IT |
InfoQ |
New Features in Visual Studio 2022 17.5 Preview Releases |
https://www.infoq.com/news/2023/01/visual-studio-new-preview/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
|
New Features in Visual Studio Preview ReleasesMicrosoft released Visual Studio version Preview in November and Preview in December These new preview versions include several new features such as the Quick Add Dialog Markdown preview support out of the box and colorizing editor tabs using regular expression rules By Alen Genzić |
2023-01-20 09:30:00 |
IT |
ITmedia 総合記事一覧 |
[ITmedia News] 東電も電気料金3割値上げと一部報道 東電は「検討中」 |
https://www.itmedia.co.jp/news/articles/2301/20/news193.html
|
itmedia |
2023-01-20 18:26:00 |
IT |
ITmedia 総合記事一覧 |
[ITmedia News] 来週は「近年にないレベルの寒波」 全国で大雪・寒さ、資源エネルギー庁の電力需給見通しは |
https://www.itmedia.co.jp/news/articles/2301/20/news186.html
|
itmedia |
2023-01-20 18:04:00 |
TECH |
Techable(テッカブル) |
KanDao、新型360度Webカメラ「Meeting Ultra」を23年春に発売。CES2023でも受賞の製品 |
https://techable.jp/archives/191965
|
kandao |
2023-01-20 09:54:11 |
TECH |
Techable(テッカブル) |
新マップ「ロータス」実装! 人気タクティカルFPS「VALORANT」が大規模アップデート |
https://techable.jp/archives/191971
|
episode |
2023-01-20 09:53:25 |
TECH |
Techable(テッカブル) |
化粧品大手のロレアルがメタバース参入を強化。アバター向け“ヘアスタイル”展開 |
https://techable.jp/archives/191977
|
readyplayerme |
2023-01-20 09:52:25 |
TECH |
Techable(テッカブル) |
VR・ARコンテンツを作成できる!ヒルトン東京に最先端バーチャルスタジオが完成 |
https://techable.jp/archives/191976
|
vegaprojectkk |
2023-01-20 09:51:18 |
TECH |
Techable(テッカブル) |
Moffly、台本作成から配信まで行う「Instagramライブ配信代行」をリリース。複数台のカメラ、マイクを使用 |
https://techable.jp/archives/191961
|
instagram |
2023-01-20 09:48:31 |
TECH |
Techable(テッカブル) |
JVCケンウッド、防塵・防水の通信型ドライブレコーダーを開発、二輪や船舶、電車でも使用可能。遊覧船へのレコーダー設置義務付け方針も背景に |
https://techable.jp/archives/191955
|
使用可能 |
2023-01-20 09:47:40 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
シェルコマンドechoのスペース区切りに対する不可解な挙動 |
https://qiita.com/iden_mos/items/eabd651b932d1a71d6f8
|
wcwecho |
2023-01-20 18:14:02 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
AmazonConnectで日本の電話番号取得にサポート問い合わせが必要だった件について |
https://qiita.com/Syoji_Yonemoto/items/00f72c828395af190a40
|
amazon |
2023-01-20 18:45:58 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
Athena でのテーブルの作成(Hive DDL) |
https://qiita.com/leomaro7/items/120bc85eb0a4288e5e71
|
hiveddl |
2023-01-20 18:40:19 |
海外TECH |
DEV Community |
.NET Security Headers: A Senior Developer’s Guide✨ |
https://dev.to/bytehide/net-security-headers-a-senior-developers-guide-150d
|
NET Security Headers A Senior Developer s GuideSecurity headers are essential for safeguarding your NET web apps and websites If you re looking for good security practices that are reliable and effective look no further This guide provides some essential tips from a well known senior developer in the NET community allowing you to confidently configure your application s security settings Follow these steps and enjoy the peace of mind that comes with knowing your application is safe Configuring Security HeadersThese tips are provided by Stefan Djokic Senior Software Engineer working at EXLRT a digital customer experience agency specializing in retail travel and hospitality working with huge companies such as Adidas IBM or Disneyland Paris I very recommend you to follow him on Linkedin because he is always sharing valuable content about C NET and more Setting X XSS Protection HeaderFirst Stefan reminds us how an ASP NET application works it runs on a server and then sends data to the user s browser This scheme is well known and common but has a problem As he mentions “The browsers are unsafe As developers we don t have control over what happens with the data after we send it The browsers are very permissive ーit can be easly exploited One of these major problems ーas you might have guessed ーis XSS attacks In a Cross Site Scripting XSS attack the attacker will execute malicious code commonly scripts in the victim s browser a random user it could be you These malicious scripts are injected into a legitimate page and executed when the user enters it At that moment the user does not notice the execution of the malicious script thinking that there should not be any problem being a legitimate page To keep our users or visitors safe we must check that the input does not contain malicious code before sending the data In other words sanitize the application input Stefan provides the solution using the X XSS Protection “X XSS Protection is a header that can be set on a webpage to activate “limited XSS protection in certain browsers The syntax is as follows X XSS Protection mode blockAnd the practical example shown by Stefan would look like this public void Configure IApplicationBuilder app IHostingEnvironment env app Use async context next gt context Response Header Add Content Security Policy default src self await next app UseMvc By enabling this header the browser will prevent the page from loading in case it detects an attack XSS filtering This tip helps to avoid XSS attacks in a simple way Stefan also makes a point about popular browsers their policy for implementing XSS protection has changed “This means that if you do not need to support legacy browsers it is recommended that you use Content Security Policy without allowing unsafe inline scripts instead You may be wondering how to implement this Well you ll learn it right in his next tip Setting Content Security Policy HeaderAs you read a moment ago XSS attacks are not easy to avoid We can always do something to defend against them and that is why Stefan mentions the CSP header This header refers to the Content Security Policy CSP allows you to enable the restriction of resources that attempt to run from invalid or unverified sources Stefan extends the definition “CSP implements the 𝘴𝘢𝘮𝘦 𝘰𝘳𝘪𝘨𝘪𝘯𝘱𝘰𝘭𝘪𝘤𝘺 ensuring that the browser only executes code from valid sources As developers we can use precisely defined CSPs to eliminate common attack vectors by defining the content sources Best of all browser support for this Policy is almost complete Except for our old friend The Content Security Policy has different directives that we can use one or several to exclude the loading of resources of unknown origin Stefan has grouped these policies into the following main groups Fetch directives specify the locations for loading certain resource types child src connect src default src etc Document directives help control the properties of the working environment or document where a policy will be effective sandbox base uri Navigation directives These directives govern the locations of a form submission or where the document initiates any navigations form action frame ancestors 𝐑𝐞𝐩𝐨𝐫𝐭𝐢𝐧𝐠𝐝𝐢𝐫𝐞𝐜𝐭𝐢𝐯𝐞𝐬ーThese directives govern how CSP violations are documented and reported report to report uri A good usage example ーthe defaultーis to allow only content from the same source as the site This directive is the default src Content Security Policy default src self And in this way it would be implemented as Stefan shows public void Configure IApplicationBuilder app IHostingEnvironment env app Use async context next gt Context Response Header Add Content Security Policy default self await next This policy may work in most cases but you may need more customization In that case consult the Content Security Policy docs to learn about its possibilities and adapt it to your requirements Curious fact I didn t know this either until I found out about it from Stefan “CSP was first designed to reduce the attack surface of Cross Site Scripting XSS attacks later versions of the spec also protect against other forms of attack such as 𝐂𝐥𝐢𝐜𝐤𝐉𝐚𝐜𝐤𝐢𝐧𝐠attacks Yes you read that right It is also possible to avoid Clickjacking attacks with CSP The question is how can this be achieved Read on and you will find out Setting X Frame Options HeaderAs you read CSP was primarily designed to prevent XSS attacks but was later adapted to prevent Clickjacking as well Clickjacking attacks ーalso called UI redressing ーmodify the web UI by getting the user to click on a button that appears to perform one action but then performs another ーusually malicious An example always helps more when it comes to understanding how it works and our good Stefan knows this well It couldn t be better explained An attacker who builds a web site that has a button on it that says “Free iPhone ーClick here However on top of that web page the attacker has loaded an iframe with your mail account and lined up exactly the “Delete all messages button directly on top of the “Free iPhone ーClick here button The victim tries to click on the “Free iPhone button but instead actually clicked on the invisible “Delete all messages button In essence the attacker has “hijacked the user s click hence the name “Clickjacking We all know that person who would click on a “Free iPhone button so let s see how we can prevent bad things from happening to them Wait you have a page with a “Free iPhone button Hope it s a giveaway The solution is to use the X Frame Options HTTP response header It is used to allow or disallow the browser to render elements such as lt objet gt lt frame gt lt iframe gt lt object gt Its syntax is similar to the previous ones X Frame Options directiveAnd there are two possible directives X Frame Options DENY The page cannot be displayed in a frame regardless of the site attempting to do so X Frame Options SAMEORIGIN The page can only be displayed if all ancestor frames are same origin to the page itself There is was a third directive to allow the page to be displayed only in a frame by url specified This directive is was ALLOW FROM url and I say was because it still exists but modern browsers have deprecated it so it is no longer recommended to use it And that s how easily Stefan implements it public void Configure IApplicationBuilder app IHostingEnvironment env app Use async context next gt context Response Header Add X Frame Options DENY await next Very simple but useful Setting HSTS Response HeaderYou know that when working on the security of a site the most important thing is the HTTPS connection This is not new and Stefan knows it well The HTTPS connection is the secure version of HTTP and is used to transmit information between the web page and the browser It is possible to bypass HTTPS connections and send data over HTTP without encryption To ensure that all communication is always sent over HTTPS you need to use HSTS HSTS helps guarantee that all future requests will be sent over secure channels so your data will remain encrypted and protected from attackers HSTS also helps verify the identity of the server which further protects your data from man in the middle attacks Stefan s recommended policy is Strict Transport Security And the syntax Strict Transport Policy max age includeSubDomains preloadThe Strict Transport Security documentation explains the parameters max age lt expire time gt The time in seconds that the browser should remember that a site is only to be accessed using HTTPS includeSubDomains If this optional parameter is specified this rule applies to all of the site s subdomains as well preload Alist of domains baked into Chrome that get Strict Transport Security enabled automatically even for the first visit With the theory explained let s move on to practice Stefan implements Strict Transport Security like this The implementation remains as simple as in the previous ones Stefan and I know that this is not the only way to configure HSTS in NET What way do you use to do it Leave a comment Thanks again to Stefan Djokic for sharing these tips and bringing value to the great and wonderful community of NET developers If you liked them I would recommend you to follow him on Linkedin because he is always active and uploads a lot of valuable NET content |
2023-01-20 09:20:15 |
海外TECH |
Engadget |
Bungie offers displaced Stadia 'Destiny 2' players a free month of GeForce Now |
https://www.engadget.com/geforce-now-is-giving-a-free-month-to-stadias-destiny-2-players-092659398.html?src=rss
|
Bungie offers displaced Stadia x Destiny x players a free month of GeForce NowNow that Stadia is gone Bungie is steering players toward NVIDIA s GeForce Now The developer has offered Destiny users a free month on the game streaming service sending unique codes to each user according to an email seen by toGoogle quot We managed to snag some free codes for NVIDIA s high performance cloud gaming platform quot Bungie wrote quot Redeem your one month code of a GeForce Now priority membership for free quot nbsp Destiny featured prominently in Stadia s marketing up until the end but also figured in GeForce Now promotion for various devices as shown in the image above Of the remaining cloud services Destiny is available on GeForce Now but not Xbox Cloud Amazon s Luna or PlayStation Now nbsp Google announced in September that it would shut down Stadia for good as the service failed to gain traction with users It refunded all game and hardware sales and some game studios stepped in to help port games over to other services If you have a Stadia controller you can enable Bluetooth support via an online tool so it can be used with PC iOS or Android devices Bungie s offer was sent to each Destiny user so check your inbox for the invitation and unique code then be sure to redeem it before February th That will give you a free month of GeForce Now Priority which offers p gaming hour session lengths and up to fps refresh rates it ll cost per month or for six months after that The service just introduced a new Ultimate membership tier with a new RTX boost that offers K resolutions hour sessions and up to fps for per month or for six months |
2023-01-20 09:26:59 |
金融 |
RSS FILE - 日本証券業協会 |
外国投信の運用成績一覧表 |
https://www.jsda.or.jp/shiryoshitsu/toukei/foreign/index.html
|
運用 |
2023-01-20 10:30:00 |
金融 |
金融庁ホームページ |
入札公告等を更新しました。 |
https://www.fsa.go.jp/choutatu/choutatu_j/nyusatu_menu.html
|
公告 |
2023-01-20 11:00:00 |
金融 |
金融庁ホームページ |
「金融商品債務引受業の対象取引から除かれる取引及び貸借を指定する件」の一部改正(案)に対するパブリックコメントの結果等について公表しました。 |
https://www.fsa.go.jp/news/r4/shouken/20221207/20230120.html
|
金融商品 |
2023-01-20 09:30:00 |
金融 |
ニュース - 保険市場TIMES |
災害に強い地域社会づくりに向けた「逃げ地図づくり」普及を試行的に実施 |
https://www.hokende.com/news/blog/entry/2023/01/20/190000
|
災害に強い地域社会づくりに向けた「逃げ地図づくり」普及を試行的に実施災害発生時の逃げ遅れをなくす損害保険ジャパン株式会社以下、損保ジャパンは、明治大学山本俊哉研究室と協働で、災害発生時の逃げ遅れをなくすことを目指して「逃げ地図づくり」の普及を試行的に開始すると年月日に発表した。 |
2023-01-20 19:00:00 |
ニュース |
BBC News - Home |
Australian Open 2023: Jiri Lehecka beats Cameron Norrie at Melbourne Park |
https://www.bbc.co.uk/sport/tennis/64342816?at_medium=RSS&at_campaign=KARANGA
|
lehecka |
2023-01-20 09:32:56 |
ニュース |
BBC News - Home |
Ambulance strikes: Unite workers announce new days of walkouts |
https://www.bbc.co.uk/news/uk-politics-64336948?at_medium=RSS&at_campaign=KARANGA
|
ambulance |
2023-01-20 09:16:43 |
ニュース |
BBC News - Home |
David Crosby: US rock legend dies aged 81 |
https://www.bbc.co.uk/news/entertainment-arts-64341315?at_medium=RSS&at_campaign=KARANGA
|
stills |
2023-01-20 09:45:12 |
ビジネス |
東洋経済オンライン |
今年の日経平均は2万8000円止まりの懸念がある 高値と安値の時期はそれぞれ何月になるのか | 市場観測 | 東洋経済オンライン |
https://toyokeizai.net/articles/-/647293?utm_source=rss&utm_medium=http&utm_campaign=link_back
|
日経平均 |
2023-01-20 18:30:00 |
ニュース |
Newsweek |
米空港で消火器を噴射して闊歩する女の映像が話題に |
https://www.newsweekjapan.jp/stories/world/2023/01/post-100648.php
|
【動画】至近距離でもお構いなしに消火器を噴射する女映像は、女が搭乗口横にある非常ドアを開けようと躍起になっている場面から始まる。 |
2023-01-20 18:45:00 |
ニュース |
Newsweek |
離婚調停中の妻の家に、夫が大型ダンプカーで突っ込む...大暴れの一部始終を捉えた動画(アメリカ) |
https://www.newsweekjapan.jp/stories/world/2023/01/post-100650.php
|
|
2023-01-20 18:08:00 |
IT |
週刊アスキー |
セガの番組「セガにゅー」第19回が1月27日20時より配信決定! |
https://weekly.ascii.jp/elem/000/004/121/4121417/
|
youtubelive |
2023-01-20 18:50:00 |
IT |
週刊アスキー |
【ガーナ】チョコをたっぷり50%以上練り込んだ“特濃”ガトーショコラが新発売 |
https://weekly.ascii.jp/elem/000/004/121/4121419/
|
期間限定 |
2023-01-20 18:50:00 |
IT |
週刊アスキー |
ANCやSuper X-Fi Readyに対応した完全ワイヤレスイヤホン「Creative Zen Air」 |
https://weekly.ascii.jp/elem/000/004/121/4121405/
|
creativezenair |
2023-01-20 18:40:00 |
IT |
週刊アスキー |
マンションの機械式駐車場にEV充電器を実装 東京ガスの「EVrest」が「ラティエラ横濱鶴見」に導入 |
https://weekly.ascii.jp/elem/000/004/121/4121401/
|
evrest |
2023-01-20 18:30:00 |
IT |
週刊アスキー |
イオンシネマ、今夏までに最新鋭のIMAXレーザーシステムを新たに7劇場に導入 |
https://weekly.ascii.jp/elem/000/004/121/4121403/
|
新鋭 |
2023-01-20 18:30:00 |
IT |
週刊アスキー |
Twitter、サードパーティー製クライアントアプリの禁止を正式に発表 |
https://weekly.ascii.jp/elem/000/004/121/4121395/
|
twitter |
2023-01-20 18:25:00 |
IT |
週刊アスキー |
『ワンダーボーイ アルティメット コレクション』の発売日が2月22日に変更 |
https://weekly.ascii.jp/elem/000/004/121/4121415/
|
blissbrain |
2023-01-20 18:25:00 |
IT |
週刊アスキー |
日産自動車、EVを活用してサステナブルな暮らしを楽しむゲーム型コンテンツ「NISSAN EV & Clean Energy World」を公開 |
https://weekly.ascii.jp/elem/000/004/121/4121387/
|
evampcleanenergyworld |
2023-01-20 18:20:00 |
IT |
週刊アスキー |
現役の通勤車両6種をまとめて撮影できる! 小田急の電車撮影会「人気の“通勤車両全車種”が大集合!」2月19日、3月5日開催 |
https://weekly.ascii.jp/elem/000/004/121/4121385/
|
小田急電鉄 |
2023-01-20 18:10:00 |
マーケティング |
AdverTimes |
「オキサイダー」に課徴金1089万円 クレベリン生んだ技術の発明者 |
https://www.advertimes.com/20230120/article409454/
|
clolab |
2023-01-20 09:09:22 |
コメント
コメントを投稿