はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
Developers are increasingly relying on AI coding assistants to accelerate our daily workflows. These tools can autocomplete functions, suggest bug fixes, and even generate entire modules or MVPs. Yet, as many of us have learned, the quality of the AI’s output depends largely on the quality of the prompt you provide. In other words, prompt engineering has become an essential skill. A poorly phrased
AWS Documentation MCP Server でAWSのFAQアシスタントを作成する - Taste of Tech Topics
はじめに データ分析エンジニアの木介です。 AWSの公式ドキュメントで欲しい情報を探そうとしても、なかなか目的のページが見つからなかったりすることってありませんか? AWSから「AWS Documentation MCP Server」が公開されたため、本記事では、それを利用して、最新のAWSドキュメントに基づき、質問に回答してくれるFAQアシスタントの作成方法について紹介したいと思います。 MCP Serverの呼び出しには、Claude Desktop および dolphin-mcp を利用します。 github.com はじめに 概要 1. MCPとは MCPのしくみ 2. AWS Documentation MCP Serverとは Claude Desktop経由でAWS ドキュメントのFAQアシスタントを作成する dolphin-mcpでAWS ドキュメントのFAQアシスタント
This post is about why we need a coroutine package for Go, and what it would look like. But first, what are coroutines? Every programmer today is familiar with function calls (subroutines): F calls G, which stops F and runs G. G does its work, potentially calling and waiting for other functions, and eventually returns. When G returns, G is gone and F continues running. In this pattern, only one fu
NETGEAR社製ルーターにおける認証不要の任意コード実行の技術的解説(PSV-2022-0044) - GMO Flatt Security Blog
※本記事は先立って公開された英語版記事を翻訳し、日本語圏の読者向けに一部改変したものです。 画像出典: https://www.netgear.com/business/wifi/access-points/wac124/ はじめに こんにちは、株式会社Flatt Securityのstypr(@stereotype32)です。 一昨年、日本のOSS製品で発見された0day脆弱性に関する技術解説をブログに書きました。 それ以来、私は様々な製品に多くの脆弱性を発見してきました。残念ながら私が見つけたバグのほとんどはすぐに修正されなかったので、今日まで私が見つけた、技術的に興味深い脆弱性の情報を共有する機会がありませんでした。 本記事では、NETGEAR社のWAC124(AC2000)ルーターにおいて、様々な脆弱性を発見し、いくつかの脆弱性を連鎖させて、前提条件なしに未認証ユーザーの立場からコ
Rust でも学べる関数型ドメイン駆動設計 - Domain Modeling Made Functional の読書感想文 - じゃあ、おうちで学べる
はじめに なぜ 2026 年に、2018 年出版の本を再読するのでしょうか。正直に言えば、『Architecture Modernization』の翻訳作業で DDD の概念が頻出し、「分かったつもり」の理解では訳せなくなったからです。初読から 7 年。関数型の視点で DDD を説明する本書を、今度こそ腹落ちさせたかった。 読む動機 『Domain Modeling Made Functional』は、DDD と関数型プログラミングを組み合わせたアプローチを解説する書籍です。 Domain Modeling Made Functional: Tackle Software Complexity with Domain-Driven Design and F# (English Edition) 作者:Wlaschin, ScottPragmatic BookshelfAmazon 著者の
【Python 3.12】型ヒント機能がいつの間にか進化していたので、慌ててキャッチアップする - ABEJA Tech Blog
ABEJA でプロダクト開発を行っている平原です。 先日、バックエンドで使っているGo言語のお勉強しようと「go言語 100Tips ありがちなミスを把握し、実装を最適化する」を読んでいました。その中でinterfaceは(パッケージを公開する側ではなく)受け側で定義するべきという記述を見つけてPythonでも同じことできないかと調べていると(PythonではProtocolを使うとうまくいきそうです。)、どうやら型ヒント機能がかなりアップデートされていることに気づき慌てて再入門しました。(3.7, 3.8あたりで止まってました。。) この記事では、公式ドキュメントを見ながら適当にコードを書き散らし、どの機能はどこまで使えるのか試してみたことをまとめてみました。 docs.python.org 環境 Python: 3.12.1 エディタ: Visual Studio Code Pylan
A few months ago, I set myself the challenge of writing a C compiler in 500 lines of Python1, after writing my SDF donut post. How hard could it be? The answer was, pretty hard, even when dropping quite a few features. But it was also pretty interesting, and the result is surprisingly functional and not too hard to understand! There's too much code for me to comprehensively cover in a single blog
Today, we are excited to announce the launch of .NET 10, the most productive, modern, secure, intelligent, and performant release of .NET yet. It’s the result of another year of effort from thousands of developers around the world. This release includes thousands of performance, security, and functional improvements across the entire .NET stack-from languages and developer tools to workloads-enabl
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
Golang Mini Reference 2022: A Quick Guide to the Modern Go Programming Language (REVIEW COPY)
Golang Mini Reference 2022 A Quick Guide to the Modern Go Programming Language (REVIEW COPY) Harry Yoon Version 0.9.0, 2022-08-24 REVIEW COPY This is review copy, not to be shared or distributed to others. Please forward any feedback or comments to the author. • feedback@codingbookspress.com The book is tentatively scheduled to be published on September 14th, 2022. We hope that when the release da
Over the course of my Spring 2020 semester at Harvey Mudd College, I developed a self-hosting compiler entirely from scratch. This article walks through many interesting parts of the project. It’s laid out so you can just read from beginning to end, but if you’re more interested in a particular topic, feel free to jump there. Or, take a look at the project on GitHub. Table of contents What the pro
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.70.1: The update addresses these issues. Update 1.70.2: The update addresses these issues. Update 1.70.3: This update is only available for Windows 7 users and is the last release supporting Windows 7. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welc
Pydantic AIで作る!実践Text-to-SQLシステム構築ガイド 〜自然言語によるデータ抽出の自動化で分析業務を効率化〜
Pydantic AIで作る!実践Text-to-SQLシステム構築ガイド 〜自然言語によるデータ抽出の自動化で分析業務を効率化〜 こんにちは、Ubieでアナリティクスエンジニア/データアナリストをしているmatsu-ryuです。 普段は、Ubieが提供するサービスから得られる様々なデータを活用し、「テクノロジーで人々を適切な医療に案内する」というミッションの実現に向けて取り組んでいます。 皆さんの職場では、こんなやり取りはありませんか? 「先月のカテゴリ別売上トップ3、都道府県別で出せますか?」 「レビュー評価が星1つの商品のリストと、その商品を買ったユーザーのリストをお願いします。」 データドリブンな意思決定が重視される昨今、こうしたデータ抽出・分析の依頼は日常的に発生します。しかし、その裏側では多くの組織が共通の課題を抱えています。 SQLの壁: 分析したい人が必ずしもSQLを書ける
Building the fastest Lua interpreter.. automatically!
This is Part 1 of a series of posts. Part 2 is available here: Building a baseline JIT for Lua automatically It is well-known that writing a good VM for a dynamic language is never an easy job. High-performance interpreters, such as the JavaScript interpreter in Safari, or the Lua interpreter in LuaJIT, are often hand-coded in assembly. If you want a JIT compiler for better performance, well, you’
Skills in OpenAI API
Upload, manage, and attach reusable skills to hosted environments. Agent Skills let you upload and reuse versioned bundles of files in hosted and local shell environments. For the full reference, see the Skills documentation. What is a skill? A skill is a reusable bundle of files (instructions + scripts + assets), packaged as a folder and anchored by a required SKILL.md manifest. OpenAI copies tha
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
Update: I originally published this post few months ago, and it only covered Turbo Drive and Turbo Frames then, with a static site. I've since had a bunch of conversations with people working with other tech stacks (Rust, PHP, and Go) wanting to integrate Hotwire into their front-ends, and everyone kept asking about Turbo Streams, since it needs a back-end server. So I've updated the post to build
Shai Hulud Strikes Again (v2)Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected. Update: November 26, 2025 PostHog has published a detailed post mortem describing how one of its GitHub Actions workflows was abused as an initial access vector for Shai Hulud v2. An attacker briefly opened a pull request that modified a script executed via pull_requ
Update 1.60.1: The update addresses these issues. Update 1.60.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2021 release of Visual Studio Code. There are many updates in this version that we hope you will like, some of the key highlights include: Automatic language detection - Programming l
Deconstructing prompt-based meta-tool architecture and context injection patterns for AI engineering - Claude’s Agent Skills system represents a sophisticated prompt-based meta-tool architecture that extends LLM capabilities through specialized instruction injection. Unlike traditional function calling or code execution, skills operate through prompt expansion and context modification to modify ho
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding If you've used emulators for older platforms, you probably experienced a level of precise control over software execution that we lack on contemporary platforms. For example, if you play 8-bit video games emulated on your modern console, you are able to suspend and rewind gameplay, and when you resume, that incoming creatu
前回に引き続き、Stable DiffusionのControlNetで遊んでみます。ControlNetとは画像主に空間方向の強い条件付が可能です。LoRAと組み合わせて動画レンダリングのようなこともできつつあるので、使いこなすとかなり強力な武器になりそうです。 はじめに 前回はLoRAで遊んでみましたが、今回はこちらもよく話題にのぼるControlNetで遊んでみました。ControlNetもDiffusersで対応しており、簡単に使うことができます。 ControlNetとは 解説が結構多いので今更感はありますが、2023年2月に発表された論文です。 従来のStable Diffusionは「この人をこういうポーズで配置してほしい」や「ここにこれをおいてほしい」や「輪郭線はこうしてほしい」のような、なにか制約条件をおいた上で生成するということが難しいという課題がありました。実践的には
Right now, asyncio is one of the trendier topics in Python, and rightfully so – It’s a great way to handle I/O-bound programs! When I was learning about asyncio, It took me a while to understand how it actually worked. But later, I came to find out that it’s basically just a really nice layer on top of Python Generators. In this article, I’m going to create a simplified version of asyncio using ju
A mega tutorial with dozens of examples on how to use the pathlib module in Python 3 When I started learning Python, there was one thing I always had trouble with: dealing with directories and file paths! I remember the struggle to manipulate paths as strings using the os module. I was constantly looking up error messages related to improper path manipulation. The os module never felt intuitive an
An AI-native software engineer is one who deeply integrates AI into their daily workflow, treating it as a partner to amplify their abilities. This requires a fundamental mindset shift. Instead of thinking “AI might replace me” an AI-native engineer asks for every task: “Could AI help me do this faster, better, or differently?”. The mindset is optimistic and proactive - you see AI as a multiplier
Server-Sent Events: the alternative to WebSockets you should be using
When developing real-time web applications, WebSockets might be the first thing that come to your mind. However, Server Sent Events (SSE) are a simpler alternative that is often superior. Contents Prologue WebSockets? What is wrong with WebSockets Compression Multiplexing Issues with proxies Cross-Site WebSocket Hijacking Server-Sent Events Let’s write some code The Reverse-Proxy The Frontend The
Introducing Amazon Kinesis Data Analytics Studio – Quickly Interact with Streaming Data Using SQL, Python, or Scala | Amazon Web Services
AWS News Blog Introducing Amazon Kinesis Data Analytics Studio – Quickly Interact with Streaming Data Using SQL, Python, or Scala The best way to get timely insights and react quickly to new information you receive from your business and your applications is to analyze streaming data. This is data that must usually be processed sequentially and incrementally on a record-by-record basis or over sli
Tetris That Hates You StickManStickMan #611, by Sam Hughes. HATETRIS is a version of Tetris written in 2010 by programmer and sci-fi author Sam Hughes. According to his initial description of the game: This is bad Tetris. It’s hateful Tetris. It’s Tetris according to the evil AI from “I Have No Mouth And I Must Scream”. (And if you aren’t familiar with Tetris at all, and don’t know the rules or pi
The sad state of property-based testing libraries Posted on Jul 2, 2024 Property-based testing is a rare example of academic research that has made it to the mainstream in less than 30 years. Under the slogan “don’t write tests, generate them” property-based testing has gained support from a diverse group of programming language communities. In fact, the Wikipedia page of the original property-bas
I find blockchain fascinating because it extends open source software development to open source + state. This seems to be a genuine/exciting innovation in computing paradigms; We don’t just get to share code, we get to share a running computer, and anyone anywhere can use it in an open and permissionless manner. The seeds of this revolution arguably began with Bitcoin, so I became curious to dril
After studying how companies deploy generative AI applications, I noticed many similarities in their platforms. This post outlines the common components of a generative AI platform, what they do, and how they are implemented. I try my best to keep the architecture general, but certain applications might deviate. This is what the overall architecture looks like. This is a pretty complex system. Thi
Why APL is a language worth knowing
“A language that doesn't affect the way you think about programming, is not worth knowing.”, by Alan J. Perlis. Why APL is a language worth knowing Alan Perlis, the computer scientist recipient of the first Turing award, wrote “A language that doesn't affect the way you think about programming, is not worth knowing.” ― Alan J. Perlis, 1982. Special feature: Epigrams on programming. ACM Sigplan Not
VirtualBox の「Arch Linux」に「OpenBox」デスクトップ〈H123〉 - Linux あれこれ
登録日: 2021-07-11 更新日: 2023-03-18 前回、「Xubuntu 20.04.2 LTS」に、ハードウェアの違いを仮想マシンにより吸収してくれる「VirtualBox」をインストールして、ゲストOS として「Arch Linux」をインストール しました。 今回は、それに「OpenBox」デスクトップ環境をインストールしたので、その備忘録です。 - 「OpenBox」はデスクトップ環境というよりも、デスクトップ環境の一部の機能です。余計な機能がない分、使えるまでに手間がかかりますが、出来上がれば軽量です。このあたりは、Arch Linux に似ています。 - - ホストOS : Xubuntu 20.04.2 LTS ゲストOS : Arch Linux(2021.07.01 のiso イメージ) ←(作業時のバージョン) - - 使用したPC は「ASUS Chro
Update 1.90.2: The update addresses these issues. Update 1.90.1: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the May 2024 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Editor tabs multi-select - Select and perform act
Pytorch tips - Pythonいぬ
Pytorchで割とよく検索するけど、ひとつの記事にするほどでもない事をまとめてみる。使っていて便利そうだと思った情報はどんどん追加していくつもり。 cuda.is_available(): GPU動作チェック GPUかCPUかを自動判断 to(x.deice): model中での変数がGPUかCPUか numpy ndarray と pytorch tensorの相互変換 平均と標準偏差で正規化 permute: 次元の入れ替え 画像左右反転 like関数 パラメータをもたないモジュール register_buffer(): 最適化しないパラメータ model.apply(): モジュールを再帰的に処理 tensor.item(): スカラーの取り出し model.parameters()の中身のみかた cuda.is_available(): GPU動作チェック PytorchでGPU
This week, I decided to rewrite my website using plain HTML and CSS. When I originally made it, I used SvelteKit for simplicity. It was a more interesting project than I was expecting when I started working so I wanted to share my thoughts on the experience. Why? There are a number of reasons I decided to do the rewrite. One is that I’m currently unemployed so I have a lot of free time for side pr
tl;dr: If in doubt, prefer to use zswap. Only use zram if you have a highly specific reason to. In terms of architecture: zswap sits in front of your disk swap, compresses pages in RAM, and automatically tiers cold data to disk. It integrates directly with the kernel's memory management and distributes pressure gracefully. zram is a compressed RAM block device with a hard capacity limit. When you
目次 はじめに この記事で学べること 前提知識 技術スタックの全体像 各コンポーネントの詳細解説 パフォーマンス設計 構築手順 まとめ 参考リンク はじめに この記事は、株式会社asken (あすけん) Advent Calendar 2025の12/23の記事です。 こんにちは。AX推進部(テックリード・AIエンジニア)の山口です。 今回は、SageMakerでvLLMを動かす方法を説明したいと思います。 LLM を API として提供する際の課題 ChatGPT のような LLM を自社サービスに組み込みたい場合、以下のような課題があります: レイテンシ(応答時間): ユーザーがテキストを入力してから結果が返るまでの時間。長いとユーザー体験が悪化します スループット(処理能力): 同時に多くのリクエストを処理できるか コスト: GPU は高価なので、効率的に使いたい 運用負荷: サーバ
Sketch of a Post-ORM
I’ve been writing a lot of database access code as of late. It’s frustrating that in 2023, my choices are still to either write all of the boilerplate by hand, or hand all database access over to some inscrutable “agile” ORM that will become a crippling liability in the 2-3y timescale. This post is about how I want to use databases, from the perspective of an application server developer—not a DBA
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
The Prompt Engineering Playbook for Programmers
research!rsc: Coroutines for Go
Writing a C compiler in 500 lines of Python
Announcing .NET 10 - .NET Blog
June 2022 (version 1.69)
Kalyn: a self-hosting compiler for x86-64
July 2022 (version 1.70)
0.10.0 Release Notes ⚡ The Zig Programming Language
You Don't Need Rails to Start Using Hotwire
Shai Hulud Strikes Again (v2) - Socket
August 2021 (version 1.60)
Claude Agent Skills: A First Principles Deep Dive
Diffusers版のControlNet+LoRAで遊ぶ:理論と実践 | Shikoan's ML Blog
How Python Asyncio Works: Recreating it from Scratch
Python pathlib Cookbook: 57+ Examples to Master It (2022)
The AI-Native Software Engineer
Getting the World Record in HATETRIS
The sad state of property-based testing libraries
A from-scratch tour of Bitcoin in Python
Building A Generative AI Platform
May 2024 (version 1.90)
Rewriting my website in plain HTML and CSS
Debunking zswap and zram myths
SageMaker + vLLM で LLM API を構築 - asken テックブログ