| AWS |
AWS News Blog |
Welcome to AWS Storage Day 2021 |
https://aws.amazon.com/blogs/aws/welcome-to-aws-storage-day-2021/
|
Welcome to AWS Storage Day Welcome to the third annual AWS Storage Day During Storage Day and the first ever Storage Day we made many impactful announcements for our customers and this year will be no different The one day free AWS Storage Day virtual event will be hosted on the AWS channel on Twitch You ll hear from … |
2021-09-02 15:57:49 |
| AWS |
AWS News Blog |
New – Amazon EFS Intelligent-Tiering Optimizes Costs for Workloads with Changing Access Patterns |
https://aws.amazon.com/blogs/aws/new-amazon-efs-intelligent-tiering-optimizes-costs-for-workloads-with-changing-access-patterns/
|
New Amazon EFS Intelligent Tiering Optimizes Costs for Workloads with Changing Access PatternsAmazon Elastic File System Amazon EFS offers four storage classes two Standard storage classes Amazon EFS Standard and Amazon EFS Standard Infrequent Access EFS Standard IA and two One Zone storage classes Amazon EFS One Zone and Amazon EFS One Zone Infrequent Access EFS One Zone IA Standard storage classes store data within and across multiple availability zones AZ … |
2021-09-02 15:41:02 |
| AWS |
AWS News Blog |
How to Accelerate Performance and Availability of Multi-region Applications with Amazon S3 Multi-Region Access Points |
https://aws.amazon.com/blogs/aws/s3-multi-region-access-points-accelerate-performance-availability/
|
How to Accelerate Performance and Availability of Multi region Applications with Amazon S Multi Region Access PointsBuilding multi region applications allows you to improve latency for end users achieve higher availability and resiliency in case of unexpected disasters and adhere to business requirements related to data durability and data residency For example you might want to reduce the overall latency of dynamic API calls to your backend services Or you might … |
2021-09-02 15:40:33 |
| AWS |
AWS News Blog |
Amazon S3 Intelligent-Tiering – Improved Cost Optimizations for Short-Lived and Small Objects |
https://aws.amazon.com/blogs/aws/amazon-s3-intelligent-tiering-further-automating-cost-savings-for-short-lived-and-small-objects/
|
Amazon S Intelligent Tiering Improved Cost Optimizations for Short Lived and Small ObjectsIn we first launched Amazon S Intelligent Tiering S Intelligent Tiering For customers managing data across business units teams and products unpredictable access patterns are often the norm With the S Intelligent Tiering storage class S automatically optimizes costs by moving data between access tiers as access patterns change Today we re pleased to announce two updates to … |
2021-09-02 15:39:39 |
| AWS |
AWS News Blog |
New – Amazon FSx for NetApp ONTAP |
https://aws.amazon.com/blogs/aws/new-amazon-fsx-for-netapp-ontap/
|
New Amazon FSx for NetApp ONTAPBack in I wrote about the first two members of the Amazon FSx family of fully managed highly reliable and highly performant file systems Amazon FSx for Lustre and Amazon FSx for Windows File Server Both of these services give you the ability to use popular open source and commercially licensed file systems without having to deal with … |
2021-09-02 15:38:56 |
| AWS |
AWS Security Blog |
Top 10 security best practices for securing data in Amazon S3 |
https://aws.amazon.com/blogs/security/top-10-security-best-practices-for-securing-data-in-amazon-s3/
|
Top security best practices for securing data in Amazon SWith more than trillion objects in Amazon Simple Storage Service Amazon S and an almost unimaginably broad set of use cases securing data stored in Amazon S is important for every organization So we ve curated the top controls for securing your data in S By default all S buckets are private and can … |
2021-09-02 15:49:53 |
| AWS |
AWS |
S3 Multi-Region Access Points Introduction |
https://www.youtube.com/watch?v=Vs1ARGsf8WI
|
S Multi Region Access Points IntroductionWatch a short introduction to Amazon S Multi Region Access Points a new Amazon S feature to accelerate performance by up to when accessing data sets that are replicated across multiple AWS Regions Based on AWS Global Accelerator S Multi Region Access Points consider factors like network congestion and the location of the requesting application to dynamically route your requests over the AWS network to the lowest latency copy of your data This automatic routing allows you to take advantage of the global infrastructure of AWS while maintaining a simple application architecture Learn more about S Multi Region Access Points at Subscribe More AWS videos More AWS events videos AWS S |
2021-09-02 15:57:25 |
| AWS |
AWS |
Introduction to Amazon FSx for NetApp ONTAP - Demo | Amazon Web Services |
https://www.youtube.com/watch?v=JcKsOUYoJYA
|
Introduction to Amazon FSx for NetApp ONTAP Demo Amazon Web ServicesAmazon FSx for NetApp ONTAP is a storage service that allows you to launch and run fully managed NetApp ONTAP file systems on AWS In this demo you will learn how to set up an FSx for ONTAP file system in minutes FSx for ONTAP provides the familiar features performance capabilities and APIs of NetApp file systems with the agility scalability and simplicity of a fully managed AWS service Learn more about Amazon FSx for NetApp ONTAP at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AmazonFSx AWS AmazonWebServices CloudComputing |
2021-09-02 15:51:12 |
| AWS |
AWS |
Amazon FSx for NetApp ONTAP Overview | Amazon Web Services |
https://www.youtube.com/watch?v=2MefyahWOq4
|
Amazon FSx for NetApp ONTAP Overview Amazon Web ServicesAmazon FSx for NetApp ONTAP is a storage service that allows you to launch and run fully managed NetApp ONTAP file systems on AWS It provides the familiar features performance capabilities and APIs of NetApp file systems with the agility scalability and simplicity of a fully managed AWS service Amazon FSx for NetApp ONTAP offers high performance file storage that s broadly accessible from Linux Windows and macOS compute instances via the industry standard NFS SMB and iSCSI protocols It enables you to use ONTAP s widely adopted data management capabilities like snapshots clones and replication with the click of a button Amazon FSx for NetApp ONTAP provides low cost storage capacity that s fully elastic and virtually unlimited in size and supports compression and deduplication to help you further reduce your storage costs Learn more about Amazon FSx for NetApp ONTAP at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AmazonFSx AWS AmazonWebServices CloudComputing |
2021-09-02 15:50:46 |
| AWS |
AWS |
Explore Amazon FSx for NetApp ONTAP with Bill Vass and Anthony Lye | Amazon Web Services |
https://www.youtube.com/watch?v=AvhUry2OBws
|
Explore Amazon FSx for NetApp ONTAP with Bill Vass and Anthony Lye Amazon Web ServicesWatch AWS and NetApp leaders discuss the first complete fully managed NetApp ONTAP file system in the cloud making it easy for you to run applications on AWS without changing your application code or how you manage your data Learn more about Amazon FSx for NetApp ONTAP at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AmazonFSx AWS AmazonWebServices CloudComputing |
2021-09-02 15:49:56 |
| AWS |
AWS Security Blog |
Top 10 security best practices for securing data in Amazon S3 |
https://aws.amazon.com/blogs/security/top-10-security-best-practices-for-securing-data-in-amazon-s3/
|
Top security best practices for securing data in Amazon SWith more than trillion objects in Amazon Simple Storage Service Amazon S and an almost unimaginably broad set of use cases securing data stored in Amazon S is important for every organization So we ve curated the top controls for securing your data in S By default all S buckets are private and can … |
2021-09-02 15:49:53 |
| python |
Pythonタグが付けられた新着投稿 - Qiita |
第9回 アンテナ解析の初歩(Pythonプログラム付き) |
https://qiita.com/epppJones/items/3fad9bbbcd4828c2fd1f
|
|
2021-09-03 00:07:24 |
| js |
JavaScriptタグが付けられた新着投稿 - Qiita |
Angularでのrxjsを用いたモーダル共通化 |
https://qiita.com/masasami/items/6b59bd01164bc91d6b5a
|
Angularでのrxjsを用いたモーダル共通化はじめにAngularに標準で入っているrxjsライブラリを使用してモーダルを共通化することができます一つだけモーダルを作っておき、あとはメソッドを呼び出して表示したいタイトル、内容を引数に渡すだけです最終的な成果物は動画↓のようになりますモーダルの状態を司るサービスの作成srcappservicesmodalservicetsimportInjectablefromangularcoreimportSubjectfromrxjsInjectableprovidedInrootexportclassModalServiceprivatesubjectSubjectlttitlestringbodystringnullgtnewSubjectconstructorgetsubjectreturnthissubjectopenModaltitlestringbodystringthissubjectnexttitlebodycloseModalthissubjectnextnullモーダルコンポーネントの作成srcappcomponentsmodalcomponenthtmlltdivngIfactiveclassgrayoutgtltmaingtltheadergttitleltheadergtltsectiongtbodyltsectiongtltfootergtltbuttonclickcloseModalgtOKltbuttongtltfootergtltmaingtltdivgtcomponentsmodalcomponentscssgrayoutpositionfixedtopleftbackgroundcolorwidthvwheightvhdisplayflexalignitemscenterjustifycontentcentermainwidthpxheightpxbackgroundcolorffffffborderradiuspxdisplayflexflexdirectioncolumnheadertextaligncentermarginborderradiuspxpxcolorffffffbackgroundcolordheightpxlineheightpxsectionflexpaddingpxfooterheightpxdisplayflexpaddingpxbuttonmarginleftautosrcappcomponentsmodalcomponenttsimportComponentOnInitOnDestroyfromangularcoreimportModalServicefromsrcappservicesmodalserviceimportSubscriptionfromrxjsComponentselectorappmodaltemplateUrlmodalcomponenthtmlstyleUrlsmodalcomponentscssexportclassModalComponentimplementsOnInitOnDestroyactivefalseモーダルの表示、非表示を切り替える変数titlebodysubscriptionSubscriptionconstructorprivatemodalServiceModalServicesubscribeで購読し、タイトル内容が流れてきた時はモーダルを表示。 |
2021-09-03 00:38:06 |
| js |
JavaScriptタグが付けられた新着投稿 - Qiita |
配列を操作するforEachとmapの違い |
https://qiita.com/ke-ta29/items/40d1b6461ba28622f1c6
|
constarray適切arrayforEachelgtconsolelogelわざわざこう書く意味はないarraymapelgtconsolelogelどちらも出力は配列の生成はmapしかできない逆に新たな配列を生成した時、forEachは使えません。 |
2021-09-03 00:17:48 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
AmazonのSelling Partner API(SP-API)にて403エラーが発生してしまう |
https://teratail.com/questions/357498?rss=all
|
AmazonのSellingPartnerAPISPAPIにてエラーが発生してしまう前提・実現したいことAmazonのSPAPIを用いて新規注文の確認を行おうとしています。 |
2021-09-03 01:00:09 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
pandas_datareaderでstooqから株価データを取得できなくなった |
https://teratail.com/questions/357497?rss=all
|
pandasdatareaderでstooqから株価データを取得できなくなった前提・実現したいことpandasdatareaderでstooqから株価データを取得していたのですが、突然取得できなくなりました。 |
2021-09-03 00:30:46 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
RailsのMailerの設定 「毎週月曜日のam9:00に先週一週間(月〜日曜日)に取得した案件数を自動でメールする」という機能を実装したい |
https://teratail.com/questions/357496?rss=all
|
RailsのMailerの設定「毎週月曜日のamに先週一週間月日曜日に取得した案件数を自動でメールする」という機能を実装したい前提・実現したいことrails初学者です。 |
2021-09-03 00:18:39 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
C言語 コンパイルと実行を同時に行う |
https://teratail.com/questions/357495?rss=all
|
C言語コンパイルと実行を同時に行うC言語初心者です。 |
2021-09-03 00:09:48 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
ランキングの並び順がおかしくなる[Unity&NCMB] |
https://teratail.com/questions/357494?rss=all
|
ランキングの並び順がおかしくなるUnityampNCMBUnityのゲームん内でレートの高い順の全国ランキングを実装しいているのですが開くとぐらいの確率で並び順が滅茶苦茶になっています。 |
2021-09-03 00:04:48 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
GAS キーワードからセル名取得 |
https://teratail.com/questions/357493?rss=all
|
dopost |
2021-09-03 00:04:12 |
| Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
サブクラスにおけるインスタンス生成の際の宣言名について(「java言語で学ぶデザインパターン入門」の第3章のサンプルプログラムに関する質問) |
https://teratail.com/questions/357492?rss=all
|
サブクラスにおけるインスタンス生成の際の宣言名について「java言語で学ぶデザインパターン入門」の第章のサンプルプログラムに関する質問java言語における以下のプログラムに関する質問です。 |
2021-09-03 00:01:55 |
| AWS |
AWSタグが付けられた新着投稿 - Qiita |
基本的なブログサービスを構築してみました(シングル構成) |
https://qiita.com/kazukikazuki/items/928fff3ce552c0bb2378
|
①VPC②IAM③EC④RDS⑤RDS今回は、その成果物としてパブリックサブネットに構築したECにwordpressをインストールしてみたいと思います。 |
2021-09-03 00:15:25 |
| golang |
Goタグが付けられた新着投稿 - Qiita |
Go のパスワードバリデーションの正規表現で肯定的先読みができない場合の対処法 |
https://qiita.com/syoimin/items/b3923fea6070b0a3df8f
|
javascriptの場合肯定的先読みがサポートされているjsなどでは例えば、少なくとも文字以上大文字の英字が含まれている正規表現は下記のようにかけます。 |
2021-09-03 00:18:03 |
| Git |
Gitタグが付けられた新着投稿 - Qiita |
特定のコミットを取り込むcherry-pickの使い方 |
https://qiita.com/nnnobuo/items/bb908b78a93216eaa10d
|
特定のコミットを取り込むcherrypickの使い方cherrypickとは通常別ブランチの内容を取り込む場合はmergeを利用するケースがほとんどだと思います。 |
2021-09-03 00:15:14 |
| 海外TECH |
Ars Technica |
WhatsApp fined $267M for not telling users how it shared data with Facebook |
https://arstechnica.com/?p=1791588
|
countries |
2021-09-02 15:48:42 |
| 海外TECH |
DEV Community |
Hard Career Decisions: The Time I Left A Good Job For a Great Reason |
https://dev.to/bradstondev/hard-career-decisions-the-time-i-left-a-good-job-for-a-great-reason-o04
|
Hard Career Decisions The Time I Left A Good Job For a Great ReasonGrowing up I always heard adults talking about having to make difficult decisions that they didn t want to make May it be financial decisions relationship decisions or career decisions As a kid that didn t make much sense If adults had ANY power it was to do whatever they want It was easy to think that way as a kid Adults tell you what to do and they can do whatever they want to do so life must be easier If only that was true If only I could have my cake and eat it too Well a few years ago I had to make a very difficult adult decision that I didn t want to As you may know from one of my previous posts I got my first tech job at IBM and I was doing pretty well Not only was a progressing from a promotion stand point but I was enjoying working at IBM and was actually getting a chance to work in Game Development that s right Game Development But even though things were going well some changes within and outside of my control happened and I realized that I might have to make a decision that I didn t want to A Decision to leave the Big Blue So let me give you a brief backstory on why this was such a difficult decision and why I made this decision even though I did not want to NOTE For the sake of time I m going to condense quite a few things that happened I don t imagine you guys want all the details so I ll keep it concise BUT if you do feel you d like more detail maybe I can write another blog post or maybe make a video detailing it a bit more ️This tale all started in June of Prior to this moment I had made a pretty large transition in my career going from a Degreed Mechanical Engineer to an aspiring Game developer As I was working on this transition I had gotten a lot of good advice and I decided that I would take a move that would put me in a career path that would be Career Adjacent to being in the Game Development industry What I mean by Career Adjacent is that I would take a job that was not in the Game Development industry BUT a job that would allow me to work on a lot of the skills I would need to be successful in the Game Development Industry So for me that meant that I wanted to take an entry level programming coding job that would build my technical and overall development skills In June I was blessed with an entry level Mobile developer position at IBM and I honestly couldn t have been happier One of the REALLY cool parts of taking the role was that I was going to get a great opportunity to be trained and to learn In a literal sense I had the opportunity to take classes in person and virtual and gain certifications before I even started my first true development project I cannot explain how much of an impact that made on my skill development And by the time I started working on my first project I felt incredibly equipped to perform successfully and to be a meaningful member of my project team Just a snapshot of one of the Design Thinking Workshops we would hold at the Baton Rouge Center These were HUGE opportunities to learn new things and connect with peopleOver the next two to three years I grew so much I learned new technologies took on new challenges and maybe most impact fully I had mentors Not just development coding mentors but career mentors Men and women who I could easily ask any question or share any concern that would selflessly take time out of their schedule to give me guidance and direction Honestly there is almost no way I would be where I am now without the mentors I have had throughout the years And as a person who has worked many different type of jobs mentorship is not the common in the workplace If I would applaud IBM for one thing it would be the culture that they create for allowing and encouraging mentorship To many of the people who helped me it was almost a no brainer for them to pour into me and IBM as corporation lauded their efforts and made it easy for them to do so Along with mentorship and career skill development I had stumbled upon one of the greatest gifts while taking the career adjacent opportunity Game Development Yes while working at IBM as a Mobile Developer I was able to for more than a year work full time on game development projects There is soooo much I could say on this period of time and how much joy it brought me but for now I will leave it at that One of the many prototypes I made during my game dev project This was an Augmented Reality based project This tech was eventually used in full length AR experienceSide Note Now that I am writing this blog I feel like maybe I should share the tale of how this happened and all the interesting people I was able to work alongside and the projects and technologies I was able to work with Though I was really enjoying working in Game Dev full time and was doing a ton I was realizing some hard truths about my career aspirations and the things I may need to do to accomplish my ultimate career goals The most significant hard truth was me coming to the realization on how growth in our lives really works I will actually use a great quote from the former CEO of IBM Ginny Rommety because I think she expresses it beautifully I learned to always take on things I d never done before Growth and comfort do not coexist Ginny RommetyNow the interesting thing was that early into my career at IBM I recall someone sharing this quote with me but at the time it didn t really click But as I was doing what I love Game Development at a company that has truly treated me so well I realized I was comfortable Not only was I comfortable I wasn t challenging myself and I wasn t allowing myself to be truly challenged I think this realization really hit me when having a regular check up with my manager at the time Dean Side Note Dean was one of the BEST managers I have EVER had He s an absolute Boss in the best way Dean one of my former managers wearing a jerseys of his favorite team after they beat his Saints The picture on the right is me doing a favor for him as the Falcons have NEVER lost to the Saints Dean was just asking me general questions about how my current project was going and seeing how I was feeling Dean knew I really enjoyed working on the project because I was doing game development but I think Dean also knew that I wasn t growing As we spoke Dean said something that really changed my perspective and took me back a bit He said something along the lines of Sounds like you re really enjoying the project Do you feel like your gaining new skills that will help you in your future Now If you recall what I said earlier game development was my main goal in even taking a programming job so naturally the answer had to be Yes But as I took an honest moment to consider his question something dawned on me something I m sure Dean already knew That even though I was doing what I WANTED I wasn t gaining the skills and experience that I NEEDED Like one of those flashback from a movie where the person remembers all small things another character said that revealed the secret they were always looking for the question shook something loose It made it clear to me that though I was doing game development and enjoying the moment that when the moment passed I might not have the skills I needed to excel in the future So what do I mean by that Essentially what I was doing was too comfortable I develop these games I could take on these creative projects but I wasn t really advancing my skills As many of you probably already know the technology industry which game development is a part of evolves quickly And the skills that I was using at the time were not evolving with the industry around me The best way to put it is that if for some reason if I were to have lost my job at the moment I probably would have found it very difficult to find another job with the skills I possessed So with that realization now uncovered Dean and I discussed a plan of me moving away from this particular project though I enjoyed what I was doing to allow me to gain skills that I needed to progress in my career long term To take on a role that made me uncomfortable so that I really could grow At this point things were looking up I had direction I had come to some great realizations and I had the support system to push me to the goals I had But two things occurred that would eventually make me make the difficult decision to leave IBM and pursue other opportunities NOTE So as a lot of things go in my life there is a long story behind these events At this juncture I won t get into the details for the sake of time but essentially these are the two events happened that brought me to this career precipice The first was that the project s that I had comfortably been working on for quite a long time was coming to an end and simultaneously disallowed me from joining a project that might have been a good fit for me career progression There are a lot of nuances to what happened but it put me in an odd place Essentially there was another project that I was planning to join non game development but because of some miscommunications I was unable to leave my game development project to join it But because the game development project was ending in the near future I was not going to have a new project to move to after it was done So because of the timing of all of these events I was in a weird space without a project to work on The second was that around the same time it just so happened projects with the particular skills I wanted to grow mobile skills were becoming few and far between And that meant there was a chance that I might end up joining a project where I d be gaining new skills and growing but not necessarily in the direction I was aiming for With the combinations of those two things my next decisions were going to be tough So after my game development project ended me and Dean discussed what was next and we found a project that seemed like a good fit for me and would give me the experience that I was looking for Unfortunately it ended up that the project wouldn t need me in the capacity I was hoping for and that I would be transitioning into a completely different non development role a role as a business analyst At the time I was thinking to myself Now there is nothing wrong with being a Business Analyst No it s not what I ve been doing and not what I m really going for in the long run BUT there is a chance I ll get back into development work in the future And you never know I might be good at being a Business Analyst Matter of fact given the circumstances This role will be pretty comfortable And that word popped up again Comfortable Was I just doing the same thing again Pursuing comfort over growth Was I taking the easy route in order to keep things the way that they were I knew the answer to that question and I bet as you read this now you know what the answer was too So in a bold step knowing the circumstances and that I would be on this comfortable project if I stayed with IBM I began to look for another job outside of IBM Not long after looking I found an opportunity with a start up and took the position I specifically remember having a conversation with Dean about why I was leaving and if there any way I would consider staying and I remember having to say there wasn t any I remember saying it had nothing to do with IBM or the people but that it was about me pursuing what was best for me career wise It was such a tough decision because of all of the friendships I had made the bonds I had formed and skills I had learned IBM had really been the place where I had grown up as a professional And now I had to go Some pictures from those years at IBM So many great memories and awesome friends made along the wayIt was a hard decision but I know without a shadow of a doubt it was the right decision Though it was a farewell to all that I had come to know it was the beginning of a new chapter in my career journey But you know what Life had a funny way of working things out and as of this writing I am back at IBM I guess things came back full circle Thanks for reading my story All the best on your future endeavors Bradston Henry FOLLOW ME ON SOCIAL MEDIA Twitter Bradston DevDev to bradstondev Youtube Bradston YTLinkedIn Bradston Henry Credits Cover Photo Stock Image provided by Frameangel from Pond |
2021-09-02 15:31:04 |
| 海外TECH |
DEV Community |
Signing Software The Easy Way with Sigstore and Cosign |
https://dev.to/martinheinz/signing-software-the-easy-way-with-sigstore-and-cosign-kde
|
Signing Software The Easy Way with Sigstore and CosignSigning software artifacts has many obvious benefits such as code integrity or developer author authentication Yet it s oftentimes neglected creating a software ripe for supply chain attacks One of the reasons why people can t be bothered to sign their code is that existing tools such as PGP aren t very user friendly and require extensive security and or cryptography knowledge Signing software can be easy though thanks to sigstore and its cosign CLI In this article we will learn how cosign works and integrates with other sigstore components fulcio and rekor More importantly we will learn how to use it to sign container image the easy way both with and without keys as well how we can use it to verify produced signatures and integrity of the signed software Note This is a hands on followup to my previous article Sigstore A Solution to Software Supply Chain Security which explains what s sigstore and how its components work Setting UpBefore we sign anything we first need all the CLI tools for each of sigstore s components that is cosign fulcio and rekor The first of them cosign which we need to actually sign anything can be installed as binary or as Docker image For the for first option download the appropriate binary from release page and put it somewhere in your PATH Additionally considering that we re dealing with security tooling it s recommended to verify authenticity and integrity of the binary You can do that using the commands shown on release page If you prefer to use Docker image then you can use the following skopeo inspect docker gcr io projectsigstore cosign v Name gcr io projectsigstore cosign Digest sha edfcdafadbbacdcbedbacede docker pull gcr io projectsigstore cosign v docker run rm gcr io projectsigstore cosign v USAGE cosign flags lt subcommand gt For the second component fulcio we won t need to install anything because we will be using the public instance of fulcio The public good service is available at and API documentation can be found here Lastly there s rekor and its CLI called rekor cli Same as with fulcio we don t need to install rekor as it s available at along with the Swagger definition here We will however want to install the CLI so that we interact with the rekor server The binaries are available in GitHub release page If you re on linux you can use the following wget O rekor cli chmod x rekor cli Move it into PATH directory rekor cliRekor command line interface toolUsage rekor command And again as mentioned with cosign you should be careful with what binaries you re using Therefore you might want to verify rekor cli binary using the process outlined here The Hard WayWith all the tools ready we can start signing artifacts To get better understanding about what goes on under covers we will first try doing it the hard way that is without all the fancy tools First we will need an artifact For this demo we will use hello world Docker image created using following Dockerfile FROM alpine ENTRYPOINT echo Hello sigstore We however cannot sign the image itself instead we will sign its digest Generate artifactdocker build t dockerhub username sigstore hello Generate artifact digest for signingcosign generate martinheinz sigstore hello gt artifactNext we need an ephemeral keypair to sign the digest with We can use cosign commands for this but considering that this is the hard way let s use openssl directly openssl ecparam genkey name primev gt ec private pem Create keypair same as cosign generate key pair openssl ec in ec private pem pubout gt ec public pem Extract public key same as cosign public key Now we re ready to sign it and while we re at it we can also verify the signature Sign artifact digest same as cosign sign openssl dgst sha sign ec private pem artifact gt artifact sig Verify using public keyopenssl dgst sha verify ec public pem signature artifact sig artifactVerified OKNow that we signed the artifact with our private key we want to have a proof that we were the ones who really did it For this we need code signing certificate from fulcio To get it we have to authenticate with OIDC provider to get an ID token which serves as proof of our identity for fulcio After that we sign our email address which we used to authenticate using the previously used private key We do this to prove that we have possession of the private key at the time of signing Finally we ask fulcio for code signing certificate by giving it ID token as form of authorization the signed email address and our public key Get token from OIDC provider Store ID token in id token file Sign email address to prove possession of private key echo martin heinz gmail com gt emailopenssl dgst sha sign ec private pem email gt email sig Submit token public key and signed email to fulciocurl X POST H Authorization Bearer cat id token H accept application pem certificate chain H Content Type application json d publicKey content base ec public pem algorithm ecdsa signedEmailAddress base email sig One problem with this hard way approach is that it s not really feasible to simulate the authentication and retrieval of ID token Therefore in the above snippet this step is omitted and we skip directly to submitting everything to fulcio Alternatively you could also skip the interaction with fulcio entirely and use your public key instead This approach is shown in pkixx Next we can proceed with uploading the record to the transparency log rekor Here we show both the option with our public key and signing certificate from fulcio When using the certificate from fulcio we can also delete the keypair as we no longer need it Delete keypair if using signing certificate from fulcio rm rf ec private pem ec public pemrekor cli upload artifact artifact signature artifact sig public key ec public pem pki format x With our public key rekor cli upload artifact artifact signatire artifact sig public key sigingCertChain pem pki format x With cert from fulcioCreated entry at index available at Inspect entrycurl jq rekor cli get uuid fbfdafccfbeedfefaeeeffe In addition to the upload we can also check presence of the record in transparency log Above snippet uses both rekor cli and curl to directly access the public API All that s left to do is upload the signature to the registry to be stored alongside container image Upload to Docker Hubcosign upload blob f artifact sig index docker io martinheinz sigstore hello new signature sigUploading file from artifact sig to index docker io martinheinz sigstore hello new signature sig with media type application octet stream File artifact sig is available directly at index docker io v martinheinz sigstore hello blobs sha affbfbcfcdbaebfadfeffeceddaacecb Uploaded image to index docker io martinheinz sigstore hello sha cfabdaeebafbdfcfdfaeaThat s it We have signed our image and added record of it to transparency log This approach would work but no one probably wants to do this on a daily basis so let s see how the proper tools can make this easy The Easy WayThe hard way wasn t really hard but it gets much easier if we use the tools provided cosign generate key pairEnter password for private key Enter again Private key written to cosign keyPublic key written to cosign pub We already uploaded signature in previous step so upload is set to false herecosign sign key cosign key upload false martinheinz sigstore hello gt file sigEnter password for private key You can later upload the signaturecosign attach signature signature file sig martinheinz sigstore helloAll we need to do is generate a keypair and then sign the artifact Upon signing cosign automatically uploads the signature to the registry where the image is located In the above example we chose not to upload the signature and just save it to a file because we did sign it in the previous section already If we later decided to upload it anyway then we can do it with cosign attach as shown above It s also worth pointing out that as of right now cosign version the above snippet will not upload the data to rekor transparency log for that to work we would need to set COSIGN EXPERIMENTAL so for example COSIGN EXPERIMENTAL cosign sign key cosign key There are also other ways to use cosign to sign artifacts depending on your use case and workflow These are described in detail in usage page in GitHub Keyless Even easier than the easy way is using the keyless method where only ephemeral keys are used meaning you don t need to generate and maintain your own keys COSIGN EXPERIMENTAL cosign sign oidc issuer fulcio url rekor url docker io martinheinz sigstore hello latestGenerating ephemeral keys Retrieving signed certificate Your browser will now be opened to online amp client id sigstore amp code challenge tlog entry created with index Pushing signature to index docker io martinheinz sigstore hello sha afcfedddaecadbfbfcbdcfaaddd sigAll we need to do is run cosign sign with COSIGN EXPERIMENTAL set to while at the same time omitting the key argument In the above example we also specified endpoints of OIDC provider fulcio server and rekor server these are the default values of the public good services provided by sigstore so they can be omitted but are shown here for clarity and to highlight which services are being accessed used You could also replace those with your own instances that would make sense if you wanted to run everything behind a firewall Verify EverythingNow that we signed the artifact in all the ways possible we should also try verifying it otherwise what would be the point of signing it in the first place right First let s take the outputs of signing the image digest the hard way For that we can use rekor cli rekor cli verify artifact artifact signature artifact sig public key ec public pem pki format xrekor cli verify artifact artifact signature artifact sig public key sigingCertChain pem pki format xHere we have cases if we signed the artifact with our public key then we use that when verifying On the other hand if we used the signing cert provided by fulcio we would use that in place of the public key Next up is the verification using cosign which is suitable for the basic signing with keys All we need to do is run cosign verify providing the key and image URL cosign verify key cosign pub docker io martinheinz sigstore hello latest jq Finally for the keyless method we can do essentially the same as above but we need to add the experimental flag and we can skip the key argument COSIGN EXPERIMENTAL cosign verify docker io martinheinz sigstore hello latestVerification for docker io martinheinz sigstore hello latest The following checks were performed on each of these signatures The cosign claims were validated Existence of the claims in the transparency log was verified offline Any certificates were verified against the Fulcio roots Closing ThoughtsIn this article I tried to outline and explain the basic use cases and approaches for signing container images using sigstore and more specifically cosign There are however many more options and features of cosign which might be useful to you such as working with other types of artifacts using hardware tokens or signing git commits so I encourage you to mess with the tool and see what else you can use it for A lot of these options are described in very well written usage documentation here so make sure to check that out too Also if you want to dig even deeper you can checkout sigstore the hard way which is a guide to setting everything up for scratch including fulcio CA and rekor transparency log server |
2021-09-02 15:10:28 |
| 海外TECH |
DEV Community |
KAOSS! Fun with Web Audio |
https://dev.to/madsstoumann/kaoss-fun-with-web-audio-3gb9
|
KAOSS Fun with Web AudioI used to carry my “Korg Kaossilator around with me For those of you who don t know what that is it s a small portable synthesizer with a large touch based XY controller This week I ve been working on a generic XY controller for both pointer devices and keyboards It was meant to be for a “Color Picker but I ended up making this instead I m working on a larger article about XY controllers where I will showcase the “Color Picker but for now please have fun with the simplified JavaScript version of “Kaossilator The XY controller is still work in progress so I haven t added scroll position fixes to the script yet Please open it in fullscreen mode on Codepen to avoid scrolling within the iframe Keyboard user The XY Controller can also be operated with a keyboard When the point ring has focus press Space to toggle the sound on or off and use the Arrow keys to move around Press and hold Shift while using the Arrow keys to move the point ring with a larger increment Pick the Sine wave first and “allpass if you want to play the theme from “Doctor Who Happy jamming |
2021-09-02 15:06:47 |
| 海外TECH |
DEV Community |
Create a Netflix clone from Scratch: JavaScript PHP + MySQL Day 38 |
https://dev.to/cglikpo/create-a-netflix-clone-from-scratch-javascript-php-mysql-day-38-382e
|
Create a Netflix clone from Scratch JavaScript PHP MySQL Day Netflix provides streaming movies and TV shows to over million subscribers acrossthe globe Customers can watch as many shows movies as they want as long as they areconnected to the internet for a monthly subscription fee of about ten dollars Netflix producesoriginal content and also pays for the rights to stream feature films and shows In this video we will be creating the entity PageIf you like my work please considerso that I can bring more projects more articles for youIf you want to learn more about Web Development feel free to follow me on Youtube |
2021-09-02 15:05:13 |
| Apple |
AppleInsider - Frontpage News |
Best Deals September 2 - $139 Apple TV 4K, $8 Marvel movies, and more! |
https://appleinsider.com/articles/21/09/02/best-deals-september-2---139-apple-tv-4k-8-marvel-movies-and-more?utm_medium=rss
|
Best Deals September Apple TV K Marvel movies and more Thursday s best deals include a Apple TV K K UHD Marvel movies more than off EVGA keyboards and more Deals Thursday September Shopping online for the best discounts and deals can be an annoying and challenging task So rather than sifting through miles of advertisements check out this list of sales we ve hand picked just for the AppleInsider audience Read more |
2021-09-02 15:34:29 |
| Apple |
AppleInsider - Frontpage News |
Amazon's best Labor Day Apple deals: $99 Apple Pencil 2, $100 off M1 iPad Pro, more |
https://appleinsider.com/articles/21/09/01/septembers-best-deals-on-amazon-deliver-99-apple-pencil-2-100-off-m1-ipad-pro-more?utm_medium=rss
|
Amazon x s best Labor Day Apple deals Apple Pencil off M iPad Pro moreFresh Apple deals are in effect at Amazon this September with double digit and triple digit savings on M MacBooks the latest iPad Pro AirPods Apple TVs and even the Apple Pencil Apple Pencil back on sale for Matching the lowest price we ve seen Amazon has the nd Generation Apple Pencil on sale for with units in stock and ready to ship Compatible with the latest M iPad Pro and the th Generation iPad Air the stylus is a handy assistant for students artists and business professionals alike Read more |
2021-09-02 15:30:25 |
| 海外TECH |
Engadget |
YouTube Premium and Music now have 50 million subscribers combined |
https://www.engadget.com/youtube-premium-music-50-million-subscribers-154109155.html?src=rss
|
YouTube Premium and Music now have million subscribers combinedIt didn t take long for YouTube to claim another milestone for its music services although its significant isn t quite so clear The Google owned brand said it had racked up a combined million YouTube Premium and Music subscribers roughly a year and a half after reaching the million mark It s also the quot fastest growing quot music subscription service according to YouTube s music chief Lyor Cohen Certain markets were stronger than others Cohen touted quot impressive growth quot in Brazil India Japan Russia and South Korea He didn t provide numbers for those countries or the US nbsp That figure still makes YouTube smaller than Spotify which claimed million Premium subscribers as of June Apple hasn t divulged its Music subscriber numbers since June when it had million while Amazon last touted million Music customers only some of them paying for Unlimited in January Still these figures in isolation would suggest YouTube is quickly becoming a major force in music streaming There are concerns about the claims though YouTube didn t indicate how many were Music or Premium subscribers or how they used it While you get YouTube Music with a Premium subscription that doesn t mean you re using Premium for music ーyou might just want to get rid of ads and download videos YouTube s tally also includes people using free trials so the number of paying customers is likely lower Samsung offers two to four months of free YouTube Premium access with new phones for instance but many of those users will drop Premium after the trial is over The data still hints competition in the music streaming world is heating up with relatively small outfits like YouTube and Amazon Music posing more of a threat to incumbents like Spotify and Apple However it could take a long while before YouTube is large enough to make the heavyweights nervous |
2021-09-02 15:41:09 |
| 海外TECH |
Engadget |
Dining inside Park Row, London's DC Comics-themed restaurant |
https://www.engadget.com/dc-comics-park-row-london-gotham-restaurant-review-153100566.html?src=rss
|
Dining inside Park Row London x s DC Comics themed restaurantThere s no Bat signal roaming the ceiling of the cavernous Park Row no golden lasso or tiara under a glass case no Green Lantern cocktail heavy on the creme de menthe For a DC Comics endorsed restaurant it s light on the cringe theme restaurant tropes But there s some spectacle ーand a lot of love for DC ーhidden beneath all the fine trappings Opening earlier this month in the center of London Park Row is pitched as a dining experience that takes you to Gotham without the need to wear a costume In fact the restaurant s FAQ notes “Dress more Bruce than Batman and there s actually a ban on people cosplaying inside the venue I ve visited both tech laced and themed restaurants for work and pleasure and Park Row feels a little different in that it seems entirely made for grown ups The idea is simple enough DC universe meets fine dining with an immersive high tech experience inside the Monarch Theater named after where Batman s parents were shot as the showstopper event Bookable in advance its £ tasting menu is a barrage of themed courses that guide patrons through the heroes and villains of DC Mat Smith EngadgetAdding some high tech bells and whistles to restaurants isn t anything new There are several restaurants and pop ups that have played with projection mapping meant to showcase and amplify the food on the plates dining rooms with carefully set dressed courses and lurid surroundings The Monarch Theater is all of it put together in a single room When it s not showtime it looks like well a conference room A long white room with a long white table in the middle Aside from the projectors dotted around the ceiling it doesn t look like a room built for immersive superhero dining I can t tell you every beat of the multi course experience because I didn t actually get to test it when I visited Seating customers there are two services each day Post launch the team has since expanded the Monarch Theater part for four sittings per day The team wants to keep some of the courses mystique but I can touch on some of the showpiece parts The glossy plain table betrays what s been packed inside Park Row doesn t use projectors for embellishing the dishes or the food I m told by a spokesperson that this would distract from the food itself Instead the projectors send diners barreling into insane asylum padded cells that vertiginously rotate making light fittings all pile together in a corner I m quickly shown the same room coated in neon graffiti then wrapped in ivy vines and a final vista high in the clouds Any DC Comics dilettante can assume which characters these projections point to But it goes on from there The unassuming conference table ironically Cisco was apparently involved with connecting everything together hides more secrets Two rails run across the center of the table making it easier to transform the table when it comes to the Poison Ivy course which centers around a platter of plants which seem to be a mix of living and artificial Within this serving staff dress the logs and plants with drinks mysterious edibles and things that I d call nibbles but I probably shouldn t Some of them are borderline hidden which seems to be by design Below these rails a heating element runs the length of the table Customers are given a playing card during an earlier course and are told to lay this on the table As the experience progresses the card reacts to the heat of the table revealing a secret message to each diner There are other tricks that aren t entirely revealed to me including a floating plate trick that I ll have to book my own reservation to see Mat Smith EngadgetOutside of the Monarch Theater Park Row is split up into several different zones all serving the same food menu ーmodern European ーin a different facet of a fictional Gotham dining scene From the entrance modeled after Wayne Manor you descend a glowing staircase inspired by a Batcave through a vapor emitting door frame into Pennyfeathers a whiskey bar named after Alfred Bruce Wayne s long serving butler Beyond that the Iceberg Lounge has a frozen penguin statue towering the bar while to the left the Rogue s Gallery is curated by Catwoman decorated with reproductions of some of the world s most famous stolen art pieces each one marked by a rogue from DC s back catalog of villains One of these artworks bizarrely doubles as a drinks decanter Now get ready for a deep cut ーit s the same painting used in the Batman movie DC fans can probably easily discern which villain has marked each painting but it s the nods like this that elevate the whole thing for fans that are able to recall everything Ordering the fish and chips will result in a blue tinged piece of battered fish ーhinting at when the Joker poisoned Gotham Harbour The most egregious nod might be the dessert menu One dish is called Kiss from A Rose A little on the nose but only because everything else is so subtle There are a few molecular gastronomy tricks too like edible balloons and freeze dried popcorn that billow smoke out your mouth as you crunch It s these touches that add to the ambiance and fun of the place and defuses the impression that Park Row may take itself a little too seriously for something based on comic book source material Even the restrooms are a playful tribute to the Joker and his minions all neon signs and bright lights while paintings around the restaurants give oblique nods to Gotham and its residents The menus too have little symbols that represent DC villains These touches are there if you look for them but they re not obvious ーwhich is good for those of us that don t want to see anything more superhero related ever again I think the point is you could bring a date who has zero interest in the DC universe and capes and they d think it s a glossy central London restaurant Fortunately the food should be good enough to stand on its own with an executive chef from a Michelin starred restaurant The restaurateur behind it all is known for his work with Heston Blumenthal s Fat Duck The food has the credentials ーand prices ーto ensure even if you couldn t care less about DC at least you ll have a good meal and a ridiculous cocktail or two |
2021-09-02 15:30:00 |
| 海外TECH |
Engadget |
FTC bans spyware company SpyFone and its CEO from the surveillance industry |
https://www.engadget.com/ftc-spyware-company-spyfone-surveillance-industry-151300900.html?src=rss
|
FTC bans spyware company SpyFone and its CEO from the surveillance industryThe Federal Trade Commission has banned spyware maker SpyFone and its CEO Scott Zuckerman from operating in the surveillance industry The company has also been ordered to delete the data it allegedly illegally obtained and to inform targets of the stalkerware apps that the software had been covertly installed on their Android devices The FTC claims SpyFone quot secretly harvested and shared data on people s physical movements phone use and online activities through a hidden device hack quot It says SpyFone sold real time access to that information which could have enabled domestic abusers and stalkers to track their targets Some of those who bought the spyware were allegedly able to see live locations of devices and view targets emails photos web browsing history text messages and video calls The agency says SpyFone gave its customers instructions on how to install the app secretly and ensure the device user was unaware their activity was being monitored The spyware had to gain root access to devices for some functions which the FTC said quot could expose the device to security risks quot What s more SpyFone allegedly didn t secure the data it harvested The FTC contends that the company didn t have basic security measures in place quot The stalkerware apps security deficiencies include not encrypting personal information it stored including photos and text messages failing to ensure that only authorized users could access personal information and transmitting purchasers passwords in plain text quot the agency said That enabled a hacked to obtain personal data of around people in according to the FTC Commissioners voted unanimously to ban SpyFone and Zuckerman from the surveillance industry Specifically the company and its CEO are prohibited from quot offering promoting selling or advertising any surveillance app service or business quot In the FTC banned Retina X Studios from promoting and selling spyware apps unless it was able to prove the services were only being used for legitimate purchases This time around the agency is letting the public comment on the SpyFone and Zuckerman decision Commissioner Rohit Chopra said in a statement that the FTC action doesn t absolve SpyFone and Zuckerman from any criminal liability quot While this action was worthwhile I am concerned that the FTC will be unable to meaningfully crack down on the underworld of stalking apps using our civil enforcement authorities quot Chopra wrote quot I hope that federal and state enforcers examine the applicability of criminal laws including the Computer Fraud and Abuse Act the Wiretap Act and other criminal laws to combat illegal surveillance including the use of stalkerware quot |
2021-09-02 15:13:00 |
| 海外科学 |
NYT > Science |
House Committees Demand F.D.A. Records on Alzheimer’s Drug Approval |
https://www.nytimes.com/2021/09/02/health/aduhelm-fda.html
|
committee |
2021-09-02 15:22:45 |
| 金融 |
RSS FILE - 日本証券業協会 |
PSJ予測統計値 |
https://www.jsda.or.jp/shiryoshitsu/toukei/psj/psj_toukei.html
|
統計 |
2021-09-02 16:00:00 |
| 金融 |
RSS FILE - 日本証券業協会 |
株券等貸借取引状況(週間) |
https://www.jsda.or.jp/shiryoshitsu/toukei/kabu-taiw/index.html
|
貸借 |
2021-09-02 15:30:00 |
| 金融 |
ニュース - 保険市場TIMES |
太陽生命、新テレビCMの放映開始 |
https://www.hokende.com/news/blog/entry/2021/09/03/010000
|
|
2021-09-03 01:00:00 |
| ニュース |
ジェトロ ビジネスニュース(通商弘報) |
新型コロナ禍で医療情報管理のアウトソーシングサービスが急成長 |
https://www.jetro.go.jp/biznews/2021/09/6e7d5498a2abc517.html
|
情報管理 |
2021-09-02 15:40:00 |
| ニュース |
ジェトロ ビジネスニュース(通商弘報) |
大統領候補者2人の立候補登録が取り消しに |
https://www.jetro.go.jp/biznews/2021/09/b75b17953ba294ad.html
|
取り消し |
2021-09-02 15:30:00 |
| ニュース |
ジェトロ ビジネスニュース(通商弘報) |
逼迫する航空貨物輸送、ジェトロが米国物流セミナー開催 |
https://www.jetro.go.jp/biznews/2021/09/6b9a0e4722b9a5ec.html
|
航空貨物 |
2021-09-02 15:20:00 |
| ニュース |
ジェトロ ビジネスニュース(通商弘報) |
新型コロナ抗原検査キットの生産開始 |
https://www.jetro.go.jp/biznews/2021/09/6eca4959bcdd304f.html
|
生産 |
2021-09-02 15:10:00 |
| ニュース |
BBC News - Home |
Religious groups fail children over sexual abuse - report |
https://www.bbc.co.uk/news/uk-58420270?at_medium=RSS&at_campaign=KARANGA
|
wales |
2021-09-02 15:12:20 |
| ニュース |
BBC News - Home |
Claudia Lawrence search: Sand Hutton lake drained by police |
https://www.bbc.co.uk/news/uk-england-york-north-yorkshire-58420931?at_medium=RSS&at_campaign=KARANGA
|
disappearance |
2021-09-02 15:25:12 |
| ニュース |
BBC News - Home |
Dutch Grand Prix: Kimi Raikkonen says Formula 1 'has never been my life' |
https://www.bbc.co.uk/sport/formula1/58371856?at_medium=RSS&at_campaign=KARANGA
|
Dutch Grand Prix Kimi Raikkonen says Formula x has never been my life x Kimi Raikkonen says Formula has never been my life in his first interview since announcing his retirement from the sport |
2021-09-02 15:08:54 |
| ビジネス |
不景気.com |
DHCが韓国から撤退、不買運動が影響し苦戦も - 不景気.com |
https://www.fukeiki.com/2021/09/dhc-pullout-korea.html
|
不買運動 |
2021-09-02 15:03:32 |
| 北海道 |
北海道新聞 |
千年前、房総に未知の大津波襲来 M8級巨大地震で、痕跡残る |
https://www.hokkaido-np.co.jp/article/585217/
|
巨大地震 |
2021-09-03 00:04:00 |
| 北海道 |
北海道新聞 |
神戸、路上で男女が血流し倒れる 北区の住宅街、意識なし |
https://www.hokkaido-np.co.jp/article/585216/
|
神戸市北区星和台 |
2021-09-03 00:03:00 |
| 北海道 |
北海道新聞 |
3カ月長男を殴り死なせた疑い 23歳の母逮捕、高松市 |
https://www.hokkaido-np.co.jp/article/585215/
|
香川県警 |
2021-09-03 00:02:00 |
コメント
コメントを投稿