投稿時間:2021-06-22 00:45:38 RSSフィード2021-06-22 00:00 分まとめ(52件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Compute Blog	Prototyping at speed with AWS Step Functions new Workflow Studio	https://aws.amazon.com/blogs/compute/prototyping-at-speed-with-aws-step-functions-new-workflow-studio/	Prototyping at speed with AWS Step Functions new Workflow StudioAWS recently introduced Workflow Studio for AWS Step Functions This is a new visual builder for creating Step Functions workflows in the AWS Management Console This post shows how to use the Workflow Studio for rapid workflow prototyping It also explains how to transition to local development integrating the prototype with your infrastructure as code …	2021-06-21 14:05:45
AWS	AWS The Internet of Things Blog	“AWS is how”: LG Electronics makes life good with smarter, happier homes	https://aws.amazon.com/blogs/iot/aws-is-how-lg-electronics-makes-life-good-with-smarter-happier-homes/	“AWS is how LG Electronics makes life good with smarter happier homesThe dream of creating a smart home where all appliances and electronics could be controlled from a central computer hub began to take shape in when a Westinghouse engineer Jim Sutherland developed the first home computer the ECHO IV Sutherland integrated the ECHO IV into his home s electronic systems and he and his family …	2021-06-21 14:36:59
python	Pythonタグが付けられた新着投稿 - Qiita	【メモ】cProfile でプロファイリング	https://qiita.com/DS27/items/fbfb3ab809b66a1f92ad	【メモ】cProfileでプロファイリング製造業出身のデータサイエンティストがお送りする記事cProfileでどこの処理で時間がかかっているかを調べられることを知ったので、メモとして残しておきます。	2021-06-21 23:40:56
python	Pythonタグが付けられた新着投稿 - Qiita	PuLPで解く最大流問題と最小費用流問題	https://qiita.com/maskot1977/items/afe938b3c69eef8efb4e	valforkvinedgesitemsvalkforkvinvitemsvalkkpulpLpVariableformatkkkklowBoundupBoundv最大化すべき値は、供給点ソースから需要点シンクまで流すことができる「品物」の最大量ですが、これは「供給点から出てくる品物の総和」を最大化することと同義です。	2021-06-21 23:31:34
python	Pythonタグが付けられた新着投稿 - Qiita	Pythonでネストされた色付き文字を出力する	https://qiita.com/nagataaaas/items/f97c8521a1be48224fcb	そこでスタイリングライブラリiroiroを使ってみましょうpipinstalliroGitHubさて、このライブラリを使うと、ネストされたスタイルをこのように表現することができます。	2021-06-21 23:09:39
js	JavaScriptタグが付けられた新着投稿 - Qiita	ルパンのサブタイトルをVueを使って再現してみた	https://qiita.com/KenFujita/items/8fc4c3a5b2fef6f77995	今の所AWS構成図のPrivateECが無職なのでそこで実践してみたいと思う参考おまけ既に何名もの方々が再現アプリを作っていた模様。	2021-06-21 23:32:07
js	JavaScriptタグが付けられた新着投稿 - Qiita	JavaScriptの === について	https://qiita.com/sheep_LE/items/9e6adc72d51ce532ea50	Javaなどでよく使われる「等価演算子」は、たとえば数値型の「」と文字列型の「」なら、自動的に文字列型の「」を数値型に変換し、変換後の値が等価であればTrueを返してくれます。	2021-06-21 23:15:07
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	seleniumでブラウザ操作（Chrome）	https://teratail.com/questions/345329?rss=all	seleniumでブラウザ操作Chrome前提・実現したいことキノコードさんのyoutubeでpythonによるweb操作の勉強をしています。	2021-06-21 23:58:54
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	C言語で行列を表示したいのですがエラーが出てしまいます	https://teratail.com/questions/345328?rss=all		2021-06-21 23:54:02
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	[Swift]XcodeエラーでUnexpectedly found nil while unwrapping an Optional value	https://teratail.com/questions/345327?rss=all	SwiftXcodeエラーでUnexpectedlyfoundnilwhileunwrappinganOptionalvalue初心者です。	2021-06-21 23:47:19
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	なにをどうしたらいいかわかりません	https://teratail.com/questions/345326?rss=all	calcaverage	2021-06-21 23:44:33
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	API等の公式マニュアルの正しい読み方が知りたい	https://teratail.com/questions/345325?rss=all		2021-06-21 23:37:07
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	map関数の中のif-elseの処理が通りません	https://teratail.com/questions/345324?rss=all	map関数の中のifelseの処理が通りません前提・実現したいことJavaScript初心者です。	2021-06-21 23:34:32
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	unityでaudio sourceがあるのに、音が鳴らない	https://teratail.com/questions/345323?rss=all	unityでaudiosourceがあるのに、音が鳴らない発生している問題足音のシステムです、sceneにちゃんとaudiosourceが付いているgameobjectが正常に生成されましたが、音がなぜかなりません。	2021-06-21 23:20:37
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	python vscode　二行以上をコードを実行する方法	https://teratail.com/questions/345322?rss=all		2021-06-21 23:17:24
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	【M1 MAC】arm版でmediapipeをビルドしたがエラー発生	https://teratail.com/questions/345321?rss=all	【MMAC】arm版でmediapipeをビルドしたがエラー発生前提・実現したいことMnbspMACBOOKのarm版でmediapipeを使えるようにしたい。	2021-06-21 23:13:59
Ruby	Rubyタグが付けられた新着投稿 - Qiita	webpackerでBootstrap4の導入	https://qiita.com/taishi0202/items/9932a3c27820156d27d3	appviewslayoutsapplicationhtmlerbltDOCTYPEhtmlgtRailsBootstrapTemplateltcsrfmetatagsgtltcspmetataggtltjavascriptpacktagapplicationgtltstylesheetpacktagapplicationgtltyieldgt以上。	2021-06-21 23:54:32
Ruby	Rubyタグが付けられた新着投稿 - Qiita	Carrierwaveの実装	https://qiita.com/taishi0202/items/bc980377887b32bea4e1	手順インストールターミナル上で以下のコードを実行し、最新版のcarrierwaveをインストールgeminstallcarrierwaveGemfile内に以下を追加gemcarrierwavegt実装uploaderの実装以下のコードを実行して、uploaderを実装する。	2021-06-21 23:53:22
Docker	dockerタグが付けられた新着投稿 - Qiita	Windows10で最新版AutomuteUsをセルフホストする（2021/6/21時点）	https://qiita.com/gomurasu/items/9fd0540a6e564f1c2582	自分の場合は、PCを再起動してBIOS設定を変更することで解決しました。	2021-06-21 23:43:55
GCP	gcpタグが付けられた新着投稿 - Qiita	FirestoreでMapオブジェクト内のフィールドに対してWhere検索する	https://qiita.com/rm_blank_slash/items/c276bc27331e08db4162	FirestoreでMapオブジェクト内のフィールドに対してWhere検索するはじめに以下のような、Mapオブジェクトを持つコレクションに対してWhere句で条件指定してデータ取得するメモ。	2021-06-21 23:19:10
Ruby	Railsタグが付けられた新着投稿 - Qiita	webpackerでBootstrap4の導入	https://qiita.com/taishi0202/items/9932a3c27820156d27d3	appviewslayoutsapplicationhtmlerbltDOCTYPEhtmlgtRailsBootstrapTemplateltcsrfmetatagsgtltcspmetataggtltjavascriptpacktagapplicationgtltstylesheetpacktagapplicationgtltyieldgt以上。	2021-06-21 23:54:32
Ruby	Railsタグが付けられた新着投稿 - Qiita	Carrierwaveの実装	https://qiita.com/taishi0202/items/bc980377887b32bea4e1	手順インストールターミナル上で以下のコードを実行し、最新版のcarrierwaveをインストールgeminstallcarrierwaveGemfile内に以下を追加gemcarrierwavegt実装uploaderの実装以下のコードを実行して、uploaderを実装する。	2021-06-21 23:53:22
技術ブログ	Developers.IO	[Auth0] アプリケーション名を変更したらログインが出来なくなったので対処した話	https://dev.classmethod.jp/articles/cannot-log-in-to-application-after-changing-the-application-name-in-auth0/	若槻	2021-06-21 14:48:36
海外TECH	DEV Community	Arquitetura Event Driven, quando da errado	https://dev.to/convenia/arquitetura-event-driven-quando-da-errado-1bjf	Arquitetura Event Driven quando da errado IntroduçãoNo post anterior expliquei um pouco como funciona uma arquitetura orientada a eventos e como implementamos essa arquitetura na Convenia Comentei um pouco sobre o nosso tratamento de erros e hoje pretendo me aprofundar mais nesse assunto Assim como no post anterior gostaria de enfatizar que as escolhas de arquitetura e stack fazem sentido para o nosso tamanho e previsão de crescimento Possivelmente para vocênão faça sentido fazer tudo da mesma forma como fazemos uma vez que cada projeto éúnico com as suas particularidades mesmo assim éprovável que vocêconsiga tirar algo de bom desse post Nesse post as palavras mensagem e evento representam a mesma coisa mas em contextos diferentes a grosso modo mensagem éo nome dado a informação em transito através de um message broker e evento éo nome dado para a mensagem em um contexto orientado a eventos listener éo nome dado ao processo responsável por ouvir eventos Como os serviços se comunicam A seguir vamos analisar um exemplo simples utilizando o Pigeon bem parecido com o do post anterior Pigeon dispatch employee created name gt Scooby Doo No exemplo acima estamos emitindo o evento employee created que tem como body o nome do colaborador para ouvir esse evento em outro serviço com o Pigeon temos esse código Pigeon events employee created gt callback function event ResolverContract resolver doing nice things resolver gt ack gt fallback Throwable exception message resolver send to sentry resolver gt reject false gt consume true O código acima faz algumas coisasConfigura o Pigeon para ouvir o evento employee created em outro serviço com a chamada Pigeon events employee created Define um callback para lidar com o evento passando uma Closure através do método gt callback essa Closure seráexecutada cada vez que o evento employee created for ouvido Define um fallback através do método gt fallback essa closure seráexecutada sempre que acontecer uma exception dentro do callback O método gt consume começa a consumir a fila de fato O Pigeon utiliza RabbitMQ para intermediar a comunicação entre os dois serviços se tentarmos mostrar isso em um diagrama teremos o seguinte No momento em que o serviço lêa mensagem do RabbitMQ a mensagem fica em um estado unacked isso significa que o Rabbit estáesperando a confirmação dessa mensagem por parte de quem a leu O RabbitMQ não entregaráessa mensagem a mais ninguem atéreceber a confirmação de que algo deu certo ou a confirmação de que algo deu errado rejeição com a mensagem No passo retratado no diagrama acima fazemos uma confirmação na mensagem para o RabbitMQ saber que ela foi processada corretamente apenas depois de receber essa confirmação o RabbitMQ remove a mensagem da fila O diagrama acima mostra um caminho muito feliz mas vamos imaginar que logo após ler a mensagem o serviço ouvinte morre devido a algum problema de hardware antes de confirmar a mensagem De forma similar ao exemplo anterior após a leitura da mensagem o Rabbit coloca a mensagem no estado unacked ao processar a mensagem um erro muito inesperado acontece e o Listener processo morre no passo nesse momento o Rabbit sabe que deve voltar a mensagem para o estado de ready assim outro listener pode tentar processar essa mesma mensagem isso épossível porque os listeners mantém uma conexão aberta com o Rabbit e quando o processo do listener morre a conexão com o Rabbit é cortada nesse momento ele sabe que deve liberar todas as mensagens que aquele listener leu mas não confirmou Atéo momento mostramos fluxos saudáveis e falhas de terceiros que podem acontecer esporadicamente mas e quando nosso próprio código que consome a mensagem estáquebrado E quando a própria mensagem estáquebrada Dead Letter Exchange para o ResgateVamos tentar imaginar a seguinte situação onde o código do nosso próprio listener estáquebrado Pigeon events employee created gt callback function event ResolverContract resolver doesNotExists resolver gt ack gt consume true No código acima repare a chamada para a função doesNotExists como o próprio nome jádiz essa função não existe e quando esse listener tentar consumir uma mensagem ele vai entrar no fluxo retratado na imagem O grande problema éque normalmente utilizamos algum recurso como o supervisord para reviver os processos que morrem e quando esse listener voltar a vida ele vai entrar no fluxo da imagem novamente entrando em um looping Temos uma mensagem sendo consumida em looping ela seráconsumida corretamente apenas se o código do listener for corrigido isso causa vários problemas como mostrado no post anterior O RabbitMQ não por acaso tem um recurso chamado dead letter exchange que serve para esse tipo de situação e com esse recurso a mensagem pode ser enviada em uma exchange separada para ser tratada posteriormente como mostra o fluxo a seguir Para esse fluxo acontecer precisamos rejeitar explicitamente a mensagem através do método fallback mostrado no inicio do artigo e retratado novamente a seguir gt fallback Throwable exception message resolver send to sentry resolver gt reject false No código acima a chamada resolver gt reject false éa chamada que rejeita explicitamente a mensagem caso vocênão defina um fallback o Pigeon tem um fallback padrão que rejeitaráa mensagem caso a env PIGEON ON FAILURE esteja presente com o valor reject LetterThiefApós rejeitar a mensagem ela irápara uma dead letter exchange de onde podemos armazenar essa mensagem problemática em uma fila avaliar mais tarde ou dar um tratamento digno para ela ali mesmo No caso da Convenia desenvolvemos um serviço chamado LetterThief que éresponsável por gerenciar as mensagens que foram rejeitadas e avisar o time quando ocorre uma rejeição Acima estáretratada a listagem das mensagens rejeitadas nesse serviço conseguimos filtrar as mensagens pela suas propriedades Toda rejeição ocorre em uma fila e exchange específicas e em um certo momento Os filtros são capazes de trazer rejeições que ocorreram em uma determinada fila ou em um determinado momento Nápágina de detalhes da mensagem rejeitada temos todas as informações da mensagem sabemos de que serviço ela veio sabemos qual foi o listener que a rejeitou e o mais importante temos o correlation id que seráutilizado para confrontar o erro com as exceptions que cairem no sentry Com essas informações sabemos exatamente o porque uma mensagem foi rejeitada e o envio para o sentry éfeito pelo listener logo antes de rejeitar a mensagem As imagens acima mostram um erro real que ocorreu no ambiente de produção e a parte de tags contendo o correlation id infelizmente não posso mostrar a exception com mais detalhes para não expor dados sensíveis Legal o serviço traz bastante visibilidade para os erros que ocorreram mas como os desenvolvedores são avisados sobre o ocorrido O LetterThief tem uma integração com o slack assim toda a equipe énotificada quando um erro ocorre e pode agir imediatamente para resolver o problema Na imagem acima vemos a notificação que chega no slack ela contém a fila onde ocorreu o problema e o link para a mensagem no serviço do LetterThief dessa forma o desenvolvedor responsável jásabe que deve corrigir o problema o quanto antes Vocêdeve estar se perguntando o que acontece com a mensagem após a correção do problema jáque muito provavelmente ela deveria causar algum efeito no sistema mas acabou não causando devido ao erro ocorrido após resolver o erro o desenvolvedor tem a capacidade de reenviar a mensagem através do LetterThief Na imagem acima épossível ver o botão TRY MESSAGE AGAIN que resulta nessa confirmação que estásendo exibida após a confirmação a mensagem seráreenviada diretamente para a fila de onde o erro foi causado dessa forma o processamento deve ocorrer normalmente Cuidados adicionaisVocêdeve estar se deparando com algumas questões após ter chego atéaqui a verdade éque para tudo isso funcionar corretamente temos que ter alguns cuidados que são garantidos em um fluxo rígido de code review Os listeners devem ser idempotentes como pode ocorrer um erro durante o processamento no caso de uma criação no banco de dados por exemplo não podem haver registros duplicados devemos fazer a opção por uma função de upsert ao invés de um create isso vai evitar que dois registros sejam criados quando a mensagem for reenviada lembrando que a mensagem pode ser reenviada mais de uma vez O listener deve obrigatoriamente enviar a mensagem para o sentry e logo em seguida rejeitar a mensagem no fallback muita lógica não ébem vinda aqui pois não podem haver falhas dentro do fallback isso causaria a devolução da mansagem para a fila e o problema de reprocessamento infinito apresentado no inicio do post Devemos ser cuidadosos ao avaliar datas dentro do listener não devemos nunca avaliar o momento em que a mensagem chega no listener sempre devemos avaliar a data em que o evento foi emitido isso chega obrigatoriamente com todo o evento dessa forma evitamos de processar uma data errada devido ao delay da mensagem ConclusãoToda arquitetura distribuída tem uma complexidade mais elevada observabilidade e tratamento de erros são pautas de muitas talks e donos da preocupação de várias equipes Sem dúvidas em uma arquitetura orientada a eventos precisamos de uma forma de lidar com erros no processamento de mensagens assíncronas No caso específico da Convenia a melhor saída foi fazer nosso próprio serviço que atende exatamente ao que precisamos Existem outras opções de message broker como kafka que podem trazer soluções jáprontas para esse problema o que te economizaráo trabalho de desenvolver e manter a solução de qualquer forma émuito importante ter uma solução similar a essa para auxiliar a equipe no dia a dia O LetterThief foi desenvolvido com a premissa da segurança em relação a perda de mensagens se reparar cuidadosamente vai ver que utilizando o LetterThief éimpossível perder uma mensagem no meio do caminho ou ela foi processada corretamente ou foi parar no LetterThief caso o desenvolvedor do listener tenha sido muito transgressor ao implementar o listener a mensagem voltarápara a fila independente da opção que adotarmos acho essa premissa de nunca perder a mensagem importante para se levar em consideração	2021-06-21 14:15:40
海外TECH	DEV Community	Codecov supply chain attack - Step by step breakdown	https://dev.to/mackenziejj/codecov-supply-chain-attack-step-by-step-breakdown-4a2e	Codecov supply chain attack Step by step breakdownCodecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers sensitive data This article reviews exactly what happened how attackers gained access how they used sensitive information and of course what to do if you were affected TL DRThis breach was done by very sophisticated attackers who exploited a mistake in how Codecov built docker images They used this to modify a script which allowed them to send the environment variables from the CI of Codecov customers to a remote server While the attackers could have conducted multiple attacks from there we can see based on other disclosures that one path they did take was accessing private git repositories from the git credentials in the CI environment then exploiting secrets and data within This shows the importance of keeping your git repositories clean and ensuring we don t use production credentials in our CI environment where possible What is Codecov Codecov is a code coverage tool essentially that means they check to see how much of your application is being tested When we re building modern applications and we re using continuous integration CI and continuous deployment CD we want to make sure that we have automated tests in place so when we release a new feature we can be confident that it works as intended and that it hasn t unintentionally broken any features within the application Now obviously we want to be able to test every line of code during this process every function and every feature but this requires quite mature testing automation and Codecov can help develop that because it lets you know what lines of code aren t being tested in your CI environment What happened quick timeline of eventsOn January st malicious actors were able to update the bash uploader script in Codecov they did this by leveraging credentials they were able to export from a docker image more on this later Between January st and April st the attackers were able to squat inside Codecov and extract all of the environment variables of Codecov s customersOn April st it was actually one of Codecov s customers that noticed that the bash uploader had a different hash value to what was published on their website indicating that something was wrong Codecov investigated and were able to fix the issue on April th after some thorough investigations Codecov then announced that they had been breached to the public and notified their customers Source So what does this all mean and how does it affect Codecov users and why is this type of attack a concerning trend for other CI tools Why is this type of attack Significant This type of attack is called a supply chain attack this is because Codecov sits in your software supply line And just like a supply chain in the physical world each part of the chain deals with lots of different goods from multiple different customers When attackers penetrate a chain in the supply line they can breach multiple organizations Using the example above of an oversimplified modern software supply chain we can follow the different stages of a typical supply chain We create or modify our codeCommit and push this code into our repositoriesNew code goes to CI environmentThe applications is compiledWe run tests on the application We produce reports on how our app performs Code moves to CD pipeline Final changes reviewedStaging application deployed Production application deployedLet s focus on the CI environment We can do alot of powerful automation in this stage to test our application But how we build applications has changed and we now rely on multiple external services Databases Payment systems Cloud infrastructure…… All these components need to be accessed by the tools within the CI environment so they can build and test the application For this reason the CI environment needs to have access to the secrets or credentials that grant access to these systems Hopefully if we build a secure CI environment we are using staging infrastructure which is less critical But it is still very common for production credentials to be used and most importantly it is highly likely that the CI environment will have access to the git repository which is known to contain a trove of sensitive information So by attacking Codecov the attackers now have access to all the credentials within the CI environment for ALL Codecov customers How the attackers breached CodecovNow we understand why a supply chain attack can be extremely impactful let s discuss the steps how the attackers were able to breach Codecov The attackers exploited an error in how Codecov created their docker images This process actually allowed the attackers to extract a credential from the Docker image this credential allowed them to be able to modify their Bash uploader script A bash script is just a set of instructions similar to what you would write within your bash or terminal but written out in a programmatic way They added a single line of code to this bash which was an additional step to send all the environment variables from the CI to an attacker s remote server Essentially taking the sensitive information that makes your application run and giving it to the bad guy This single line of code was if I can say so beautifully executed and hidden on line of a line document Without knowing it s there it would be extremely difficult to find View the entire compromised bash uploader script Who was affected by this Codecov has customers users anyone that was using the compromised version of Codecov between January st and April st would have been affected Large organizations such as Twilio Hashicorp Rapid Confluent have released their own statements about how this has affected them What did the attackers do Because there are so many potential victims we cannot be sure on all the ways the attackers leveraged the sensitive information they stole However from the public disclosures we can get an idea A good example is Twilio On April days after public announcement of the breach GitHub had noticed suspicious activity relating to the Codecov breach and private repositories had been cloned with some Twilio user tokens exposed within these repositories While this example is very small in the scale of the breach it clearly shows one attack path the attackers took Compromise CodecovUse stolen git credentials from bash uploaderAccess private repositories using stolen git credentialsScan repositories for sensitive information and secrets Exploit secrets This clearly shows that private git repositories were a clear target by the attackers What should you do if you have been affected If you were using code carved between January st and April st then it s very important that you take action now Revoke secretsThe first thing that you should do is rotate all your credentials this means all the credentials your CI environment has access to even if they are not used in production environments as these can still be used to move laterally But it also means to revoke access to any credentials that were stored with git repositories or other remote data stores that the CI environment had access to Check logsThe next thing is we want to analyze our logs to make sure that we can see any suspicious activity this will give an indication whether or not the attackers have penetrated into your systems Scan git repositoriesYou should now agree it is very important to make sure our git systems are clean and free of sensitive information These can be hidden deep in the git history of a project making them very difficult to find This is why it is important to use detection tools to do this GitGuardian has a free version of their detection system which will quickly uncover any secrets you can sign up here If you have private shared repositories within an organization then these can only be scanned with the enterprise version There is however a hack to do this for free You can sign up for the day free trial and use the time to audit your git history without needing to pay for the tool but don t tell anyone Add two way authentication for machinesThe final step you may choose to take is adding two way authentication for machines accessing secrets This means that you can grant access to your systems within your CI environment while adding another encryption and authentication step so attackers cannot use these even if they get exposed This is a great step and fantastic products like Hashicorp vault exist that can do this Bear in mind these are often very complicated tools that are costly and complicated to install even if the underlying tool is open source But this will ensure that in the event of an attack like this you are covered Is Codecov safe This is an uncomfortable question often but I will provide my thoughts on this Firstly it is impossible to reduce the risk of the breach to New vulnerabilities and exploits are discovered every day so there is always a risk that tools within your supply chain will be compromised The attack on Codecov was clearly conducted by sophisticated attackers and while they were able to exploit a mistake it was not a trivial exploit The other consideration is communication Codecov were very upfront about the breach and have continued to provide new information This is a good indication While I believe we need to be critical of tools we introduce into our supply chain we can be certain Codecov have fixed the underlying problem and would have conducted a serious security audit following the breach The final comment on this falls back to the customers of Codecov Of course we expect our vendors to take security measures seriously but we also need to take responsibility for our own security This means making sure we don t use production credentials in our CI environment ensuring our git repositories are clean and having response plans in place If we can do this then we can That s it Hopefully you found this article useful in understanding how this attack was conducted and If you have any questions comments or want to request a breach review reach out on Twitter to me at advocatemack or use the hashtag askmack	2021-06-21 14:06:23
Apple	AppleInsider - Frontpage News	iPhone production to rise 12.3% YoY in 2021, 'iPhone 12s' to focus away from 'mini'	https://appleinsider.com/articles/21/06/21/iphone-production-to-rise-123-yoy-in-2021-iphone-12s-to-focus-away-from-mini?utm_medium=rss	iPhone production to rise YoY in x iPhone s x to focus away from x mini x Apple will enjoy a bumper year of iPhone sales with the easing of the pandemic according to TrendForce with the fall iPhone launches said to benefit from ProMotion support in the Pro models as well as sensor shift OIS though with less attention paid to the mini model As the economy starts to recover from the COVID pandemic Apple is expected to benefit from the recovery In a note from TrendForce Apple s performance for the entirety of is believed to be positive and will lead to higher smartphone production In what is considered a cautiously optimistic view the forecast from the firm is for Apple to grow iPhone production for to million units a year on year increase TrendForce says there s still additional room for a slight growth going forward though the ongoing global chip shortage may have a constraining effect in Apple s attempts to ramp up production Read more	2021-06-21 14:23:21
Apple	AppleInsider - Frontpage News	Prime Day 2021 deals for Apple fans: best discounts knock up to 97% off	https://appleinsider.com/articles/21/06/21/prime-day-2021-deals-for-apple-fans-best-discounts-knock-up-to-97-off?utm_medium=rss	Prime Day deals for Apple fans best discounts knock up to offAmazon Prime Day deals are officially live with some of the year s steepest savings on Apple hardware smart home gadgets and accessories going on now Save up to instantly Prime Day deals are live and this year s discounts include bonus savings on TVs headphones M hardware and more Check out our roundup of the best discounts with more deals added as they launch throughout the hour shopping event Apple hardware Read more	2021-06-21 14:40:59
Apple	AppleInsider - Frontpage News	Pent-up demand could drive strong 'iPhone 13' cycle into 2022, analyst says	https://appleinsider.com/articles/21/06/21/pent-up-demand-could-drive-strong-iphone-13-cycle-into-2022-analyst-says?utm_medium=rss	Pent up demand could drive strong x iPhone x cycle into analyst saysAhead of the potential launch of the iPhone later in Wedbush believes there is still massive pent up demand for new smartphones within Apple s customer base Credit Andrew O Hara AppleInsiderIn a note to investors seen by AppleInsider Wedbush lead analyst Daniel Ives acknowledges that Apple shares have underperformed thus far in Ives attributes that to Wall Street being unconvinced about continued iPhone growth Read more	2021-06-21 14:02:17
Apple	AppleInsider - Frontpage News	Prime Day 2021 deals: $899 M1 MacBook Air returns	https://appleinsider.com/articles/21/06/21/prime-day-2021-deals-899-m1-macbook-air-returns?utm_medium=rss	Prime Day deals M MacBook Air returnsPrime Day Apple deals continue to drive down prices on the latest hardware with Amazon knocking off Apple s M MacBook Air Prime Day M MacBook AirThe promotion at Amazon delivers the cheapest M MacBook Air price available on the standard model equipped with GB of RAM a GB SSD and core GPU according to the AppleInsider Price Guide Read more	2021-06-21 14:15:59
Apple	AppleInsider - Frontpage News	Best Apple Watch Prime Day deals: Series 6 now $279 ($120 off) at Amazon	https://appleinsider.com/articles/21/06/20/best-apple-watch-prime-day-deals-series-6-now-279-120-off-at-amazon?utm_medium=rss	Best Apple Watch Prime Day deals Series now off at AmazonAmazon just launched killer Prime Day Apple Watch deals dropping the Series to off Target has the Series on sale for as well Apple Watch Prime Day dealsThe standout markdown in the latest round of deals to go live ahead of Prime Day is a discount sold out on the mm Apple Watch Series GPS with a Red Aluminum Case and Red Sport Band Read more	2021-06-21 14:22:08
海外TECH	Engadget	EU data regulators call for facial recognition ban in public spaces	https://www.engadget.com/eu-data-regulators-facial-recognition-public-spaces-ban-144513753.html?src=rss_b2c	credit	2021-06-21 14:45:13
海外TECH	Engadget	The laptops and tablets worth your money on Prime Day	https://www.engadget.com/amazon-prime-day-2021-best-laptop-tablet-deals-140513019.html?src=rss_b2c	razer	2021-06-21 14:05:13
金融	RSS FILE - 日本証券業協会	全国上場会社のエクイティファイナンスの状況	https://www.jsda.or.jp/shiryoshitsu/toukei/finance/index.html	上場会社	2021-06-21 15:30:00
金融	RSS FILE - 日本証券業協会	新型コロナウイルス感染症への証券関係機関等・各証券会社の対応について（リンク集）	https://www.jsda.or.jp/shinchaku/coronavirus/link.html	新型コロナウイルス	2021-06-21 14:40:00
金融	RSS FILE - 日本証券業協会	J-IRISS	https://www.jsda.or.jp/anshin/j-iriss/index.html	iriss	2021-06-21 15:54:00
ニュース	@日本経済新聞 電子版	NYダウ反発で始まる　一時400ドル高、景気敏感株に買い https://t.co/MEKcw8eAHd	https://twitter.com/nikkei/statuses/1406981684059250699	景気敏感株	2021-06-21 14:25:48
ニュース	@日本経済新聞 電子版	五輪の人流、1日最大20万人　観客の直行直帰が課題に https://t.co/u5BIEjadKX	https://twitter.com/nikkei/statuses/1406980449625272329	観客	2021-06-21 14:20:54
ニュース	@日本経済新聞 電子版	酒類提供再開、飲食店街で人出増　感染阻止と両立課題に https://t.co/TGqyYsmJ5O	https://twitter.com/nikkei/statuses/1406975425138413568	飲食店街	2021-06-21 14:00:56
ニュース	BBC News - Home	Hotel Chocolat pays £4 for beauty firm Rabot 1745	https://www.bbc.co.uk/news/business-57552277	joint	2021-06-21 14:06:41
ニュース	BBC News - Home	UK trade: Ministry of Defence to pay for 'national yacht'	https://www.bbc.co.uk/news/uk-politics-57556938	defence	2021-06-21 14:33:27
ニュース	BBC News - Home	Princess Latifa: Photo appears to show Dubai ruler's daughter in Spain	https://www.bbc.co.uk/news/world-middle-east-57556558	spain	2021-06-21 14:02:56
ニュース	BBC News - Home	Gracie Spinks death: Derbyshire Police referred to watchdog	https://www.bbc.co.uk/news/uk-england-derbyshire-57553573	death	2021-06-21 14:03:22
LifeHuck	ライフハッカー［日本版］	4000円以下で買えるお得なスマートウォッチ7選【Amazonプライムデー】	https://www.lifehacker.jp/2021/06/prime-day-smartwatch.html	amazon	2021-06-22 00:00:00
北海道	北海道新聞	五輪減収で負担協議難航も　チケット収入「半分以下」	https://www.hokkaido-np.co.jp/article/558185/	東京五輪	2021-06-21 23:15:00
北海道	北海道新聞	北朝鮮「食糧危機」認める　党総会議題、深刻さ反映	https://www.hokkaido-np.co.jp/article/558179/	中央委員会	2021-06-21 23:12:00
北海道	北海道新聞	＜横田教授の「コロナ」チェック＞陽性率は順調に低下　感染経路不明は微増	https://www.hokkaido-np.co.jp/article/558177/	感染経路	2021-06-21 23:11:00
北海道	北海道新聞	日韓局長協議、平行線　文大統領訪日は議論なく	https://www.hokkaido-np.co.jp/article/558173/	議論	2021-06-21 23:04:00
仮想通貨	BITPRESS（ビットプレス）	[毎日] 仮想通貨の取引口座転売、全国初の詐欺容疑で逮捕	https://bitpress.jp/count2/3_9_12595	転売	2021-06-21 23:58:30
仮想通貨	BITPRESS（ビットプレス）	日本暗号資産ビジネス協会（JCBA）、6/30にWEBで会員対象の「6月度勉強会」開催	https://bitpress.jp/count2/3_15_12594	資産	2021-06-21 23:47:31
仮想通貨	BITPRESS（ビットプレス）	ディーカレット、6/19よりビットコインの自動積立サービス提供開始	https://bitpress.jp/count2/3_10_12593	自動	2021-06-21 23:45:35
仮想通貨	BITPRESS（ビットプレス）	[PRESIDENT] ｢それでも大暴落は止まらない｣ビットコインが"新時代の通貨"とはなり得ない3つの理由	https://bitpress.jp/count2/3_17_12592	president	2021-06-21 23:20:11
仮想通貨	BITPRESS（ビットプレス）	[Bloomberg] ビットコイン一時3万2000ドル割れ、中国が仮想通貨締め付け強化	https://bitpress.jp/count2/3_9_12591	bloomberg	2021-06-21 23:17:46