はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? Pythonコルーチンの開発プロセスと新旧コルーチンの深層分析 1. Pythonコルーチンの歴史的進化 Pythonの長い開発の歴史を通じて、コルーチンの実装はいくつかの大きな変更を経てきました。これらの変更を理解することは、Pythonの非同期プログラミングの本質をよりよく把握するのに役立ちます。 1.1 初期の探索と基本機能の導入 Python 2.5:このバージョンでは、ジェネレータに.send()、.throw()、.close()メソッドが導入されました。これらのメソッドの登場により、ジェネレータは単なるイテレータ以上のもの
お久しぶりです。GMOインサイトの天河です。 ついこの間、JavaScriptのジェネレータについて社内勉強会で発表したのでその内容をまとめます。 ※ 注意 本記事で言及している「ジェネレータ」はJavaScriptでの言語仕様です。一部通ずる箇所もあると思いますが、Python や C# など他の言語での使われ方についてはしかるべき文献を見てください。 目的 ジェネレータ が何かわかるようになる ジェネレータについて面接で聞かれても余裕で答えられるようになる 実装時にジェネレータを選択肢として持てるようになる 対象読者 ジェネレータ が何か全くわかっていない人 ジェネレータ について認知はしているものの、どういうものかは把握していない人 ジェネレータ を知ってはいるものの、使い所がわからない人 はじめに ジェネレータを理解するためには、「イテレータ」と「イテラブル」について知る必要があり
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
Fish 4.0: The Fish Of Theseus
About two years ago, our head maintainer @ridiculousfish opened what quickly became our most-read pull request: #9512 - Rewrite it in Rust Truth be told, we did not quite expect that to be as popular as it was. It was written as a bit of an in-joke for the fish developers first, and not really as a press release to be shared far and wide. We didn’t post it anywhere, but other people did, and we go
This post is about why we need a coroutine package for Go, and what it would look like. But first, what are coroutines? Every programmer today is familiar with function calls (subroutines): F calls G, which stops F and runs G. G does its work, potentially calling and waiting for other functions, and eventually returns. When G returns, G is gone and F continues running. In this pattern, only one fu
NETGEAR社製ルーターにおける認証不要の任意コード実行の技術的解説(PSV-2022-0044) - GMO Flatt Security Blog
※本記事は先立って公開された英語版記事を翻訳し、日本語圏の読者向けに一部改変したものです。 画像出典: https://www.netgear.com/business/wifi/access-points/wac124/ はじめに こんにちは、株式会社Flatt Securityのstypr(@stereotype32)です。 一昨年、日本のOSS製品で発見された0day脆弱性に関する技術解説をブログに書きました。 それ以来、私は様々な製品に多くの脆弱性を発見してきました。残念ながら私が見つけたバグのほとんどはすぐに修正されなかったので、今日まで私が見つけた、技術的に興味深い脆弱性の情報を共有する機会がありませんでした。 本記事では、NETGEAR社のWAC124(AC2000)ルーターにおいて、様々な脆弱性を発見し、いくつかの脆弱性を連鎖させて、前提条件なしに未認証ユーザーの立場からコ
Rust でも学べる関数型ドメイン駆動設計 - Domain Modeling Made Functional の読書感想文 - じゃあ、おうちで学べる
はじめに なぜ 2026 年に、2018 年出版の本を再読するのでしょうか。正直に言えば、『Architecture Modernization』の翻訳作業で DDD の概念が頻出し、「分かったつもり」の理解では訳せなくなったからです。初読から 7 年。関数型の視点で DDD を説明する本書を、今度こそ腹落ちさせたかった。 読む動機 『Domain Modeling Made Functional』は、DDD と関数型プログラミングを組み合わせたアプローチを解説する書籍です。 Domain Modeling Made Functional: Tackle Software Complexity with Domain-Driven Design and F# (English Edition) 作者:Wlaschin, ScottPragmatic BookshelfAmazon 著者の
TL;DR; We are changing std::sort in LLVM’s libcxx. That’s a long story of what it took us to get there and all possible consequences, bugs you might encounter with examples from open source. We provide some benchmarks, perspective, why we did this in the first place and what it cost us with exciting ideas from Hyrum’s Law to reinforcement learning. All changes went into open source and thus I can
Golang Mini Reference 2022: A Quick Guide to the Modern Go Programming Language (REVIEW COPY)
Golang Mini Reference 2022 A Quick Guide to the Modern Go Programming Language (REVIEW COPY) Harry Yoon Version 0.9.0, 2022-08-24 REVIEW COPY This is review copy, not to be shared or distributed to others. Please forward any feedback or comments to the author. • feedback@codingbookspress.com The book is tentatively scheduled to be published on September 14th, 2022. We hope that when the release da
Version 1.108 is now available! Read about the new features and fixes from December. Release date: June 12, 2025 Security update: The following extension has security updates: ms-python.python. Update 1.101.1: The update addresses these issues. Update 1.101.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome t
How I developed a faster Ruby interpreter | Red Hat Developer
In this article, I will describe my efforts to implement a faster interpreter for CRuby, the Ruby language interpreter, using a dynamically specialized internal representation (IR). I believe this article will interest developers trying to improve the interpreter performance of dynamic programming languages (e.g., CPython developers). I will cover the following topics: Existing CRuby interpreter a
Announcing Observable 2.0
Today we’re launching Observable 2.0 with a bold new vision: an open-source static site generator for building fast, beautiful data apps, dashboards, and reports. Our mission is to help teams communicate more effectively with data. Effective presentation of data is critical for deep insight, nuanced understanding, and informed decisions. Observable notebooks are great for ephemeral, ad hoc data ex
Real-world gen AI use cases from the world's leading organizations | Google Cloud Blog
AI is here, AI is everywhere: Top companies, governments, researchers, and startups are already enhancing their work with Google's AI solutions. Published April 12, 2024; last updated October 9, 2025. Automotive & Logistics Business & Professional Services Financial Services Healthcare & Life Sciences Hospitality & Travel Manufacturing, Industrial & Electronics Media, Marketing & Gaming Public Sec
Preface ¶ I started this paper in 2013, and in 2015 sent it out for review to the people listed later on. After incorporating comments, I sent it to Rik Farrow, the editor of the USENIX magazine ;login: to see if he would publish it. He declined to do so, for reasonably good reasons. The paper languished, forgotten, until early 2018 when I came across it and decided to polish it off, put it up on
Rustacean のための F# 入門
また、 F# の decimal 型は Rust には標準で存在しませんが、 5m という書き方をします。 数字の間に _ を入れて読みやすくすることができるのも同様です。 let num = 8_000_000; その他の型について ... F# の char は Rust の char に似ていますが、 前者が UTF-16 なのに対し、 Rust の char は UTF-32 で常に 4bytes です。これは、 Rust とは違い、 char の配列がほぼそのまま string として扱えることを示しています。 Rust の unit と F# の unit は両方とも () で表され、役割も同じです。 文字列型に関しては Rust には色々あるので、簡単な比較はできませんが、 string は immutable な char の配列で、 mutable に扱いたい場合は St
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
chatGPT-4に「ウェブスクレイピング→情報をPDF保存の自動化ツール開発」で作ってと頼んだら・・・コード1行も書かずに出来た😅|hantani
chatGPT-4に「ウェブスクレイピング→情報をPDF保存の自動化ツール開発」で作ってと頼んだら・・・コード1行も書かずに出来た😅 ある所で、「ウェブスクレイピング→情報をPDF保存の自動化ツール開発」は案件定義で3日かかりますよと書いてありました。 chatGPT-4使ったらどうなるんだろうと思ってやってみました。 結論をいうと「余裕で案件定義もプログラムもコードを一行も書かずに出来ました」 以下、「Q.」が質問(プロンプト)です。「A.」がchatGPT-4からの回答です。 プロンプタ(魔術師)とchatGPTとのリアルなやり取りです。長いですよ😅 Q.あなたはプログラマです。ウェブスクレイピング→情報をPDF保存の自動化ツール開発はどのような案件がひつようでしょうか? A.ウェブスクレイピングと情報をPDF保存の自動化ツールを開発するには、以下の要件が必要です。 プロジェクトの
Update: I originally published this post few months ago, and it only covered Turbo Drive and Turbo Frames then, with a static site. I've since had a bunch of conversations with people working with other tech stacks (Rust, PHP, and Go) wanting to integrate Hotwire into their front-ends, and everyone kept asking about Turbo Streams, since it needs a back-end server. So I've updated the post to build
【テスト自動化】APIテストの自動化ツールを調査してみた - RAKUS Developers Blog | ラクス エンジニアブログ
勤怠サービスの開発チームに所属しているkarabishです。 テストに関するある課題を解決するためにAPIテストの自動化ツールを調査しました。まだチーム内に展開していないのですが、調査結果のうちツールの選定に関する部分を備忘録として残しておこうと思います。 なぜAPIテストを自動化するのか ツールの選定方針 調査したツールたち 調査方法 調査結果 Tavern テストシナリオ テスト実行 scenarigo テストシナリオ テスト実行 runn テストシナリオ テスト実行 karate テストシナリオ テスト実行 stepci テストシナリオ テスト実行 調査しなかったツールたち まとめ なぜAPIテストを自動化するのか 36協定の計算などの負荷が重たい処理はpub/subアーキテクチャを利用して非同期で処理していました。ただ、publish側とsubscribe側それぞれのユニットテスト
We now live in a world where ML workflows (pre-training, post training, etc) are heterogeneous, must contend with hardware failures, are increasingly asynchronous and highly dynamic. Traditionally, PyTorch has relied on an HPC-style multi-controller model, where multiple copies of the same script are launched across different machines, each running its own instance of the application (often refer
import Banner from "@components/Banner.astro"; It starts innocently. You rename a batch of files with a ten-line Python script, or you alias a common git command to shave off two keystrokes. Maybe you build a small shell function to format JSON from the clipboard. You're not even trying to be clever. You're just solving tiny problems. Making the machine do what it should have done in the first pla
Implementing RSA in Python from Scratch Build RSA encryption in Python from first principles — key generation, Extended Euclidean Algorithm, and modular exponentiation explained with working code. This is the math that actually runs behind every HTTPS connection you make. I've seen a lot of articles explaining the general principles of asymmetric cryptography, but not many that give easy-to-unders
awesome-selfhosted
Awesome-Selfhosted# Self-hosting is the practice of hosting and managing applications on your own server(s) instead of consuming from SaaSS providers. This is a list of Free Software network services and web applications which can be hosted on your own server(s). Non-Free software is listed on the Non-Free page. HTML version (recommended), Markdown version (legacy). See Contributing. Software# Thi
Deconstructing prompt-based meta-tool architecture and context injection patterns for AI engineering - Claude’s Agent Skills system represents a sophisticated prompt-based meta-tool architecture that extends LLM capabilities through specialized instruction injection. Unlike traditional function calling or code execution, skills operate through prompt expansion and context modification to modify ho
Introduction | Docusaurus
Docusaurus: Documentation Made Easy In this presentation at Algolia Community Event, Meta Open Source team shared a brief walk-through of Docusaurus. They covered how to get started with the project, enable plugins, and set up functionalities like documentation and blogging. Migrating from v1 Docusaurus v2+ has been a total rewrite from Docusaurus v1, taking advantage of a completely modernized
Introduction: Density Is King (With a Tiny VM) I've previously come to the conclusion that there's little reason for using bytecode in the modern world, except in order to get more compact code, for which it can be very effective. So, what kind of a bytecode engine will give you more compact code? Suppose I want a bytecode interpreter for a very small programming environment, specifically to minim
Right now, asyncio is one of the trendier topics in Python, and rightfully so – It’s a great way to handle I/O-bound programs! When I was learning about asyncio, It took me a while to understand how it actually worked. But later, I came to find out that it’s basically just a really nice layer on top of Python Generators. In this article, I’m going to create a simplified version of asyncio using ju
An AI-native software engineer is one who deeply integrates AI into their daily workflow, treating it as a partner to amplify their abilities. This requires a fundamental mindset shift. Instead of thinking “AI might replace me” an AI-native engineer asks for every task: “Could AI help me do this faster, better, or differently?”. The mindset is optimistic and proactive - you see AI as a multiplier
Server-Sent Events: the alternative to WebSockets you should be using
When developing real-time web applications, WebSockets might be the first thing that come to your mind. However, Server Sent Events (SSE) are a simpler alternative that is often superior. Contents Prologue WebSockets? What is wrong with WebSockets Compression Multiplexing Issues with proxies Cross-Site WebSocket Hijacking Server-Sent Events Let’s write some code The Reverse-Proxy The Frontend The
Introducing Amazon Kinesis Data Analytics Studio – Quickly Interact with Streaming Data Using SQL, Python, or Scala | Amazon Web Services
AWS News Blog Introducing Amazon Kinesis Data Analytics Studio – Quickly Interact with Streaming Data Using SQL, Python, or Scala The best way to get timely insights and react quickly to new information you receive from your business and your applications is to analyze streaming data. This is data that must usually be processed sequentially and incrementally on a record-by-record basis or over sli
Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary. Support lifespan
Tetris That Hates You StickManStickMan #611, by Sam Hughes. HATETRIS is a version of Tetris written in 2010 by programmer and sci-fi author Sam Hughes. According to his initial description of the game: This is bad Tetris. It’s hateful Tetris. It’s Tetris according to the evil AI from “I Have No Mouth And I Must Scream”. (And if you aren’t familiar with Tetris at all, and don’t know the rules or pi
I find blockchain fascinating because it extends open source software development to open source + state. This seems to be a genuine/exciting innovation in computing paradigms; We don’t just get to share code, we get to share a running computer, and anyone anywhere can use it in an open and permissionless manner. The seeds of this revolution arguably began with Bitcoin, so I became curious to dril
After studying how companies deploy generative AI applications, I noticed many similarities in their platforms. This post outlines the common components of a generative AI platform, what they do, and how they are implemented. I try my best to keep the architecture general, but certain applications might deviate. This is what the overall architecture looks like. This is a pretty complex system. Thi
Generators are an odd part of the JavaScript language. And some people find them a bit of a puzzle. You might be a successful developer for decades and never feel the need to reach for them. Which raises the question, if you can go so long without ever needing them, what are they good for? Generators have a funny syntax, too. They have these strange starred function definitions; you can’t define t
GitHub - taishi-i/awesome-ChatGPT-repositories: A curated list of resources dedicated to open source GitHub repositories related to ChatGPT and OpenAI API
awesome-chatgpt-api - Curated list of apps and tools that not only use the new ChatGPT API, but also allow users to configure their own API keys, enabling free and on-demand usage of their own quota. awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better. awesome-chatgpt - Curated list of awesome tools, demos, docs for ChatGPT and GPT-3 awesome-totally-open-chat
GitHub - langroid/langroid: Harness LLMs with Multi-Agent Programming
This is just a teaser; there's much more, like function-calling/tools, Multi-Agent Collaboration, Structured Information Extraction, DocChatAgent (RAG), SQLChatAgent, non-OpenAI local/remote LLMs, etc. Scroll down or see docs for more. See the Langroid Quick-Start Colab that builds up to a 2-agent information-extraction example using the OpenAI ChatCompletion API. See also this version that uses t
Update 1.90.2: The update addresses these issues. Update 1.90.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the May 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Editor tabs multi-select - Select and perform act
【悪用ダメ】XVWAちゃんにFuzzing攻撃をしてみる(Server Side Template Injection 編) - Qiita
初めに どうも、クソ雑魚のなんちゃてエンジニアです。 本記事は以前紹介した総受けサイト「XVWA」に対してFuzzing攻撃を仕掛けてみたときのことをまとめてみようと思う。 今回はFuzzingとしてSSTIの脆弱性を付くようなコードを送り込みます。 ※ツールとしてはBurpSuite(「OS Command Injection編」を参照)の拡張機能を使います。 拡張機能コードを自作していきます。 ※XVWAをローカルに立てる記事は以下になります。 ※その他色々と「XVWA」ちゃんをいじめた記事もあるのでこっちもみていってね!! ※悪用するのはやめてください。あくまで社会への貢献のためにこれらの技術を使用してください。法に触れるので。 目次 Fuzzingとは SSTI攻撃とは スクリプト作成 Payloadリストを作成 BurpSuite拡張機能作成 Fuzzing実践 スクリプトの取り
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Pythonの非同期処理: これだけは知っておきたい! - Qiita
JavaScriptのイテレータ, イテラブル, ジェネレータを理解する!
research!rsc: Coroutines for Go
Changing std::sort at Google’s Scale and Beyond
May 2025 (version 1.101)
AWK As A Major Systems Programming Language — Revisited
0.10.0 Release Notes ⚡ The Zig Programming Language
You Don't Need Rails to Start Using Hotwire
Introducing PyTorch Monarch – PyTorch
The Curse of Knowing How, or; Fixing Everything | Blog
Implementing RSA in Python from Scratch
Claude Agent Skills: A First Principles Deep Dive
bytecode interpreters for tiny computers ⁑ Dercuano
How Python Asyncio Works: Recreating it from Scratch
The AI-Native Software Engineer
Ubuntu 24.04 LTS (Noble Numbat) Release Notes
Getting the World Record in HATETRIS
A from-scratch tour of Bitcoin in Python
Building A Generative AI Platform
Why would anyone need JavaScript generator functions?
May 2024 (version 1.90)