サーバーレスのセキュリティリスク - AWS Lambdaにおける脆弱性攻撃と対策 - GMO Flatt Security Blog
はじめに こんにちは、株式会社Flatt Security セキュリティエンジニアの森岡(@scgajge12)です。 本稿では、AWS Lambda で起こりうる脆弱性攻撃やリスク、セキュリティ対策を解説し、サーバーレスにおけるセキュリティリスクについて紹介します。 はじめに AWS Lambda について サーバーレスにおけるセキュリティリスク AWS Lambda で起こりうる脆弱性攻撃 Lambda での脆弱性攻撃によるリスク 脆弱性攻撃による更なるリスク OS Command Injection XML External Entity (XXE) Insecure Deserialization Server Side Request Forgery (SSRF) Remote Code Execution (RCE) AWS Lambda におけるセキュリティ対策 セキュリティ
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
アソビュー! Advent Calendar 2022の2日目(裏面)の記事です。 アソビューでQAをしている渡辺です。 前職ではエンジニア、およびQAをしておりましたが、10月よりアソビューにQAとして入社しました。 今回は、API呼び出しを含むE2Eテストの自動化を、他社ウェブサイトに仕様記載の無料公開APIで試してみた話となります。 アソビューのQAでは、開発スピードと品質向上の両立を図ることを重視しています。 そのためにも、シフトレフトやテスト自動化推進の取り組みは重要です。 現在QAとして参画中のプロジェクトでAPIの外部公開があり、E2EテストとしてAPIを含むテストの自動化はこれまでしていないので、APIを含むテストについて、Seleniumで簡単に自動化できないか試してみました。 なぜSeleniumか? なぜPythonか? 試してみるテストケース 天気予報APIの仕様
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
こんにちは。ROBOT PAYMENT (以下、ロボペイ)でエンジニアをしているtakamoriです。 私が所属しているチームでは、請求先マイページ機能を開発しており、その中でユーザー認証基盤をAuth0からCognitoへと移行させました。そこで今回は、Auth0からCognitoへのユーザー移行手順を書いていきたいと思います。 ※ 本記事ではAuth0やCognitoの環境構築は対象外で、それぞれの環境が構築済み前提となります。 移行手順 Auth0からユーザーをエクスポート Auth0ユーザー情報をCognitoユーザー情報へマッピング Cognitoへユーザーをインポート Auth0からユーザーをエクスポート Auth0からのユーザーをエクスポートするには、ExportUsersJob APIを利用します。GetUsers APIを利用して取得することも可能ですが1,000件の取得
Introducing Ezno
Ezno is an experimental compiler I have been working on and off for a while. In short, it is a JavaScript compiler featuring checking, correctness and performance for building full-stack (rendering on the client and server) websites. This post is just an overview of some of the features I have been working on which I think are quite cool as well an overview on the project philosophy ;) It is still
How uv got so fast
uv installs packages faster than pip by an order of magnitude. The usual explanation is “it’s written in Rust.” That’s true, but it doesn’t explain much. Plenty of tools are written in Rust without being notably fast. The interesting question is what design decisions made the difference. Charlie Marsh’s Jane Street talk and a Xebia engineering deep-dive cover the technical details well. The intere
I use Claude Code. A lot. As a hobbyist, I run it in a VM several times a week on side projects, often with --dangerously-skip-permissions to vibe code whatever idea is on my mind. Professionally, part of my team builds the AI-IDE rules and tooling for our engineering team that consumes several billion tokens per month just for codegen. The CLI agent space is getting crowded and between Claude Cod
はじめにyukiです。RustのカンファレンスであるRust.Tokyoのオーガナイザーを務めているほか、『実践Rustプログラミング入門』『RustによるWebアプリケーション開発』といった書籍を共著で執筆しました。 この記事のテーマは、近年利用が進み人気が高まるRustのバックエンド開発における動向です。前半で、現在人気のあるライブラリの動向を簡単にまとめます。次に、私が現在開発の動向に注目しているいくつかのライブラリについて紹介します。 人気のバックエンド開発ライブラリの動向Rustによるバックエンド開発[1]では、やはり最近でも次の2つのクレートが選ばれる傾向にあるようです。「デファクトスタンダード」と呼べるくらいには、そろそろなってきたのではないでしょうか。 axum actix-web 数年前であればactix-webが一強ではあったものの、近年はtokioチームが開発するax
Skills are custom instructions that extend Claude's capabilities for specific tasks or domains. When you create a skill via a SKILL.md file, you're teaching Claude how to handle specific scenarios more effectively. The power of skills lies in their ability to encode institutional knowledge, standardize outputs, and handle complex multi-step workflows that would otherwise require repeated explanati
Security best practices when using ALB authentication | Amazon Web Services
Networking & Content Delivery Security best practices when using ALB authentication At AWS, security is the top priority, and we are committed to providing you with the necessary guidance to fortify the security posture of your environment. In 2018, we introduced built-in authentication support for Application Load Balancers (ALBs), enabling secure user authentication as they access applications.
Today, we are excited to announce the launch of .NET 10, the most productive, modern, secure, intelligent, and performant release of .NET yet. It’s the result of another year of effort from thousands of developers around the world. This release includes thousands of performance, security, and functional improvements across the entire .NET stack-from languages and developer tools to workloads-enabl
Learn how Replit trains Large Language Models (LLMs) using Databricks, Hugging Face, and MosaicML IntroductionLarge Language Models, like OpenAI's GPT-4 or Google's PaLM, have taken the world of artificial intelligence by storm. Yet most companies don't currently have the ability to train these models, and are completely reliant on only a handful of large tech firms as providers of the technology.
What We Learned from a Year of Building with LLMs (Part I)
It’s an exciting time to build with large language models (LLMs). Over the past year, LLMs have become “good enough” for real-world applications. The pace of improvements in LLMs, coupled with a parade of demos on social media, will fuel an estimated $200B investment in AI by 2025. LLMs are also broadly accessible, allowing everyone, not just ML engineers and scientists, to build intelligence into
We are delighted to introduce Spin 1.0, the first stable release of the open source developer tool for building serverless applications with WebAssembly (Wasm)! Since we first introduced Spin last year, we have been hard at work together with the community on building a frictionless developer experience for building and running serverless applications with Wasm. For this release, we focused on bui
人手のリサーチをデータパイプラインに。dbt Python model × LLM Web Searchで公開情報をSnowflakeに載せるまで - LayerX エンジニアブログ
LayerX BizOps 部データグループのさえない (@saeeeeru) です。最近は娘と『名探偵プリキュア!』にハマっています。「自分で見て、感じて、考えて、"本当"の答えを出す」。AI 時代だからこそ刺さるメッセージです(推理パートをちゃんと解けるようになりたい)。 前回の記事では、dbt Python model から外部 API を呼び出す実装パターンを紹介しました。今回はその応用として、LLM の Web Search 機能を使って公開情報を取得し、それをデータパイプラインに組み込む実践例を書きます。 この記事では、まず LLM の Web Search 機能をどう使うとデータパイプラインに載せやすい形になるのか を説明し、そのうえで Snowflake / dbt にどう載せたのか、そして本番運用の中でどんな品質課題が見えてきたのか、という順に整理します。 Web Sea
Choosing the right solution for AWS Lambda external parameters | Amazon Web Services
AWS Compute Blog Choosing the right solution for AWS Lambda external parameters This post is written by Thomas Moore, Solutions Architect, Serverless. When using AWS Lambda to build serverless applications, customers often need to retrieve parameters from an external source at runtime. This allows you to share parameter values across multiple functions or microservices, providing a single source o
31st December 2024 A lot has happened in the world of Large Language Models over the course of 2024. Here’s a review of things we figured out about the field in the past twelve months, plus my attempt at identifying key themes and pivotal moments. This is a sequel to my review of 2023. In this article: The GPT-4 barrier was comprehensively broken Some of those GPT-4 models run on my laptop LLM pri
Note: This blog post is also available as a documentation page on Transformers. Large Language Models (LLMs) such as GPT3/4, Falcon, and LLama are rapidly advancing in their ability to tackle human-centric tasks, establishing themselves as essential tools in modern knowledge-based industries. Deploying these models in real-world tasks remains challenging, however: To exhibit near-human text unders
API Tokens: A Tedious Survey Author Name Thomas Ptacek @tqbf @tqbf Image by Annie Ruygt We’re Fly.io. This post isn’t about Fly.io, but you have to hear about us anyways, because my blog, my rules. Our users ship us Docker containers and we transmute them into Firecracker microvms, which we host on our own hardware around the world. With a working Dockerfile, getting up and running will take you l
GitHub - anderspitman/awesome-tunneling: List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
Telebit - Written in JS. Code. tunnel.pyjam.as - No custom client; uses WireGuard directly instead. Written in Python. source code SSH-J.com - Public SSH Jump & Port Forwarding server. No software, no registration, just an anonymous SSH server for forwarding. Users are encouraged to use it for SSH exposure only, to preserve end-to-end encryption. No public ports, only in-SSH connectivity. Run ssh
CyberAgentさんがDeepSeek-R1を日本語で蒸留し直してくれたので、その性能を試してみようと思います。 そのために、まず以下のようなコードを書きます。PythonのREPLで実行しています。 import requests import sseclient # pip install sseclient-py import json from rich.console import Console from rich.markdown import Markdown # コンソールの準備 console = Console() url = "http://localhost:8000/v1/chat/completions" headers = {"Content-Type": "application/json"} def ai(prompt): payload = { "
One of the main barriers to a wider adoption and experimentation with open-source agents is the dependency on extra tools and frameworks that need to be installed before the agents can be run. In this post, we introduce the Wasm agents blueprint, aimed at showing how to write agents as HTML files, which can just be opened and run in a browser, without the need for any extra dependencies. This is s
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
Prompt Engineering
Date: March 15, 2023 | Estimated Reading Time: 21 min | Author: Lilian Weng Prompt Engineering, also known as In-Context Prompting, refers to methods for how to communicate with LLM to steer its behavior for desired outcomes without updating the model weights. It is an empirical science and the effect of prompt engineering methods can vary a lot among models, thus requiring heavy experimentation a
Agents
Intelligent agents are considered by many to be the ultimate goal of AI. The classic book by Stuart Russell and Peter Norvig, Artificial Intelligence: A Modern Approach (Prentice Hall, 1995), defines the field of AI research as “the study and design of rational agents.” The unprecedented capabilities of foundation models have opened the door to agentic applications that were previously unimaginabl
Vjeux » Birth of Prettier
React Conf is around the corner and it's been almost 10 years since Prettier was released. I figured it would be a good time to recount the journey from its early days to now. This is the story of how the "Space vs Tabs Holy War" ended, not through one side winning over the other but instead a technological invention making it the underlying source of tensions no longer being a thing. Back Story S
Improving the Developer Experience with the Ruby LSP - Shopify
Improving the Developer Experience with the Ruby LSPThe Ruby LSP is a new language server built at Shopify that makes coding in Ruby even better by providing extra Ruby features for any editor that has a client layer for the LSP. In this article, we’ll cover how we built the Ruby LSP, the features included within it, and how you can install it. Ruby has an explicit goal to make developers happy. H
How to Bypass Cloudflare in 2023: The 8 Best Methods - ZenRows
About 1/5 of websites you need to scrape use Cloudflare, a hardcore anti-bot protection system that gets you blocked easily. So what can you do? 😥 We spent a million dollars figuring out how to bypass Cloudflare in 2023 so that you don't have to and wrote the most complete guide (you're reading it!). These are some of the techniques you'll get home today: Method 1: Get around Cloudflare CDN. Meth
Agentic GraphRAG for Commercial Contracts | Towards Data Science
In every business, legal contracts are foundational documents that define the relationships, obligations, and responsibilities between parties. Whether it’s a partnership agreement, an NDA, or a supplier contract, these documents often contain critical information that drives decision-making, risk management, and compliance. However, navigating and extracting insights from these contracts can be a
Over the course of my Spring 2020 semester at Harvey Mudd College, I developed a self-hosting compiler entirely from scratch. This article walks through many interesting parts of the project. It’s laid out so you can just read from beginning to end, but if you’re more interested in a particular topic, feel free to jump there. Or, take a look at the project on GitHub. Table of contents What the pro
Patterns for Building LLM-based Systems & Products [ llm engineering production 🔥 ] · 66 min read Discussions on HackerNews, Twitter, and LinkedIn “There is a large class of problems that are easy to imagine and build demos for, but extremely hard to make products out of. For example, self-driving: It’s easy to demo a car self-driving around a block, but making it into a product takes a decade.”
LLM音声対話システムの応答を高速化してみた | CyberAgent Developers Blog
はじめまして、CyberAgent AI Lab Intaractive Agentチームの技術研究員の大平といいます。 この記事は CyberAgent Developers Advent Calendar 2023 1日目の記事です。 ChatGPTの登場以降、自然なチャット対話はAPI呼び出しだけで簡単に実装できるようになりました。 更に人間のようなインタラクションを実現しようとすれば、音声対話に発展させたいと思う方も多いかと思われます。 しかし実際にLLMを使って音声対話システムを構築してみると、そのレスポンスの遅さに不満を感じることになります。 この記事ではよくあるシンプルなLLMを用いた音声対話に対していくつかの工夫を施し、その応答速度をできるだけ早めてみようという試みになります。 よくある構成として、以下を用います。 音声認識 Google STT LLM ChatGPT 3
Wasm core dumps and debugging Rust in Cloudflare Workers
Wasm core dumps and debugging Rust in Cloudflare Workers2023-08-14 A clear sign of maturing for any new programming language or environment is how easy and efficient debugging them is. Programming, like any other complex task, involves various challenges and potential pitfalls. Logic errors, off-by-ones, null pointer dereferences, and memory leaks are some examples of things that can make software
Amazon CloudFront now accepts your applications’ gRPC calls | Amazon Web Services
AWS News Blog Amazon CloudFront now accepts your applications’ gRPC calls Starting today, you can deploy Amazon CloudFront, our global content delivery network (CDN), in front of your gRPC API endpoints. gRPC is a modern, efficient, and language-agnostic framework for building APIs. It uses Protocol Buffers (protobuf) as its interface definition language (IDL), which enable you to define services
Kubeflow PipelinesからVertex Pipelinesへの移行による運用コスト削減 - ZOZO TECH BLOG
こんにちは、技術本部 データシステム部 MLOpsブロックの平田(@TrsNium)です。約2年半ぶりの執筆となる今回の記事では、MLOps向け基盤を「Kubeflow Pipelines」から「Vertex Pieplines」へ移行して運用コストを削減した取り組みを紹介します。 目次 目次 はじめに Vertex Pipelinesとは Vertex Pipelinesへの移行 Vertex Pipelinesへ移行するワークフロー 1. ワークフローのKubeflow Pipelines SDK V2への移行 コンパイラのデータ型の制約が厳しくなった ContainerOp APIが非推奨になった Kubeflow PipelinesのPlaceholderを使用できなくなった 2. スケジュール実行されているワークフローへ前回実行分が終わるまでの待機処理を追加 3. Vertex
Introducing account regional namespaces for Amazon S3 general purpose buckets | Amazon Web Services
AWS News Blog Introducing account regional namespaces for Amazon S3 general purpose buckets Today, we’re announcing a new feature of Amazon Simple Storage Service (Amazon S3) you can use to create general purpose buckets in your own account regional namespace simplifying bucket creation and management as your data storage needs grow in size and scope. You can create general purpose bucket names ac
Version 1.108 is now available! Read about the new features and fixes from December. Release date: May 8, 2025 Update: Enable Next Edit Suggestions (NES) by default in VS Code Stable (more...). Update 1.100.1: The update addresses these security issues. Update 1.100.2: The update addresses these issues. Update 1.100.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Univers
Update 1.78.1: The update addresses this security issue. Update 1.78.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Accessibility improvements - Better scre
Introducing VPC Lattice – Simplify Networking for Service-to-Service Communication (Preview) | Amazon Web Services
AWS News Blog Introducing VPC Lattice – Simplify Networking for Service-to-Service Communication (Preview) March 31, 2023 – Amazon VPC Lattice is now generally available with new capabilities. Modern applications are built using modular and distributed components. Each component is a service that implements its own subset of functionalities. To make these services communicate with each other, you
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
SeleniumによるAPI呼び出しを含むE2Eテスト自動化 - asoview! Tech Blog
Auth0からCognitoへのユーザー移行 - ROBOT PAYMENT TECH-BLOG
How I Use Every Claude Code Feature
Rustのバックエンド開発の最近の動向を追う - Findy Media
How to create Skills for Claude: steps and examples | Claude
Announcing .NET 10 - .NET Blog
Replit — How to train your own Large Language Models
Spin 1.0 — The Developer Tool for Serverless WebAssembly
Things we learned about LLMs in 2024
Optimizing your LLM in production
API Tokens: A Tedious Survey
CyberAgentが蒸留したDeepSeek-R1を試す|shi3z
Wasm-agents: AI agents running in your browser
June 2022 (version 1.69)
Kalyn: a self-hosting compiler for x86-64
Patterns for Building LLM-based Systems & Products
April 2025 (version 1.100)
April 2023 (version 1.78)