投稿時間:2022-12-08 06:21:12 RSSフィード2022-12-08 06:00 分まとめ(26件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] 止まらない飲食店の値上げ　いくらから「高い」と感じる？　覆面調査で判明	https://www.itmedia.co.jp/business/articles/2212/08/news057.html	itmedia	2022-12-08 05:30:00
Ruby	Rubyタグが付けられた新着投稿 - Qiita	【Ruby】# frozen_string_literal: trueマジックコメントは必要?	https://qiita.com/universato/items/1dd8943df07f2445655e	frozenstringliteraltrue	2022-12-08 05:21:54
AWS	AWSタグが付けられた新着投稿 - Qiita	AWS CloudFront障害時にRoute 53のフェイルオーバーが効かない設定を見直した話	https://qiita.com/tatsu0209/items/29cf2953f964c8c54e62	cloudfront	2022-12-08 05:12:34
海外TECH	MakeUseOf	How to Prevent Cross-Site Scripting Using HTML, JavaScript, and DOM	https://www.makeuseof.com/prevent-xss-html-javascript-dom-examples/	domcross	2022-12-07 20:30:16
海外TECH	MakeUseOf	The 6 Best Business Management Software Tools for Freelancers	https://www.makeuseof.com/best-business-management-software-freelancers/	The Best Business Management Software Tools for FreelancersAs a freelancer managing your business can be overwhelming You can use these business management tools to help you stay organized and efficient	2022-12-07 20:15:15
海外TECH	DEV Community	Mastodon instance with 6 files	https://dev.to/rothgar/mastodon-instance-with-6-files-1mm4	Mastodon instance with filesMastodon is built on the ActivityPub protocol which is based on Activity Streams which stores data in JSON Linked Data JSON LD All that means is Mastodon uses a lot of JSON that references other JSON A Mastodon instance can serve those JSON documents any way it wants so long as they are UTF encoded Why would you do this There are more than Mastodon instances Why would you implement one with static files The first reason is security Ars Technica has a great article about some of the concerns with running large scale multi user social network servers I have a lot of my own concerns about Mastodon that I ll save for a future post There are scalability challenges on multiple levels The size of databases and uploads is what most admins are concerned with but number of active users and scale of a single user e g celebrity company government is what will really take down a social network An instance with active users costs nearly per month If Mastodon is going to be adopted by the critical users it needs to grow instancesーmany of which are run by volunteersーwould be crushed under the operational and financial responsibility Governments and companies aren t going to join shared servers they re going to run their own instances on the domains they already own The best way to scale and maintain a server is to not run one Create a serverIf you want to watch how I created these files check out the video So let s create a Mastodon instance using JSON files You can see the files on GitHub The files are hosted at so you can test this for yourself by searching for the user justin mastodon jgarr netYou only need file but to make a more complete user we ll use these files to create a user files to pretend we are popular pictures to make it look prettyThe only required file is the user but I wanted to show how easy it is to lie in the fediverse Here are the files we ll be using ├ー well known│└ーwebfinger lt user discovery optional ├ーbanner png lt banner image optional ├ーfollowers lt how many followers optional ├ーfollowing lt how many following optional ├ーimage jpg lt profile image optional └ーjustin lt user informationNow let s explain what they do User discoveryWhen you re using Mastodon you can search for a user on any Mastodon instance with user domain This is a short hand format which relies on webfinger to translate a user at a domain into a standard URL When you do this search your Mastodon server will query the external serverGET https server well known webfinger resource acct user domainYou can bypass webfinger if you know how to fetch the user s information directly If you search in Mastodon for you ll get the same user Here s the full access log so you can see the request request remote ip remote port proto HTTP method GET host mastodon jgarr net uri well known webfinger resource acct justin mastodon jgarr net headers Date Wed Nov GMT X Forwarded For fda c ae ab cd f a User Agent http rb Mastodon Accept application jrd json application json Accept Encoding gzip user id duration size status resp headers Accept Ranges bytes Content Length Server Caddy Etag rmbpwn Content Type Last Modified Wed Nov GMT The GET request technically uses the parameter resource acct justin mastodon jgarr net but with this static file example we only have one user on the domain so we ll ignore that part If you want to have multiple users on the same domain you will have to handle parameters on the server side Meaning you can t do that with static files This request returns the file subject acct justin mastodon jgarr net links rel self type application activity json href This says where to go fetch the next JSON document at the justin path Your Mastodon server will then go fetch that object GET https server justinHere s the full access log so you can see the request request remote ip remote port proto HTTP method GET host mastodon jgarr net uri justin headers Accept application activity json application ld json Accept Encoding gzip Date Wed Nov GMT Signature keyId main key algorithm rsa sha headers request target host date accept signature FIFlfAqeWuDGqFlNJy eRoxsydZnyheO kEABWErDNKwhrGrO GZQinlbkMZBKpjwAjhNbFWpFtdbvGGKPwceRhgxhhiqdd INwNZFpRbPGwqoHNUMIMikICcgNDeLzcYYXbUMaDDeWeVzExKSFulJDYtbZchT kaZKZqGhaeFFLcgEPEjAXOiZRhsVU bGPyXLogebGuIHPynBWYeOuunoEHtbxzx LIQZJqygHDbzKqq fhngaegayxFxZOVLMVEbhpauqiELxlPCXaWAcwFFmWStJZHpqnFBAXKg X Forwarded For fda c ae ab cd f a User Agent http rb Mastodon user id duration size status resp headers Content Length Server Caddy Etag rmbxppc Content Type Last Modified Wed Nov GMT Accept Ranges bytes If you look at the access log you ll notice the signature in the header This uses a keyId main key which is the instance that searched for the user There s a signature which can be used to verify the correct serverーor userーis making requests If you want to you can skip webfinger by searching for a user by their URL directly If you search in Mastodon for you ll get the same user That means we need less file but it doesn t seem as magical as justin mastodon jgarr netThis returns our actual user document context id type Person following followers inbox preferredUsername justin name Justin Garrison summary Static mastodon server example url manuallyApprovesFollowers true discoverable true published T Z icon type Image mediaType image jpeg url image type Image mediaType image jpeg url If you want to see your user s JSON document you can append json to your user s URL e g jgarr json Not everything in this example user document is required but here s the first place we can lie about our account and make it look more legitimate You ll noticed the published date T Z which means we created an account long before Mastodon existed Not a big deal but it s completely unverified We also add an icon and image to the profile so it doesn t have the default image The images are completely optional but it adds legitemacy to a federated account posing as a real user Because we own the domain and can lie about the accounts we can use a commonly misspelled domain or unicode to create fake accounts We could easily use any domain to make accounts like charles gov co uk or tim apple ceo both of these domains are currently available Mastodon puts the zero in zero trust In reality any completely decentralized systemーlike the internetーonly has trust through reputation but in Mastodon you can fake a repulation Here s what the profile looks like After the user is requested your Mastodon instance will automatically fetch followers and following Just like other documents these are reference documents to the actual data documents but the data isn t verified so we can lie again You ll notice this account has million followers and follows account Both of which are not possible because even if you click the follow button the instance cannot acknowledge your request and this account has no keys so it cannot follow any accounts GET Here s the full access log so you can see the request request remote ip remote port proto HTTP method GET host mastodon jgarr net uri followers headers User Agent http rb Mastodon http s mastodon social Accept application activity json application ld json Accept Encoding gzip Date Wed Nov GMT Signature keyId main key algorithm rsa sha headers request target host date accept signature wUAArkeEJhyXkstcCIgrnSlsRcledOUjonqRZrXIRtoKo jKbEFDoJpsuCnnYcW KDgogGgmQjAbcZaffeqFYPPXqpO entfRkAEyYBsrdCiVnwzLEwbOsXHewwVgoIbSunCE DNRatQLriITzBAYzIQuQSJzbsMmMjiTiVocF idjqXfLmnjvhyaxsSiOLfPHVPzSSGFHaqzawILMZuJha baJmP ozQQquFHKslcDcSSGtrvMGjfJYoFycMSsSqLH VRzNRnXsydDwQXRpTLPWLuRQoeYBAkwA X Forwarded For fda c ae ab cd f a user id duration size status resp headers Server Caddy Etag rmlynj Content Type Last Modified Mon Nov GMT Accept Ranges bytes Content Length GET Here s the full access log so you can see the request request remote ip remote port proto HTTP method GET host mastodon jgarr net uri following headers Date Wed Nov GMT Signatur e keyId main key algorithm rsa sha headers request target host date accept signature aEqAlmUNhvTQvgWCngmJpxSNcYoCnTlUHqyiSbBSRtIdHvKdpoLI evgUvyLWHldGjzLUIUPoXyTG TapAKrZiFIxoInQzoZVlytgkMqGwEFVfU K Z wECJCQoFivt QcMXPsox EqxikZ WyKsBX TprzqFTSfg ozpEluAxLmfNsNIxYnbXAGZlZCnVkgUe LYHHPhLqXAdQPgCKSIIUxZVpeoWttESxhAmoxVMdbXSGJTVFInqKSHJUyhwbPKcCWmoFnuVGAeZuLUwyIQsiFgjpUoV zwzZrJQ X Forwarded For fda c ae ab cd f a User Agent http rb Mastodon https mastodon social Accept application activity json application ld json Accept Encoding gzip user id duration size status resp headers Last Modified Mon Nov GMT Accept Ranges bytes Content Length Server Caddy Etag rmlyne Content Type following context id type OrderedCollection totalItems first followers context id type OrderedCollection totalItems first Mastodon never validates the data in follower accts that we claim holds our million followers so we don t have to create that file If you click the follow button your Mastodon instance will send a POST request to inbox with your user s key signature POST request remote ip remote port proto HTTP method POST host mastodon jgarr net uri inbox headers Content Type application activity json Digest SHA weHVoUdQrRvay dyQEiIupwwI eT Signature keyId main key algorithm rsa sha headers request target host date digest content type signature hxjRjCGyBfnI CakujAlfauGPh niCFyRdmJbwQGxbk SbUhGkVLWhJBchtQhRV fFqxX UiLXeljRoBZOYSKqUKqtogJwLLvSDeDgWLWDPqbZWFzUMLUqJLTqFNnhgtOH m YhKEfjE dvmPUNjRTRDAjXjMugMiNmeaeANVgsGaGyfIkGwvPDHcLpMyDHqBivdDqmPAzXRPgyrjqXHQRpxCdXiinA aqgnsNfCoY uHM z zPWohlTvVDUL xeTNpXFcWxREPVojZ VxMzmIuzHkxWTVpVNwMw X Forwarded For fda c ae ab cd f a User Agent http rb Mastodon Content Length Accept Encoding gzip Date Wed Nov GMT user id duration size status resp headers Server Caddy Unlike the requests before this request will use the mastodon social user s signature and key instead of the instance actor account My instance should connect back to the mastodon social server to verify the user s signature but you ll notice the status because I didn t implement following or create an inbox file Even though the status is the requesting server still shows a follow request is sent If you cancel the request it will decrement the followers count What doesn t workThose files is all you need to create a Mastodon user Here are some caveats you may have already noticed Following doesn t workPosts don t workOnly user per domainYou can create JSON objects with posts replies or anything you d like but Mastodon instances don t fetch posts from external users unless someone from that instance follows the user or has reposted one of their posts I implemented a single post in the outbox file so if you want to see how they are structured you can browse the source files The instance is supposed to fetch pinned posts but I couldn t figure out how that is implemented If someone knows please reach out and let me know at my real mastodon account jgarr mastodon social Next we ll give this instance some of the functionality that doesn t work We ll allow users to follow the account and then let it create posts	2022-12-07 20:14:55
Apple	AppleInsider - Frontpage News	Amazon slashes 2022 Apple Watch SE 2 to $209.99 via hidden discount	https://appleinsider.com/articles/22/12/07/amazon-slashes-2022-apple-watch-se-2-to-20999-via-hidden-discount?utm_medium=rss	Amazon slashes Apple Watch SE to via hidden discountBonus savings at checkout drive Amazon s price on the Apple Watch SE nd Generation down to a record low Amazon drops Apple Watch SE price Set to arrive by Christmas the mm Apple Watch SE with your choice of a Midnight or Starlight aluminum case is discounted to thanks to a instant rebate stacked with in bonus savings at checkout Read more	2022-12-07 20:49:10
Apple	AppleInsider - Frontpage News	Apple Pay customers get holiday perks by shopping online	https://appleinsider.com/articles/22/12/07/apple-pay-customers-get-holiday-perks-by-shopping-online?utm_medium=rss	Apple Pay customers get holiday perks by shopping onlineApple customers can save some money on special holiday offers when they shop online and pay with Apple Pay with certain merchants ーand there is also a deal for Apple TV Holiday shopping with Apple PayThrough December shoppers can use Apple s secure payment system to buy gifts for their loved ones and get discounts through twelve merchants Read more	2022-12-07 20:32:40
海外TECH	Engadget	Xbox thinks its game soundscapes can lull you to sleep	https://www.engadget.com/xbox-halo-infinite-sea-of-thieves-soundscape-calm-mindfulness-202928426.html?src=rss	Xbox thinks its game soundscapes can lull you to sleepMindfulness app Calm has a couple new audioscapes to help people relax and drift off and they re both from first party Xbox games Starting today folks with a Calm Premium membership can chill out to the ocean vibes of Sea of Thieves nbsp or the ambient alien noise of Zeta Halo from Halo Infinite It s the first time Calm has added game themed soundscapes so let s hope they re not interrupted by yells from pirates or the Covenant If you aren t already a Calm Premium member you ll be able to access the service for free for three months through an Xbox Game Pass Ultimate subscription perk After that trial ends if you want to keep using Calm Premium you can get percent off a subscription for the first year an annual plan usually costs Xbox says it teamed up with Calm as part of its efforts to support players mental health and wellbeing It also createda collection of Game Pass titles that either address mental health issues or provide players with a sense of escapism such as Persona Royal Hellblade Senua s Sacrifice Unpacking nbsp and Stardew Valley	2022-12-07 20:29:28
海外TECH	Engadget	Atari revives unreleased arcade game that was too damn hard for 1982 players	https://www.engadget.com/akka-arrh-remake-jeff-minter-atari-200603455.html?src=rss	Atari revives unreleased arcade game that was too damn hard for playersAtari is revivingAkka Arrh a arcade game canceled because test audiences found it too difficult For the wave shooter s remake the publisher is teaming up with developer Jeff Minter whose psychedelic synthwave style seems an ideal fit for what Atari describes as “a fever dream in the best way possible The remake will be released on PC PS and PS Xbox Series X S Nintendo Switch and Atari VCS in early The original Akka Arrh cabinet used a trackball to target enemies as the player controls the Sentinel fixed in the center of the screen to fend off waves of incoming attackers Surrounding the Sentinel is an octagonal field which you need to keep clear if enemies slip in you can zoom in to fend them off before panning back out to fend off the rest of the wave Given the simplicity of most games in the early s it s unsurprising this relative complexity led to poor test group screenings Since Atari pulled the plug on the arcade version before its release only three Akka Arrh cabinets are known to exist But the Minter collaboration isn t the game s first public availability After an arcade ROM leaked online in Atari released the original this fall as part of its Atari The Anniversary Celebration collection Atari and Minter worked together in the s as his company Llamasoft created games like Tempest for the Atari Jaguar Unfortunately the two had a falling out in when Atari blocked Minter s spiritual successor of that title from release However the two sides patched things up by when they released Tempest a Minter helmed sequel with the IP holder s blessing Atari says the remake has two modes levels and saves so you don t have to start from the beginning when enemies inevitably overrun your Sentinel Additionally the company says it offers accessibility settings to tone down the trippy visuals for people sensitive to intense light color and animations	2022-12-07 20:06:03
海外科学	NYT > Science	Oldest Known DNA Offers Glimpse of a Once-Lush Arctic	https://www.nytimes.com/2022/12/07/science/oldest-dna-greenland-species.html	Oldest Known DNA Offers Glimpse of a Once Lush ArcticIn Greenland s permafrost scientists discovered two million year old genetic material from scores of plant and animal species including mastodons geese lemmings and ants	2022-12-07 20:35:17
金融	ニュース - 保険市場TIMES	SOMPOひまわり生命、業界初の人事施策導入	https://www.hokende.com/news/blog/entry/2022/12/08/060000		2022-12-08 06:00:00
ニュース	BBC News - Home	UK weather: Drivers warned of risks as Arctic blast begins	https://www.bbc.co.uk/news/uk-63894221?at_medium=RSS&at_campaign=KARANGA	alerts	2022-12-07 20:23:28
ニュース	BBC News - Home	Putin: Nuclear risk is rising, but we are not mad	https://www.bbc.co.uk/news/world-europe-63893316?at_medium=RSS&at_campaign=KARANGA	arsenal	2022-12-07 20:43:50
ニュース	BBC News - Home	Labour MP suspended from party pending investigation	https://www.bbc.co.uk/news/uk-politics-63896445?at_medium=RSS&at_campaign=KARANGA	helens	2022-12-07 20:52:11
ニュース	BBC News - Home	Strep A: Royal Belfast children's hospital postpones routine procedures	https://www.bbc.co.uk/news/uk-northern-ireland-63894433?at_medium=RSS&at_campaign=KARANGA	infections	2022-12-07 20:29:49
ニュース	BBC News - Home	How do you keep babies safe in the cold? And other questions	https://www.bbc.co.uk/news/uk-63888234?at_medium=RSS&at_campaign=KARANGA	costs	2022-12-07 20:39:33
ビジネス	ダイヤモンド・オンライン - 新着記事	節電ポイント「エアコンだけで特典ゲット」、家電王が伝授する節電・節約3カ条 - 有料記事限定公開	https://diamond.jp/articles/-/313813	保安協会	2022-12-08 05:25:00
ビジネス	ダイヤモンド・オンライン - 新着記事	資産3億円・子供1人ならば最大314万円お得!?駆け込み贈与「節税効果」一覧 - さよなら！生前贈与	https://diamond.jp/articles/-/313802	生前贈与	2022-12-08 05:20:00
ビジネス	ダイヤモンド・オンライン - 新着記事	節電ポイント還元ランキング【大手電力9社】東電、関電、中部電に業界序列で“残酷”格差 - 新電力 節電地獄	https://diamond.jp/articles/-/313812	浮き彫り	2022-12-08 05:15:00
ビジネス	ダイヤモンド・オンライン - 新着記事	東京エレクトロン、ルネサス…半導体関連5社に忍び寄る絶好調業績の「曲がり角」 - ダイヤモンド 決算報	https://diamond.jp/articles/-/314112	その状況下で、好決算を記録した企業とそうでない企業の差は何だったのか。	2022-12-08 05:10:00
ビジネス	ダイヤモンド・オンライン - 新着記事	日本電産が売上高・利益「最高ラッシュ」も、社長辞任騒動の元凶・車載事業の現状は？ - ダイヤモンド 決算報	https://diamond.jp/articles/-/314111	その状況下で、好決算を記録した企業とそうでない企業の差は何だったのか。	2022-12-08 05:05:00
ビジネス	電通報 | 広告業界動向とマーケティングのコラム・ニュース	カップヌードルミュージアムに見る創業者精神の伝承と意義	https://dentsu-ho.com/articles/8420	領域	2022-12-08 06:00:00
ビジネス	東洋経済オンライン	｢親の最期｣を業者に丸投げする人が急増する背景 ｢終活｣相談者の9割は本人でなく息子や娘 | １億「総孤独」社会 | 東洋経済オンライン	https://toyokeizai.net/articles/-/633597?utm_source=rss&utm_medium=http&utm_campaign=link_back	東洋経済オンライン	2022-12-08 06:00:00
ビジネス	東洋経済オンライン	ウーバーイーツ配達員｢労働者認定｣埋まらない溝 団体交渉は認められたが労基法の雇用に当たらない | ワークスタイル | 東洋経済オンライン	https://toyokeizai.net/articles/-/638227?utm_source=rss&utm_medium=http&utm_campaign=link_back	労働組合	2022-12-08 05:40:00
ビジネス	東洋経済オンライン	｢人類最強の痛み｣尿路結石症治療に新たな可能性 糖尿病治療薬に｢結石の形成抑制作用｣明らかに | 医療・病院 | 東洋経済オンライン	https://toyokeizai.net/articles/-/637501?utm_source=rss&utm_medium=http&utm_campaign=link_back	尿路結石症	2022-12-08 05:20:00