投稿時間:2022-05-16 01:13:34 RSSフィード2022-05-16 01:00 分まとめ(14件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
python	Pythonタグが付けられた新着投稿 - Qiita	pythonで長時間の動画を音声付きで再生する	https://qiita.com/a2kiti/items/a7feb7a67e6613af19b6	opencv	2022-05-16 00:43:14
Ruby	Rubyタグが付けられた新着投稿 - Qiita	【Ruby】APOD APIで毎日更新される宇宙写真を保存する	https://qiita.com/Yuzu_Ginger/items/675cca0f56a8ed8b4a23	apodapi	2022-05-16 00:36:21
golang	Goタグが付けられた新着投稿 - Qiita	golang インターフェースからコードの自動生成	https://qiita.com/ytmycat17yo/items/404fd0910cc664803a39	vscode	2022-05-16 00:19:30
海外TECH	DEV Community	show/hide desktop items on MacOS	https://dev.to/vikbert/showhide-desktop-items-on-macos-1jo6	show hide desktop items on MacOSI am a minimalist and I prefer to have a very clean desktop without any items But I wanna be able to find open the files in finder in the folder Desktop To make it possible I just create two aliases deskon and deskoff alias deskon defaults write com apple finder CreateDesktop bool true amp amp killall Finder alias deskoff defaults write com apple finder CreateDesktop bool false amp amp killall Finder deskoffby using command deskoff I can hide all items from desktop to have a clean desktop with only wallpaper But the hidden files are still shown in finder app on the path Desktop deskonby using command deskon I can show the items again	2022-05-15 15:21:25
海外TECH	DEV Community	Avoiding code flaws, ok, but how?	https://dev.to/jmau111/avoiding-code-flaws-ok-but-how-gd2	Avoiding code flaws ok but how It s not uncommon to spot code flaws in the code base If you find any weakness such as harmful injections XSS vulnerabilities hard coded credentials hazardous serializations then it s essential to fix them You d be surprised how critical your code can be DisclaimerThe code base is only one element in the global security An important one but there are many other elements to check For example your code might be perfectly fine but if the server is misconfigured hackers will exploit that The state of cybersecurityWebsites and apps have now pretty robust technologies to fight cybercriminals in addition to the firewalls scanners and other classic defenses That s why it s often more efficient for attackers to exploit unescaped inputs and weak validations There are literally dozens of variants of injections and XSS and such vulnerabilities can be used for further actions like privilege escalations and lateral movements Ok It s pretty bad and your potential adversaries have access to an extensive range of free tools and techniques to destroy your house of cards Photo by SigmundHowever with some principles in mind you can prevent the most obvious flaws a k a the ones that hackers will try first elements to protectall inputsdatabasesdangerous functions such as eval in PHP or JavaScript that allows passing other commandsauth tokens make it unpredictable and for one time use financial transactionsemailsmaintenance processes such as backup files Ok but not all flaws are criticalIt s true that reflected XSS Cross Site Scripting for example rely on weak input validation but are non persistent It gives the classic joke s lt script gt console log Welcome back XSS Sir what can I do for you lt script gt The code is not supposed to work but if that s the case anybody can execute arbitrary JavaScript on your page The hackers would need to send the crafted link to their victim e g in a malicious mail As a result you might think it s a bit less dangerous than SQL injections that can retrieve the entire database with users credentials and their confidential information Still JavaScript can do a lot of things so yes there are various degrees of severity but it s always the same principle Don t trust user inputs Don t assume don t expect anything from the users Another underappreciated flaw to me can be the lack of server side validation for HTML lt select gt If you have something like the following lt select id myselect name select required gt lt option value coco gt Coco lt option gt lt option value banana gt Banana lt option gt lt option value vanilla gt Vanilla lt option gt lt select gt Don t let people modify the HTML and send you other values Instead whitelist allowed values Likewise validate data types file types and everything you can to filter the values in other inputs Indeed it s not the end of the world if you receive chocolate here but do you really want to add potential extra work to the support team Besides it can raise the curiosity like hum let s see if I can inject more here Don t trust your eyesSome techniques rely on invisible chars and other fancy tricks with unicode or a specific charset to bypass validation Escape HTML entities and other special chars Use strict modeEnable strict mode whenever you can regardless of the language Most devs don t use strict mode for convenience or because of a bad legacy code The problem is that the engine will make guesses and even sometimes modify the values automatically if you don t enable it which is precisely what hackers need to inject malicious commands Prefer late escapeIt s best if you can escape data the latest possible for example just before database insert or the final display This approach has many advantages such as preventing oversightsknowing the use context Wrap upEven with all that in mind there are tons of other elements to consider but hopefully it s a good start to improve security Try to hack your own code by passing unexpected values to your inputs or modifying the HTML before sending forms and you ll know what to do	2022-05-15 15:03:55
海外TECH	Engadget	Elon Musk claims Twitter's legal team told him he violated an NDA	https://www.engadget.com/elon-musk-twitter-legal-team-154423136.html?src=rss	Elon Musk claims Twitter x s legal team told him he violated an NDAElon Musk s tweeting may have landed him in legal trouble again As you may recall the Tesla and SpaceX executive tweeted on Friday that his deal to buy Twitter was “temporarily on hold after the company disclosed that fake and spam accounts represented less than percent of its monetizable daily active users during the first quarter of After his tweet prompted Twitter CEO Parag Agrawal to say the company was “prepared for all scenarios Musk stated his team would test “a random sample of followers to verify Twitter s numbers According to the billionaire one of the answers he gave to a question about his methodology prompted a response from Twitter s legal team “I picked as the sample size number because that is what Twitter uses to calculate lt fake spam duplicate he said in the alleged offending tweet “Twitter legal just called to complain that I violated their NDA by revealing the bot check sample size is Musk later said of his actions We ve reached out to Twitter for comment In another twist in Musk s bid to buy Twitter he also took aim at the platform s algorithmic feed “You are being manipulated by the algorithm in ways you don t realize he said The message drew the attention of former Twitter CEO Jack Dorsey “It was designed simply to save you time when you are away from the app for a while Dorsey told Musk “Pull to refresh goes back to reverse chron as well Dorsey then responded to someone who said Twitter s algorithmic feed was “definitely designed to manipulate “No it wasn t designed to manipulate It was designed to catch you up and work off what you engage with Dorsey said “That can def have unintended consequences tho Musk later appeared to walk back his comment “I m not suggesting malice in the algorithm but rather that it s trying to guess what you might want to read and in doing so inadvertently manipulate amplify your viewpoints without you realizing this is happening he said Should something come of Musk s actions this wouldn t be the first time one of his tweets has landed him in legal trouble Back in his now infamous “funding secured tweet attracted the attention of the US Securities and Exchange Commission leading to a million settlement with the agency that he s now trying to end	2022-05-15 15:44:23
海外科学	NYT > Science	The Unlikely Ascent of New York’s Compost Champion	https://www.nytimes.com/2022/05/13/climate/domingo-morales-composting-nyc.html	domingo	2022-05-15 15:01:49
ニュース	BBC News - Home	West Ham United 2-2 Manchester City: Pep Guardiola's side keep title race in own hands	https://www.bbc.co.uk/sport/football/61368175?at_medium=RSS&at_campaign=KARANGA	West Ham United Manchester City Pep Guardiola x s side keep title race in own handsManchester City recover from a two goal deficit to keep the Premier League title race in their own hands at West Ham	2022-05-15 15:29:54
ニュース	BBC News - Home	Women's FA Cup final: Sam Kerr's deflected effort puts Chelsea ahead in extra time	https://www.bbc.co.uk/sport/av/football/61459324?at_medium=RSS&at_campaign=KARANGA	Women x s FA Cup final Sam Kerr x s deflected effort puts Chelsea ahead in extra timeSam Kerr s effort deflects in off Manchester City s Alex Greenwood to put Chelsea ahead again in the first half of extra time of the Women s FA Cup final	2022-05-15 15:56:08
ニュース	BBC News - Home	Women's FA Cup final: Hayley Raso equalises for Manchester City in 89th minute	https://www.bbc.co.uk/sport/av/football/61458510?at_medium=RSS&at_campaign=KARANGA	Women x s FA Cup final Hayley Raso equalises for Manchester City in th minuteWatch as substitute Hayley Raso equalises for Manchester City in the th minute of the Women s FA Cup final against Chelsea	2022-05-15 15:37:29
ニュース	BBC News - Home	Women's FA Cup final: 'Sensational' Erin Cuthbert goal puts Chelsea ahead against Man City	https://www.bbc.co.uk/sport/av/football/61458506?at_medium=RSS&at_campaign=KARANGA	Women x s FA Cup final x Sensational x Erin Cuthbert goal puts Chelsea ahead against Man CityWatch Erin Cuthbert score a sensational second half goal to put Chelsea ahead against Manchester City in the Women s FA Cup final	2022-05-15 15:09:12
北海道	北海道新聞	フィンランド、加盟申請正式表明　ＮＡＴＯ、週内にも	https://www.hokkaido-np.co.jp/article/681072/	内本智子	2022-05-16 00:16:52
北海道	北海道新聞	中山はフル出場　堂安ベンチ外、オランダ	https://www.hokkaido-np.co.jp/article/681100/	堂安	2022-05-16 00:04:00
北海道	北海道新聞	北朝鮮、原子炉建設再開か　米専門家、衛星画像分析	https://www.hokkaido-np.co.jp/article/681099/	衛星画像	2022-05-16 00:04:00