投稿時間:2022-03-03 21:25:16 RSSフィード2022-03-03 21:00 分まとめ(28件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
TECH	Engadget Japanese	Nothing、噂のスマホを4月中に発表か。MWCで試作機を披露したとの情報も	https://japanese.engadget.com/nothing-smartphone-mwc-114737234.html	nothing	2022-03-03 11:47:37
TECH	Engadget Japanese	ヤマハTW-E5B発表、ニンテンドースイッチでも使える低遅延ゲーミングモード対応の完全ワイヤレスイヤホン	https://japanese.engadget.com/yamaha-true-wireless-tw-e5b-112853084.html	遅延	2022-03-03 11:28:53
TECH	Engadget Japanese	注目のSoCはSD 8 Gen1。元ファーウェイのHonorが上位スマホMagic 4/4 Pro海外発表	https://japanese.engadget.com/honor-magic-44-pro-110309420.html	honor	2022-03-03 11:03:09
IT	ITmedia 総合記事一覧	[ITmedia News] 赤十字、ウクライナ避難民に支援物資としてSIMカード（60GB入り）を配布　「新世紀の救援物資」とTwitterで話題に	https://www.itmedia.co.jp/news/articles/2203/03/news170.html	itmedia	2022-03-03 20:07:00
python	Pythonタグが付けられた新着投稿 - Qiita	[OpenEXR] WindowsでPython用OpenEXRをインストールする際の手順	https://qiita.com/waka1692/items/d20424c3ce8435afe20d	OpenEXRWindowsでPython用OpenEXRをインストールする際の手順Python用のOpenEXRライブラリをpipでインストールする際に躓いたのでまとめておきます。	2022-03-03 20:44:26
js	JavaScriptタグが付けられた新着投稿 - Qiita	JavaScript入門：タイピングソフトを作ろう！「 キーワード簡単編集で自分の練習したい文字列に変更可能 」	https://qiita.com/daisu_yamazaki/items/8cb5b256fb28895c82ab	JavaScript入門タイピングソフトを作ろう「キーワード簡単編集で自分の練習したい文字列に変更可能」Youtubeで公開した内容を記事にしました。	2022-03-03 20:51:19
AWS	AWSタグが付けられた新着投稿 - Qiita	TablePlusの書き方(sshトンネルで接続したい時)	https://qiita.com/gebageba/items/51501e67459ec611c038	ECに接続し、そこからRDSに接続する。	2022-03-03 20:58:47
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS RDS用のオプショングループを作成する	https://qiita.com/miriwo/items/5c4c7116597a55b665ee	本作業で料金が発生する可能性があります。	2022-03-03 20:50:31
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS RDS用のパラメータグループを作成する	https://qiita.com/miriwo/items/288873d24f1ec17b505e	「作るものの情報」に記載した内容に沿って入力を行う。	2022-03-03 20:45:31
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS RDS用のサブネットグループを作成する	https://qiita.com/miriwo/items/1c4015bd26f8f03ee9f9	本作業で料金が発生する可能性があります。	2022-03-03 20:38:16
AWS	AWSタグが付けられた新着投稿 - Qiita	CloudWatachでRDSのストレージ残り空き容量を監視する	https://qiita.com/chin-zabro/items/3197ddb17b2c694546d7	しかし、今回はRDSなのでこの当たりは設定不要ですので「次へ」をクリックしますアラーム名を入力アラーム名はCloudWatachのアラート一覧に表示されるので、わかりやすい名称を入力します。	2022-03-03 20:31:13
海外TECH	DEV Community	Dative.JS Tutorial	https://dev.to/tobithedev/dativejs-tutorial-1ido	Dative JS Tutorial IntroductionDativeJs Is A Mordern Ui Javascript FrameWork How Do I Use Dative Js FirstScaffold A Project npx degit dativeJs template my app Install All The Dependencies npm iThat Command Should Create a template with Dative JS ThereFile Structure Should Be Considered While Creating a New Componentmy app src your component your component dative html The Template your component dative js The Script your component dative js import Dative from dativejs import template from your component dative html export let YourComponent Dative extend template Other Options Goes Here Then You Can Import it in the src index jsimport YourComponent from your component your component dative app attach new YourComponent el your component id You SetCheck DativeJS Docs for more detailsThanks For Reading	2022-03-03 11:37:37
海外TECH	DEV Community	Detecting, Investigating and Verifying Fixes for Security Incidents and Zero Day Issues Using Lightrun	https://dev.to/codenameone/detecting-investigating-and-verifying-fixes-for-security-incidents-and-zero-day-issues-using-lightrun-39a1	Detecting Investigating and Verifying Fixes for Security Incidents and Zero Day Issues Using LightrunImportant You can use Lightrun for free on your servers I m not a security expert I d like to think of myself as a security conscious developer but this is a vast subject with depth and breadth What I understand is Lightrun and Debugging In that capacity I can show some creative ways you can use it as a security tool A “proper security expert could take this to the next level What is Lightrun Lightrun is a developer oriented observability tool Like a debugger in your production environment without the security risks Lightrun is a tool that s flexible enough to fit into multiple molds just like the debuggers that birthed it With Lightrun you can inject logs without code changes Add snapshots breakpoints that don t stop the code execution and use metrics to get observable insight at the code level Security Tool Use CasesThere are several reasons I would reach for Lightrun as a security tool Here I ll focus Verify that a security vulnerability existsCheck if someone actively exploited a security vulnerabilityVerify that we deployed a fix correctly There s a lot more that needs to be done in order to secure your application Lightrun is a generic tool it isn t a replacement for existing security tools like Snyk etc It s complimentary filling in the gaps at the code level Finally I will discuss how Lightrun secures itself We can t have a vulnerable security tool…We can t consider Lightrun as a security tool if it isn t inherently secure…Enough with the high level theory Let s show the code Verify a Security VulnerabilitySecurity tools are like observability tools They provide high level alerts of potential risks But they rarely communicate at the code level As a result a developer might have a hard time with actionable security tasks and validation If the security issue reproduces locally that s great You can often fill in the gap with a debugger But some security issues are tough to reproduce outside of a production environment Lightrun won t find a vulnerability out of thin air for that you need a dedicated security tool However if you have a suspicion Lightrun can help in the investigation and prove the vulnerability E g let s take this obvious bug This is an obvious SQL injection bug But is it exploitable Do we need to be hysterical or can we take our time adapting the code BTW notice I m using Java because that s the platform I m most comfortable with This applies to all Lightrun supported platforms languages equally So everything here easily applies to NodeJS JavaScript TypeScript Python Kotlin Scala etc This is trivial to test in Lightrun We can just add a log or a snapshot that will be triggered when an invalid request happens Then we can try sending invalid values via a curl command to see if our log is triggered Notice that we use a regular expression to validate the name value If we receive a log it means the problematic value is exploitable This also means the risk of the security vulnerability is high Is it Actively Exploited So we found a security vulnerability like the one above Should we panic Are there hackers already in the system What do we do Well we can do something similar to what we did above and add a snapshot with a similar condition and a few “tune ups This image contains a lot so let s try to unpack it Why Snapshot and not Log Logs are great to see if something happened They re quick and they handle high volume well But if someone is actively breaking into our system we want to get all the information that s available Possibly even things we haven t thought about We want to know the vector of attack which means knowing the call stack etc Snapshots are an ideal security tool Targeting a TagNotice that the “Agent entry points at “Production We can apply the snapshot to a group of machines based on tagging So in this case we can target all potentially vulnerable machines with one swoop Max Hit CountUnlike a log snapshots fill up the UI and storage So we have a default limit of snapshots we can take before expiring the snapshot This defaults to one normally Here I raised it to but we can probably go even higher if we re willing Notice that if we see this happen and exploits are happening we might want to switch to logs since they don t have a hit count Ignore QuotaThis option might not be available to you since it requires special permissions If you re in this situation ask your manager for this permission This is a risky feature which is why it s guarded But with an exploitable hack it might be a risk worth taking The quota limits the amount of CPU a condition or expression can take per Lightrun action The risk here is that an exploit might happen and some information would be “dropped because of CPU usage This will mean the snapshot won t be paused at any point and we won t “miss a potential exploit This might affect your server performance though so it isn t without risk ExpiryLightrun actions default for one hour of expiry We want to keep your servers fast and nimble so we expire actions that aren t needed In this case we want the action there until we get the fix out So I set the expiry value to hours With these in place we will get actionable information on any exploit coming our way Verify the FixVerifying the fix is pretty similar We can place a log or a snapshot in the problematic area of the code and see if that code is reached with problematic values You can also add additional logging to verify that attempted exploits reach the area they re expected to reach and are handled as you would expect Lightrun SecurityA security tool that s vulnerable defeats its purpose So understanding the security measures in Lightrun is an important part of this post Following are the high level features in Lightrun that make it so secure ArchitectureLightrun made several architectural decisions that significantly reduced attack vectors Agents only connect to the Lightrun server to fetch actions Not the other way around That means they are hidden completely from end users and even from the organization If the Lightrun server fails an agent just does nothing This means that even a DDoS attack that would bring down Lightrun won t affect your servers You won t be able to use Lightrun but the servers will work just fine Certificate pinning amp OIDCAgents and clients of the Lightrun server use certificate pinning to prevent elaborate man in the middle attacks Lightrun uses OpenID Connect OIDC for secure proven authorization across its tools The Lightrun server limits user privileges based on assigned roles Most importantly every operation is written to an administration log This means that a “bad actor can t be abusive without leaving a footprint SandboxAll operations within an agent are sandboxed and have limited access All actions are “read only and can t use too much CPU as we saw in the article above There are exceptions to these rules but they need higher privileges to circumvent Block ListA malicious developer in the organization can use a snapshot or a log to get information from a running application E g a snapshot can be placed in the authorization logic to steal user data before encoding A block list can define files that are blocked inside Lightrun agents These files won t let a developer place an action within them PII ReductionPersonal Identifiable Information such as credit card numbers can be logged intentionally or unintentionally PII reduction lets us define patterns that are risky and those will be implicitly erased from the logs As a result you won t need to purge such logs and won t expose yourself to potential regulatory liability TL DRWe did not design Lightrun as a security tool It shouldn t replace existing security tools But it s a perfect sidekick to the tools you already have It plays to their strengths and pushes the envelope of fast response to vulnerabilities hacks Lightrun s low level deep code observability lets us respond to potential threats faster and mitigate vulnerabilities sooner I m not a security expert I m sure that if you are you can come up with even more amazing security related use cases for Lightrun This is very exciting I can t wait to hear about them	2022-03-03 11:01:52
Apple	AppleInsider - Frontpage News	Aqara launches upgraded G2H Pro HomeKit camera and hub	https://appleinsider.com/articles/22/03/03/aqara-launches-upgraded-g2h-pro-homekit-camera-and-hub?utm_medium=rss	Aqara launches upgraded GH Pro HomeKit camera and hubSmart home accessory maker Aqara has announced worldwide availability of its new HomeKit compatible GH Pro camera with several notable improvements Aqara GH ProThe updated GH Pro which launched in China back in December retains the same form factor as the GH but has been updated with fresh internals It now surfaces the alarm to the Home app and supports all four security system modes Read more	2022-03-03 11:34:43
金融	金融庁ホームページ	入札公告等を更新しました。	https://www.fsa.go.jp/choutatu/choutatu_j/nyusatu_menu.html	公告	2022-03-03 13:00:00
ニュース	BBC News - Home	Ukraine: Not too late for Vladimir Putin to withdraw, says UK defence secretary	https://www.bbc.co.uk/news/uk-60600844?at_medium=RSS&at_campaign=KARANGA	wallace	2022-03-03 11:34:57
ニュース	BBC News - Home	Energy bills could reach £3,000 as oil and gas prices soar	https://www.bbc.co.uk/news/business-60600049?at_medium=RSS&at_campaign=KARANGA	bills	2022-03-03 11:50:04
ニュース	BBC News - Home	Ukraine crisis: How many refugees and where might they go?	https://www.bbc.co.uk/news/world-60555472?at_medium=RSS&at_campaign=KARANGA	ukraine	2022-03-03 11:06:03
ニュース	BBC News - Home	Why is Russia invading Ukraine and what does Putin want?	https://www.bbc.co.uk/news/world-europe-56720589?at_medium=RSS&at_campaign=KARANGA	ukraine	2022-03-03 11:26:06
ニュース	BBC News - Home	Ukraine conflict: Reporter takes cover as blast lights up Kyiv's sky	https://www.bbc.co.uk/news/world-europe-60600984?at_medium=RSS&at_campaign=KARANGA	finishes	2022-03-03 11:14:01
ニュース	BBC News - Home	Covid: How could the pandemic have affected your brain?	https://www.bbc.co.uk/news/uk-wales-60558431?at_medium=RSS&at_campaign=KARANGA	covid	2022-03-03 11:49:07
北海道	北海道新聞	豊浦町副町長らを書類送検　ホタテ処理汚水を不法投棄の疑い	https://www.hokkaido-np.co.jp/article/652481/	不法投棄	2022-03-03 20:20:00
北海道	北海道新聞	北京パラ４日開幕　道内から３人出場	https://www.hokkaido-np.co.jp/article/652476/	北京大会	2022-03-03 20:17:00
北海道	北海道新聞	侵攻受け前代未聞の幕開け　北京パラ、４日に開会式	https://www.hokkaido-np.co.jp/article/652477/	前代未聞	2022-03-03 20:17:00
北海道	北海道新聞	道内で鳥インフル拡大　今季１８件、過去最多更新	https://www.hokkaido-np.co.jp/article/652467/	過去最多	2022-03-03 20:15:01
北海道	北海道新聞	事故範囲、３カ所１・５キロ 函館・江差道の８０台多重事故	https://www.hokkaido-np.co.jp/article/652447/	自動車道	2022-03-03 20:13:26
ビジネス	東洋経済オンライン	サッカー中国代表主将が｢賃金払え｣と訴えた事情 プロサッカーリーグの多数のチームが資金難に | 「財新」中国Biz＆Tech | 東洋経済オンライン	https://toyokeizai.net/articles/-/534882?utm_source=rss&utm_medium=http&utm_campaign=link_back	biztech	2022-03-03 20:30:00
マーケティング	AdverTimes	中央区がシビックプライド1位に　港区は4位へ、読広調べ	https://www.advertimes.com/20220303/article378381/	調べ	2022-03-03 11:06:02