はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
OpenAI API ドキュメント 日本語訳|#2 GET STARTED 後編|Nobue Otsu|地方で老舗パン屋を第三者承継
OpenAI API ドキュメントの日本語訳をこちらでまとめます。文字量の多いドキュメントなので、セクションごとに記事を分割しています。 今回は「GET STARTED 」のセクションからLibraries 、Models、TutorialsそしてUsage policiesを抜粋した後編です。 基本 DeepLで翻訳して、気になるところだけ書き換えています(ほぼ気になるところがないのが、DeepLのすごいところ)。原文との突き合わせができるようにはじめに原文を入れてますので、間違いなど見つけられましたら、ぜひご指摘ください。ご指摘箇所は随時反映させていただきます。 原文のリンクが有効になってますので、それぞれ必要な場合は原文リンクの方を参照ください。 前回のおさらいはこちら Python library|Python ライブラリWe provide a Python library, w
Another year passes. I was hoping to write more articles instead of just these end-of-the-year screeds, but I almost died in the spring semester, and it sucked up my time. Nevertheless, I will go through what I think are the major trends and happenings in databases over the last year. There were many exciting and unprecedented developments in the world of databases. Vibe coding entered the vernacu
This past month, I have been enthralled by the Rust programming language given its unique edge for writing memory-safe, modern programs. Over the years, several languages have emerged as the most preferred by engineers to write resilient, backend software. The tides have shifted from Java/C++ into Go and Rust, which combine decades of programming language theory to build tools that are effective i
AWS deleted my 10-year account and all data without warning
After 10 years as an AWS customer and open-source contributor, they deleted my account and all data with zero warning. Here's how AWS's 'verification' process became a digital execution, and why you should never trust cloud providers with your only copy of anything. On July 23, 2025, AWS deleted my 10-year-old account and every byte of data I had stored with them. No warning. No grace period. No r
Amazon CodeWhispererでどの程度コーディングが効率化できそうか試してみた - Taste of Tech Topics
ここのところ気温も暖かくなり、外に出かけるのが楽しみになってきた、カメラ好き機械学習エンジニアの@yktm31です。 いま世間を賑わせている生成系AI、ChatGPTは私にとって欠かせないものになりました。 そんな中つい先日、AWSから「Amazon CodeWhisperer」がGAになりました。 といことで、さっそく試してみました。 目次 概要 特徴 サポート サポートされるプログラミング言語 サポートされるIDE サポートされる自然言語 使い方 利用開始方法 基本操作 Lambdaで、DynamoDBのレコードを取得する処理と、そのユニットテストを書いてみた コード参照(Code references)を試してみる セキュリティスキャンを試してみる ドキュメントからわかったこと 安全性・セキュリティ ProfessionalとIndividualの違い 料金と制限 オプトアウト方法
GPT-5 の新パラメータとツール|npaka
以下の記事が面白かったので、簡単にまとめました。 ・GPT-5 New Params and Tools - OpenAI Cookbook 1. verbosity1-1. 概要「verbosity」は、出力トークン数を調節できます。 ・low : 簡潔なUX、簡潔な文章 ・medium (デフォルト) : バランスの取れた詳細 ・high : 詳細な情報。監査、教育、引き継ぎに最適 1-2. verbosityの効果の確認プロンプトを一定に保ったまま、「verbosity」を変更することで、効果を確認できます。 response = client.responses.create( model="gpt-5", input="人生、宇宙、そして万物に関する究極の問いに対する答えは何でしょうか?", text={ "verbosity": "low" } ) print(response
Concurrency in modern programming languages: Rust vs Go vs Java vs Node.js vs Deno vs .NET 6
This is part of my "Concurrency in Modern Programming Languages" series Concurrency in modern programming languages: IntroductionConcurrency in modern programming languages: RustConcurrency in modern programming languages: GolangConcurrency in modern programming languages: JavaScript on NodeJSConcurrency in modern programming languages: TypeScript on DenoConcurrency in modern programming languages
Don't write clean code, write CRISP code — Bitfield Consulting
I’m sure we’re all in favour of “clean code”, but it’s one of those motherhood-and-apple-pie things that no one can reasonably disagree with. Who wants to write dirty code, unless maybe it’s for a porn site? The problem, of course, is that few of us can agree on what “clean code” means, and how to get there. A rule like “methods should only do one thing”, looks great on a T-shirt, but it’s not so
AI関連、競合は現れども、性能的にやはりOpenAI一強なのかなぁというところに現れたAnthropic Claude 3は、確かに明らかに性能がいい、GPT-4を凌駕している……!というわけで大いに気に入った(ついでに最近のOpenAIのムーブが気に入らない)ので、C#で使い倒していきたい!そこで、まずはSDKがないので非公式SDKを作りました。こないだまでプレビュー版を流していたのですが、今回v1.0.0として出します。ライブラリ名は、Claudeだから、Claudiaです!.NET全般で使えるのと、Unity(Runtime/Editor双方)でも動作確認をしているので、アイディア次第で色々活用できると思います。 GitHub - Cysharp/Claudia 今回のSDKを作るにあたっての設計指針の一番目は、公式のPython SDKやTypeScript SDKと限りなく似せる
> BTC: bc1qs0sq7agz5j30qnqz9m60xj4tt8th6aazgw7kxr ETH: 0x1D834755b5e889703930AC9b784CB625B3cd833E USDT(Tron): TPrCq8LxGykQ4as3o1oB8V7x1w2YPU2o5n Ton: UQAtBuFWI3H_LpHfEToil4iYemtfmyzlaJpahM3tFSoxomYQ Doge: D7GMQdKhKC9ymbT9PtcetSFTQjyPRRfkwTdismiss OOP: the worst thing that happened to programming [2/24/2025] In this article, we will try to understand why OOP is the worst thing that happened to prog
Omakub
Turn a fresh Ubuntu installation into a fully-configured, beautiful, and modern web development system by running a single command. That’s the one-line pitch for Omakub. No need to write bespoke configs for every essential tool just to get started or to be up on all the latest command-line tools. Omakub is an opinionated take on what Linux can be at its best. Omakub includes a curated set of appli
巨人に学ぶテストコードアンチパターン
はじめに こんにちは、楽天の日暮です。普段は主にJavaを使ったシステムの開発に携わっています。 日々の開発業務の中で、テストコードのレビューを したりされたりする機会は非常に多いと思います。 みなさんはテストコードの書き方はどのように勉強してきたでしょうか? もちろん世の中にはコーディングとテストに関する名著はたくさんありますが、私が勧める最も実践的かつ読みやすいものの一つとして、Google Testing Blogをお勧めします。 Google Testing BlogはGoogleが記事投稿しているテストに関してフォーカスしたブログで、一つ一つの記事は短いので読みやすくトピックも現場レベルの疑問や課題になっており、ためになる知見が多いと思っています。 この記事では、私がテストコードをレビューする際によく指摘するポイントを、Google Testing Blogなどで言及されているベ
ソースコード & ドキュメントに対応したGraph RAGの実装(Tree-sitter + LightRAG)
(module (function_definition (identifier) # ← ここに関数名「sample_func」が含まれます (parameters) (block (expression_statement (call (identifier) (argument_list (string)))))) (expression_statement (call (identifier) (argument_list)))) ノードが色々取れましたが、「function_definition」が関数、その子である「identifier」が関数名を表すため、 function_definition == 子ノード ==> identifier となっている箇所を探索すれば抽出できます(関数ではあっても「lambda」など異なる場合もあります)。 今回は上記のようにTree-si
Just make it scale: An Aurora DSQL storyMay 27, 2025 • 3404 words At re:Invent we announced Aurora DSQL, and since then I’ve had many conversations with builders about what this means for database engineering. What’s particularly interesting isn’t just the technology itself, but the journey that got us here. I’ve been wanting to dive deeper into this story, to share not just the what, but the how
LogLog Games
The article is also available in Chinese. Disclaimer: This post is a very long collection of thoughts and problems I've had over the years, and also addresses some of the arguments I've been repeatedly told. This post expresses my opinion the has been formed over using Rust for gamedev for many thousands of hours over many years, and multiple finished games. This isn't meant to brag or indicate su
AWS Lambda Under the Hood
Transcript Danilov: We'll talk about AWS Lambda, how it's built, how it works, and why it's so cool. My name is Mike Danilov. I'm a Senior Principal Engineer at AWS Serverless. A decade ago, I joined EC2 networking team, and it was a fantastic ride. Then, five years back, I heard about Lambda. I really liked the simplicity of the idea. We run your code in the cloud, no servers needed, so I joined
Every System is a Log: Avoiding coordination in distributed applications | Restate
BlogEvery System is a Log: Avoiding coordination in distributed applications Building resilient distributed applications remains a tough challenge. It should be possible to focus almost entirely on the business logic and the complexity inherent to the domain. Instead, you need to review line-by-line and check: “what if the service crashes here?”, “what if the API we call here is temporarily unavai
Stop Saying Rust Is Complicated Rust often gets labeled as “too hard” or “too complicated” because it forces you to think carefully about memory, concurrency, and error handling. But here’s the catch: those aren’t just “Rust problems.” They’re software engineering problems that show up in any sufficiently complex system. Rust’s approach may feel strict, but it’s essentially teaching you fundamenta
Lessons from Writing a Compiler
The prototypical compilers textbook is: 600 pages on parsing theory. Three pages of type-checking a first-order type system like C. Zero pages on storing and checking the correctness of declarations (the “symbol table”). Zero pages on the compilation model, and efficiently implementing separate compilation. 450 pages on optimization and code generation. The standard academic literature is most use
Functional programming is finally going mainstream Object-oriented and imperative programming aren’t going away, but functional programming is finding its way into more codebases. Klint Finley // July 12, 2022 Paul Louth had a great development team at Meddbase, the healthcare software company he founded in 2005. But as the company grew, so did their bug count. That’s expected, up to a point. More
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2)
GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 4/2) Executive Summary Update April 2: Recent investigations have revealed preliminary steps in the tj-actions and reviewdog compromise that were not known until now. We have pieced together the stages that led to the original compromise, provid
Posted on Monday, April 1, 2024. Updated Wednesday, April 3, 2024. Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership. Using that access, they installed a very subtle, carefully hidden backdoor into liblzma, a part of xz that also happens to be a d
Assessing Claude Mythos Preview’s cybersecurity capabilities April 7, 2026 Nicholas Carlini, Newton Cheng, Keane Lucas, Michael Moore, Milad Nasr, Vinay Prabhushankar, Winnie Xiao Hakeem Angulu, Evyatar Ben Asher, Jackie Bow, Keir Bradwell, Ben Buchanan, David Forsythe, Daniel Freeman, Alex Gaynor, Xinyang Ge, Logan Graham, Kyla Guru, Hasnain Lakhani, Matt McNiece, Mojtaba Mehrara, Renee Nichol, A
Rewriting the Ruby parser
At Shopify, we have spent the last year writing a new Ruby parser, which we’ve called YARP (Yet Another Ruby Parser). As of the date of this post, YARP can parse a semantically equivalent syntax tree to Ruby 3.3 on every Ruby file in Shopify’s main codebase, GitHub’s main codebase, CRuby, and the 100 most popular gems downloaded from rubygems.org. We recently got approval to merge this work into C
Programming is an iterative process. As much as we would like to come up with the perfect solution from the start, it rarely works that way. Good programs often begin as quick prototypes. While many experiments remain prototypes, the best programs can evolve into production code. Whether you’re writing games, CLI tools, or designing library APIs, prototyping helps tremendously in finding the best
Dark Side of DevOps
Transcript Protsenko: My name is Mykyta. I work at Netflix. My job is basically making sure that other developers don't have to stay at work late. I call it a win when they can leave at 5 p.m., and still be productive. I work in the platform organization, namely in productivity engineering, where we try to abstract toil away for the rest of engineers. Where we try to make sure that the engineers c
Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps
Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story. The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depen
The SaaS CTO Security Checklist Redux - Gold Fig — Peace of mind for infrastructure teams
Doing the basics goes a long way in keeping your company and product secure. This third1 edition of the SaaS CTO Security Checklist provides actionable security best practices CTOs (or anyone for that matter) can use to harden their security. This list is far from exhaustive, incomplete by nature since the security you need depends on your company, product, and assets. 🚀 Your employees Accustom e
TL;DR; We are changing std::sort in LLVM’s libcxx. That’s a long story of what it took us to get there and all possible consequences, bugs you might encounter with examples from open source. We provide some benchmarks, perspective, why we did this in the first place and what it cost us with exciting ideas from Hyrum’s Law to reinforcement learning. All changes went into open source and thus I can
An interface is not an interface - Recent thoughts about clean coding - Spacely Tech Blog
Introduction Recently I've had to work on code which seemed to be based on clean architecture, but after a while I concluded that it is probably not and it made me think about clean coding in general and the principles of clean architecture in particular. Is it about a set of rules, and we are guaranteed to achieve cleanness as long as we follow them? Or is it about abstract principles, which we c
Lately I've been spending quite a bit of time learning Rust, and as any sane person would do, after writing a few 100 lines programs I've decided to take on something a little bit more ambitious: I have written a (toy) Java Virtual Machine in Rust. 🎉 With a lot of originality, I have called it rjvm. The code is available on GitHub. I want to stress that this is a toy JVM, built for learning purpo
🚧 Pardon our dust while we transition our blog to our new website. Go 1.18 is here, and with it, the first release of the long-awaited implementation of Generics is finally ready for production usage. Generics are a frequently requested feature that has been highly contentious throughout the Go community. On the one side, vocal detractors worry about the added complexity. They fear the inescapabl
One Billion Row Challenge in Golang - From 95s to 1.96s Renato Pereira Mar 18, 2024 Introduction The One Billion Row Challenge (1BRC) is quite simple: the task is developing a program capable of read a file with 1 billion lines, aggregating the information contained in each line, and print a report with the result. Each line within the file contains a weather station name and a temperature reading
ThumbHash: A very compact representation of an image placeholder
A very compact representation of an image placeholder. Store it inline with your data and show it while the real image is loading for a smoother loading experience. It's similar to BlurHash but with the following advantages: Encodes more detail in the same space Also encodes the aspect ratio Gives more accurate colors Supports images with alpha Despite doing all of these additional things, the cod
CUPID: for joyful coding
What started as lighthearted iconoclasm, poking at the bear of SOLID, has developed into something more concrete and tangible. If I do not think the SOLID principles are useful these days, then what would I replace them with? Can any set of principles hold for all software? What do we even mean by principles? I believe that there are properties or characteristics of software that make it a joy to
Golang Mini Reference 2022: A Quick Guide to the Modern Go Programming Language (REVIEW COPY)
Golang Mini Reference 2022 A Quick Guide to the Modern Go Programming Language (REVIEW COPY) Harry Yoon Version 0.9.0, 2022-08-24 REVIEW COPY This is review copy, not to be shared or distributed to others. Please forward any feedback or comments to the author. • feedback@codingbookspress.com The book is tentatively scheduled to be published on September 14th, 2022. We hope that when the release da
Weird Lexical Syntax
I just learned 42 programming languages this month to build a new syntax highlighter for llamafile. I feel like I'm up to my eyeballs in programming languages right now. Now that it's halloween, I thought I'd share some of the spookiest most surprising syntax I've seen. The languages I decided to support are Ada, Assembly, BASIC, C, C#, C++, COBOL, CSS, D, FORTH, FORTRAN, Go, Haskell, HTML, Java,
This blog post hopes to convince you that Python is a compiled language. And by “Python”, I don’t mean alternate versions of Python like PyPy, Mypyc, Numba, Cinder, or even Python-like programming languages like Cython, Codon, Mojo1—I mean the regular Python: CPython! The Python that is probably installed on your computer right now. The Python that you got when you searched “python” on Google and
On Friday January 21, 2022 I received this email. I tweeted about it and it took off like crazy. The email comes from a fortune-500 multi-billion dollar company that apparently might be using a product that contains my code, or maybe they have customers who do. Who knows? My guess is that they do this for some compliance reasons and they “forgot” that their open source components are not automatic
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Databases in 2025: A Year in Review
Rust concepts I wish I learned earlier
neue cc - Claudia - Anthropic ClaudeのC# SDKと現代的なC#によるウェブAPIクライアントの作り方
OOP: the worst thing that happened to programming
Just make it scale: An Aurora DSQL story
Stop saying Rust is Complicated
Functional programming is finally going mainstream
research!rsc: Timeline of the xz open source attack
Claude Mythos Preview \ red.anthropic.com
Prototyping in Rust | corrode Rust Consulting
Changing std::sort at Google’s Scale and Beyond
I have written a JVM in Rust
Generics can make your Go code slower
One Billion Row Challenge in Golang - From 95s to 1.96s
Python is a Compiled Language
LogJ4 Security Inquiry – Response Required