BigQueryのアンチパターン認識ツールで独自のSQLリンターを開発しました - ZOZO TECH BLOG
こんにちは、株式会社ZOZOで25卒の内定者アルバイトをしている村井です。この記事では業務で取り組んでいる、BigQueryで使うSQLのリンターの作成方法について紹介します。 目次 目次 課題と解決策 課題 解決策 BigQueryのアンチパターン認識ツール ミニマムな使い方 日本語がSQL内に含まれている際の問題 アンチパターンを定義する リンターとしてBigQueryのアンチパターン認識ツールを使用する際に生じる課題と解決策 構成 APIサーバ化 Chrome拡張 動作例 まとめ 課題と解決策 課題 社内では様々なチームがSQLを書いており、動作はするものの良くない書き方をしている場合があります。そういった構文を検知して、前もって修正する必要があります。 解決策 BigQueryのコンソールで入力されたSQLの不正構文を検知、修正案を提示できるようにしました。 BigQueryのアン
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
WebKit Features in Safari 16.4
Mar 27, 2023 by Patrick Angle, Marcos Caceres, Razvan Caliman, Jon Davis, Brady Eidson, Timothy Hatcher, Ryosuke Niwa, and Jen Simmons ContentsWeb Push on iOS and iPadOSImprovements for Web AppsWeb ComponentsCSSHTMLJavaScript and WebAssemblyWeb APIImages, Video, and AudioWKWebViewDeveloper ToolingWeb InspectorSafari Web ExtensionsSafari Content BlockersNew Restrictions in Lockdown ModeMore Improve
Building secure web apps using Web Workers | Mercari Engineering
Security is paramount for our users, and we at mercari strive to provide a snappy and safe platform. We recently introduced an additional layer of defence by adding Web Workers to secure the access token. It now protects the users from various kinds of attacks, including token theft from Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), prototype pollution, zero-day npm package vulner
Assessing Claude Mythos Preview’s cybersecurity capabilities April 7, 2026 Nicholas Carlini, Newton Cheng, Keane Lucas, Michael Moore, Milad Nasr, Vinay Prabhushankar, Winnie Xiao Hakeem Angulu, Evyatar Ben Asher, Jackie Bow, Keir Bradwell, Ben Buchanan, David Forsythe, Daniel Freeman, Alex Gaynor, Xinyang Ge, Logan Graham, Kyla Guru, Hasnain Lakhani, Matt McNiece, Mojtaba Mehrara, Renee Nichol, A
WebKit Features in Safari 17.0
Sep 18, 2023 by Jen Simmons and the Safari / WebKit Team Today’s the day for Safari 17.0. It’s now available for iOS 17 and iPadOS 17. [Update September 26th] And now, Safari 17.0 is available for macOS Ventura, and macOS Monterey, and macOS Sonoma. Safari 17.0 is also available in the vision OS Simulator, where you can test your website by downloading the latest beta of Xcode 15, which supports t
Railsとdoorkeeper-openid_connectやOmniAuth を使って、OpenID Connectの OpenID Provider と Relying Party を作ってみた - メモ的な思考的な
OAuth2やOpenID Connectの理解を深めようと思い、 OAuth徹底入門 セキュアな認可システムを適用するための原則と実践(Justin Richer Antonio Sanso 須田 智之 Authlete, Inc.)|翔泳社の本 Auth屋さんの書籍 【電子版】雰囲気でOAuth2.0を使っているエンジニアがOAuth2.0を整理して、手を動かしながら学べる本 - Auth屋 - BOOTH 【電子版】OAuth、OAuth認証、OpenID Connectの違いを整理して理解できる本 - Auth屋 - BOOTH 【電子版】OAuth・OIDCへの攻撃と対策を整理して理解できる本(リダイレクトへの攻撃編 - Auth屋 - BOOTH OAuth認証とは何か?なぜダメなのか - 2020冬 - r-weblife OAuth & OpenID Connect 関連仕
Version 1.108 is now available! Read about the new features and fixes from December. Release date: June 12, 2025 Security update: The following extension has security updates: ms-python.python. Update 1.101.1: The update addresses these issues. Update 1.101.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome t
WebKit Features in Safari 18.0
ContentsNew in Safari 18Web apps for MacCSSSpatial WebHTMLJavaScriptWeb APICanvasManaged Media SourceWebRTCHTTPSWebGLWeb InspectorPasskeysSafari ExtensionsApple PayDeprecationsBug Fixes and moreUpdating to Safari 18.0Feedback Safari 18.0 is here. Along with iOS 18, iPadOS 18, macOS Sequoia and visionOS 2, today is the day another 53 web platform features, as well as 25 deprecations and 209 resolve
Passkeys を完全に理解するために Rails で実装してみた with Remix - STORES Product Blog
この記事は STORES Advent Calendar 2023 22日目の記事です。 こんにちは STORES 予約開発チームでエンジニアリングマネージャーをしています Natsume です。 昨今 Passkeys が各サービスで導入されており、勢いを感じています。 個人では 1Password のパスワードマネージャーを使っており、1Password が Passkeys 対応してから試しています。 Passkeys でのログインは ID/PW/OTP の autofill などに比べて 1step 省略される程度ですが、ログイン体験が良いと思っており、導入されていたらどんどん切り替えています。 ほどんどのサービスでは ID/PW との併用となっているケースが多く、セキュリティ面でのメリットを享受できるのはまだ先になりそうです。 個人的に Passkeys の実際の挙動や導入する時
Feb 11, 2025 RONI CARTA | LUPIN supply chain attack, docker, red team, artifact, bug bounty, pwn Introduction Back in 2021, I was still early in my offensive security journey. I had already hacked several companies and was earning a steady income through Bug Bounty Hunting, an ethical hacking practice where security researchers find and report vulnerabilities for monetary rewards. However, I wasn’
Use Thunder Client and VSCode as an alternative to Postman
Visual Studio Code (VSCode) is a popular code editor that can be used as an alternative to Postman for API testing. With the right extensions, developers can easily create, manage, and test APIs within the VSCode environment. Using Thunder Client with VSCode for API testing can streamline the development workflow and save time by using a single tool for coding and testing, as this article will sho
Jun 6, 2023 by Patrick Angle, Jean-Yves Avenard, Marcos Caceres, Ada Rose Cannon, Eric Carlson, Garrett Davidson, Jon Davis, Karl Dubost, Brady Eidson, Matthew Finkel, Simon Fraser, Brent Fulgham, Rachel Ginsberg, David Johnson, Anne van Kesteren, Mark Lam, Sihui Liu, Justin Michaud, Jer Noble, Tim Nguyen, Ben Nham, Richard Robinson, Michael Saboff, Alexey Shvaika, Jen Simmons, Sam Sneddon, Brando
Jun 10, 2024 by Jen Simmons, Jon Davis, Karl Dubost, Anne van Kesteren, Marcos Cáceres, Ada Rose Canon, Tim Nguyen, Sanjana Aithal, Pascoe, and Garrett Davidson ContentsWebXRCSSWeb apps for MacSafari ExtensionsSpatial mediaHTMLMediaWebRTCPasskeysHTTPSJavaScriptWeb APICanvasWebGLWeb InspectorWKWebViewApple PayDeprecationsBug Fixes and moreHelp us Beta TestFeedback The last year has been a great one
iOS Hacking - A Beginner’s Guide to Hacking iOS Apps [2022 Edition]
My first post will be about iOS Hacking, a topic I’m currently working on, so this will be a kind of gathering of all information I have found in my research. It must be noted that I won’t be using any MacOS tools, since the computer used for this task will be a Linux host, specifically a Debian-based distribution, in this case, Kali Linux. I will also be using ‘checkra1n’ for the device jailbreak
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? はじめに この記事では、Claude Codeを活用してSvelteKit + Hono + Cloudflare構成のモダンなWebアプリケーションを構築した体験を共有します。 開発したHPはこれhttps://elanare.jp/ 会社ブログにはClaude君が質問して僕が答える別バージョンの記事もあります https://elanare.jp/blog/company-blog-launch 挨拶と前提 みなさんこんにちはうつ病で休職中の石橋です 3月から休職していて、6月半ばくらいから1日1時間くらいならPCに向き合って作業で
go command - cmd/go - Go Packages
Go is a tool for managing Go source code. Usage: go <command> [arguments] The commands are: bug start a bug report build compile packages and dependencies clean remove object files and cached files doc show documentation for package or symbol env print Go environment information fix apply fixes suggested by static checkers fmt gofmt (reformat) package sources generate generate Go files by processi
Secure Payment Confirmation
Secure Payment Confirmation W3C Candidate Recommendation Draft, 14 August 2025 More details about this document This version: https://www.w3.org/TR/2025/CRD-secure-payment-confirmation-20250814/ Latest published version: https://www.w3.org/TR/secure-payment-confirmation/ Editor's Draft: https://w3c.github.io/secure-payment-confirmation/ Previous Versions: https://www.w3.org/TR/2025/CRD-secure-paym
Serverless computing has a range of benefits. It means quick and simple deployments with no servers to manage or maintain. It means true scalability, serving a large demand without breaking a sweat if and when you get it. (On the other hand, it also means pay-per-use, so you don’t end up out of pocket on hosting costs if a very large demand never comes). Serverless typically also means low latency
WebKit Features in Safari 26.0
Sep 15, 2025 by Jen Simmons, Saron Yitbarek, Jon Davis, Tim Nguyen, Blaze Burg, Marcos Cáceres, Razvan Caliman, Qianlang Chen, Karl Dubost, Kiet Ho, David Johnson, Aditya Keerthi, Daniel Liu, Keith Miller, Abrar Rahman Protyasha, Richard Robinson, Kiara Rose, Ahmad Saleem, Anne van Kesteren, Brian Weinstein, Eddy Wong, Luming Yin, Brandel Zachernuk ContentsCSSEvery site can be a web app on iOS and
最初に この記事はhey Advent Calendarの2日目です。 STORES 予約 の開発をしているTak-Iwamotoです。 2021/11/27に行われたJSConfでSTORES 予約 を支えるフロントエンドの技術と題して発表しました。 この記事ではその中から抜粋して、 STORES 予約 のフロントエンドを開発する中で踏み抜いてきたアンチパターンと現在のアーキテクチャについて書かせていただきます。 背景 予約チームではオーナーさまが使用する管理画面(STORES 予約)とエンドユーザーが予約するサービス画面(Coubic)の2種類を開発しており、両方Next.jsが採用されています。 Next.jsの導入時期がCoubicの方が古いこともあり、採用しているライブラリは異なります。 踏み抜いたアンチパターンと現在のアーキテクチャ STORES 予約 と Coubic のフロ
OAuth 2.0 Simplified | What is Oauth and How Does it Work | FusionAuth | FusionAuth Docs
OAuth 2.0 Simplified | What is Oauth and How Does it Work | FusionAuthBy Brian Pontarelli, Ahmed Hashesh and Dan Moore I know what you are thinking, is this really another guide to OAuth 2.0? Well, yes and no. This guide is different from most of the others out there because it covers all of the ways that we actually use OAuth. It also covers all of the details you need to be an OAuth expert witho
november 2023. this service has been running for over two years. OpenAI didn’t announce “Verified Organization” requirements until mid-2025. they didn’t publicly require ID verification for advanced model access until GPT-5. but the watchlist screening infrastructure was operational 18 months before any of that was disclosed. we can pinpoint when they started considering going “public” with the co
W3C Workshop on Permissions
Executive Summary Future work should build on the key strengths of the web: safety-by-default, linkability, ephemerality, and interoperability across browsers and platforms. There was significant interest in non-prompt, contextual permission UIs, which are more seamlessly embedded into the user’s journey, and follow the “user-pull” model instead of the “developer-push” model. This approach could a
Axios POST requests: Handling errors, authentication, and best practices - LogRocket Blog
Sending requests to a web server is one of the most commonly performed tasks in frontend development. Creating a Facebook post, uploading a new Instagram image, sending a post on X, or signing up on a website all send requests to a server. Axios is a free and open source promised-based HTTP library that runs both in the browser and Node.js. In this article, you’ll learn how to use the Axios POST m
Account hijacking using "dirty dancing" in sign-in OAuth-flows
Account hijacking using “dirty dancing” in sign-in OAuth-flows Combining response-type switching, invalid state and redirect-uri quirks using OAuth, with third-party javascript-inclusions has multiple vulnerable scenarios where authorization codes or tokens could leak to an attacker. This could be used in attacks for single-click account takeovers. Frans Rosén, Security Advisor at Detectify goes t
PrismaPrisma is an open-source ORM for Node.js and TypeScript. It is used as an alternative to writing plain SQL, or using another database access tool such as SQL query builders (like knex.js) or ORMs (like TypeORM and Sequelize). Prisma currently supports PostgreSQL, MySQL, SQL Server, SQLite, MongoDB and CockroachDB (Preview). While Prisma can be used with plain JavaScript, it embraces TypeScri
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Claude Mythos Preview \ red.anthropic.com
May 2025 (version 1.101)
How We Hacked a Software Supply Chain for $50K
News from WWDC23: WebKit Features in Safari 17 beta
News from WWDC24: WebKit in Safari 18 beta
実録ClaudeCodeで会社HP立ち上げた全部詳細公開 - Qiita
Edge-compatible Serverless Driver for Postgres - Neon
STORES 予約 のReactで踏み抜いたアンチパターンと現在 - STORES Product Blog
the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds
Documentation | NestJS - A progressive Node.js framework