投稿時間:2023-01-20 19:28:42 RSSフィード2023-01-20 19:00 分まとめ(34件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	InfoQ	New Features in Visual Studio 2022 17.5 Preview Releases	https://www.infoq.com/news/2023/01/visual-studio-new-preview/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global	New Features in Visual Studio Preview ReleasesMicrosoft released Visual Studio version Preview in November and Preview in December These new preview versions include several new features such as the Quick Add Dialog Markdown preview support out of the box and colorizing editor tabs using regular expression rules By Alen Genzić	2023-01-20 09:30:00
IT	ITmedia 総合記事一覧	[ITmedia News] 東電も電気料金3割値上げと一部報道　東電は「検討中」	https://www.itmedia.co.jp/news/articles/2301/20/news193.html	itmedia	2023-01-20 18:26:00
IT	ITmedia 総合記事一覧	[ITmedia News] 来週は「近年にないレベルの寒波」　全国で大雪・寒さ、資源エネルギー庁の電力需給見通しは	https://www.itmedia.co.jp/news/articles/2301/20/news186.html	itmedia	2023-01-20 18:04:00
TECH	Techable（テッカブル）	KanDao、新型360度Webカメラ「Meeting Ultra」を23年春に発売。CES2023でも受賞の製品	https://techable.jp/archives/191965	kandao	2023-01-20 09:54:11
TECH	Techable（テッカブル）	新マップ「ロータス」実装！ 人気タクティカルFPS「VALORANT」が大規模アップデート	https://techable.jp/archives/191971	episode	2023-01-20 09:53:25
TECH	Techable（テッカブル）	化粧品大手のロレアルがメタバース参入を強化。アバター向け“ヘアスタイル”展開	https://techable.jp/archives/191977	readyplayerme	2023-01-20 09:52:25
TECH	Techable（テッカブル）	VR・ARコンテンツを作成できる！ヒルトン東京に最先端バーチャルスタジオが完成	https://techable.jp/archives/191976	vegaprojectkk	2023-01-20 09:51:18
TECH	Techable（テッカブル）	Moffly、台本作成から配信まで行う「Instagramライブ配信代行」をリリース。複数台のカメラ、マイクを使用	https://techable.jp/archives/191961	instagram	2023-01-20 09:48:31
TECH	Techable（テッカブル）	JVCケンウッド、防塵・防水の通信型ドライブレコーダーを開発、二輪や船舶、電車でも使用可能。遊覧船へのレコーダー設置義務付け方針も背景に	https://techable.jp/archives/191955	使用可能	2023-01-20 09:47:40
python	Pythonタグが付けられた新着投稿 - Qiita	シェルコマンドechoのスペース区切りに対する不可解な挙動	https://qiita.com/iden_mos/items/eabd651b932d1a71d6f8	wcwecho	2023-01-20 18:14:02
AWS	AWSタグが付けられた新着投稿 - Qiita	AmazonConnectで日本の電話番号取得にサポート問い合わせが必要だった件について	https://qiita.com/Syoji_Yonemoto/items/00f72c828395af190a40	amazon	2023-01-20 18:45:58
AWS	AWSタグが付けられた新着投稿 - Qiita	Athena でのテーブルの作成（Hive DDL）	https://qiita.com/leomaro7/items/120bc85eb0a4288e5e71	hiveddl	2023-01-20 18:40:19
海外TECH	DEV Community	.NET Security Headers: A Senior Developer’s Guide✨	https://dev.to/bytehide/net-security-headers-a-senior-developers-guide-150d	NET Security Headers A Senior Developer s GuideSecurity headers are essential for safeguarding your NET web apps and websites If you re looking for good security practices that are reliable and effective look no further This guide provides some essential tips from a well known senior developer in the NET community allowing you to confidently configure your application s security settings Follow these steps and enjoy the peace of mind that comes with knowing your application is safe Configuring Security HeadersThese tips are provided by Stefan Djokic Senior Software Engineer working at EXLRT a digital customer experience agency specializing in retail travel and hospitality working with huge companies such as Adidas IBM or Disneyland Paris I very recommend you to follow him on Linkedin because he is always sharing valuable content about C NET and more Setting X XSS Protection HeaderFirst Stefan reminds us how an ASP NET application works it runs on a server and then sends data to the user s browser This scheme is well known and common but has a problem As he mentions “The browsers are unsafe As developers we don t have control over what happens with the data after we send it The browsers are very permissive ーit can be easly exploited One of these major problems ーas you might have guessed ーis XSS attacks In a Cross Site Scripting XSS attack the attacker will execute malicious code commonly scripts in the victim s browser a random user it could be you These malicious scripts are injected into a legitimate page and executed when the user enters it At that moment the user does not notice the execution of the malicious script thinking that there should not be any problem being a legitimate page To keep our users or visitors safe we must check that the input does not contain malicious code before sending the data In other words sanitize the application input Stefan provides the solution using the X XSS Protection “X XSS Protection is a header that can be set on a webpage to activate “limited XSS protection in certain browsers The syntax is as follows X XSS Protection mode blockAnd the practical example shown by Stefan would look like this public void Configure IApplicationBuilder app IHostingEnvironment env app Use async context next gt context Response Header Add Content Security Policy default src self await next app UseMvc By enabling this header the browser will prevent the page from loading in case it detects an attack XSS filtering This tip helps to avoid XSS attacks in a simple way Stefan also makes a point about popular browsers their policy for implementing XSS protection has changed “This means that if you do not need to support legacy browsers it is recommended that you use Content Security Policy without allowing unsafe inline scripts instead You may be wondering how to implement this Well you ll learn it right in his next tip Setting Content Security Policy HeaderAs you read a moment ago XSS attacks are not easy to avoid We can always do something to defend against them and that is why Stefan mentions the CSP header This header refers to the Content Security Policy CSP allows you to enable the restriction of resources that attempt to run from invalid or unverified sources Stefan extends the definition “CSP implements the 𝘴𝘢𝘮𝘦 𝘰𝘳𝘪𝘨𝘪𝘯𝘱𝘰𝘭𝘪𝘤𝘺 ensuring that the browser only executes code from valid sources As developers we can use precisely defined CSPs to eliminate common attack vectors by defining the content sources Best of all browser support for this Policy is almost complete Except for our old friend The Content Security Policy has different directives that we can use one or several to exclude the loading of resources of unknown origin Stefan has grouped these policies into the following main groups Fetch directives specify the locations for loading certain resource types child src connect src default src etc Document directives help control the properties of the working environment or document where a policy will be effective sandbox base uri Navigation directives These directives govern the locations of a form submission or where the document initiates any navigations form action frame ancestors 𝐑𝐞𝐩𝐨𝐫𝐭𝐢𝐧𝐠𝐝𝐢𝐫𝐞𝐜𝐭𝐢𝐯𝐞𝐬ーThese directives govern how CSP violations are documented and reported report to report uri A good usage example ーthe defaultーis to allow only content from the same source as the site This directive is the default src Content Security Policy default src self And in this way it would be implemented as Stefan shows public void Configure IApplicationBuilder app IHostingEnvironment env app Use async context next gt Context Response Header Add Content Security Policy default self await next This policy may work in most cases but you may need more customization In that case consult the Content Security Policy docs to learn about its possibilities and adapt it to your requirements Curious fact I didn t know this either until I found out about it from Stefan “CSP was first designed to reduce the attack surface of Cross Site Scripting XSS attacks later versions of the spec also protect against other forms of attack such as 𝐂𝐥𝐢𝐜𝐤𝐉𝐚𝐜𝐤𝐢𝐧𝐠attacks Yes you read that right It is also possible to avoid Clickjacking attacks with CSP The question is how can this be achieved Read on and you will find out Setting X Frame Options HeaderAs you read CSP was primarily designed to prevent XSS attacks but was later adapted to prevent Clickjacking as well Clickjacking attacks ーalso called UI redressing ーmodify the web UI by getting the user to click on a button that appears to perform one action but then performs another ーusually malicious An example always helps more when it comes to understanding how it works and our good Stefan knows this well It couldn t be better explained An attacker who builds a web site that has a button on it that says “Free iPhone ーClick here However on top of that web page the attacker has loaded an iframe with your mail account and lined up exactly the “Delete all messages button directly on top of the “Free iPhone ーClick here button The victim tries to click on the “Free iPhone button but instead actually clicked on the invisible “Delete all messages button In essence the attacker has “hijacked the user s click hence the name “Clickjacking We all know that person who would click on a “Free iPhone button so let s see how we can prevent bad things from happening to them Wait you have a page with a “Free iPhone button Hope it s a giveaway The solution is to use the X Frame Options HTTP response header It is used to allow or disallow the browser to render elements such as lt objet gt lt frame gt lt iframe gt lt object gt Its syntax is similar to the previous ones X Frame Options directiveAnd there are two possible directives X Frame Options DENY The page cannot be displayed in a frame regardless of the site attempting to do so X Frame Options SAMEORIGIN The page can only be displayed if all ancestor frames are same origin to the page itself There is was a third directive to allow the page to be displayed only in a frame by url specified This directive is was ALLOW FROM url and I say was because it still exists but modern browsers have deprecated it so it is no longer recommended to use it And that s how easily Stefan implements it public void Configure IApplicationBuilder app IHostingEnvironment env app Use async context next gt context Response Header Add X Frame Options DENY await next Very simple but useful Setting HSTS Response HeaderYou know that when working on the security of a site the most important thing is the HTTPS connection This is not new and Stefan knows it well The HTTPS connection is the secure version of HTTP and is used to transmit information between the web page and the browser It is possible to bypass HTTPS connections and send data over HTTP without encryption To ensure that all communication is always sent over HTTPS you need to use HSTS HSTS helps guarantee that all future requests will be sent over secure channels so your data will remain encrypted and protected from attackers HSTS also helps verify the identity of the server which further protects your data from man in the middle attacks Stefan s recommended policy is Strict Transport Security And the syntax Strict Transport Policy max age includeSubDomains preloadThe Strict Transport Security documentation explains the parameters max age lt expire time gt The time in seconds that the browser should remember that a site is only to be accessed using HTTPS includeSubDomains If this optional parameter is specified this rule applies to all of the site s subdomains as well preload Alist of domains baked into Chrome that get Strict Transport Security enabled automatically even for the first visit With the theory explained let s move on to practice Stefan implements Strict Transport Security like this The implementation remains as simple as in the previous ones Stefan and I know that this is not the only way to configure HSTS in NET What way do you use to do it Leave a comment Thanks again to Stefan Djokic for sharing these tips and bringing value to the great and wonderful community of NET developers If you liked them I would recommend you to follow him on Linkedin because he is always active and uploads a lot of valuable NET content	2023-01-20 09:20:15
海外TECH	Engadget	Bungie offers displaced Stadia 'Destiny 2' players a free month of GeForce Now	https://www.engadget.com/geforce-now-is-giving-a-free-month-to-stadias-destiny-2-players-092659398.html?src=rss	Bungie offers displaced Stadia x Destiny x players a free month of GeForce NowNow that Stadia is gone Bungie is steering players toward NVIDIA s GeForce Now The developer has offered Destiny users a free month on the game streaming service sending unique codes to each user according to an email seen by toGoogle quot We managed to snag some free codes for NVIDIA s high performance cloud gaming platform quot Bungie wrote quot Redeem your one month code of a GeForce Now priority membership for free quot nbsp Destiny featured prominently in Stadia s marketing up until the end but also figured in GeForce Now promotion for various devices as shown in the image above Of the remaining cloud services Destiny is available on GeForce Now but not Xbox Cloud Amazon s Luna or PlayStation Now nbsp Google announced in September that it would shut down Stadia for good as the service failed to gain traction with users It refunded all game and hardware sales and some game studios stepped in to help port games over to other services If you have a Stadia controller you can enable Bluetooth support via an online tool so it can be used with PC iOS or Android devices Bungie s offer was sent to each Destiny user so check your inbox for the invitation and unique code then be sure to redeem it before February th That will give you a free month of GeForce Now Priority which offers p gaming hour session lengths and up to fps refresh rates it ll cost per month or for six months after that The service just introduced a new Ultimate membership tier with a new RTX boost that offers K resolutions hour sessions and up to fps for per month or for six months	2023-01-20 09:26:59
金融	RSS FILE - 日本証券業協会	外国投信の運用成績一覧表	https://www.jsda.or.jp/shiryoshitsu/toukei/foreign/index.html	運用	2023-01-20 10:30:00
金融	金融庁ホームページ	入札公告等を更新しました。	https://www.fsa.go.jp/choutatu/choutatu_j/nyusatu_menu.html	公告	2023-01-20 11:00:00
金融	金融庁ホームページ	「金融商品債務引受業の対象取引から除かれる取引及び貸借を指定する件」の一部改正（案）に対するパブリックコメントの結果等について公表しました。	https://www.fsa.go.jp/news/r4/shouken/20221207/20230120.html	金融商品	2023-01-20 09:30:00
金融	ニュース - 保険市場TIMES	災害に強い地域社会づくりに向けた「逃げ地図づくり」普及を試行的に実施	https://www.hokende.com/news/blog/entry/2023/01/20/190000	災害に強い地域社会づくりに向けた「逃げ地図づくり」普及を試行的に実施災害発生時の逃げ遅れをなくす損害保険ジャパン株式会社以下、損保ジャパンは、明治大学山本俊哉研究室と協働で、災害発生時の逃げ遅れをなくすことを目指して「逃げ地図づくり」の普及を試行的に開始すると年月日に発表した。	2023-01-20 19:00:00
ニュース	BBC News - Home	Australian Open 2023: Jiri Lehecka beats Cameron Norrie at Melbourne Park	https://www.bbc.co.uk/sport/tennis/64342816?at_medium=RSS&at_campaign=KARANGA	lehecka	2023-01-20 09:32:56
ニュース	BBC News - Home	Ambulance strikes: Unite workers announce new days of walkouts	https://www.bbc.co.uk/news/uk-politics-64336948?at_medium=RSS&at_campaign=KARANGA	ambulance	2023-01-20 09:16:43
ニュース	BBC News - Home	David Crosby: US rock legend dies aged 81	https://www.bbc.co.uk/news/entertainment-arts-64341315?at_medium=RSS&at_campaign=KARANGA	stills	2023-01-20 09:45:12
ビジネス	東洋経済オンライン	今年の日経平均は2万8000円止まりの懸念がある 高値と安値の時期はそれぞれ何月になるのか | 市場観測 | 東洋経済オンライン	https://toyokeizai.net/articles/-/647293?utm_source=rss&utm_medium=http&utm_campaign=link_back	日経平均	2023-01-20 18:30:00
ニュース	Newsweek	米空港で消火器を噴射して闊歩する女の映像が話題に	https://www.newsweekjapan.jp/stories/world/2023/01/post-100648.php	【動画】至近距離でもお構いなしに消火器を噴射する女映像は、女が搭乗口横にある非常ドアを開けようと躍起になっている場面から始まる。	2023-01-20 18:45:00
ニュース	Newsweek	離婚調停中の妻の家に、夫が大型ダンプカーで突っ込む...大暴れの一部始終を捉えた動画（アメリカ）	https://www.newsweekjapan.jp/stories/world/2023/01/post-100650.php		2023-01-20 18:08:00
IT	週刊アスキー	セガの番組「セガにゅー」第19回が1月27日20時より配信決定！	https://weekly.ascii.jp/elem/000/004/121/4121417/	youtubelive	2023-01-20 18:50:00
IT	週刊アスキー	【ガーナ】チョコをたっぷり50％以上練り込んだ“特濃”ガトーショコラが新発売	https://weekly.ascii.jp/elem/000/004/121/4121419/	期間限定	2023-01-20 18:50:00
IT	週刊アスキー	ANCやSuper X-Fi Readyに対応した完全ワイヤレスイヤホン「Creative Zen Air」	https://weekly.ascii.jp/elem/000/004/121/4121405/	creativezenair	2023-01-20 18:40:00
IT	週刊アスキー	マンションの機械式駐車場にEV充電器を実装　東京ガスの「EVrest」が「ラティエラ横濱鶴見」に導入	https://weekly.ascii.jp/elem/000/004/121/4121401/	evrest	2023-01-20 18:30:00
IT	週刊アスキー	イオンシネマ、今夏までに最新鋭のIMAXレーザーシステムを新たに7劇場に導入	https://weekly.ascii.jp/elem/000/004/121/4121403/	新鋭	2023-01-20 18:30:00
IT	週刊アスキー	Twitter、サードパーティー製クライアントアプリの禁止を正式に発表	https://weekly.ascii.jp/elem/000/004/121/4121395/	twitter	2023-01-20 18:25:00
IT	週刊アスキー	『ワンダーボーイ アルティメット コレクション』の発売日が2月22日に変更	https://weekly.ascii.jp/elem/000/004/121/4121415/	blissbrain	2023-01-20 18:25:00
IT	週刊アスキー	日産自動車、EVを活用してサステナブルな暮らしを楽しむゲーム型コンテンツ「NISSAN EV & Clean Energy World」を公開	https://weekly.ascii.jp/elem/000/004/121/4121387/	evampcleanenergyworld	2023-01-20 18:20:00
IT	週刊アスキー	現役の通勤車両6種をまとめて撮影できる！　小田急の電車撮影会「人気の“通勤車両全車種”が大集合！」2月19日、3月5日開催	https://weekly.ascii.jp/elem/000/004/121/4121385/	小田急電鉄	2023-01-20 18:10:00
マーケティング	AdverTimes	「オキサイダー」に課徴金1089万円　クレベリン生んだ技術の発明者	https://www.advertimes.com/20230120/article409454/	clolab	2023-01-20 09:09:22