IT |
バズ部 |
SEO対策におけるtitleタグの重要性と最適化する方法を解説 |
https://lucy.ne.jp/bazubu/seo-title-42402.html
|
title |
2022-08-03 12:54:17 |
IT |
InfoQ |
Microsoft Claims Entity Framework Core 7 Faster When Saving Changes |
https://www.infoq.com/news/2022/08/microsoft-EF-core7/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
|
Microsoft Claims Entity Framework Core Faster When Saving ChangesEntity Framework EF Core Microsoft s object to database mapper library for NET Framework brings performance improvements for data updates in version Microsoft claims The performance of SaveChanges method in EF is up to faster than in EF in some scenarios By Edin Kapić |
2022-08-03 12:30:00 |
IT |
ITmedia 総合記事一覧 |
[ITmedia Mobile] 総務省がKDDIと沖縄セルラー電話に「行政指導」 7月2日の通信障害を受けて |
https://www.itmedia.co.jp/mobile/articles/2208/03/news181.html
|
itmediamobile |
2022-08-03 21:30:00 |
AWS |
AWS Database Blog |
How Shinsegae International enhances customer experience and prevents counterfeiting with Amazon QLDB |
https://aws.amazon.com/blogs/database/how-shinsegae-international-enhances-customer-experience-and-prevents-counterfeiting-with-amazon-qldb/
|
How Shinsegae International enhances customer experience and prevents counterfeiting with Amazon QLDBThis is post is co authored by BubKwan Lee head of the e commerce development team at Shinsegae International Like any other industry the retail industry is rapidly accelerating its digital transformation to meet ever changing consumer needs In particular the retail luxury industry where online and second hand transactions are increasing is investing heavily in efforts to create … |
2022-08-03 12:11:32 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
Tkinterのスクロールバーを使用する方法 |
https://qiita.com/ll_Roki/items/95e0ab0af044480c4916
|
tkinter |
2022-08-03 21:29:11 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
【営業リスト作成】2022年Googleマップをスクレイピングする方法4選 |
https://qiita.com/Octoparse_Japan/items/2522d8ac64226a0bbec4
|
googlemaps |
2022-08-03 21:24:28 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
ゼロからWebクローラーを構築する方法 |
https://qiita.com/Octoparse_Japan/items/c70519ae317d6869d021
|
近年 |
2022-08-03 21:15:52 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
Google Meet のチャット欄を Slack に自動で流す拡張機能のご紹介 |
https://qiita.com/noraworld/items/eb190f53900293e881d0
|
googlemeet |
2022-08-03 21:17:02 |
js |
JavaScriptタグが付けられた新着投稿 - Qiita |
GAS (Google Apps Script) でスタンドアロンなライブラリを作るメモ |
https://qiita.com/mitsuoka0423/items/2a2a17aa1382e1ab2e39
|
gasgoogleappsscript |
2022-08-03 21:02:44 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
AWSで始めるCI/CD 〜CI/CDの仕組み〜 |
https://qiita.com/hiroaki-u/items/ac0c1fb00b78af208af8
|
cicdcicd |
2022-08-03 21:51:50 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
AWSで始めるCI/CD 〜Code兄弟達の紹介〜 |
https://qiita.com/hiroaki-u/items/b527264093eeb1e406e2
|
cicdcode |
2022-08-03 21:51:19 |
GCP |
gcpタグが付けられた新着投稿 - Qiita |
【合格体験記】Google Cloud Digital Leader |
https://qiita.com/wuyiniaoniao/items/0a54e5b659ebbd550d08
|
clouddigi |
2022-08-03 21:22:02 |
技術ブログ |
Developers.IO |
【レポート】AWSのベストプラクティスを自動チェック!「nOps」でコスト削減やアセスメントを実現 #devio2022 |
https://dev.classmethod.jp/articles/devio2022-nops/
|
ashissan |
2022-08-03 12:14:19 |
海外TECH |
DEV Community |
Top 10 Node.js security best practices |
https://dev.to/devarshishimpi/top-10-nodejs-security-best-practices-3bi9
|
Top Node js security best practicesNode js is extremely popular nowadays primarily as a backend server for web applications However in the world of microservices you can find it pretty much everywhere playing different and important roles in a bigger application stack One of the advantages of Node js is the ability to install additional modules which from the security point of view provides more opportunities to open back doors Additionally the more popular the framework the more chances that hackers will try to find vulnerabilities Therefore you should always take Node js security seriously In this post you ll learn the best practices for securing your Node js application Validate user input to limit SQL injections and XSS attacksLet s start with one of the most popular attacks the SQL Injection As the name suggests a SQL injection attack happens when a hacker is able to execute SQL statements on your database This becomes possible when you don t sanitize the input from the frontend In other words if your Node js backend takes the parameter from the user provided data and uses it directly as a part of the SQL statement For example connection query SELECT FROM orders WHERE id id function error results fields if error throw error The above query is SQL injection vulnerable Why Because the id parameter is taken directly from the frontend Instead of sending just the id the attacker can manipulate the request and send SQL commands with it Instead of sending just the id of the order the attacker can send DROP TABLE ORDERS and Node js will wipe your database Bummer How do you avoid that There are a few ways but the basic idea is to not blindly pass parameters from the frontend to the database query Instead you need to validate or escape values provided by the user How to do it exactly depends on the database you use and the way you prefer to do it Some database libraries for Node js perform escaping automatically for example node mysql and mongoose But you can also use more generic libraries like Sequelize or knex XSS attacksCross Site Scripting XSS attacks work similarly to SQL injections The difference is that instead of sending malicious SQL the attacker is able to execute JavaScript code The reason for that is the same as before not validating input from the user app get find product req res gt if products length return res send lt p gt No products found for req query product lt p gt As you can see in the snippet above whatever the user puts in the search field if not found in the database will be sent back to the user in an unchanged form What that means is that if an attacker puts JavaScript code instead of the product name in your search bar the same JavaScript code will be executed How do you fix that Again validate the user input You can use validatorjs or xss filters for that Implement strong authenticationHaving a broken weak or incomplete authentication mechanism is ranked as the second most common vulnerability It s probably due to the fact that many developers think about authentication as “we have it so we re secure In reality weak or inconsistent authentication is easy to bypass One solution is to use existing authentication solutions like Okta or OAuth If you prefer to stick with native Node js authentication solutions you need to remember a few things When creating passwords don t use the Node js built in crypto library use Bcrypt or Scrypt Make sure to limit failed login attempts and don t tell the user if it s the username or password that is incorrect Instead return a generic “incorrect credentials error You also need proper session management policies And be sure to implement FA authentication If done properly it can increase the security of your application drastically You can do it with modules like node fa or speakeasy Avoid errors that reveal too muchNext on the list is error handling There are a few things to consider here First don t let the user know the details i e don t return the full error object to the client It can contain information that you don t want to expose such as paths another library in use or perhaps even secrets Second wrap routes with the catch clause and don t let Node js crash when the error was triggered from a request This prevents attackers from finding malicious requests that will crash your application and sending them over and over again making your application crash constantly Speaking of flooding your Node js app with malicious requests don t directly expose your Node js app to the Internet Use some component in front of it such as a load balancer a cloud firewall or gateway or old good nginx This will allow you to rate limit DoS attacks one step before they hit your Node js app Run automatic vulnerability scanningSo far I described a few obvious must dos The Node js ecosystem however consists of many different modules and libraries that you can install It s very common to use a lot of them in your projects This creates a security issue when using code written by someone else you can t be percent sure that it s secure To help with that you should run frequent automated vulnerability scans They help you find dependencies with known vulnerabilities You can use npm audit for the basic check but consider using one of the tools described here Avoid data leaksRemember what we said before about not trusting the frontend You not only shouldn t trust what comes from the frontend but also what you are sending to it It s easier to send all data for a particular object to the frontend and only filter what to show there However for an attacker it s very easy to get the hidden data sent from the backend For example imagine you want to show a list of the users who signed up for an event You execute a SQL query to get all users for that particular event and send that data to the frontend and there you filter it to only show the first and last name But all the data you don t want to show like users birth dates phone numbers email addresses etc is easily accessible via the browser developer console This leads to data leaks How do you solve it Only send the data that s required If you only need first and last names retrieve only those from the database This creates a little bit more work but it s definitely worth it Set up logging and monitoringYou may think that logging and monitoring while important aren t really related to security but that isn t true Of course the goal is to make systems secure from the beginning but in reality it requires an ongoing process And for that you need logging and monitoring Some hackers may be interested in making your application unavailable which you can find out without logging But some hackers will prefer to remain undetected for a longer period of time For such cases monitoring logs and metrics will help you spot that something is wrong With only basic logging you won t get enough information to understand if weird looking requests are coming from your own application a third party API or from a hacker Use security lintersWe talked about automatic vulnerability scanning before but you can go one step further and catch common security vulnerabilities even while writing the code How By using linter plugins like eslint plugin security A security linter will notify you every time you use unsafe code practices for example using eval or non literal regex expressions Avoid secrets in config filesWriting secure code from the beginning will definitely help but it won t make your application bulletproof if you end up storing plain text secrets in your config files This practice is unacceptable even if you store the code in a private repository Importing secrets from environment variables is the first step but it s not a perfect solution either To be more confident that your secrets aren t easily readable use secret management solutions like Vault Whenever using Vault isn t possible encrypt your secrets when you store them and be sure to rotate them on a regular basis Many CI CD solutions allow you to securely store secrets and securely deploy them Implement HTTP response headersMany less common attacks can be avoided by adding additional security related HTTP headers to your application The most basic mechanisms like CORS will improve the security of your API but consider using modules like helmet which will add even more headers in order to secure your application Helmet can implement eleven different header based security mechanisms for you with one line of code app use helmet Don t run Node js as rootIn the world of Docker and microservices we often forget about how Node js is actually executed It s easy to just spin up a Docker container and assume it s isolated from the host machine so it s secure But using Docker doesn t mean that running Node js as root is not a problem anymore Combine the ability to run any JavaScript code via an XSS attack with Node js running as root and you ll end up with unlimited hacking capabilities SummarySecuring web applications is important but tight deadlines sometimes prevent us from properly executing at any given stage That s why it s important to consider security at every step of the software development lifecycle from conception all the way to production |
2022-08-03 12:54:58 |
海外TECH |
DEV Community |
Why is Vite so fast? |
https://dev.to/takuyakikuchi/why-is-vite-so-fast-163p
|
|
2022-08-03 12:20:17 |
Apple |
AppleInsider - Frontpage News |
AppleCare+ adds theft and loss coverage to more European countries |
https://appleinsider.com/articles/22/08/03/applecare-adds-theft-and-loss-coverage-to-more-european-countries?utm_medium=rss
|
AppleCare adds theft and loss coverage to more European countriesUsers in France Italy and Spain are now able to choose an expanded version of the AppleCare insurance that covers theft or loss as well as damage Six years after first introducing it as an option in the States Apple is now offering the extended AppleCare option in France Italy and Spain This brings the current list of countries with theft and loss insurance to eight As listed in Apple s new support document about making a claim on the new insurance those countries are Read more |
2022-08-03 12:17:57 |
Apple |
AppleInsider - Frontpage News |
Apple expected to further diversify MacBook production within China |
https://appleinsider.com/articles/22/08/03/apple-expected-to-further-diversify-macbook-production-within-china?utm_medium=rss
|
Apple expected to further diversify MacBook production within ChinaA new report claims that Apple will diversify its MacBook Pro production so that it is made in more sites around China Apple has already been working for some years to spread MacBook Pro production over multiple companies and countries In Apple and many other Big Tech firms were said to be looking to move away from China to avoid then threatened US tariffs Then in Apple specifically asked Foxconn to open a plant in Vietnam for instance Foxconn got approval for that from local Vietnamese authorities in Since then too China has added an impetus to Big Tech firms moving away because of energy and coronavirus issues Read more |
2022-08-03 12:11:03 |
海外TECH |
Engadget |
GM is doubling the size of its Super Cruise network in the US and Canada |
https://www.engadget.com/gm-is-doubling-the-size-of-its-super-cruise-network-in-the-us-and-canada-123034974.html?src=rss
|
GM is doubling the size of its Super Cruise network in the US and CanadaSince introducing its Super Cruise advanced driver assistance suite in the Cadillac CT back in General Motors has worked steadily to expand the number of lidar mapped roads that the system can handle hands free The SuperCruise Network first expanded from to miles of divided highways in and will soon double in size ーto miles across the US and Canada ーby the end of the year GM announced on Wednesday nbsp The Super Cruise system ーand its successor Ultra Cruise ーrelies on a mix of high fidelity LiDAR maps GPS and onboard visual and radar sensors to know where the vehicle is on the road So far those maps which dictate where features like Hands Free Driving can operate have only included major divided highways like interstates with the big median barriers Smaller undivided public highways ーaka State Routes ーwere not included in part because of the added ADAS challenges presented by oncoming traffic until now This expansion will enable Super Cruise to work on some additional divided highways but the big news is this the bulk of the expansion will allow Super Cruise to operate on non divided highways David Craig GM s Chief of Maps said during Tuesday s call These non divided highways are typically the state and federal highways that connect the smaller cities and townships across the US and Canada GMThese will include Route the Pacific Coast Highway aka CA Route the Overseas Highway aka US Route and the Trans Canada Highway if you look at I which is the interstate that runs North and South up the middle of the United States and look to the West you will see that the Super Cruise coverage currently is just the major interstates which is fairly sparse Craig continued But in the expansion you can see that it s just a spiderweb of roads covering the entire area All the little townships are going to be connected now nbsp GMGM executives explained on a press call Tuesday that every new Super Cruise enabled GM vehicle that rolls off the assembly line will be equipped with the full mile capabilities as will and GM vehicles outfitted with the VIP Vehicle Intelligence Platform architecture such as the Escalade and CT via OTA update later in Vehicles with Super Cruise but without VIP which cannot eventually upgrade to Ultra Cruise such as the early model CTs will receive a smaller update nbsp There will be no impact on the annual Super Cruise subscription cost but you will have to have the Super Cruise hardware already installed GM execs on the call noted that folks who bought SC capable vehicles during the chip shortage that didn t actually have the SC hardware installed cannot go back and get the system retrofitted in after the fact to take advantage of this update In all GM hopes to offer nearly two dozen Super Cruise enabled vehicle models by the model year |
2022-08-03 12:30:34 |
海外TECH |
Engadget |
Amazon knocks $100 off Samsung's Freestyle smart projector |
https://www.engadget.com/amazon-knocks-100-off-samsungs-freestyle-smart-projector-122114984.html?src=rss
|
Amazon knocks off Samsung x s Freestyle smart projectorSamsung debuted its Freestyle smart projector earlier this year at CES as a portable home theater gadget with auto focus and auto leveling features making it easier to watch anything anywhere Normally priced at the Freestyle projector is down to at Amazon right now which is just about off Samsung also has it for nearly the same price The only time we ve seen the projector cheaper was when it went on sale for at Woot in a one day sale back in April If you missed the chance then now s a good opportunity to grab the Freestyle while it s decently discounted Buy Freestyle projector at Amazon Buy Freestyle projector at Samsung The Freestyle is really best for those that want a portable projector as it weighs only pounds and can be easily picked up and moved from spot to spot around your home Its stand can rotate nearly degrees and its auto focus and auto leveling features help align what you re watching so you could project a movie onto your ceiling your wall and a number of other places without the picture looking too wonky The Freestyle projects images with a p resolution with a size range of to inches making it easy to adjust the image to fit the surface you re working with Along with built in Alexa Google Assistant and Bixby voice command support it also has degree audio so you won t need to plug in external speakers for sound If you d rather invest in a new TV than a projector for your home theater setup some of Samsung s smart TVs have also been discounted on Amazon The inch Class Neo QLED Mini LED K TV is a whopping off and down to which is an all time low This set uses Mini LED technology to produce bolder brighter colors and higher contrast plus it supports a Hz refresh rate K AI upscaling Dolby Atmos and Alexa Google Assistant and Bixby voice controls Elsewhere Samsung s inch QB Series QLED K set is off and down to while the inch Class Neo QLED K Mini LED TV is off and on sale for Buy inch Samsung Mini LED TV at Amazon Buy inch Samsung QB QLED K TV at Amazon Buy inch Samsung QLED K Mini LED TV at Amazon Follow EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice |
2022-08-03 12:21:14 |
海外TECH |
Engadget |
Solana 'hot' wallets are being drained in multi-million dollar attack |
https://www.engadget.com/solana-wallets-drained-crypto-attack-121508040.html?src=rss
|
Solana x hot x wallets are being drained in multi million dollar attackAn unknown actor has drained over internet connected wallets in an ongoing attack on the Solana blockchain ecosystem According to Blockchain auditor OtterSec the attacks were still ongoing when it posted an update in the evening of August nd and that they had affected multiple wallets including Phantom Slope Solflare and TrustWallet across a wide variety of platforms nbsp As TechCrunch notes the bad actor seems to have stolen both Solana tokens and USDC stablecoins with the estimated losses so far amounting to around million OtterSec is now encouraging users to move all their assets to a hardware wallet and the Solana Status Twitter account echoed that advice adding that there s no evidence quot cold quot wallets have been impacted As of now there are over victims and countingpic twitter com ztdsZoBlaCーOtterSec osec io August The Solana Status account has also revealed that an exploit allowed a malicious actor to drain funds from the compromised wallets and that it seems to have affected both their mobile versions and extensions Engineers from multiple ecosystems have already banded together to work with security researchers to identify the root cause of the exploit which is yet to be discovered nbsp People in the crypto industry have several theories though with some believing that the bad actors got access to private keys through a supply chain attack because the attacker was able to sign or initiate and approve transactions on behalf of the victims Others warning that the exploit has caused the widespread compromise of private keys and that revoking wallet approvals won t help at all nbsp |
2022-08-03 12:15:08 |
海外科学 |
NYT > Science |
The Outdoor Cat: Neighborhood Mascot or Menace? |
https://www.nytimes.com/2022/08/02/style/outdoor-cats.html
|
mascot |
2022-08-03 12:11:47 |
海外ニュース |
Japan Times latest articles |
Zawahiri killing was a great success of a bygone era |
https://www.japantimes.co.jp/opinion/2022/08/03/commentary/world-commentary/zawahiri-strike/
|
priorities |
2022-08-03 21:25:15 |
ニュース |
BBC News - Home |
Taiwan: Pelosi leaves Taipei to sound of Chinese fury |
https://www.bbc.co.uk/news/world-asia-62405680?at_medium=RSS&at_campaign=KARANGA
|
foreign |
2022-08-03 12:12:05 |
ニュース |
BBC News - Home |
Kent and Sussex hosepipe ban announced from 12 August |
https://www.bbc.co.uk/news/uk-england-kent-62404637?at_medium=RSS&at_campaign=KARANGA
|
august |
2022-08-03 12:20:47 |
ニュース |
BBC News - Home |
Batgirl movie scrapped months before planned release |
https://www.bbc.co.uk/news/uk-scotland-glasgow-west-62406098?at_medium=RSS&at_campaign=KARANGA
|
glasgow |
2022-08-03 12:10:33 |
ニュース |
BBC News - Home |
Man guilty of killing stranger by pushing her off Helensburgh Pier |
https://www.bbc.co.uk/news/uk-scotland-glasgow-west-62406025?at_medium=RSS&at_campaign=KARANGA
|
helensburgh |
2022-08-03 12:36:28 |
ニュース |
BBC News - Home |
Bristol bus boycott campaigner Roy Hackett dies |
https://www.bbc.co.uk/news/uk-england-bristol-62397167?at_medium=RSS&at_campaign=KARANGA
|
boycott |
2022-08-03 12:46:13 |
ニュース |
BBC News - Home |
Commonwealth Games 2022: 'You're too tall for the camera' - Watch Ovie Soko react to basketball gold |
https://www.bbc.co.uk/sport/av/commonwealth-games/62410429?at_medium=RSS&at_campaign=KARANGA
|
Commonwealth Games x You x re too tall for the camera x Watch Ovie Soko react to basketball goldWatch Ovie Soko and BBC Sport s Ayo Akinwolere react as England score a buzzer beater to win gold in the men s x basketball at the Commonwealth Games |
2022-08-03 12:44:18 |
ニュース |
BBC News - Home |
Commonwealth Games 2022: Charlie Aldridge crashes in mountain bike |
https://www.bbc.co.uk/sport/av/commonwealth-games/62408767?at_medium=RSS&at_campaign=KARANGA
|
Commonwealth Games Charlie Aldridge crashes in mountain bikeScotland s Charlie Aldridge see his hopes of cross country cycling bronze disappear after he crashes and breaks his bike at the Commonwealth Games |
2022-08-03 12:26:01 |
北海道 |
北海道新聞 |
「3大会で主将、お疲れさま」 アイスホッケー女子日本代表大沢選手引退 関係者ら感謝とねぎらい |
https://www.hokkaido-np.co.jp/article/713724/
|
北京冬季五輪 |
2022-08-03 21:36:09 |
北海道 |
北海道新聞 |
鈴木「五輪枠勝ち取る」 新体操代表が演技披露 |
https://www.hokkaido-np.co.jp/article/713829/
|
世界選手権 |
2022-08-03 21:29:00 |
北海道 |
北海道新聞 |
医療提供体制に大きな負荷 コロナ感染、最多の24万人 |
https://www.hokkaido-np.co.jp/article/713828/
|
厚生労働省 |
2022-08-03 21:20:00 |
北海道 |
北海道新聞 |
<小樽市長選>3候補の訴え(下) |
https://www.hokkaido-np.co.jp/article/713826/
|
野呂田 |
2022-08-03 21:16:00 |
北海道 |
北海道新聞 |
西3―1オ(3日) 森が2打席連続アーチ |
https://www.hokkaido-np.co.jp/article/713827/
|
押し出し |
2022-08-03 21:20:00 |
北海道 |
北海道新聞 |
山形4市町に緊急安全確保 県道の橋崩落、車流される |
https://www.hokkaido-np.co.jp/article/713825/
|
安全確保 |
2022-08-03 21:15:00 |
北海道 |
北海道新聞 |
釧路の繁華街で火災 炉端焼き有名店などに放水 |
https://www.hokkaido-np.co.jp/article/713824/
|
炉端焼き |
2022-08-03 21:14:23 |
北海道 |
北海道新聞 |
東京、陽性者のウェブ登録開始 発熱外来の負荷軽減 |
https://www.hokkaido-np.co.jp/article/713823/
|
新型コロナウイルス |
2022-08-03 21:12:00 |
北海道 |
北海道新聞 |
宗谷管内51人、留萌管内36人感染 新型コロナ |
https://www.hokkaido-np.co.jp/article/713796/
|
宗谷管内 |
2022-08-03 21:05:00 |
北海道 |
北海道新聞 |
胆振管内342人、日高管内27人感染 新型コロナ |
https://www.hokkaido-np.co.jp/article/713821/
|
胆振管内 |
2022-08-03 21:05:00 |
仮想通貨 |
BITPRESS(ビットプレス) |
[日経] 仮想通貨業界2団体、20%の申告分離課税など要望 |
https://bitpress.jp/count2/3_9_13324
|
業界団体 |
2022-08-03 21:39:41 |
仮想通貨 |
BITPRESS(ビットプレス) |
日本暗号資産ビジネス協会(JCBA)、「2023年度税制改正に関する要望書」を公表 |
https://bitpress.jp/count2/3_17_13323
|
税制改正 |
2022-08-03 21:37:33 |
コメント
コメントを投稿