simple it is to write durable code using Temporal’s TypeScript/JavaScript SDK. For an updated version of this post, see durable-execution.pdf Distributed systems When building a request-response mon

                                                                                Building Reliable Distributed Systems in Node.js
                                                                              • Jepsen: etcd 3.4.3

                                                                                The etcd key-value store is a distributed database based on the Raft consensus algorithm. In our 2014 analysis, we found that etcd 0.4.1 exhibited stale reads by default. We returned to etcd, now at version 3.4.3, to investigate its safety properties in detail. We found that key-value operations appear to be strict serializable, and that watches deliver every change to a key in order. However, etc

                                                                                • Horizontally scaling the Rails backend of Shop app with Vitess (2024) - Shopify

                                                                                  Horizontally scaling the Rails backend of Shop app with VitessShop app horizontally scaled a Ruby on Rails app with Vitess. This blog describes Vitess and our detailed approach for introducing Vitess to a Rails app. Good problems We experienced hockey stick growth after we launched the Shop app. We were glued to our dashboards and saw millions of users onboard onto the app. This was gratifying, bu

                                                                                    Horizontally scaling the Rails backend of Shop app with Vitess (2024) - Shopify