はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
TL;DR: DuckDB-Wasm is an in-process analytical SQL database for the browser. It is powered by WebAssembly, speaks Arrow fluently, reads Parquet, CSV and JSON files backed by Filesystem APIs or HTTP requests and has been tested with Chrome, Firefox, Safari and Node.js. You can try it in your browser at shell.duckdb.org or on Observable. DuckDB-Wasm is fast! If you're here for performance numbers, h
Introduction to Postgres Indexes – Frontend Masters Blog
This Part 1 (of a 2-part series) is a practical, hands-on, applicable approach to database indexes. We’ll cover what B Trees are with a focus on deeply understanding, and internalizing how they store data on disk, and how your database uses them to speed up queries. This will set us up nicely for part 2, where we’ll explore some interesting, counterintuitive ways to press indexes into service to a
AWS News Blog New for App Runner – VPC Support With AWS App Runner, you can quickly deploy web applications and APIs at any scale. You can start with your source code or a container image, and App Runner will fully manage all infrastructure including servers, networking, and load balancing for your application. If you want, App Runner can also configure a deployment pipeline for you. Starting toda
Everything a developer needs to know about Generative AI for SaaS
Everything a developer needs to know about Generative AI for SaaS Few months ago, I knew almost nothing about AI. I used ChatGPT and Co-Pilot (I'm civilized, after all), but a lot of the content around AI was Greek to me. Terms like models, transformers, training, inference, RAG, attention, and agents were unfamiliar. Last week, I have completed my first end-to-end AI-based product: AI Code Assist
100000 TPS over a billion rows: the unreasonable effectiveness of SQLite
100000 TPS over a billion rows: the unreasonable effectiveness of SQLite 02 Dec 2025 SQLite doesn't have MVCC! It only has a single writer! SQLite is for phones and mobile apps (and the occasional airliner)! For web servers use a proper database like Postgres! In this article I'll go over why being embedded and a single writer are not deficiencies but actually allow SQLite to scale so unreasonably
I want to troubleshoot low memory issues when I run an Amazon Relational Database Service (Amazon RDS) for MySQL instance. My available memory is low, my database is out of memory, or there are latency issues in my application. Resolution Important: Performance Insights will reach its end of life on June 30, 2026. You can upgrade to the Advanced mode of Database insights before June 30, 2026. If y
SQLite Wasm in the browser backed by the Origin Private File System | Blog | Chrome for Developers
SQLite is a popular, open-source, lightweight, embedded relational database management system. Many developers use it to store data in a structured, easy-to-use manner. Because of its small size and low memory requirements, SQLite is often leveraged as a database engine in mobile devices, desktop applications, and web browsers. One of the key features of SQLite is that it is a serverless database,
Against SQL
TLDR The relational model is great: A shared universal data model allows cooperation between programs written in many different languages, running on different machines and with different lifespans. Normalization allows updating data without worrying about forgetting to update derived data. Physical data independence allows changing data-structures and query plans without having to change all of y
Parquet and Postgres in the Data Lake | Crunchy Data Blog
Interested in Spatial analytics? You can now connect Postgres and PostGIS to CSV, JSON, Parquet / GeoParquet, Iceberg, and more with Crunchy Data Warehouse. Static Data is DifferentA couple weeks ago, I came across a blog from Retool on their experience migrating a 4TB database. They put in place some good procedures and managed a successful migration, but the whole experience was complicated by t
In 2006 Microsoft conducted a customer survey to find what new features users want in new versions of Microsoft Office. To their surprise, more than 90% of what users asked for already existed, they just didn't know about it. To address the "discoverability" issue, they came up with the "Ribbon UI" that we know from Microsoft Office products today. Office is not unique in this sense. Most of us ar
Rust has picked up a lot of momentum since we last looked at it in 2015. Companies like Amazon and Microsoft have adopted it for a growing number of use cases. Microsoft, for example, sponsors the Actix project on GitHub, which is a general purpose open source actor framework based on Rust. The Actix project also maintains a RESTful API development framework, which is widely regarded as a fast and
Database Fundamentals
About a year ago, I tried thinking which database I should choose for my next project, and came to the realization that I don't really know the differences of databases enough. I went to different database websites and saw mostly marketing and words I don't understand. This is when I decided to read the excellent books Database Internals by Alex Petrov and Designing Data-Intensive Applications by
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
If you need a publish/subscribe or job server at any point in your project, try using Postgres. It'll give you lots of data integrity and performance guarantees, and it doesn't require you or your team learning any new technology. If you're making any project of sufficient complexity, you'll need a publish/subscribe server to process events. This article will introduce you to Postgres, explain the
Introduction to Go 1.22 The latest Go release, version 1.22, arrives six months after Go 1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Changes to the language Go 1.22 makes two changes to “for” loops. Previous
CockroachDB に 1レコード INSERT した時にアクセスされるファイルのお話 - こたつ&&みかん&&でーたべーす
最近話題 (?) の「DB に 1レコード INSERT した時にアクセスされるファイル」について、CockroachDB で検証してみました。 元ネタ 元ネタは以下の Blog です。 MySQLエキスパートyoku0825が目指す、DBAとしての未来像 「インストールされたばかりのMySQLがあるとして、特定テーブルに1件のレコードを最初にINSERTした場合、アクセスが発生するファイルとその理由をすべて教えてください」 カジュアルとはいえ、面談で急にこれを聞かれたらテンパる自信が有ります。 環境 今回は以下の環境 (Docker を利用したローカルの Secure クラスタ) で検証しています。 バージョン Ubuntu : 20.04 Docker : 20.10.8 CockroachDB : 21.1.7 Container Image : cockroachdb/cockro
Full-stack Rust: A complete tutorial with examples - LogRocket Blog
We also define some helpers to create our data objects for the API from the database domain objects. This is all we’ll put in the common project. Let’s continue with the backend part of our app. Building the REST backend We start off with the database definition for our data model: CREATE TABLE IF NOT EXISTS owner ( id SERIAL PRIMARY KEY NOT NULL, name VARCHAR(255) NOT NULL ); CREATE TABLE IF NOT
Does OLAP need an ORM?
TL;DR · ORMs have proven to be useful for many developers in the OLTP/transactional stack (Postgres, MySQL, etc). · OLAP/analytical databases like ClickHouse could potentially benefit from ORM abstractions. · Existing transactional ORMs probably shouldn’t be extended to OLAP due to fundamental differences in semantic meaning between OLTP and OLAP. · Moose OLAP (part of MooseStack) is an open sourc
Build a serverless API using Cloudflare Workers, Drizzle ORM, and NeonLearn how you can use Cloudflare Workers, Drizzle ORM, and Neon to build a serverless API In this guide, you will learn how to build a serverless API using Cloudflare Workers, Hono, Drizzle ORM, and Neon. What are Cloudflare Workers? Cloudflare Workers enable you to build and deploy serverless code instantly across the globe wit
After learning about indexes, I understood their basic structure, but I wanted to dig deeper — to explore the data structure, understand the algorithm, and learn how the index data is stored on disk. The theory and actual implementation can differ, so I decided to explore this topic further. I wanted to see how a database management system (DBMS) stores an index in both disk and memory, and how it
Noble Numbat Release Notes Table of Contents Introduction New features in 24.04 LTS Known Issues Official flavours More information Introduction These release notes for Ubuntu 24.04 LTS (Noble Numbat) provide an overview of the release and document the known issues with Ubuntu and its flavours. For details of the changes applied since 24.04, please see the 24.04.2 change summary. Support lifespan
Horizontally scaling the Rails backend of Shop app with Vitess - Shopify
Horizontally scaling the Rails backend of Shop app with VitessShop app horizontally scaled a Ruby on Rails app with Vitess. This blog describes Vitess and our detailed approach for introducing Vitess to a Rails app. Good problems We experienced hockey stick growth after we launched the Shop app. We were glued to our dashboards and saw millions of users onboard onto the app. This was gratifying, bu
Streamlining access to tabular datasets stored in Amazon S3 Tables with DuckDB | Amazon Web Services
AWS Storage Blog Streamlining access to tabular datasets stored in Amazon S3 Tables with DuckDB As businesses continue to rely on data-driven decision-making, there’s an increasing demand for tools that streamline and accelerate the process of data analysis. Efficiency and simplicity in application architecture can serve as a competitive edge when driving high-stakes decisions. Developers are seek
Rust microservices in server-side WebAssembly - LogRocket Blog
The Rust programming language has gained mainstream adoption in the past several years. It is consistently ranked as the most beloved programming language by developers and has been accepted into the Linux kernel. Rust enables developers to write correct and memory-safe programs that are as fast and as small as C programs. It is ideally suited for infrastructure software, including server-side app
Introduction This will be a course for becoming a Complete Modern React Developer in 2022. The only three topics which are not covered in this course are Redux, GraphQL and React Native which could be covered in a future course. TypeScript is going to be the main programming language covered however if you already know JavaScript then you should find it quite easy to understand because the syntax
Sketch of a Post-ORM
I’ve been writing a lot of database access code as of late. It’s frustrating that in 2023, my choices are still to either write all of the boilerplate by hand, or hand all database access over to some inscrutable “agile” ORM that will become a crippling liability in the 2-3y timescale. This post is about how I want to use databases, from the perspective of an application server developer—not a DBA
Updated 2024-09-17 to reflect updated PgBouncer support for protocol-level prepared statements 🐘 To start, I want to say that I’m appreciative that PgBouncer exists and the work its open source maintainers put into it. I also love working with PostgreSQL, and I’m thankful for the incredible amount of work and improvements that go into it as well. I also think community and industry enthusiasm aro
Full Stack Development with Next.js and Supabase – The Complete Guide
Supabase is an open source Firebase alternative that lets you create a real-time backend in less than two minutes. Supabase has continued to gain hype and adoption with developers in my network over the past few months. And a lot of the people I've talked to about it prefer the fact that it leverages a SQL-style database, and they like that it's open source, too. When you create a project Supabase
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
DuckDB-Wasm: Efficient Analytical SQL in the Browser
New for App Runner – VPC Support | Amazon Web Services
Troubleshoot low freeable memory in Amazon RDS for MySQL
Lesser Known PostgreSQL Features
Build an API in Rust with JWT Authentication using actix-web
What's New in Emacs 28.1?
Postgres is a great pub/sub & job server
Go 1.22 Release Notes - The Go Programming Language
Build a serverless API using Cloudflare Workers, Drizzle ORM, and Neon - Neon
SQLite Index Visualization: Structure
Ubuntu 24.04 LTS (Noble Numbat) Release Notes
The Complete Modern React Developer 2022
PgBouncer is useful, important, and fraught with peril