I joined Dropbox not long after graduating with a Master’s degree in computer science. Aside from an internship, this was my first big-league engineering job. My team had already begun designing a critical internal service that most of our software would use: It would handle asynchronous computing requests behind the scenes, powering everything from dragging a file into a Dropbox folder to schedul
Microsoft Entra security operations guide - Microsoft Entra
Microsoft has a successful and proven approach to Zero Trust security using Defense in Depth principles that use identity as a control plane. Organizations continue to embrace a hybrid workload world for scale, cost savings, and security. Microsoft Entra ID plays a pivotal role in your strategy for identity management. Recently, news surrounding identity and security compromise has increasingly pr
Last week, the drop-in audio chat app “Clubhouse” enabled rare unfettered Mandarin-language debate for mainland Chinese iPhone users, before being abruptly blocked by the country’s online censors on Monday February 8, 2021. Alongside casual conversations about travel and health, users frankly discussed Uighur concentration camps in Xinjiang, the 1989 Tiananmen Square protests, and personal experie
Go 1.20 Cryptography
The first second release candidate of Go 1.20 is out![1] This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. (By the way, that’s going great, and I’m going to write more about it here soon!) I’m pretty happy with the work that’s landing in it. There are both exciting new APIs, and invisible deep backend imp
Knowing how to profile a React application to improve real-world performance is a good tool in any front-end developer’s toolkit. The Profiler API allows us to do just that with insights on why and how long our components are rendering for. We can use the profiling data to find unnecessary and expensive renders that may be impacting performance negatively. Thankfully, it’s not that complicated. Le
Useful DevTools Tips and Tricks — Smashing Magazine
You might think you know all the tricks when it comes to browser DevTools, but did you know that there are dozens of panels and hundreds of features waiting to supercharge your debugging workflow? Whatever your debugging use case is, there’s probably a tool that’s right for the job. Let’s discover the most popular DevTools tips that can boost your productivity. When it comes to browser DevTools, w
The Trail of Bits Assurance practice has received an influx of Go projects, following the success of our Kubernetes assessment this summer. As a result, we’ve been adapting for Go projects some of the security assessment techniques and tactics we’ve used with other compiled languages. We started by understanding the design of the language, identifying areas where developers may not fully understan
インパクトのあるタイトルと、いくぶんセンセーショナルな宣伝もあってか、発売前から話題の書となっているようである。ただ、私としてはあまり期待が加熱するのは本書にとってよくないだろうと危惧する。以下、その危惧について述べる。なお、私が読んだのは (1) 原著、(2) 2015年のブレアの前著 Design Mom、(3) および現時点で参照可能ないくつかのネット上の情報である。翻訳書は(発売前なので)目を通していない。以下に述べる危惧のいくつかが、訳注や解説で解消されていることを願っている。 本書の内容 本書は(少なくとも書いてあることをそのまま読む限り)一般的な性教育の書である。それ以上に論争的な主張にコミットしてはいない。妊娠について男性の責任が強調されているのは確かだが、「フェミニズム」の書であると分類するほどの積極的な主張はあまりない。もちろん、こういった性教育の知識が日本で、とりわけ
Cloudflare Workersを使って定期的なタスク自動化を実質無料で行う(不要な画像、アカウントの定期削除など)
Cloudflare Workersなら定期的なタスクを自動化 Google Cloud Schedulerのような機能を実質無料で実行できます(1日あたり最大100,000リクエストまで) 実際に自分のサービスで使っている例 Cron 実行履歴(不要な画像の定期削除) 自分の扱っているサービスの場合1日1度不要な画像の処理を定期実行するので1日1リクエスト 30日で30リクエスト リクエスト サブリクエストを含めると先月(4月6日から〜5月6日まで) 1ヶ月あたり90リクエスト 1日あたり最大100,000リクエスト以内なので無料で使える! Cloudflare Workersの料金体系(2024/5/6現在) 2024年5月時点の料金体系 最新の料金情報はCloudflareの公式ウェブサイトで確認してください。 基本プラン Free: Cloudflare Workersの無料プラン
security-bulletins/2019-002.md at master · Netflix/security-bulletins
Advisory ID: NFLX-2019-002 Title: HTTP/2 Denial of Service Advisory Release Date: 2019-08-13 Severity: High Overview: Netflix has discovered several resource exhaustion vectors affecting a variety of third-party HTTP/2 implementations. These attack vectors can be used to launch DoS attacks against servers that support HTTP/2 communication. Netflix worked with Google and CERT/CC to coordinate discl
By Kevin Bock, iyouport, Anonymous, Louis-Henri Merino, David Fifield, Amir Houmansadr, Dave Levin August 7, 2020 On 2020-07-30, iyouport reported (archive) the apparent blocking of TLS connections with the encrypted SNI (ESNI) extension in China. iyouport says that the first occurrence of blocking was one day earlier, on 2020-07-29. We confirm that the Great Firewall (GFW) of China has recently b
SemVer in Rust: Tooling, Breakage, and Edge Cases — FOSDEM 2024 Last month, I gave a talk titled "SemVer in Rust: Breakage, Tooling, and Edge Cases" at the FOSDEM 2024 conference. The talk is a practical look at what semantic versioning (SemVer) buys us, why SemVer goes wrong in practice, and how the cargo-semver-checks linter can help prevent the damage caused by SemVer breakage. TL;DR: SemVer is
If you ever tried to learn guitar, chances are you are familiar with guitar tablatures. It is a simple way to visualize music for guitar, using ASCII characters to represent strings and frets as an alternative to sheet music. For instance, here are the first four measures of the song "Smoke on the Water" by Deep Purple: e|-----------------|-----------------|-----------------|-----------------| B|-
Falcon Content Update Preliminary Post Incident Report | CrowdStrike
Preliminary Post Incident Review (PIR): Content Configuration Update Impacting the Falcon Sensor and the Windows Operating System (BSOD) Updated 2024-07-25 1900 UTC Executive Summary PDF This is CrowdStrike’s preliminary Post Incident Review (PIR). We will be detailing our full investigation in the forthcoming Root Cause Analysis that will be released publicly. Throughout this PIR, we have used ge
Today we’re releasing React Native v0.66 for Android 12 and iOS 15 support alongside fixes and general updates. Highlights Handle taps on views outside parent bounds on Android New Bluetooth Permissions on Android Better Support for Apple Silicon, Xcode 13, and iOS 15 Hermes 0.9.0 Nightly and “Commitly” Releases Handle taps on child views outside parent boundaries on Android Thanks to @hsource f
iOS 16.2/iPadOS 16.2/watchOS 9.2/tvOS 16.2/macOS 13.1 Beta1がリリース フリーボードやステージマネージャで外部ディスプレイサポートなど【更新Public Betaが利用可能に】
Appleは日本時間10月26日、「iOS 16.2」「iPadOS 16.2」「watchOS 9.2」「tvOS 16.2」「macOS 13.1」の最初のベータ版を開発者向けにリリースしました。 パブリックベータ版はまだのようです。 更新10月28日:「iOS 16.2」「iPadOS 16.2」「macOS 13.1」の最初のパブリックベータ版が利用可能に 新たにリリースされたバージョン 今回確認された新機能や変更点 Freeform(フリーボード) ステージマネージャで外部ディスプレイのサポート 新しいホームアーキテクチャ 120Hz ProMotionのサポート Unintentional SOS Calls(意図しない緊急SOS) ソフトウェア・アップデート スリープウィジェットやメディケーションウィジェット【NEW】 これまでに確認されているバージョン パブリックベータにつ
EngineeringOpen SourceGitHub CLI project command is now generally available!Level up your use of GitHub Projects on the command line and in GitHub Actions with the new project CLI command. Effective planning and tracking is essential for developer teams of all shapes and sizes. Last year, we announced the general availability of GitHub Projects, connecting your planning directly to the work your t
ProductGitHub-hosted runners: Double the power for open sourceGitHub Actions continues its industry-leading support for the OSS community by doubling the Windows/Linux machine size to 4-vCPU runners at no cost for public repositories. GitHub is thrilled to announce the completion of an upgrade to our GitHub Actions-hosted runners by offering larger more powerful machines to open source developers.
How browsers work Stay organized with collections Save and categorize content based on your preferences. Preface This comprehensive primer on the internal operations of WebKit and Gecko is the result of much research done by Israeli developer Tali Garsiel. Over a few years, she reviewed all the published data about browser internals and spent a lot of time reading web browser source code. She wrot
How to Send Scheduled Reminders via Google Keep on Your Android Phone
Google Keep isn't just for notes. You can also use it to send reminders to yourself or others, either at a certain time or when you enter a location. Google Keep is a solid choice for taking notes. But it's so much more than that. You can even use it to set up scheduled reminders ripe with context to be sent to yourself or anyone else, like an elderly family member or the spouse that seems to alwa
ContentsThe basics of how to use :has() as a parent selectorA practical example using :has() with CSS GridUsing :has() with the child combinatorUsing :has() with sibling combinatorsStyling form states without JSDark mode toggle with no JSAnd moreThe :has() revolution It’s been a long-standing dream of front-end developers to have a way to apply CSS to an element based on what’s happening inside th
Hacking with Environment Variables Interesting environment variables to supply to scripting language interpreters Introduction On a recent project we gained the ability to specify environment variables but not the process that was executed. We were also unable to control the contents of a file on disk, and bruteforcing process identifiers (PIDs) and file descriptors found no interesting results, e
New for AWS Lambda – 1ms Billing Granularity Adds Cost Savings | Amazon Web Services
AWS News Blog New for AWS Lambda – 1ms Billing Granularity Adds Cost Savings What I like about AWS Lambda is that it lets you run code without provisioning or managing servers, and you pay only for what you use. Since we launched Lambda in 2014, you have been charged for the number of times your code is triggered (requests) and for the time your code executes, rounded up to the nearest 100ms (dura
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaTrace
Originally Posted @ December 14th & Last Updated @ December 19th, 3:37pm PST Just trying to fix this? Please read our dedicated Mitigation Guide. After the log4j maintainers released version 2.15.0 to address the Log4Shell vulnerability, an additional attack vector was identified and reported in CVE-2021-45046. Our research into this shows that this new CVE invalidates previous mitigations used to
この記事は さくらインターネット Advent Calendar 2019 5日目の記事です。 さくらインターネット研究所の大久保です。 昨日公開した前編では、弊社のIaaSであるさくらのクラウド上で提供している「エンハンスドロードバランサ」機能について、概要と全体構成の紹介をさせていただきました。 後編となる本稿では、システムを構成する各パーツの詳細について引き続き紹介したいと思います。 VIPフェイルオーバ機能について 今回まずはじめに、DDoS攻撃対策として実装した機能について紹介します。 が、あらかじめ申し上げておきますと、これでどんなDDoSにも完璧に対応できます! というものではありません 😇 一般的なDDoSミティゲーションの仕組みでは、DPI(Deep Packet Inspection)を用いて攻撃トラフィックのみを抽出破棄し、正常なトラフィックのみを通過させることが行
How we made Vite 4.3 faaaaster 🚀 Just like @sapphi-red said, Vite 4.3 has made amazing performance improvements over Vite 4.2. These benchmarks based on a large project with 1000 react components. And these react components were transformed by vite-plugin-react and vite-plugin-react-swc. As a new rookie on the team, I am so glad that I've joined this party. To let more people know what we did to
ISP Column - October 2022
There is a common view out there that the QUIC transport protocol (RFC 9000) is just another refinement to the original TCP transport protocol [1] [2]. I find it hard to agree with this sentiment, and for me QUIC represents a significant shift in the set of transport capabilities available to applications in terms of communication privacy, session control integrity and flexibility. QUIC embodies a
Coronavirus, intensive care doctors in Lombardy: “Timely actions or disastrous health calamity”. The access priority hypothesis: “Whoever has the most chance of survival first” | News1 English
< div id=”article-body-5729020″> Place a age limit for access to intensive care, based on the greatest possibilities of survival. That’s what the Italian society of anesthesia, analgesia, resuscitation and intensive care in a technical document related to the emergency coronavirus. “It may be necessary to place an age limit on entry into intensive care. It is not a question of making merely valuab
Nginxは起動しているが temporarily unavailable エラーが発生している。 画面上にはエラー原因に関する情報は書かれていない。 こんな場合、どのように調査して解決すれば良いのか。 今回はNginxで「temporarily unavailable」エラーの調査方法を紹介する。 「temporarily unavailable」エラーとは 「temporarily unavailable」とはNginxのデフォルトのエラー画面である。 メッセージ自体は「このページは一時的に利用不可になっています。表示されているのはデフォルトのエラーページです。カスタマイズ可能ですよ。」と言っているだけなので、エラーに関する有益な情報は表示していない。 Nginxのエラーページ The page you are looking for is temporarily unavailabl
Gyms. Bars. The White House. See how superspreading events are driving the pandemic
THE SCIENCE OF SUPERSPREADING Why preventing hot spots of transmission is key to stopping the COVID-19 pandemic By Martin Enserink, Kai Kupferschmidt, and Nirja Desai 30 October 2020 In late February, drug company Biogen held its annual conference in Boston. The United States had fewer than 20 known COVID-19 cases at the time. But one of the roughly 200 attendees must have carried the virus. It tr
概要 GitHub Actions は、ビルド、テスト、デプロイのパイプラインを自動化できる継続的インテグレーションと継続的デリバリー (CI/CD) のプラットフォームです。 リポジトリに対するすべての pull request をビルドしてテストしたり、マージされた pull request を運用環境にデプロイしたりするワークフローを作成できます。 GitHub Actions は、DevOps であるだけでなく、リポジトリで他のイベントが発生したときにワークフローを実行できます。 たとえば、リポジトリで新しい issue が作成されるたびに、適切なラベルを自動的に追加するワークフローを実行できます。 GitHub では、ワークフローを実行するための Linux、Windows、macOS 仮想マシンが提供されます。また、自身のデータセンターまたはクラウド インフラストラクチャで独自
Rails 7.0 RC1: New JavaScript Answers, At-Work Encryption, Query Origin Logging, Zeitwerk Exclusively
Rails 7.0 RC1: New JavaScript Answers, At-Work Encryption, Query Origin Logging, Zeitwerk Exclusively We’re almost ready to declare Rails 7 done! The feedback since the first alpha release has been wonderful, we’ve eliminated a slew of issues, and we’ve seen Basecamp, HEY, GitHub, and Shopify all run in production on this alpha series. So we now feel so confident that this is nearly ready that we’
週刊Railsウォッチ(20200413前編)最近macOSでRailsが遅い、トランザクションでのreturnやbreakなどが非推奨化、Rails監視ツールリスト2020年度版ほか|TechRacho by BPS株式会社
2020.04.13 週刊Railsウォッチ(20200413前編)最近macOSでRailsが遅い、トランザクションでのreturnやbreakなどが非推奨化、Rails監視ツールリスト2020年度版ほか こんにちは、hachi8833です。カレンダーのリマインダーで気づきましたが、本当なら今日(注: つっつきが行われた4/10木曜日)からRubyKaigi 2020だったんですね。 末娘の入学式に出れたのはRubyKaigi中止されたたった一つの良いことだなあ。 — Yukihiro Matzmotto (@yukihiro_matz) April 9, 2020 つっつきボイス:「そうかRubyKaigiのはずか〜」「もう入学式のシーズン🎓」「子どもの入学式とRubyKaigiとどっち取る問題ってありそうですね」 ⚓Rails: 先週の改修(Rails公式ニュースより) 今回もコミ
Update 2023-03-29: In August 2021 Apple acquired Primephonic the company. On March 28, 2023 Apple launched Apple Music Classical as a new app. This new app is built on the foundations of the Primephonic app, the fundamentals of the Server Driven UI architecture as described in this post remain the same. Note: This post is based on a talk I gave at CocoaHeadsNL in July 2020. Warning: because this i
How Threads will integrate with the Fediverse – plasticbag.org
This is an exceptionally long post detailing pretty much everything I learned at an event shortly before Christmas at Meta’s offices in San Francisco. I’ve been delayed in writing it up because of traveling back to the UK for Christmas and other commitments – and because I wanted to capture everything. It’s roughly written, and I’ll probably edit it a bit after posting. If you have questions or co
40 Ms Bug
40 millisecond bug This is a small story about tracking down a production bug in a Rust application. I don’t know if there’s any take away from this one for the reader, but it felt interesting so I’m sharing it. A bit of backstory In Avast, we have a Rust application called urlite. It serves as a backend to some other applications, provides them a HTTP API. It’s in Rust because it is latency criti
GitHub Actions: GitHub-hosted runners now run Node.js 16 by default
GitHub Actions: GitHub-hosted runners now run Node.js 16 by default actions December 10, 2021 In the latest update to our GitHub-hosted runners virtual environments, Node.js 16 has become the default version of node and npm 8 has become the default version of npm. To select the version of Node.js that you use for your projects, we encourage you to use the setup-node action. For questions, visit th
COVID ECONOMICS VETTED AND REAL-TIME PAPERS FROM THE GREAT RECESSION TO THE PANDEMIC RECESSION Francis X. Diebold ELECTORAL POLITICS AND SMALL BUSINESS LOANS Ran Duchin and John Hackney GROWTH FORECASTS AT END-2020 Javier G. Gómez-Pineda STOP-AND-GO EPIDEMIC CONTROL Claudius Gros and Daniel Gros CONSUMPTION RESPONSES TO STIMULUS PAYMENTS So Kubota, Koichiro Onishi and Yuta Toyama CHILD CARE CLOSUR
New in PHP 8 - stitcher.io
What's new in PHP 8 PHP 8 was released on November 26, 2020. You can download it here. It's a new major version, which means that there are some breaking changes, as well as lots of new features and performance improvements. Because of the breaking changes, there's a higher chance you'll need to make some changes in your code to get it running on PHP 8. If you've kept up to date with the latest re
Removing the stigma of a CVE
SecurityRemoving the stigma of a CVEDo you worry that a CVE will hurt the reputation of your project? In reality, CVEs are a tracking number, and nothing more. Here's how we think of them at GitHub. A CVE is a unique identifier, assigned to a security vulnerability. It’s just a tracking number, intended to make it easy to search for information about the vulnerability. Unfortunately, there are som
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How we designed Dropbox’s ATF - an async task framework
Clubhouse in China: Is the data safe?
The definitive guide to profiling React applications
Security assessment techniques for Go projects
ガブリエル・ブレア『射精責任』メモ|KIRA Takayuki
Exposing and Circumventing China's Censorship of ESNI
SemVer in Rust: Tooling, Breakage, and Edge Cases — FOSDEM 2024
Playing guitar tablatures in Rust
Announcing React Native 0.66 · React Native
GitHub CLI project command is now generally available!
GitHub-hosted runners: Double the power for open source
How browsers work | Articles | web.dev
Using :has() as a CSS Parent Selector and much more
Hacking with Environment Variables
さくらのクラウド「エンハンスドLB」を作った話(後編) - Qiita
How we made Vite 4.3 faaaaster
Nginxで「temporarily unavailable」エラーの調査方法 - ITips
GitHub Actions を理解する - GitHub Docs
Server Driven UI – Tom Lokhorst's blog
Macroprudentialism