AWS |
AWS Open Source Blog |
AWS is doubling down on improving the open source continuous delivery experience for our customers |
https://aws.amazon.com/blogs/opensource/aws-is-doubling-down-on-improving-the-open-source-continuous-delivery-experience-for-our-customers/
|
AWS is doubling down on improving the open source continuous delivery experience for our customersWe are thrilled to announce that AWS is joining the Continuous Delivery Foundation CDF as a Premier member Continuous delivery is the bridge between software that our customers build and cloud services that AWS offers and CDF is the interface to the community that is driving many important innovations in this space We join the … |
2021-06-23 16:01:14 |
AWS |
AWS Government, Education, and Nonprofits Blog |
Business resiliency framework: 5 ways to simplify how governments digitally transform |
https://aws.amazon.com/blogs/publicsector/business-resiliency-framework-5-ways-to-simplify-how-governments-digitally-transform/
|
Business resiliency framework ways to simplify how governments digitally transformThe business resiliency framework uses the five most common business goals government and education organizations face real time data analytics business continuity process and systems modernization workforce enablement and learning and constituent engagement Learn how public sector organizations can apply the business resiliency framework and cloud technology to close various workforce data and analytics gaps |
2021-06-23 16:46:14 |
AWS |
AWS Security Blog |
Security is the top priority for Amazon S3 |
https://aws.amazon.com/blogs/security/security-is-the-top-priority-for-amazon-s3/
|
Security is the top priority for Amazon SAmazon Simple Storage Service Amazon S launched years ago in March and became the first generally available service from Amazon Web Services AWS AWS marked the fifteenth anniversary with AWS Pi Weekーa week of in depth streams and live events During AWS Pi Week AWS leaders and experts reviewed the history of AWS and … |
2021-06-23 16:14:03 |
AWS |
AWS Security Blog |
Security is the top priority for Amazon S3 |
https://aws.amazon.com/blogs/security/security-is-the-top-priority-for-amazon-s3/
|
Security is the top priority for Amazon SAmazon Simple Storage Service Amazon S launched years ago in March and became the first generally available service from Amazon Web Services AWS AWS marked the fifteenth anniversary with AWS Pi Weekーa week of in depth streams and live events During AWS Pi Week AWS leaders and experts reviewed the history of AWS and … |
2021-06-23 16:14:03 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
!とreturn;を使った文が分からないです |
https://teratail.com/questions/345775?rss=all
|
とreturnを使った文が分からないですUnityの“StandardnbspAssetsというアセットの、タップクリックした位置にプレイヤーを移動させるというサンプルの“ターゲットにアタッチされたスクリプト内の、“と“returnを使った文が分からないです。 |
2021-06-24 01:53:24 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
webpackの開発環境でjpgが表示されない |
https://teratail.com/questions/345774?rss=all
|
webpackの開発環境でjpgが表示されないwebpackの開発環境でjpgが表示されず困っています。 |
2021-06-24 01:47:55 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Swiperの設定方法を教えてください(paginationを画像の外に出したい。navigationを表示させたい) |
https://teratail.com/questions/345773?rss=all
|
navigationを表示させたいSwiperの設定についてご教示お願いします。 |
2021-06-24 01:46:39 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
PythonのSeleniumのChromeDriverで起動済みのブラウザを操作する方法を知りたい |
https://teratail.com/questions/345772?rss=all
|
|
2021-06-24 01:43:31 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
pyzrunの組み込みオブジェクトや組み込みクラスについてのエラー |
https://teratail.com/questions/345771?rss=all
|
pyzrunの組み込みオブジェクトや組み込みクラスについてのエラー前提・実現したいことプログラミング初心者ですpygamenbspzeroを利用して簡単なゲームを作りたいと思っています。 |
2021-06-24 01:26:07 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Firefoxの「無限ループ」の原因 |
https://teratail.com/questions/345770?rss=all
|
Firefoxの「無限ループ」の原因ウェブサイトhtmlphpjavascriptを作成しております。 |
2021-06-24 01:23:51 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
uniq -c コマンドを複数項目で重複判断する方法 |
https://teratail.com/questions/345769?rss=all
|
uniqcコマンドを複数項目で重複判断する方法uniqnbspcnbspコマンドを複数項目の組み合わせをキーとして重複判断させたいです。 |
2021-06-24 01:12:44 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
Rustのlog出力info!で使用される =>の意味を教えていただきたい。 |
https://teratail.com/questions/345768?rss=all
|
調べたところinfoはログを出力する際に使用されることが分かったのですが、コード内のnbspquotgtquotに関する情報が得られませんでした。 |
2021-06-24 01:09:21 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
Railsアプリに隠しコマンド・隠しページを実装してみる |
https://qiita.com/kazama1209/items/78bd59304c12bd61b771
|
動作確認あとがき以上、Railsアプリに隠しコマンド・隠しページを実装してみました。 |
2021-06-24 01:56:43 |
Azure |
Azureタグが付けられた新着投稿 - Qiita |
Windows Virtual Desktop のデモ環境を作る Part.2 |
https://qiita.com/KentoNaka/items/88423166cc4537c850d3
|
以下のリンクにアクセスして、WindowsVirtualDesktopエージェントWindowsVirtualDesktopエージェントブートローダーこのつをセッションホストのマシンにインストールします。 |
2021-06-24 01:56:54 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
Railsアプリに隠しコマンド・隠しページを実装してみる |
https://qiita.com/kazama1209/items/78bd59304c12bd61b771
|
動作確認あとがき以上、Railsアプリに隠しコマンド・隠しページを実装してみました。 |
2021-06-24 01:56:43 |
海外TECH |
DEV Community |
Career Development Tips to Help You Keep Ahead of the Curve |
https://dev.to/krowser/career-development-tips-to-help-you-keep-ahead-of-the-curve-2957
|
Career Development Tips to Help You Keep Ahead of the CurveIn the creative industry everything can change in the blink of an eye or the click of a mouse So how do you ensure your skills keep up with the latest technologies trends and standards That s the million dollar question Figure out what you stink atWhile this isn t groundbreaking career advice it is important If you have a professional weak point fix it Take it upon yourself to identify your skill gaps and work to fill them day in and day out Once you correct one issue move on to the next As a creative professional if you re not willing to constantly improve your skill set you re in the wrong field It takes passion to succeed in this industry and when you don t have it your weaknesses become more apparent as the days wear on Learn something new every dayIn addition to getting better at what you know it s important to understand the things you don t For instance if you are a web content writer and aren t grasping why account services keeps pushing for more social content ask them Get the inside scoop on what the client is looking for Not only will it help you deliver more targeted work in the next round but it also can help you better understand the needs of future clients Become indispensableDid you hear through the office grapevine that your boss is looking for a writer who is familiar with video game culture Offer to take up the task When you can do something that no one else on the team can like coding or optimizing content for the Web you have an undeniable advantage which helps to keep your position in tact The more of these added benefits you can master the more valuable you become as an employee The bottom line is if you want to get ahead in your career you have to be willing to continually learn adapt and improve Engage those around youAre you a big fan of a fellow copywriter s work Invite that person to lunch so you can pick her brain Are you fascinated with the impressive output of a particular graphic designer Shoot him an email and ask about his process When you engage with other creative professionals you open yourself up to new ways of thinking They could share a nugget of information that completely redefines your process or alters your method of delivery Plus you never know when the opportunity for collaboration may arise That s how some of the world s most lucrative companies got their start two people throwing their ideas at one another Read moreWhether it s bookmarking a few blogs or picking up a new novel from your favorite author we can all benefit from reading more Don t limit yourself to a specific field or specialty or you ll miss out on a literal world full of information As a writer I always benefit from keeping up with the industries I m writing for from finance and healthcare to consumer goods and advertising You never know when a new piece of knowledge might click to help you create a million dollar campaign Maintain a good work life balanceThis one is a little harder because it s not always in your control However a healthy work life balance can make all the difference between a good career and a great one Sure you could stay an extra hour at the office and churn out work that isn t due until tomorrow night Or you could spend it with your family get plenty of sleep and produce even better work the next morning Too many of us have come to believe that the brass favor workaholics However I ve come to find that many managers prefer individuals who keep work in check because employees who enjoy a life outside the office are often happier and more creative Be yourself alwaysNo matter what field you work in or what job title you have you should always be yourself The minute you start pretending to be something you re not is when your career development begins to descend In most cases a company hires you because they like your work and enjoy your personality So don t feel pressure to be someone you re not A strong work ethic and a good personality and eagerness to learn will often transcend any shortcomings you may have |
2021-06-23 16:56:07 |
海外TECH |
DEV Community |
Welcome Thread - v130 |
https://dev.to/thepracticaldev/welcome-thread-v130-8kd
|
Welcome Thread v Welcome to DEV Leave a comment below to introduce yourself You can talk about what brought you here what you re learning or just a fun fact about yourself Reply to someone s comment either with a question or just a hello Great to have you in the community |
2021-06-23 16:27:59 |
海外TECH |
DEV Community |
20 Web Monetized Projects to Inspire You |
https://dev.to/coil/20-web-monetized-projects-to-inspire-you-2k3o
|
Web Monetized Projects to Inspire YouUntil recently the only way content creators could make money was through advertising or other business models that take advantage of a user s privacy But with the proposed WC Web Monetization API creators now have a revenue model that empowers them to make money from their users without advertising forcing them to subscribe or invading their privacy Amazing right There are a ton of developers across the world who are experimenting with Web Monetization Want to see them You are in the right place In this article I collated a list of projects using Web Monetization to make money and offer their users exciting perks CinnamonCinnamon is a community driven content creation platform that allows users to view and create videos while providing native cross app sharing It uses web monetization to allow video creators to earn from their content without bugging the viewers with unnecessary advertisements With a fee of only Cinnamon grants viewers ad free access to all videos available on the platform Then pays the video creators in real time This means that creators do not have to wait until the end of the month to be paid like traditional video streaming platforms because Cinnamon uses Web monetization to redistribute funds based on the time viewers spend on video content SimmerSimmer is a platform for Indie game developers to host their creations in the browser for free with a single drag and drop mechanism Simmer was one of the first game portals to integrate with the Web Monetization API Through this integration creators can generate their payment pointer from Coil paste it into Simmer s game editor UI to make their games monetized automatically If you are a game developer you should take advantage of the engaging audience on Simmer by uploading your games and making money at the same time TwitchTwitch is a live streaming service that allows users to create channels run broadcasts and interact with their viewers Thanks to the automatic Web Monetization support on twitch viewers can support their favorite Twitch Partners and Affiliates by simply watching their streams Then Coil keeps track of how much each streamer has earned and then purchases Twitch Bits when the minimum purchase threshold is reached for that particular streamer Pretty cool right Hashnode Hashnode enables developers to create a blog mapped to their domain for free So they can focus on developing and sharing content on their blogs while we take care of the rest customization readership visibility web monetization and so much more As a reader you ll get access to all the tech articles for free without any ads or restrictions On the other hand the creators get to make money based on the amount of time any Coil subscriber spends on their blog Web Monetization has changed a lot of things Gone are those days where we thought the only way to make money as a blogger was through ads or adding a paywall Imgur EmeraldImgur is the easiest way to discover and enjoy the magic of the Internet It s where you ll find the funniest most informative and inspiring images memes GIFs and visual stories served up in an endless stream of bite sized fun Powered by a passionate community of people worldwide anyone can join to share cool stuff and vote the best to the top You ll always find something on Imgur that brightens your day Yes Imgur uses the Web Monetization API as well So Coil will distribute the micropayments to the creators according to the amount of time Coil subscribers spend looking at content on Imgur Subscribers also get access to unlimited uploads community features and most importantly an ad free browsing experience PermanentHave you ever thought about your digital legacy By digital legacy I mean an accumulation of the different text pictures and videos you ve posted online over the years The truth is our digital legacy is disappearing because we ve not had a central place to store it And each time it disappears a glimpse of who we were vanishes as well To solve this Permanent enables you to create curate and collaborate on living archives for yourself your family and your community Thanks to the power of the Web Monetization API the owners of Permanent org are prototyping and building an Open Source API that allows users to easily store data with a storage provider using a one time micropayment with no need for storage provider or frontend service accounts and financial commitments She Code AfricaShe Code Africa is a non profit organization focused on celebrating and empowering young girls and women in tech across Africa They champion exceptional programs and initiatives to improve the tech skills of their members and keep the community engaged amongst other things She Code Africa recently integrated Web Monetization into their website as a means to earn revenue This revenue is used to continue the fantastic work they are doing in the developer community You should support them CSS TricksCSS Tricks is one of the best websites to find insightful articles about frontend development Keeping in mind that it is one of the best websites for frontend content many devs worldwide have benefitted from it tremendously Meaning that some of them may have wanted to tip the writers or tell them thanks financially With Coil as CSS Tricks web monetization provider the website now receives micropayments from readers who have an active Coil subscription and the browser extension UshahidiUshahidi is a crowdsource driven data platform that enables people to raise their voices inform their decisions and influence change in their communities Being a non profit integrating web monetization on Ushahidi was an excellent way to gain revenue without running ads especially during the pandemic So if any Coil user visits Ushahidi Coil will calculate the amount of time you ve spent on the website and credit the non profit team And most importantly your data is safe AkitaAkita is a free and Open Source project that displays your top visited monetized sites how much time you re spending on them and how much you re contributing or could contribute to them They also create diverse resources that will help you understand Web Monetization through storytelling easy to use tools and community outreach Puma BrowserPuma is a new way to pay for content through a privacy focused web browser It provides a fast and private mobile Web browser that makes it easy to support creators game amp app developers and charities of your choice The platform uses Coil and the Web Monetization API to create an ad free user experience and send payment s for the content directly from the browser Flood EscapeFlood Escape is an action packed rush to get out of danger You have to build your way up to escape the flood and be rescued in time in the game You can also customize your experience with flames get rewarded and have a good time Flood Escape uses web monetization to generate revenue from its game without the need for bugging users with unnecessary advertisements They also give web monetization subscribers a bonus of plus coins and a faster cooldown time DevDev is an Open Source software that powers a community of software developers who write articles and build relationships with other developers The platform allows individual authors to add their Coil Payment pointer to their blogs right through their settings So every time a Coil subscriber reads your article micropayments will be sent to your payment wallet by Coil Ballet RisingBallet Rising is a non profit organization focused on the stories of people worldwide whose passion for classical ballet is redefining its culture and elevating ballet as a truly global art form It highlights communities where there is an interest in ballet to drive and build positive relationships with local arts organizations so that the global ballet community grows in harmony with local customs Their website is monetized using Coil So you can support them by signing up for a coil membership Tech with CatalinTech with Catalin is a blog owned by Catalin Pit a Software Engineer specializing in JavaScript technologies and AWS The blog covers content about NodeJS backend development Open Source contributions and growing as a developer Thanks to web monetization Tech with Catalin generates revenue without displaying ads to its readers or adding a paywall TechdirtTechdirt is an American Internet blog that reports on technology s legal challenges and related business amp economic policy issues in the context of the digital revolution It focuses on intellectual property patents information privacy and copyright reform in particular While other websites have resorted to paywalls registration requirements and increasingly annoying intrusive advertising Techdirt has made their site open and available to anyone thanks to Web Monetization As a Coil subscriber you ll get to support Techdirt anytime you read content on their website On The ChainOnTheChain promotes everything cryptocurrency related It has many podcasts Youtube videos newsletters and a channel where they share tips and encourage people to join the cryptocurrency community OnTheChain uses the XRP TipBots wallet to receive bits of streaming payments from subscribers via Coil s Web Monetization API This allows them to give their users an incredible ad free experience and not invade their privacy to make money SHORT FILM WEBShortFilmWeb is a directory of some of the best short films freely available online carefully handpicked by the team ShortFilmWeb uses Coil to monetize its content giving them an edge to continue posting quality films and reviews HackernoonHackernoon is a community of over contributing writers publishing free high quality tech stories The platform supports writers by proofreading their articles before it is published on the platform Hackernoon believes that advertising is not the best way to generate revenue so they use Web Monetization instead Because of this writers on the platform can accept a stream of micro tips from their readers JS BinJS Bin is a free and Open Source code sharing website for web developers It enables developers to create and share code snippets or web pages with their colleagues or anyone in the developer community Being a free platform JS Bin uses Coil and the Web Monetization API to generate revenue to keep the website running without ads SummaryWeb monetization paves the way for a more open fair and inclusive web to better support users and creators Creators make money and users finally experience their favorite websites without annoying advertisements or the invasion of their privacy Now that you ve seen a couple of projects and people using the Web Monetization API by Coil go ahead and become a Coil Subscriber or integrate the Web Monetization API into your projects blog or website You will find everything you need to get started here I hope you enjoyed reading this article If you have any questions share them in the comment section below and I ll reply to every comment |
2021-06-23 16:07:52 |
Apple |
AppleInsider - Frontpage News |
Apple TV+ shares first trailer for 'Watch the Sound With Mark Ronson' |
https://appleinsider.com/articles/21/06/23/apple-tv-shares-first-trailer-for-watch-the-sound-with-mark-ronson?utm_medium=rss
|
Apple TV shares first trailer for x Watch the Sound With Mark Ronson x The first trailer for Apple TV docuseries Watch the Sound With Mark Ronson features Angel Olsen Charli XCX Paul McCartney and more Watch the Sound With Mark Ronson on Apple TV The six episode documentary series explores the intersection of technology and musical innovation Mark Ronson sits down with industry greats to discuss the ideas behind the process of making music Read more |
2021-06-23 16:58:23 |
Apple |
AppleInsider - Frontpage News |
'iPhone 13' will impress with new features, 5G iPhone SE coming in early 2022 says Kuo |
https://appleinsider.com/articles/21/06/23/iphone-13-will-impress-with-new-features-5g-iphone-se-coming-in-early-2022-says-kuo?utm_medium=rss
|
x iPhone x will impress with new features G iPhone SE coming in early says KuoBeyond an impressive iPhone in late Apple will release a new G iPhone SE in the first half of followed by a slate of flagship iPhone models with under display Touch ID and lower prices predicts analyst Ming Chi Kuo Credit Andrew O Hara AppleInsiderIn a note to investors seen by AppleInsider Kuo writes that he has a favorable view of Apple s iPhone strategy in and Read more |
2021-06-23 16:23:57 |
Apple |
AppleInsider - Frontpage News |
Claris FileMaker Pro gets native Apple Silicon update |
https://appleinsider.com/articles/21/06/23/claris-filemaker-pro-gets-native-apple-silicon-update?utm_medium=rss
|
Claris FileMaker Pro gets native Apple Silicon updateClaris has released its Apple Silicon version of database and software development tool FileMaker Pro including a new quick start app builder Claris FileMakerClaris moved from an annual to a rolling update schedule for FileMaker Pro in May Since then the company says it has issued over enhancements but now it s unveiling a more major update Read more |
2021-06-23 16:18:36 |
Apple |
AppleInsider - Frontpage News |
'Foundation' & 'The Problem With Jon Stewart' premiering on Apple TV+ in September |
https://appleinsider.com/articles/21/06/23/foundation-and-the-problem-with-jon-stewart-premiering-on-apple-tv-in-september?utm_medium=rss
|
x Foundation x amp x The Problem With Jon Stewart x premiering on Apple TV in SeptemberApple has shared a September release window for two of its upcoming Apple TV shows ー Foundation and The Problem With Jon Stewart Foundation coming to Apple TV in SeptemberWith the pandemic subsiding Apple has been able to ramp up production of its many exclusive series The Apple TV lineup has many shows returning for their second seasons as well as long awaited series premieres Read more |
2021-06-23 16:26:55 |
海外TECH |
Engadget |
Co-op shooter 'Aliens: Fireteam Elite' heads to consoles and PC on August 24th |
https://www.engadget.com/aliens-fireteam-elite-august-24th-163045878.html?src=rss_b2c
|
august |
2021-06-23 16:30:45 |
海外TECH |
Engadget |
Supreme Court rules that ‘F--- school’ is free speech in student Snapchat case |
https://www.engadget.com/supreme-court-snapchat-free-speech-pennsylvania-161320105.html?src=rss_b2c
|
Supreme Court rules that F school is free speech in student Snapchat caseThe Supreme Court ruled today that a high school in Pennsylvania violated a student s First Amendment rights by suspending her from the cheerleading team following Snapchat posts where she criticized the school with expletives |
2021-06-23 16:13:20 |
海外TECH |
The Apache Software Foundation Blog |
Success at Apache: Security in Practice |
https://blogs.apache.org/foundation/entry/success-at-apache-security-in
|
Success at Apache Security in Practiceby Jarek PotiukThis post is about the Apache Software Foundation s Security process and security mindset of the Apache Software project s PMC put to the best use in practice From this post you can learn why security practices we apply at our projects are important and how they work when they are applied correctly and when the right security driven mindset is applied by the PMCs but also how important it is for the users of the Apache Software Foundation projects to keep their software updated including latest security fixes The idea of this article was triggered by a recent blog post of the security researcher Ian Caroll that has earned USD on bug bounties by simply following up the results of Apache Security process applied by the Apache Airflow PMC This saved quite a few businesses a lot of trouble but it was only possible due to the foundations laid down by the ASF and the PMC of the project Here is what Ian Caroll has to say about it “This issue was a great example of how ASF s transparent way of fixing and disclosing vulnerabilities worked to protect users of their software and gave many organizations a wake up call on ensuring they upgrade and protect their open source software Apache Airflow is one of the most common orchestration software used in the industry currently and due to its nature it sounds like an important vector of attack if you run it internally in your company you are likely to interact with pretty much all your systems and if you manage to break in through Airflow it might cascade into as many systems you connect to Therefore the Apache Airflow PMC takes security very seriously So seriously that we have the whole discussion panel about Apache Airflow Security at the Airflow Summit that is coming soon July th This post s main point is to show how important it is to follow the security best practices for all the software lifecycle and how important it is to think about it at every step of building and releasing the software and beyond Let s start from the very beginning making sure the code development process is secure Like most of the ASF projects the Apache Airflow project is developed in GitHub and together with a growing number of projects we use GitHub Actions to run continuous integration There are a number of best practices and security hardening practices published by Github that you should follow when you run your CI with GitHub Actions and we rigorously follow them including monitoring of the quot Security blog of GitHub quot and following it s advisories And we have not stopped there We actively think and discuss the potential security threats and ways how for example supply chain attacks can be performed on our project and we share our findings at the discussion mailing lists of the ASF and introducing recommendations for all ASF projects to make use of the best practices One of the results there is documenting the practices and sharing them at the builds apache org But we also raised a few security issues to GitHub and as a result of that at least that s the feedback we got from GitHub they implemented some improvements that we apply in practice The recent example of that is a change implemented by GitHub to allow control of permissions of the GitHub Token used during the CI build which resulted in this PR Few months ago we raised concern that having the blanket quot write quot permission is quite dangerous and GitHub responded and implemented the change which allowed us to limit the scope of tokens used for our builds and increase protection against a wide range of attacks with the supply chain attacks being recently the most prominent ones leading to ransomware threats and millions of dollars paid to hackers nbsp This is where the security mindset for the Apache Airflow PMC starts with and this lays the foundation for the next steps where the Apache Software Foundation takes a crucial role in releasing the software and monitoring for security vulnerabilities The ASF has a rather well established process for disclosing and following up with security vulnerabilities for the ASF projects One that is very straightforward and simple to follow for everyone involved starting from security researchers who raise those issues going through the voluntary security team of the ASF that has to handle from the upcoming annual report reports of possible vulnerabilities spanned across of the top level ASF projects which led to CVEs Common Vulnerabilities and Exposures assigned and end up with the PMC that has to handle solving the issues and follow up with reporting Heck ASF even introduced an internal portal to report and keep track of all the CVEs as well as report the yearly security summary report and video This process is very clear about responsible disclosure and publishing the vulnerabilities the way how security researchers the ASF security team and PMC can collaborate when security is discovered Quite a recent experience there was discovering and announcing CVE User enumeration in database authentication in Flask AppBuilder This issue was reported to the ASF following the process by Dolev Farhi he responsibly disclosed it together with proof of concept reproducible scenario that allowed us to quickly verify that the issue exists and more importantly that allowed us to verify that the issue is fixed when we fixed it nbsp At the end of the process this is the message we got from Dolev quot Truly enjoyed working with you Thanks so much for your help in bringing this to closure and making Airflow what it is quot The CVE was an interesting one because it was not an issue with the Airflow code but it was introduced by a dependency of Airflow Flask AppBuilder Fortunately the process is built in the way that we can involve and collaborate with other projects in solving it and we got excellent support from Daniel Gaspar We tried and tested the fix locally provided it to Daniel which let Daniel quickly implement it and release a new version of Flask AppBuilder fixing it This was also important for the Apache Superset project Daniel is a PMC there as well which also uses Flask AppBuilder and suffered from the same vulnerability This shows how security is a distributed issue and how much cooperation is important and how much a good security process should embrace it I truly enjoyed cooperation with Daniel and Dolev as we helped to test release candidate of Flask AppBuilder Later on when the CVE was published we announced it following the regular announcement process Here is what Daniel has to say about it quot A great example of multiple open source projects working together elevating each other to higher quality The whole is greater than the sum of the parts Got a clear report with a proposed fix reproducible steps all backed by the ASF security process it was a breeze to fix and release quot nbsp This leads to the most important point We can do only as much as we can when it comes to developing and releasing our software But then it s up to our users to upgrade to the latest versions If they don t they remain vulnerable This was the actual reason for the blog post I mentioned initially despite announcing a CVE and releasing a fixed version a long time ago many of our users did not follow the announcements and did not upgrade to the latest version of Airflow I must stress here the importance of this step as long as our users do not upgrade to fixed versions there is not much we can do to help them It s all in our users hands This time it ended up with just USD paid to Ian in the form of bounties because Ian is a responsible security researcher so called quot white hat quot But imagine some bad characters doing the same thing Ian did Of course we understand that this might sometimes be difficult to migrate to newer versions of a software but here we also have another solution that we applied last year and one that might seem surprising at first but makes perfect sense when you look at the consequences Consistent versioning and release support predictability When we announced Airflow last year there was a small but important change we introduced full support for Semantic Versioning which we follow rigorously since We also published a predictable version lifecycle Why is this important Because the users might be pretty sure that they can safely upgrade “patchlevel version of Airflow when it gets released without even thinking about potential migration problems Also when you release the quot feature quot minor version of Airflow we promise it is backwards compatible and even if the migration process might be a bit longer they can apply it without worrying about spending a lot of time for the migration of their DAGs DAGs are the users workflow definitions that some of our customers have many thousands of as their entire data processing is orchestrated by Airflow nbsp We also publish and will continue to the support schedule for our major releases so that the users can be prepared and plan migration to new major releases in advance As with all software we sometimes will implement backwards incompatible changes which will cause our users to spend more time on migrations Those old releases will stop receiving security fixes at some date and the best you can do as a user is to migrate to the supported version before the date Which leads to the last and most important point in this article If you are a diligent reader and look at the announcement I mentioned above for CVE you will see that the fix for that is only released for Airflow series Why Because Airflow just reached its end of life on June th When we released Airflow half a year ago we agreed in the community that we will only support Airflow with critical security fixes for months And we did for example the CVE has been addressed in the Airflow nbsp But this time is over now This is the first security vulnerability that we addressed only for Airflow If you are still using Airflow you are on your own now You are no longer protected by the security process of the ASF the security team of ASF and airflow PMC What s even more security researchers who raise the issues even if they find it might not be eager to responsibly disclose it knowing also that the issue will not be fixed anyway When you read about the next ransomware attack and millions of dollars paid think if you would like one day your company to face this kind of dilemma Even if it costs time and money to keep your software updated preventing this kind of problem is far cheaper than dealing with the consequences of such an attack Upgrade NOW to the latest release of Airflow and keep on doing it for the future releases Be sure to join us at Airflow Summit online July registration is free and open to all Jarek Potiuk started to work on the Apache Airflow project in September He became an Apache Airflow committer in April and a member of the Apache Airflow Project Management Committee PMC in October He was elected an ASF Member in April He is an Apache project mentor in Outreachy and Google Summer of Code and was a mentor in Google Season of Docs Jarek is an independent Open Source Contributor and Advisor and always keen on making it easier for people with different backgrounds to join OSS projects quot Success at Apache quot is a monthly blog series that focuses on the processes behind why the ASF quot just works quot nbsp |
2021-06-23 16:52:55 |
海外TECH |
Network World |
HPE expands GreenLake services |
https://www.networkworld.com/article/3622210/hpe-expands-greenlake-services.html#tk.rss_all
|
HPE expands GreenLake services Hewlett Packard Enterprise announced several expansions of its managed GreenLake services during its HPE Discover conference this week GreenLake is HPE s consumption model for hardware and services Rather than make an outright purchase customers determine the configuration they will need and HPE installs it with a slight overprovisioning just in case If the customer ends up needing more hardware capacity it s just turned on Until then it just sits there unused and at no charge To read this article in full please click here |
2021-06-23 16:29:00 |
Cisco |
Cisco Blog |
20 Years of Conexión |
https://blogs.cisco.com/diversity/20-years-of-conexion
|
latinx |
2021-06-23 16:26:51 |
海外科学 |
NYT > Science |
Some Republicans Find Failure to Grapple With Climate Change a ‘Political Liability’ |
https://www.nytimes.com/2021/06/23/climate/climate-change-republicans.html
|
Some Republicans Find Failure to Grapple With Climate Change a Political Liability A small but growing number of Republicans say the G O P needs a coherent climate strategy and formed a “Conservative Climate Caucus on Capitol Hill |
2021-06-23 16:08:21 |
金融 |
金融庁ホームページ |
「経済財政運営と改革の基本方針2021」及び「成長戦略実行計画・成長戦略フォローアップ」を踏まえた兼業・副業の普及・促進について公表しました。 |
https://www.fsa.go.jp/news/r2/sonota/20210623.html
|
基本方針 |
2021-06-23 18:00:00 |
金融 |
金融庁ホームページ |
「ソーシャルボンド検討会議」(第4回)を開催します。 |
https://www.fsa.go.jp/news/r2/singi/20210630.html
|
検討 |
2021-06-23 17:00:00 |
金融 |
金融庁ホームページ |
「日本の資産運用エコシステムにおける課題に関する調査 」について公表しました。 |
https://www.fsa.go.jp/common/about/research/20210623_3.html
|
資産運用 |
2021-06-23 17:00:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
日本ドラマのリメーク権をハリウッドに売り込み |
https://www.jetro.go.jp/biznews/2021/06/a250ec6157e41b68.html
|
売り込み |
2021-06-23 16:30:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
ジェトロ、「ビバ・テクノロジー2021」で海外スタートアップ発掘コンテストを初始動 |
https://www.jetro.go.jp/biznews/2021/06/c342810995aaed9e.html
|
発掘 |
2021-06-23 16:15:00 |
ニュース |
ジェトロ ビジネスニュース(通商弘報) |
「ビバ・テクノロジー」、リアルとオンラインのハイブリッドで2年ぶり開催、日本ブースも |
https://www.jetro.go.jp/biznews/2021/06/745f400de2addd08.html
|
日本ブース |
2021-06-23 16:10:00 |
ニュース |
BBC News - Home |
Dalian Atkinson: PC guilty of former footballer's manslaughter |
https://www.bbc.co.uk/news/uk-england-shropshire-57495426
|
country |
2021-06-23 16:41:24 |
ニュース |
BBC News - Home |
HMS Defender: Russian jets and ships target British warship |
https://www.bbc.co.uk/news/world-europe-57583363
|
coast |
2021-06-23 16:38:23 |
ニュース |
BBC News - Home |
Government encourages schools to host 'One Britain' events |
https://www.bbc.co.uk/news/uk-politics-57579002
|
calls |
2021-06-23 16:02:08 |
ニュース |
BBC News - Home |
Gary Allen: Killer jailed for murdering two women 21 years apart |
https://www.bbc.co.uk/news/uk-england-57552189
|
sentence |
2021-06-23 16:16:15 |
ニュース |
BBC News - Home |
Covid-19 in the UK: How many coronavirus cases are there in my area? |
https://www.bbc.co.uk/news/uk-51768274
|
cases |
2021-06-23 16:03:02 |
ニュース |
BBC News - Home |
Covid vaccine: How many people in the UK have been vaccinated so far? |
https://www.bbc.co.uk/news/health-55274833
|
covid |
2021-06-23 16:36:56 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
違法コロナ治療薬を押収 米当局、メキシコへの密輸阻止 - WSJ発 |
https://diamond.jp/articles/-/274913
|
阻止 |
2021-06-24 01:11:00 |
北海道 |
北海道新聞 |
競泳金メダリストが単核症 イタリア・パルトリニエリ |
https://www.hokkaido-np.co.jp/article/559090/
|
自由形 |
2021-06-24 01:01:00 |
北海道 |
北海道新聞 |
新潟ご当地アイドル脅迫か 強要未遂容疑で男逮捕 |
https://www.hokkaido-np.co.jp/article/559089/
|
新潟県警 |
2021-06-24 01:01:00 |
Azure |
Azure の更新情報 |
General availability: Expansion of credit-based disk bursting to Azure Standard SSDs E30 and smaller |
https://azure.microsoft.com/ja-jp/updates/general-availability-expansion-of-creditbased-disk-bursting-to-azure-standard-ssds-e30-and-smaller/
|
General availability Expansion of credit based disk bursting to Azure Standard SSDs E and smallerCredit based disk bursting which allows you to handle unexpected disk traffic and batch jobs smoothly without the need to overprovision your disk is now available on Azure Standard SSDs E and smaller |
2021-06-23 16:00:50 |
Azure |
Azure の更新情報 |
Azure Database for PostgreSQL – Hyperscale (Citus) now offers server group restart feature in public preview |
https://azure.microsoft.com/ja-jp/updates/azure-database-for-postgresql-hyperscale-citus-now-offers-server-group-restart-feature-in-public-preview/
|
Azure Database for PostgreSQL Hyperscale Citus now offers server group restart feature in public previewThe restart server group capability is now available in preview for Hyperscale Citus on Azure Database for PostgreSQL a managed service running the Postgres open source database on Azure |
2021-06-23 16:00:50 |
Azure |
Azure の更新情報 |
Azure SQL—public preview updates for late June 2021 |
https://azure.microsoft.com/ja-jp/updates/azure-sql-public-preview-updates-for-late-june-2021/
|
azure |
2021-06-23 16:00:49 |
Azure |
Azure の更新情報 |
Azure Machine Learning public preview announcements for June 2021. |
https://azure.microsoft.com/ja-jp/updates/azure-machine-learning-public-preview-announcements-for-june-2021/
|
announcements |
2021-06-23 16:00:49 |
Azure |
Azure の更新情報 |
Azure SQL—general availability updates for late June 2021 |
https://azure.microsoft.com/ja-jp/updates/azure-sql-general-availability-updates-for-late-june-2021/
|
availability |
2021-06-23 16:00:49 |
Azure |
Azure の更新情報 |
Full text query in diagnostics logs for Azure Cosmos DB in general availability |
https://azure.microsoft.com/ja-jp/updates/full-text-query-in-diagnostics-logs-for-azure-cosmos-db-in-general-availability/
|
Full text query in diagnostics logs for Azure Cosmos DB in general availabilityUse self serve to enable disable full text query to deobfuscate your queries in diagnostic logs with the full text query for Azure Cosmos DB feature |
2021-06-23 16:00:48 |
Azure |
Azure の更新情報 |
Azure IoT Edge for Linux now generally available |
https://azure.microsoft.com/ja-jp/updates/azure-iot-edge-for-linux-now-generally-available/
|
Azure IoT Edge for Linux now generally availableLeverage existing Windows expertise and seamlessly connect Azure IoT Edge for Linux on Windows devices to Microsoft Azure and quickly bring cloud intelligence to your edge |
2021-06-23 16:00:46 |
GCP |
Cloud Blog |
Orchestrate Data Pipelines using Workflows |
https://cloud.google.com/blog/products/application-development/orchestrate-data-pipelines-using-workflows/
|
Orchestrate Data Pipelines using WorkflowsWhen working on data engineering problems the ability to manage execution control access operational information such as historical runs amp logs and restart jobs from the point of failure are critical aspects of the overall pipeline development One of the most common ways to achieve this in Google Cloud is using Cloud Composer based on Apache Airflow If you re looking for a serverless alternative you can use Workflows to create serverless work flows that link a series of tasks together in the order you define In this blog we ll use Workflows to orchestrate a Dataflow pipeline in GCP Let s get started What are Workflows A workflow is made up of a series of steps described using the Workflows syntax which can be written in either the YAML or JSON format This is the workflow s definition For a detailed explanation of the Workflows syntax see the Syntax reference page When a workflow is created it is deployed which makes the workflow ready for execution An execution is a single run of the logic contained in a workflow s definition Why Workflows Workflows are key to making developer experiences easier from a cost and efficiency standpoint Here are examples how Pay per use workflows scale to zero when not in use incurring no costs when it s idle Pricing is based on the number of steps in the workflow so you only pay if your workflow runs Serverless no underlying infrastructure for you to manage Workflows scales up automatically with no “cold start effect Well Integrated manage events across Google Cloud products or any HTTP based APIs including SaaS or private APIsLonger running operations serverless products such as Cloud Functionscan also be used to set up orchestration but it has a max duration of minutes which can be tricky for longer running workloads Workflows executions on the other hand are able to run for upto a year Built in error handling workflows s exception handling including automated HTTP call retries with exponential back offs custom error handlers and other advanced features help in developing and deploying workflows resilient and customize flows in the event of a failure Orchestrating data pipelines using WorkflowsBelow is the flow of our pipeline and corresponding steps Pipeline StepsIn this pipeline an input file lands in a GCS bucket A Dataflow job reads the data and stores it in BigQuery followed by a cloud function that is used to archive the file Detailed steps are outlined below A scheduled Cloud Scheduler triggers the Workflows jobWorkflows trigger a batch Dataflow job calling the create dataflow job task Dataflow job reads the input file from the ingestion GCS bucketAfter completion of data transformation the Dataflow job writes data to the BigQuery tableUpon completion of the Dataflow job Workflows triggers a Cloud Function call file archival function for archiving input fileCloud Function moves the input file from a processing to a processed Cloud Storage bucketCloud Scheduler to Trigger WorkflowIn this data pipeline a Cloud Scheduler job is utilized to trigger the Workflows execution Learn how to schedule a Workflow using Cloud Scheduler here The following gcloud command creates a Cloud Scheduler job that triggers your workflow using a service account for authentication The example below schedules the workflow to be executed every minutes Workflow YAMLKicking off the Dataflow job Triggering cloud function for archiving input file after successful processingWorkflow Job GraphIn this post we discussed how Workflow can be used in orchestrating data pipelines on GCP Workflows rapid scaling out of the box exception handling built in authentication and integration with Cloud Logging make it a great fit for serverless implementations Interested in exploring more Workflows use cases To get started with Workflows refer to our quick start guides and tutorials Also check out the newly released Workflow connectors with built in authentication and error handling that can be used to seamlessly integrate with Google Cloud APIs |
2021-06-23 17:00:00 |
コメント
コメントを投稿