はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
Rust Is Eating JavaScript 2021 (updated 2026) – Lee Robinson Rust is a fast, reliable, and memory-efficient programming language. It’s been voted the most admired programming language for a decade1. Created by Mozilla, it’s now used at Meta, Apple, Amazon, Microsoft, and Google for systems infrastructure, encryption, virtualization, and more low-level programming. Why is Rust now being used to rep
Another year passes. I was hoping to write more articles instead of just these end-of-the-year screeds, but I almost died in the spring semester, and it sucked up my time. Nevertheless, I will go through what I think are the major trends and happenings in databases over the last year. There were many exciting and unprecedented developments in the world of databases. Vibe coding entered the vernacu
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
Neural Audio Codec を用いた大規模配信文字起こしシステムの構築 - Mirrativ Tech Blog
こんにちは ハタ です。 最近Mirrativ上に構築した配信の文字起こしシステムを紹介したいなと思います 音声からの文字起こしは、各社SaaSでAPI提供されているものがあると思いますが、今回紹介するものはセルフホスト型(自前のGPUマシンを使う)になります 構築していく上で色々試行錯誤したのでそれが紹介できればなと思っています どんなものを作ったか 前提知識: 配信基盤 前提知識: Unix Domain Socket Live Recorder Archiver DS Filter VAD Filter NAC / Compress Transcriber NAC / Decompress Speach To Text コンテナイメージ まとめ We are hiring! どんなものを作ったか 今回作ったものは Mirrativで配信されるすべての音声を対象に文字起こしを行う シス
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
複数の AWS アカウントの AWS Security Hub 検出結果を Google BigQuery と Google DataPortal(DataStudio) により可視化した話 - Adwaysエンジニアブログ
こんにちは、インフラの天津です。今日は 複数アカウントの AWS Security Hub 検出結果の可視化についてお話したいと思います。 前提 モチベーション AWS Security Hub とは 構想 ツール・サービスの選定 検出結果データのエクスポートについて 可視化用データベース(またはクエリサービス)と可視化ツールについて 構築 全体像 検出結果データエクスポート 検出結果データの S3 -> GCS への転送と BigQuery へのインポート Security Hub からエクスポートしたデータには BigQuery のカラム名に使用できない文字(以下禁則文字)が使用されている件 自動判別で生成されたスキーマでインポートした際に INTEGER 型のカラムに STRING 型のデータが入ってくることがありインポートエラーが発生する件 AWS アカウントデータの S3 ->
2025: The year in LLMs
31st December 2025 This is the third in my annual series reviewing everything that happened in the LLM space over the past 12 months. For previous years see Stuff we figured out about AI in 2023 and Things we learned about LLMs in 2024. It’s been a year filled with a lot of different trends. The year of “reasoning” The year of agents The year of coding agents and Claude Code The year of LLMs on th
","chat_template":[{"name":"default","template":"{{ bos_token }}{% if messages[0]['role'] == 'system' %}{% set loop_messages = messages[1:] %}{% set system_message = messages[0]['content'] %}{% elif false == true %}{% set loop_messages = messages %}{% set system_message = 'You are Command-R, a brilliant, sophisticated, AI-assistant trained to assist human users by providing thorough responses. You
Vjeux » Birth of Prettier
React Conf is around the corner and it's been almost 10 years since Prettier was released. I figured it would be a good time to recount the journey from its early days to now. This is the story of how the "Space vs Tabs Holy War" ended, not through one side winning over the other but instead a technological invention making it the underlying source of tensions no longer being a thing. Back Story S
Weird Lexical Syntax
I just learned 42 programming languages this month to build a new syntax highlighter for llamafile. I feel like I'm up to my eyeballs in programming languages right now. Now that it's halloween, I thought I'd share some of the spookiest most surprising syntax I've seen. The languages I decided to support are Ada, Assembly, BASIC, C, C#, C++, COBOL, CSS, D, FORTH, FORTRAN, Go, Haskell, HTML, Java,
こんにちは。 メディアサービス開発部、Webアプリケーション開発課のフサギコ(髙﨑)です。 Ruby on Railsによるバックエンドの実装運用と、AWSによるサービスインフラの設計構築を中心とした、いわゆるテックリードのような立ち位置で働いています。 本記事では、2022年の9月8日から9月10日にかけて三重県津市で開催された、RubyKaigi 2022に現地参加したことについてお話しします1。 RubyKaigiとは 実に3年ぶりの物理開催 見に行った講演の感想など Ruby meets WebAssembly Making *MaNy* threads on Ruby Building a Lightweight IR and Backend for YJIT Towards Ruby 4 JIT Ruby debugger - The best investment for y
AST vs. Bytecode: Interpreters in the Age of Meta-Compilation
233 AST vs. Bytecode: Interpreters in the Age of Meta-Compilation OCTAVE LAROSE, University of Kent, UK SOPHIE KALEBA, University of Kent, UK HUMPHREY BURCHELL, University of Kent, UK STEFAN MARR, University of Kent, UK Thanks to partial evaluation and meta-tracing, it became practical to build language implementations that reach state-of-the-art peak performance by implementing only an interprete
今更ですが今年の2月に spaCy 3.0 が公開されました。 3.0 で導入された新機能の中で目玉と言えるのは、やはり Hugging Face Transformers (以下、単にTransformers) のサポートや PyTorch, Tensorflow との連携になるでしょう。今回はその辺りを実際に学習を動かしながら紹介したいと思います。 1. はじめに 今回は今年の2月に公開された spaCy 3.0 の話です。 spaCy は第4回でも紹介しましたが、研究者向けというよりは自然言語処理アプリ開発者向けのオープンソース自然言語処理ライブラリになります。日本語を含めた様々な言語の学習済みモデルが存在しており、 spaCy をインストールして、学習済みモデルをダウンロードするだけで、分かち書き、品詞や依存関係の推定、単語や文の類似度の判定など様々な機能を使用することができます。
My thoughts on writing a Minecraft server from scratch (in Bash) For the past year or so, I've been thinking about writing a Minecraft server in Bash as a thought excercise. I once tried that before with the Classic protocol (the one from 2009), but I quickly realized there wasn't really a way to properly parse binary data in bash. Take the following code sample: function a() { read -n 2 uwu echo
Tips on Adding JSON Output to Your CLI App - Brazil's Blog
A couple of years ago I wrote a somewhat controversial article on the topic of Bringing the Unix Philosophy to the 21st Century by adding a JSON output option to CLI tools. This allows easier parsing in scripts by using JSON parsing tools like jq, jello, jp, etc. without arcane awk, sed, cut, tr, reverse, etc. incantations. It was controversial because there seem to be a lot of folks who don’t thi
Update 1.86.2: The update addresses these issues. Update 1.86.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Per-window zoom levels - Adjust the zoom leve
はじめての自然言語処理 Hugging Face Transformers で T5 を使ってみる | オブジェクトの広場
前回が分量的にやたらと重かったので、今回はその反省(反動?)を踏まえて軽い感じでいってみます。第7回で紹介した T5 ですが Hugging Face の Transformers でもサポートされてますので、その使用方法をご紹介したいと思います。 1. はじめに 今回は久しぶりに T5 の話です。T5 に関しては第7回、第8回で一度紹介しているので、未読の方は記事に目を通してから戻ってきて頂けると、より理解がしやすいと思います。 さて、 T5 ですが Google のオリジナルコード(以下 “t5"と記述)1は敷居が高いと感じる方もいらっしゃるのではないでしょうか。 Estimator API ベースのコードや gin による設定など慣れていないと、とっつきにくいのではないかと思います。 そこで今回は Hugging Face の Transformers 2を使って T5 を動かす方法
PowerShell: the object-oriented shell you didn’t know you needed | Chris Warrick
PowerShell is an interactive shell and scripting language from Microsoft. It’s object-oriented — and that’s not just a buzzword, that’s a big difference to how the standard Unix shells work. And it is actually usable as an interactive shell. Getting Started PowerShell is so nice, Microsoft made it twice. Specifically, there concurrently exist two products named PowerShell: Windows PowerShell (5.1)
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Shai Hulud Strikes Again (v2)Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected. Update: November 26, 2025 PostHog has published a detailed post mortem describing how one of its GitHub Actions workflows was abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that modified a script executed via pull_requ
GitHub Pull Requests Version 0.100.0 of the GitHub Pull Requests extension adds Copilot integration: Use the @githubpr chat participant in the Chat view to search for issues, summarize issues/prs, and suggest fixes for issues. @githubpr uses a number of Language Model tools to accomplish this. There's also a new Notifications view that shows GitHub notifications, with an action to prioritize them
Monitoring is a Pain
And we're all doing it wrong (including me) I have a confession. Despite having been hired multiple times in part due to my experience with monitoring platforms, I have come to hate monitoring. Monitoring and observability tools commit the cardinal sin of tricking people into thinking this is an easy problem. It is very simple to monitor a small application or service. Almost none of those approac
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
Introduction Some part of me has always been fascinated with coercing code to run in weird places. I scratch this itch a lot with my security research projects. These often lead me to writing shellcode to run in kernels or embedded hardware, sometimes with the only way being through an existing bug. For those not familiar, shellcode is honestly hard to describe. I don’t know if there’s a very form
Let’s Write a Tree-Sitter Major Mode Creating a standard programming major mode presents significant challenges, with the intricate tasks of establishing proper indentation and font highlighting being among the two hardest things to get right. It's painstaking work, and it'll quickly descend into a brawl between the font lock engine and your desire for correctness. Tree-sitter makes writing many m
Update 1.60.1: The update addresses these issues. Update 1.60.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2021 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: Automatic language detection - Programming l
Proto Best Practices
Clients and servers are never updated at exactly the same time - even when you try to update them at the same time. One or the other may get rolled back. Don’t assume that you can make a breaking change and it’ll be okay because the client and server are in sync. Don’t Re-use a Tag NumberNever re-use a tag number. It messes up deserialization. Even if you think no one is using the field, don’t re-
Awesome Terraform | Curated list of awesome lists | Project-Awesome.org
A curated list of resources on HashiCorp's Terraform. Your contributions are welcome! Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned. Contents Legend Official Resources Com
一番手早く自社サービスの賢いサポートボットを作る方法(openai.Embedding+pinecone+SlashGPT)
一番手早く自社サービスの賢いサポートボットを作る方法(openai.Embedding+pinecone+SlashGPT) 自社サービスの最新情報にもとづくサポートボットを作りたいというのはよくある話だとおもいます。これを openai.embedding+pinecone+SlashGPTでサクッと実現する方法を紹介します。 準備 SlashGPT repo のclone https://github.com/snakajima/SlashGPT OpenAI API KEY open ai でアカウントを作成後下記でAPI-Keyを発行します https://platform.openai.com/account/api-keys 無料枠は5$までです https://openai.com/pricing pinecone API KEY vector DB SaaS をつかうととて
How I Automated My Job Application Process. (Part 1) Look, I'll be honest - job hunting sucks. It's this soul-crushing cycle of copying and pasting the same information over and over again, tweaking your resume for the 100th time, and writing cover letters that make you sound desperate without actually sounding desperate. But here's the thing: repetitive tasks + structured process = perfect automa
Lil' Fun Langs
LOC Host HM ADTs Match Cl. Target Hirrolot's CoC src ~70 OCaml ✗ ✗ ✗ ✓ Interpreter Harrop MiniML src ~100 OCaml ✗ ✗ ✗ ✗ LLVM → native Algorithm W src ~300 Haskell ✓ ✗ ✗ ✗ Type checker only tomprimozic/type-systems src ~300 OCaml ✓ ✗ ✗ ✗ Type checker only lambda-calculus-hs src ~200–900 Haskell ✗ ✓ ✓ ✓ Interpreter THIH src ~429 Haskell ✓ ✓ ✓ ✗ Type checker only Simple-sub src ~500 Scala ✓ ✗ ✗ ✓ Typ
An AI-native software engineer is one who deeply integrates AI into their daily workflow, treating it as a partner to amplify their abilities. This requires a fundamental mindset shift. Instead of thinking “AI might replace me” an AI-native engineer asks for every task: “Could AI help me do this faster, better, or differently?”. The mindset is optimistic and proactive - you see AI as a multiplier
This isn’t another AI-generated blog post about generic security practices. It contains detailed instructions on protecting Node.js applications from supply-chain attacks and describes best practices for security in any programming language. According to the GitHub report, The state of open source and rise of AI in 2023, JavaScript and TypeScript are the #1 and #3 most popular languages hosted on
GitHub - langroid/langroid: Harness LLMs with Multi-Agent Programming
This is just a teaser; there's much more, like function-calling/tools, Multi-Agent Collaboration, Structured Information Extraction, DocChatAgent (RAG), SQLChatAgent, non-OpenAI local/remote LLMs, etc. Scroll down or see docs for more. See the Langroid Quick-Start Colab that builds up to a 2-agent information-extraction example using the OpenAI ChatCompletion API. See also this version that uses t
How I Reversed Amazon's Kindle Web Obfuscation Because Their App Sucked
How I bypassed Amazon’s Kindle web DRM | Hacker NewsHacker NewsThis article hit #1 on Hacker News, thanks all! TL;DRI bought my first ebook from amazonAmazon's Kindle Android app was really buggy and crashed a bunchTried to download my book to use with a functioning reader appRealized Amazon no longer lets you do thatDecided to reverse engineer their obfuscation system out of spiteDiscovered multi
Sketch of a Post-ORM
I’ve been writing a lot of database access code as of late. It’s frustrating that in 2023, my choices are still to either write all of the boilerplate by hand, or hand all database access over to some inscrutable “agile” ORM that will become a crippling liability in the 2-3y timescale. This post is about how I want to use databases, from the perspective of an application server developer—not a DBA
Release date: September 11, 2025 Update 1.104.1: The update addresses these issues. Update 1.104.2: The update addresses these issues. Update 1.104.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2025 release of Visual Studio Code. There are many updates in this version that we hope you'll li
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
I've been using Nim for about 1-2 years now, and I believe the language is undervalued. It's not perfect, of course, but it's pleasant to write and read. My personal website uses Nim. After reading a recent article on Nim ("Why Nim") and the associated HN comments, it's clear that comments and some information about Nim are misleading and outdated. Since Nim 2, a tracing Garbage Collector is not t
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Rust Is Eating JavaScript | Lee Robinson
Databases in 2025: A Year in Review
CohereLabs/c4ai-command-r-plus · Hugging Face
RubyKaigi 2022に参加しました - BOOK☆WALKER inside
はじめての自然言語処理 spaCy 3.0 で Transformer を利用する | オブジェクトの広場
My thoughts on writing a Minecraft server from scratch (in Bash)
January 2024 (version 1.86)
0.10.0 Release Notes ⚡ The Zig Programming Language
Shai Hulud Strikes Again (v2) - Socket
October 2024 (version 1.95)
prompts.chat - AI Prompts Community
Rust on MIPS64 Windows NT 4.0
Let's Write a Tree-Sitter Major Mode
August 2021 (version 1.60)
How I Automated My Job Application Process. (Part 1)
The AI-Native Software Engineer
Secure Node.js Applications from Supply Chain Attacks
August 2025 (version 1.104)
A Review of Nim 2: The Good & Bad with Example Code