はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
はじめに なぜ遅いのか 何をやるのか 計測 名前付きボリュームを使ってない場合 Named Volumeを使う場合 Macからどう見えているか 結論とまとめ はじめに 以前からいろんなところで話していますが、僕は普段、手元のMacには言語系のランタイムとかは入れておらずVS CodeとDocker for Macだけ入れてRemote Containersの環境で開発しています。 この環境自体はとても便利でいいのですが、一点大きな問題があります。 それは遅いということ。自分の場合は最近だとJSでの開発が多いのですが、例えばNext.jsで開発している場合に以下のような操作が特に遅く感じます。 yarn install yarn add yarn jest next dev next start next build yarn jestとかnext devが遅いのは起動だけだったりします。起
技術部の笹田(ko1)と遠藤(mame)です。クックパッドで Ruby (MRI: Matz Ruby Implementation、いわゆる ruby コマンド) の開発をしています。お金をもらって Ruby を開発しているのでプロの Ruby コミッタです。 本日 12/25 に、ついに Ruby 3.1.0 がリリースされました(Ruby 3.1.0 リリース )。今年も Ruby 3.1 の NEWS.md ファイルの解説をします。NEWS ファイルとは何か、は以前の記事を見てください。 プロと読み解く Ruby 2.6 NEWS ファイル - クックパッド開発者ブログ プロと読み解くRuby 2.7 NEWS - クックパッド開発者ブログ プロと読み解くRuby 3.0 NEWS - クックパッド開発者ブログ 本記事は新機能を解説することもさることながら、変更が入った背景や苦労な
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
Fish 4.0: The Fish Of Theseus
About two years ago, our head maintainer @ridiculousfish opened what quickly became our most-read pull request: #9512 - Rewrite it in Rust Truth be told, we did not quite expect that to be as popular as it was. It was written as a bit of an in-joke for the fish developers first, and not really as a press release to be shared far and wide. We didn’t post it anywhere, but other people did, and we go
GitHub - bregman-arie/devops-exercises: Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
In general, what do you need in order to communicate? A common language (for the two ends to understand) A way to address who you want to communicate with A Connection (so the content of the communication can reach the recipients) What is TCP/IP? A set of protocols that define how two or more devices can communicate with each other. To learn more about TCP/IP, read here What is Ethernet? Ethernet
NETGEAR社製ルーターにおける認証不要の任意コード実行の技術的解説(PSV-2022-0044) - GMO Flatt Security Blog
※本記事は先立って公開された英語版記事を翻訳し、日本語圏の読者向けに一部改変したものです。 画像出典: https://www.netgear.com/business/wifi/access-points/wac124/ はじめに こんにちは、株式会社Flatt Securityのstypr(@stereotype32)です。 一昨年、日本のOSS製品で発見された0day脆弱性に関する技術解説をブログに書きました。 それ以来、私は様々な製品に多くの脆弱性を発見してきました。残念ながら私が見つけたバグのほとんどはすぐに修正されなかったので、今日まで私が見つけた、技術的に興味深い脆弱性の情報を共有する機会がありませんでした。 本記事では、NETGEAR社のWAC124(AC2000)ルーターにおいて、様々な脆弱性を発見し、いくつかの脆弱性を連鎖させて、前提条件なしに未認証ユーザーの立場からコ
SECKUN 2021 pub.md SECKUN 2021/ProSec-IT 2021 コンテナ演習資料(公開版) この資料について 九州大学のSECKUN 2021/ProSec-IT(enPiT-Pro) 2021の共通カリキュラムにおいて、近藤 @udzura が担当したコンテナ概要の授業にて使用した教材です。 https://cs.kyushu-u.ac.jp/seckun/about/ https://cs.kyushu-u.ac.jp/enpit-pro/ 今回、公益性を鑑み、授業固有の連絡事項などを削除した状態で公開します。 ライセンスは Creative Commons Attribution 4.0 International Public License (CC BY 4.0) ref とします。 個人の自学、社内研修、スクールでの授業などでお使いいただけますが、内
31st December 2024 A lot has happened in the world of Large Language Models over the course of 2024. Here’s a review of things we figured out about the field in the past twelve months, plus my attempt at identifying key themes and pivotal moments. This is a sequel to my review of 2023. In this article: The GPT-4 barrier was comprehensively broken Some of those GPT-4 models run on my laptop LLM pri
Ubuntu Weekly Recipe 第899回Distroboxを使えば、他のディストリビューションの最新パッケージをUbuntuでも気軽に試せる UbuntuにはDebian由来の豊富なパッケージ資産が存在します。しかしながら登場したばかりのソフトウェアがなかったり、最新のバージョンに追随できていないことも多々あります。そこで今回は、他のディストリビューションのパッケージを気軽に素早く試せる「Distrobox」を紹介しましょう。 Distroboxとは 「Distrobox」とは、コンテナを活用したさまざまなLinuxディストリビューションの実行環境を用意するツールです。端的に言うと、Linuxディストリビューションのルートファイルシステムの作成・管理に特化したDocker・Podmanのラッパーです。 Distroboxを使うと次のようなことを実現できます。 特定のディスト
Yesterday I was thinking about how long it took me to get a colorscheme in my terminal that I was mostly happy with (SO MANY YEARS), and it made me wonder what about terminal colours made it so hard. So I asked people on Mastodon what problems they’ve run into with colours in the terminal, and I got a ton of interesting responses! Let’s talk about some of the problems and a few possible ways to fi
先日リリースされたUbuntu 21.04では、長年の懸案だった「Waylandセッションのデフォルト化」が再度実施されました。今後2022年4月にリリースされる予定のUbuntu 22.04 LTSに向けて、さまざまな問題を洗い出し、対応を行っていくことになります。今回はそんなWayland環境で「X転送 over SSH」っぽいことを実現してみましょう。 Waylandセッションになったということ Waylandとは2008年に登場したの次世代ディスプレイサーバーです。もともとは、X.Orgの開発者でもあったKristian Høgsbergが最小のディスプレイサーバーとウィンドウコンポジッターを組み合わせたものとして個人的に作成していたソフトウェアでした。その後、X.Orgの開発者たちがX Window System/X.Orgを置き換える次世代のディスプレイサーバーとして開発に参加
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
Update 1.99.1: The update addresses these security issues. Update 1.99.2: The update addresses these issues. Update 1.99.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the March 2025 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highligh
The Unix shell is over 50 years old, but it still defines how programmers use their computers. We type a few words in a terminal, and milliseconds later an ephemeral factory comes online: the Unix pipeline. Data streams through a network of simple programs working concurrently, like robots on the factory floor, executing a computational choreography we composed seconds ago. Its job done, the facto
Output StylesやAgent SkillsでClaude Codeの活用幅を広げる | Wantedly Engineer Blog
こんにちは。ウォンテッドリーでバックエンドエンジニアをしている小室 (@nekorush14) です。今回は Claude Code をコーディング以外の作業でも利用している話をします。Claude Code と聞くと、真っ先にコーディングさせるAIエージェントのイメージがありますが、それ以外の用途でも便利に利用できることについてまとめます。 目次はじめに 活用幅を広げるための施策 Output Styles で出力の方向性を制御する Agent Skills でエージェントを強化する 筆者の設定 具体的な構成 運用フロー まとめ 参考文献 はじめにClaude Code は Anthropic 社が提供する AI コーディングエージェントです。登場した当初、ファイル操作、git 操作、テスト実行などを自律的に行うその能力は、多くのエンジニアに衝撃を与えました。 しかし、Claude Co
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.67.1: The update addresses this security issue. Update 1.67.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2022 release of Visual Studio Code. There are many updates in this version that we hope
Version 1.108 is now available! Read about the new features and fixes from December. Release date: June 12, 2025 Security update: The following extension has security updates: ms-python.python. Update 1.101.1: The update addresses these issues. Update 1.101.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome t
Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support | Amazon Web Services
AWS News Blog Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support 11/17/2025 Update: Amazon Linux 2 end of support date (End of Life, or EOL) has been extended to 2026-06-30. I am excited to announce the general availability of Amazon Linux 2023 (AL2023). AWS has provided you with a cloud-optimized Linux distribution since 2010. This is the third generation of our Amazon
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE. Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a det
Update 1.80.1: The update addresses these issues. Update 1.80.2: The update addresses this security issue. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Accessibility improvements - Accessible V
Creating a Development Environment Using VS Code's Dev Container
Creating a Development Environment Using VS Code's Dev Container A sequel article has been posted 🥳🎉 (June 8, 2023): [Sequel! Dev Container] Creating a cloud development environment with GitHub Codespaces . Introduction Hello. Torii here, from the team[^1][^2] Common Services Development Group that develops payment platforms used by multiple services. Finding your IDE doesn't work even though yo
構成 基本的構成 わたしのサイトでは、基本的に以下のような形でつくってあります。 httpsを解釈するreverse proxy (VPS内) httpで動くアプリケーション (自宅サーバdocker内) 両者はsite-to-siteなVPNでつながる 露出する頭だけVPSにおいておき、背後のアプリケーションは自宅においてVPNでつなげるというのが基本的な構成です。 そのこころは以下です。 自分のノートパソコンやスマホは常時VPNでVPSに接続 リバースプロキシでSSLクライアント証明書を要求・検証することで、赤の他人のアクセスを排除 VPSでの処理を最小限にする(なるべく安いVPSを使う) なるべく自宅サーバ側で処理をする 自宅にグローバルIPをつけたくない sslh nginxやapacheの前段にsslhをつけるとsshとopenvpn(のtcp接続)も443に同居させることができ
PyTorch discloses malicious dependency chain compromise over holidays
HomeNewsSecurityPyTorch discloses malicious dependency chain compromise over holidays PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counter
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.70.1: The update addresses these issues. Update 1.70.2: The update addresses these issues. Update 1.70.3: This update is only available for Windows 7 users and is the last release supporting Windows 7. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welc
For the past few weeks I’ve been teaching my 9-pound cavapoo Momo (cavalier king charles spaniel and toy poodle) to vibe code games. The key to making this work is telling Claude Code that a genius game designer who only speaks in cryptic riddles is giving it instructions, add strong guardrails, and build plenty of tools for automated feedback. The results have surpassed my expectations. Below I w
Some random rambling by a linguistics nerd about Emacs, Linux, and conlanging It was announced a couple of hours ago, Emacs 29’s branch is now cut from the master branch! This means the emacs-29 branch will from now no longer receive any new feature, but only bug fixes. So, what’s new with this new major release? I skimmed over the NEWS file, and here are the changes which I find interesting and e
KDL is a small, pleasant document language with XML-like node semantics that looks like you're invoking a bunch of CLI commands! It's meant to be used both as a serialization format and a configuration language, much like JSON, YAML, or XML. It looks like this: package { name my-pkg version "1.2.3" dependencies { // Nodes can have standalone values as well as // key/value pairs. lodash "^3.2.1" op
Bringing the power of AI to Windows 11 – unlocking a new era of productivity for customers and developers with Windows Copilot and Dev Home
Bringing the power of AI to Windows 11 – unlocking a new era of productivity for customers and developers with Windows Copilot and Dev Home The team and I are pumped to be back at Build with the developer community this year. Over the last year, Windows has continued to see incredible growth fueled by Windows 11 adoption. In fact, one of the most exciting areas driving that growth for Windows has
Tier 4 Support § Support for these targets is entirely experimental. If this target is provided by LLVM, LLVM may have the target as an experimental target, which means that you need to use Zig-provided binaries for the target to be available, or build LLVM from source with special configure flags. zig targets will display the target if it is available. This target may be considered deprecated by
I first learned Kubernetes ("k8s" for short) in 2018, when my manager sat me down and said "Cloudflare is migrating to Kubernetes, and you're handling our team's migration." This was slightly terrifying to me, because I was a good programmer and a mediocre engineer. I knew how to write code, but I didn't know how to deploy it, or monitor it in production. My computer science degree had taught me a
Version 1.108 is now available! Read about the new features and fixes from December. Release date: May 8, 2025 Update: Enable Next Edit Suggestions (NES) by default in VS Code Stable (more...). Update 1.100.1: The update addresses these security issues. Update 1.100.2: The update addresses these issues. Update 1.100.3: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Univers
Update 1.82.1: The update addresses this security issue. Update 1.82.2: The update addresses these issues. Update 1.82.3: The update addresses this security issue. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the August 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key hi
Update 1.78.1: The update addresses this security issue. Update 1.78.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Accessibility improvements - Better scre
Update 1.97.1: The update addresses these security issues. Update 1.97.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the January 2025 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Next Edit Suggestions (preview) - Co
Supply Chain Attack on Axios Pulls Malicious Dependency from...
Update 4/1: We dug deeper into the hidden blast radius of this attack and how dependency resolution expanded its impact: https://socket.dev/blog/hidden-blast-radius-of-the-axios-compromiseA supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including axios@1.14.1 and axios@0.30.4. The latest version pulls in plain-crypt
redbean
redbean single-file distributable web server redbean is an open source webserver in a single-file that runs natively on six OSes for both AMD64 and ARM64. Basic idea is if you want to build a web app that runs anywhere, then you download the redbean.com file, put your .html and .lua files inside it using the zip command, and you've got a hermetic app you deploy and share. redbean embeds Lua, SQLit
How a simple Linux kernel memory corruption bug can lead to complete system compromise
In this case, reallocating the object as one of those three types didn't seem to me like a nice way forward (although it should be possible to exploit this somehow with some effort, e.g. by using count.counter to corrupt the buf field of seq_file). Also, some systems might be using the slab_nomerge kernel command line flag, which disables this merging behavior. Another approach that I didn't look
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.66.1: The update addresses these issues. Update 1.66.2: The update addresses these security issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the March 2022 release of Visual Studio Code. There are many updates in this version that we ho
This paper reflects work done in late 2022 and 2023 to audit for vulnerabilities in terminal emulators, with a focus on open source software. The results of this work were 10 CVEs against terminal emulators that could result in Remote Code Execution (RCE), in addition various other bugs and hardening opportunities were found. The exact context and severity of these vulnerabilities varied, but some
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
Macで使うVS CodeとRemote Containerの性能を大幅改善 - Sweet Escape
プロと読み解く Ruby 3.1 NEWS - クックパッド開発者ブログ
SECKUN 2021/ProSec-IT 2021 コンテナ演習資料(公開版)
Things we learned about LLMs in 2024
第899回 Distroboxを使えば、他のディストリビューションの最新パッケージをUbuntuでも気軽に試せる | gihyo.jp
Terminal colours are tricky
第666回 Waypipeを用いてWayland環境で「X転送 over SSH」っぽいことをしてみる | gihyo.jp
June 2022 (version 1.69)
March 2025 (version 1.99)
A Shell for the Container Age: Introducing Dagger Shell | Dagger
April 2022 (version 1.67)
May 2025 (version 1.101)
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. - Xint
June 2023 (version 1.80)
クラウドから撤退して自前サーバに自分でwebアプリを建てるおはなし - Qiita
July 2022 (version 1.70)
I Taught My Dog to Vibe Code Games | Caleb Leak
Emacs 29 is nigh! What can we expect?
The KDL Document Language
0.8.0 Release Notes ⚡ The Zig Programming Language
Solving common problems with Kubernetes
April 2025 (version 1.100)
August 2023 (version 1.82)
April 2023 (version 1.78)
January 2025 (version 1.97)
March 2022 (version 1.66)
"�[31m"?! ANSI Terminal security in 2023 and finding 10 CVEs