Still X.S.S. - なぜいまだにXSSは生まれてしまうのか? - GMO Flatt Security Blog
XSSこわい 若頭: おいお前ら、なにかおもしろい遊びをしねえか。こんなにみんなで集まる機会もそうねえだろう エンジニア佐藤: そうですねえ、こんなのはどうでしょうか。人間誰しも怖いものが1つはありますから、それをみんなで教えあってみましょうよ 若頭: そりゃあおもしれえな。そうだなあ、おれはヘビが怖いね。ありゃ気味が悪くてしょうがねえ エンジニア山田: 自分はカエルを見ると縮み上がってしまいます、テカテカしていてどうにも苦手で。佐藤さんは何が怖いんですか エンジニア佐藤: 私は、XSSがこわいです エンジニア八島: あはは!何言ってんですか佐藤さん。XSSなんてこわいことないですよ エンジニア佐藤: ひいい、名前を聞くのも怖いです エンジニア山田: XSSなんて、フレームワークさえ使っていればきょうび起こらないですからねえ。佐藤さんは臆病だなあ その晩、エンジニア佐藤を目の敵にしている町
MCP ツールのコンテキスト圧迫の問題とその解決策
MCP の普及に伴い、多数のツール定義が LLM のコンテキストを圧迫する課題が浮上しています。本記事では Progressive disclosure(段階的開示)による最小限の情報提供、MCP を使ったコード実行によるツール呼び出しの効率化、単一の検索ツールによるコンテキスト削減など、実践的な解決策を Claude Skills や Cloudflare Code Mode の事例とともに解説します。 Model Context Protocol (MCP) は登場からおよそ 1 年が経過し、事実的な標準としての地位を確立しつつあります。MCP が普及するにつれて、MCP ツールの課題点も浮き彫りになってきました。その課題の 1 つが、1 つのタスクを達成するために多くのツールが読み込まれ、結果として多くのコンテキストが消費されてしまうという問題です。 前提として、LLM がタスクの達
Skills are custom instructions that extend Claude's capabilities for specific tasks or domains. When you create a skill via a SKILL.md file, you're teaching Claude how to handle specific scenarios more effectively. The power of skills lies in their ability to encode institutional knowledge, standardize outputs, and handle complex multi-step workflows that would otherwise require repeated explanati
Parson's Problems : 入門者にプログラミングを教えるときに使えるプラクティス - kakakakakku blog
プログラミングを教えるときに使える「Parson's Problems(もしくは Parson's Puzzles とも言う)」というプラクティスを最近知った!「Parson's Problems」はコードの各行がバラバラになっていて,インデントも含めて正確に並び替えたら正解になるというパズルのようなプログラミング学習スタイルという感じ.以下に載せた parsons.problemsolving.io のキャプチャ(お題 : 数列から最大値を見つける)を見ればイメージできると思う. 「Parson's Problems」は特に入門者にプログラミングを教えるときに効果的!コードを書かずにドラッグアンドドロップで試行錯誤できて,パズルのように楽しめる.また入門者がコードを読む機会にもなる.入門者にとって,コードをゼロから実装するのは難しく,挫折する理由になることもある.そこで,実際に教育の現場
1 Introduction Compilers, assemblers and similar tools generate all the binary code that processors execute. It is no surprise then that these tools play a major role in security analysis and hardening of relevant binary code. Often the only practical way to protect all binaries with a particular security hardening method is to have the compiler do it. And, with software security becoming more and
AST vs. Bytecode: Interpreters in the Age of Meta-Compilation
233 AST vs. Bytecode: Interpreters in the Age of Meta-Compilation OCTAVE LAROSE, University of Kent, UK SOPHIE KALEBA, University of Kent, UK HUMPHREY BURCHELL, University of Kent, UK STEFAN MARR, University of Kent, UK Thanks to partial evaluation and meta-tracing, it became practical to build language implementations that reach state-of-the-art peak performance by implementing only an interprete
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? Haskel advent calendar 2023 の1日めの記事です. お仕事も情報系でなく,多忙を言い訳に数年ほとんどコード自体をかけていなかったのですが,最近 e-Gov 法令検索 で公開されている法令XMLを読みたい需要があって久しぶりに Haskell で書いてみたらやはり書きやすく,とても楽しくて改めて感動しました.書きながら自然に思考が整理される感じがよい. Hoogle は変わらぬ使いやすさでモリモリサポートしてくれるし,環境構築も GHCup などが噛み合って随分スムーズで,Haskell Language Ser
Published Sep 29, 2025 The Claude Agent SDK is a collection of tools that helps developers build powerful agents on top of Claude Code. In this article, we walk through how to get started and share our best practices. Last year, we shared lessons in building effective agents alongside our customers. Since then, we've released Claude Code, an agentic coding solution that we originally built to supp
11th March 2025 Online discussions about using Large Language Models to help write code inevitably produce comments from developers who’s experiences have been disappointing. They often ask what they’re doing wrong—how come some people are reporting such great results when their own experiments have proved lacking? Using LLMs to write code is difficult and unintuitive. It takes significant effort
We recently overhauled our internal tools for visualizing the compilation of JavaScript and WebAssembly. When SpiderMonkey’s optimizing compiler, Ion, is active, we can now produce interactive graphs showing exactly how functions are processed and optimized. You can play with these graphs right here on this page. Simply write some JavaScript code in the test function and see what graph is produced
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).
Log4Shell log4j vulnerability (CVE-2021-44228 / CVE-2021-45046) - cheat-sheet reference guide Last updated: $Date: 2022/02/08 23:26:16 $ UTC - best effort, validate all for your environment/model before use, unofficial sources may be wrong by @TychoTithonus (Royce Williams), standing on the shoulders of many giants Send updates or suggestions (please include category / context / public (or support
【AWS】実務2日から突破するAWS認定『DevOpsエンジニア - プロフェッショナル』(DOP)の合格記録 - Rのつく財団入り口
逆に考えるんだ...から始めるAWS認定4冠め突破作戦 AWS認定のアソシエイトレベルの上のプロフェッショナルレベルの資格、『DevOpsエンジニア - プロフェッショナル』に、2021年10月に合格することができました。 祝ってくれた皆様ありがとうございます。過去の先人の合格エントリにもかなり助けられました。これから挑戦する方と未来の自分向けに情報を残しておこうと思います。 逆に考えるんだ...から始めるAWS認定4冠め突破作戦 挑戦への経緯 きっかけ 書いている人のスキルセット(笑) AWSの実務経験とよく使う興味のあるサービス やったこと 基本方針の確定 スタプラで学習記録を可視化する イベントに……あまり行っていない ネット上のDOP合格エントリを参考にする 学習時間の確保に立ち向かう コロナの脅威に立ち向かう 計画変動に立ち向かう モチベーションを保つ工夫をする イケてるサービス
Deconstructing prompt-based meta-tool architecture and context injection patterns for AI engineering - Claude’s Agent Skills system represents a sophisticated prompt-based meta-tool architecture that extends LLM capabilities through specialized instruction injection. Unlike traditional function calling or code execution, skills operate through prompt expansion and context modification to modify ho
go command - cmd/go - Go Packages
Go is a tool for managing Go source code. Usage: go <command> [arguments] The commands are: bug start a bug report build compile packages and dependencies clean remove object files and cached files doc show documentation for package or symbol env print Go environment information fix apply fixes suggested by static checkers fmt gofmt (reformat) package sources generate generate Go files by processi
This page is a collection of my favorite resources for people getting started writing programming languages. I hope to keep it updated as long as I continue to find great stuff. I made a fun compilers t-shirt and also a fun JIT compilers t-shirt Compilers Tufts compilers course COMP/CS 181 (2006, but it’s been taught more recently. I should probably ping Sam.) Cornell compilers course CS 6120 and
Over the past decade, my work has centred on partnering with teams to build ambitious products for the web across both desktop and mobile. This has provided a ring-side seat to a sweeping variety of teams, products, and technology stacks across more than 100 engagements. While I'd like to be spending most of this time working through improvements to web APIs, the majority of time spent with partne
GitHub - taishi-i/awesome-ChatGPT-repositories: A curated list of resources dedicated to open source GitHub repositories related to ChatGPT and OpenAI API
awesome-chatgpt-api - Curated list of apps and tools that not only use the new ChatGPT API, but also allow users to configure their own API keys, enabling free and on-demand usage of their own quota. awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better. awesome-chatgpt - Curated list of awesome tools, demos, docs for ChatGPT and GPT-3 awesome-totally-open-chat
1. Getting started Welcome to Koka – a strongly typed functional-style language with effect types and handlers. Why Koka? A Tour of Koka Install Discussion forum Github Libraries Note: Koka v3 is a research language that is currently under development and not ready for production use. Nevertheless, the language is stable and the compiler implements the full specification. The main things lacking a
W3C Workshop on Permissions
Executive Summary Future work should build on the key strengths of the web: safety-by-default, linkability, ephemerality, and interoperability across browsers and platforms. There was significant interest in non-prompt, contextual permission UIs, which are more seamlessly embedded into the user’s journey, and follow the “user-pull” model instead of the “developer-push” model. This approach could a
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How to create Skills for Claude: steps and examples | Claude
Low-Level Software Security for Compiler Developers
Reddit で振り返る今年の英語圏 Haskell 界隈の話題 - Qiita
Building agents with the Claude Agent SDK
Here’s how I use LLMs to help me write code
Who needs Graphviz when you can build it yourself?
prompts.chat - AI Prompts Community
Claude Agent Skills: A First Principles Deep Dive
Programming languages resources
If Not React, Then What? - Infrequently Noted
The Koka Programming Language