投稿時間:2021-09-25 21:20:22 RSSフィード2021-09-25 21:00 分まとめ(24件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
python	Pythonタグが付けられた新着投稿 - Qiita	数理計画（python②）	https://qiita.com/diver_tomo2002/items/4ca457c88a3d5ce4f562	数理計画python②いろいろ見てると、pythonlulpではなくpythonMIPの方が良いとの記述を見かけたので調べてみた。	2021-09-25 20:15:00
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	numba を型指定してnopython=Trueで実行したい	https://teratail.com/questions/361287?rss=all	numbaを型指定してnopythonTrueで実行したい前提・実現したいことnumbaをnopythonTrueで使用したいが、引数の指定の仕方がよくわからない。	2021-09-25 20:59:57
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	初心者です。画像の表示について	https://teratail.com/questions/361286?rss=all	初心者です。	2021-09-25 20:59:35
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	SQLで作成した2次元配列が1次元配列として扱われてしまう	https://teratail.com/questions/361285?rss=all	SQLで作成した次元配列が次元配列として扱われてしまう発生している問題MySQLを用いてログから順位を作成し、それをPHPを用いて表示させようとしている。	2021-09-25 20:40:03
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	暗号化したデータの完全一致検索	https://teratail.com/questions/361284?rss=all	暗号化したデータの完全一致検索CakePHPを使用して暗号化したデータをMySQL上に保存し、暗号化したデータの完全一致検索を行いたいと考えています。	2021-09-25 20:39:47
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	rubyでattr_accesorやattr_readerをあえて使わないでgetterを自作する場合ってどんなメリットがあるんですか？	https://teratail.com/questions/361283?rss=all	rubyでattraccesorやattrreaderをあえて使わないでgetterを自作する場合ってどんなメリットがあるんですか以下みたいなコードをよく見るんですが。	2021-09-25 20:27:19
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	GooglePlayをスクレイピングしても200個ある要素のうち、50個しか取得できない	https://teratail.com/questions/361282?rss=all	GooglePlayをスクレイピングしても個ある要素のうち、個しか取得できない前提・実現したいことGooglePlayのゲーム売上げランキングをスクレイピングで取得して表示するアプリを考えております。	2021-09-25 20:17:34
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	【JavaScript】ImageDataをdrawImageで描画する方法	https://teratail.com/questions/361281?rss=all	drawimage	2021-09-25 20:03:57
Git	Gitタグが付けられた新着投稿 - Qiita	Gitの基本コマンドをまとめてみた	https://qiita.com/taddy_korokoro/items/c24a43c097f23e693d0b	gitdiffワーキングディレクトリとステージングエリアの比較add前gitdiffstagedステージングエリアとローカルリポジトリの比較add後gitstatusとの違い・コマンドによって比較対象が異なる・具体的にどのような変更がされたのか確認することができるワーキングディレクトリとステージングエリアの比較add前filetxtにdiffと追加で記述した場合diffgitafileAtxtbfileAtxtindexbaeedeafileAtxt変更前のファイルbfileAtxt変更後のファイル行追加されたことを示していますHelloworldmodifiedAaddNonewlineatendoffileadddiff追加した内容が表示されますNonewlineatendoffile以前記述したaddもaddと新たに追加した内容として表示されています。	2021-09-25 20:51:54
Ruby	Railsタグが付けられた新着投稿 - Qiita	Rails: assets pipelineでrequire_tree . から特定のファイルを除く	https://qiita.com/kazutosato/items/c20c3f3c9eb09bfa8a7f	appassetsstyleseetsapplicationcssrequirefontawesomerequiretreerequireselfstubadminappassetsstyleseetsadmincssrequiretreeadmin注意する点は、admincssおよびadmincssがrequireしているCSSに、applicationcssで使っているものが含まれると、それも除かれることです。	2021-09-25 20:23:12
海外TECH	Ars Technica	A new formula may help black patients’ access to kidney care	https://arstechnica.com/?p=1798361	black	2021-09-25 11:22:23
海外TECH	DEV Community	What are HTTP Security Headers and how to config them?	https://dev.to/smartscanner/what-are-http-security-headers-and-how-to-config-them-m3g	What are HTTP Security Headers and how to config them HTTP Headers are a great booster for web security with easy implementation Proper HTTP headers can prevent security vulnerabilities like Cross Site Scripting Click jacking Packet sniffing and information disclosure In this article we ll take a quick look at all security related HTTP headers and the recommended configurations Below are the main sections of this document Security headers listImplementation of HTTP headers in Nginx Apache PHP etc Testing of HTTP headers in your websiteReferencesThe source for this document is available on GitHub Your contributions are most welcome to complete it and keep it updated Security Headers X Frame OptionsThe X Frame Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a lt frame gt lt iframe gt lt embed gt or lt object gt Sites can use this to avoid click jacking attacks by ensuring that their content is not embedded into other sites RecommendationDo not allow displaying of the page in a frame X Frame Options DENY X XSS ProtectionThe HTTP X XSS Protection response header is a feature of Internet Explorer Chrome and Safari that stops pages from loading when they detect reflected cross site scripting XSS attacks RecommendationEnable XSS filtering and prevent browsers from rendering pages if an attack is detected X XSS Protection mode block X Content Type OptionsThe X Content Type Options response HTTP header is used by the server to prevent browsers from guessing the media type MIME type This is known as MIME sniffing in which the browser guesses the correct MIME type by looking at the contents of the resource The absence of this header might cause browsers to transform non executable content into executable content RecommendationX Content Type Options nosniff Referrer PolicyThe Referrer Policy HTTP header controls how much referrer information sent via the Referer header should be included with requests RecommendationSend everything to the same site but only the origin for other sites Referrer Policy strict origin when cross originNOTE This is the default in modern browsers Content TypeThe Content Type representation header is used to indicate the original media type of the resource before any content encoding is applied for sending RecommendationContent Type text html charset UTF NOTE the charset attribute is necessary to prevent XSS in HTML pagesNOTE the text html can be any of the possible MIME types Set CookieThe Set Cookie HTTP response header is used to send a cookie from the server to the user agent so the user agent can send it back to the server later To send multiple cookies multiple Set Cookie headers should be sent in the same response RecommendationSet Cookie name value Secure HttpOnly SameSite StrictNOTE The Domain attribute has been removed intentionally Strict Transport SecurityThe HTTP Strict Transport Security response header often abbreviated as HSTS lets a website tell browsers that it should only be accessed using HTTPS instead of using HTTP RecommendationEnable HTTPS only access for the site and sub domains Strict Transport Security max age includeSubDomains preload Expect CTThe Expect CT header lets sites opt in to reporting and or enforcement of Certificate Transparency requirements to prevent the use of misissued certificates for that site from going unnoticed RecommendationEnforce Certificate Transparency for hours Expect CT max age Content Security PolicyContent Security Policy CSP is an added layer of security that helps to detect and mitigate certain types of attacks including Cross Site Scripting XSS and data injection attacks These attacks are used for everything from data theft to site defacement to distribution of malware RecommendationRestrict most of the resource types to the same site and subdomains of yourdoamin comContent Security Policy default src self yourdomain com block all mixed content font src self https data img src self data blob object src none script src attr none style src self https unsafe inline upgrade insecure requests WARNING Inline script elements and inline script event handlers like onload will stop working with the above header This is required to neutralize XSS attacks Access Control Allow OriginThe Access Control Allow Origin response header indicates whether the response can be shared with requesting code from the given origin RecommendationUse or specific domain names Access Control Allow Origin Cross Origin Opener PolicyThe HTTP Cross Origin Opener Policy COOP response header allows you to ensure a top level document does not share a browsing context group with cross origin documents RecommendationIsolates the browsing context exclusively to same origin documents HTTP Cross Origin Opener Policy same origin Cross Origin Resource PolicyThe Cross Origin Resource Policy CORP header allows you to control the set of origins that are empowered to include a resource It is a robust defense against attacks like Spectre as it allows browsers to block a given response before it enters an attacker s process RecommendationLimit current resource loading to the site and sub domains only Cross Origin Resource Policy same site Cross Origin Embedder PolicyThe HTTP Cross Origin Embedder Policy COEP response header prevents a document from loading any cross origin resources that don t explicitly grant the document permission using CORP or CORS RecommendationA document can only load resources from the same origin or resources explicitly marked as loadable from another origin Cross Origin Embedder Policy require corpNOTE you can bypass it by adding the crossorigin attribute like below lt img src crossorigin gt ServerThe Server header describes the software used by the origin server that handled the request ーthat is the server that generated the response RecommendationRemove this header or set non informative values Server webserver X Powered ByThe X Powered By header describes the technologies used by the webserver This information exposes the server to attackers Using the information in this header attackers can find vulnerabilities easier RecommendationRemove all X Powered By headers X AspNet VersionProvides information about the NET version RecommendationDisable sending this header Review the ASP NET Version Disclosure issue for details X AspNetMvc VersionProvides information about the NET version RecommendationDisable sending this header Review the ASP NET Version Disclosure issue for details X DNS Prefetch ControlThe X DNS Prefetch Control HTTP response header controls DNS prefetching a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document including images CSS JavaScript and so forth RecommendationThe default behavior of browsers is to perform DNS caching which is good for most websites If you do not control links on your website you might want to set off as a value to disable DNS prefetch to avoid leaking information to those domains Public Key Pins The HTTP Public Key Pins response header is used to associate a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates RecommendationThis header is deprecated Use Expect CT instead Origin Agent Cluster X Permitted Cross Domain PoliciesAdobe only default safe X Download OptionsIE Only Adding Http Headers in Different Technologies PHPBelow sample code sets the X XSS Protection header in PHP header X XSS Protection mode block ApacheBelow htaccess sample configuration sets the X XSS Protection header in Apache lt IfModule mod headers c gt Header set X XSS Protection mode block lt IfModule gt IISAdd below configurations to your Web config in ISS to send the X XSS Protection header lt system webServer gt   lt httpProtocol gt    lt customHeaders gt      lt add name X XSS Protection value mode block gt    lt customHeaders gt   lt httpProtocol gt lt system webServer gt HAProxyAdd the below line to your font end listen or backend configurations to send the X XSS Protection headerhttp response set header X XSS Protection mode block NginxBelow sample configuration sets the X XSS Protection header in Nginx add header X XSS Protection mode block ExpressYou can use helmet to setup HTTP headers in Express Below code is sample for adding the X Frame Options header const helmet require helmet const app express Sets X Frame Options SAMEORIGIN app use  helmet frameguard    action sameorigin   Testing Proper Implementation of Security Headers Mozilla ObservatoryThe Mozilla Observatory is an online tool that you can check your website s header status SmartScannerSmartScanner has a dedicated test profile for testing security of HTTP headers Online tools usually test the homepage of the given address But SmartScanner scans the whole website So you can make sure all of your web pages have the right HTTP Headers in place ReferencesMozilla X Frame OptionsMozilla X XSS Protectionhstspreload orgMozilla Strict Transport SecurityMozilla Content TypeMozilla Expect CTMozilla Referrer PolicyMozilla Set Cookiecontent security policy comMozilla Access Control Allow OriginMozilla Cross Origin Opener Policyresourcepolicy fyiMozilla Cross Origin Resource PolicyMozilla Cross Origin Embedder PolicyMozilla Server Header	2021-09-25 11:37:52
海外TECH	DEV Community	Budgie React	https://dev.to/yashdatir/budgie-react-2loo	Budgie ReactHey guys m creating a new package Budgie React which is a CLI boilerplate creator for ReactJS Will appreciate comments also would like if anyone is ready to collaborate Thanks	2021-09-25 11:11:36
海外TECH	DEV Community	Spring Data — Transactional Caveats	https://dev.to/kirekov/spring-data-transactional-caveats-19di	Spring Data ーTransactional CaveatsSpring is the most popular Java framework It has lots of out of box solutions for web security caching and data access Spring Data especially makes the life of a developer much easier We don t have to worry about database connections and transaction management The framework does the job But the fact that it hides some important details from us may lead to hard tracking bugs and issues So let s deep dive into Transactional annotation Default Rollback BehaviourAssume that we have a simple service method that creates users during one transaction If something goes wrong it throws java lang Exception Servicepublic class PersonService Autowired private PersonRepository personRepository Transactional public void addPeople String name throws Exception personRepository saveAndFlush new Person Jack Brown personRepository saveAndFlush new Person Julia Green if name null throw new Exception name cannot be null personRepository saveAndFlush new Person name Purple And here is a simple unit test SpringBootTest AutoConfigureTestDatabaseclass PersonServiceTest Autowired private PersonService personService Autowired private PersonRepository personRepository BeforeEach void beforeEach personRepository deleteAll Test void shouldRollbackTransactionIfNameIsNull assertThrows Exception class gt personService addPeople null assertEquals personRepository count Do you think the test will pass or not Logic tells us that Spring should roll back the transaction due to an exception So personRepository count ought to return right Well not exactly expected lt gt but was lt gt Expected Actual That requires some explanations By default Spring rolls back transaction only if an unchecked exception occurs The checked ones are treated like restorable In our case Spring performs commit instead of rollback That s why personRepository count returns The easiest way to fix it is to replace a checked exception with an unchecked one e g NullPointerException Or else we can use the annotation s attribute rollbackFor For example both of these cases are perfectly valid Servicepublic class PersonService Autowired private PersonRepository personRepository Transactional rollbackFor Exception class public void addPeopleWithCheckedException String name throws Exception addPeople name Exception new Transactional public void addPeopleWithNullPointerException String name addPeople name NullPointerException new private lt T extends Exception gt void addPeople String name Supplier lt extends T gt exceptionSupplier throws T personRepository saveAndFlush new Person Jack Brown personRepository saveAndFlush new Person Julia Green if name null throw exceptionSupplier get personRepository saveAndFlush new Person name Purple SpringBootTest AutoConfigureTestDatabaseclass PersonServiceTest Autowired private PersonService personService Autowired private PersonRepository personRepository BeforeEach void beforeEach personRepository deleteAll Test void testThrowsExceptionAndRollback assertThrows Exception class gt personService addPeopleWithCheckedException null assertEquals personRepository count Test void testThrowsNullPointerExceptionAndRollback assertThrows NullPointerException class gt personService addPeopleWithNullPointerException null assertEquals personRepository count Rollback on Exception SuppressingNot all exceptions have to be propagated Sometimes it is acceptable to catch it and log information about it Suppose that we have another transactional service that checks whether the person can be created with the given name If it is not it throws IllegalArgumentException Servicepublic class PersonValidateService Autowired private PersonRepository personRepository Transactional public void validateName String name if name null name isBlank personRepository existsByFirstName name throw new IllegalArgumentException name is forbidden Let s add validation to our PersonService Service Slfjpublic class PersonService Autowired private PersonRepository personRepository Autowired private PersonValidateService personValidateService Transactional public void addPeople String name personRepository saveAndFlush new Person Jack Brown personRepository saveAndFlush new Person Julia Green String resultName name try personValidateService validateName name catch IllegalArgumentException e log error name is not allowed Using default one resultName DefaultName personRepository saveAndFlush new Person resultName Purple If validation does not pass we create a new person with the default name Ok now we need to test it SpringBootTest AutoConfigureTestDatabaseclass PersonServiceTest Autowired private PersonService personService Autowired private PersonRepository personRepository BeforeEach void beforeEach personRepository deleteAll Test void shouldCreatePersonWithDefaultName assertDoesNotThrow gt personService addPeople null Optional lt Person gt defaultPerson personRepository findByFirstName DefaultName assertTrue defaultPerson isPresent But the result is rather unexpected Unexpected exception thrown org springframework transaction UnexpectedRollbackException Transaction silently rolled back because it has been marked as rollback onlyThat s weird The exception has been suppressed Why did Spring roll back the transaction Firstly we need to understand the Transactional management approach Internally Spring uses the aspect oriented programming pattern Skipping the complex details the idea behind it is to wrap an object with the proxy that performs the required operations in our case transaction management So when we inject the service that has any Transactional method actually Spring puts the proxy Here is the workflow for the defined addPeople method The default Transactional propagation is REQUIRED It means that the new transaction is created if it s missing And if it s present already the current one is supported So the whole request is being executed within a single transaction Anyway there is a caveat If the RuntimeException throws out of the transactional proxy Spring marks the current transaction as rollback only That s exactly what happened in our case PersonValidateService validateName throws IllegalArgumentException Transactional proxy tracks it and sets on the rollback flag Later executions during the transaction have no effect because they ought to be rolled back in the end What s the solution There are several ones For example we can add noRollbackFor attribute to PersonValidateService Servicepublic class PersonValidateService Autowired private PersonRepository personRepository Transactional noRollbackFor IllegalArgumentException class public void validateName String name if name null name isBlank personRepository existsByFirstName name throw new IllegalArgumentException name is forbidden Another approach is to change the transaction propagation to REQUIRES NEW In this case PersonValidateService validateName will be executed in a separate transaction So the parent one will not be rollbacked Servicepublic class PersonValidateService Autowired private PersonRepository personRepository Transactional propagation Propagation REQUIRES NEW public void validateName String name if name null name isBlank personRepository existsByFirstName name throw new IllegalArgumentException name is forbidden Possible Kotlin IssuesKotlin has many common things with Java But exception management is not the case Kotlin eliminated the idea of checked and unchecked exceptions Basically any exception in the language is unchecked because we don t need to specify throws SomeException in the method declaration The pros and cons of this decision should be a topic for another story But now I want to show you the problems it may bring with Spring Data usage Let s rewrite the very first example of the article with java lang Exception in Kotlin Serviceclass PersonService Autowired private val personRepository PersonRepository Transactional fun addPeople name String personRepository saveAndFlush Person Jack Brown personRepository saveAndFlush Person Julia Green if name null throw Exception name cannot be null personRepository saveAndFlush Person name Purple SpringBootTest AutoConfigureTestDatabaseinternal class PersonServiceTest Autowired lateinit var personRepository PersonRepository Autowired lateinit var personService PersonService BeforeEach fun beforeEach personRepository deleteAll Test fun should rollback transaction if name is null assertThrows Exception class java personService addPeople null assertEquals personRepository count The test fails just like in Java expected lt gt but was lt gt Expected Actual There are no surprises Spring manages transactions in the same way in either Java or Kotlin But in Java we cannot execute a method that throws java lang Exception without taking care of it Kotlin allows it That may bring unexpected bugs so you should pay extra attention to such cases ConclusionThat s all I wanted to tell you about Spring Transactional annotation If you have any questions or suggestions please leave your comments down below Thanks for reading	2021-09-25 11:05:36
ニュース	BBC News - Home	Lorry driver shortage: Government working on temporary visa scheme	https://www.bbc.co.uk/news/business-58687026?at_medium=RSS&at_campaign=KARANGA	queue	2021-09-25 11:24:18
ニュース	BBC News - Home	Sabina Nessa: Book of condolence opened for killed teacher	https://www.bbc.co.uk/news/uk-england-london-58690225?at_medium=RSS&at_campaign=KARANGA	nessa	2021-09-25 11:00:56
ニュース	BBC News - Home	Germany elections: Merkel backs 'bridge-builder' Laschet as successor	https://www.bbc.co.uk/news/world-europe-58689239?at_medium=RSS&at_campaign=KARANGA	tight	2021-09-25 11:19:37
ニュース	BBC News - Home	Sgt Matiu Ratana shooting: Memorial services held	https://www.bbc.co.uk/news/uk-england-london-58678275?at_medium=RSS&at_campaign=KARANGA	november	2021-09-25 11:04:01
ニュース	BBC News - Home	Universal credit: Tory peer wants to force Commons vote on cut	https://www.bbc.co.uk/news/uk-politics-58681315?at_medium=RSS&at_campaign=KARANGA	coronavirus	2021-09-25 11:06:07
北海道	北海道新聞	東京六大学野球、立大が３連勝　慶大と明大は引き分け、第２週	https://www.hokkaido-np.co.jp/article/592986/	東京六大学野球	2021-09-25 20:10:19
北海道	北海道新聞	女子５００ｍ、菊池純礼が４連覇　スケート距離別ショート第１日	https://www.hokkaido-np.co.jp/article/593004/	菊池純礼	2021-09-25 20:10:15
北海道	北海道新聞	２５日の人出、７割弱の地点で増加　感染者減と好天が影響か	https://www.hokkaido-np.co.jp/article/593014/	時時	2021-09-25 20:07:00
北海道	北海道新聞	男子１００ｍ、小池Ｖ１０秒１９　全日本実業団陸上第２日	https://www.hokkaido-np.co.jp/article/593013/	陸上	2021-09-25 20:06:00
北海道	北海道新聞	最後の週末、４候補奔走　視察や地方対話重ねる	https://www.hokkaido-np.co.jp/article/593012/	自民党総裁	2021-09-25 20:06:00