はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
How modern browsers work
Note: For those eager to dive deep into how browsers work, an excellent resource is Browser Engineering by Pavel Panchekha and Chris Harrelson (available at browser.engineering). Please do check it out. This article is an overview of how browsers work. Web developers often treat the browser as a black box that magically transforms HTML, CSS, and JavaScript into interactive web applications. In tru
10億行のデータ処理に学ぶ、Rust/Go 低レイヤ最適化術(@yusuktan)【#も読】 - Findy Media
「あの人も読んでる」略して「も読」。さまざまな寄稿者が最近気になった情報や話題をシェアする企画です。他のテックな人たちがどんな情報を追っているのか、ちょっと覗いてみませんか? みなさんこんにちは。 「あの人も読んでる」、第18回目の投稿です。maguro (X @yusuktan)がお届けします。 今回は、「One Billion Row Challenge(1BRC:10億行のデータ処理チャレンジ)」を取り上げます。 1BRCは、もともとはJavaコミュニティから始まったプログラミングチャレンジで、「10億行のテキストデータ(気象観測所の名前と温度がセミコロン区切りになっている)から、観測所ごとの最小値・最大値・平均値を計算する」という課題です。具体的には、以下のようなデータが入力として与えられます。 Hamburg;12.0 Bulawayo;8.9 Palembang;38.8 Ha
One Billion Row Challenge in Golang - From 95s to 1.96s Renato Pereira Mar 18, 2024 Introduction The One Billion Row Challenge (1BRC) is quite simple: the task is developing a program capable of read a file with 1 billion lines, aggregating the information contained in each line, and print a report with the result. Each line within the file contains a weather station name and a temperature reading
This blog post hopes to convince you that Python is a compiled language. And by “Python”, I don’t mean alternate versions of Python like PyPy, Mypyc, Numba, Cinder, or even Python-like programming languages like Cython, Codon, Mojo1—I mean the regular Python: CPython! The Python that is probably installed on your computer right now. The Python that you got when you searched “python” on Google and
Shai Hulud Strikes Again (v2)Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected. Update: November 26, 2025 PostHog has published a detailed post mortem describing how one of its GitHub Actions workflows was abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that modified a script executed via pull_requ
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability | Microsoft Security Blog
January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only applications that use vulnerable libraries, but also any services that use these applications, so customers may
Introduction This article focuses on tasks that application programmers are likely to encounter, particularly in web applications, such as: Reading and writing text files Reading text, images, JSON from the web Visiting files in a directory Reading a ZIP file Creating a temporary file or directory The Java API supports many other tasks, which are explained in detail in the Java I/O API tutorial. T
Keep Android Open | F-Droid - Free and Open Source Android App Repository
F-Droid is under threat. Google is changing the way you install apps on your device. We need your help. https://keepandroidopen.org/ This Week in F-Droid TWIF curated on Friday, 20 Feb 2026, Week 8 F-Droid core During our talks with F-Droid users at FOSDEM26 we were baffled to learn most were relieved that Google has canceled their plans to lock-down Android. Why baffled? Because no such thing act
Crystal言語作者がRubyを愛する理由(5)標準ライブラリが優秀(翻訳)|TechRacho by BPS株式会社
概要 原著者の許諾を得て翻訳・公開いたします。 英語記事: Why I love Ruby: a great standard library - DEV Community 👩💻👨💻 原文公開日: 2022/03/01 原著者: Ary Borenszweig💻 -- Crystal言語の作者のひとりです 多くのプログラミング言語では、ファイルを読み込んでその内容を一行ずつ処理したいことがよくあります。私がRubyを知った頃のJavaでは、以下のような処理を書かなければならないのが普通でした。 BufferedReader reader; try { reader = new BufferedReader(new FileReader("/path/to/file.txt")); String line; while ((line = reader.readLine())
Python の open 関数と io モジュールをきちんと使うために - 朝日ネット 技術者ブログ
はじめに 開発部の ikasat です。 Python の言語・ライブラリ・処理系はプログラマのタスクを手早く簡単にこなせるようにするために設計されており、数行程度のコードを書いただけでも内部で様々なことをやってくれます。 しかし、この便利さが特定のユースケースにおいては逆にお節介になってしまうこともあり、また内部動作が複雑であることにより挙動を修正する方法も分からなくなりがちです。 特に組み込みの open 関数や標準入出力 (sys.stdin, sys.stdout) はその最たる例であり、UnicodeEncodeError / UnicodeDecodeError や TypeError: a bytes-like object is required は Python を使った人であれば誰もが見たことのあるエラーメッセージでしょう。 私自身これまでこの類のエラーが出た時には検索
What D-Bus is D-Bus serves various purposes aiming to facilitate the cooperation between different processes in the system. This article will describe D-Bus and how it performs this function. From the D-Bus creators definition: D-Bus is a message bus system, a simple way for applications to talk to one another. In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it
Update 1.64.1: The update addresses these security issues. Update 1.64.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2022 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: New Side Panel - Display more view
The UK has used small credit-card sized tickets to pay for train travel for years and years, since long before I was born — originally the APTIS ticket1, which later got replaced by a slightly easier to read version printed onto the same stock. Nowadays, the industry would very much like you to ditch your paper ticket in favour of a fancy mobile barcode one (or an ITSO smartcard2); not only do the
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
One Billion Row Challenge in Golang - From 95s to 1.96s
Python is a Compiled Language
Shai Hulud Strikes Again (v2) - Socket
Common I/O Tasks in Modern Java - Dev.java
D-Bus overview - Fedora Magazine
January 2022 (version 1.64)
Reversing UK mobile rail tickets