はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
Another year passes. I was hoping to write more articles instead of just these end-of-the-year screeds, but I almost died in the spring semester, and it sucked up my time. Nevertheless, I will go through what I think are the major trends and happenings in databases over the last year. There were many exciting and unprecedented developments in the world of databases. Vibe coding entered the vernacu
Concurrency in modern programming languages: Rust vs Go vs Java vs Node.js vs Deno vs .NET 6
This is part of my "Concurrency in Modern Programming Languages" series Concurrency in modern programming languages: IntroductionConcurrency in modern programming languages: RustConcurrency in modern programming languages: GolangConcurrency in modern programming languages: JavaScript on NodeJSConcurrency in modern programming languages: TypeScript on DenoConcurrency in modern programming languages
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
※本記事は、2023年7月時点の情報を元にしています。実際に移行を検討される際は、その時点でのAWS等の最新ドキュメントを参照下さい。 最近、 「Amazon Linux 2をAmazon Linux 2023に移行した事例はありますか?」 「Amazon Linux 2023を実際に使ってみてハマった事象があったら教えて下さい」 という問い合わせを目にする機会が増えました。 約1年前に、[Amazon Linux 2(以下、AL2)のEOL(End Of Life)は2025年6月30日に延期されました(https://aws.amazon.com/amazon-linux-2/faqs/?nc1=h_ls)。 AL2のEOLまであと2年ということで、ウォーターフォール型の足の長いプロジェクトであったり、 既存環境でAL2ベースのEC2を大量に運用しているユーザーさんの中では、 もうEO
How modern browsers work
Note: For those eager to dive deep into how browsers work, an excellent resource is Browser Engineering by Pavel Panchekha and Chris Harrelson (available at browser.engineering). Please do check it out. This article is an overview of how browsers work. Web developers often treat the browser as a black box that magically transforms HTML, CSS, and JavaScript into interactive web applications. In tru
LogLog Games
The article is also available in Chinese. Disclaimer: This post is a very long collection of thoughts and problems I've had over the years, and also addresses some of the arguments I've been repeatedly told. This post expresses my opinion the has been formed over using Rust for gamedev for many thousands of hours over many years, and multiple finished games. This isn't meant to brag or indicate su
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Doing the basics goes a long way in keeping your company and product secure. This third1 edition of the SaaS CTO Security Checklist provides actionable security best practices CTOs (or anyone for that matter) can use to harden their security. This list is far from exhaustive, incomplete by nature since the security you need depends on your company, product, and assets. 🚀 Your employees Accustom e
June 5, 2023 by Dirk Bäumer VS Code for the Web (https://vscode.dev) has been available for some time now and it has always been our goal to support the full edit / compile / debug cycle in the browser. This is relatively easy for languages like JavaScript and TypeScript since browsers ship with a JavaScript execution engine. It is harder for other languages since we must be able to execute (and t
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
You have to decide if you want to stick with the latest LTS version, or if you go with the latest feature release and upgrade every six months. Both options are okay, but if you’re uncertain, stick with the latest LTS version. The OpenJDK project itself is managed on openjdk.java.net where you can find specifications, source code, and mailing lists, but there are no builds that you can download. Y
AST vs. Bytecode: Interpreters in the Age of Meta-Compilation
233 AST vs. Bytecode: Interpreters in the Age of Meta-Compilation OCTAVE LAROSE, University of Kent, UK SOPHIE KALEBA, University of Kent, UK HUMPHREY BURCHELL, University of Kent, UK STEFAN MARR, University of Kent, UK Thanks to partial evaluation and meta-tracing, it became practical to build language implementations that reach state-of-the-art peak performance by implementing only an interprete
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.67.1: The update addresses this security issue. Update 1.67.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2022 release of Visual Studio Code. There are many updates in this version that we hope
Godotメモ
最終更新日:2025年11月07日 記事作成日:2021年03月10日 オープンソースのゲームエンジンGodotの特徴やTipsをメモしています。 更新履歴 (2025年1月3日)Godot 4.4でC#パッケージが.NET 8に更新されたことを追記 (2024年8月28日)「PCKファイルについて」にGodot 4.3のGDScriptのバイナリトークン化・難読化と、PCKの暗号化について追記 (2024年8月26日)Godot 4.3の変更点を反映、「物理シミュレーションについて」、「日本語のコミュニティはある?」を追加、「Godotの名前の由来と読み方について」を拡充、W4 Cloudについて追記 (2024年2月18日)Webエクスポートの対応状況等を更新、C#のサポート状況を反映、「Godot Engineの名前の由来と読み方について」を更新 Godotとは Godotはオープン
Parsing SQL - Strumenta
The code for this tutorial is on GitHub: parsing-sql SQL is a language to handle data in a relational database. If you worked with data you have probably worked with SQL. In this article we will talk about parsing SQL. It is in the same league of HTML: maybe you never learned it formally but you kind of know how to use it. That is great because if you know SQL, you know how to handle data. However
Prism in 2024
In Ruby 3.3.0, a new standard library was added to CRuby called Prism. Prism is a parser for the Ruby language, exposed as both a C library (optionally usable by CRuby) and a Ruby library (usable as a Ruby gem). The Prism project represents many person-years worth of effort, and is the result of a collaboration between Shopify, CRuby core contributors, other Ruby implementation authors, and Ruby t
Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support | Amazon Web Services
AWS News Blog Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support 11/17/2025 Update: Amazon Linux 2 end of support date (End of Life, or EOL) has been extended to 2026-06-30. I am excited to announce the general availability of Amazon Linux 2023 (AL2023). AWS has provided you with a cloud-optimized Linux distribution since 2010. This is the third generation of our Amazon
The real 0.5 was the friends we made along the way The long-awaited release of Neovim v0.5.0 finally happened on July 2, 2021. It was worth the wait: With over 4000 commits, it is so big that it broke some of the release tooling. These notes focus on the most user-visible improvements, of which the biggest are: Lua as a first-class scripting and configuration language, Language server protocol (LS
Some random rambling by a linguistics nerd about Emacs, Linux, and conlanging It was announced a couple of hours ago, Emacs 29’s branch is now cut from the master branch! This means the emacs-29 branch will from now no longer receive any new feature, but only bug fixes. So, what’s new with this new major release? I skimmed over the NEWS file, and here are the changes which I find interesting and e
Since I was unable to travel for a couple of years during the pandemic, I decided to take my new-found time and really lean into Rust. After writing over 100k lines of Rust code, I think I am starting to get a feel for the language and like every cranky engineer I have developed opinions and because this is the Internet I’m going to share them. The reason I learned Rust was to flesh out parts of t
Wasm core dumps and debugging Rust in Cloudflare Workers
Wasm core dumps and debugging Rust in Cloudflare Workers2023-08-14 A clear sign of maturing for any new programming language or environment is how easy and efficient debugging them is. Programming, like any other complex task, involves various challenges and potential pitfalls. Logic errors, off-by-ones, null pointer dereferences, and memory leaks are some examples of things that can make software
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs
emerging threats and vulnerabilities The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation November 1, 2022 emerging vulnerability On November 1, 2022, the OpenSSL Project released a security advisory detailing a high-severity vulnerability in the OpenSSL library. Deployments of OpenSSL from 3.0.0 to 3.0.6 (included) are vulnerable and are fixed in
Node.js 16.x runtime now available in AWS Lambda | Amazon Web Services
AWS Compute Blog Node.js 16.x runtime now available in AWS Lambda This post is written by Dan Fox, Principal Specialist Solutions Architect, Serverless. You can now develop AWS Lambda functions using the Node.js 16 runtime. This version is in active LTS status and considered ready for general use. To use this new version, specify a runtime parameter value of nodejs16.x when creating or updating fu
IDEs CLion DataGrip DataSpell GoLand IntelliJ IDEA PhpStorm PyCharm RustRover Rider RubyMine WebStorm Plugins & Services Big Data Tools JetBrains Platform Scala Toolbox App JetBrains AI Grazie Junie JetBrains for Data Air Team Tools Datalore TeamCity YouTrack Qodana CodeCanvas Matter Databao .NET & Visual Studio .NET Tools ReSharper C++ Languages & Frameworks Kotlin Ktor MPS Amper Education & Rese
Nrtsearch: Yelp’s Fast, Scalable and Cost Effective Search Engine
Nrtsearch: Yelp’s Fast, Scalable and Cost Effective Search Engine Sarthak Nandi, Software Engineer and Umesh Dangat, Group Tech Lead Sep 21, 2021 Search and ranking are part of many important features of Yelp - from looking for a plumber to showing relevant photos of the dish you search for. These varied use-cases led to the creation of Yelp’s Elasticsearch-based ranking platform, allowing real-ti
Everything you need to know about Python 3.13 – JIT and GIL went up the hill | drew's dev blog
Everything you need to know about Python 3.13 – JIT and GIL went up the hill All you need to know about the latest Python release including Global Interpreter Lock and Just-in-Time compilation. Table of Contents On 2nd October 2024, the Python core developers and community will release CPython v3.13.0 – and it’s a doozy. (Update: release has now been pushed back to 7th October.) So what makes this
Update 1.78.1: The update addresses this security issue. Update 1.78.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Accessibility improvements - Better scre
Vim 9.0 : vim online
June 2022 Vim 9.0 released After many years of gradual improvement Vim now takes a big step with a major release. Besides many small additions the spotlight is on a new incarnation of the Vim script language: Vim9 script. The previous release was version 8.2 in December 2019. Since the latest source code is always available on GitHub, many have already picked up later patch versions (there are mor
A new JavaScript backend was merged into GHC on November 30th, 2022! This means that the next release of GHC will be able to emit code that runs in web browsers without requiring any extra tools, enabling Haskell for both front-end and back-end web applications. In this post, we, the GHC DevX team at IOG, describe the challenges we faced bringing GHCJS to GHC, how we overcame those challenges, and
Internet Explorer 11 desktop app retirement FAQ | Microsoft Community Hub
Update: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. Based on customer feedback, organizations will maintain control over when to remove IE11 UI elements from their devices. Over the coming months a small subset of exceptional scenarios where IE11 is still accessible will be red
Update 1.86.2: The update addresses these issues. Update 1.86.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Per-window zoom levels - Adjust the zoom leve
Announcing Amazon CodeCatalyst, a Unified Software Development Service (Preview) | Amazon Web Services
AWS News Blog Announcing Amazon CodeCatalyst, a Unified Software Development Service (Preview) Today, we announced the preview release of Amazon CodeCatalyst. A unified software development and delivery service, Amazon CodeCatalyst enables software development teams to quickly and easily plan, develop, collaborate on, build, and deliver applications on AWS, reducing friction throughout the develop
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Kotlin 1.5.0 – the First Big Release of 2021 | The Kotlin Blog
Welcome the first feature release in accordance with the new release schedule – Kotlin 1.5.0! This release delivers stable language features such as JVM records, sealed interfaces, inline classes, and includes the new default JVM IR compiler. Your feedback on the feature previews in Kotlin 1.4.30 and Kotlin 1.5.0 EAP releases have really helped us to stabilize these features. We’re very grateful f
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability | Microsoft Security Blog
January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may
Future of work Why TensorFlow for Python is dying a slow death PyTorch is easier to use and beloved by more developers Religious wars have been a cornerstone in tech. Whether it’s debating about the pros and cons of different operating systems, cloud providers, or deep learning frameworks — a few beers in, the facts slide aside and people start fighting for their technology like it’s the holy grai
Build and Deploy Docker Images to AWS using EC2 Image Builder | Amazon Web Services
AWS DevOps & Developer Productivity Blog Build and Deploy Docker Images to AWS using EC2 Image Builder The NFL, an AWS Professional Services partner, is collaborating with NFL’s Player Health and Safety team to build the Digital Athlete Program. The Digital Athlete Program is working to drive progress in the prevention, diagnosis, and treatment of injuries; enhance medical protocols; and further i
使い慣れたプログラミング言語でAWSのインフラ管理をする ~AWS CDKのススメ~ - ABEJA Tech Blog
1. AWS CDKとは 2. AWS CDKを触ってみる 2.1 環境構築 Volta Node.js CDK 2.2. とりあえずLambdaを作成するところまでやってみる 2.2.1. プロジェクト作成 2.2.2. デプロイ用のLambda関数を書く 2.2.3. CDKのStackにLambda関数を記載する 2.2.4. デプロイしてみる 2.2.5. お片付け 2.3. CRUDっぽいAPIをAPI Gatewayで公開してみる 2.3.1. Lambda関数を用意する 2.3.2. CDKを用意する 2.3.3. デプロイして動かしてみる 2.3.4. お片付け 2.3.5. 詰まったところ 3. 感想 We Are Hiring! ABEJAでプロダクト開発をしている平原です。ABEJAアドベントカレンダー2023の6日目の記事です。皆さんはAWSでIaCを利用する時には
Version 1.108 is now available! Read about the new features and fixes from December. Update 1.75.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Profiles -
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).
Log4Shell log4j vulnerability (CVE-2021-44228 / CVE-2021-45046) - cheat-sheet reference guide Last updated: $Date: 2022/02/08 23:26:16 $ UTC - best effort, validate all for your environment/model before use, unofficial sources may be wrong by @TychoTithonus (Royce Williams), standing on the shoulders of many giants Send updates or suggestions (please include category / context / public (or support
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Databases in 2025: A Year in Review
Amazon Linux 2をAmazon Linux 2023に移行したくて...夏
Run WebAssemblies in VS Code for the Web
June 2022 (version 1.69)
Which Version of JDK Should I Use?
April 2022 (version 1.67)
Neovim News #11 - The Christmas Issue
Emacs 29 is nigh! What can we expect?
Rust: A Critical Retrospective « bunnie's blog
IntelliJ IDEA リモート開発環境の自動構築を試してみよう | Post Blog
April 2023 (version 1.78)
JavaScript backend merged into GHC | IOG Engineering
January 2024 (version 1.86)
0.10.0 Release Notes ⚡ The Zig Programming Language
Why TensorFlow for Python is dying a slow death
January 2023 (version 1.75)