はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
Software Design連載 2022年1月号 運用監視の解像度アップとサービス横断的なログ基盤の整備 - MonotaRO Tech Blog
こんにちは。中山(id:yoichi22) です Software Designに連載させていただいております「Pythonモダン化計画」では、モノタロウの社内事例から読者の皆様のお役に立ちそうな取り組みを紹介させていただいています。のですが、社内でも隣のチームがやってた取り組みを記事で初めて知ることもあって、私も読者として楽しませてもらっています。隣の執筆者さんありがとうございます。 今回は、運用にまつわる監視とログの話題です。本記事の初出は、Software Design2022年1月号「Pythonモダン化計画(第6回)」になります。過去の連載記事は以下を参照ください。 第1回 Software Design連載 2021年8月号 Python製のレガシー&大規模システムをどうリファクタリングするか 第2回 Software Design連載 2021年9月号 「テストが無い」からの
API シナリオテストツール Postman・Tavern・runn 徹底比較 – 私が runn を選んだ理由 - TechDoctor開発者Blog
はじめに はじめまして、テックドクターでバックエンドエンジニアをしている筧と申します。 最近、弊社では API の品質を担保するために「API シナリオテスト」をプロダクトに導入しました。今回は、この API シナリオテストのツールである Postman(+Newman)、Tavern そして runn を比較し、最終的に runn を選んだ理由をご紹介します。 API シナリオテストとは? API シナリオテストとはなんでしょうか? 開発におけるテストといえば、ユニットテストや結合テスト、API テストや E2E テストなどをよく耳にします。しかしAPI シナリオテストという言葉はあまり聞き馴染みがないという方も多いかもしれません。 API シナリオテストは API テストの一種で、複数の API を連鎖的に呼び出して実行するテストです。以下の特徴を持っています。 複数の API を順序
Security best practices when using ALB authentication | Amazon Web Services
Networking & Content Delivery Security best practices when using ALB authentication At AWS, security is the top priority, and we are committed to providing you with the necessary guidance to fortify the security posture of your environment. In 2018, we introduced built-in authentication support for Application Load Balancers (ALBs), enabling secure user authentication as they access applications.
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.67.1: The update addresses this security issue. Update 1.67.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2022 release of Visual Studio Code. There are many updates in this version that we hope
Amazon Bedrock AgentCore ObservabilityでStrands Agentsを可視化する - Taste of Tech Topics
こんにちは、YAMALEX駿です。 YAMALEX は Acroquest 社内で発足した、会社の未来の技術を創る、機械学習がメインテーマのデータサイエンスチームです。 (詳細はリンク先をご覧ください。) AIエージェントの開発において、本番環境での動作を監視し、パフォーマンスを測定・デバッグすることは非常に重要です。 Amazon Bedrock AgentCore Observability を活用することで、エージェントの動作を詳細に追跡し、問題を迅速に特定できるようになります。 本記事では、Strands Agentsフレームワークを使用して、OpenTelemetryによる自動計装を実装し、CloudWatchでエージェントの動作を可視化する方法について解説します。 AgentCore Runtimeを使うと自動で有効になる機能ではありますが、Runtimeを使わないときでも、
"MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools." ― Anthropic TL;DR I would like for this to turn out to be a skill
Version 1.108 is now available! Read about the new features and fixes from December. Release date: May 8, 2025 Update: Enable Next Edit Suggestions (NES) by default in VS Code Stable (more...). Update 1.100.1: The update addresses these security issues. Update 1.100.2: The update addresses these issues. Update 1.100.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Univers
Update 1.82.1: The update addresses this security issue. Update 1.82.2: The update addresses these issues. Update 1.82.3: The update addresses this security issue. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key hi
How a simple Linux kernel memory corruption bug can lead to complete system compromise
In this case, reallocating the object as one of those three types didn't seem to me like a nice way forward (although it should be possible to exploit this somehow with some effort, e.g. by using count.counter to corrupt the buf field of seq_file). Also, some systems might be using the slab_nomerge kernel command line flag, which disables this merging behavior. Another approach that I didn't look
When we launched Cloudflare Sandboxes last June, the premise was simple: AI agents need to develop and run code, and they need to do it somewhere safe. If an agent is acting like a developer, this means cloning repositories, building code in many languages, running development servers, etc. To do these things effectively, they will often need a full computer (and if they don’t, they can reach for
Security Update: Suspected Supply Chain Incident | liteLLM
Status: Active investigation Last updated: March 27, 2026 Update (March 30): A new clean version of LiteLLM is now available (v1.83.0). This was released by our new CI/CD v2 pipeline which added isolated environments, stronger security gates, and safer release separation for LiteLLM. Update (March 27): Review Townhall updates, including explanation of the incident, what we've done, and what comes
ChatGPT Containers can now run bash, pip/npm install packages, and download files
Sponsored by: Teleport — Secure, Govern, and Operate AI at Engineering Scale. Learn more ChatGPT Containers can now run bash, pip/npm install packages, and download files 26th January 2026 One of my favourite features of ChatGPT is its ability to write and execute code in a container. This feature launched as ChatGPT Code Interpreter nearly three years ago, was half-heartedly rebranded to “Advance
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
Amazon FSx for NetApp ONTAPファイルシステム上のiSCSI LUNをマウントしてみた | DevelopersIO
Amazon FSx for NetApp ONTAPは単純なファイルサーバーじゃないぞ こんにちは、のんピ(@non____97)です。 皆さんはMulti-AZのEBSボリュームを欲しいなと思ったことはありますか? 私はあります。 EBSボリュームはAZ単位なのでAZ障害のことを考えるとちょっと心配です。かと言って自分でブロックレベルのレプリケーションを実装するのも何だか大変です。 そこで、Amazon FSx for NetApp ONTAPの出番です。 Amazon FSx for NetApp ONTAPはファイルサーバーとしての機能だけではなく、ブロックストレージとしての機能も有しています。 Q: Amazon FSx for NetApp ONTAP はどのプロトコルをサポートしていますか? A: Amazon FSx for NetApp ONTAP は、ネットワークファイ
Deconstructing prompt-based meta-tool architecture and context injection patterns for AI engineering - Claude’s Agent Skills system represents a sophisticated prompt-based meta-tool architecture that extends LLM capabilities through specialized instruction injection. Unlike traditional function calling or code execution, skills operate through prompt expansion and context modification to modify ho
前回解読したように「らじる★らじる」の聴き逃しサービスは、番組IDを受け取ったJavaScriptなプレイヤー(player_ondemand.js)が番組情報JSONデータへのリンクを生成し、そのJSONデータに登録されている番組名や解説、音声データの配信URL等を用いて以後の処理を進めていることがわかりました。そこで今回は、このJSONデータを自前で料理し、必要な情報を取り出す方法を考えましょう。 JSONデータの処理 JSON(JavaScript Object Notation)は、その名の通りJavaScript用に開発されたデータオブジェクトの記述法で、プログラム中で使う変数や配列、リストといったデータを、その構成情報を保ちつつ、人間が読める文字列に変換する仕組みです。 JSONデータは"{ }"(中カッコ)でデータの構造化、":"(コロン)で変数名とその内容を対応づけます。例
Using the AWS Parameter and Secrets Lambda extension to cache parameters and secrets | Amazon Web Services
AWS Compute Blog Using the AWS Parameter and Secrets Lambda extension to cache parameters and secrets This post is written by Pal Patel, Solutions Architect, and Saud ul Khalid, Sr. Cloud Support Engineer. Serverless applications often rely on AWS Systems Manager Parameter Store or AWS Secrets Manager to store configuration data, encrypted passwords, or connection details for a database or API ser
The Alkyne GC · mcyoung
Alkyne is a scripting language I built a couple of years ago for generating configuration blobs. Its interpreter is a naive AST walker1 that uses ARC2 for memory management, so it’s pretty slow, and I’ve been gradually writing a new evaluation engine for it. This post isn’t about Alkyne itself, that’s for another day. For now, I’d like to write down some notes for the GC I wrote3 for it, and more
Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Update 1.72.1: The update addresses these security issues. Update 1.72.2: The update addresses these issues. Welcome to the September 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Tool bar customization - Hide/show
Server-Sent Events: the alternative to WebSockets you should be using
When developing real-time web applications, WebSockets might be the first thing that come to your mind. However, Server Sent Events (SSE) are a simpler alternative that is often superior. Contents Prologue WebSockets? What is wrong with WebSockets Compression Multiplexing Issues with proxies Cross-Site WebSocket Hijacking Server-Sent Events Let’s write some code The Reverse-Proxy The Frontend The
Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary. Support lifespan
Version 1.108 is now available! Read about the new features and fixes from December. Update 1.96.1: The update addresses these issues and enables the GitHub Copilot Free plan. Update 1.96.2: The update addresses these issues. Update 1.96.3: The update addresses these issues. Update 1.96.4: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb
Photo by ELLA DON on UnsplashHave you been working on an OpenAI project that uses the Chat GPT API? Do you want to stream the response to your application in real-time — as it's being generated? In this article, I will walk you through the process of using OpenAI’s API to receive SSE to your server and forwarding those events to your client using SSE. The examples will be written in JavaScript, Py
JupyterLab Changelog — JupyterLab 4.6.0a1 documentation
JupyterLab Changelog# v4.5# JupyterLab 4.5 includes a number of new features (described below), bug fixes, and enhancements. This release is compatible with extensions supporting JupyterLab 4.0. Extension authors are encouraged to consult the Extension Migration Guide which lists deprecations and changes to the public API. Performance and windowing# The default windowing mode is now contentVisibil
はじめに データアナリティクス事業本部ビッグデータチームのyosh-kです。 今回はIICS CDIでリソースをGithubで管理し、チェックインした際にGithub ActionsでIICS JOBを自動テストすることが可能か検証していきたいと思います。 前提条件 以下の動画や記事などで紹介されていた内容を元に検証と実装を一部修正させていただきました。 Automated Deployment of IICS Assets- CI/CD using Informatica API's 事前に任意のマッピングタスク、マッピング、タスクフローを作成してあることとします。 また、IICS CDIとGithubでのソース管理が設定されていることとします。まだの場合は、以下のブログを参考にしてください。 Informatica Cloud Data IntegrationでGitHub上のリポジト
How I Reversed Amazon's Kindle Web Obfuscation Because Their App Sucked
How I bypassed Amazon’s Kindle web DRM | Hacker NewsHacker NewsThis article hit #1 on Hacker News, thanks all! TL;DRI bought my first ebook from amazonAmazon's Kindle Android app was really buggy and crashed a bunchTried to download my book to use with a functioning reader appRealized Amazon no longer lets you do thatDecided to reverse engineer their obfuscation system out of spiteDiscovered multi
Update 1.93.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Profiles editor - Switch and manage your profiles from a single place. Django unit test support
Node.js
Notable Changes Experimental command-line argument parser API Adds util.parseArgs helper for higher level command-line argument parsing. Contributed by Benjamin Coe, John Gee, Darcy Clarke, Joe Sepi, Kevin Gibbons, Aaron Casanova, Jessica Nahulan, and Jordan Harband - #42675 Experimental ESM Loader Hooks API Node.js ESM Loader hooks now support multiple custom loaders, and composition is achieved
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
June 2022 (version 1.69)
April 2022 (version 1.67)
A Critical Look at MCP - Raz Blog
April 2025 (version 1.100)
August 2023 (version 1.82)
Agents have their own computers with Sandboxes GA
prompts.chat - AI Prompts Community
What's New in Emacs 28.1?
Claude Agent Skills: A First Principles Deep Dive
第46回 『らじる★らじる』の聴き逃がしサービス(2) | gihyo.jp
September 2022 (version 1.72)
Ubuntu 24.04 LTS (Noble Numbat) Release Notes
November 2024 (version 1.96)
OpenAI SSE (Server-Sent Events) Streaming API
【IICS】GitHub Actionsを使用したIICS JOB自動テスト | DevelopersIO
August 2024 (version 1.93)