はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
MySQL のインデクスが利用されないクエリ等を自動検出する ExplainPolice の運用について
LINE株式会社は、2023年10月1日にLINEヤフー株式会社になりました。LINEヤフー株式会社の新しいブログはこちらです。 LINEヤフー Tech Blog LINE 株式会社 B2B Platform 開発担当フェローの Matsuno です。 LINE の Business Platform ではメインのデータベースとして MySQL を利用しています。MySQL は非常に高速に動く OSS の RDBMS なので、とても便利に利用させていただいております。 MySQL はとても高速なのですが、うっかり index を使わないクエリを発行した場合に実行がとても遅くなってしまうことがあります。LINE の Business Platform はとても多くのお客様が利用されるので、B2B としては異例なほどトラフィックが多く、少し遅いクエリが発生した結果としてサイト全体がダウンして
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
BigQueryのアンチパターン認識ツールで独自のSQLリンターを開発しました - ZOZO TECH BLOG
こんにちは、株式会社ZOZOで25卒の内定者アルバイトをしている村井です。この記事では業務で取り組んでいる、BigQueryで使うSQLのリンターの作成方法について紹介します。 目次 目次 課題と解決策 課題 解決策 BigQueryのアンチパターン認識ツール ミニマムな使い方 日本語がSQL内に含まれている際の問題 アンチパターンを定義する リンターとしてBigQueryのアンチパターン認識ツールを使用する際に生じる課題と解決策 構成 APIサーバ化 Chrome拡張 動作例 まとめ 課題と解決策 課題 社内では様々なチームがSQLを書いており、動作はするものの良くない書き方をしている場合があります。そういった構文を検知して、前もって修正する必要があります。 解決策 BigQueryのコンソールで入力されたSQLの不正構文を検知、修正案を提示できるようにしました。 BigQueryのアン
This post is about why we need a coroutine package for Go, and what it would look like. But first, what are coroutines? Every programmer today is familiar with function calls (subroutines): F calls G, which stops F and runs G. G does its work, potentially calling and waiting for other functions, and eventually returns. When G returns, G is gone and F continues running. In this pattern, only one fu
Today we’re excited to announce the release of TypeScript 5.2! If you’re not familiar with TypeScript, it’s a language that builds on top of JavaScript by making it possible to declare and describe types. Writing types in our code allows us to explain intent and have other tools check our code to catch mistakes like typos, issues with null and undefined, and more. Types also power TypeScript’s edi
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
AST vs. Bytecode: Interpreters in the Age of Meta-Compilation
233 AST vs. Bytecode: Interpreters in the Age of Meta-Compilation OCTAVE LAROSE, University of Kent, UK SOPHIE KALEBA, University of Kent, UK HUMPHREY BURCHELL, University of Kent, UK STEFAN MARR, University of Kent, UK Thanks to partial evaluation and meta-tracing, it became practical to build language implementations that reach state-of-the-art peak performance by implementing only an interprete
Today we’re excited to announce our Release Candidate of TypeScript 5.2! Between now and the stable release of TypeScript 5.2, we expect no further changes apart from critical bug fixes. To get started using the RC, you can get it through NuGet, or through npm with the following command: npm install -D typescript@rc Here’s a quick list of what’s new in TypeScript 5.2! using Declarations and Explic
Wasm core dumps and debugging Rust in Cloudflare Workers
Wasm core dumps and debugging Rust in Cloudflare Workers2023-08-14 A clear sign of maturing for any new programming language or environment is how easy and efficient debugging them is. Programming, like any other complex task, involves various challenges and potential pitfalls. Logic errors, off-by-ones, null pointer dereferences, and memory leaks are some examples of things that can make software
Introduction # Over the past years, the adoption of RocksDB increased dramatically. It became a standard for embeddable key-value stores. Today RocksDB runs in production at Meta, Microsoft, Netflix, Uber. At Meta RocksDB serves as a storage engine for the MySQL deployment powering the distributed graph database. Big tech companies are not the only RocksDB users. Several startups were built around
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Summary Introduce virtual threads to the Java Platform. Virtual threads are lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. This is a preview API. Goals Enable server applications written in the simple thread-per-request style to scale with near-optimal hardware utilization. Enable existing code that uses the j
Today we are excited to announce the availability of TypeScript 5.2 Beta. To get started using the beta, you can get it through NuGet, or through npm with the following command: npm install -D typescript@beta Here’s a quick list of what’s new in TypeScript 5.2! using Declarations and Explicit Resource Management Decorator Metadata Named and Anonymous Tuple Elements Easier Method Usage for Unions o
Press Enter, and JHipster will create your app in the current directory and run npm install to install all the dependencies specified in package.json. Verify Everything Works with Cypress and KeycloakWhen you choose OAuth 2.0 and OIDC for authentication, the users are stored outside of the application rather than in it. You need to configure an identity provider (IdP) to store your users and allow
Advent Calendar: OpenTelemetryの計装をやってみた話 - Sansan Tech Blog
こんにちは。技術本部 Bill One Engineering Unit の前田です。現在はSREチームに所属しており、アプリケーションに強いSREといった立ち位置になっています。今回は、私がSREチームに異動してから少しずつ実施した、OpenTelemetryを用いた計装について説明します。 なお、本記事はSansan Advent Calendar 2023の5日目の記事です。 はじめに OpenTelemetryとの出会い 私がSREチームに異動したのは2023年4月で、それまではWebアプリケーション開発をやっていました。当時のSREチームはAPMツールの導入に動いているタイミングであり、チームに入る際、前提知識として『オブザーバビリティ・エンジニアリング』(以降「書籍」と呼称)をお勧めされたことが出会いでした。 www.oreilly.co.jp 一言で言うなら、書籍を読んで私は
research!rsc: Programming Language Memory Models (Memory Models, Part 2)
Programming language memory models answer the question of what behaviors parallel programs can rely on to share memory between their threads. For example, consider this program in a C-like language, where both x and done start out zeroed. // Thread 1 // Thread 2 x = 1; while(done == 0) { /* loop */ } done = 1; print(x); The program attempts to send a message in x from thread 1 to thread 2, using d
July 2, 2025 Volume 23, issue 3 PDF When Is WebAssembly Going to Get DOM Support? Or, how I learned to stop worrying and love glue code Daniel Ehrenberg Is WebAssembly (Wasm) really ready for production usage in web applications, even though that usage requires integration with a web page and the APIs used to manipulate it, such as the DOM? Simultaneously, the answer to this question is that "Wasm
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
For almost a complete decade—starting with discovering Haskell in about 2009 and right up until switching to a job where I used primarily Ruby and C++ in about 2019—I would have called myself first and foremost a Haskell programmer. Not necessarily a dogmatic Haskeller! I was—and still am—proudly a polyglot who bounces between languages depending on the needs of the project. However, Haskell was m
Safer Usage Of C++
Safer Usage Of C++ This document is PUBLIC. Chromium committers can comment on the original doc. If you want to comment but can’t, ping palmer@. Thanks for reading! Google-internal short link: go/safer-cpp Authors/Editors: adetaylor, palmer Contributors: ajgo, danakj, davidben, dcheng, dmitrig, enh, jannh, jdoerrie, joenotcharles, kcc, markbrand, mmoroz, mpdenton, pkasting, rsesek, tsepez, awhalle
CORS is a necessity for many APIs, but basic configurations can create a huge number of extra requests, slowing down every browser API client, and sending unnecessary traffic to your backend. This can be a problem with a traditional API, but becomes a much larger issue with serverless platforms, where your billing is often directly tied to the number of requests received, so this can easily double
Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Update 1.72.1: The update addresses these security issues. Update 1.72.2: The update addresses these issues. Welcome to the September 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Tool bar customization - Hide/show
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.56.1: The update addresses these security issues. Update 1.56.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2021 release of Visual Studio Code. The VS Code team has been busy this month working
Why I avoid async/await
EDIT: I recently turned this article into a talk I gave at UtahJS 2023. It’s also partly a response to some of the reactions I got to this article. In many ways, I feel like I did a bit of a better job with my arguments there than here. Let me know what you think. Whatever your stance on async/await, I’d like to pitch to you on why, in my experience, async/await tends to make code more complicated
React Best Practices – Tips for Writing Better React Code
By Jean-Marc Möckel Two years ago, I started to learn and use React. And today I'm still using it at my day job as a Software Developer and in my own side projects. During that time I've come across a lot of "typical" issues. So I searched around and found some best practices that I've integrated into my workflow, and I've come up with things that have made my life or my team members' lives easier
Slack API入門 -Boltを使ってSlack アプリを開発する- - RAKUS Developers Blog | ラクス エンジニアブログ
こんにちは。楽楽勤怠バックエンドチームのmako_makokです。 皆様はSlack アプリを開発されるときはどうやって開発されていますか? Hubotでしょうか?それともHttp Clientから直で叩いていますか? 今回はSlack APIを簡単に使え、爆速でSlack アプリを開発するためのフレームワークBoltのご紹介をさせていただきます。 Boltとは JavaScript Java Python スラッシュコマンドについて スラッシュコマンドの概要 スラッシュコマンドを登録する Boltを使う Slack API を叩いてみる スラッシュコマンドを作る レシーバーの作成 スラッシュコマンドのアクションを作成する 余談: Block Kit まとめ おまけ 参考 Boltとは Slack APIチーム謹製のSlack API Client + スラッシュコマンド用のレシーバを兼ね
Here is a list of common Android interview questions with detailed answers to help you prepare for the interview as an Android app developer. This article is designed to assist aspiring Android developers with a comprehensive set of interview questions, covering a wide spectrum of areas including basic programming principles, Android-specific components, design patterns, and best practices in mobi
Thanks to my sponsors: Mike English, Anson VanDoren, Malik Bougacha, Antoine Rouaze, Brooke Tilley, Em Sharnoff, kuerbsikakteen, Nicolas Riebesel, Matt Jadczak, Bob Ippolito, Corey Alexander, Simon Menke, Carson Page, Jelle Besseling, Taneli Kaivola, you got maiL, Sean Bryant, Manuel Hutter, Ben Mitchell, Matt Heise and 253 more I still get excited about programming languages. But these days, it’s
Python Interview Questions
Here is a list of common Python interview questions with detailed answers to help you prepare for the interview as a Python developer. Python, with its versatile use cases and straightforward syntax, has seen its popularity growing continuously in software development, data science, artificial intelligence, and many other fields. As such, interviews for Python-related positions are designed not on
Django for Startup Founders: A better software architecture for SaaS startups and consumer apps
In an ideal world, startups would be easy. We'd run our idea by some potential customers, build the product, and then immediately ride that sweet exponential growth curve off into early retirement. Of course it doesn't actually work like that. Not even a little. In real life, even startups that go on to become billion-dollar companies typically go through phases like: Having little or no growth fo
[Simon Tatham, initial version 2023-09-01, last updated 2025-03-25] [Coroutines trilogy: C preprocessor | C++20 native | general philosophy ] Introduction Why I’m so enthusiastic about coroutines The objective view: what makes them useful? Versus explicit state machines Versus conventional threads The subjective view: why do I like them so much? “Teach the student when the student is ready” They s
Clojure's deadly sin
This article is about laziness in Clojure. It is intended to be a comprehensive and objective (however possible) critique of lazy sequences as a feature. In no way do I want this to be a judgment of the decision to make Clojure lazy. Clojure the language is by no means formulaic; creating it involved making a plethora of impactful choices. We can judge by Clojure's longevity that the total package
In Data Science, we primarily use Python as a programming language to perform operations on the available datasets. This article will discuss concepts and details for using Pythons to simplify data operations in data science. Pros and Cons of Python for Data OperationsEven though the pros outweigh the cons, it is crucial to look at both aspects. So, let’s have a look at the advantages and limitati
iOS Interview Questions
Here is a list of common iOS interview questions with detailed answers to help you prepare for the interview as an iOS app developer. As the mobile industry continues to evolve at a rapid pace, so do the expectations for iOS developers in job interviews. These interviews test candidates on a wide array of topics, from the fundamentals of Swift and Objective-C, to the intricacies of the iOS SDK, UI
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
research!rsc: Coroutines for Go
Announcing TypeScript 5.2 - TypeScript
June 2022 (version 1.69)
Announcing TypeScript 5.2 RC - TypeScript
How RocksDB works - Artem Krylysov
0.10.0 Release Notes ⚡ The Zig Programming Language
JEP 425: Virtual Threads (Preview)
Announcing TypeScript 5.2 Beta - TypeScript
Full Stack Java with React, Spring Boot, and JHipster
When Is WebAssembly Going to Get DOM Support? - ACM Queue
What's New in Emacs 28.1?
Leaving Haskell behind
Cache your CORS, for performance & profit
September 2022 (version 1.72)
April 2021 (version 1.56)
Android: Interview Questions and Answers
Some mistakes Rust doesn't catch
Philosophy of coroutines
Using Python to Simplify Data Operations in Data Science