はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
GraphQL is an incredible piece of technology that has captured a lot of mindshare since I first started slinging it in production in 2018. You won’t have to look far back on this (rather inactive) blog to see I have previously championed this technology. After building many a React SPA on top of a hodge podge of untyped JSON REST APIs, I found GraphQL a breath of fresh air. I was truly a GraphQL h
Developers are increasingly relying on AI coding assistants to accelerate our daily workflows. These tools can autocomplete functions, suggest bug fixes, and even generate entire modules or MVPs. Yet, as many of us have learned, the quality of the AI’s output depends largely on the quality of the prompt you provide. In other words, prompt engineering has become an essential skill. A poorly phrased
AI関連、競合は現れども、性能的にやはりOpenAI一強なのかなぁというところに現れたAnthropic Claude 3は、確かに明らかに性能がいい、GPT-4を凌駕している……!というわけで大いに気に入った(ついでに最近のOpenAIのムーブが気に入らない)ので、C#で使い倒していきたい!そこで、まずはSDKがないので非公式SDKを作りました。こないだまでプレビュー版を流していたのですが、今回v1.0.0として出します。ライブラリ名は、Claudeだから、Claudiaです!.NET全般で使えるのと、Unity(Runtime/Editor双方)でも動作確認をしているので、アイディア次第で色々活用できると思います。 GitHub - Cysharp/Claudia 今回のSDKを作るにあたっての設計指針の一番目は、公式のPython SDKやTypeScript SDKと限りなく似せる
【全2回】AWS Lambda x FastAPIによるPythonモダンAPI開発のすゝめ 2 - RAKSUL TechBlog
はじめに 対象読者 あまり説明しないこと 前提とするバージョン 参考となるレポジトリ 3. アーキテキチャ及びディレクトリ構造 オニオンアーキテクチャを採用 オニオンアーキテクチャとは 誕生の背景 依存関係逆転の原則の活用 採用理由 参考になった記事 ディレクトリ構造 全体の構成 api schema apiとusecaseの間のデータ構造を提供する役割 schemaはパスオペレーション関数のリクエストとレスポンスの構造を提供する役割 usecase domain infrastructure core container_config exception 参考にしたもの まとめ はじめに ラクスルグループのノバセルで新卒2年目のエンジニアをしています田村(tamtam)です。 第1回では、AWS Lambda x FastAPIによるPythonモダンAPI開発を実現する上で役立つであろ
ChatGPT風の画面を表示できるChatbot UIをFastAPIで作成した自作LangChainサーバに接続させる方法|mah_lab / 西見 公宏
ChatGPT風の画面を表示するOSSがいくつか出てきている中で、コードの読みやすさと操作性を比較した上でオススメしたいのが、Next.jsで書かれているChatbot UIというOSSだ。 ローカルでサクッと起動ができ、立ち上がるとこんな画面が表示される。 ChatGPTの画面とうり二つOpenAIのAPI Keyを入力すれば簡単にOpenAIのチャットモデルと接続される。API接続のChatGPTなので、本家のChatGPTよりはやりとりできる文字量が制限されるものの、本家のChatGPTではセンシティブな情報を扱うことができないため、API接続のUIにも価値はある。 ところでこのChatbot UI、ソースコードを読んでみると環境変数でAPI接続先を差し替えることができるようになっている。process.env.OPENAI_API_HOSTの部分だ。 utils/app/const
Internet Engineering Task Force (IETF) K. Davis Request for Comments: 9562 Cisco Systems Obsoletes: 4122 B. Peabody Category: Standards Track Uncloud ISSN: 2070-1721 P. Leach University of Washington May 2024 Universally Unique IDentifiers (UUIDs) Abstract This specification defines UUIDs (Universally Unique IDentifiers) -- also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform Resou
Version 1.108 is now available! Read about the new features and fixes from December. Release date: June 12, 2025 Security update: The following extension has security updates: ms-python.python. Update 1.101.1: The update addresses these issues. Update 1.101.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome t
Syntax Highlighting in Hand-Coded Websites The problem I have been trying to identify practical reasons why hand-coding websites with HTML and CSS is so hard (by hand-coding, I mean not relying on frameworks, generators or 3rd party scripts that modify the DOM). Let's say, I want to make a blog. What are the actual things that prevent me from making—and maintaining—it by hand? What would it take t
Over the course of my Spring 2020 semester at Harvey Mudd College, I developed a self-hosting compiler entirely from scratch. This article walks through many interesting parts of the project. It’s laid out so you can just read from beginning to end, but if you’re more interested in a particular topic, feel free to jump there. Or, take a look at the project on GitHub. Table of contents What the pro
Patterns for Building LLM-based Systems & Products [ llm engineering production 🔥 ] · 66 min read Discussions on HackerNews, Twitter, and LinkedIn “There is a large class of problems that are easy to imagine and build demos for, but extremely hard to make products out of. For example, self-driving: It’s easy to demo a car self-driving around a block, but making it into a product takes a decade.”
2025-05-06, Version 24.0.0 (Current), @RafaelGSS and @juanarbol We’re excited to announce the release of Node.js 24! This release brings several significant updates, including the upgrade of the V8 JavaScript engine to version 13.6 and npm to version 11. Starting with Node.js 24, support for MSVC has been removed, and ClangCL is now required to compile Node.js on Windows. The AsyncLocalStorage API
JavaScript needs more helper functions for iteration (map, filter, etc.) – where should we put them?
JavaScript needs more helper functions for iteration (map, filter, etc.) – where should we put them? Iteration is a standard that connects operations with data containers: Each operation that follows this standard, can be applied to each data container that implements this standard. In this blog post: We first explore three questions: How does JavaScript’s iteration work? What are its quirks? What
Real-world gen AI use cases from the world's leading organizations | Google Cloud Blog
AI is here, AI is everywhere: Top companies, governments, researchers, and startups are already enhancing their work with Google's AI solutions. Published April 12, 2024; last updated October 9, 2025. Automotive & Logistics Business & Professional Services Financial Services Healthcare & Life Sciences Hospitality & Travel Manufacturing, Industrial & Electronics Media, Marketing & Gaming Public Sec
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
This article was discussed on Hacker News. This is a continuation of my last post on how to write a tree-sitter grammar in an afternoon. Building on the grammar we wrote, now we’re going to write a linter for Imp, and it’s even easier! The final result clocks in less than 60 SLOC and can be found here. Recall that tree-sitter is an incremental parser generator. That is, you give it a description o
Shai Hulud Strikes Again (v2)Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected. Update: November 26, 2025 PostHog has published a detailed post mortem describing how one of its GitHub Actions workflows was abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that modified a script executed via pull_requ
Transformer models: an introduction and catalog — 2023 Edition January 16, 2023 52 minute read This post is now an ArXiV paper that you can print and cite. Update 05/2023 Another pretty large update after 4 months. I was invited to submit the article to a journal, so I decided to enlist some help from some LinkedIn colleages and completely revamp it. First off, we added a whole lot of new models,
This article is a translation, the original version is available here. I started using the OCaml language regularly around 2012, and since then, my interest and enthusiasm for this language have only grown. It has become my preferred choice for almost all my personal projects, and it has also influenced my professional choices. Since 2014, I have been actively participating in public conferences d
Deconstructing prompt-based meta-tool architecture and context injection patterns for AI engineering - Claude’s Agent Skills system represents a sophisticated prompt-based meta-tool architecture that extends LLM capabilities through specialized instruction injection. Unlike traditional function calling or code execution, skills operate through prompt expansion and context modification to modify ho
Introduction: Density Is King (With a Tiny VM) I've previously come to the conclusion that there's little reason for using bytecode in the modern world, except in order to get more compact code, for which it can be very effective. So, what kind of a bytecode engine will give you more compact code? Suppose I want a bytecode interpreter for a very small programming environment, specifically to minim
C interpreters are a common language implementation technique and the basis for the reference implementations of languages such as Lua, Ruby, and Python. Unfortunately, C interpreters are slow, especially compared to language implementations powered by JIT compilers. In this post I’m going to show that it is possible to take C interpreters and, by changing a tiny proportion of code, automatically
An AI-native software engineer is one who deeply integrates AI into their daily workflow, treating it as a partner to amplify their abilities. This requires a fundamental mindset shift. Instead of thinking “AI might replace me” an AI-native engineer asks for every task: “Could AI help me do this faster, better, or differently?”. The mindset is optimistic and proactive - you see AI as a multiplier
比較1Pythonの代表的な表記方法、リスト内包表記を例にして偶数だけ2乗にするコードはこんな風に書く # Python squares = [x**2 for x in a if x % 2 == 0]Rubyで同じことをするには # Ruby squares = a.select { |x| x.even? }.map { |x| x**2 } # または squares = a.filter_map { |x| x**2 if x.even? }こういうコードを書く 比較2Pythonでは複雑な内包表記になる場合はジェネレーターを使う。下記はEffective Pythonより引用。 #python ジェネレータ式は () で囲んだリスト内包表記のような構文で生成します。以下のコードは、ファイ ルを読み込んで各行ごとの文字数を返す機能をジェネレータ式で実装したものです。ジェネレータ式
Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary. Support lifespan
I find blockchain fascinating because it extends open source software development to open source + state. This seems to be a genuine/exciting innovation in computing paradigms; We don’t just get to share code, we get to share a running computer, and anyone anywhere can use it in an open and permissionless manner. The seeds of this revolution arguably began with Bitcoin, so I became curious to dril
LambdaLisp - A Lisp Interpreter That Runs on Lambda Calculus
LambdaLisp is a Lisp interpreter written as an untyped lambda calculus term. The input and output text is encoded into closed lambda terms using the Mogensen-Scott encoding, so the entire computation process solely consists of the beta-reduction of lambda calculus terms. When run on a lambda calculus interpreter that runs on the terminal, it presents a REPL where you can interactively define and e
Update 1.90.2: The update addresses these issues. Update 1.90.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the May 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Editor tabs multi-select - Select and perform act
How I hacked SONOS and YouTube the same day Or how to play YouTube videos on you SONOS, easy and for free. SONOS is a brand of connected speakers that allow users on the network listen to music that they can choose using the SONOS specific Android / iOS application, or 3d party services with monthly subscription like Deezer / Spotify / YouTube Music from their local network. SONOS has been growing
v2022: Austin Huang, Suraj Subramanian, Jonathan Sum, Khalid Almubarak, and Stella Biderman. Original: Sasha Rush. The Transformer has been on a lot of people’s minds over the last year five years. This post presents an annotated version of the paper in the form of a line-by-line implementation. It reorders and deletes some sections from the original paper and adds comments throughout. This docume
Update 2022-12-15: New section “How will this proposal affect future JavaScript APIs?” In this blog post, we look at the ECMAScript proposal “Iterator helpers” by Gus Caplan, Michael Ficarra, Adam Vandolder, Jason Orendorff, Kevin Gibbons, and Yulia Startsev. It introduces utility methods for working with iterable data: .map(), .filter(), .take(), etc. The style of the proposed API clashes with th
Agentic Context Engineering: Evolving Contexts for Self-Improving Language Models Qizheng Zhang 1∗ Changran Hu 2∗ Shubhangi Upasani 2 Boyuan Ma 2 Fenglu Hong 2 Vamsidhar Kamanuru 2 Jay Rainton 2 Chen Wu 2 Mengmeng Ji 2 Hanchen Li 3 Urmish Thakker 2 James Zou 1 Kunle Olukotun 1 1 Stanford University 2 SambaNova Systems, Inc. 3 UC Berkeley ∗ equal contribution # qizhengz@stanford.edu, changran.hu@sa
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
[Simon Tatham, initial version 2023-09-01, last updated 2025-03-25] [Coroutines trilogy: C preprocessor | C++20 native | general philosophy ] Introduction Why I’m so enthusiastic about coroutines The objective view: what makes them useful? Versus explicit state machines Versus conventional threads The subjective view: why do I like them so much? “Teach the student when the student is ready” They s
Node.js
Notable Changes [5e99598639] - assert: deprecate CallTracker (Moshe Atlow) #47740 [2d97c89c6f] - crypto: update root certificates to NSS 3.89 (Node.js GitHub Bot) #47659 [ce8820e292] - (SEMVER-MINOR) dns: expose getDefaultResultOrder (btea) #46973 [9d30f469aa] - doc: add KhafraDev to collaborators (Matthew Aitken) #47510 [439ea47a77] - (SEMVER-MINOR) fs: add recursive option to readdir and opendir
In Data Science, we primarily use Python as a programming language to perform operations on the available datasets. This article will discuss concepts and details for using Pythons to simplify data operations in data science. Pros and Cons of Python for Data OperationsEven though the pros outweigh the cons, it is crucial to look at both aspects. So, let’s have a look at the advantages and limitati
Improving Diffusers Package for High-Quality Image Generation | Towards Data Science
Overcoming token size limitations, custom model loading, LoRa support, textual inversion support, and more Stable Diffusion WebUI from AUTOMATIC1111 has proven to be a powerful tool for generating high-quality images using the Diffusion model. However, while the WebUI is easy to use, data scientists, machine learning engineers, and researchers often require more control over the image generation p
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Why, after 6 years, I’m over GraphQL
The Prompt Engineering Playbook for Programmers
neue cc - Claudia - Anthropic ClaudeのC# SDKと現代的なC#によるウェブAPIクライアントの作り方
RFC 9562: Universally Unique IDentifiers (UUIDs)
May 2025 (version 1.101)
Font with Built-In Syntax Highlighting
Kalyn: a self-hosting compiler for x86-64
Patterns for Building LLM-based Systems & Products
Node.js — Node.js 24.0.0 (Current)
0.10.0 Release Notes ⚡ The Zig Programming Language
How to write a linter using tree-sitter in an hour
Shai Hulud Strikes Again (v2) - Socket
Transformer models: an introduction and catalog — 2023 Edition
xvw.lol - Why I chose OCaml as my primary language
Claude Agent Skills: A First Principles Deep Dive
bytecode interpreters for tiny computers ⁑ Dercuano
Laurence Tratt: Retrofitting JIT Compilers into C Interpreters
The AI-Native Software Engineer
Pythonが本当に分かりやすい言語かRubyと比較してみる。|Hiroaki Satou
Ubuntu 24.04 LTS (Noble Numbat) Release Notes
A from-scratch tour of Bitcoin in Python
May 2024 (version 1.90)
How I hacked SONOS and YouTube the same day
The Annotated Transformer
ECMAScript proposal: iterator helpers
Agentic Context Engineering: Evolving Contexts for Self-Improving Language Models
Philosophy of coroutines
Using Python to Simplify Data Operations in Data Science