はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
Rust Is Eating JavaScript 2021 (updated 2026) – Lee Robinson Rust is a fast, reliable, and memory-efficient programming language. It’s been voted the most admired programming language for a decade1. Created by Mozilla, it’s now used at Meta, Apple, Amazon, Microsoft, and Google for systems infrastructure, encryption, virtualization, and more low-level programming. Why is Rust now being used to rep
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
プロと読み解くRuby 3.4 NEWS テクノロジー部門技術基盤グループの笹田(ko1)と遠藤(mame)です。Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、恒例のクリスマスリリースとして、Ruby 3.4.0 がリリースされました(Ruby 3.4.0 リリース )。今年も STORES Product Blog にて Ruby 3.4 の NEWS.md ファイルの解説をします(ちなみに、STORES Advent Calendar 2024 の記事になります。他も読んでね)。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
こんにちは、CTOの森です。iimonは今回が初のアドベントカレンダー参加です! 本記事はiimonアドベントカレンダー1日目の記事となります。 はじめに 検証した環境 MySQL/mecabのインストール 大量のデータを入れる 1レコードのINSERTにかかった時間 検索してみる 検索文字列が「出来事」の場合 インデックスなし N-gram(bi-gram) IN NATURAL LANGUAGE MODE IN BOOLEAN MODE MeCab IN NATURAL LANGUAGE MODE IN BOOLEAN MODE 検索文字列が「チューリングはロンドンのリッチモンドに住み」の場合 まとめ 参照したサイト 最後に はじめに 今回はMySQLで全文検索機能を使う際のパフォーマンスについて書こうと思います! 全文検索をちゃんと使うのであればElasticsearchやSolrな
Flutterアプリの定期リリースを支える自動化 - Fast DOCTOR Technologies TECH BLOG
本稿では、ファストドクターのモバイルアプリのリリースフローを整備した取り組みについてご紹介します。 モチベーション ファストドクターのモバイルアプリは、2022年夏にFlutterでのフルリプレースを実施し、それ以降は機能の開発が完了次第随時リリースをするという戦略を取っていました。 この戦略はシンプルであり、開発に関わっているステークホルダーが少ない状況下でうまく機能していました。しかし、組織の拡大に伴い以下のような問題が発生するようになりました。 複数機能の開発スケジュールの調整をしたり、バックエンドのリリース・QAとの整合性を取ったりという必要性が増し、調整コストが肥大化 リリースが不定期なため、いつPull Requestをマージすれば良いか分からずopenされたままのPull Requestが多数 この状況を改善するために、以下の要件を念頭に定期的なリリースとそれを支える仕組みを
2025: The year in LLMs
31st December 2025 This is the third in my annual series reviewing everything that happened in the LLM space over the past 12 months. For previous years see Stuff we figured out about AI in 2023 and Things we learned about LLMs in 2024. It’s been a year filled with a lot of different trends. The year of “reasoning” The year of agents The year of coding agents and Claude Code The year of LLMs on th
written by Ruud van Asseldonk published 11 January 2023 For a data format, yaml is extremely complicated. It aims to be a human-friendly format, but in striving for that it introduces so much complexity, that I would argue it achieves the opposite result. Yaml is full of footguns and its friendliness is deceptive. In this post I want to demonstrate this through an example. This post is a rant, and
","chat_template":[{"name":"default","template":"{{ bos_token }}{% if messages[0]['role'] == 'system' %}{% set loop_messages = messages[1:] %}{% set system_message = messages[0]['content'] %}{% elif false == true %}{% set loop_messages = messages %}{% set system_message = 'You are Command-R, a brilliant, sophisticated, AI-assistant trained to assist human users by providing thorough responses. You
Weird Lexical Syntax
I just learned 42 programming languages this month to build a new syntax highlighter for llamafile. I feel like I'm up to my eyeballs in programming languages right now. Now that it's halloween, I thought I'd share some of the spookiest most surprising syntax I've seen. The languages I decided to support are Ada, Assembly, BASIC, C, C#, C++, COBOL, CSS, D, FORTH, FORTRAN, Go, Haskell, HTML, Java,
AST vs. Bytecode: Interpreters in the Age of Meta-Compilation
233 AST vs. Bytecode: Interpreters in the Age of Meta-Compilation OCTAVE LAROSE, University of Kent, UK SOPHIE KALEBA, University of Kent, UK HUMPHREY BURCHELL, University of Kent, UK STEFAN MARR, University of Kent, UK Thanks to partial evaluation and meta-tracing, it became practical to build language implementations that reach state-of-the-art peak performance by implementing only an interprete
Syntax Highlighting in Hand-Coded Websites The problem I have been trying to identify practical reasons why hand-coding websites with HTML and CSS is so hard (by hand-coding, I mean not relying on frameworks, generators or 3rd party scripts that modify the DOM). Let's say, I want to make a blog. What are the actual things that prevent me from making—and maintaining—it by hand? What would it take t
Parsing SQL - Strumenta
The code for this tutorial is on GitHub: parsing-sql SQL is a language to handle data in a relational database. If you worked with data you have probably worked with SQL. In this article we will talk about parsing SQL. It is in the same league of HTML: maybe you never learned it formally but you kind of know how to use it. That is great because if you know SQL, you know how to handle data. However
2025-05-06, Version 24.0.0 (Current), @RafaelGSS and @juanarbol We’re excited to announce the release of Node.js 24! This release brings several significant updates, including the upgrade of the V8 JavaScript engine to version 13.6 and npm to version 11. Starting with Node.js 24, support for MSVC has been removed, and ClangCL is now required to compile Node.js on Windows. The AsyncLocalStorage API
KDL is a small, pleasant document language with XML-like node semantics that looks like you're invoking a bunch of CLI commands! It's meant to be used both as a serialization format and a configuration language, much like JSON, YAML, or XML. It looks like this: package { name my-pkg version "1.2.3" dependencies { // Nodes can have standalone values as well as // key/value pairs. lodash "^3.2.1" op
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
JSer.info #584 - Deno 1.20がリリースされました。 Deno 1.20 Release Notes V8とRust間のOpコードの最適化をしてパフォーマンスの改善されています。 リクエストのAccept-Encodingヘッダを見て自動的にHTTP Response Bodyを圧縮するように変更されています。 また、deno benchコマンド、deno taskコマンド、deno.jsonがimportMapオプションをサポートしています。 Deno 1.19でDeno testでのリソースリークを検知する仕組みが実装されていましたが、パフォーマンスが悪化する場面がありました。 そのため、Deno 1.20では、deno testに--trace-opsフラグをつけた時のみデバッグ用の詳細な情報を表示するように変更されています。 破壊的な変更として、Workerと
今更ですが今年の2月に spaCy 3.0 が公開されました。 3.0 で導入された新機能の中で目玉と言えるのは、やはり Hugging Face Transformers (以下、単にTransformers) のサポートや PyTorch, Tensorflow との連携になるでしょう。今回はその辺りを実際に学習を動かしながら紹介したいと思います。 1. はじめに 今回は今年の2月に公開された spaCy 3.0 の話です。 spaCy は第4回でも紹介しましたが、研究者向けというよりは自然言語処理アプリ開発者向けのオープンソース自然言語処理ライブラリになります。日本語を含めた様々な言語の学習済みモデルが存在しており、 spaCy をインストールして、学習済みモデルをダウンロードするだけで、分かち書き、品詞や依存関係の推定、単語や文の類似度の判定など様々な機能を使用することができます。
Update 1.86.2: The update addresses these issues. Update 1.86.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Per-window zoom levels - Adjust the zoom leve
はじめての自然言語処理 Hugging Face Transformers で T5 を使ってみる | オブジェクトの広場
前回が分量的にやたらと重かったので、今回はその反省(反動?)を踏まえて軽い感じでいってみます。第7回で紹介した T5 ですが Hugging Face の Transformers でもサポートされてますので、その使用方法をご紹介したいと思います。 1. はじめに 今回は久しぶりに T5 の話です。T5 に関しては第7回、第8回で一度紹介しているので、未読の方は記事に目を通してから戻ってきて頂けると、より理解がしやすいと思います。 さて、 T5 ですが Google のオリジナルコード(以下 “t5"と記述)1は敷居が高いと感じる方もいらっしゃるのではないでしょうか。 Estimator API ベースのコードや gin による設定など慣れていないと、とっつきにくいのではないかと思います。 そこで今回は Hugging Face の Transformers 2を使って T5 を動かす方法
PowerShell: the object-oriented shell you didn’t know you needed | Chris Warrick
PowerShell is an interactive shell and scripting language from Microsoft. It’s object-oriented — and that’s not just a buzzword, that’s a big difference to how the standard Unix shells work. And it is actually usable as an interactive shell. Getting Started PowerShell is so nice, Microsoft made it twice. Specifically, there concurrently exist two products named PowerShell: Windows PowerShell (5.1)
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
This article was discussed on Hacker News. This is a continuation of my last post on how to write a tree-sitter grammar in an afternoon. Building on the grammar we wrote, now we’re going to write a linter for Imp, and it’s even easier! The final result clocks in less than 60 SLOC and can be found here. Recall that tree-sitter is an incremental parser generator. That is, you give it a description o
Shai Hulud Strikes Again (v2)Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected. Update: November 26, 2025 PostHog has published a detailed post mortem describing how one of its GitHub Actions workflows was abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that modified a script executed via pull_requ
GitHub Pull Requests Version 0.100.0 of the GitHub Pull Requests extension adds Copilot integration: Use the @githubpr chat participant in the Chat view to search for issues, summarize issues/prs, and suggest fixes for issues. @githubpr uses a number of Language Model tools to accomplish this. There's also a new Notifications view that shows GitHub notifications, with an action to prioritize them
Explicit Resource Management: Exploring JavaScript's and TypeScript's new feature | iliazeus
One of my favorite new features of JavaScript and TypeScript is explicit resource management. It brings new syntax, using foobar = ..., that enables RAII, reducing boilerplate when managing the lifecycle of various resources. In this article, I will explore this feature as implemented in TypeScript 5.2.0 with the disposablestack polyfill. I will mention both sync and async resources, DisposableSta
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
Introduction Some part of me has always been fascinated with coercing code to run in weird places. I scratch this itch a lot with my security research projects. These often lead me to writing shellcode to run in kernels or embedded hardware, sometimes with the only way being through an existing bug. For those not familiar, shellcode is honestly hard to describe. I don’t know if there’s a very form
Let’s Write a Tree-Sitter Major Mode Creating a standard programming major mode presents significant challenges, with the intricate tasks of establishing proper indentation and font highlighting being among the two hardest things to get right. It's painstaking work, and it'll quickly descend into a brawl between the font lock engine and your desire for correctness. Tree-sitter makes writing many m
Update 1.60.1: The update addresses these issues. Update 1.60.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2021 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: Automatic language detection - Programming l
Awesome Terraform | Curated list of awesome lists | Project-Awesome.org
A curated list of resources on HashiCorp's Terraform. Your contributions are welcome! Terraform enables you to safely and predictably create, change, and improve production infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned. Contents Legend Official Resources Com
21st October 2024 I’m a huge fan of Claude’s Artifacts feature, which lets you prompt Claude to create an interactive Single Page App (using HTML, CSS and JavaScript) and then view the result directly in the Claude interface, iterating on it further with the bot and then, if you like, copying out the resulting code. I was digging around in my Claude activity export (I built a claude-to-sqlite tool
Python behind the scenes #11: how the Python import system works
If you ask me to name the most misunderstood aspect of Python, I will answer without a second thought: the Python import system. Just remember how many times you used relative imports and got something like ImportError: attempted relative import with no known parent package; or tried to figure out how to structure a project so that all the imports work correctly; or hacked sys.path when you couldn
今回は Transformer 系のモデル、具体的には BERT, T5, GPT の推論を高速化してみます。高速化手法として FasterTransformer, Torch-TensorRT, AWS Neuron を用い、素 の transfomers に比べ、どの程度速くなるか(ならないか)、利点・欠点を確認してみましょう。 1. はじめに 今回は Transformer 系のモデル、具体的には BERT, T5, GPT の推論を様々な技術を使って高速化してみます。 高速化の元ネタは Hugging Face の transformers1 縛りとして、素の transformers で推論する場合に比べ、 どの程度速くなるか(ならないか)見てみましょう。 推論を高速化する技術としては FasterTransfomer2, Torch-TensorRT3, AWS Neuron(
How we built a VS Code extension with Rust, WebAssembly, and TypeScript
How we built a VS Code extension with Rust, WebAssembly, and TypeScript We build Oso, a batteries-included framework for building authorization in your application. At the core of Oso is Polar, a declarative language for writing authorization policies. While someday we’ll release a feature that lets a fully-sentient Oso write your authorization policy for you, in the interim we thought it would be
An AI-native software engineer is one who deeply integrates AI into their daily workflow, treating it as a partner to amplify their abilities. This requires a fundamental mindset shift. Instead of thinking “AI might replace me” an AI-native engineer asks for every task: “Could AI help me do this faster, better, or differently?”. The mindset is optimistic and proactive - you see AI as a multiplier
Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS Domains
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised It's another Monday morning, sitting down at the computer. And I see a stack of alerts from the last hour of packages showing signs of malware in our triage queue. Having not yet finished my first cup of coffee, I see Shai Hulud indicators. Yikes, surely that's a false positive? Nope, welcome to Mon
Why DuckDB
There are many database management systems (DBMS) out there. But there is no one-size-fits-all database system. All take different trade-offs to better adjust to specific use cases. DuckDB is no different. Here, we try to explain what goals DuckDB has and why and how we try to achieve those goals through technical means. To start with, DuckDB is a relational (table-oriented) DBMS that supports the
Web scraping is the process of downloading data from a public website. For example, you could scrape ESPN for stats of baseball players and build a model to predict a team’s odds of winning based on their players stats and win rates. Below are a few use-cases for web scraping. Monitoring the prices of your competitors for price matching (competitive pricing). Collecting statistics from various web
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Rust Is Eating JavaScript | Lee Robinson
プロと読み解くRuby 3.4 NEWS - STORES Product Blog
MySQLで全文検索機能を使う際のパフォーマンスについて調査してみた - iimon TECH BLOG
The yaml document from hell
CohereLabs/c4ai-command-r-plus · Hugging Face
Font with Built-In Syntax Highlighting
Node.js — Node.js 24.0.0 (Current)
The KDL Document Language
0.8.0 Release Notes ⚡ The Zig Programming Language
2022-03-24のJS: Deno 1.20、Faker v6.0.0、Next.jsのアップデート
はじめての自然言語処理 spaCy 3.0 で Transformer を利用する | オブジェクトの広場
January 2024 (version 1.86)
0.10.0 Release Notes ⚡ The Zig Programming Language
How to write a linter using tree-sitter in an hour
Shai Hulud Strikes Again (v2) - Socket
October 2024 (version 1.95)
prompts.chat - AI Prompts Community
Rust on MIPS64 Windows NT 4.0
Let's Write a Tree-Sitter Major Mode
August 2021 (version 1.60)
Everything I built with Claude Artifacts this week
はじめての自然言語処理 Transformer 系モデルの推論高速化の検証 | オブジェクトの広場
The AI-Native Software Engineer
How to Crawl the Web with Scrapy