はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
【Amazon Bedrock】AWSサービスのみを使ったシンプル構成のRAGアプリを作ってみた - NRIネットコムBlog
はじめに RAGとは 構成図 作成リソース Lambda 1. PDFから文書抽出&Embedding取得Lambda 2. 回答作成用Lambda AWS SAM テンプレート Streamlit 動作確認 まとめ はじめに こんにちは堤です。 Amazon BedrockがGAとなり、AWS内で完結してLLMアプリケーションを構築できるようになりました。 試しにRAGアプリケーションを作成してみようと思いましたが、現状AWSでRetrievalするデータソースを作成しようとすると、Amazon OpenSearch Serverless やAmazon Kendraを使用するしかありません。これらのサービスを使うのはコストもそれなりにかかり少しハードルが高いなーと思っていたら以下のブログを見つけました。 aws.amazon.com 構成図を見ると分かるように、S3にembedding
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
GitHub - bregman-arie/devops-exercises: Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
In general, what do you need in order to communicate? A common language (for the two ends to understand) A way to address who you want to communicate with A Connection (so the content of the communication can reach the recipients) What is TCP/IP? A set of protocols that define how two or more devices can communicate with each other. To learn more about TCP/IP, read here What is Ethernet? Ethernet
DMARCレポートの可視化ダッシュボードを作りました - LIVESENSE ENGINEER BLOG
はじめに そもそもDMARCって何? Googleの発表によってDMARC対応が必要に SaaSの検討 OSSの検討・選定 構成 動作 GmailからGoogle Driveへ格納する XMLをパースしてOpenSearchに格納する Google Driveからコンテナ内にダウンロードする パースと格納 可視化 苦労した点 Gmailの仕様とparsedmarcの相性が悪い OpenSearch突然データが全部消えた 作ってみてよかったこと 今後の運用 はじめに インフラGの鈴木です。ガールズケイリンアニメことリンカイ!の放映が近くなってきましたね。 最近小倉にギャンブル旅行にいったのですが、北九州競輪には等身大パネルがありました。本気(マジ)度が伝わってきます。アニメの放映日が楽しみです。 ところで、今回はDMARCの可視化基盤を作った話をします。なかなか大変1でしたので、共有したいと
I use Claude Code. A lot. As a hobbyist, I run it in a VM several times a week on side projects, often with --dangerously-skip-permissions to vibe code whatever idea is on my mind. Professionally, part of my team builds the AI-IDE rules and tooling for our engineering team that consumes several billion tokens per month just for codegen. The CLI agent space is getting crowded and between Claude Cod
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.70.1: The update addresses these issues. Update 1.70.2: The update addresses these issues. Update 1.70.3: This update is only available for Windows 7 users and is the last release supporting Windows 7. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welc
I first learned Kubernetes ("k8s" for short) in 2018, when my manager sat me down and said "Cloudflare is migrating to Kubernetes, and you're handling our team's migration." This was slightly terrifying to me, because I was a good programmer and a mediocre engineer. I knew how to write code, but I didn't know how to deploy it, or monitor it in production. My computer science degree had taught me a
The feature is still under refinement, yet ready to use. Feedback is welcome. View the preview features (@tag:preview). Copilot Edits Agent mode improvements (Experimental) Last month, we introduced agent mode for Copilot Edits in VS Code Insiders. In agent mode, Copilot can automatically search your workspace for relevant context, edit files, check them for errors, and run terminal commands (with
Server-Sent Events: the alternative to WebSockets you should be using
When developing real-time web applications, WebSockets might be the first thing that come to your mind. However, Server Sent Events (SSE) are a simpler alternative that is often superior. Contents Prologue WebSockets? What is wrong with WebSockets Compression Multiplexing Issues with proxies Cross-Site WebSocket Hijacking Server-Sent Events Let’s write some code The Reverse-Proxy The Frontend The
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.56.1: The update addresses these security issues. Update 1.56.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2021 release of Visual Studio Code. The VS Code team has been busy this month working
Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary. Support lifespan
Update 1.91.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Preview: Incoming/Outgoing changes graph - Visualize incoming and outgoing changes in the Source C
Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41 | Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION | China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure | Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns | Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw | Laboratory Services Cooperative dat
This is an python API which allows you to get the transcripts/subtitles for a given YouTube video. It also works for automatically generated subtitles, supports translating subtitles and it does not require a headless browser, like other selenium based solutions do! Unverified details These details have not been verified by PyPI Project links Homepage Repository Meta License: MIT License (MIT) Aut
GitHub - taishi-i/awesome-ChatGPT-repositories: A curated list of resources dedicated to open source GitHub repositories related to ChatGPT and OpenAI API
awesome-chatgpt-api - Curated list of apps and tools that not only use the new ChatGPT API, but also allow users to configure their own API keys, enabling free and on-demand usage of their own quota. awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better. awesome-chatgpt - Curated list of awesome tools, demos, docs for ChatGPT and GPT-3 awesome-totally-open-chat
概要 Nginx では標準で提供されている limit_conn モジュールを使用して、接続数制限を提供します。 接続数制限によって、同一の接続元からの接続が制限でき、DoS攻撃から防御できます。あるいは、TCPの接続数を制限することによって、高負荷時にもWebサービスの処理を継続させることが目的です。 今回は、Nginx 接続数制限 (limit_conn) の設定方法、ab (apache bench) による接続数制限の検証方法をまとめます。 事前準備 EC2 の Amazon Linux 2 インスタンスを起動します。 インスタンスのUser data 設定に、下記を記載します。Amazon Linux 2 のnginx は、amazon-linux-extrasを使用します。amazon-linux-extras の詳細はこちらを参照。 #!/bin/bash sudo yum
Photo by ELLA DON on UnsplashHave you been working on an OpenAI project that uses the Chat GPT API? Do you want to stream the response to your application in real-time — as it's being generated? In this article, I will walk you through the process of using OpenAI’s API to receive SSE to your server and forwarding those events to your client using SSE. The examples will be written in JavaScript, Py
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence | Microsoft Security Blog
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. NOBELIUM is now tracked as Midnight Blizzard. April 15, 2021 update – We updated this blog with new indicators of compromise, including files, domains, and C2 decoy traffic, released by Cybersecurity & Infrastructure Security Agency (CISA) in Malware Analysis Rep
Years ago I spent a lot of time reviewing coding challenges. The challenge itself was very straightforward - building a CLI tool that hit an API and allowed the user to page through and inspect the data. We allowed any language, so I saw all kinds of approaches1. At one point I came across a challenge I thought was literally perfect. It was a single Python file (maybe thirty lines of code in total
JupyterLab Changelog — JupyterLab 4.5.0a3 documentation
JupyterLab Changelog# v4.4# JupyterLab 4.4 includes a number of new features (described below), bug fixes, and enhancements. This release is compatible with extensions supporting JupyterLab 4.0. Extension authors are encouraged to consult the Extension Migration Guide which lists deprecations and changes to the public API. Code console improvements# The code console prompt can now be positioned on
Microsoft has silently pushed an update back in April 2025 for Copilot Enterprise, enabling a live Python sandbox running Jupyter Notebook that can execute code in the backend. Well, that sounds like a terrific idea, let’s explore it for a bit! It turns out to be easy to have it execute exactly the code we want to on the underlying system using Jupyter Notebook syntax %command. Well, it worked mos
A History of Clojure
71 A History of Clojure RICH HICKEY, Cognitect, Inc., USA Shepherd: Mira Mezini, Technische Universität Darmstadt, Germany Clojure was designed to be a general-purpose, practical functional language, suitable for use by professionals wherever its host language, e.g., Java, would be. Initially designed in 2005 and released in 2007, Clojure is a dialect of Lisp, but is not a direct descendant of any
Updated 2024-09-17 to reflect updated PgBouncer support for protocol-level prepared statements 🐘 To start, I want to say that I’m appreciative that PgBouncer exists and the work its open source maintainers put into it. I also love working with PostgreSQL, and I’m thankful for the incredible amount of work and improvements that go into it as well. I also think community and industry enthusiasm aro
Node.js
Notable Changes Experimental command-line argument parser API Adds util.parseArgs helper for higher level command-line argument parsing. Contributed by Benjamin Coe, John Gee, Darcy Clarke, Joe Sepi, Kevin Gibbons, Aaron Casanova, Jessica Nahulan, and Jordan Harband - #42675 Experimental ESM Loader Hooks API Node.js ESM Loader hooks now support multiple custom loaders, and composition is achieved
[Simon Tatham, initial version 2023-09-01, last updated 2025-03-25] [Coroutines trilogy: C preprocessor | C++20 native | general philosophy ] Introduction Why I’m so enthusiastic about coroutines The objective view: what makes them useful? Versus explicit state machines Versus conventional threads The subjective view: why do I like them so much? “Teach the student when the student is ready” They s
Kappa Architecture is Mainstream Replacing Lambda - Kai Waehner
Real-time data beats slow data. That’s true for almost every use case. Nevertheless, enterprise architects build new infrastructures with the Lambda architecture that includes separate batch and real-time layers. This blog post explores why a single real-time pipeline, called Kappa architecture, is the better fit. Real-world examples from companies such as Disney, Shopify, Uber, and Twitter explor
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
How I Use Every Claude Code Feature
July 2022 (version 1.70)
Solving common problems with Kubernetes
February 2025 (version 1.98)
April 2021 (version 1.56)
Ubuntu 24.04 LTS (Noble Numbat) Release Notes
June 2024 (version 1.91)
youtube-transcript-api
Nginx 接続数制限 (limit_conn) を設定してab検証する | Oji-Cloud
OpenAI SSE (Server-Sent Events) Streaming API
Great software design looks underwhelming
How we Rooted Copilot - Eye Research
PgBouncer is useful, important, and fraught with peril
Philosophy of coroutines