投稿時間:2020-09-19 03:35:01 RSSフィード2020-09-19 03:00 分まとめ(36件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Management Tools Blog	Simplifying permissions management at scale using tags in AWS Organizations	https://aws.amazon.com/blogs/mt/simplifying-permissions-management-at-scale-using-tags-in-aws-organizations/	Simplifying permissions management at scale using tags in AWS OrganizationsAWS Organizations has extended its existing tagging support for AWS accounts to include all Organizations resources such as organizational units OUs and your root and organization level policies You can tag these resources as you create them giving you a convenient way to make sure that your Organizations resources are categorized from the start without needing …	2020-09-18 17:55:06
AWS	AWS Security Blog	Get ready for upcoming changes in the AWS Single Sign-On user sign-in process	https://aws.amazon.com/blogs/security/get-ready-upcoming-changes-aws-single-sign-on-user-sign-in-process/	Get ready for upcoming changes in the AWS Single Sign On user sign in processTo improve security enhance user experience and address compatibility with future AWS Identity changes AWS Single Sign On SSO is making changes to the sign in process that will affect some AWS SSO customers The changes will go into effect globally in early October The AWS SSO sign in pages are moving to a new top level DNS …	2020-09-18 17:38:13
AWS	AWS	How to Insert new Salesforce Records with Data in Amazon S3 Using Amazon AppFlow	https://www.youtube.com/watch?v=s6_Nczvb4Mc	How to Insert new Salesforce Records with Data in Amazon S Using Amazon AppFlowAmazon AppFlow is an integration service that enables you to securely transfer data between SaaS applications like Salesforce Marketo Slack and ServiceNow and AWS services like Amazon S and Amazon Redshift in just a few clicks Learn more about Amazon AppFlow at In this video learn how to get started with AppFlow by setting up a basic flow to send data from Amazon S to Salesforce With AppFlow you can run data flows at nearly any scale at the frequency you choose on a schedule in response to a business event or on demand You can configure data transformation capabilities like filtering and validation to generate rich ready to use data as part of the flow itself without additional steps AppFlow automatically encrypts data in motion and allows users to restrict data from flowing over the public Internet for SaaS applications that are integrated with AWS PrivateLink reducing exposure to security threats Subscribe More AWS videos More AWS events videos AWS AWSDemo	2020-09-18 17:40:50
AWS	AWS	How to Transfer Data from Google Analytics to Amazon S3 using Amazon AppFlow	https://www.youtube.com/watch?v=Y0nrScX--Fs	How to Transfer Data from Google Analytics to Amazon S using Amazon AppFlowAmazon AppFlow is a integration service that enables you to securely transfer data between SaaS applications like Salesforce Marketo Slack and ServiceNow and AWS services like Amazon S and Amazon Redshift in just a few clicks Learn more about Amazon AppFlow at In this video learn how to get started with AppFlow by setting up a basic flow to send data from Google Analytics to Amazon S With AppFlow you can run data flows at nearly any scale at the frequency you choose on a schedule in response to a business event or on demand You can configure data transformation capabilities like filtering and validation to generate rich ready to use data as part of the flow itself without additional steps AppFlow automatically encrypts data in motion and allows users to restrict data from flowing over the public Internet for SaaS applications that are integrated with AWS PrivateLink reducing exposure to security threats Subscribe More AWS videos More AWS events videos AWS AWSDemo	2020-09-18 17:40:17
AWS	AWS Security Blog	Get ready for upcoming changes in the AWS Single Sign-On user sign-in process	https://aws.amazon.com/blogs/security/get-ready-upcoming-changes-aws-single-sign-on-user-sign-in-process/	Get ready for upcoming changes in the AWS Single Sign On user sign in processTo improve security enhance user experience and address compatibility with future AWS Identity changes AWS Single Sign On SSO is making changes to the sign in process that will affect some AWS SSO customers The changes will go into effect globally in early October The AWS SSO sign in pages are moving to a new top level DNS …	2020-09-18 17:38:13
python	Pythonタグが付けられた新着投稿 - Qiita	文字列配列を長さ&五十音順にソートする	https://qiita.com/tsukada_cs/items/85c36e0f1ca2518cc4e4	文字列配列を長さamp五十音順にソートするはじめに文字列でできた配列を単語の長さでソートしかつ五十音順にしたいケースがあったのでメモとして残す。	2020-09-19 02:36:48
js	JavaScriptタグが付けられた新着投稿 - Qiita	『暗号技術入門 第3版（著：結城 浩）』のクイズをJavaScriptで試す	https://qiita.com/YoshYoshiYosh/items/b150da08f2236780f563	やり方としては、「a」「z」のアルファベットを文字列として格納した配列を作る問題文で与えられた暗号文に存在する全文字で、「この文字はアルファベット配列の要素でいうと何番目になるか」を調べて、新しく配列を作るもし暗号文がabcだったら、の配列を作る作成した配列の全要素に対して、「a」「z」の全アルファベット回分、つずつ後ろにずらす処理をする。	2020-09-19 02:07:52
js	JavaScriptタグが付けられた新着投稿 - Qiita	既存のVue.jsプロジェクトをVue 3へ以降したときに必要だった対応まとめ	https://qiita.com/laineus/items/d1f1f7972f521556a788	既存のVuejsプロジェクトをVueへ以降したときに必要だった対応まとめはじめにこの記事では、「既存プロジェクトをとにかくVueへ移行して元通り動くようにする」が目的です。	2020-09-19 02:00:45
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	herokuでデプロイするときに、Application errorが出る（Javaアプリケーション）	https://teratail.com/questions/292795?rss=all	herokuでデプロイするときに、Applicationerrorが出るJavaアプリケーション前提・実現したいことMavenとHeroku触れて日目です。	2020-09-19 02:41:29
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Visual Studio2017でMicrosoft.RdlcDesigner.vsixをインストール失敗した後，再度インストールする方法が分からない。	https://teratail.com/questions/292794?rss=all	VisualStudioでMicrosoftRdlcDesignervsixをインストール失敗した後再度インストールする方法が分からない。	2020-09-19 02:28:35
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	スクロール(scroll)をある一定量ごとにanimateでscrollさせるべきですか？？	https://teratail.com/questions/292793?rss=all		2020-09-19 02:26:07
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	文字列と画像のセットがランダムで表示されるようにしたい	https://teratail.com/questions/292792?rss=all		2020-09-19 02:13:10
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	rosのmsgファイルのheaderが生成されない	https://teratail.com/questions/292791?rss=all	rosのmsgファイルのheaderが生成されないトランジスタ技術月号のrosのチュートリアルを勉強しています。	2020-09-19 02:00:27
Ruby	Rubyタグが付けられた新着投稿 - Qiita	bundle updateをしても、繰り返し促される時の解決法	https://qiita.com/asobitone/items/e724b45c191a442148c9	bundleupdateをしても、繰り返し促される時の解決法ToupdatetothelatestversioninstalledonyoursystemrunbundleupdatebundlerToinstallthemissingversionrungeminstallbundlerこのようなエラーが繰り返し表示されたときは、gemupdatesystemを実行すると解決する場合があります。	2020-09-19 02:40:41
Ruby	Railsタグが付けられた新着投稿 - Qiita	bundle updateをしても、繰り返し促される時の解決法	https://qiita.com/asobitone/items/e724b45c191a442148c9	bundleupdateをしても、繰り返し促される時の解決法ToupdatetothelatestversioninstalledonyoursystemrunbundleupdatebundlerToinstallthemissingversionrungeminstallbundlerこのようなエラーが繰り返し表示されたときは、gemupdatesystemを実行すると解決する場合があります。	2020-09-19 02:40:41
海外TECH	Ars Technica	Wayback Machine and Cloudflare team up to archive more of the Web	https://arstechnica.com/?p=1707782	machine	2020-09-18 17:53:41
海外TECH	Ars Technica	The Apple Watch Series 6, Apple Watch SE, and 8th-gen iPad hit store shelves	https://arstechnica.com/?p=1707762	orders	2020-09-18 17:01:42
Apple	AppleInsider - Frontpage News	Everything new in iOS 14.2 beta 1 -- updates to Control Center, Watch icon & more	https://appleinsider.com/articles/20/09/18/everything-new-in-ios-142-beta-1----updates-to-control-center-watch-icon	Everything new in iOS beta updates to Control Center Watch icon amp moreApple seeded iOS beta ーthe first iOS point release ーto registered developers on Thursday Here s everything that s new Credit Andrew O Hara AppleInsiderIt isn t clear why Apple has jumped to the iOS build The company may release iOS separately as a bug fixing update or it could simply skip that point release entirely Read more	2020-09-18 17:58:13
Apple	AppleInsider - Frontpage News	'Fortnite: Save the World' updates stop on Mac as U.S. investigates Epic's China connection	https://appleinsider.com/articles/20/09/18/fortnite-save-the-world-updates-stop-on-mac-as-us-investigates-epics-china-connection	x Fortnite Save the World x updates stop on Mac as U S investigates Epic x s China connectionEpic is saying that Apple has blocked all updates to Fortnite spin off Fortnite Save the World on macOS ending Epic s ability to develop on the platform while a U S government investigation of owner Tencent looms Apple blocks Fortnite updates on macOSThere is a lot of turmoil between the U S and China and American citizens are beginning to feel the pressure Apple s actions against Fortnite have so far been unrelated to the probes into Tencent though it is an example of what to expect for companies banned by government action Read more	2020-09-18 17:15:04
海外TECH	Engadget	'Cyberpunk 2077' won't require a high-end gaming rig	https://www.engadget.com/cyberpunk-2077-specs-minimum-recommended-171858362.html	x Cyberpunk x won x t require a high end gaming rigIn the latest edition of Night City Wire CD Projekt Red revealed the minimum and recommended PC specs for Cyberpunk The good news is you won t need a high end gaming rig for it to run decently ーso don t worry too much if you missed out on the	2020-09-18 17:18:58
海外科学	NYT > Science	Covid-19 News: Live Updates	https://www.nytimes.com/2020/09/18/world/covid-19-coronavirus.html	performance	2020-09-18 17:52:32
海外TECH	WIRED	Trump’s TikTok Circus Will Have Lasting Consequences	https://www.wired.com/story/trump-tiktok-circus-lasting-consequences	technological	2020-09-18 17:01:04
ニュース	@日本経済新聞 電子版	菅政権がわかる　めざす改革や首相のひととなりとは https://t.co/TgHwENaLCw	https://twitter.com/nikkei/statuses/1307004421134405632	首相	2020-09-18 17:11:51
ニュース	@日本経済新聞 電子版	外交・安保は「安倍人脈」で　首相、20日にもトランプ氏と電話協議 https://t.co/jwvaeL8hQz	https://twitter.com/nikkei/statuses/1307004420207472641	首相	2020-09-18 17:11:51
ニュース	@日本経済新聞 電子版	台湾の蔡総統、米国務次官・TSMC創業者らと会談 https://t.co/oRxcXU6V7U	https://twitter.com/nikkei/statuses/1307004419121115136	国務次官	2020-09-18 17:11:51
ニュース	@日本経済新聞 電子版	米中、南シナ海で応酬　「最終兵器」無力化狙う米軍 https://t.co/4VpqTII31S	https://twitter.com/nikkei/statuses/1307004418076803072	南シナ海	2020-09-18 17:11:50
ニュース	@日本経済新聞 電子版	統治機構改革、「デジタル庁」を突破口に https://t.co/hjsce8encm	https://twitter.com/nikkei/statuses/1307004417065926656	統治機構	2020-09-18 17:11:50
ニュース	@日本経済新聞 電子版	量子技術、世界がしのぎ https://t.co/WoZ5R6rtDY	https://twitter.com/nikkei/statuses/1307004415744684034	量子	2020-09-18 17:11:50
海外ニュース	Japan Times latest articles	Six wrestlers tied for lead after Onosho’s first loss	https://www.japantimes.co.jp/sports/2020/09/18/sumo/basho-reports/six-wrestlers-tied-lead-onoshos-first-loss/	Six wrestlers tied for lead after Onosho s first lossSole overnight leader Onosho fell back to the pack with a loss to fellow rank and file grappler Chiyotairyu at the Autumn Grand Sumo Tournament on Friday Following	2020-09-19 03:39:47
海外ニュース	Japan Times latest articles	Shingo Kunieda advises Tokyo 2020 officials on U.S. Open ‘bubble’	https://www.japantimes.co.jp/sports/2020/09/18/olympics/shingo-kunieda-tokyo-2020-u-s-open-bubble/	bubble	2020-09-19 03:32:38
ニュース	BBC News - Home	Covid-19: Second wave now hitting the UK, says Boris Johnson	https://www.bbc.co.uk/news/uk-54212654	measures	2020-09-18 17:36:27
ニュース	BBC News - Home	TikTok and WeChat: US to ban app downloads in 48 hours	https://www.bbc.co.uk/news/technology-54205231	trump	2020-09-18 17:33:39
ニュース	BBC News - Home	'Voluntary lockdown' plea to St Andrews University's students	https://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-54209452	university	2020-09-18 17:48:04
ニュース	BBC News - Home	Liverpool sign Thiago from Bayern for £20m and set sights on Wolves' Jota	https://www.bbc.co.uk/sport/football/54199589	diogo	2020-09-18 17:17:27
IT	週刊アスキー	米商務省が、米国内でTikTokの新規ダウンロードを禁止へ、TikTokは異議を表明	https://weekly.ascii.jp/elem/000/004/027/4027510/	tiktok	2020-09-19 02:15:00
GCP	Cloud Blog	gVisor: Protecting GKE and serverless users in the real world	https://cloud.google.com/blog/products/containers-kubernetes/how-gvisor-protects-google-cloud-services-from-cve-2020-14386/	gVisor Protecting GKE and serverless users in the real worldSecurity is a top priority for Google Cloud and we protect our customers through how we design our infrastructure our services and how we work Googlers created some of the fundamental components of containers like cgroups and we were an early adopter of containers for our internal systems We realized we needed a way to increase the security of this technology This led to the development of gVisor a container security sandbox that we have since open sourced and integrated into multiple Google Cloud products When a recent Linux kernel vulnerability was disclosed users of these products were not affected because they were protected by gVisor The latest container escapeWhile auditing the kernel release an employee of Palo Alto Networks recently discovered a Linux kernel vulnerability which has the potential to be used for “container escapes Containers share the same host kernel which is one of the properties that allow them to be densely packed and highly portable A container escape refers to a category of vulnerabilities seen in containerized systems whereーtypically through privilege escalationーan unauthorized user gains access to the host system giving the attacker an entrypoint for whatever they d like to do next for example data exfiltration or cryptomining You can learn more container security fundamentals in this ebook “Why Container Security Matters to Your Business This vulnerability CVE uses the CAP NET RAW capability of the Linux kernel to cause memory corruption allowing an attacker to gain root access when they should not have In Docker the most commonly used container format with Kubernetes the CAP NET RAW capability is enabled by default This means that “out of the box your Kubernetes deploymentーor the infrastructure of your serverless applicationsーcould be compromised by this recent vulnerability Even if your security team has told you to disable some of these default capabilities CAP NET RAW is commonly used by networking tools such as ping and tcpdump and may have been re enabled for troubleshooting purposes  Mitigating CVE with gVisorIf you saw the Google Kubernetes Engine security bulletin you may have noticed a line you hadn t seen before “Pods running inGKE Sandboxare not able to leverage this vulnerability If you re a user of Cloud Run Cloud Functions orApp Engine standard environment you are protected from this vulnerability as well and will not have experienced any service disruptions or been issued patching instructions All these platforms utilize gVisor to securely “sandbox workloads which protected users from this vulnerability gVisor takes inspiration from a common principle in security that states that you should have multiple distinct layers of protection and that those layers should not be susceptible to the same kinds of compromises Containers rely on namespaces and cgroups as their primary layer of isolation gVisor then introduces a second layer by handling syscalls through the Sentry a kernel written in Go that emulates Linux in userspace This significantly reduces the number of syscalls allowed to reach the host kernel and thereby reduces the attack surface In addition to the isolation provided by the Sentry gVisor uses a specific TCP IP stack Netstack for yet another layer of protection  In this case the vulnerability is first hindered by having CAP NET RAW disabled by default However even if enabled the vulnerability does not exist for gVisor the problematic C code in Linux is not used in the gVisor networking stack More importantly this kind of attackーthe exploitation of out of bounds array writesーis much less likely in the Sentry and its networking stack thanks to the use of Go Making security a priorityTaking a step back Linux is a fundamentally complex and evolving system and security is thus an ongoing challenge As a professor at UC Berkeley in I first worked on intercepting syscalls to improve Linux security and it remains an important approach The Dune system later showed how to use virtualization hardware to intercept syscalls leading essentially to a “virtual process rather than a “virtual machine However as with the earlier work it then forwarded calls to the normal Linux kernel and attackers could thus still reach the underlying kernel  In contrast gVisor actually implements the Linux syscalls directly in Go Although it still makes some use of the underlying kernel gVisor is never a direct passthrough of adversary controlled data In some sense gVisor is really a safe small version of Linux Because Go is type and memory safe huge classes of classic Linux problems such as buffer overflows and out of bounds array writes just disappear The implementation is also orders of magnitude smaller which further improves security However the gVisor approach introduces tradeoffs and there are currently downsides to picking this more secure path The first downside is that gVisor will always have semantic differences from “real Linux although it is close enough to execute the vast majority of applications in practice The rise of containers helps on this front as it has led to less interest in distro specifics and more demand for portability And Linux has done an incredible job on API stability so the semantics are stable and well defined The second downside is that intercepting syscalls has performance overhead for workloads that are I O intensive based more on the number of calls than the amount of data This will of course improve over time but it is a factor for some applications Many applications should prefer stronger security but clearly not all do My hope is that Linux and the security community can get to a place where the user doesn t have to sacrifice performance for security To make this a reality open source communities are going to have to prioritize security in upstream design in the kernel and other core open source projects Efforts like the Open Source Security Foundation make me hopeful that we can solve this together Protecting your cloud native applications In the meantime we re committed to making the “secure thing to do the easy thing to do At Google Cloud we offer you the ability to use gVisor for your Google Kubernetes Engine GKE cluster with GKE Sandbox and have built gVisor into the infrastructure that runs our serverless services App Engine Cloud Run and Cloud Functions In the case of GKE added layers of defense are only clicks away and for Cloud Run and App Engine users get these added layers of protection without having to do anything If you re running on GKE Sandbox your pods are not affected by this vulnerability However as part of your security best practices you should still upgrade to protect system containers that run on all nodes If you are not a GKE Sandbox user your first step is to upgrade your control plane and nodes to one of the versions listed in the GKE security bulletin and then follow the recommendations for removing CAP NET RAW through Policy Controller Gatekeeper or PodSecurityPolicy Your next step is to enable GKE Sandbox As a managed service GKE Sandbox handles the internals of running open source gVisor for you there are no changes needed to your applications and adding defense in depth to your pods is just a matter of a few clicks Whether your applications run in containers or serverlessly get started with GKE or Google Cloud s serverless solutions to get the security benefits of gVisor a class uni related article tout wrapper h c grid col h c grid col h c grid col m h c grid col l h c grid col offset h c grid col m offset h c grid col l offset uni click tracker data analytics event page interaction category article lead action related article inline label article slug href Related ArticleOpen sourcing gVisor a sandboxed container runtimeContainers have revolutionized how we develop package and deploy applications However the system surface exposed to containers is bro Read Article	2020-09-18 17:30:00