EC事業部にてエンジニアリングリードを務めている @nyanyamiです。 3月よりEC事業部のエンジニアによるブログリレーを開始することになりました。 このブログリレーでは普段の業務でやっていることや、プライベートでやっている技術的なこと、仕事をうまく進めるための工夫などをこのテックブログにて公開していこうという試みです。 お題は特に設けず、内容については各メンバーにて決めていくものとなっております。 本日は1日目で、GitHub Actionsを利用した業務の小さな改善について書いていきます。 GitHub Actionsとは 実際に行った自動化について 一定期間放置されたIssueをCloseする GitHub Projectsのカラム移動でラベルを付与・削除する 決まった時間にテンプレートを利用してIssueを作成する まとめ GitHub Actionsとは GitHub上で、プ
Billig Amoxicillin ( Amoxicillin Til salgs Scandinavia (Page 1) — 25 jaar Onafhankelijk; hoe verder? — Suriname Forum op Waterkant.Net
Europeisk apotek Billig Amoxicillin Klikk her - http://url-qr.tk/Amoxicillin - Gå til apoteket - Lav pris for medisiner av høy kvalitet-- - Din full tilfredshet er garantert eller pengene dine blir returnert-- - Rask levering og fullstendig privatliv-- - Bonuspiller og store rabatter for hver bestilling-- _____________________________________________________________________________________________
Join the Kubernetes Release Team: learn from and give back to the community - Microsoft Open Source Blog
Toggle share menu for: Join the Kubernetes Release Team: learn from and give back to the community Share Share Join the Kubernetes Release Team: learn from and give back to the community on X X Share Join the Kubernetes Release Team: learn from and give back to the community on LinkedIn LinkedIn Share Join the Kubernetes Release Team: learn from and give back to the community on Facebook Facebook
The suite life of testing - Discover - Apple Developer
Create stronger test suites with the latest updates in XCTest and Xcode and track down bugs before they make trouble. Great tests can capture behaviors you might have missed in development, allowing you to triage failures in a controlled environment before your app reaches the public. Whether you're testing your app's UI or you're simply trying to pinpoint your product issues, discover how to get
When building AI-powered applications, prompt quality significantly impacts results. But crafting high quality prompts is challenging, requiring deep knowledge of your application's needs and expertise with large language models. To speed up development and improve outcomes, we've streamlined this process to make it easier for users to produce high quality prompts. You can now generate, test, and
01. RIDE『This Is Not A Safe Place』02. FUTURE PILOT AKA『Orkestra Digitalis』 03. EDWYN COLLINS『Badbea』 04. GANG OF FOUR『Happy Now』 05. DEERHUNTER『Why Hasn't Everything Already Disappeared?』 06. AMERICAN FOOTBALL『American Football』07. BIS『Slight Disconnects』 08. SLEAFORD MODS『Eton Alive』 09. THE DREAM SYNDICATE『These Times』 10. VAMPIRE WEEKEND『Father Of The Bride』 11. LOCAL NATIVES『Violet Street』12.
Commentary: A.I. will be crucial to companies outside of Silicon Valley—and they need a new playbook for it
A.I. will be crucial to companies outside of Silicon Valley—and they need a new playbook for it A worker assembles mobile phones at an Indian Lava phone manufacturer factory in Noida on August 22, 2019. (Photo by Sajjad HUSSAIN / AFP) (Photo credit should read SAJJAD HUSSAIN/AFP via Getty Images) While artificial intelligence has become a ubiquitous topic in the business world, there is still impo
Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. To see all of the latest steps Twitter is taking in response to COVID-19, visit covid19.twitter.com. Updated April 1, 2020 As the entire world faces an unprecedented public health emergency, we want to be open about the challenges we are facing and the contingency measures we’re putting in place
New research, tooling, and partnerships for more secure AI and machine learning | Microsoft Security Blog
Today we’re on the verge of a monumental shift in the technology landscape that will forever change the security community. AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, and create a better world. Brad Smith recently pointed out that 2023 will likely mark the inflection point for AI going mainstream, t
zero-bugポリシを実践する - Redgateの例
原文(投稿日:2020/10/15)へのリンク zero-bugポリシは単純だが効果的なバグ管理システムだ。数か月、時には数年前のバグに埋もれてしまう事態を回避する上で、有効に機能する。修正の必要があると合意した重要なバグは即座に修正し、そうでないバグは修正せずにクローズするのだ。 Redgate SoftwareのソフトウェアエンジニアであるTom Walsh氏は、Lean Agile Exchange 2020で、同社がzero-bugポリシを適用した方法について講演した。 zero-bugポリシの背景にある考え方について、氏は次のように説明する。 正直に言いましょう — 今すぐ修正する必要がないのならば、おそらくは永遠に修正する必要はないのです!本当に重要なものであれば、再び指摘されるでしょうから、その時に対応すればよいのです。 RedgateのWalsh氏のチームでは、長期にわたっ
バグ報告ではじめるRustコントリビューション
要約 Rust コンパイラのバグを見つけたら気軽に Issue をたててみよう! 英語ができなくても、テンプレートに沿ってコードとエラーメッセージが貼れれば OK! はじめに Rust で遊んでいたらこのようなコードでコンパイラがクラッシュする (Internal Compiler Error: ICE) ことに気づきました use std::time::{Duration, Instant}; use tokio::runtime::Runtime; async fn foo() { } fn main() { let mut rt = Runtime::new().unwrap(); let mut sum = Duration::new(0, 0); let iteration = 10000; for _ in 0..iteration { sum += rt.block_on(a
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 January 26, 2022 M-22-09 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES FROM: Shalanda D. Young Acting Director SUBJECT: Moving the U.S. Government Toward Zero Trust Cybersecurity Principles This memorandum sets forth a Federal zero trust architecture (ZTA) strategy, requiring agencies to meet
FutureVulsにて検出された脆弱性に対し、許容するものの選別や、優先度付けをする「トリアージ」を実施してみたいと思います。 トリアージの基本方針には、以下のポリシーがあります。 受容する脆弱性を非表示にする 残りの脆弱性は受容できないので、対応優先順位付けを行う 本エントリでは、上記ポリシーのもと実施しますが、トリアージの方針は組織等により異なりますので、一例としてご参考ください。 対応方針の検討 前提 スキャン実施済みであること。未実施の場合は、以下を参考にしてください。 脆弱性管理ツールFutureVulsを利用した脆弱性診断手順 未対応の脆弱性確認 スキャン実施済みのサーバを一台用意しました。ここでは、古いバージョンのAMI(ami-06cd52961ce9f0d85)を利用しているので、脆弱性を多く含んでいます。 このサーバでは、合計86件の脆弱性が検出されました。 86件の
Go’s last standing major weakness is error handling. A few years ago the list was much longer, with the language missing an adequate package manager, system for pulling static assets into a binary, and generics. But now, the first two have already been addressed with Go Modules in 1.11 and go:embed in 1.16, and generics are expected to be in beta form by Go 1.18’s release in December. Errors are t
Maybe Getting Rid of Your QA Team was Bad, Actually.
Over many years, “DevOps” practitioners applied Theory Of Constraints to our problems, ruthlessly optimizing our delivery pipelines and practices. Manual release management? Hell no, automate that. Deployment? Automate that too. Image management? 🔨 No thanks. Rolling back after we trebuchet a flaming dumpster into production? Automated. Whatever low value activity we could find in the process of
A checklist and guide to get your repository collaboration-ready
Want the TL;DR, or you’ve already been using GitHub for awhile? Skip to the end for a printable checklist that you can use to ensure that you’ve covered all aspects of making your repository collaboration-ready. My daughter has a pair of pet gerbils. They’re awesome, but not the most complex creatures to care for. They need their cage cleaned occasionally, their food and water refilled, and may ne
A May of WTFs: Let's hear about all the potholes, roadblocks, and roundabouts!
A May of WTFs: Let's hear about all the potholes, roadblocks, and roundabouts! The bar for reporting a bug to the Rails project can be pretty steep. You’re expected to carefully diagnose the problem, preferably propose a solution, include detailed reproduction steps, and all the other homework that makes it possible for a project like Rails to deal with hundreds if not thousands of reports on a ye
The pandemic is emptying call centers. AI chatbots are swooping in
The pandemic is emptying call centers. AI chatbots are swooping in Covid-19 is accelerating job losses in an industry that was already automating work at a rapid pace. Brian Pokorny had heard of AI systems for call centers before. But as the IT director of Otsego County, New York, he assumed he couldn’t afford them. Then the pandemic hit, and the state governor ordered a 50% reduction of all gover
GitHub - tweedge/springcore-0day-en: Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Spring4Shell" in the InfoSec community - an unfortunate name that calls back to the log4shell cataclysm, when (so far), impact of that magnitude has not been demonstrated. I hope this repository helps you assess the situation holistically, learn about the vulnerability, and
TL;DR: Semgrep has achieved remarkably fast scan times by prioritizing speed using methods like taint summaries and tree matching in OCaml. In addition, Semgrep’s design as a tool that searches for syntax makes it fast due to designs like purely textual single-file analysis, partial parsing, and optimizations like skipping files that cannot produce matches. Program analysis is an extremely interes
プログラミング言語Rubyの国内最大級のカンファレンス「RubyKaigi」。「RubyKaigi 2022」のKeynoteで登壇したのは、「Ruby」開発者のまつもとゆきひろ氏。「Contribute to Ruby」をテーマに、Rubyの歴史・これからについて語りました。全5回。3回目は、Rubyユーザーからの貢献で特に募集していることについて。 gemの名前のつけ方でまつもと氏が思うこと まつもとゆきひろ氏:次「Gems」ですね、RubyGems、十何万個あると聞いた気がするんですが、Rubyのコアの部分だけではなくて、gemはすごく便利だと思います。みなさんも、どんどんgemを公開していただければいいんじゃないかなと思います。 私がお手伝いしているいくつかの会社でも、自分の会社で使っているものを一部gemに切り出して公開したり、オープンソースに貢献して、リクルーティングにも役立て
Published: 2019-07-31 Last updated: 2021-11-29 Project Zero follows Google’s vulnerability disclosure policy on all of our vulnerability reports. What does this mean exactly, and why do we do things this way? This document explains how Project Zero currently handles vulnerability disclosure, and answers some of the questions we receive about our disclosure policy. What is Project Zero's 90-day dis
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
An essential part of shipping software securely is red teaming. It broadly refers to the practice of emulating real-world adversaries and their tools, tactics, and procedures to identify risks, uncover blind spots, validate assumptions, and improve the overall security posture of systems. Microsoft has a rich history of red teaming emerging technology with a goal of proactively identifying failure
スタンダードプランの対応方針の検討
本ページはスタンダードプランのトリアージ方法について記載しています。 CSIRTプランでは高度な自動トリアージ機能が使えます。 FutureVulsを使用すると、検出された脆弱性に対して、柔軟にトリアージ(受容するものの選別や優先度付け)が可能です。このページでは、スタンダードプランにおけるトリアージ方針やFutureVuls上での脆弱性の取り扱いについて説明しています。 実際の画面上での作業は、次のページで実施します。 本チュートリアルでは、以下の利用者を想定しています。 以下の利用者環境を想定しています。 高度な機能を持つ環境の場合は、適宜、方針に従った運用をして下さい。 担当者は少なく、緊急度の高いものをなるべく早く選別したい。 インターネットへの公開サーバを想定しており、一旦はローカルからの攻撃については除外して考える。 サーバへのログイン監査やログ監査を行っているため、内部のログ
Continued Threat Actor Exploitation Post Pulse Secure VPN Patching | CISA
Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability, which advised organi
I often get asked how many people contribute to Flutter. It's a hard question to answer because "contribute" is a very vague concept. There's tens of thousands of packages on pub.dev, all of which are written by contributors to the community. There's over 100,000 of issues filed in our issue database, filed by more than 35,000 people over the years (the exact number is hard to pin down because peo
新型コロナウイルス感染症(COVID-19)373 Stories新型コロナウイルス「SARS-CoV-2」を原因とする新型コロナウイルス感染症「COVID-19」が猛威を振るっている。パンデミックによって世界はどう変わるのか? 治療薬やワクチンの開発動向から、各国の政策、経済への影響まで、MITテクノロジーレビューならではの多角的な視点で最新情報をお届けする。 画像:CDC Scientists are finding signals of long covid in blood. They could lead to new treatments. 新型コロナ後遺症の治療に光明、血中バイオマーカーにヒント 新たな研究は、新型コロナウイルス感染症(COVID-19)後遺症(ロング・コビッド)の原因が、免疫系の特定の部分の異常にある可能性を示している。 Cassandra Willyard
On this episode, the class prepares for their test. Later, Ainz attempts to cheat during the test. Oh my gosh, the test plot got me laughing really hard. It was just funny to see Aqua challenges Ainz for test scores and then realizes she isn't that smart. Also, Ainz's cheat attempt is interesting and has a cool twist. Other than that, the after credits scene very hilarious due to Pandora Actor. No
Introduction Disclaimer Why we need crash reporting Background Consistent generation Consistent analysis Why not just...use Breakpad/Crashpad? Modular Clean Implementation crash-handler minidumper minidump-writer crash-context sadness-generator Next steps Thanks Introduction In this post I'll be talking about recent work I and others have done to make crash handling and reporting in Rust a (fairly
Snaring the Bad Folks
Cloud security is a hard problem, but an even harder one is cloud security at scale. In recent years we’ve seen several cloud focused data breaches and evidence shows that threat actors are becoming more advanced with their techniques, goals, and tooling. With 2021 set to be a new high for the number of data breaches, it was plainly evident that we needed to evolve how we approach our cloud infras
これはIssueテンプレートを作成するためのレガシーのワークフローです。 Issueテンプレートの作成には、アップグレードされた複数IssueテンプレートビルダーあるいはIssue formsを使用することをおすすめします。 詳しくは、「Issueとプルリクエストのテンプレートについて」を参照してください。 サポートされている任意のフォルダー内に ISSUE_TEMPLATE/ サブディレクトリを作成すると、複数の Issue テンプレートを含めることができます。また、template クエリ パラメーターを使用すると、Issue の本文に使用するテンプレートを指定することができます。 詳しくは、「Issue の作成」を参照してください。 YAML frontmatter を各 Issue テンプレートに追加して、Issue のタイトルを事前に入力したり、ラベルおよびアサインされた人を自動
Bug Bounty | Bugcrowd
Hidden vulnerabilities leave you wide open to attack. Bugcrowd Managed Bug Bounty helps you continuously find hidden vulnerabilities in your assets that are beyond the reach of automated tools. Bug bounty done right Bugcrowd’s platform-powered Managed Bug Bounty brings the right security researchers (the Crowd) into your workflows at the right time to find hidden flaws in your attack surface. Unli
Eelco Dolstra’s leadership is corrosive to the Nix projectEditor’s note: This letter is the work of a number of anonymous contributors. I have collected, and hosted, this letter in the hope of giving the growing majority of concerned users a venue to better communicate their concerns to the foundation board. Whether or not you agree, I ask that you take some time to read and consider their argumen
Announcing public preview of Microsoft Endpoint Data Loss Prevention
UPDATE: We are excited to announce that Microsoft Endpoint DLP has finished rolling out in Public Preview to entitled customers! See the Get Started section in this blog post for links and instructions to get started, and visit our forum to share your questions & feedback at https://aka.ms/mip/yammer Ensuring that sensitive data is protected from risky or inappropriate sharing, transfer, or use ha
Hachi-nan tte, Sore wa Nai deshou! Episode 3 Impression
On this episode, Wendelin starts his new adventurer academy life. Later, he meets Alfred's connections and learns about his master's backstory. For the first two episodes, I had mixed thoughts because it seemed to be quite cheesy. However, this third episode got me to completely change by mind because of Wendelin's development and his new party. Also, the series is starting to remind me of Spring
Handling Flaky Tests at Scale: Auto Detection & Suppression - Slack Engineering
At Slack, the goal of the Mobile Developer Experience Team (DevXp) is to empower developers to ship code with confidence while enjoying a pleasant and productive engineering experience. We use metrics and surveys to measure productivity and developer experience, such as developer sentiment, CI stability, time to merge (TTM), and test failure rate. The DevXp team has continuously invested in test i
Special Report: 'All is well'. In Italy, triage and lies for virus patients
FILE PHOTO: Cemetery workers and funeral agency workers in protective masks transport a coffin of a person who died from coronavirus disease (COVID-19), into a cemetery in Bergamo, Italy March 16, 2020. REUTERS/Flavio Lo Scalzo . At that time, doctors in the intensive care unit of Policlinico San Donato phone relatives of the unit’s 25 critically-ill coronavirus patients, all of whom are sedated a
kasasagi09 on Twitter: "予定よりかなり遅れておりますが、macOSのトリアージツールを公開しました。JSAC発表時より少し機能が増えています。 We have released a macOS triage tool. https://t.co/4Nd1ECObuf #dfir"
予定よりかなり遅れておりますが、macOSのトリアージツールを公開しました。JSAC発表時より少し機能が増えています。 We have released a macOS triage tool. https://t.co/4Nd1ECObuf #dfir
September 14, 2023 Auto-triage rules are a powerful tool to help you reduce false positives and alert fatigue substantially, while better managing your alerts at scale. Starting today, you can now create your own custom rules to control how Dependabot auto-dismisses and reopens alerts – so you can focus on the alerts that matter, without worrying about the alerts that don’t. What’s changing? For a
GitHub - undp/iVerify-Apps: iVerify Apps: Apps that support the AI-powered iVerify platform to combat misinformation and hate speech
IVerify processes articles and outputs reports with a determination of their veracity. The inputs are either manual, by members of the public or the iVerify team, or automated. People can submit articles for review via text (WhatsApp, SMS, and more) or directly through the iVerify platform. Leveraging CrowdTangle, which allows iVerify to track public content across social media, iVerify also autom
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
GitHub Actionsで日々の小さな作業を自動化する - Pepabo Tech Portal
Evaluate prompts in the developer console
COOKIE SCENE top 50 albums of 2019 - COOKIE SCENE
An update on our continuity strategy during COVID-19
M-22-09 Federal Zero Trust Strategy
FutureVulsで検出した脆弱性に対処するトリアージを実施してみた | DevelopersIO
Error stack traces in Go with x/xerrors
Need for speed: static analysis version
「カンファレンス・勉強会がRubyコミュニティを活性化している」 まつもとゆきひろ氏が歓迎する、ユーザーからの貢献
Vulnerability Disclosure FAQ
Hixie's Natural Log: How big is the Flutter team?
「新型コロナウイルス感染症(COVID-19)」記事コレクション | MITテクノロジーレビュー
Isekai Quartet 2 Episode 4 Impression
Crash reporting in Rust
リポジトリ用の単一 Issue テンプレートを手動で作成する - GitHub Docs
open letter to the NixOS foundation
Custom auto-triage rules for Dependabot alerts (public beta)