Use HTTPS for local development Stay organized with collections Save and categorize content based on your preferences. Most of the time, http://localhost behaves like HTTPS for development purposes. However, there are some special cases, such as custom hostnames or using secure cookies across browsers, where you need to explicitly set up your development site to behave like HTTPS to accurately rep
Contents Command Line Interface Guidelines An open-source guide to help you write better command-line programs, taking traditional UNIX principles and updating them for the modern day. Authors Aanand Prasad Engineer at Squarespace, co-creator of Docker Compose. @aanandprasad Ben Firshman Co-creator Replicate, co-creator of Docker Compose. @bfirsh Carl Tashian Offroad Engineer at Smallstep, first e
自分のパスワードやMFA(多要素認証)の管理方法についてまとめた記事です。 パスワード管理とTOTP(Time-based One-time Password)の管理として1Passwordを使い、MFA(多要素認証)の2要素目としてYubiKeyを2枚使っています。 パスワード管理とMFA管理を安全で使いやすくするのはかなり複雑で難しいため、完璧にやるのが難しいです。 そのため、その難しさから二要素認証を設定するべきアカウントも手間などから設定を省いてしまったり、管理方法に一貫性がありませんでした。 この記事では、パスワード管理/MFA管理の戦略を決めることで、どのサイトのどのアカウントのパスワード管理をあまり頭を使わなくてもできるようにするのが目的です。利便性と安全性のバランスを意識はしていますが、この記事のやり方が正解ではないので、各自の目的に合わせて読み替えると良いと思います。 用
回答:よほどの理由がない限りは、接種することをお勧めします 日本で承認されているmRNAワクチンには、新型コロナウイルスへの感染・発症・重症化・死亡リスクを大幅に減らす効果が確認されています。実際に新型コロナウイルス感染症に罹ってしまうよりも、はるかに小さなリスクで免疫を獲得できます。 そのため、よほどの理由がない限りは、順番が回ってきた時点で接種することをお勧めします(ワクチン接種は自分だけでなく、自分の周りの人を守るという意義もあります)。 ※この記事内容は接種を強制するものではありません。接種するかどうかは個人の判断に委ねられますが、デマや事実誤認をもとに判断してしまうことがないよう、薬局でも行っている情報提供や対応を文書化したものです。 ※非常に長いので、「ページ内検索」や「Ctrl+F」の機能で不妊や後遺症、心筋炎、デルタ株、オミクロン株、ブースター接種といった気になる単語を検索
Wireshark Tutorial: Examining Emotet Infection Traffic
This post is also available in: 日本語 (Japanese) Executive Summary This tutorial is designed for security professionals who investigate suspicious network activity and review packet captures (pcaps). Familiarity with Wireshark is necessary to understand this tutorial, which focuses on Wireshark version 3.x. Emotet is an information-stealer first reported in 2014 as banking malware. It has since evol
【知財・個人情報】ChatGPTをビジネスに利用する際の注意点 ['23/4/11] - Qiita
OpenAI利用規約 まず、OpenAIが提供するサービス(ChatGPTおよびOpenAI API)の利用規約を確認します。 3. Content (a) Your Content. You may provide input to the Services (“Input”), and receive output generated and returned by the Services based on the Input (“Output”). Input and Output are collectively “Content.” As between the parties and to the extent permitted by applicable law, you own all Input. Subject to your compliance with the
![【知財・個人情報】ChatGPTをビジネスに利用する際の注意点 ['23/4/11] - Qiita](https://cdn-ak-scissors.b.st-hatena.com/image/square/dec6568345f0315e003d44ba6c2ecf9aab98146e/height=288;version=1;width=512/https%3A%2F%2Fqiita-user-contents.imgix.net%2Fhttps%253A%252F%252Fcdn.qiita.com%252Fassets%252Fpublic%252Farticle-ogp-background-9f5428127621718a910c8b63951390ad.png%3Fixlib%3Drb-4.0.0%26w%3D1200%26mark64%3DaHR0cHM6Ly9xaWl0YS11c2VyLWNvbnRlbnRzLmltZ2l4Lm5ldC9-dGV4dD9peGxpYj1yYi00LjAuMCZ3PTkxNiZoPTMzNiZ0eHQ9JUUzJTgwJTkwJUU3JTlGJUE1JUU4JUIyJUExJUUzJTgzJUJCJUU1JTgwJThCJUU0JUJBJUJBJUU2JTgzJTg1JUU1JUEwJUIxJUUzJTgwJTkxQ2hhdEdQVCVFMyU4MiU5MiVFMyU4MyU5MyVFMyU4MiVCOCVFMyU4MyU4RCVFMyU4MiVCOSVFMyU4MSVBQiVFNSU4OCVBOSVFNyU5NCVBOCVFMyU4MSU5OSVFMyU4MiU4QiVFOSU5QSU5QiVFMyU4MSVBRSVFNiVCMyVBOCVFNiU4NCU4RiVFNyU4MiVCOSUyMCU1QiUyNzIzJTJGNCUyRjExJTVEJnR4dC1jb2xvcj0lMjMyMTIxMjEmdHh0LWZvbnQ9SGlyYWdpbm8lMjBTYW5zJTIwVzYmdHh0LXNpemU9NTYmdHh0LWNsaXA9ZWxsaXBzaXMmdHh0LWFsaWduPWxlZnQlMkN0b3Amcz0yZTg2ZTY4MTlmZTNiYjM0MWRkMWVhZDhiYTI3NDNhOA%26mark-x%3D142%26mark-y%3D112%26blend64%3DaHR0cHM6Ly9xaWl0YS11c2VyLWNvbnRlbnRzLmltZ2l4Lm5ldC9-dGV4dD9peGxpYj1yYi00LjAuMCZ3PTcxNiZ0eHQ9JTQwZ3JvdW5kMHN0YXRlJnR4dC1jb2xvcj0lMjMyMTIxMjEmdHh0LWZvbnQ9SGlyYWdpbm8lMjBTYW5zJTIwVzYmdHh0LXNpemU9MzImdHh0LWFsaWduPWxlZnQlMkN0b3Amcz0xNmYzYzMxYjc0NzRmZGQ3YTAwMDIxODNiN2Y3ZWI5Nw%26blend-x%3D142%26blend-y%3D491%26blend-mode%3Dnormal%26s%3D92915abc11a24e499be9e653ab495967)
Introducing WebContainers: Run Node.js natively in your browser
Introducing WebContainers: Run Node.js natively in your browser Update: Since the publication of this blog post in May 2021, WebContainers became stable and available on Firefox but most importantly, we released a WebContainer API for you all to enjoy! A few years ago we realized that the web was heading towards a key inflection point. The advent of WebAssembly and new capabilities APIs made it se
2019-nCoVについてのメモとリンク
リンク集目次 国内外の状況 政府機関・国際機関等 学術情報 疫学論文 分子生物学/ウイルス学論文 臨床論文 インフォデミック関係 ワクチン関係 変異株関係 時系列メモ目次 新型コロナウイルス(2020年1月6日,11日) インペリグループによる患者数推定(2020年1月18日) 患者数急増,西浦さんたちの論文(2020年1月20日,23日) WHOはPHEIC宣言せず(2020年1月23-24日) 絶対リスクと相対リスク(2020年1月26日) 研究ラッシュが起こるかも(2020年1月27日) なぜ新感染症でなく指定感染症なのか? なぜ厚労省令でなく閣議決定なのか?(2020年1月27日) コロナウイルスに対する個人防御(2020年1月27日) 国内ヒト=ヒト感染発生(2020年1月28日) フォローアップセンター設置,緊急避難等(2020年1月29日) PHEICの宣言(2020年1月3
Sections What is time Representing time Where do we usually find time on Unix System time, hardware time, internal timers Syncing time with external sources What depends on time Human perception of time What is time Time is relative Measuring time and standards Coordinating time Time zones DST Time, a word that is entangled in everything in our lives, something we’re intimately familiar with. Keep
Adobe to Acquire Figma
Combination of Adobe and Figma Will Usher in New Era of Collaborative Creativity SAN JOSE, Calif.--(BUSINESS WIRE)-- Today, Adobe (Nasdaq:ADBE) announced it has entered into a definitive merger agreement to acquire Figma, a leading web-first collaborative design platform, for approximately $20 billion in cash and stock. The combination of Adobe and Figma will usher in a new era of collaborative cr
CircleCI incident report for January 4, 2023 security incident
CircleCI incident report for January 4, 2023 security incident On January 4, 2023, we alerted customers to a security incident. Today, we want to share with you what happened, what we’ve learned, and what our plans are to continuously improve our security posture for the future. We would like to thank our customers for your attention to rotating and revoking secrets, and apologize for any disrupti
OpenAI API ドキュメントの日本語訳をこちらでまとめます。文字量の多いドキュメントなので、セクションごとに記事を分割しています。 今回は「GET STARTED 」のセクションからLibraries 、Models、TutorialsそしてUsage policiesを抜粋した後編です。 基本 DeepLで翻訳して、気になるところだけ書き換えています(ほぼ気になるところがないのが、DeepLのすごいところ)。原文との突き合わせができるようにはじめに原文を入れてますので、間違いなど見つけられましたら、ぜひご指摘ください。ご指摘箇所は随時反映させていただきます。 原文のリンクが有効になってますので、それぞれ必要な場合は原文リンクの方を参照ください。 前回のおさらいはこちら Python library|Python ライブラリWe provide a Python library, w
SECURITY IS AWESOME SECURITY IS AWESOME I write about security and privacy. I regularly post original security research, custom tools, and detailed technical guides. Companies selling "security scorecards" are on the rise, and have started to become a factor in enterprise sales. I have heard from customers who were concerned about purchasing from suppliers who had been given poor ratings, and in a
Go: A Documentary
Go: A Documentary by Changkun Ou <changkun.de> (and many inputs from contributors) This document collects many interesting (publicly observable) issues, discussions, proposals, CLs, and talks from the Go development process, which intends to offer a comprehensive reference of the Go history. Disclaimer Most of the texts are written as subjective understanding based on public sources Factual and ty
VPN経由で行われるはずだった通信を直接インターネットに送信させ、暗号化やIPアドレスの隠匿などVPNを経由するメリットを失わせる攻撃手法が発見されました。どういう攻撃なのかについてセキュリティ企業のLeviathan Security Groupが解説しています。 CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory https://www.leviathansecurity.com/blog/tunnelvision TunnelVision - CVE-2024-3661 - De
Public keys are not enough for SSH security Loading... If your organization uses SSH public keys, it’s entirely possible you have already mislaid one. There is a file sitting in a backup or on a former employee’s computer which grants the holder access to your infrastructure. If you share SSH keys between employees it’s likely only a few keys are enough to give an attacker access to your entire sy
[Hacker News discussion, LinkedIn discussion, Twitter thread] A question that I’ve been asked a lot recently is how large language models (LLMs) will change machine learning workflows. After working with several companies who are working with LLM applications and personally going down a rabbit hole building my applications, I realized two things: It’s easy to make something cool with LLMs, but ver
EngineeringGit Credential Manager: authentication for everyoneEnsuring secure access to your source code is more important than ever. Git Credential Manager helps make that easy. Universal Git Authentication “Authentication is hard. Hard to debug, hard to test, hard to get right.” – Me These words were true when I wrote them back in July 2020, and they’re still true today. The goal of Git Credenti
Pysa: An open source static analysis tool to detect and prevent security issues in Python code
Pysa: An open source static analysis tool to detect and prevent security issues in Python code Today, we are sharing details about Pysa, an open source static analysis tool we’ve built to detect and prevent security and privacy issues in Python code. Last year, we shared how we built Zoncolan, a static analysis tool that helps us analyze more than 100 million lines of Hack code and has helped engi
Saving Passwords In Your Browser? You Shouldn't: Here's Why
Has Chrome, Edge, or another browser given you the option to "save password"? Here's why you shouldn't, and what to do instead. Everyone should already know how important it is to use strong passwords. Ideally, you'd have a different password for each account, and all of them would be long, complex, and contain numbers and special characters. Few abide by these rules, which is understandable. Afte
Back and forward cache Stay organized with collections Save and categorize content based on your preferences. Back/forward cache (or bfcache) is a browser optimization that enables instant back and forward navigation. It significantly improves the browsing experience, especially for users with slower networks or devices. This page outlines how to optimize your pages for bfcache across all browsers
Parse, don’t validate
Historically, I’ve struggled to find a concise, simple way to explain what it means to practice type-driven design. Too often, when someone asks me “How did you come up with this approach?” I find I can’t give them a satisfying answer. I know it didn’t just come to me in a vision—I have an iterative design process that doesn’t require plucking the “right” approach out of thin air—yet I haven’t bee
Yahoo! JAPAN's password-free authentication reduced inquiries by 25%, sped up sign-in time by 2.6x Stay organized with collections Save and categorize content based on your preferences. Yahoo! JAPAN is one of the largest media companies in Japan, providing services such as search, news, e-commerce, and e-mail. Over 50 million users log in to Yahoo! JAPAN services every month. Over the years, there
Amazon Aurora MySQL 3 with MySQL 8.0 compatibility is now generally available | Amazon Web Services
AWS Database Blog Amazon Aurora MySQL 3 with MySQL 8.0 compatibility is now generally available Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud. Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Amazon Aurora MySQL is compatible with MySQL 5.6 and MySQL
SHA-1 is a Shambles
We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1. Check our paper here for more details. Slides from RWC are also availa
機械学習セキュリティのベストプラクティス – Draft NISTIR 8269: A Taxonomy and Terminology of Adversarial Machine Learning – 論文紹介 概要 「Draft NISTIR 8269: A Taxonomy and Terminology of Adversarial Machine Learning」は、米国のNIST(National Institute of Standards and Technology)が策定を進めている機械学習セキュリティに関するベストプラクティスのドラフトであり、機械学習システムの安全確保を目的として、機械学習にまつわるセキュリティを「攻撃」「防御」「影響」の3つの視点で分類している。 NISTIR8269はブログ執筆時点(2020年7月9日)でドラフト版であるが、「NIST SP8
This article lists the most important security headers you can use to protect your website. Use it to understand web-based security features, learn how to implement them on your website, and as a reference for when you need a reminder. Security headers recommended for websites that handle sensitive user data: Content Security Policy (CSP) Trusted Types Security headers recommended for all websites
GitHub - bregman-arie/devops-exercises: Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions
In general, what do you need in order to communicate? A common language (for the two ends to understand) A way to address who you want to communicate with A Connection (so the content of the communication can reach the recipients) What is TCP/IP? A set of protocols that define how two or more devices can communicate with each other. To learn more about TCP/IP, read here What is Ethernet? Ethernet
This is our goal architecture design, please read the article to understand the journey :)This blog article is participating in the Mercari Bold Challenge month (#6) Hi everyone, this is Raphael from the Microservices Platform team at Mercari. Bluntly introduced, we are a post-IPO Japanese C2C (Customer to Customer) marketplace transitioning from a monolithic to a microservices architecture. A few
Azure OpenAI Service On Your Data の仕組みと使う上で気を付けるべきポイント
はじめに Microsoft Build 2023 で発表された Azure OpenAI Service の On Your Data のパブリックプレビューが開始 しました。体感的には On Your Data は日本国内の全 Azure OpenAI Service ユーザーのうち 8 ~ 9 割程度のユーザーが待ち望んでいた機能ではないかと感じます。(ryohtaka 調べ) What's new in Azure OpenAI Service - June 2023 New easy way to add your data to Azure OpenAI Service (YouTube) しかし、実際に On Your Data を活用するためには気を付けるべきポイントが数多く存在しており、正確な期待値を持ったうえで使うことが非常に重要になってきます。そこで、本記事では On
Introducing workerd: the Open Source Workers runtime09/27/2022 Today I'm proud to introduce the first beta release of workerd, the JavaScript/Wasm runtime based on the same code that powers Cloudflare Workers. workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more p
CISSP 勉強ノート
目次の表示 1. 情報セキュリティ環境 1-1. 職業倫理の理解、遵守、推進 職業倫理 (ISC)2 倫理規約 組織の倫理規約 エンロン事件とSOX法の策定 SOC (System and Organization Controls) レポート 1-2. セキュリティ概念の理解と適用 機密性、完全性、可用性 真正性、否認防止、プライバシー、安全性 デューケアとデューデリジェンス 1-3. セキュリティガバナンス原則の評価と適用 セキュリティ機能のビジネス戦略、目標、使命、目的との連携 組織のガバナンスプロセス 組織の役割と責任 1-4. 法的環境 法的環境 契約上の要件、法的要素、業界標準および規制要件 プライバシー保護 プライバシーシールド 忘れられる権利 データポータビリティ データのローカリゼーション 国と地域の例 米国の法律 [追加] サイバー犯罪とデータ侵害 知的財産保護 輸入と
AWS Open Source Blog Sustainability with Rust Rust is a programming language implemented as a set of open source projects. It combines the performance and resource efficiency of systems programming languages like C with the memory safety of languages like Java. Rust started in 2006 as a personal project of Graydon Hoare before becoming a research project at Mozilla in 2010. Rust 1.0 launched in 20
EngineeringUpgrading GitHub.com to MySQL 8.0GitHub uses MySQL to store vast amounts of relational data. This is the story of how we seamlessly upgraded our production fleet to MySQL 8.0. Over 15 years ago, GitHub started as a Ruby on Rails application with a single MySQL database. Since then, GitHub has evolved its MySQL architecture to meet the scaling and resiliency needs of the platform—includi
Code improves with multiple reviews and revisions, and this process isn’t something that can be done alone. Spotting errors in code design is difficult at the best of times — and the closer you are to the work, the harder it can be to critique. That’s where code reviews come in. The beginning: introducing code reviewsWhat is a code review? Code improves with multiple reviews and revisions, and thi
こんにちは。 ご機嫌いかがでしょうか。 "No human labor is no human error" が大好きな吉井 亮です。 AWS ベストプラクティス集、ソリューションアーキテクトのバイブルともいえる Well-Architected フレームワーク ホワイトペーパーが更新されました。 AWS をより良く効果的に利用するための方法が記述されていますので、是非一度ご覧になってみてください。 本エントリでは更新されたフレームワークに沿って、ハンズオンをしながら AWS を勉強するサイトを紹介します。 まずホワイトペーパーの何が更新されたか ホワイトペーパーは 質問と回答 という形式で実践方法が記述されています。 今回の更新では、より具体的な実践方法が記述されるようになりました。 セキュリティの柱 質問2「How do you manage identities for people
ALPACA Attack
Paper Q&A How to ALPN/SNI Updates! News A big reevaluation of TLS libraries, TLS application servers, and a new internet scan by Jannik Hölling is now available in the Updates section! ALPACA will be presented at Black Hat USA 2021, USENIX Security Symposium 2021, and Real Word Crypto Symposium 2022! Recommended articles: Ars Technica (Dan Goodin), Golem (Hanno Böck; German) Introduction TLS is an
Implementing a Zero Trust security model at Microsoft - Inside Track Blog
Our Zero Trust security model enables us to provide a healthy and protected environment internally at Microsoft. At Microsoft, our shift to a Zero Trust security model more than five years ago has helped us navigate many challenges. The increasing prevalence of cloud-based services, mobile computing, internet of things (IoT), and bring your own device (BYOD) in the workforce have changed the techn
The Dangerous Populist Science of Yuval Noah Harari ❧ Current Affairs
Watch videos of Yuval Noah Harari, the author of the wildly successful book Sapiens: A Brief History of Humankind, and you will hear him being asked the most astonishing questions. “A hundred years from now, do you think we will still care about being happy?” — Canadian journalist Steve Paikin, on the “The Agenda with Steve Paikin” “What I do, is it still relevant, and how do I prepare for my futu
Security Incident December 2022 Update - LastPass - The LastPass Blog
Please refer to the latest article for updated information. Update as of Thursday, December 22, 2022 To Our LastPass Community, We recently notified you that an unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of our production data. In keeping with our commitment to transparency, we want to provide you with an update rega
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Use HTTPS for local development | Articles | web.dev
Command Line Interface Guidelines
パスワード管理/MFA管理の戦略
新型コロナのワクチン、打った方が良い?~mRNAワクチンの効果と安全性、よくある誤解
Time on Unix
OpenAI API ドキュメント 日本語訳|#2 GET STARTED 後編|ゑぐみかるちゃあ
HTTP Security Headers - A Complete Guide
VPNを経由するはずだった通信を直接インターネットに送信させる攻撃手法「TunnelVision」が発見される
Public keys are not enough for SSH security
Building LLM applications for production
Git Credential Manager: authentication for everyone
Back and forward cache | Articles | web.dev
Yahoo! JAPAN's password-free authentication reduced inquiries by 25%, sped up sign-in time by 2.6x | web.dev
機械学習セキュリティのベストプラクティス – Draft NISTIR 8269: A Taxonomy and Terminology of Adversarial Machine Learning –
Security headers quick reference | Articles | web.dev
Network Architecture Design for Microservices on GCP
Introducing workerd: the Open Source Workers runtime
Sustainability with Rust | Amazon Web Services
Upgrading GitHub.com to MySQL 8.0
Code Reviews 101 - The Basics | Sema
AWSベストプラクティスをハンズオンラボで学ぼう | DevelopersIO