投稿時間:2021-08-17 04:22:41 RSSフィード2021-08-17 04:00 分まとめ(27件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Compute Blog	Python 3.9 runtime now available in AWS Lambda	https://aws.amazon.com/blogs/compute/python-3-9-runtime-now-available-in-aws-lambda/	Python runtime now available in AWS LambdaYou can now create new functions or upgrade existing Python functions to Python Lambda s support of the Python runtime enables you to take advantage of improved performance and new features in this version Additionally the Lambda service now runs the init py code before the handler supports TLS and provides enhanced logging for errors	2021-08-16 18:27:25
python	Pythonタグが付けられた新着投稿 - Qiita	pytest で ModuleNotFoundError: No module named 'xxx' になる	https://qiita.com/kiyo27/items/442e1b3a36491c67b196	pytestでModuleNotFoundErrorNomodulenamedxxxxxになるpythonで簡単なアプリケーションを作成してtestコードを書こうとおもってpytestを使用したのですが、コンソールからpytestを実行するとModuleNotFoundErrorNomodulenamedxxxでエラーが発生。	2021-08-17 03:23:55
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Gradleのビルドに失敗	https://teratail.com/questions/354689?rss=all	Gradleのビルドに失敗IDEはSTSを使っています。	2021-08-17 03:28:13
Ruby	Rubyタグが付けられた新着投稿 - Qiita	Ruby組み込み変数一覧	https://qiita.com/shinzanmono/items/b70fefaa707e51b4a59a	Ruby組み込み変数一覧組み込み変数変数名内容最後に発生した例外に関する情報LOADEDFEATURESの別名現在実行中のRubyのプロセスIDampパターンマッチングでマッチした文字列パターンマッチングした部分より後ろの文字列パターンマッチングした部分より前の文字列ARGVの別名パターンマッチングした中で最後のに対応する文字列Arrayjoinのデフォルトの区切り文字列最後に読み込んだ入力ファイルの行番号入力レコードセパレータDefaultisnPROGRAMNAMEの別名パターンマッチングでにマッチした文字列nLOADPATHの別名Stringsplitのデフォルトの区切り文字列DefaultisnilltARGFの別名gtprintputspなどのデフォルト出力先DefaultisSTDOUT最後に終了した小プロセスのステータス最後に例外の発生した位置に関する情報出力レコードセパレータDefaultisnil最後にgetsメソッドで読み込んだ文字列パターンマッチングに関する情報DEBUGデバッグモードを指定するフラグFILENAMEARGFが現在読み込んでいるファイルの名前LOADEDFEATURESrequireで読み込まれたライブラリ一覧LOADPATHrequireがファイルを読み込むときの検索するディレクトリの名前PROGRAMNAME現在実行中のRubyスクリプトの名前SAFEセーフレベルDefaultisnilVERBOSE冗長モードを指定するフラグDefaultisfalse組み込み定数変数名内容ARGF引数、標準入力によって作られる仮装のファイルオブジェクトARGVコマンドライン引数の配列DATAEND移行のデータにアクセスするためのファイルオブジェクトENV環境変数RUBYCOPYRIGHT著作権情報を表す文字列RUBYDESCRIPTIONrubyvで表示される情報RUBYENGINERubyの処理系の実装の種類を表す文字列RUBYPATCHLEVELRubyの処理系のパッチレベルを表す文字列RUBYPLATFORM実行している環境CPUOSを表す文字列RUBYRELEASEDATERubyの処理系のリリース日を表す文字列RUBYVERSIONRubyのバージョン擬似変数変数名内容selfデフォルトのレシーバniltruefalseFILE実行中のRubyスクリプトのファイル名LINE実行中のRubyスクリプトの行番号ENCODINGスクリプトエンコーディング環境変数変数名内容RUBYLIBLOADPATHに追加するディレクトリ名RUBYOPTRubyを起動する際のデフォルトオプションRUBYPATHSオプションを指定してインタプリタ起動したときの検索パスHOMEDirchdirメソッドのデフォルトの移動先LOGDIRHOMEがないときのDirchdirメソッドのデフォルトの異動先PATH外部コマンドの検索パスLCALLLCCTYPELANGデフォルトのエンコーディングの決定に使用されるロケール情報付け足し多分、どっかのサイトからとってきてmarkdownにしたんだろうけど不明。	2021-08-17 03:00:56
Linux	Ubuntuタグが付けられた新着投稿 - Qiita	ModuleNotFoundError: No module named 'virtualenv.seed.via_app_data'	https://qiita.com/youichi_io/items/c1764f720c13ff05823c	なるほど、Anacondaを入れたせいでvirtualenvの設定が壊れたようだ。	2021-08-17 03:08:49
海外TECH	Ars Technica	Sonos gets early patent victory against Google smart speakers	https://arstechnica.com/?p=1787450	chromecast	2021-08-16 18:19:55
海外TECH	DEV Community	Sigstore: A Solution to Software Supply Chain Security	https://dev.to/martinheinz/sigstore-a-solution-to-software-supply-chain-security-163o	Sigstore A Solution to Software Supply Chain SecurityIn the recent months there s been a lot of noise in the area of supply chain security because of increase in attacks with notable ones like Microsoft Exchange Server Colonial pipeline or SolarWinds breach These attacks could have been prevented with proper tools in place yet finding the right tool for the job might be difficult as this area is hard to navigate and most of us developers aren t security experts Recently however a new project was announced that might solve a lot of problems for all of us It s name is sigstore and in this article we will look at what it does why we need it and how it fits into landscape of existing tools in this area sig what sigstore is a new kid on the block It s a project under CNCF umbrella that was donated to the foundation in March It s purpose is to provide software signing public good service Which means that it should become a software signing equivalent to Let s Encrypt sigstore however isn t just one tool or piece of software it s a collection of projects that aim to simplify software signing and transparency It s main components as of right now are fulcio rekor and cosign more details on those a bit later Now you might be asking Why do we actually need this software signing is not a new problem so there must be some solution already right Yes but signing software and maintaining keys is very difficult especially for non security folks and UX of existing tools such as PGP leave much to be desired That s why we need something like sigstore an easy to use software toolset for signing software artifacts Additionally there are couple of reasons why sigstore s solution is superior to tools like PGP that try to solve the same problem Unlike with other tools with sigstore you don t need to manage private keys You also don t have to understand ins and outs of security standards thanks to better UX sigstore also makes it simpler to manage revocations and with all this it still provides all the required features of software signing that being integrity non repudiation and authentication Bottom line is that sigstore aims to make artifact signing so simple that it can be done by default and transparently and is ubiquitous across all registries and artifact storages AlternativesFrom the above it might seem like sigstore is the tool that can solve it all but if you start googling around you will find plenty of great tools in supply chain security space Most of these tools however don t serve exactly the same purpose and they really are complementary to what sigstore is doing So let s also review rest of the landscape to see what else is out there One of the many tools you ll come across is The Update Framework TUF It s also part of CNCF and its purpose is specifically to protect the process of finding and downloading patches updates for some particular system e g YUM PyPI This system is suitable for artifacts that are meant to be distributed using an update system While talking about TUF it also makes sense to mention Notary which is an implementation of TUF specification It is most notably used in Docker Notary which provides the ability to use digital signatures for data sent to and received from remote Docker registries You can read more about Docker Content Trust here or can also try playing with docker trust command In case you might want to implement something like that then you can checkout this article for full demo Another great tool is in toto This tool isn t just for signing artifacts it rather produces attestations about how the software was produced Essentially verifying that each task in a pipeline was carried out as planned and therefore providing assurance that final product was not tampered with You can use in toto as part of Tekton Chains Finally I also want to mention Trillian which is a tamper evident log that stores an accurate immutable and verifiable history of activity This kind of log can be used for example to add tamper checking to a system simplify regulatory compliance or track modifications of documents sigstore also includes tamper evident log called rekor which is will talk about later There s much more we could talk about but that would take a while If you want to dig deeper then checkout CNCF Landscape page and more specifically Security and Compliance e g OPA and Key Management e g SPIFFE and SPIRE sections All of these tools have their pros and cons and could be combined and extended to provide stronger security For more details about this you can checkout document in sigstore s community repository see Further Work section ComponentsBefore we dig deeper into components of sigstore we first need to understand the basics of the signing process The basic steps are as follows Short lived code signing credentials a keypair are generated User authenticates with OpenID Connect OIDC provider such as Google or GitHub to verify ownership of email address and possession of previously generated keys If authentication is successful user receives code signing certificate Code signing certificate is published to transparency log so that it can be verified by others User signs an artifact e g container image using code signing certificate and their keypair Signature from the artifact is published to transparency log Short lived code signing credentials used to create signature are destroyed Signed artifact can be published e g on container registry Different explanation of the process can be also found on sigstore website in What is sigstore section Now that we have a better idea about how it all works let s look at all the components There are couple of things that apply to all of them namely they can and should run in cloud by default runs on Kubernetes Even though sigstore hosts a public good service you can take any of these components and host them yourself for example behind firewall and you also don t need to use all of the service but maybe just one of them for example just the transparency log server As for the individual components there are currently main pieces cosign is a container signing tool Its responsibility is to sign containers and publish that information to OCI registries In the above process that matches the steps and fulcio is a root CA for code signing certs Its job is to issue code signing certificates and to embed OIDC identity into code signing certificate From this description we can see that it performs these tasks in steps and rekor is the transparency log It s append only immutable ledger that serves as transparent source of truth of what was signed by whom Now in practice the above tools and services would be used in the following way to perform the signing process cosign generates an ephemeral keypair and requests code signing certificate from fulcio which then asks you to login with OIDC provider of your choice It uses the authentication to verify that you re owner of the ephemeral private key cosign will then retrieve container image manifest of the image you want to sign and will generate a signature using the key it previously generated Next cosign uploads the signature certificate and public key to registry Finally it sends the information to rekor which verifies the signature and adds entry into transparency log Here this entry includes the artifact digest signature and public key At this point ephemeral keypair can be deleted In addition to these pieces of software there also needs to be a monitoring service that checks the transparency log rekor for any anomalies Example of such anomaly could be if someone stole your password and used your OpenID identity to sign and publish an artifact which would be clear from the transparency log Finally there needs to a way to for example say who are the maintainers who are actually trusted to sign artifacts releases of some project This could be done e g using Open Policy Agent OPA and by maintaining list emails OpenID identities in the project repository and allowing to sign artifacts only the people in this list Closing ThoughtsThis kind of security practices are not exactly common right now and in some cases really neglected So the more people start using this the more likely it s to become the default process and good practice With that said at the time of writing sigstore is a very young project and is not yet production ready but it should be by the end of summer so very soon you might be able to put this knowledge to some good use and help the software supply chain be a bit more secure With all that said this article should serve as a primer on supply chain security and to give you a general idea about sigstore and in follow up article we will tackle the actual signing process in detail with hands on examples	2021-08-16 18:17:57
海外TECH	DEV Community	The cheat sheet about how display: flex and display: grid works	https://dev.to/melnik909/the-cheat-sheet-about-how-display-flex-and-display-grid-works-5188	The cheat sheet about how display flex and display grid worksFriends I made the cheat sheet that will help you learn how the CSS display property works You can learn what happens when you use display block display inline display flex and display grid P S If you like this post please share on TwitterI make free written accessibility review so that you don t make common mistakes If you re interested in that chat me on melnik ya ru or dev to direct Please specify the subject of the email Stas need help Friends I tell stories from my career on Substack Join my free newsletter if you re interested in my background or you want to get my updates firstP S S Thank you so much my sponsors Ben Rinehart Sergio Kagiema Jesse Willard Tanya Ten	2021-08-16 18:01:49
Apple	AppleInsider - Frontpage News	iCloud for Windows app updated with built-in Keychain password manager	https://appleinsider.com/articles/21/08/16/icloud-for-windows-app-updated-with-built-in-keychain-password-manager?utm_medium=rss	iCloud for Windows app updated with built in Keychain password managerApple has released a new version of the iCloud for Windows app that introduces a new built in password manager and an extension for syncing passwords across other devices Credit AppleThe password manager feature will allow Windows users to easily access and manage iCloud Keychain passwords on their PCs The feature also integrates with both Google Chrome and Microsoft Edge on Windows through the iCloud Passwords Extension Read more	2021-08-16 18:42:05
海外TECH	Engadget	Anonymous chat app Yik Yak is back from the dead	https://www.engadget.com/anonymous-chat-app-yik-yak-is-back-from-the-dead-183103824.html?src=rss	Anonymous chat app Yik Yak is back from the deadAnonymous messaging apps were all the rage back in the mid s Yik Yak one of the most popular of those back in the day shut down in but now it s back from the dead A new version has hit the iOS App Store Yik Yak is only available in the US and on iPhone for now as Mashable nbsp notes but it will expand to other regions and devices soon As before it s a message board app that connects you to other people in a five mile radius However that localized aspect plus the fact that users can post anonymously led to reports of widespread bullying and harassment and even bomb threats on Yik Yak at colleges high schools and elsewhere ICYMI After a year hiatus Yik Yak is available in the App Store again Anonymity location based the hot feed amp more everything you used to love about Yik YakNow available on iPhone in the US more countries and devices coming soon pic twitter com HUAKhelcAーYik Yak YikYakApp August The developers of the revived Yik Yak seem aware of the problem Along with mental health resources and guidance on staying safe the app s website lays out extensive quot community guardrails quot Yik Yak doesn t allow users to post personal information or engage in any kind of bullying harassment bigotry or threats Nor are users allowed to promote or encourage suicide or self harm quot Overly graphic violent depictions quot spam fake news dissuading others from voting in elections and trolling are also off limits Although community management is a tough nut to crack and anonymity adds an extra hurdle to enforcing rules outlawing a broad range of harmful content at the outset is a positive move After Yik Yak shut down in partly because many of its users moved to other apps like Snapchat Square bought some of the app s intellectual property and hired several engineers It s not yet clear who s behind the new version Although Yik Yak and fellow anonymous messaging app Secret closed shop image based Whisper has stuck around since That s despite Whisper having its own troubles to deal with such as exposing user info including identifiable location data in a database that was open to all for years	2021-08-16 18:31:03
海外TECH	Engadget	MIT developed a low-cost prosthetic hand that can help amputees feel again	https://www.engadget.com/mit-neuroprosthetic-inflatable-robotic-hand-181806396.html?src=rss	MIT developed a low cost prosthetic hand that can help amputees feel againThe field of neuroprosthetics has advanced significantly in recent years but the technology is still nowhere near accessible enough to make a difference in the lives of most amputees However a new development from MIT could change that In a joint project with Shanghai Jiao Tong University the school designed a neuroprosthetic that costs about in components It s an inflatable hand made from an elastomer called EcoFlex and looks a bit like Baymax from Big Hero The device foregoes electric motors in favor of a pneumatic system that inflates and bends its balloon like digits The hand can assume various grasps that allow an amputee to subsequently do things like pet a cat pour a carton of milk or even pick up a cupcake The device translates how its wearer wants to use it through a software program that quot decodes quot the EMG signals the brain sends to an injured limb The prosthetic weighs about half a pound and can even restore some sense of feeling for its user It does this with a series of pressure sensors When the wearer touches or squeezes an object they send an electric signal to a specific position on their amputated arm Another advantage of the arm is it doesn t take long to learn how to use it After about minutes two volunteers found they could write with a pen and stack checkers quot This is not a product yet but the performance is already similar or superior to existing neuroprosthetics which we re excited about quot said Professor Xuanhe Zhao one of the engineers who worked on the project quot There s huge potential to make this soft prosthetic very low cost for low income families who have suffered from amputation quot While we re a while away from seeing this tech in the real world the team behind the project is already working on improving the design They want to make it better at decoding electrical inputs and more customizable when it comes time for mass production	2021-08-16 18:18:06
海外TECH	CodeProject Latest Articles	ASP.NET Web API Parameter vs Model Binding	https://www.codeproject.com/Tips/1268090/ASP-NET-Web-API-Parameter-vs-Model-Binding	webapi	2021-08-16 18:52:00
ニュース	BBC News - Home	Another 200 UK troops sent to Kabul evacuation	https://www.bbc.co.uk/news/uk-58235707	afghan	2021-08-16 18:28:45
ニュース	BBC News - Home	Afghanistan: UK and US must protect Afghan activists - Malala	https://www.bbc.co.uk/news/uk-58237871	taliban	2021-08-16 18:30:32
ニュース	BBC News - Home	Mark Chilman jailed for murdering ex's new partner and setting body on fire	https://www.bbc.co.uk/news/uk-england-hereford-worcester-58233001	court	2021-08-16 18:01:26
ニュース	BBC News - Home	Jeff Bezos's space firm sues Nasa over SpaceX deal	https://www.bbc.co.uk/news/business-58235479	origin	2021-08-16 18:52:10
ニュース	BBC News - Home	Abject England lose to India in final hour	https://www.bbc.co.uk/sport/cricket/58235757	abject	2021-08-16 18:05:13
ニュース	BBC News - Home	England v India: India win thrilling second Test in final hour	https://www.bbc.co.uk/sport/av/cricket/58238207	England v India India win thrilling second Test in final hourWatch as England produce one of their worst home performances in recent memory to lose the second Test against India by runs at Lord s	2021-08-16 18:41:12
ニュース	BBC News - Home	England v India: Joe Root admits he could have done things differently after 151-run defeat	https://www.bbc.co.uk/sport/av/cricket/58238016	England v India Joe Root admits he could have done things differently after run defeatEngland captain Joe Root admits he could have done things differently in terms of tactics on the final day of the second Test against India which saw his side slump to a run defeat	2021-08-16 18:19:43
ビジネス	ダイヤモンド・オンライン - 新着記事	アフガン政権崩壊の早さ、米情報当局も予想外 - WSJ PickUp	https://diamond.jp/articles/-/278720	wsjpickup	2021-08-17 03:50:00
ビジネス	ダイヤモンド・オンライン - 新着記事	“テクノロジー解説本”人気の背景に見える、日本停滞の理由 - シリコンバレーの流儀	https://diamond.jp/articles/-/278579	日本企業	2021-08-17 03:45:00
ビジネス	ダイヤモンド・オンライン - 新着記事	株式市場にも電動キックボード戦争到来 - WSJ PickUp	https://diamond.jp/articles/-/278874	wsjpickup	2021-08-17 03:40:00
ビジネス	ダイヤモンド・オンライン - 新着記事	金信奉者・債券弱気派・アマゾン嫌いの共通項は？ - WSJ PickUp	https://diamond.jp/articles/-/279603	wsjpickup	2021-08-17 03:35:00
ビジネス	ダイヤモンド・オンライン - 新着記事	期待っていうのは、 持った瞬間 ほぼガッカリするのよ - 精神科医Tomyが教える １秒で幸せを呼び込む言葉	https://diamond.jp/articles/-/277800	期待っていうのは、持った瞬間ほぼガッカリするのよ精神科医Tomyが教える秒で幸せを呼び込む言葉人気シリーズ万部突破ベストセラー最新作『精神科医Tomyが教える秒で幸せを呼び込む言葉』は、やさしくも本質を見抜く言葉が、職場の人間関係や親子関係、仕事や家事で疲れた心を癒やし、一瞬で元気をチャージしてくれるある人は朝、ある人は夜、ある人は職場で、ページめくるだけの「心のサプリ」。	2021-08-17 03:30:00
ビジネス	ダイヤモンド・オンライン - 新着記事	東大病院長「がん治療の選択、相当数の患者が担当医に方針を任せている」 - がん治療選択	https://diamond.jp/articles/-/278950	東大病院	2021-08-17 03:20:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【人生がうまくいかない人必見！】「自分のあり方」次第で現実が変わる！ - 宇宙人が教える ポジティブな地球の過ごし方	https://diamond.jp/articles/-/279565	人間関係	2021-08-17 03:15:00
Azure	Azure の更新情報	Placement polices now in public preview for Azure VMware Solution	https://azure.microsoft.com/ja-jp/updates/placement-polices-now-in-public-preview-for-azure-vmware-solution/	Placement polices now in public preview for Azure VMware SolutionPlacement policies enable admins to specify constraints or rules when allocating Virtual Machines within an Azure VMware Solution private cloud With this update the creation and assignment of vSphere Distributed Resource Scheduler DRS rules for running Virtual Machines in an Azure VMware Solution SDDC has been simplified and is now executable directly from the Azure Portal for cloud admin roles	2021-08-16 18:32:55