投稿時間:2022-05-24 02:28:01 RSSフィード2022-05-24 02:00 分まとめ(29件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Big Data Blog	Enable Amazon QuickSight federation with Google Workspace	https://aws.amazon.com/blogs/big-data/enable-amazon-quicksight-federation-with-google-workspace/	Enable Amazon QuickSight federation with Google WorkspaceAmazon QuickSight is a scalable serverless embeddable machine learning ML powered business intelligence BI service built for the cloud that supports identity federation in both Standard and Enterprise editions Organizations are working towards centralizing their identity and access strategy across all of their applications including on premises third party and applications on AWS Many organizations use Google Workspace …	2022-05-23 16:39:31
python	Pythonタグが付けられた新着投稿 - Qiita	Pythonのバージョンをrequirements.txtで固定する方法が分からなかったので作った	https://qiita.com/jin0g/items/e3b1d69cc0e7fc6ea291	google	2022-05-24 01:08:56
python	Pythonタグが付けられた新着投稿 - Qiita	pythonでmake it a quoteを作りたい(2)	https://qiita.com/YutoYuto990/items/e381290c266155550743	discordpy	2022-05-24 01:05:43
Docker	dockerタグが付けられた新着投稿 - Qiita	【初心者】環境構築 for Windows	https://qiita.com/nejioooo/items/e24e5fd7de22fc022eaa	docker	2022-05-24 01:43:12
Docker	dockerタグが付けられた新着投稿 - Qiita	Docker、Gradleを使用したJavaの開発環境の構築について	https://qiita.com/T-H9703EnAc/items/002538a2b040fc188705	gradle	2022-05-24 01:25:11
海外TECH	Ars Technica	Pakistan hits 120°F as climate trends drive spring heatwave	https://arstechnica.com/?p=1855675	analysis	2022-05-23 16:05:02
海外TECH	MakeUseOf	8 Apps to Build Your Self-Confidence and Improve Your Wellness	https://www.makeuseof.com/apps-build-self-confidence-improve-wellness/	start	2022-05-23 16:45:14
海外TECH	MakeUseOf	How to Batch Compress Your Images With Caesium on Windows	https://www.makeuseof.com/windows-caesium-guide/	caesium	2022-05-23 16:15:13
海外TECH	DEV Community	Introducing Rediscovering Ruby	https://dev.to/ridhwana/introducing-rediscovering-ruby-53bk	Introducing Rediscovering RubyThis post is co authored by juliannatetreault and ridhwana IntroductionHi there and welcome to the first post in our series Rediscovering Ruby My name is Julianna I m a primarily backend focused Software Engineer at Forem and I have been working with Ruby and Rails almost exclusively for roughly years now and I still learn new things about Ruby almost daily My name is Ridhwana and I m a Full Stack Lead Software engineer at Forem I ve been dabbling in Ruby on Rails for about years and spent just under half of that time focussing on backend development which has been leading me through weird and wonderful explorations in this language Why are we writing this series We ve been working together for a while now and thoroughly enjoy it We often find ourselves talking through Ruby concepts or pair programming asynchronously through pull request reviews We ve realized that a lot of developers including ourselves end up learning a new language by exploring and copying existing patterns within an already existing codebase This sometimes leaves us without a name for a pattern that we re following or without a deeper understanding of what s happening behind the “magic of the language It also means that sometimes we struggle to articulate concepts that we use on a daily basis Hence we came up with an idea to write a series of posts that explore and explain these different concepts in Ruby We hope that you ll follow along and share your knowledge and experiences with us too What do we plan on covering in this series First we ll begin with the basics foundational concepts and the like While the rest of our plan is still a bit up in the air after covering some of the core Ruby concepts we plan to slowly start introducing more complex topics Some of the concepts and topics that we hope to cover include classes objects memory and duck typing With that being said let s dive into an introduction of our favourite language Ruby About RubyRuby was conceived in and publicly released in by its creator Yukihiro “Matz Matsumoto It s approximately years old already Over the years Matz Ruby s creator can be found talking about some of his motivations for creating Ruby Some of these include Blending parts of his favorite languages at the time like Perl Smalltalk Ada and Lisp etc into a better object oriented version Ruby In a Google talk in he told the audience that he hoped to see Ruby help every programmer in the world to be productive and to enjoy programming and to be happy He also jokes that he created Ruby for selfish reasons because he was so underwhelmed by other languages that he just wanted to create something that would make him happy Shortly after the release of Ruby interest in the language quickly grew in Japan In the first English language book “Programming Ruby was released by author Dave Thomas This helped to spread the language internationally and by Ruby had become popular worldwide However after the release of the Ruby on Rails framework the community grew even bigger The Ruby CommunityAs mentioned above Ruby has been around for a while and so has the community that supports the language The Ruby community has a reputation for being welcoming and supportive which is one of the reasons why the language is often suggested for beginners If conferences or meetups are your thing or if you d like them to be Ruby has a plethora of in person and more recently remote events Additionally due to the age of the language and the size of the community there are many opportunities to contribute to Open Source projects that use Ruby as their foundation and there are many learning resources available like this one for when you want to better acquaint yourself with the language s intricacies A Ruby PrimerRuby can be described as “Object Oriented and Dynamic language What exactly does object oriented mean This means the language is centered around the concept of “objects Hence in order to write useful applications in an OO language the code will contain a group of objects Each object will have its own set of attributes and methods and these objects will send and react to messages from the other objects In order to understand what is a “dynamic language let s get two definitions out of the way compile time and run time Compile time is the time at which the source code is converted into an executable code Run time is the time at which the executable code has started running Knowing the above what does this have to do with a dynamic language Well a dynamic language gives us the ability to carry out certain actions at runtime that other languages cannot such as assigning and reassigning objects without running into compiler related issues In addition if any errors occur during compile time the process will not be halted by those errors and will continue to move forward For example If we were to call a method on an object that does not exist the compiler will not produce a warning or an error Only once the code is executed will we see a NoMethodError Okay so we ve discussed what object oriented and dynamic means is there anything else that sets Ruby aside that I should be aware of When it comes to memory allocation and deallocation Ruby is one of those languages that handles it for you Memory allocation and deallocation is baked into the language so that for the most part you don t have to think about how to allocate and deallocate memory on a day to day basis this is handled by Ruby garbage collection …garbage collection There are entire books written and countless talks given on Ruby s garbage collection mechanism but a concise explanation for just what Ruby garbage collection is is that it s a mechanism within Ruby that handles memory usage both allocation and deallocation Ruby provides an interface for its garbage collection so that in the event that you need to adjust memory usage or if you re just curious like us then you can see just what s going on under the hood And that s it folks…We hope that this post piqued your interest as we ll be diving deeper into some of these concepts in upcoming posts Thank you for reading	2022-05-23 16:38:35
海外TECH	DEV Community	Docker Extension CLI uygulaması kurulumu	https://dev.to/aciklab/docker-extension-cli-uygulamasi-kurulumu-1dde	Docker Extension CLI uygulamasıkurulumuGeçen hafta Docker Desktop uygulamasının GNU Linux sürümüduyurulmuştu Ben de Docker Desktop ıkurduktan sonra fark ettim ki bir de beta olarak sunulan Docker Extensions özelliği bulunmakta Normal şekilde Docker Eklentisi eklemek arayüz üzerinden mümkün olsa da özellikle eklenti geliştirmek ve Docker Eklenti nin diğer yeteneklerini kullanmak için CLI paketini kurmak gerekiyor Docker CLI ınasıl kurabilirim Sisteminize docker desktop haliyle docker ıkurduğunuzda docker extension komutunu kullanmaya çalıştığınızda docker ın böyle bir özelliği olmadığınısöyleyen bir hata ile karşılaşıyorsunuz docker extension is not a docker commandSee docker help Github adresindeki güncel docker eklenti CLI paketi için Linux tar gz paketini indirmeniz gerekiyor Sonrasında tar gz içerisinde bulunan docker extension binary dosyası normal kullanıcıolarak aşağıda belirtilen konuma kopyalanmasıgerekiyor tar xvzf desktop extension cli linux amd tar gzmkdir p docker cli pluginsmv docker extension docker cli pluginsBu adımdan sonra docker extension komutu çalıştırılabilir olmakta Eklenti komutlarıhakkında özetEğer sisteminize docker desktop veya cli üzerinden eklenti eklerseniz var olan eklentileri aşağıdaki komut ile listeleyebiliyorsunuz docker extension lsDocker extension hub üzerinden eklenti eklemek için aşağıdaki gibi komut kullanılabilmektedocker extension install aliorhun ornekeklenti Docker eklentisinin güncel bir sürümüne geçişiçin ise benzer şekilde güncelleme yapabilirsiniz docker extension update aliorhun ornekeklenti Ve tabi ki silmek için de rahatlıkla eklentiyi kaldırabilirsiniz docker extension rm aliorhun ornekeklenti	2022-05-23 16:38:31
海外TECH	DEV Community	GitHub Actions Security Cheat Sheet	https://dev.to/gitguardian/github-actions-security-cheat-sheet-da9	GitHub Actions Security Cheat SheetThis article is the result of a collaboration with C J May “GitHub Actions keep me up at night I worry that a malicious actor will use GitHub Actions to inject code into one of my repositories unbeknownst to me Grayson HardawayGitHub Actions is an increasingly popular CI CD platform They allow to automate almost all the tasks of the development cycle while remaining easy to access However since they often use external code they require some security measures to be applied We have tried to gather the main tips to secure your GitHub Actions in this cheat sheet What are GitHub Actions GitHub Actions is GitHub s CI Cd service It s the mechanism used to run workflows from development to production systems Actions are triggered by GitHub events a pull request is submitted an issue opened a PR is merged etc…  and can execute pretty much any command For instance they can be used to format the code format the PR sync an issue comments with another ticketing system s comments add the appropriate labels to a new issue or trigger a full scale cloud deployment A workflow is made of one or more jobs which are run inside their own virtual machine or container a runner that execute one or more steps A step can be a shell script or an action which is a reusable piece of code specially packaged for the GitHub CI ecosystem Because GitHub is hosting millions of open source projects that can be forked and contributed to through pull requests GitHub Actions security is paramount to prevent supply chain attacks This cheat sheet is here to help you mind the risks posed by some GitHub Action workflows no matter if you are maintaining open source projects or not Let s dive into the best practices Set minimum scope for credentialsThis is a general security principle for all the credentials used by your workflow but let s focus on a GitHub specific one the GITHUB TOKEN This token is granting each runner privileges to interact with the repository It is temporary meaning its validity start and ends with the workflow By default the token s permissions are either “permissive read write for most of the scopes or “restricted no permission by default in most scopes In either case forked repos only have at most a read access Whether you choose one option or the other the GITHUB TOKEN should always be granted the minimum required permissions to execute a workflow job You should make use of the permission key in your workflows to configure the minimum required permissions for a workflow or job This will allow fine grained control over the privileges of your GitHub Actions The set of permissions required to call each endpoint of the GitHub API is extensively documented and you should verify what the default permissions are to match and adjust them This principle applies to environment variables as well To limit the scope of environment variables you should always declare them at the step level so they won t be accessible to other stages In contrast defining them at the job level will make them available to all stages including potentially compromised code more on that later Use specific action version tagsTypically when people make their own workflows on GitHub they use Actions made by someone else Almost all workflows begin with a step like the one below name Check out repository uses actions checkout vMost people probably think “Well yeah that just fetches my code What could possibly be dangerous about that The important part to consider is how it checks out your code That line that starts with “uses means that there s some work going on behind the scenes to get the code from your GitHub repo to the server that is running your workflow For the “actions checkout action that behind the scenes stuff lives in its own repo If you read the source code there s actually a lot going on that you wouldn t have known about if you didn t take a look More than that though you don t maintain the code that is running in that Action When you think about it there is some risk in blindly trusting all these actions Third party actions are interacting with your code and possibly running on a server you own but do you ever look at what they are actually doing under the hood Are you monitoring changes that are made to the action when the author publishes an update For just about everyone the answer to both of those questions is probably no Consider this threat scenario you are using a third party action that runs a linter on your code to check for formatting issues Rather than install configure and run a linter yourself you decide to use an action from the GitHub Actions Marketplace that does what you need You give it a test run and it works Since it does what you want you set up a workflow in your repo that uses it name Lint code uses someperson lint action vAfter months of using this action you suddenly start having issues with your API keys stolen and abused After some investigating you find out that the author of the third party linter action recently pushed an update to the GitHub Marketplace You go to the source repo for the action and see that code was recently added to the linter action to send environment variables to some random web address In that hypothetical scenario the author of the third party action or someone who hijacked their account added malicious code to the action and re tagged it as “v Everyone using someperson linter action v was now running the malicious code in their workflows Now that we see the threat from this scenario how do we protect ourselves from it No one has the time to watch for updates on every third party action they use but luckily GitHub gives us a way to prevent updates from altering the actions we use Rather than running an action with a tag from the repo you can use a commit hash For example when I automatically push container images to Docker Hub I use the following step in my workflows to authenticate name Log in to the container registry uses docker login action fabaffcfaeeffcBy specifying exactly what commit I want to use when I authenticate to Docker Hub I never have to worry about the action changing or behaving differently You can do the same thing with any action that you use in your workflows Don t use plain text secretsThis one is a little more obvious but it still needs to be said Source code isn t the only place where it s a bad idea to store API keys and passwords in plain text In fact it s probably better stated that there is no place where it s okay to do that and CI workflow files are no exception GitHub Secrets is a feature that allows you to store your keys in a safe way and reference them in your workflows with brackets Make sure to keep all plain text secrets out of your GitHub Actions Of course you should also leverage your workflow to scan for secrets in the source code itself here is the ggshield action you can use for free Don t reference values that you don t controlGitHub allows you to use brackets to reference secrets and other values from your GitHub environment Unfortunately some of the values that you can reference may not be set by you This is an extremely common mistake found on a number of open source repositories Let s take a look at this workflow I found and fixed on an open source repository name lint run echo “ github event pull request title commitlintIf you look at the “lint step of the workflow you can see that the run command includes some input from the pull request In particular it s grabbing the title of the pull request which is set by the person who submitted it Let s say someone submitted a pull request to this repository with a name like a amp amp wget amp amp malware amp amp echo Title In that scenario the workflow YAML would be evaluated like the following name lint run echo “a amp amp wget amp amp malware amp amp echo Title commitlintIn this example the threat actor downloaded malware and executed it but they could have done other things like steal the runner s GITHUB TOKEN Depending on the running context of the workflow the token could have write permission to the original repo meaning modifying the repository content including releases becomes possible Another example is exfiltrating sensitive data from the CI which would allow harvesting secrets that could be used to move laterally Pull request title isn t the only GitHub environment value that is set by external parties Pull request body as well as Issue title and body are also examples of untrusted values When you are referencing variables like that in steps of your GitHub Actions it s important to make sure you control where they come from To stay on the safe side you have two options Use an action instead of an inline scriptAn action will use the untrusted context value as an argument neutralizing injection attacks uses fakeaction checktitle v with title github event pull request title Use an intermediate environment variableIf you somehow need to execute a script you should set up an intermediate environment variable name Check PR title env PR TITLE github event pull request title run echo “ PR TITLE Notice that we extra precautions by double quoting the variable to avoid other types of exploitations Only run workflows on trusted codeThis next section is especially important if you host your own action runners but it applies to GitHub s runners too You need to be vigilant when it comes to when workflows run By running a workflow you are giving it permission to potentially run code access secrets and execute in the runner environment Controlling when workflows run is critical to the security of your GitHub actions The questions you should be asking yourself are “What code is running when I kick off my workflow and “Where did that code come from If you maintain an open source repository you may get periodic pull requests from people you have never interacted with before Let s think about a potential threat scenario Let s say you are a maintainer of an organization on GitHub and you have a popular open source project that has automated testing set up Someone submits a pull request to this repo with a new feature and some test cases for it However one of the test cases doesn t test the code it installs a bitcoin miner on the runner server As soon as your CI kicks off all of the test code your runner is compromised In practice GitHub actually has good default settings to protect us from something like this First GitHub doesn t allow individual accounts to use self hosted runners on public repositories but they do allow organizations to do so If you do maintain an organization this is a danger you need to be very aware of more in the next section Another protection you have against this type of scenario is a setting that lets you determine when GitHub Actions are run on code from pull requests By default pull requests from first time contributors require approval from a maintainer to start CI tests As a maintainer it is your responsibility to make sure that you have read all the code being submitted before approving the workflows Another potential risk is if someone submitted a small pull request before submitting a second with malicious code This would automatically run all configured workflows because that person is no longer a first time contributor It s not default but GitHub does have an option to require approval for all outside collaborators It s much safer to use this setting over the default Harden your Action runners and don t use self hosted runners for public repositories During the setup of your CI workflows you specify in each workflow where it s supposed to run GitHub offers some different runners you can use such as Ubuntu Mac and Windows When you use GitHub s runners they start off as a clean VM each time However you also have the option to configure your own servers as runners to execute your workflows TL DR play it safe and don t use self hosted runners for a public repository You are basically allowing anybody forking your repo to submit a malicious pull request to try to escape its sandbox access the network…and you are in charge of securing that So just play it safe and avoid using a self hosted runner for a public repo if possible Now for those of you who absolutely need to set up a self hosted runner for your private repositories please you still need to be extra careful You should be the only one configuring the workflows that run on that server Use a dedicated unprivileged account ex “github runner to launch the runner and execute the workflows This user shouldn t have admin permissions  You should make sure it doesn t have permission to modify anything outside of its own workspace and if you absolutely need “sudo permission in your workflow you should only allow it for the specific executable it needs It is a security best practice to set up an ephemeral and isolated workload to execute a job such as a Kubernetes Pod or a container This way the virtual machine is destroyed when the workflow is done and you avoid lots of potential risks Use logging and security monitoring tools If you have a security team with their own tools make sure they have visibility into your runner servers Collecting process logs with an EDR agent or something like Sysmon for Linux is the first step but ideally you should also have detection rules that will alert you if something suspicious is going on In the SolarWinds supply chain attack the key point of the compromise was when the threat actor was inside SolarWinds build servers The threat actor used that access to inject malicious code into the Orion platform Tampering with the build process was the impact of the breach but there were certainly other detection opportunities from the command and control C and persistence techniques that the attacker used Monitoring for suspicious activity on your runners will help you ensure the integrity of your code Be extra careful with the pull request target triggerThere is another vulnerability called pwn requests when maintaining an open source repository It is quite subtle so I will try to go on step by step to explain how a malicious pull request could under specific circumstances exfiltrate your secrets or even tamper with the releases TL DR  if you re using the on pull request target event in Github Actions never check out the pull request s code DON T use the following on pull request target…steps uses actions checkout v with ref github event pull request head sha Explainer when someone forks your repo and opens a pull request there are two repos involved the repo under your control the target repo and the other person s fork repo Usually we use the pull request trigger event to trigger a workflow when someone submits a PR With it the triggered workflow runs in the context of the submitter s fork repo Therefore the provided GITHUB TOKEN will not have write access and the secrets are not accessible either While these are sane defaults in some cases they can be a bit too constrained At the open source community s request GitHub introduced the pull request target event The difference between the two is subtle but has a lot of security implications The pull request target trigger runs in the context of your target repo meaning the workflow has access to YOUR secrets and write access to YOUR code This gets dangerous when the workflow is running code you don t control this is why checking out the fork repo s code is basically opening the workflow to any kind of remote code execution Example of a vulnerabilityTo demonstrate this let s inspect a vulnerable GitHub Action name my actionon pull request targetjobs pr check name Check PR runs on ubuntu latest steps name Setup Action uses actions checkout v with ref github event pull request head ref repository github event pull request head repo full name name Setup Python uses actions setup python v with python version name Install dependencies run pip install r requirements txt name some command run some command env SOME SECRET secrets SOME SECRET We have our two conditions met the workflow triggers to run on the target repo and the job s first step the job checks out the HEAD last commit of the pull request s code So the code that will be used in the rest of the workflow will be coming from the pull request which opens many exploitation vectors For instance the seemingly innocuous run pip install …  executed to install the dependencies is now a potential vector How By modifying the setup py to execute a “pre install script before pip launches Since shell commands are available from the script an attacker could easily launch a reverse shell or fetch a malicious payload designed to basically do whatever he wants with the original repository source code including modifying and re tagging a release This is a perfect example of a vulnerability that can be leveraged to execute a supply chain attack all the users of an open source project would be affected without knowing Remember this is just one vector though Probably much easier would be to exfiltrate the SOME SECRET environment variable by changing the some command binary Small remark this is true because this step is executed after the malicious step otherwise the secret would not have been accessible since in any workflow environment variables are only valid during the stage where they are defined stage scoped except job level defined environment variables see rule n° It is also worth noting that not only shell commands are vulnerable in this configuration even if the workflow relies only on actions odds are high that a code injection would be still possible A lot of actions are indeed executing local scripts behind the scenes Final note  we only described the most obvious compromise vectors here but the number of ways the PR source code could tamper with the workflow execution is huge You now see why it is highly discouraged to use the pull request target and if you do never blindly checkout untrusted PR code Prefer OpenID Connect to access cloud resourcesOpenID Connect OIDC is a technology allowing you to connect your workflows to cloud resources without needing to copy a long lived secret into GitHub Instead when set up your workflow requests and uses short lived access tokens from the cloud provider This requires a bit of upfront work to set up but you will benefit in the long run no more long lived credentials living in GitHub fine grained access controls from your cloud provider and better automated secrets management For that you first need to bootstrap a trust relationship OIDC Trust on the cloud provider side controlling who can access what Then on GitHub side an OIDC Provider will be configured to auto generate a JWT token containing claims which allow the workflow to authenticate to the cloud provider Once these claims are validated a role scoped short lived  access token is sent back to the workflow to execute Learn how to configure OpenID Connect with GitHub here ConclusionGitHub Actions is among the favorite CI CD tool of the open source community With popularity comes more security scrutiny Whether you use actions on public or private repositories you should be careful about how you set up your workflows Failing to do so could make your secrets and artifacts vulnerable lead to a compromise of your build servers or even allow someone to carry out a supply chain attack We have presented you with the GitHub Actions security best practices Here is a brief summary Use minimally scoped credentials in particular make sure the GITHUB TOKEN is configured with the least privileges to run your jobs Use specific version tags to shield yourself from supply chain compromise of third party actions Never store any API key token or password in plaintext use GitHub Secrets Use the ggshield action to implement secrets detection with remediation in your CI workflows Don t reference directly values that you don t control it s all too easy for a malicious PR to inject code Rather use an action with arguments or bind the value to an environment variable Be extra careful when using self hosted runners preferably don t use this option for open source repositories or require approval for all external submissions to run workflows It s your responsibility to harden the virtual machines used by the runners so configure them to use a low privileged user be as ephemeral as possible and instrument the adequate logging and monitoring tools Don t check out external PRs when using the pull request target event a malicious PR could abuse any of your build steps secrets to compromise your environment Prefer using OpenID Connect instead of long lived secrets to allow your workflows to interact with cloud resources This can be hard to remember that s why we packaged all of this in a cheat sheet Feel free to share it around you	2022-05-23 16:26:10
海外TECH	DEV Community	CONVITE: Você está se formando esse ano? Comemore com o GitHub!	https://dev.to/github/convite-voce-esta-se-formando-esse-ano-comemore-com-o-github-eo0	CONVITE Vocêestáse formando esse ano Comemore com o GitHub Vocêsabia que o GitHub tem vários programas e benefícios legais e exclusivos para estudantes A principal delas éo GitHub Student Pack um pacote de benefícios como Canva Pro Licença JetBains Domínio grátis e muito mais Inclusive minha amiga e GitHub Star Levxyca escreveu um artigo sobre como ter acesso a esses benefícios recentemente Um outro programa super legal éo GitHub graduation e ésobre isso que vamos conversar hoje O que éessa Graduation Vocêestáse formando esse ano Éuma celebração Todas as pessoas estudantes que pretendem se formar atéo final de são convidados a se juntar àgente para uma festa de Formatura Não importa se éEnsino Médio Graduação Pós ou um Bootcamp se éseu ano esperado de formatura vocêestáconvidada Note que mesmo que vocênão tenha certeza se vai conseguir se formar atéo final de mas esse éseu plano vocêpode participar Como participo Antes de qualquer coisa vocêtem que ser um estudante verificado e que possui o Student Developer Pack Se vocêainda não é o artigo da Levxyca que mencionei te ensina como Agora vocêvai preencher esse formulário aqui atéo dia de Maio Depois disso vocêvai criar um PR ou Pull Request no repositório GitHubGraduation com as suas informações Dentro do repo váem Create new file crie uma pasta data YOUR USERNAME aonde vocêvai substituir YOUR USERNAME pelo seu usuário Dentro dessa pasta crie um arquivo YOUR USERNAME mdDentro desse arquivo vocêvai copiar código abaixo com suas informações name SEU NOME COMPLETO Limite de caracteresinstitution NOME DA SUA INSTITUICAO DE ENSINO limite de caracteresquote UMA FRASE Limite de caracteres evite usar parênteses Essa frase e tipo uma mensagem que vocêquer deixar registradagithub user SEU USUARIO GITHUB Vou deixar o meu aqui de exemplo name Pachi Codesinstitution Escola da Vidaquote Peça desculpas não peça permissão github user pachicodes Agora mande essa PR e espere Ela tem que ser aceita para vocêparticipar da formatura Se algo estiver errado ou alguma informação faltando vocêvai receber uma mensagem então fique de olho nesse PR atéele ser aprovado Pronto agora o que eu ganho com isso Se vocêfor um dos primeiros estudantes pelo mundo a enviar uma PR válida para o anuário vocêainda ganha um cartão de formatura Exclusivo e personalizado e estaráconvidado a participar do evento online e global no dia de Junho onde vamos comemorar e vocêvai concorrer a vários prêmios Além disso ao enviar o seu pull request vocêdeixarásua marca no nosso anuário de veja o anuário de Estáem São Paulo Na sexta feira dia de Junho nós teremos um evento PRESENCIAL em São Paulo e se vocêquiser participar informe láno formulário inicial Vai ser um evento super legal e eu vou estar lá Resumo e Convite Junte se àequipe do GitHub Education Online no dia de Junho para celebrar a turma de e recebê los em uma comunidade global de inovadores prontos para impactar o mundo Teremos convidados especiais brindes exclusivos e muitas histórias e experiências incríveis ao redor do mundo para serem compartilhadas Não se esqueça de nos seguir no Twitch para ser notificado quando a live começar ️ Junte se àturma de	2022-05-23 16:20:46
海外TECH	DEV Community	AWS Beanstalk	https://dev.to/viv92945316/aws-beanstalk-1gf0	AWS BeanstalkWhat is Amazon Elastic Beanstalk Beanstalk is a compute service for deploying and scaling applications developed in many popular languages Developers can focus on writing code and don t need to worry about the underlying infrastructure required to run the application AWS Elastic Beanstalk is the best way to deploy your application in the fastest and simplest way It provides the user interface dashboard to monitor your application It gives you the flexibility to choose AWS resources such as Amazon EC Instance along with the pricing options which suit your application needs AWS Elastic Beanstalk supports two types of Environment Web Tier Environmento This application hosted on the Web Server Environment handles the HTTP and HTTPS requests from the users o Beanstalk Environment When an environment is launched Beanstalk automatically assigns various resources to run the application successfully o Elastic Load Balancer Request is received from the user via Route which forwards the request to ELB Then ELB distributes the request among various EC Instances of the Autoscaling group o Auto Scaling Group Auto Scaling will automatically add or remove EC Instance based on the load in the application o Host Manager Software components inside every EC Instancewhich is responsible for the following Log files generation Monitoring Events in Instance Worker Environment A worker is a background process that helps applications for handling heavy resource and time intensive operations It is responsible for database clean up report generation that helps to remain up and running In the Worker Environment Beanstalk installs a Daemon on each EC Instance in the Auto Scaling Group Daemon pulls requests from the SQS queue and executes the taskbased on the message received After execution SQS will delete the message and in case of failure it will retry to send the message Platform Supported Net on Linux or Windows Docker GlassFish Go Java Node js Python Ruby TomcatDeployment Models All at Once Deployment will start taking place in all the instances at the same time It means all your EC Instances will be out of service for a short time Your application will be completely down for the same duration Rolling Deploy the new version in batches unlike all at once one group of instances will run the old version of the application That means there will not be complete downtime just like all at once Rolling with additional batch Deploy the new version in batches But before that provision an additional group of instances to compensate for the updating one Immutable Deploy the new version to a separate group of instances and the update will be immutable Traffic splitting Deploy the new version to a separate group of instances and split the incoming traffic between the older and the new ones Pricing Amazon will not charge you for AWS Elastic Beanstalk Instead you will be paying for the resources such as EC Instance ELB and Auto Scaling group where your application is hosted	2022-05-23 16:17:43
Apple	AppleInsider - Frontpage News	The best iPhone & iPad gaming accessories	https://appleinsider.com/articles/22/05/23/the-best-iphone-ipad-gaming-accessories?utm_medium=rss	The best iPhone amp iPad gaming accessoriesThe iPhone and iPad are great gaming devices on their own but you can transform them into console like devices with the right accessories We ve gathered the best ones to try Find the beast gaming gear for your iPhone and iPadMany games made for mobile work great with hand held touch controls but that isn t always the case Adding in some dedicated gear for gaming can make a big difference Read more	2022-05-23 16:04:21
海外TECH	Engadget	DC Attorney General sues Mark Zuckerberg over the Cambridge Analytica scandal	https://www.engadget.com/mark-zuckerberg-cambridge-analytica-meta-facebook-lawsuit-dc-attorney-general-162329611.html?src=rss	DC Attorney General sues Mark Zuckerberg over the Cambridge Analytica scandalMeta s Cambridge Analytica woes are far from over Karl Racine the Attorney General of the District of Columbia has sued Mark Zuckerberg He accused the Meta CEO of having a direct hand in making the decisions that led to the major data breach Racine claims that Zuckerberg quot contributed to Facebook s lax oversight of user data and implementation of misleading privacy agreements quot That according to the suit allowed consulting firm Cambridge Analytica to acquire personal data on more than million Americans including more than DC residents The company allegedly used the data to help sway voters in the presidential election through political ad targeting The AG previously sued Meta then known as Facebook over the scandal in That case is still ongoing This time Racine is targeting Zuckerberg directly Under the jurisdiction s Consumer Protection Procedures Act which bans unfair and deceptive trade practices individuals are liable for a company s actions that they were aware of controlled or failed to stop Racine is seeking a jury trial against Zuckerberg He wants Meta s CEO to refrain from future CPPA violations and to pay damages and civil penalties Engadget has contacted Meta for comment “Since filing our landmark lawsuit against Facebook my office has fought tooth and nail against the company s characteristic efforts to resist producing documents and otherwise thwart our suit We continue to persist and have followed the evidence right to Mr Zuckerberg quot Racine said in a statement “This unprecedented security breach exposed tens of millions of Americans personal information and Mr Zuckerberg s policies enabled a multi year effort to mislead users about the extent of Facebook s wrongful conduct This lawsuit is not only warranted but necessary and sends a message that corporate leaders including CEOs will be held accountable for their actions	2022-05-23 16:23:29
海外科学	NYT > Science	Watch a Giant Stingray’s Safe Return to Its River Home	https://www.nytimes.com/2022/05/18/science/giant-freshwater-stingray.html	Watch a Giant Stingray s Safe Return to Its River HomeThe Mekong River is home to enormous and endangered aquatic life A pound fish s release shows how some conservation efforts in Cambodia are paying off	2022-05-23 16:42:04
海外科学	NYT > Science	What to Know About Monkeypox	https://www.nytimes.com/article/what-is-monkeypox.html	recent	2022-05-23 16:46:12
金融	金融庁ホームページ	金融庁職員の新型コロナウイルス感染について公表しました。	https://www.fsa.go.jp/news/r3/sonota/20220523.html	新型コロナウイルス	2022-05-23 18:00:00
ニュース	@日本経済新聞 電子版	中国への対抗軸、期待と不安　米主導のIPEF13カ国参加 https://t.co/oNZEQhpNud	https://twitter.com/nikkei/statuses/1528768380605345793	期待	2022-05-23 16:02:39
ニュース	@日本経済新聞 電子版	バイデン氏、台湾関与明言　米「曖昧戦略」修正か https://t.co/jjMnE09SS2	https://twitter.com/nikkei/statuses/1528768379334496262	関与	2022-05-23 16:02:39
ニュース	BBC News - Home	Boris Johnson pictured drinking at No 10 lockdown event	https://www.bbc.co.uk/news/uk-politics-61557064?at_medium=RSS&at_campaign=KARANGA	november	2022-05-23 16:57:15
ニュース	BBC News - Home	UK finds 36 more monkeypox cases	https://www.bbc.co.uk/news/health-61557154?at_medium=RSS&at_campaign=KARANGA	number	2022-05-23 16:11:48
ニュース	BBC News - Home	What is the UK's inflation rate and why is the cost of living going up?	https://www.bbc.co.uk/news/business-12196322?at_medium=RSS&at_campaign=KARANGA	inflation	2022-05-23 16:43:28
ニュース	BBC News - Home	Erik Ten Hag says taking Manchester United job is not a risk to his reputation	https://www.bbc.co.uk/sport/football/61552274?at_medium=RSS&at_campaign=KARANGA	manchester	2022-05-23 16:37:52
北海道	北海道新聞	畑岡７位に後退、笹生１５位　世界ランク、上位３人変わらず	https://www.hokkaido-np.co.jp/article/684524/	世界ランキング	2022-05-24 01:11:00
北海道	北海道新聞	大坂、ウィンブルドン欠場も　「現状では行かない方向」	https://www.hokkaido-np.co.jp/article/684475/	四大大会	2022-05-24 01:08:02
北海道	北海道新聞	千葉の駐車場に新生児置き去り　命に別条なし、小学生が発見	https://www.hokkaido-np.co.jp/article/684481/	千葉市稲毛区山王町	2022-05-24 01:06:05
北海道	北海道新聞	イランでビル倒壊５人死亡　南西部、多数が下敷きの情報	https://www.hokkaido-np.co.jp/article/684508/	死亡	2022-05-24 01:04:06
仮想通貨	BITPRESS（ビットプレス）	[日経] 三井住友トラスト、デジタル資産の信託会社　安全性確保	https://bitpress.jp/count2/3_9_13213	三井住友トラスト	2022-05-24 01:03:46