はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
オススメのRust製無料プロキシツール「Caido」の紹介 - blog of morioka12
1. 始めに こんにちは、morioka12 です。 本稿では、最近注目を浴びているオススメの Rust 製の無料プロキシツール「Caido」について紹介します。 本稿で触れるプロキシツールは、Web アプリやスマホアプリの通信を傍受して、リクエストの内容を確認したり書き換えたりするツールを指します。 1. 始めに 想定読者 2. Caido の概要 アドバイザー 主な特徴 ディスクトップアプリと CLI HTTPQL DNS の書き換え ブラウザでレスポンスの表示 SDK・Plugin Caido と Burp Suite の違い Caido の使い始め方 3. Caido の主な機能 Sitemap Intercept HTTP History Match & Replace Replay Automate Workflows Search Findings その他 Built-in
REST API Design Best Practices Handbook – How to Build a REST API with JavaScript, Node.js, and Express.js
By Jean-Marc Möckel I've created and consumed many API's over the past few years. During that time, I've come across good and bad practices and have experienced nasty situations when consuming and building API's. But there also have been great moments. There are helpful articles online which present many best practices, but many of them lack some practicality in my opinion. Knowing the theory with
アソビュー! Advent Calendar 2022の2日目(裏面)の記事です。 アソビューでQAをしている渡辺です。 前職ではエンジニア、およびQAをしておりましたが、10月よりアソビューにQAとして入社しました。 今回は、API呼び出しを含むE2Eテストの自動化を、他社ウェブサイトに仕様記載の無料公開APIで試してみた話となります。 アソビューのQAでは、開発スピードと品質向上の両立を図ることを重視しています。 そのためにも、シフトレフトやテスト自動化推進の取り組みは重要です。 現在QAとして参画中のプロジェクトでAPIの外部公開があり、E2EテストとしてAPIを含むテストの自動化はこれまでしていないので、APIを含むテストについて、Seleniumで簡単に自動化できないか試してみました。 なぜSeleniumか? なぜPythonか? 試してみるテストケース 天気予報APIの仕様
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
1. 始めに こんにちは、morioka12 です。 本稿では、バグバウンティの脆弱性調査で使われている LLM の活用事例について少し紹介します。 1. 始めに 免責事項 2. LLM の活用事例 SimonW「LLM」 3. Recon CewlAI Subwiz ffufai Crawl4AI Athena WARC-GPT 4. Browser Extension Nuclei AI Extension 5. Web Proxy Plugin Shift (Caido) Caido403Bypasser (Caido) BurpGPT (Burp Suite) Add: Montoya API (Burp Suite) Hackvertor 6. ChatGTP Plugin PentestGPT Bug Hunter GPT Bounty Plz 7. 講演動画 Bug Boun
Introducing AWS Lambda Managed Instances: Serverless simplicity with EC2 flexibility | Amazon Web Services
AWS News Blog Introducing AWS Lambda Managed Instances: Serverless simplicity with EC2 flexibility Today, we’re announcing AWS Lambda Managed Instances, a new capability you can use to run AWS Lambda functions on your Amazon Elastic Compute Cloud (Amazon EC2) compute while maintaining serverless operational simplicity. This enhancement addresses a key customer need: accessing specialized compute o
Internet Engineering Task Force (IETF) K. Davis Request for Comments: 9562 Cisco Systems Obsoletes: 4122 B. Peabody Category: Standards Track Uncloud ISSN: 2070-1721 P. Leach University of Washington May 2024 Universally Unique IDentifiers (UUIDs) Abstract This specification defines UUIDs (Universally Unique IDentifiers) -- also known as GUIDs (Globally Unique IDentifiers) -- and a Uniform Resou
Update 1.69.1: The update addresses these issues. Update 1.69.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the June 2022 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: 3-way merge editor - Resolve merge conflicts wit
Velja
Open links in a specific browser or a matching native app. Easily switch between browsers. In-depth review of Velja. Trusted by almost 130K users. Example use-cases Use Safari as your primary browser but open Google Meet links in Chrome Open links to figma.com directly in the Figma desktop app Open links to the internal company website in Firefox Open Zoom meeting invitations directly in the deskt
Thought for 6.8 seconds Below is a very small, self‑contained Python script that performs an HTTP GET request to http://localhost:3000 and prints whatever the server replies. It uses the popular third‑party library requests (recommended because of its ease of use), but I also included a short alternative that works with the Python standard library (urllib.request) in case you don’t want to install
GIMP 2.99.12 is a huge milestone towards GIMP 3.0. Many of the missing pieces are getting together, even though it is still a work in progress. As usual, issues are expected and in particular in this release which got important updates in major areas, such as canvas interaction code, scripts, but also theming… “CMYK space invasion”, by Jehan (based on GPLv3 code screencast), Creative Commons by-sa
Open sourcing h3i: a command line tool and library for low-level HTTP/3 testing and debugging
Open sourcing h3i: a command line tool and library for low-level HTTP/3 testing and debugging2024-12-30 Have you ever built a piece of IKEA furniture, or put together a LEGO set, by following the instructions closely and only at the end realized at some point you didn't quite follow them correctly? The final result might be close to what was intended, but there's a nagging thought that maybe, just
Retrieval Augmented Generation at scale — Building a distributed system for synchronizing and…
Disclaimer: We will go into some technical and architectural details of how we do this at Neum AI — A data platform for embeddings management, optimization, and synchronization at large scale, essentially helping with large-scale RAG. As we’ve shared in other blogs in the past, getting a Retrieval Augmented Generation (RAG) application started is pretty straightforward. The problem comes when tryi
--- name: skill-creator description: Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations. license: Complete terms in LICENSE.txt --- # Skill Creator This skill provides guidance for creating effective skills. ## About Skills S
Exactly ten years ago today, we published "Why We Created Julia", introducing the Julia project to the world. At this point, we have moved well past the ambitious goals set out in the original blog post. Julia is now used by hundreds of thousands of people. It is taught at hundreds of universities and entire companies are being formed that build their software stacks on Julia. From personalized me
EKS/Kubernetesで画像カテゴリ分類のGPU推論環境をProduction Readyにするまで - nariのエンジニアリング備忘録
こちらは Eureka Advent Calendar 2021の12/20の記事となります. English Version: medium.com はじめに こんにちは、エウレカSREチームのnari/wapperと申します👋 最近は、データライフサイクル・プライバシープロジェクト/データプラットフォームの移行/審査サービスのMLシステムのインフラなどを担当したりしています(Site Reliability Engineerなのかわからなくなってきた) その中で今回は、審査サービスにおける画像カテゴリ分類モデルを、EKSで本番環境にリリースした話を紹介したいと思います。 EKS Clusterの本番環境設定のポイントは、セキュリティ項目も含めてたくさんありますが、今回はGPU推論環境ならではのポイントにフォーカスしてみたいと思います。 対象読者 Kubernetesに関する基礎知識(
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
こんにちは、データAI部でPythonエンジニアをしている平田(@JesseTetsuya)です。普段は、PoCとデータをもってくる、というところ以外全部やる、というスタンスで開発業務を行っています。 日頃は、Flask1.1.4を利用していましたが、2021年5月11日にFlask2.0へのメジャーバージョンアップがありました。 メジャーバージョンアップということもあり、多くのアップデート項目がありました。そこで、特に日頃の業務に関わりそうなアップデートについて当記事にまとめていこうと思います。 Flaskとは? Flaskは、PythonistaのArmin Ronachertによって2010年に初回リリースされました。いまでは、 Armin Ronacherを筆頭にPalletプロジェクトと言う名前でFlaskを含む、Flaskに関連する各ライブラリのメンテナンスがPalletプロジ
Introducing Spin 2.0
The Fermyon team is proud to introduce Spin 2.0 — a new major release of Spin, the open source developer tool for building, distributing, and running WebAssembly (Wasm) applications in the cloud. Wasm is a technology that is making its way into more and more parts of modern computing — from browser applications, to plugin systems, IoT scenarios and more, and Spin makes it possible to build your se
Deconstructing prompt-based meta-tool architecture and context injection patterns for AI engineering - Claude’s Agent Skills system represents a sophisticated prompt-based meta-tool architecture that extends LLM capabilities through specialized instruction injection. Unlike traditional function calling or code execution, skills operate through prompt expansion and context modification to modify ho
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.56.1: The update addresses these security issues. Update 1.56.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2021 release of Visual Studio Code. The VS Code team has been busy this month working
Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary. Support lifespan
February 2023 Go to: Old to new | To-dos | Weddings | Config | Statics | Cron | Load testing | Conclusion I recently switched two side projects from being hosted on an Amazon EC2 instance to using Fly.io. It was a really good experience: Fly.io just worked. It allowed me to delete about 500 lines of Ansible scripts and config files, and saved me $9 a month. For the larger of the two projects, I al
Accepted at ICLR 2026 (Oral). GEPA: REFLECTIVE PROMPT EVOLUTION CAN OUTPER- FORM REINFORCEMENT LEARNING Lakshya A Agrawal1 , Shangyin Tan1 , Dilara Soylu2 , Noah Ziems4 , Rishi Khare1 , Krista Opsahl-Ong5 , Arnav Singhvi2,5 , Herumb Shandilya2 , Michael J Ryan2 , Meng Jiang4 , Christopher Potts2 , Koushik Sen1 , Alexandros G. Dimakis1,3 , Ion Stoica1 , Dan Klein1 , Matei Zaharia1,5 , Omar Khattab6
Deleted articles cannot be recovered. Draft of this article would be also deleted. Are you sure you want to delete this article? はじめに 先日、初めて公開Webサービスを作ってみた。 【個人ブログのためのSEOツール】キーワードの重要度比較 ブログのSEO対策ツールで、自分のURLと競合ページのURLを入力するとそれぞれのページに含まれるキーワード別の重要度がわかる、というものだ。 これ、このページの下の方に書いた通り、いろんなライブラリの寄せ集めで、ぼくは何も難しいことをしていないんだけど、何しろ初めて公開Webサービスを作ったので、色々試行錯誤があった。 だれもがはじめて作るときは初心者だ。 初心者には初心者なりの悩みがある。 これからWebサービスを作りた
In forums relating to AI and AI coding in particular, I see a common inquiry from experienced software developers: Is anyone getting value out of tools like Cursor, and is it worth the subscription price? A few months into using Cursor as my daily driver for both personal and work projects, I have some observations to share about whether this is a "need-to-have" tool or just a passing fad, as well
Update 1.76.1: The update addresses these issues. Update 1.76.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the February 2023 release of Visual Studio Code. There are many updates in this version that we hope you'll like, some of the key highlights include: Profiles - Active profile badge, quickly swi
GitHub - ComfyUI-Workflow/awesome-comfyui: A collection of awesome custom nodes for ComfyUI
ComfyUI-Gemini_Flash_2.0_Exp (⭐+172): A ComfyUI custom node that integrates Google's Gemini Flash 2.0 Experimental model, enabling multimodal analysis of text, images, video frames, and audio directly within ComfyUI workflows. ComfyUI-ACE_Plus (⭐+115): Custom nodes for various visual generation and editing tasks using ACE_Plus FFT Model. ComfyUI-Manager (⭐+113): ComfyUI-Manager itself is also a cu
決算発表日の情報、手動で調べて管理するのつらいですよね。無償のいい感じのツールが見つからなかったため、自分で作ればいいやと思いまして、日本取引所で公開されている決算発表日情報を取得し、Googleカレンダーに自動で登録するPythonスクリプトを作成しました。 コードimport os import requests import pandas as pd from bs4 import BeautifulSoup from io import BytesIO from datetime import datetime, timedelta from google.oauth2.credentials import Credentials from google_auth_oauthlib.flow import InstalledAppFlow from googleapiclient.
Irrational Exuberance
Hey folks, I’m Will Larson! I wrote An Elegant Puzzle, Staff Engineer, The Engineering Executive’s Primer, and Crafting Engineering Strategy. You might also be interested in my collection of popular blog posts over the years, or to read my writing as it’s published via my newsletter or my RSS feed. An agent to use Notion docs as prompts to comment on Notion docs. July 20, 2025 Commenting on Notion
Django for Startup Founders: A better software architecture for SaaS startups and consumer apps
In an ideal world, startups would be easy. We'd run our idea by some potential customers, build the product, and then immediately ride that sweet exponential growth curve off into early retirement. Of course it doesn't actually work like that. Not even a little. In real life, even startups that go on to become billion-dollar companies typically go through phases like: Having little or no growth fo
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
SeleniumによるAPI呼び出しを含むE2Eテスト自動化 - asoview! Tech Blog
バグバウンティにおけるLLMの活用事例 - blog of morioka12
RFC 9562: Universally Unique IDentifiers (UUIDs)
June 2022 (version 1.69)
ローカル LLM でコード補完エディタを作った話 - Qiita
GIMP - Development version: GIMP 2.99.12 Released
prompts.chat - AI Prompts Community
Why We Use Julia, 10 Years Later
What's New in Emacs 28.1?
Flask 2.0.xのアップデート項目紹介 - Classi開発者ブログ
Claude Agent Skills: A First Principles Deep Dive
April 2021 (version 1.56)
Ubuntu 24.04 LTS (Noble Numbat) Release Notes
From Go on EC2 to Fly.io: +fun, −$9/mo
GEPA: Reflective Prompt Evolution Can Outperform Reinforcement Learning
初めて公開Webサービス作ってみた奮闘の記録 - Qiita
How I write code using Cursor: A review
February 2023 (version 1.76)
保有銘柄の決算発表日情報をGoogleカレンダーに自動で登録する|ion