Note: As of 2022/10/25 the information in this series is slightly outdated. See Part 5 for more up to date information. The Car⌗ Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-V
Couple of weeks ago when I was publishing The Hidden Cost of URL Design I needed to add SQL syntax highlighting. I headed to PrismJS website trying to remember if it should be added as a plugin or what. I was overwhelmed with the amount of options in the download page so I headed back to my code. I checked the file for PrismJS and at the top of the file, I found a comment containing a URL: /* http
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Doing the basics goes a long way in keeping your company and product secure. This third1 edition of the SaaS CTO Security Checklist provides actionable security best practices CTOs (or anyone for that matter) can use to harden their security. This list is far from exhaustive, incomplete by nature since the security you need depends on your company, product, and assets. 🚀 Your employees Accustom e
Since I work a lot with clustered VMs, I’ve ended up spending a lot of time trying to figure out how DNS lookups work. I applied ‘fixes’ to my problems from StackOverflow without really understanding why they work (or don’t work) for some time. Eventually I got fed up with this and decided to figure out how it all hangs together. I couldn’t find a complete guide for this anywhere online, and talki
Commercial support for versions past the Maintenance LTS phase is available through our OpenJS Ecosystem Sustainability Program partners Security releases available Updates are now available for the 25.x, 24.x, 22.x, and 20.x Node.js release lines to address: 3 high severity issues. 4 medium severity issues. 1 low severity issue. This security release includes the following dependency updates to a
The Architecture of a Modern Startup | by Dmitry Kruglov | Nov, 2022 | Better Programming
workflow — all images by authorThe Tech side of startups can sometimes be very fluid and contain a lot of unknowns. What tech stack to use? Which components might be overkill for now but worth keeping an eye on in the future? How to balance the pace of business features development while keeping the quality bar high enough to have a maintainable codebase? Here I want to share our experience buildi
6 Reasons You Shouldn't Use Your Web Browser's Password Manager
Password managers have become so essential that web browsers offer built-in solutions. While browser-based password managers are free, third-party standalone solutions are also available. But it would help if you didn’t use your browser’s built-in password manager. And here's why. Which Browsers Have Built-in Password Managers? Mainstream browsers offer password management features. No surprises h
If you store files in Google Drive, it’s important to make sure they’re safe. Thankfully, there are many ways to keep your files in Google Drive private and secure from prying eyes. Let’s look at practical ways to increase the security of your Google Drive account and prevent unauthorized access to your files. 1. Secure Your Google Account Since Google Drive is under your wider Google account (alo
Resecurity | EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web
Back EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web Cybercrime Intelligence 5 Sep 2022 MFA, Dark Web, Phishing, PhaaS, ATO, BEC, PyPi, supply chain Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently ident
Password Managers.
Introduction I’ve spent a lot of time trying to understand the attack surface of popular password managers. I think I’ve spent more time analyzing them than practically anybody else, and I think that qualifies me to have an opinion! First, let’s get a few things out of the way. For some reason, few subjects can get heated faster than passwords. Maybe politics and religion, but that’s about it. It’
Cisco Talos shares insights related to recent cyber attack on Cisco
Cisco Talos shares insights related to recent cyber attack on Cisco Executive summaryOn May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate.During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Go
A Yubico FAQ about passkeys
In March, we published a blog called “YubiKeys, passkeys and the future of modern authentication” which took a look at the evolution of authentication from when we first introduced the YubiKey back in 2008, to where the industry is heading with the adoption and adaptation of WebAuthn/FIDO authentication. In recent months, there have been several news cycles about “passkeys.” This has caused some e
The Internet Computer is the world’s first blockchain that runs at web speed and can increase its capacity without bound. DFINITY Status Update, New Year 2021I HAVE SOME EXCITING NEWS.On December 18, 2020, a crucial initial stage of Internet Computer blockchain’s decentralization occurred. This means that the Internet Computer’s mainnet now exists, and is hosted by standardized “node machines” tha
Nobody wakes up in the morning hoping to finally identify crosswalks and fire hydrants that day. Yet every day, we prompt users through hoops and loops to sign up and log in. Let’s fix that. Authentication is everywhere, and sometimes it’s extremely frustrating, and sometimes it’s seamless. Let’s explore a few patterns to create experience that are a bit more seamless than frustrating. Authenticat
GitHub - 9001/copyparty: Portable file server with accelerated resumable uploads, dedup, WebDAV, SFTP, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file
turn almost any device into a file server with resumable uploads/downloads using any web browser server only needs Python (2 or 3), all dependencies optional 🔌 protocols: http(s) // webdav // sftp // ftp(s) // tftp // smb/cifs 📱 android app // iPhone shortcuts 👉 Get started! or visit the read-only demo server 👀 running on a nuc in my basement 📷 screenshots: browser // upload // unpost // thum
11 HTML best practices for login & sign-up forms—Martian Chronicles, Evil Martians’ team blog
Most websites have login or sign-up forms; they’re a critical part of business conversion. However, even popular sites fail to implement the 11 best practices mentioned in this article, and thus have at least one mistake. So, read on, then check your forms and improve your UX by using HTML technologies the way they should be used. Editor’s note: This post has been updated and checked for accuracy
A Tour of WebAuthn
This book was distributed at the FIDO Authenticate conference in 2024. Its intended format was as a PDF, which you can find here. The following is the contents of the PDF converted to HTML. 1: Introduction Passwords are rubbish. If you’re reading this book then hopefully you’re already on board with this idea, but let’s recap anyway. The typical practice with passwords is to remember a few differe
Technology Trends for 2024
This has been a strange year. While we like to talk about how fast technology moves, internet time, and all that, in reality the last major new idea in software architecture was microservices, which dates to roughly 2015. Before that, cloud computing itself took off in roughly 2010 (AWS was founded in 2006); and Agile goes back to 2000 (the Agile Manifesto dates back to 2001, Extreme Programming t
What happens when you type a URL into your browser? | Amazon Web Services
Front-End Web & Mobile What happens when you type a URL into your browser? This article was written by Jenna Pederson. Every day you open up your browser and navigate to your favorite websites — whether it be social media, news, or e-commerce sites. You go to this page by typing in a url or clicking on a link to the page. Have you ever thought about what happens behind the scenes? How does the new
9 Things You Can Do on Android Phones but Not on iPhones
Android and iOS are both solid mobile operating systems, but Android does have a few features that the iPhone is still lacking. The debate between Android and iOS for which is the better operating system is never going to end. Over the years, both OSes have had many upgrades and UI changes, and today they share many similar features. But after all these updates, it turns out that there are still s
OAuth 2.0 Simplified | What is Oauth and How Does it Work | FusionAuth | FusionAuth Docs
OAuth 2.0 Simplified | What is Oauth and How Does it Work | FusionAuthBy Brian Pontarelli, Ahmed Hashesh and Dan Moore I know what you are thinking, is this really another guide to OAuth 2.0? Well, yes and no. This guide is different from most of the others out there because it covers all of the ways that we actually use OAuth. It also covers all of the details you need to be an OAuth expert witho
Authentication Protocols and Building Authentication Sessions with Golang
The Authentication Session of a web app is the heart of its defense against malicious threats. Hence, it is among the first points of recon for a security tester. This article will discuss the authentication sessions of a web app in the “Go” programming language (Golang). It will also discuss the vulnerabilities and design flaws in authentication sessions, the difference between Session-Based and
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.The implants for the new malware family are written in the Rust language for Windows and Linux.A fully functional version of the command and control (C2),
Laravelの認証機能を徹底解説
Laravelの認証は、ウェブアプリケーションにおいて最も重要で不可欠な機能の1つです。Laravelをはじめとするウェブフレームワークには、さまざまなユーザー認証方法があります。 Laravelの認証機能は、素早く、安全な方法で実装可能です。しかし、適切に実装しなければ、悪意ある第三者に悪用される危険性があります。 この記事では、Laravelの認証機能を使用する際に、知っておくべきことをすべてご紹介します。 Laravelの認証入門 Laravelには、「ガード」と「プロバイダ」から構成されるモジュールがあります。ガードは各リクエストのユーザー認証を定義し、プロバイダは永続ストレージ(MySQLデータベースなど)からのユーザーの取得方法を定義します。 認証パラメータは、config/auth.phpファイルで定義します。このファイル内でLaravelの認証の振る舞いを調整、変更する複数
Snowpipe StreamingとAmazon Data Firehoseを使用してSnowflakeにストリームデータをロードする #ベッテク月間 - LayerX エンジニアブログ
こんにちは。バクラク事業部 機械学習・データ部 データグループの@civitaspoです。みなさんは「人生で一番美味しいと思ったキムチ」に出会ったことはありますか?キムチって美味しいですが、あまり強い感情は抱かないですよね。ところが先日、近所のスーパーの駐車場の端っこに、謎のプレハブ小屋があるのを発見しました。興味本位で中を覗いてみると、そこはキムチ屋でした。そのキムチ屋が販売する自家製キムチは絶品で、私にとって「人生で一番美味しいと思ったキムチ」でした。みなさんも「人生で一番美味しいと思ったキムチ」を探してみてください。 さて、先週に引き続き、Snowflakeに関する記事を書こうと思います。先週は『Don’t Use Passwords in Your Snowflake Account』というタイトルで、Snowflakeのアカウントレベルでパスワード認証を禁止する方法を紹介しました
On the internet alone, you’ll find tens of thousands of free APIs — all well-made and easily accessible to developers all over the world. In just a few simple steps, free APIs allow you to create flexible and powerful apps in record time. For this article, we traversed the web with a simple goal in mind — to make a comprehensive list of the top 15 APIs for each category. Check them out. Top 15 Fre
![Free API – 90+ Public APIs For Testing [No Key] – Apipheny](https://cdn-ak-scissors.b.st-hatena.com/image/square/cf5930ca2512394270dd8e2f06af9094f941b868/backend=imagemagick;height=288;version=1;width=512/https%3A%2F%2Fapipheny.io%2Fwp-content%2Fuploads%2F2021%2F02%2F002-free-api.jpg)
Like almost any question about AI, “How does AI impact software architecture?” has two sides to it: how AI changes the practice of software architecture and how AI changes the things we architect. These questions are coupled; one can’t really be discussed without the other. But to jump to the conclusion, we can say that AI hasn’t had a big effect on the practice of software architecture, and it ma
[Public] Passkeys Hackathon Tokyo event report Please send any inquiry about this event or document to Eiji Kitamura (agektmr[at]google.com). This article was authored in collaboration with the staff members of the hackathon from FIDO Alliance (kokukuma, Kosuke Koiwai, Kento Goro, Kotaro Oi, Yoshinori Matumoto, Naoyuki Shiraishi, Hideaki Furukawa, Vaibhav Kumar and Koichi Moriyama). In June 2024,
💡 Summary Twitter(X)の投稿をIFTTTとGoogle Apps Script (GAS)を介してBlueskyへ自動転送する仕組みの構築手順。Bluesky APIへの投稿処理を行うGASのコード、IFTTTのトリガー設定、Webhook設定を詳細に解説。 前回の記事で紹介したMisskeyに続いて、Blueskyのアカウントも取得したので使い始めました。Misskeyよりも日本人ユーザーは少ないですが、日本人同士でゆるくつながりあっており、開発者の方も割と多くリアクションをいただけるため意外と楽しい場所です。いうならば初期の日本語対応以前から震災前のようなTwitterの雰囲気があり割と気に入っています。とはいえ、Twitterでないと交流できない方もいてあっさり移行というわけにはいかなかったので、Twitter・Misskey・Blueskyと並行して使いながらT
Django for Startup Founders: A better software architecture for SaaS startups and consumer apps
In an ideal world, startups would be easy. We'd run our idea by some potential customers, build the product, and then immediately ride that sweet exponential growth curve off into early retirement. Of course it doesn't actually work like that. Not even a little. In real life, even startups that go on to become billion-dollar companies typically go through phases like: Having little or no growth fo
APT trends report Q2 2021
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significan
“Ah yes passkeys, pretty cool technology and great that there’s already wide support, plus an open standard that they are built on. I’ll just grab one of the libraries for my framework and that should do the job. I don’t think I need any help or service. I’m a decent coder and have added auth packages dozens of times in the past.” This is a typical conversation I had over the past 24 months with m
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
How I Hacked my Car
Your URL Is Your State
Anatomy of a Linux DNS Lookup – Part I
Node.js — Tuesday, January 13, 2026 Security Releases
7 Essential Tips to Secure Google Drive
Announcing Internet Computer “Mainnet” and a 20-Year Roadmap
Rethinking Authentication UX — Smashing Magazine
Free API – 90+ Public APIs For Testing [No Key] – Apipheny
Software Architecture in an AI World
[Public] Passkeys Hackathon Tokyo 2024 event report
【IFTTT】TwitterからBlueskyへ自動投稿する - Scriptone
Why Passkey Implementation is 100x harder than you think