投稿時間:2021-05-07 19:42:59 RSSフィード2021-05-07 19:00 分まとめ(49件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
TECH	Engadget Japanese	マイナンバーカードの交付率が30％に到達、5月5日時点で	https://japanese.engadget.com/my-number-094545031.html	月日	2021-05-07 09:45:45
TECH	Engadget Japanese	ASUS ZenFone 8（仮）画像がリークか　Flipは3眼カメラが前後に回転	https://japanese.engadget.com/asus-zenfone-8-flip-093018145.html	asuszenfone	2021-05-07 09:30:18
TECH	Engadget Japanese	コミュニティで少数言語を守るグーグルの写真翻訳ツール「Woolaroo」	https://japanese.engadget.com/google-woolaroo-090047017.html	woolaroo	2021-05-07 09:00:47
IT	ITmedia 総合記事一覧	[ITmedia News] 「スーパー野田ゲーPARTY」1週間で5万DL突破　新作2タイトル追加へ	https://www.itmedia.co.jp/news/articles/2105/07/news131.html	itmedia	2021-05-07 18:38:00
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] アパホテル、30日9万9000円の定額プランを発表　全国100カ所以上・毎日別のホテルに宿泊可能	https://www.itmedia.co.jp/business/articles/2105/07/news127.html	itmedia	2021-05-07 18:30:00
python	Pythonタグが付けられた新着投稿 - Qiita	pandasのメソッドだけでそこそこのグラフを描画したい	https://qiita.com/sckln/items/b13a52bec3ce13892936	結果画像やりたいことMatplotlibは覚えること多くて嫌サンプルは美しいけど、プレゼン用じゃなくて対象データの概観を掴みたいだけなのに、何でそんな行数書かなきゃいけないの行で何とかしたい使うライブラリpandasのグラフ描画用メソッドを使います。	2021-05-07 18:45:33
python	Pythonタグが付けられた新着投稿 - Qiita	python研修の振り返り②	https://qiita.com/benjamin_0313/items/1bf0610e5fd5b9d88f04	そのためexceptではこのエラーが返ってきた時、エラーを出力するようにしている。	2021-05-07 18:31:27
js	JavaScriptタグが付けられた新着投稿 - Qiita	Node.js の out of memory エラーが起きそうになったら例外を投げて通知する	https://qiita.com/lsii/items/5b14a580e10b5bb60576	これを実行すると、下記のようなログが出て処理が止まります。	2021-05-07 18:39:04
js	JavaScriptタグが付けられた新着投稿 - Qiita	eslint-config-○○の比較表	https://qiita.com/tapioca24/items/59b927918a0b7c095a2b	eslintconfigの比較表以下のつのconfigの比較表です。	2021-05-07 18:22:43
js	JavaScriptタグが付けられた新着投稿 - Qiita	【JavaScript】繰り返し処理を利用し、西暦2000年から本日までの西暦の年のみを全て表示	https://qiita.com/panda-chibi/items/7e3712e3a053083276dd		2021-05-07 18:05:05
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Linux　コマンド	https://teratail.com/questions/337056?rss=all	LinuxコマンドLinuxのコマンドについて教えて下さい。	2021-05-07 18:50:31
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	PHPでライブラリのインストールに失敗する	https://teratail.com/questions/337055?rss=all	PHPでライブラリのインストールに失敗する独習PHPを読んでいます。	2021-05-07 18:50:07
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	画像認識NNを改良したい	https://teratail.com/questions/337054?rss=all	画像認識NNを改良したいコードと出力結果はBA決定後、中略します。	2021-05-07 18:47:13
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	pythonで差分行列を作成したい．	https://teratail.com/questions/337053?rss=all	matrix	2021-05-07 18:43:40
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Rails：：WelcomeController#index is missing a template (...)というエラーを解決できない理由を教えてください。	https://teratail.com/questions/337052?rss=all	使用中のテキストエディタはAtomです。	2021-05-07 18:39:55
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Illustratorの起動時のパラメータ　起動オプションを教えてください。	https://teratail.com/questions/337051?rss=all	Illustratorの起動時のパラメータ起動オプションを教えてください。	2021-05-07 18:39:36
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Rspecのvisitでエラーが出る。	https://teratail.com/questions/337050?rss=all	Rspecのvisitでエラーが出る。	2021-05-07 18:23:20
AWS	AWSタグが付けられた新着投稿 - Qiita	Fargateで起動したコンテナ内を覗きたい	https://qiita.com/hayashi3017/items/37df57035f1d7cfd2a2e	docker	2021-05-07 18:12:40
技術ブログ	Developers.IO	「初心者向け」とにかくやってみたDocker	https://dev.classmethod.jp/articles/docker-description-for-beginners/	docker	2021-05-07 09:30:21
海外TECH	DEV Community	Five classic SQL & database posts - May 2021	https://dev.to/helenanders26/five-classic-sql-database-posts-may-2021-48hd	Five classic SQL amp database posts May Hi I m Helen one of SQL and database tag moderators Each month I ll be taking a trip down memory lane and showcasing some classic data posts Some of these might be your go to resources already others may offer some new insight or ideas Let s jump into the posts First up James writes about building an e commerce data model that s scalable flexible and fast This post shows what it takes to start building this infrastructure on your own What are some of the areas to consider What might the data model look like How much work is involved Building a Scalable E Commerce Data Model James Hickey・Dec ・ min read database architecture This classic post from Viach focuses on scanning a large table with records using OFFSET with a primary key keyset pagination Check it out for three different approaches that might be right for your next project The SQL I Love Efficient pagination of a table with M records Viach Kakovskyi・Sep ・ min read sql database Next up is a post from Molly who writes about how to tackle the common issue of giving engineers access to the data they need to do their jobs while keeping sensitive data secure Read more for how the Forem team solved this very problem How To Give Engineers Filtered Database Access Molly Struve she her ・Mar ・ min read ruby rails tutorial database This classic post from Matthew shows you how a database index works under the hood We don t all have to be DBAs to write sufficiently fast queries and we shouldn t need to be As developers getting familiar with the core structures of a database is a sufficiently pragmatic way to spot and improve performance We re not all DBAs Indexes For Developers Matthew Gale・Oct ・ min read sql index backend performance Our last post is from Ron Soak with lessons and learnings from building a Redshift specific VS Code syntax highlighter from scratch Check it out for more on the process and if you re a Redshift user check out the extension too I built my own VS Code Syntax Highlighter from scratch and here s what I learned ronsoak・Jul ・ min read data sql vscode That s all for this month For more from the Data Community check out the sql postgres mysql and database tags and follow TheDatabaseDev on Twitter	2021-05-07 09:45:43
海外TECH	DEV Community	7 ways to improve developer productivity without getting drained	https://dev.to/ranjalir/7-ways-to-improve-developer-productivity-without-getting-drained-2cj2	ways to improve developer productivity without getting drainedImproving developer productivity isn t straightforward Because the day in the life of a developer doesn t involve just writing code and solving problems They re expected to keep everyone updated on their progress Share knowledge Collaborate with their teammates ーtechnical and non technical Handoff work Do code reviews Whew And the list goes on…In my exploration on the topic of developer productivity I came across two camps Folks who constantly ask why you haven t updated progress These are people who believe tracking progress is essential because how can you improve productivity if you don t know where you stand If devs aren t working on priority items are off target to timelines are not following QA process or not following agreed specs then the company could be losing money And developers are expensive as hell Folks who absolutely loathe the idea of being tracked These are people who believe tickets in your PM tool are not the work itself never was and never will be but it gets taken for the central thing They just want to get the work done Fixing a bug without filing a ticket is in itself progress Moving a card without any other change is not Yet the second is what s visible and therefore what s rewarded To be fair both camps have some rather compelling points You can t completely stop tracking progress And at the same time you can t constantly pester your teammate to share updates So what do you do How do you improve a developer s productivity and ship great software together Work happens in Git Why not let it do the grunt work According to Stack Overflow s survey of developers of developers use git around the world Being one among them having the ability to integrate git with your PM tool must be incredibly useful in getting work done and tracking its progress But not many tools support such deep integration with GitHub GitLab and Bitbucket as Zepel does When you ve integrated Zepel with GitHub GitLab or Bitbucket there are a bunch of things you can do Automatically showing progress information Creating a feature in Zepel when a branch is created as feature squad key feature name andCreating a bug when a bug fix branch is created as bug squad key bug fix name Because let s be honest sometimes developers begin working on a fix even before it can be logged in your PM tool To interrupt and ask them to link to an item just so you can track their progress isn t ideal So why not just log it automatically If you don t automate the mundane tasks you re doing a disservice to your development teamA developer s time is expensive Surely you d prefer if they spent it solving problems and building software So what boring tasks can you take off their plate Updating statuses sharing progress and letting you know that they re waiting for you to have a look at the PR of course Once you ve connected your Zepel account with git GitHub GitLab or Bitbucket you can set up git workflow automation and make automatic status updates Any item can be moved automatically from one status to another You can set up triggers and appropriate actions to be carried out when those set of events occur Some examples are shown in the image below Of course you don t want to go overboard and automate every part of your development process But when you automate key areas that are also considered by your developers as mundane you aren t just saving developers time and energy You re making sure they get to do what they love doing the most ーbuilding products and software Psst…Here are git workflow strategies that you can use for inspiration Developer controlled System automatedSystem notifications are probably the biggest culprits when it comes to a drop in productivity But when you turn them off you re going to leave your teammates in the dark about your progress Talk about a catch Get control over what notifications you want and don t want to send by connecting your Zepel account to your Slack channel Don t want to be notified when a task is completed Sure But want to be notified when a feature is marked as completed Got it And need a notification when a branch is opened for a feature that your developer was working on Yep you can get a notification for that too And if you ve got the Git Workflow Automation already set up you now have one powerful automation in place that connects Zepel Git Slack Since it s all automated and under your control it allows developers to stay focussed and managers to plan the next steps Look ma no hands Don t leave developers in the dark Especially when it comes to customer feedback requestsFor all the talk of agile and scrum and getting constant feedback there s actually very little information that your developers get about what your customers are saying about the feature you just built This becomes all the more painful when you have multiple customers making several requests across multiple tools ーhelp desks live chat error tracking tools and more And it gets painfully hard for the developer to get a sense of why they re building what they re building from an isolated ticket Streams in Zepel helps you bridge this gap You can gather requests from popular tools such as Canny Intercom Zendesk Sentry and more with a few clicks You can then prioritize these requests and delegate them to your Squad as a feature user story enhancement or bug to be worked on With Streams your team won t be cranking out software and features They ll be shipping customer focussed software Your devs have great ideas too Between all the emojis and memes and “Can you hear me there s a wealth of ideas that your teammates have that can help you build better products These pop up between conversations and “By the way my friend said this about our product How do you capture them You can use Slack as a source for Streams in Zepel to collect all these ideas with just two clicks Once they re captured inside Streams in Zepel you can group them with other similar requests prioritize them and hand them over to your development team for execution P S You can send any team member s Slack message as a request not just yours Get in the “Zone with My TasksEverybody has a way of working Some prefer to organize their work by deadlines Some by Sprints And some like to wing it It s not productive Trust me However you like to view your work you can do it with My Tasks in Zepel And with quick access to the ID you can effortlessly link the task assigned to you to a branch commit or a PR Communicate changes with images After all an image screams a thousand words One of the crucial aspects of product development involves design How do you communicate minute design changes Or a front end bug Zepel Capture lets you capture images edit them share them with your team as screenshots and even add them as an attachment to a new item in Zepel You needn t leave your current workflow and switch to any other tool take screenshots edit them and then share these with the team or attach it to an item feature Impressed Head to your Zepel account right away and tweak it to meet your needs And if you ve got any queries reach out to us we re always happy to help	2021-05-07 09:44:16
海外TECH	DEV Community	JS interview in 2 minutes / this 🤯	https://dev.to/kozlovzxc/js-interview-in-2-minutes-this-3hlm	JS interview in minutes this Question Explain this keyword in JavaScript Quick answer this keyword is referencing the current execution context Longer answer this works differently depending on where it was called If you use this in the global context it will reference the window object in the browser and the global object in the node browserconsole log window a undefinedthis a console log window a nodeconsole log global a undefinedthis a console log global a For functions it works similarly but a still bit differently for the strict mode function f return this default to global context function f use strict return this undefined Arrow functions have their own tricks as well they always refer to enclosing this We will get into details in the next section let f function return this let f gt thisconsole log f f Window Windowlet obj f f console log obj f obj f obj reference Window f changed reference but f didn tAs for the class context this refers object itselfclass Tmp a method console log this let tmp new Tmp tmp method Tmp  a Feels like these are the most popular cases but there are much much more corner cases take a look on mdn Real life applications I think one of the most common caveats with this is when you are using callbacks which are popular in React and in Angular as well class User say text console log text sayHello this say Hello world sayHi gt this say Hi let user new User user sayHi Worksuser sayHello WorkssetTimeout user sayHi Works callback will show an error because this reference will change Uncaught TypeError this say is not a function at sayHellosetTimeout user sayHello So be careful and stay safe Resources Other posts JS interview in minutes Encapsulation OOP JS interview in minutes Polymorphism OOP JS interview in minutes Inheritance in OOPBtw I will post more fun stuff here and on Twitter Let s be friends	2021-05-07 09:43:36
海外TECH	DEV Community	Five classic AWS posts - May 2021	https://dev.to/aws-heroes/five-classic-aws-posts-may-2021-3cj8	Five classic AWS posts May Hi I m Helen one of your AWS Heroes Each month I ll be taking a trip down memory lane and showcasing some classic AWS posts Some of these might be your go to resources already others may offer some new insight or ideas Let s jump into the posts To get us started we have AWS Hero Nathan with an introduction to IoT This is a great read for beginners as it breaks down some of the barriers people think exist when contemplating building an internet connected project So you want to build an IoT Project Nathan Glover・Mar ・ min read iot tutorial aws beginners Next we have Veliswa and the incredible journey from mainframe developer to business analyst to AWS Certified Cloud Engineer and since this post was written AWS Hero and now Senior Developer Advocate at AWS Check out this inspiring story for more My life changing journey to being AWS Certified Veliswa Boya ・Aug ・ min read aws womenwhocloud career Pubudu then shares the learnings from a project building an intelligent door bell with AWS Serverless services and a raspberry pi When someone presses the door bell it not only captures an image and checks through an Amazon Rekognition faces collection to see if the faces are indexed But it also sends a message to Slack with the scaled image and a message with the names of the people recognised How I created a door bell with AWS Serverless Pubudu Jayawardana・Sep ・ min read showdev aws serverless lambda Moving on to another classic tutorial this time from Yaser who shows how you can easily set up a VPN with AWS for free using OpenVPN Yas went from setting it up and a couple of mins later had it up and running Let s setup a VPN server for free on AWS under min Yaser Adel Mehraban・Aug ・ min read showdev aws vpnserver openvpn Our last classic post this month is from Ceora with some great advice on keeping your AWS bill under control as you get started If you follow some of the advice outlined in this post you can be sure that unexpected costs won t be something you have to struggle with Never Get an Unexpected AWS Bill Again Ceora Ford・Sep ・ min read aws beginners cloud That s all for this month For more great posts check out the aws tag and the AWS Heroes	2021-05-07 09:37:32
海外TECH	DEV Community	Solution: Delete Operation for Two Strings	https://dev.to/seanpgallivan/solution-delete-operation-for-two-strings-235k	Solution Delete Operation for Two StringsThis is part of a series of Leetcode solution explanations index If you liked this solution or found it useful please like this post and or upvote my solution post on Leetcode s forums Leetcode Problem Medium Delete Operation for Two Strings Description Jump to Solution Idea Code JavaScript Python Java C Given two strings word and word return the minimum number of steps required to make word and word the same In one step you can delete exactly one character in either string Examples Example Input word sea word eat Output Explanation You need one step to make sea to ea and another step to make eat to ea Example Input word leetcode word etco Output Constraints lt word length word length lt word and word consist of only lowercase English letters Idea Jump to Problem Description Code JavaScript Python Java C This problem is basically asking us to identify the longest common subsequence LCS between the two words W W The answer will then be the combined difference between the length of the words and the length of the LCS For a typical LCS solution we would use a bottom up dynamic programming DP approach and use nested loops to compare each letter of each word against each other W i W j This would normally call for a DP array of size m n where m W length and n W length Since the LCS process references the previous row and column for the target cell we ll need the extra buffer of filled cells Each cell in the DP array at dp i j will represent the longest subsequence found between W substr i and W susbtr j Our final answer will then be dp m n Since the DP array is being built iteratively in order we can reduce the normal space complexity from O N M by only keeping the current and last rows dpCurr dpLast as we iterate through This will drop the space complexity to O N Doing this we can also ensure that the shorter word is used for N by swapping the two words if necessary Time Complexity O N M where N and M are the lengths of the two wordsSpace Complexity O N where N is the length of the smaller of the two words Implementation Javascript and Java will find it easier to iterate repeatedly through an array rather than a string so we can initially split or toCharArray the two words WA WA Javascript Code Jump to Problem Description Solution Idea var minDistance function W W let m W length n W length if m lt n W W m n W W n m let WA W split WA W split dpLast new UintArray n dpCurr new UintArray n for let i i lt m i for let j j lt n j dpCurr j WA i WA j dpLast j Math max dpCurr j dpLast j dpLast dpCurr dpCurr dpLast return m n dpLast n Python Code Jump to Problem Description Solution Idea class Solution def minDistance self W str W str gt int m n len W len W if m lt n W W m n W W n m dpLast dpCurr n n for c in W for j in range n dpCurr j dpLast j if c W j else max dpCurr j dpLast j dpLast dpCurr dpCurr dpLast return m n dpLast n Java Code Jump to Problem Description Solution Idea class Solution public int minDistance String W String W int m W length n W length if m lt n String tempStr W W W W tempStr int tempInt n n m m tempInt char WA W toCharArray WA W toCharArray int dpLast new int n dpCurr new int n for char c WA for int j j lt n j dpCurr j c WA j dpLast j Math max dpCurr j dpLast j int tempArr dpLast dpLast dpCurr dpCurr tempArr return m n dpLast n C Code Jump to Problem Description Solution Idea class Solution public int minDistance string W string W int m W size n W size if m lt n swap W W swap n m vector lt int gt dpLast n dpCurr n for char c W for int j j lt n j dpCurr j c W j dpLast j max dpCurr j dpLast j swap dpLast dpCurr return m n dpLast n	2021-05-07 09:11:28
海外TECH	DEV Community	Website Security: 11 Steps to protect your Website from Attacks 🐱‍💻	https://dev.to/webdeasy/website-security-11-steps-to-protect-your-website-from-attacks-207d	Website Security Steps to protect your Website from Attacks ‍At this very moment countless websites become targets of hacker attacks Often uninstalled updates and ignorance are to blame What you can do to prevent hacker attacks on your website you can learn here Hacker attacks are very unpleasant for those affected and can lead to loss of revenue loss of customer confidence and other unpleasant consequences Therefore you should regularly check your website security for potential security vulnerabilities and fix them as soon as possible Some weak points can be eliminated quite easily with a few small steps There are also certain techniques that should be observed when implementing programming the website in order to protect your website from hackers in the best possible way Table of Contents ️Website Security Check ️Possible attack scenarios ️Improve Website Security Use TLS SSL certificate Avoid SQL Injection XSS CORS Issue Prevent DDOS Attacks Use strong passwords Session Management amp Cookie Handling Hide public sensitive information Validate user input Install updates regularly Create Regular Backups Prevent Spam in Contact FormConclusion Website Security Check ️Website security is a very complex topic and in general no system is unhackable However you can make it very difficult for attackers and especially against mass attacks such as Brute Force Attacks you can protect yourself relatively easily you just have to go about it It is best to close security holes as soon as possible before someone discovers them and can exploit them maliciously To detect them there are now many tools online such as Siwecos or VirusTotal These tools check a whole range of possible vulnerabilities Many of them are only recommendations others should definitely be fixed However really critical vulnerabilities are not always detected by such tools so manual checking is definitely necessary You should check and implement the following safety aspects in any case Possible attack scenarios ️There are an almost infinite number of attack scenarios on websites or web servers In the following I will briefly discuss the most common scenarios and briefly explain what happens during an attack In “good attacks often a combination of a variety of different ways is tried to hack the system SQL Injection SQLi Malicious database queries are injected to read data or gain access Brute Force Attacks Trial and error is used to try to gain access to a system Local File Inclusion LFI Malicious source code is executed on the target system and can have various consequences such as system takeover Cross Site Scripting XSS Execution of malicious JavaScript code in the browser of the website visitor Defacement Infiltrating altering information on a website e g to spread political propaganda DDoS Angriff The aim is to crash the target system by overloading it Take over website web server and use as bot Web server becomes part of a botnet to spread malware for example The goals of the attack types can be different Some are aimed at tapping user data others try to overload the system and crash it and others simply want to cause chaos Improve Website Security Use TLS SSL certificate TLS certificates also known as SSL SSL is the older version of the protocol for websites are responsible for secure communication between client and server and are a very important part of website security The certificate encrypts all data exchanged between the browser client and the website server Without this encryption all passwords or even bank data could be intercepted in plain text by attackers Secure encrypted connections can be recognized by the lock in front of the domain and the preceding https like here In addition certification authorities CA such as GlobalSign confirm the authenticity of a domain or even the entire company This ensures that it is a real website and not for example a phising site or similar Especially for sites with login you should always make sure that this lock appears in front of the domain If your website deals with personal data you definitely need an TLS certificate Its use must also be mentioned in the privacy policy in a corresponding paragraph For more information please contact your data protection officer Most hosters have a free TLS certificate included Otherwise you can rent it there for a small fee Alternatively you can also generate a free certificate from Let s Encrypt If you use Plesk to manage your website you can install the extension for free and use it to protect domains and mail servers FunFact Google is its own certification authority CA so they virtually certify themselves Avoid SQL Injection An SQL injection is an attack in which foreign SQL code is executed on the server side system of the server In this way the attacker can execute SQL queries on the server and thus modify or read data Whhhaaaaattt Don t worry here s a little example SELECT name place phone FROM index WHERE ID “ was written to the SQL statement by a user input and everything is fine However the user can also enter the following into an HTML input or HTML textarea “ UPDATE name SET place somewhere WHERE ID Our SQL statement would look like this SELECT name place phone FROM index WHERE ID UPDATE name SET place somewhere WHERE ID The update command was inserted into the statement An attacker simply used it to change a record from the database In this example only an unimportant value is changed However such attacks can also change passwords and read confidential data from the database Attackers do not do this manually of course but use tools for this purpose You can also use them to see if your website is vulnerable To protect against this it is essential that you mask all user input before it is executed in the database How this works depends on the programming language Here you can find a PHP database class that is secured against SQL Injections and that you can use for your website for free Prevent SQL Injection in Node jsPrevent SQL Injection in Python XSS CORS Issue XSS stands for Cross Site Scripting and is an attack that executes malicious code in the visitor s browser How this happens is quite simple Here s an example In a form on a website you can write normal text Let s assume we have a guestbook where the text is simply displayed on the website I e the user input is loaded into the website However if the attacker enters JavaScript tags e g lt script gt alert HIHIHAHA HCKD lt script gt with malicious code instead of a text and it is embedded in the website it will be executed for all users in the browser CORS stands for Cross Origin Resource Sharing and can prevent such attacks It prohibits or allows connections for certain scripts or URLs Therefore you should definitely check your CORS configuration on the server Since this malicious code enters the server via user input it is beneficial to check every user input You can use either a blacklist or a whitelist for this purpose If you only want to allow a few inputs you should use the whitelist and check whether the input is on the whitelist If you have a lot of entries and want to reject only a few you can write “Forbidden on the blacklist and reject entries with contents of the blacklist This is how it might look in JavaScript for a blacklist let userInput lt script gt lt script gt this variable comes from your html inputlet blacklist lt script gt lt link gt These are the FORBIDDEN wordsblacklist forEach blacklistEntry gt if userInput includes blacklistEntry console log You used a forbidden word Stop it return false console log Everything is great Go on And for a whitelist like this let userInput edit this variable comes from your html inputlet whitelist delete add edit only these words are ALLOWEDlet isValid false for let i i lt whitelist length i if userInput includes whitelist i isValid true if isValid console log Everything is great Go on else console log You have not used the right word You can find more information about CORS here Prevent DDOS Attacks DDOS stands for Distributed Denial of Service and is an attack in which the server is brought to its knees by overload This happens because a huge computer network botnets “spams the server with connections Source media File Stachledraht DDos Attack svgFortunately there are services that cannot completely stop such attacks but can at least dampen them to a certain point One provider is Cloudflare for example As a rule however these services are subject to a fee Therefore you should carefully consider whether you need protection against DDOS attacks Use strong passwordsThis step is important for everyone Not only administrators but also private individuals should pay attention to secure passwords This includes upper and lower case letters numbers digits and special characters In my opinion passwords should be at least characters or even longer Here you can generate passwords easily and securely Since you then have a large number of passwords and they are hard to remember you can make your life easier with a password manager like KeePass Session Management amp Cookie HandlingLogins require sessions to know which user is logged in and what actions they are allowed to perform A unique session ID is stored to uniquely identify a user In the past these were often appended to the URL For example it looks like this example com dashboard sid nFJKnkdfnjkFsdn However if you send this link to show friends this page they are logged in directly The session ID was sent with the link and the server thinks that it is the same user If you send such a link to a close friend it is often not tragic But imagine you share this link in a social network…Therefore many years ago it was decided to find a better solution That s why links should look like this today Here the session ID is not included in the URL but stored in a cookie that is only stored in the user s temporary memory Others who call the link have no possibility this way to take over his session Here you can take a look at how to implement a secure login system with Node js Hide public sensitive informationThere is information that does not belong in the public domain For websites for example this is the PHP version the absolute file path of the website e g var www html webroot site new stage or the server operating system To illustrate this I have a frightening example here With Google I have the possibility to search not only for specific keywords but also with parameters e g file extensions and citations So with this search I can display pages that have a publicly accessible phpinfo file In this file the complete PHP configuration of a server is disclosed and we get a lot of interesting information about the server I typed “ext php intitle phpinfo into Google search and get a few results One result gave me this page img alt Public phpinfo php of a page lt br gt src webdeasy de wp content uploads php png Among them are hundreds of lines with all PHP settings This is fatal because this server is still running PHP version Support and further development of this PHP version has already been discontinued since and contains serious security vulnerabilities Source PHP You should therefore delete these sensitive files after use or protect them with a password e g via an htaccess file You should also make sure that the display errors variable is set to Off on live systems This is because attackers also receive information about the internal file system there It is even worse with database errors Here in the worst case even the access data is output Of course this should be prevented at all costs In your PHP settings you can instead specify that error messages should be written to a log file With an Apache web server you can change the line in your php ini to Off display errors OffIf you do not have access to this file you can insert the following line at the beginning of the file in individual PHP scripts It is important that this command is executed before the first output ini set display errors This disables all error messages for the time being From time to time however you need an output to debug a script In this case it is a good idea to output the output only for your own IP Under PHP it works like this if SERVER REMOTE ADDR YOUR IPV ADDRESS HERE print r your debug output Validate user inputThe topic of validation is a large one and is interesting and even essential for developers Validation is about checking and validating the data sent from the client to the server according to certain rules Invalid input is rejected in the process as it may also contain malicious code This step is also important against XSS attacks Especially when data is written to a database validation is even more important This way even server commands can be executed In the worst case even data can be deleted or the server can be shut down We have already covered this in Avoid SQL Injection To make it clear what I mean by validation here is an example in PHP lt php id GET id type GET type if id is not a numberif is numeric id exit id not valid type must be one of the following strings types array slow slower normal fast faster if in array type types exit invalid type Parameters successfully validated Code goes hereexit success gt Here the parameters id and type are passed as GET parameters The script is aborted if id is not a number or type is not in the types whitelist The script is then terminated with exit If the conditions do not apply the rest of the code can be executed Install updates regularlyMany websites are based on a CMS Content Management System such as WordPress Drupal or Joomla To ensure security there are regular updates Again and again new security holes are found and closed by the developers as soon as possible For this reason your CMS installation should always be up to date With most CMS you can set email notifications to be informed about new updates You should take advantage of this and manually check your pages for updates at regular intervals With the tool WPHackedHelp you can check your WordPress site for security vulnerabilities The same applies to the installed plugins As soon as stable updates are available you should install them Also your host system server system should always be up to date It is not a big deal if you still have Ubuntu instead of the latest Ubuntu The important thing is that you use a version that still gets active security updates On the manufacturer s pages you can usually find overviews in which details of individual releases are listed If you read the abbreviation LTS Long Term Support everything is usually good This means that your version is supported longer i e it is provided with current updates longer than other versions Before you update your website and plugins to the latest version you should create a backup in case something goes wrong during the update and you need to restore the original version Create Regular backupsRegular backups indirectly contribute to the security of your website If you find out today that your website has been compromised you can easily revert to an old state and close the security holes Many hosters offer regular snapshots for free or for an additional charge If you manage your hosting through Plesk you can use the backup manager or directly create a shell script that backs up directories like var www vhosts to an external backup storage Your hoster will surely help you choose the right backup solution External backups are backups that are saved on a completely different system In the best case they are even in another data center Because as we have seen in the past even a data center is not safe from external influences Prevent Spam in Contact FormMany well known websites have a big problem with bots that leave spam in all kinds of forms on the website This can be very annoying To protect yourself against this you can easily install the Google reCAPTCHA or if you use WordPress I can recommend the plugin Antispam Bee Just install and set up done Conclusion Whew That was quite a few steps to improve your website security Which security aspects are implemented on your website and which ones are you catching up on Or maybe you have some more steps to protect yourself from attacks Disclaimer All information is compiled to the best of our knowledge These are tips but cannot replace a complete safety check by an expert A similar post was published by me about years ago this is an update and improvement If you liked the article I would be happy if you check out my blog webdeasy de and follow me on Twitter	2021-05-07 09:05:28
海外TECH	DEV Community	A day in the life of a Software Engineer at Holland & Barrett	https://dev.to/jakeherp/a-day-in-the-life-of-a-software-engineer-at-holland-barrett-88p	A day in the life of a Software Engineer at Holland amp BarrettA lot has changed for most tech companies over the last year While we were all working from an office at least days per week before the pandemic hit in early almost everybody works remotely now At Holland amp Barrett we are in the lucky position to help people with their wellbeing during the pandemic Therefore our stores remained open throughout all the lockdowns but we also saw a significantly increased demand in our digital platform This is one of the main reasons our engineering team has grown from a small part of the organisation to over people in less than one year and we continue to grow beyond our wildest beliefs just one short year ago This article should give you a rough idea of what a typical day in a software engineer s life for the UK s leading health and wellness retailer looks like I usually start my workday at am with a fresh cup of tea by opening up my email client to check on any issues that might have happened overnight or see if any meetings have been scheduled after I left work at pm the day before Next I sign in to Jira to check the progress of the current sprint and see if any of my colleagues tickets are ready for code review at which point I open up Gitlab to look at open Pull Requests or Merge Requests how Gitlab calls them and see if any of them require my attention Furthermore I connect to the VPN at this point to access any of our internal APIs and run code without interruption on my local machine I typically spend around an hour on code reviews for my peers to ensure all our tickets move along smoothly Now is a great time to catch up on Slack conversations that might have happened after I left the day before since our team works flexible hours and while my workday ends at pm other colleagues work until six or even later At am it s time for our daily standup where our cross functional squad goes over what we did the day before what we are planning to work on today and whether there are any issues or blockers that require a colleague to resolve before we can move forward Standups are relatively quick in our team and by am I usually find time to focus on actual development work More often than not the mornings are free of meetings which allows us to either work on tickets alone or collaborate with a colleague to do some pair programming or discuss an issue we ran into in our code With a short break in between to stretch my legs and grab another beverage this takes me to around pm lunchtime One of the great benefits of working remotely full time is sharing my lunchtime with my wife and daughter and cooking a fresh meal every day and depending on how long it takes me to cook I can either go for a quick walk with my daughter or find some time to play with her At pm it s time to get back to work and if the day is free of meetings I will try to wrap up my work from the morning look at my implementation again and see what I can improve add more tests or pick up a new ticket from the backlog Most days there will be a meeting or two in the afternoon and I try to spend a few minutes before to prepare myself for the discussion and pour myself another cup of tea Towards the end of my workday I make sure that all my changes are committed and pushed ready for the next morning At pm I say goodbye to the team on Slack close my laptop and disconnect from work	2021-05-07 09:02:01
医療系	医療介護 CBnews	認知症疾患医療センター、川崎市が地域型を増設へ-事業委託の医療機関を募集	https://www.cbnews.jp/news/entry/20210507181740	医療機関	2021-05-07 18:30:00
医療系	医療介護 CBnews	コロナワクチンの知的財産放棄に反論、製薬協-品質・効果が不十分なワクチン生産や原材料不足に懸念	https://www.cbnews.jp/news/entry/20210507180615	世界貿易機関	2021-05-07 18:20:00
医療系	医療介護 CBnews	精神障害者の入院後1年時点退院率は93％以上に-東京都が障害者・障害児施策推進計画案を公表	https://www.cbnews.jp/news/entry/20210507175538	東京都福祉保健局	2021-05-07 18:05:00
金融	RSS FILE - 日本証券業協会	会長記者会見−２０２１年−	https://www.jsda.or.jp/about/kaiken/kaiken_2021.html	記者会見	2021-05-07 10:30:00
金融	金融庁ホームページ	入札公告等を更新しました。	https://www.fsa.go.jp/choutatu/choutatu_j/nyusatu_menu.html	公告	2021-05-07 11:00:00
金融	金融庁ホームページ	「トランジション・ファイナンス環境整備検討会」（第３回）議事次第について公表しました。	https://www.fsa.go.jp/singi/transition_finance/siryou/20210507.html	環境	2021-05-07 11:00:00
金融	金融庁ホームページ	クライメート・トランジション・ファイナンスに関する基本指針に対するパブリックコメントの結果等について公表しました。	https://www.fsa.go.jp/news/r2/singi/20210507_2.html	結果	2021-05-07 11:00:00
金融	ニッセイ基礎研究所	プラチナ価格は大化けするか？～既に６年ぶりの高水準に浮上	https://www.nli-research.co.jp/topics_detail1/id=67718?site=nli	目次トピックプラチナ価格は大化けするか・プラチナ価格上昇の要因・プラチナ価格は大化けするか日銀金融政策月年度見通しも物価目標に大幅未達・日銀現状維持・評価と今後の予想金融市場月の振り返りと予測表・年国債利回り・ドル円レート・ユーロドルレート昨年月に新型コロナの流行を受けて一時トロイオンスドルを割り込んだNYプラチナ先物価格終値・中心限月ベースはその後上昇に転じ、足元ではドル前後と約年ぶりの高水準を回復している表紙図表参照。	2021-05-07 18:45:55
金融	ニッセイ基礎研究所	ASEANの貿易統計（５月号）～３月の輸出は米国・中国向けを中心に増加傾向が継続	https://www.nli-research.co.jp/topics_detail1/id=67722?site=nli	輸出を品目別に見ると、まず輸出全体の約割を占める電話・部品が前年同月比減前月同増とカ月連続の二桁減少となったものの、電気製品・同部品が同増前月同増とヵ月連続の二桁増となった図表。	2021-05-07 18:18:35
海外ニュース	Japan Times latest articles	Japan’s premier art collective teamLab celebrates 20 years with a spot of tea and a Miami bash	https://www.japantimes.co.jp/culture/2021/05/07/arts/teamlab-tea-time-fukuoka/	Japan s premier art collective teamLab celebrates years with a spot of tea and a Miami bashMarking years teamLab has a lot to be proud of when it comes to making an impact on the international art scene The collective s	2021-05-07 20:00:24
海外ニュース	Japan Times latest articles	Can Fuji Rock’s all-Japan lineup give J-pop a post-pandemic push?	https://www.japantimes.co.jp/culture/2021/05/07/music/can-fuji-rocks-japan-lineup-give-j-pop-post-pandemic-push/	japanese	2021-05-07 19:00:12
ニュース	BBC News - Home	Elections 2021: Tory gains as first English councils declare	https://www.bbc.co.uk/news/uk-politics-57021276	election	2021-05-07 09:37:23
ニュース	BBC News - Home	Fire breaks out in middle floors of Poplar tower block	https://www.bbc.co.uk/news/uk-england-london-57022678	london	2021-05-07 09:46:51
ニュース	BBC News - Home	Covid: Concern increases over India variant in UK	https://www.bbc.co.uk/news/health-57016110	covid	2021-05-07 09:09:34
ニュース	BBC News - Home	Turner Prize honours art collectives who 'inspire change'	https://www.bbc.co.uk/news/entertainment-arts-57014187	inspire	2021-05-07 09:04:33
北海道	北海道新聞	東京円、１０９円台前半	https://www.hokkaido-np.co.jp/article/541249/	東京外国為替市場	2021-05-07 18:16:00
北海道	北海道新聞	逮捕記事、地番表記は違法　地裁、静岡新聞の報道巡り	https://www.hokkaido-np.co.jp/article/541248/	静岡新聞	2021-05-07 18:16:00
北海道	北海道新聞	ゆるキャラ「セトウシくん」　焼き菓子に　地元西興部産カエデの樹液使用	https://www.hokkaido-np.co.jp/article/541215/	焼き菓子	2021-05-07 18:15:01
北海道	北海道新聞	厚岸ウイスキー、米で高評価　品評会で最優秀金賞と金賞　英の大会でも１位	https://www.hokkaido-np.co.jp/article/541238/	釧路管内	2021-05-07 18:12:00
北海道	北海道新聞	８日の予告先発	https://www.hokkaido-np.co.jp/article/541236/	予告先発	2021-05-07 18:03:00
ニュース	Newsweek	プロポーズを断っただけなのに...あまりに理不尽に殺害された若き女性の悲劇	https://www.newsweekjapan.jp/stories/world/2021/05/post-96236.php	女性人が銃で殺害され、現地の警察は容疑者の男人を捜索している。	2021-05-07 18:30:00
ニュース	Newsweek	激烈受験バトルを風刺し大ヒット！『SKYキャッスル』は韓国非地上波の歴代最高視聴率も更新した	https://www.newsweekjapan.jp/stories/culture/2021/05/sky-1.php	SKYキャッスルに住むハン・ソジンヨム・ジョンアは、娘イェソをソウル大学の医学部に入学させたいと切望し、敏腕入試コーディネーター、キム・ジュヨンキム・ソヒョンと高額な契約をする。	2021-05-07 18:25:49
IT	週刊アスキー	『ディビジョン』の世界を舞台にした基本無料プレイタイトルが発表！日本での配信は未定	https://weekly.ascii.jp/elem/000/004/054/4054003/	ncysthedivisionheartland	2021-05-07 18:40:00