2021年12月10日、Javaベースのログ出力ライブラリ「Apache Log4j」の2.x系バージョン(以降はLog4j2と記載)で確認された深刻な脆弱性を修正したバージョンが公開されました。セキュリティ関係組織では過去話題になったHeartbleedやShellshockと同レベルの脆弱性とも評価しています。ここでは関連する情報をまとめます。 1.何が起きたの? Javaベースのログ出力ライブラリLog4j2で深刻な脆弱性(CVE-2021-44228)を修正したバージョンが公開された。その後も修正が不完全であったことなどを理由に2件の脆弱性が修正された。 広く利用されているライブラリであるため影響を受ける対象が多く存在するとみられ、攻撃が容易であることから2014年のHeartbleed、Shellshock以来の危険性があるとみる向きもあり、The Apache Software
欧州にて「バッテリーを容易に取り外して交換できる製品設計」をメーカーに義務付けへ。携帯型ゲーム機も対象との報道 - AUTOMATON
🔋 Greener batteries ♻️ More recycling 🚯 Less pollution The Council has adopted today new rules that will, for the first time ever, cover the whole life cycle of batteries. The goal is to make batteries sustainable while keeping the sector competitive. 👇 — EU Council (@EUCouncil) July 10, 2023 今回欧州評議会が採択した新たな規制は、バッテリーの製造からリサイクルまでのライフサイクル全体を見直し、循環型経済を促進することを目的にしているという。そのなかで、家電製品などに搭載されるバッテリーについて、
Intro 以前から騒がれていた Apple によるサイドローディング周りの緩和について、正式な情報公開があった。 Apple announces changes to iOS, Safari, and the App Store in the European Union - Apple https://www.apple.com/newsroom/2024/01/apple-announces-changes-to-ios-safari-and-the-app-store-in-the-european-union/ ストアやペイメントの緩和もあるが、ここでは WebKit に関する部分だけを抜粋し、どのような条件があるのかをまとめておく。 筆者が公開情報を読んで解釈したものなので、内容は保証しない。 前提 iOS/iPadOS に入れられるブラウザには、 WebKit を用いる必要が
スパルタ人はわざと重い鉄貨を使ったのか?
友達が最近藤村シシンさんがFGOをギリシャ史と絡めて解説する動画にハマったらしい。ヲタトークをしていたらシシンさんの動画が面白かったという話をしていて、それはいいんだけど、「古代スパルタだとお金をわざと重くして人々が堕落しないようにしてたんだって!」と楽しそうに語りだしたので「そんなことある???」と思ってしまった。古代ギリシャ史については素人だけど、流石にちょっと胡散臭くないか? ということで調べてみました! 動画はこれ。 https://www.youtube.com/watch?v=1R-hpr7FJdI まあトーク番組だから出典をいちいち挙げないのは当然として、じゃあ何がソースなんだろうと思ってちょっと検索してみたら、元ネタはプルタルコスの『英雄伝』なのね……『英雄伝』はギリシャ・ローマの英雄たちの逸話を紹介してる本で、日本語訳も複数出てるけど、増田は素人だから手元になくて近所の図
訳文;「そこにはなんの報酬もありません。このゲームが何を為していてどう機能しているのか、ただただ見ていたかったのです」ジェンキンズ、カーソン、ホッキング、『Outer Wilds』へつづく2,3の論考 - すやすや眠るみたくすらすら書けたら
翻訳の秋が今年もきました。また去年みたく面白い記事をいくつか見つけて勝手に紹介したいところです! 去年アップした『訳文;「"好奇心駆動型の冒険"とでも言うべき特殊なタイプの冒険に報酬を与えるゲームをつくりたい、それが『Outer Wilds』の主目的です」A・ビーチャム氏の論文より』で翻訳紹介した論考のなかで、参照文献として挙げられていた文献のうち2つ、ヘンリー・ジェンキンズ著『GAME DESIGN AS NARRATIVE ARCHITECTURE(物語による建築物としてのゲームデザイン)』とボニー・ルバーク取材『Clint Hocking Speaks Out On The Virtues Of Exploration(クリント・ホッキングが語る冒険の美徳)』。別記事1つ、ドン・カーソン著『Environmental Storytelling: Creating Immersive
HTTP/3: the past, the present, and the future09/26/2019 This post is also available in 简体中文, 日本語, 한국어, Français, Español. During last year’s Birthday Week we announced preliminary support for QUIC and HTTP/3 (or “HTTP over QUIC” as it was known back then), the new standard for the web, enabling faster, more reliable, and more secure connections to web endpoints like websites and APIs. We also let
The forgotten mistake that killed Japan's software industry - Disrupting Japan
This is our 200th episode, so I wanted to do something special. Everyone loves to complain about the poor quality of Japanese software, but today I’m going to explain exactly what went wrong. You’ll get the whole story, and I’ll also pinpoint the specific moment Japan lost its way. By the end, I think you’ll have a new perspective on Japanese software and understand why everything might be about
Today we are proud to announce the official release of Vue.js 3.0 "One Piece". This new major version of the framework provides improved performance, smaller bundle sizes, better TypeScript integration, new APIs for tackling large scale use cases, and a solid foundation for long-term future iterations of the framework. The 3.0 release represents over 2 years of development efforts, featuring 30+ R
The Ultimate Guide to handling JWTs on frontend clients (GraphQL) JWTs (JSON Web Token, pronounced 'jot') are becoming a popular way of handling auth. This post aims to demystify what a JWT is, discuss its pros/cons and cover best practices in implementing JWT on the client-side, keeping security in mind. Although, we’ve worked on the examples with a GraphQL clients, but the concepts apply to any
Next.js 13
As we announced at Next.js Conf, Next.js 13 (stable) lays the foundations to be dynamic without limits: app Directory (beta): Easier, faster, less client JS. Layouts React Server Components Streaming Turbopack (alpha): Up to 700x faster Rust-based Webpack replacement. New next/image: Faster with native browser lazy loading. New @next/font (beta): Automatic self-hosted fonts with zero layout shift.
EngineeringOpen SourceBuilding GitHub with Ruby and RailsSince the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers collaborate on it daily.… Since the beginning, GitHub.com has been a Ruby on Rails monolith. Today, the application is nearly two million lines of code and more than 1,000 engineers colla
Deep Learning is such a fast-moving field and the huge number of research papers and ideas can be overwhelming. The goal of this post is to review ideas that have stood the test of time. These ideas, or improvements of them, have been used over and over again. They’re known to work. If you were to start in Deep Learning today, understanding and implementing each of these techniques would probably
Open-sourcing Sorbet: a fast, powerful type checker for Ruby · Sorbet
We’re excited to announce that Sorbet is now open source and you can try it today. Sorbet is a fast, powerful type checker designed for Ruby. It scales to codebases with millions of lines of code and can be adopted incrementally. We designed Sorbet to be used at Stripe, where the vast majority of our code is written in Ruby. We’ve spent the last year and a half developing and adopting Sorbet inter
記事の概要 この記事は、Meta 社 relay.dev チームの Jordan Eldredge 氏の Tweet で紹介された GraphQL 成熟度モデル (GraphQL maturity model) を個人的な見解を加えながら和訳した記事です。 jordaneldredge.com GraphQL を実装する上で、どの程度 GraphQL を使いこなせているか判断するための参考になれば幸いです。 実際の成熟度モデルの和訳 最初の Tweet 私は、GraphQLの利点がまだ十分には理解されていないと思っています。ほとんどの組織では、GraphQL の提供する価値を捉えきれていません。 そこで、私は「GraphQL成熟度モデル」をスケッチしてみました。あなたの組織はどの程度成熟して(=使いこなせて)いますか? もし以下に示す13の成熟度を達成していたとしたら、よりGraphQLを
HTML First
HTML First is a set of principles that aims to make building web software easier, faster, more inclusive, and more maintainable by... Leveraging the default capabilities of modern web browsers. Leveraging the extreme simplicity of HTML's attribute syntax. Leveraging the web's ViewSource affordance. Goals The main goal of HTML First is to substantially widen the pool of people who can work on web s
curl’s official birthday was March 20, 1998. That was the day the first ever tarball was made available that could build a tool named curl. I put it together and I called it curl 4.0 since I kept the version numbering from the previous names I had used for the tool. Or rather, I bumped it up from 3.12 which was the last version I used under the previous name: urlget. Of course curl wasn’t created
Go: A Documentary
Go: A Documentary by Changkun Ou <changkun.de> (and many inputs from contributors) This document collects many interesting (publicly observable) issues, discussions, proposals, CLs, and talks from the Go development process, which intends to offer a comprehensive reference of the Go history. Disclaimer Most of the texts are written as subjective understanding based on public sources Factual and ty
PolicyStanding up for developers: youtube-dl is backToday we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown. Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a
July 16, 2020 生物学者は「自然主義的誤謬」概念をどう使ってきたか 最近発表された人間行動進化学会の声明の中で、「自然主義的誤謬」という哲学由来の概念が使われていた。 そこでは、自然主義的誤謬が、「「自然の状態」を「あるべき状態だ」もしくは「望ましい状態だ」とする自然主義的誤謬と呼ばれる「間違い」」という言い方で紹介されている。これを倫理学者が聞いたなら「いや、自然主義的誤謬はそういう意味じゃないんだけどなあ」と言いたくなるところであろう。しかし、進化生物学者と「自然主義的誤謬」という概念の付き合いはかなり長く、それなりの経緯がある。本稿の目的はとりあえずその経緯を追うことで、「自然主義的誤謬」という概念の適切な用法とはなんだろうかということを考えることである。 最初に断っておくが、本稿はいかなる意味でも体系的なサーベイとはなっていない。どちらかといえば、目立つ事例いくつかをつ
At Buf, our goal is to improve the way software systems integrate by making schema-driven development a "pit of success". And we've put our money on Protobuf as the winning way to describe those schemas. We are expanding on the work of the Protobuf team by providing the community a complete language spec. Protobuf is the most stable and widely adopted IDL today. By building on Protobuf, we are sta
英語って不便だな、と思うことが時々ある。例えば犬の散歩で行き会った相手に「可愛いワンちゃんですね」と声をかけたい場合。英語ではまず、「He or she?(男の子? 女の子?)」という質問から始めなくてはならない。性別なんてどうでもいいのだけれど、それが分からないと会話が成り立たないのだ。 英語で人称代名詞(モノ以外)の三人称単数といえば、「he」か「she」しか存在しないというのが常識だった。けれど性別が多様化する現代、さすがにそれでは不便すぎると感じる人が増えたらしい。 Merriam-Websterの英語辞典で「they」の意味として、新しく「自分の性別をnonbinaryと認識している単一の人物」という定義が加わった。この場合のnonbinaryは、男性か女性かの二者択一では分類できない性別のこと。つまり、LGBTの人などを表す三人称単数として「they」を使う用法が定着してきたよ
Public keys are not enough for SSH security Loading... If your organization uses SSH public keys, it’s entirely possible you have already mislaid one. There is a file sitting in a backup or on a former employee’s computer which grants the holder access to your infrastructure. If you share SSH keys between employees it’s likely only a few keys are enough to give an attacker access to your entire sy
概要 WSL2で困ったときに使う魔法の呪文の次の日ぐらいから、突然、会社のPCのWSL2が動かなくなりました。 自分はかなり致命的で、WSL2が動かないと仕事にならないレベルだったのでだいぶ焦りました。 そんな人用への解決方法を書いておきます。 事象 wslを起動しようとすると、bashが起動せず、以下のようなメッセージが出ます。 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. 日本語だと、「接続に失敗しました」みたいな文面が表示されます。(スクショを取り忘れた) 解決方法
Best Rust Web Frameworks to Use in 2023 In the dynamic landscape of web development, Rust has emerged as a language of choice for building safe and performant applications. As Rust's popularity grows, so does the array of web frameworks designed to harness its strengths. This article compares some of the best Rust frameworks highlighting their respective advantages and drawbacks to help you make i
Flutter vs React Native vs Native: Deep Performance Comparison | inVerita
Flutter vs React Native vs Native: Deep Performance Comparison The Story Behind the Research As a custom software development company, inVerita and its mobile development team continuously dig into the performance of cross-platform mobile solutions available on the market, that’s how Flutter vs React Native vs Native Part I emerged. Yes, it was quite controversial as one can state we weren’t using
はじめに この記事は GENDA Advent Calendar 2023 13日目の記事です。 株式会社GENDA FE/BEエンジニアの shinnoki です。今年は自分にとって色々と変化のあった年で、年初にはアーリーのスタートアップでCTOを務めておりましたが、ご縁があり8月にGENDAに入社いたしました。 最近社員インタビューも公開されて入社の経緯なども触れていただいたため、興味があればぜひご覧ください。 今年は個人的にあまり最新技術のキャッチアップができていなかったことを差し引いても、フロントエンド界隈では激動の1年だったのではないでしょうか。 最新技術のキャッチアップが大変なのはフロントエンドに限ったことではなくどの領域においても発生する話ですが、フロントエンドは特に大変だよねという話は周囲からもよく聞くため、感覚として間違っていないと思います。 これらとどう付き合っていくか
My favorite CSS hack
There is one CSS snippet that I have been copy-pasting for 5 years: * { background-color: rgba(255,0,0,.2); } * * { background-color: rgba(0,255,0,.2); } * * * { background-color: rgba(0,0,255,.2); } * * * * { background-color: rgba(255,0,255,.2); } * * * * * { background-color: rgba(0,255,255,.2); } * * * * * * { background-color: rgba(255,255,0,.2); } * * * * * * * { background-color: rgba(255,0
WYSIWYGEdtr.io is a WYSIWYG in-line web editor written in React. Content created with Edtr.io looks just like the final page - select any editable element on the page, edit it in-place or drag ’n’ drop it around. Heavily CustomizableIts plugin architecture makes Edtr.io lean AND adaptable to any use case at the same time. Open SourceEdtr.io is of course Open Source and has already been adopted by
I joined GitLab in October 2015, and left in December 2021 after working there for a little more than six years. While I previously wrote about leaving GitLab to work on Inko, I never discussed what it was like working for GitLab between 2015 and 2021. There are two reasons for this: I was suffering from burnout, and didn't have the energy to revisit the last six years of my life (at that time)I w
This article is about what it would mean to add generics to Go, and why I think we should do it. I’ll also touch on an update to a possible design for adding generics to Go. Go was released on November 10, 2009. Less than 24 hours later we saw the first comment about generics. (That comment also mentions exceptions, which we added to the language, in the form of panic and recover, in early 2010.)
Announcing PartiQL: One query language for all your data | Amazon Web Services
AWS Open Source Blog Announcing PartiQL: One query language for all your data Data is being gathered and created at rates unprecedented in history. Much of this data is intended to drive business outcomes but, according to the Harvard Business Review, “…on average, less than half of an organization’s structured data is actively used in making decisions…” The root of the problem is that data is typ
How Big Tech Runs Tech Projects and the Curious Absence of Scrum
Project management is a topic most people have strong opinions on, and I’m no exception. To answer the question of how different companies run engineering projects, I pulled in help from across the industry. In this issue we’ll cover: Project management approaches across the industry. An overview of a survey with over 100 companies represented, plus key takeaways.Project management at Big Tech. Ho
マイクロソフト、WebAssemblyとWebGLで推論エンジンを実装した「ONNX Runtime Web」(ORT Web)をオープンソースで公開
マイクロソフト、WebAssemblyとWebGLで推論エンジンを実装した「ONNX Runtime Web」(ORT Web)をオープンソースで公開 マイクロソフトは、WebAssemblyとWebGLで機械学習の推論エンジンを実装した「ONNX Runtime Web」(ORT Web)をオープンソースで公開しました。 INTRODUCING: #ONNXRuntime Web (ORT Web), a new feature in ONNX Runtime to enable JavaScript developers to run and deploy machine learning models in browsers https://t.co/Ey3tsNlkEe pic.twitter.com/9uGyK8Pra0 — onnxruntime (@onnxruntime)
Zoë Bernard writes about technology, crime, and culture. Formerly, she covered technology for The Information and Business Insider. Silicon Valley is embracing a new era of masculinity. Its leaders are powerful, virile, and swole. They practice Brazilian jiujitsu and want to fight each other in a cage. They can do 200 push-ups while wearing a 20-pound weighted vest. They can spend $44 billion on a
Sorbet Compiler: An experimental, ahead-of-time compiler for Ruby · Sorbet
For the past year, the Sorbet team has been working on an experimental, ahead-of-time compiler for Ruby, powered by Sorbet and LLVM. Today we’re sharing the source code for it. It lives alongside the existing code for Sorbet on GitHub, mostly in the compiler/ folder: → https://github.com/sorbet/sorbet/tree/master/compiler/ We want to be clear up front: the code is nowhere near ready for external u
Prisma is a next-generation ORM for Node.js and TypeScript. After more than two years of development, we are excited to share that all Prisma tools are ready for production! Contents A new paradigm for object-relational mapping Ready for production in mission-critical apps Prisma fits any stack Open-source, and beyond How can we help? Get started with Prisma Come for the ORM, stay for the communit
Deep Dive: NewSQL Databases
Overview One of my colleagues, @margo_hdb, recently posted a great article Database Architectures & Use Cases - Explained here on dev.to. In response a user asked for a deeper dive on NewSQL databases, so I thought I would put one together. The term NewSQL was coined in 2011 by 451 Group analyst Matthew Aslett. Wikipedia defines the term below: “ NewSQL is a class of relational database management
The Four Innovation Phases of Netflix’s Trillions Scale Real-time Data Infrastructure
My name is Zhenzhong Xu. I joined Netflix in 2015 as a founding engineer on the Real-time Data Infrastructure team and later led the Stream Processing Engines team. I developed an interest in real-time data in the early 2010s, and ever since believe there is much value yet to be uncovered. Netflix was a fantastic place to be surrounded by many amazing colleagues. I can’t be more proud of everyone
フェミニズムへの絶縁状
社会・一般New York, 8 March 2016 � Film stars, UN officials and New York City came together today to commemorate International Women�s Day by launching the inaugural HeForShe Arts week, a new initiative from UN Women geared towards leveraging the arts for gender equality. The 2016 theme for International Women�s Day is �Planet 50-50 by 2030: Step It Up for Gender Equality�, with a focus on mobilizing m
Linux Hardening Guide | Madaidan's Insecurities
Last edited: March 19th, 2022 Linux is not a secure operating system. However, there are steps you can take to improve it. This guide aims to explain how to harden Linux as much as possible for security and privacy. This guide attempts to be distribution-agnostic and is not tied to any specific one. DISCLAIMER: Do not attempt to apply anything in this article if you do not know exactly what you ar
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Log4jの深刻な脆弱性CVE-2021-44228についてまとめてみた - piyolog
Apple によるブラウザエンジン規制の緩和 | blog.jxck.io
HTTP/3: the past, the present, and the future
Release v3.0.0 One Piece · vuejs/core
The Ultimate Guide to handling JWTs on frontend clients (GraphQL)
Building GitHub with Ruby and Rails
Deep Learning ideas that have stood the test of time
GraphQL 成熟度モデル - とろろこんぶろぐ
curl is 23 years old today | daniel.haxx.se
Standing up for developers: youtube-dl is back
Daily Life:生物学者は「自然主義的誤謬」概念をどう使ってきたか
The Protobuf Language Specification
三人称単数としての「they」、性別多様化の時代に対応
Public keys are not enough for SSH security
WSL2が突然動かなくなって公式Issueが荒れてる話 - Qiita
Best Rust Web Frameworks to Use in 2023
フロントエンドのキャッチアップ大変だよねという話 2023
The Open Source Web Editor You Will Love | Edtr.io
What it was like working for GitLab
Why Generics? - The Go Programming Language
Silicon Valley’s very masculine year
Prisma – The Complete ORM for Node.js & TypeScript