チュートリアル: Yjs, valtio, React で実現する共同編集アプリケーション - ROUTE06 Tech Blog
Yjsは、リアルタイム共同編集を実現するためのアルゴリズムとデータ構造を提供するフレームワークです。Notion や Figma のように、1 つのコンテンツを複数人で同時に更新する体験を提供することができます。 Y.Map, Y.Array, Y.Text といった共有データ型を提供し、それらは JavaScript の Map や Array のように利用できます。さらにそのデータに対する変更は他のクライアントに自動的に配布・同期されます。 Yjs は Conflict-free Replicated Data Types (CRDT) と呼ばれるアルゴリズムの実装であり、複数人が同時にデータを操作してもコンフリクトが発生せず、最終的に全てのクライアントが同じ状態に到達するように設計されています。 クイックスタート Y.Map がクライアント間で自動的に同期されるコード例を見てみましょ
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. ActionKit by Paragon - Connect to 130+ SaaS integrations (e.g. Slack, Salesforce, Gmail) with Paragon’s ActionKit API. Adfin - The only platform you need to get paid - all payments in one place, in
TL;DR RDS の メジャーバージョンアップグレード を行なった PostgreSQL 11.6 -> 15.5 MySQL 5.7.44 -> 8.0.36 PostgreSQL は AWS CDK を利用した、自前での手動切り替えをベースにした Blue/Green デプロイによるアップグレードを行なった MySQL は AWS コンソールから AWSが提供している機能である RDS Blue/Green Deployments による MySQL のアップグレードを行なった nginx の ngx_http_proxy_module を活用してサービスのダウンタイムを防止した はじめに 初めまして。株式会社ジーニーの GENIEE CHAT開発チームのマネージャーを担当しています。 今回は、データベースのメジャーアップグレードを行った際の手順やポイントなどを書いていこうと思います
さまざまなサービスを「ちょっとお試し」と利用していくうちに、いつの間にか大量の宣伝メールが届くようになってしまった人は多いはず。かといってネット上の使い捨て用メールアドレス作成サービスを使用するとセキュリティの心配やサービスが突然停止してしまうリスクがあります。「AnonAddy」はそうした使い捨てできる転送用のメールアドレス作成サービスで、オープンソースのためセルフホストが可能とのこと。早速Dockerを利用してセルフホストを行ってみました。 anonaddy/docker: AnonAddy Docker image https://github.com/anonaddy/docker Free, Open-source Anonymous Email Forwarding - addy.io https://addy.io/ AnonAddyを実行するにはTCPの25番ポート、800
CTO室SREの @kenzo0107 です。 2021年6月24日に「 kakari for Clinic ホームページ制作 」がリリースされました。 kakari for Clinic ホームページ制作 今回は上記サービスで採用した、 AWS + ngx_mruby で構築した SSL 証明書の動的読み込みシステムについてです。 SSL 証明書を動的に読み込みする理由 kakari for Clinic ホームページ制作の1機能で、制作したホームページに独自ドメインを設定する機能がある為です。*1 複数ドメインでアクセスできる =複数ドメインの SSL 証明書を読み込む を実現する必要があります。 動的に SSL 証明書を読み込むには? 以下いずれかのモジュールを組み込むことで SSL 証明書の動的読み込みが可能になります。 ngx_mruby lua-nginx-module 以下理
awesome-scalability
The Patterns of Scalable, Reliable, and Performant Large-Scale Systems View the Project on GitHub View On GitHub An updated and organized reading list for illustrating the patterns of scalable, reliable, and performant large-scale systems. Concepts are explained in the articles of prominent engineers and credible references. Case studies are taken from battle-tested systems that serve millions to
=>htmz> a low power tool for html htmz is a minimalist HTML microframework for creating interactive and modular web user interfaces with the familiar simplicity of plain HTML. [GitHub] plain🍦 Use straight up HTML. No supersets. No hz- ng- hx- v- w- x-; no special attributes. No DSLs. No <custom-elements>. Just vanilla HTML. lightweight🪶 166 bytes in total. Zero dependencies. Zero JS bundles to l
I use Claude Code. A lot. As a hobbyist, I run it in a VM several times a week on side projects, often with --dangerously-skip-permissions to vibe code whatever idea is on my mind. Professionally, part of my team builds the AI-IDE rules and tooling for our engineering team that consumes several billion tokens per month just for codegen. The CLI agent space is getting crowded and between Claude Cod
copilot-explorer
Copilot Internals | thakkarparth007.github.io Github Copilot has been incredibly useful to me. It can often magically read my mind and make useful suggestions. The thing that surprised me the most was its ability to correctly “guess” functions/variables from surrounding code – including from other files. This can only happen, if the copilot extension sends valuable information from surrounding cod
こんにちは。株式会社Flatt Securityセキュリティエンジニアの志賀(@Ga_ryo_) です。 本記事では、最近公開されたCVE-2021-20181の技術的な解説をしていきたいと思います。本脆弱性は、自分が発見し、Zero Day Initiative を経由してベンダーに報告しました。本記事は、脆弱性の危険性を通知する目的ではなく、あくまで技術的観点での学びを共有する事を目的としています。 読む前に 概要 前提条件 影響 Virtioとは VirtFSとは QEMU Coroutine 各種スレッド メッセージハンドラの呼ばれ方 Coroutineの利用 VirtFSにおけるファイル共有 V9fsFidState構造体 reclaim unreclaim clunk 脆弱性解説 PoC概要 修正 まとめ おわりに 参考 読む前に 事前に言っておくと、権限昇格のExploitは
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Doing the basics goes a long way in keeping your company and product secure. This third1 edition of the SaaS CTO Security Checklist provides actionable security best practices CTOs (or anyone for that matter) can use to harden their security. This list is far from exhaustive, incomplete by nature since the security you need depends on your company, product, and assets. (e.hasAttribute('/')) ? e.re
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
20211210-TLP-WHITE_LOG4J.md Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228) Errors, typos, something to say ? If you want to add a link, comment or send it to me Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak Other great resources Royce Williams list sorted by vendors responses Royce List Very detailed list NCSC-N
Apple’s new iCloud Private Relay service allows users to hide their IP addresses and DNS requests from websites and network service providers. In this article, we’ll demonstrate how this security feature can be circumvented and discuss what users can do to prevent their data from being leaked. You’ll need to turn on iCloud Private Relay to test the vulnerability. At the moment iCloud Private Relay
March 6, 2021 Volume 19, issue 1 PDF The SPACE of Developer Productivity There's more to it than you think. Nicole Forsgren, GitHub Margaret-Anne Storey, University of Victoria Chandra Maddila, Thomas Zimmermann, Brian Houck, and Jenna Butler, Microsoft Research Developer productivity is complex and nuanced, with important implications for software development teams. A clear understanding of defin
IntroductionSome time after publishing my previous research on Next.js, I was left with a feeling of unfinished business. That work had sparked my curiosity, and I sensed that this framework still had more secrets to unveil. So, I grabbed my pickaxe once more and delved back into the depths of its source code. It turned out to be a good decision. The findings from this new research have had a sign
Scott Hanselman's 2021 Ultimate Developer and Power Users Tool List for Windows
Can you believe it's been 6 years since my last Tools list? Tools have changed, a lot are online, but honestly, it's just a LOT OF WORK to do the tools list. But here's one for 2020-2021. These are the tools in my Utils folder. I made a d:\dropbox\utils folder and I added it to my PATH. That way it's on all my computers and in my path on all my computers and I can get to any of them instantly. Thi
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
research.md hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff. 3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attack
Abstract The Integrity Data Platform (IDP) team decided to rewrite one of our heavy Queries Per Second (QPS) Golang microservices in Rust. It resulted in 70% infrastructure savings at a similar performance, but was not without its pitfalls. This article will elaborate on: How we picked what to rewrite in Rust. Approach taken to tackle the rewrite. The pitfalls and speed bumps along the way. Was it
Authors: Jacques Portal, Renée Burton Hazy Hawk is a DNS-savvy threat actor that hijacks abandoned cloud resources of high-profile organizations. By “cloud resources” we mean things like S3 buckets and Azure endpoints. You might have read about domain hijacking; we and other security vendors have written about different techniques for grabbing control of forgotten domain names several times over t
Let's build a Chrome extension that steals everything
Update: this piece was featured on the NBTV YouTube Channel Manifest v3 may have taken some of the juice out of browser extensions, but I think there is still plenty left in the tank. To prove it, let’s build a Chrome extension that steals as much data as possible. I’m talking kitchen sink, whole enchilada, Grinch-plundering-Whoville levels of data theft. This will accomplish two things: Explore t
SSH over HTTPS
Tl;DR: to pass SSH through HTTPS you need to tweak client and server sides as the following: Example client entry in ~/.ssh/config: # $ cat .ssh/config Host ssh-via-https ProxyCommand ~/.ssh/https-tunnel.bash # some firewalls aggressively close idle TCP connections ServerAliveInterval 30 The ~/.ssh/https-tunnel.bash helper script we use above: #!/usr/bin/env bash { printf "CONNECT ssh-server:22 HT
個人的・仲間内でセルフホストしているサービス 2022 - Google Workspaceから離脱するための検討ログ (2) - - Qiita
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? 別記事では、GoogleとIEEEの契約変更により、まともにGoogleApps@IEEEが利用できなくなったことと、その暫定回避策を模索しました。 その後どうすべきかという検討を進め、やれるものはセルフホストしてなんとかしようと決めて、そのまま1ヶ月ほど運用を続けています。最後に言及しますが、結局前回から変わったのはGMail代替のセルフホスト、というオチはついています。ですが、これまでのいろいろな経緯を踏まえ、自身で制御できるものは自身で制御するという観点から、Google Workspace代替にとどまらない、広い範囲での検討結果
COVID ECONOMICS VETTED AND REAL-TIME PAPERS FROM THE GREAT RECESSION TO THE PANDEMIC RECESSION Francis X. Diebold ELECTORAL POLITICS AND SMALL BUSINESS LOANS Ran Duchin and John Hackney GROWTH FORECASTS AT END-2020 Javier G. Gómez-Pineda STOP-AND-GO EPIDEMIC CONTROL Claudius Gros and Daniel Gros CONSUMPTION RESPONSES TO STIMULUS PAYMENTS So Kubota, Koichiro Onishi and Yuta Toyama CHILD CARE CLOSUR
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.52.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Intel | Linux: deb rpm tarball Arm snap Welcome to the November 2020 release of Visual Studio Code. As announced in the November iteration plan, we continued to focus for two weeks on housekeeping GitHub issues and pull req
The Go Programming Language and Environment – Communications of the ACM
Go is a programming language created at Google in late 2007 and released as open source in November 2009. Since then, it has operated as a public project, with contributions from thousands of individuals and dozens of companies. Go has become a popular language for building cloud infrastructure: Docker, a Linux container manager, and Kubernetes, a container deployment system, are core cloud techno
VSeeFace
Contents About Download Terms of use Credits VSFAvatar Tutorials Manual FAQ Virtual camera Transparency Network tracking Special blendshapes Expressions VMC protocol Model posing iPhone tracking Perception Neuron ThreeDPoseTracker Troubleshooting Preview in Unity Translations Running on Linux Troubleshooting Startup Tracking/Webcam Virtual camera Model issues Lipsync Game capture Log folder Perfor
GitHub - rothgar/awesome-tuis: List of projects that provide terminal user interfaces
AdGuardian-Term A TUI dashboard for monitoring real-time traffic from an AdGuard Home instance apachetop display information from a running copy of Apache. bandwhich Terminal bandwidth utilization tool bashtop Resource manager written in bash below A time traveling resource monitor for modern Linux systems binsider A TUI for analyzing Linux binaries. bmon A monitoring and debugging tool to capture
It’s been a rough month for Heroku. On April 15th, they opened a security notice that’s been active ever since – the status page, designed for incidents measured in hours rather than days or weeks, dutifully reads off a duration of “478 hours, 9 minutes” 1. According to their latest update, an attacker gained access to Heroku’s main database (called core-db back in my day) and exfiltrated its cont
2023新卒DC勤務。DC内に張り巡らされている管理通信ネットワーク運用、管理サーバ運用、ネットワーク線路管理、定型業務の自動化などの業務に携わっております。趣味はセルフホストとFOSS巡り。 【IIJ 2024 TECHアドベントカレンダー 12/24の記事です】 こんにちは、お久しぶり、初めまして、データセンターで働くyt-nkgwです。 昨年のアドベントカレンダー(IIJの今年の新卒エンジニアのおうちを紹介してみる。Part 1/2)ぶりとなります。 ちなみに、今年もなんと新卒の方たちがおうち紹介を執筆してくれています。 IIJのFY2024 新卒の自宅 / 業務環境紹介 Part 1 | IIJ Engineers Blog IIJのFY2024 新卒の自宅 / 業務環境紹介 Part 2 | IIJ Engineers Blog 今回は、おうち紹介記事でも登場(ネタ被り)した「セ
Dev environments should be cattle, not pets. It looks likely that in future, most development will not be done on localhost, the most precious pet of all. See reactions on Hacker News and Twitter. Aug 2022 update: I did an extended interview on InfoQ with Daniel Bryant! Sep 2022 update: I did an interview with Richard McManus of The New Stack! Make the ultimate developer experience wishlist for th
The Copilot Chat extension for VS Code has been evolving rapidly over the past few months, adding a wide range of new features. Its new agent mode lets you use multiple large language models (LLMs), built-in tools, and MCP servers to write code, make commit requests, and integrate with external systems. It’s highly customizable, allowing users to choose which tools and MCP servers to use to speed
ROFL with a LOL: rewriting an NGINX module in Rust2023-02-24 At Cloudflare, engineers spend a great deal of time refactoring or rewriting existing functionality. When your company doubles the amount of traffic it handles every year, what was once an elegant solution to a problem can quickly become outdated as the engineering constraints change. Not only that, but when you're averaging 40 million r
Cover Photo by Alexander Shatov on Unsplash Netflix accounts for about 15% of the world's internet bandwidth traffic, serving over 6 billion hours of content per month to nearly every country in the world. Building a robust, highly scalable, reliable, and efficient backend system is no small engineering feat, but the ambitious team at Netflix has proven that problems exist to be solved. This artic
Heroku の代替 OSS を試した話
これは 「フィヨルドブートキャンプ Part 2 Advent Calendar 2022」 の3日目の記事です(Part 1 もあります🎅)。 昨日はよかじさんの「フィヨルドブートキャンプのカリキュラム以外でやってよかったこと - よかじみ」という記事でした。 概要 この記事は Heroku が無料プランを終了するのをきっかけに Heroku の代替 OSS「CapRover」 を VPS 上に構築してアプリケーションのデプロイを試した記録です。 背景 フィヨルドブートキャンプは最後の課題「Webサービスを作って公開する」を終えて卒業になります 1 。 そのWebサービスのデプロイ先として私が検討していたのは Heroku でしたが、 Heroku’s Next Chapter | Heroku でアナウンスがあったとおり2022年11月28日で無料プランが終了しました。 現時点(20
April 29, 2022 Nov 27, 2023: Much has changed since this article was published. I've become far more involved with ZC development; the name of the program is now ZQuest Classic; our website is zquestclassic.com; and the web version discussed in this article is now hosted at web.zquestclassic.com I ported Zelda Classic (a game engine based on the original Zelda) to the web. You can play it here–gra
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).
Log4Shell log4j vulnerability (CVE-2021-44228 / CVE-2021-45046) - cheat-sheet reference guide Last updated: $Date: 2022/02/08 23:26:16 $ UTC - best effort, validate all for your environment/model before use, unofficial sources may be wrong by @TychoTithonus (Royce Williams), standing on the shoulders of many giants Send updates or suggestions (please include category / context / public (or support
How Netflix Really Uses Java
Transcript Bakker: I'm going to talk about how Netflix is really using Java. You probably know that Netflix is really just about RxJava microservices, with Hystrix and Spring Cloud. Really, Chaos Monkeys are just running the show. I'm only half getting here because a few years ago, this was actually mostly true, maybe except the Chaos Monkeys. This stack was something that we were building on in t
iOS Hacking - A Beginner’s Guide to Hacking iOS Apps [2022 Edition]
My first post will be about iOS Hacking, a topic I’m currently working on, so this will be a kind of gathering of all information I have found in my research. It must be noted that I won’t be using any MacOS tools, since the computer used for this task will be a Linux host, specifically a Debian-based distribution, in this case, Kali Linux. I will also be using ‘checkra1n’ for the device jailbreak
Memcached vs Redis - More Different Than You Would Expect | Insights from the Kablamo Team.
Table of Contents Important Note Everything that follows should be only considered accurate at time of publishing. Both projects are not considered finished, and so changes that follow publication could invalidate some or all of the information below. Redis vs Memcached Redis vs Memcached. Another entry to the list of software holy wars with Emacs vs. Vi, Tabs vs. Spaces, IDE vs. Editor. I have he
As I've been using Next.js professionally on my employer's web app, I find the core design of their App Router and React Server Components (RSC) to be extremely frustrating. And it's not small bugs or that the API is confusing, but large disagreements about the fundamental design decisions that Vercel and the React team made when building it. The more webdev events I go to, the more I see people w
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Blue/Green デプロイを使用した、RDS MySQL/PostgreSQLのアップグレード
転送用の捨てメアドをいくつでも作って管理できる「AnonAddy」をDockerでセルフホストしてみた
AWS + ngx_mruby で SSL 証明書の動的読み込みシステム構築 - メドピア開発者ブログ
htmz - a low power tool for html
How I Use Every Claude Code Feature
CVE-2021-20181 の技術的解説 - GMO Flatt Security Blog
iOS 15 iCloud Private Relay Vulnerability Identified
The SPACE of Developer Productivity - ACM Queue
Next.js, cache, and chains: the stale elixir
Counter Service: How we rewrote it in Rust
Forgotten DNS Records Enable Cybercrime
Macroprudentialism
November 2020 (version 1.52)
Heroku: Core Impact — brandur.org
セルフホストノススメ ver. 2024 | IIJ Engineers Blog
The End of Localhost
Safeguarding VS Code against prompt injections
ROFL with a LOL: rewriting an NGINX module in Rust
Netflix System Design- Backend Architecture
Porting Zelda Classic to the Web
One Year with Next.js App Router — Why We're Moving On