エンジニアを始めてから便利だったツールまとめ
概要 エンジニアになってから出会った便利ツール・アプリを備忘録としてまとめています。随時更新しています。 GUIツール・アプリ デスクトップ上で動作させるやつ。 1Password https://1password.com/jp パスワード管理ツールです。Windows, mac, iPhone等様々な端末で共通したパスワード管理が行えます。有料のアプリとなりますが、LastPassやiCloud Passwordに比べて使い勝手等がよいのでオススメです。2FA(2 要素認証)やパスキーの登録も行えます。 Authy https://authy.com/ 2FAアプリ。Multi-Deviceという複数端末で使える機能があり、PCでログインする際の2FAをPCのみで完結できるので便利。 PC版のサポートが終了したり、個人情報流出問題等があったため上記の1Passwordに2FAを移行しま
はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
TL;DR: Instead of redirecting API calls from HTTP to HTTPS, make the failure visible. Either disable the HTTP interface altogether, or return a clear HTTP error response and revoke API keys sent over the unencrypted connection. Unfortunately, many well-known API providers don't currently do so. Updates 2024-05-24: Added the Google Bug Hunter Team response to the report that the VirusTotal API resp
Last updated: Apr 2, 2026 (added Gemma 4 in section 23) It has been seven years since the original GPT architecture was developed. At first glance, looking back at GPT-2 (2019) and forward to DeepSeek V3 and Llama 4 (2024-2025), one might be surprised at how structurally similar these models still are. Sure, positional embeddings have evolved from absolute to rotational (RoPE), Multi-Head Attentio
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
AWS Open Source Blog Sustainability with Rust Rust is a programming language implemented as a set of open source projects. It combines the performance and resource efficiency of systems programming languages like C with the memory safety of languages like Java. Rust started in 2006 as a personal project of Graydon Hoare before becoming a research project at Mozilla in 2010. Rust 1.0 launched in 20
Remo nano で Matter をはじめよう! - Nature Engineering Blog
Nature ソフトウェアエンジニアの田井です。この記事は、第 2 回 Nature Engineering Blog 祭の 1 日目の記事になります!本日はめでたい日でした! Matter に対応した Nature Remo nano が発売されました! 本日 2023/7/4 12:00 より、Matter に対応した Nature Remo nano が発売されました!3,980 円で Matter デバイスが手に入るなんて…!これはハックしたくてうずうずしてきますね? (以降 Nature Remo nano を Remo nano, nano と呼ぶことがあります) nature.global 購入はこちらからもどうそ! https://www.amazon.co.jp/dp/B0C6V1CJB7 Matter ってなに? Matter ってなに?と思う方もいらっしゃると思います
the peculiar case of japanese web design a project that should not have taken 8 weeks how is japanese web design different? in this 2013 Randomwire blog post, the author (David) highlighted an intriguing discrepancy in Japanese design. While the nation is known abroad for minimalist lifestyles, their websites are oddly maximalist. The pages feature a variety of bright colours (breaking the 3 colou
Microsoft is rewriting core Windows libraries in Rust
Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers. David "dwizzle" Weston, director of OS security for Windows, announced the arrival of Rust in the operating system's kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. "You will actually have Windows booting with Rust in the kernel in probably the ne
HTTP/3 From A To Z: Core Concepts — Smashing Magazine
After almost five years in development, the new HTTP/3 protocol is nearing its final form. Earlier iterations were already available as an experimental feature, but you can expect the availability and use of HTTP/3 proper to ramp up over in 2021. So what exactly is HTTP/3? Why was it needed so soon after HTTP/2? How can or should you use it? And especially, how does it improve web performance? Let
この記事では、Unityを使って1人で開発したツールアプリ『リモートダイス3D』で対応したことや、使ったアセット・ライブラリなどをひたすら列挙していきます。 このアプリ特有の話はあまり出てこないので、ダイス系のアプリを触ったことがない方(が圧倒的に多いですよね)でも参考になるでしょう。いろいろな技術要素が含まれています。 「そんなアセット・ライブラリもあるんだ」「それは自分のアプリでも対応してみようかな」と知見を広げるきっかけになれば幸いです。 僕には売れるアプリの作り方は分かりませんがプロダクトを完成させる知識と技術だけはありますので、技術面を中心とした内容になっています。 各項目は詳しく説明しているものもあれば物足りない感じに留めているものも多いので「このあたりもうちょっと詳しく知りたい」というものがあればTwitterでシェアして頂くか、はてブのコメントを付けてもらえれば詳細記事が出
投資家IPランドスケープ・スタートアップ支援IPランドスケープ・大学支援用に改良中 更新中)tfidf etc embeddings cluster reconstructing vis: 特許など長文の、動的な文章間類似俯瞰図可視化・迅速閲覧・解析・探索手段。および第三の特許検索手法、動的な知識抽出管理手法、特許自動生成 (類似度ベクトルと小規模言語モデル及びChatGPTを用いた空白領域における特許生成追加) - Qiita
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? 投資家IPランドスケープ・スタートアップ支援IPランドスケープ・大学支援用に改良中 更新中)tfidf etc embeddings cluster reconstructing vis: 特許など長文の、動的な文章間類似俯瞰図可視化・迅速閲覧・解析・探索手段。および第三の特許検索手法、動的な知識抽出管理手法、特許自動生成 (類似度ベクトルと小規模言語モデル及びChatGPTを用いた空白領域における特許生成追加)自然言語処理NLP可視化Visualization特許 これは何 複数の特許等の文章を「特定の母集団における互いの類似度」を元
curlでKeyless Signingする (1) - OpenID Connect編 - knqyf263's blog
確実に忘れるであろう将来の自分と、Keyless Signingに異常な興味を持つ日本に数人しかいないであろう人達のための記事です。 背景 前提 Keyless Signing全体のフロー OIDCのフロー 認可コードの取得 IDトークンの取得 手動で試す OpenIDプロバイダーの情報取得 認可コードの取得 code_verifierの生成 code_challengeの生成 Authorization Endpointへのアクセス IDトークンの取得 IDトークンの検証 公開鍵の取得 公開鍵の生成 検証 参考 まとめ 背景 以前sigstoreのソフトウェア署名についてブログを書きました。 knqyf263.hatenablog.com その中でKeyless Signingについては別ブログにすると言っていたのですがサボり続けた結果、全て忘れ去り再び調べる羽目になりました。これはまた
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC
20211210-TLP-WHITE_LOG4J.md Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228) Errors, typos, something to say ? If you want to add a link, comment or send it to me Feel free to report any mistake directly below in the comment or in DM on Twitter @SwitHak Other great resources Royce Williams list sorted by vendors responses Royce List Very detailed list NCSC-N
Nic Jansma (@nicj) is a software developer at Akamai building high-performance websites, apps and open-source tools. Table of Contents The JS Self-Profiling API What is Sampled Profiling? Downsides to Sampled Profiling API Document Policy API Shape Sample Interval Buffer Who to Profile When to Profile Specific Operations User Interactions Page Load Overhead Anatomy of a Profile Beaconing Size Comp
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Doing the basics goes a long way in keeping your company and product secure. This third1 edition of the SaaS CTO Security Checklist provides actionable security best practices CTOs (or anyone for that matter) can use to harden their security. This list is far from exhaustive, incomplete by nature since the security you need depends on your company, product, and assets. 🚀 Your employees Accustom e
Android 13 virtualization lets Pixel 6 run Windows 11, Linux distributions - CNX Software
Android 13 virtualization lets Pixel 6 run Windows 11, Linux distributions The first Android 13 developer preview may have felt a bit underwhelming, but there’s a hidden gem with full virtualization possible on hardware such as the Google Pixel 6 smartphone. What that means is that it is now possible to run virtually any operating system including Windows 11, Linux distributions such as Ubuntu or
TL;DR; We are changing std::sort in LLVM’s libcxx. That’s a long story of what it took us to get there and all possible consequences, bugs you might encounter with examples from open source. We provide some benchmarks, perspective, why we did this in the first place and what it cost us with exciting ideas from Hyrum’s Law to reinforcement learning. All changes went into open source and thus I can
April 25, 2022 Four Eras of JavaScript Frameworks April 25, 2022 I started coding primarily in JavaScript back in 2012. I had built a PHP app for a local business from the ground up, a basic CMS and website, and they decided that they wanted to rewrite it and add a bunch of features. The manager of the project wanted me to use .NET, partially because it’s what he knew, but also because he wanted i
The tar archive format, its extensions, and why GNU tar extracts in quadratic time - Mort's Ramblings
Date: 2022-07-23 Git: https://gitlab.com/mort96/blog/blob/published/content/00000-home/00014-tar.md (If you're here from Google and just need help with tar being slow: If you trust the tar archive, extract with -P to make tar fast.) A couple of days ago, I had a 518GiB tar.gz file (1.1 TiB uncompressed) that I had to extract. At first, GNU tar was doing a great job, chewing through the tar.gz at a
33 open-source cybersecurity solutions you didn’t know you needed - Help Net Security
Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here! Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, yo
バグバウンティにおける JavaScript の静的解析と動的解析まとめ - blog of morioka12
1. 始めに こんにちは、morioka12 です。 本稿では、バグバウンティなどの脆弱性調査で行う、JavaScript の静的解析と動的解析についてまとめて紹介します。 1. 始めに 免責事項 想定読者 検証環境 静的解析と動的解析 2. 静的解析 (Static Analysis) 2.1 JavaScript File の URL を収集する getJS hakrawler getallurls (gau) 2.2 エンドポイントを列挙する LinkFinder xnLinkFinder katana jsluice endext 2.3 シークレット情報を検出する SecretFinder jsluice Mantra trufflehog 2.4 潜在的な脆弱性情報を検出する Retire.js ESLint 3. 動的解析 (Dynamic Analysis) DevTool
How to Bypass Cloudflare in 2023: The 8 Best Methods - ZenRows
About 1/5 of websites you need to scrape use Cloudflare, a hardcore anti-bot protection system that gets you blocked easily. So what can you do? 😥 We spent a million dollars figuring out how to bypass Cloudflare in 2023 so that you don't have to and wrote the most complete guide (you're reading it!). These are some of the techniques you'll get home today: Method 1: Get around Cloudflare CDN. Meth
Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
CISO Strategy Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop. Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop, exposing credentials that led
はじめに WebGPUについて 余談:Vulkanについて WebGPUのネイティブ実装について Silk.NETについて 検証環境 導入するNuGetパッケージ 1. ウィンドウの作成 ※WindowOptionsの値一覧 2. WebGPUの初期化 2-1. unsafeの有効化、パッケージの導入 2-2. 作成するクラス・構造体の説明 2-3. 初期化用ユーティリティクラスの作成 Descriptor(記述子) Struct-Chaining PfnRequestOOOCallback 2-4. 初期化 3. 三角形を表示 3-1. RenderPipelineの作成 3-2. シェーダーの作成 3-3. 描画の実行 参考資料 以下の記事に基づいた内容のプロジェクトをGitHubにアップしました。 動作確認等にご利用ください。 github.com はじめに WebGPUについて W
10 Tips for Taking Better Notes in Google Keep for Android
Digital note-taking has somewhat taken over the conventional pen-and-paper alternative. After all, why carry around a Moleskine and clutter yourself when you already have a smartphone in your pocket? Google Keep is one of the best note-taking apps available on Android. It has great usability across different platforms and integrates well with other Google products. If you're new to Google Keep, he
Fast and Portable Llama2 Inference on the Heterogeneous Edge
Fast and Portable Llama2 Inference on the Heterogeneous EdgeNov 09, 2023 • 12 minutes to read The Rust+Wasm stack provides a strong alternative to Python in AI inference. Compared with Python, Rust+Wasm apps could be 1/100 of the size, 100x the speed, and most importantly securely run everywhere at full hardware acceleration without any change to the binary code. Rust is the language of AGI. We cr
With LastPass making a habit of getting pwned and generally sucking, I started to look for a proper™ cloud-based password manager that I could recommend to friends and family. Requirements A non-lame security level, by a entity that won't crash and burn in 3 months, and whose sole interest is keeping their customer's passwords safe: managing passwords can't be a side-hustle. Compromised passwords
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
research.md hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff. 3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attack
Authors: Jacques Portal, Renée Burton Hazy Hawk is a DNS-savvy threat actor that hijacks abandoned cloud resources of high-profile organizations. By “cloud resources” we mean things like S3 buckets and Azure endpoints. You might have read about domain hijacking; we and other security vendors have written about different techniques for grabbing control of forgotten domain names several times over t
The 11 Best iOS Features That Android Still Doesn't Have
Although Android is a feature-packed operating system, it misses several functionalities that have been integral to iOS for years. So, if you're planning to switch from an iPhone to an Android device anytime soon, be prepared to miss out on the following features. 1. AirPlay AirPlay is one of the biggest features that Android devices still don't have. Since AirPlay is a propriety protocol that App
How to Get Your Android Phone and iPad Working Together
If you have an Android phone and an iPad, you would naturally want to have easy access to all your data no matter what device you're using. However, Google and Apple don't make it easy since they want you to stay with their respective platforms. Luckily, there's a way around these limitations. Check out the solutions below to syncing your data and more across iOS and Android platforms. Sync Your P
Introducing GoFlow — Learn Go through interactive, gamified challenges. Level up your skills today! The British love to drink. But how many have you have ever stopped to wonder, how many grams of carbohydrates are in a pint of beer? What about in this meal? And what about this salad, that is usually listed on a menu as the low-carb option? One answer you might give reading this is who cares? Peopl
© 2023 NPO Institute of Digital Forensics. 「証拠保全ガイドライン 第9版」 2023年2月20日 特定非営利活動法人デジタル・フォレンジック研究会 「証拠保全ガイドライン」改訂ワーキンググループ © 2023 NPO Institute of Digital Forensics. (空白頁) © 2023 NPO Institute of Digital Forensics. i 目 次 1. 本ガイドラインについて.........................................................................................................1 1-1. 取り巻く環境の変化(状況認識).........................................
[Revised] You Don’t Need to Spend $100/mo on Claude Code: Your Guide to Local Coding Models
[Edit 1] This article has been edited after initial release for clarity. Both the tl;dr and the end section have added information. [Edit 2] This hypothesis was actually wrong and thank you to everyone who commented! Here’s a full explanation of where I went wrong. I want to address this mistake as I realize it might have a meaningful impact on someone's financial position. I’m not editing the act
![[Revised] You Don’t Need to Spend $100/mo on Claude Code: Your Guide to Local Coding Models](https://cdn-ak-scissors.b.st-hatena.com/image/square/cb5a0a1bad79efe630f681954cb77f2ea1dc7dec/backend=imagemagick;height=288;version=1;width=512/https%3A%2F%2Fsubstackcdn.com%2Fimage%2Ffetch%2F%24s_%21fARn%21%2Cw_1200%2Ch_600%2Cc_fill%2Cf_jpg%2Cq_auto%3Agood%2Cfl_progressive%3Asteep%2Cg_auto%2Fhttps%253A%252F%252Fsubstack-post-media.s3.amazonaws.com%252Fpublic%252Fimages%252Fb194c53f-7b2b-4f74-942b-5cf1c59b32aa_1920x1080.jpeg)
While I prefer “AI native” to describe the product development approach centered on AI that we’re trying to encourage at O’Reilly, I’ve sometimes used the term “AI first” in my communications with O’Reilly staff. And so I was alarmed and dismayed to learn that in the press, that term has now come to mean “using AI to replace people.” Many Silicon Valley investors and entrepreneurs even seem to vie
Keep Android Open
In August 2025, Google announced that starting next year, it will no longer be possible to develop apps for the Android platform without first registering centrally with Google. This registration will involve: Paying a fee to Google Agreeing to Google’s Terms and Conditions Providing government identification Uploading evidence of the developer’s private signing key Listing all current and future
Android and iOS are the leading mobile platforms today, and each of them has its selling point. Both Android and Apple keep updating their privacy and security features to combat the latest threats and vulnerabilities. But which of these mobile Operating Systems (OSes) wins in terms of security? Some people claim it's iOS, some stand with Android, while others feel it's an equal share. So Apple vs
Annotated history of modern AI and deep neural networks
For a while, DanNet enjoyed a monopoly. From 2011 to 2012 it won every contest it entered, winning four of them in a row (15 May 2011, 6 Aug 2011, 1 Mar 2012, 10 Sep 2012).[GPUCNN5] In particular, at IJCNN 2011 in Silicon Valley, DanNet blew away the competition and achieved the first superhuman visual pattern recognition[DAN1] in an international contest. DanNet was also the first deep CNN to win
12年以上Macを使い続けてきた筆者が、「これがないとMacじゃない!」というレベルの必須オススメアプリを紹介する。 2026年の更新版として、Claude Code + Obsidianなど、最新のAIエージェントの活用情報も反映している。 ライターでもありプログラマーでもあり理系大学院卒という筆者のバックグラウンドから、社会人の仕事効率化に役立つアプリから、試験勉強や資格試験に役立つアプリ、さらにはエンジニアや研究者に役立つアプリまで、きっと示唆に富むセレクションになっているはずだ。 Macを購入したばかりの人や、使い始めて数年のMac初中級者の場合、新しいアプリを試す機会も少なく、Macのポテンシャルを最大限に引き出せていない人も多いのではないか。 Macの強みは、サードパーティーのアプリが充実していて、痒い所に手が届く、様々なニーズに応えるアプリが存在することだ。初期インストールさ
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Your API Shouldn't Redirect HTTP to HTTPS
The Big LLM Architecture Comparison
Sustainability with Rust | Amazon Web Services
the peculiar case of japanese web design - sabrinas.space
スマホ向けオンラインツールアプリ開発で対応したこと・アセットなど総まとめ【Unity】|アマガミナブログ
JS Self-Profiling API In Practice
Changing std::sort at Google’s Scale and Beyond
pzuraq | Four Eras of JavaScript Frameworks
【C#】Silk.NET+WebGPUで三角形を描画する - octo127’s blog
The quest for a family-friendly password manager
Forgotten DNS Records Enable Cybercrime
How I keep myself Alive using Golang
Microsoft Word - 証拠保全ガイドライン(第9版)
google-review-AI First Puts Humans First
iPhone vs. Android: Which Is More Secure?
【2026年最新版】Mac歴12年が選ぶ絶対入れるべき厳選Macアプリ30選