| AWS |
AWS News Blog |
New: AWS Telco Network Builder – Deploy and Manage Telco Networks |
https://aws.amazon.com/blogs/aws/new-aws-telco-network-builder-deploy-and-manage-telco-networks/
|
New AWS Telco Network Builder Deploy and Manage Telco NetworksOver the course of more than one hundred years the telecom industry has become standardized and regulated and has developed methods technologies and an entire vocabulary chock full of interesting acronyms along the way As an industry they need to honor this tremendous legacy while also taking advantage of new technology all in the name … |
2023-02-21 17:30:58 |
| AWS |
AWS Compute Blog |
Using Porting Advisor for Graviton |
https://aws.amazon.com/blogs/compute/using-porting-advisor-for-graviton/
|
Using Porting Advisor for GravitonThis blog post is written by Ryan Doty Solutions Architect AWS and Vishal Manan Sr SSA EC Graviton AWS Introduction AWS customers recognize that Graviton based EC instances deliver price performance benefits but many are concerned about the effort to port existing applications Porting code from one architecture to another can result in a substantial … |
2023-02-21 17:20:11 |
| AWS |
AWS Machine Learning Blog |
AWS and Hugging Face collaborate to make generative AI more accessible and cost efficient |
https://aws.amazon.com/blogs/machine-learning/aws-and-hugging-face-collaborate-to-make-generative-ai-more-accessible-and-cost-efficient/
|
AWS and Hugging Face collaborate to make generative AI more accessible and cost efficientWe re thrilled to announce an expanded collaboration between AWS and Hugging Face to accelerate the training fine tuning and deployment of large language and vision models used to create generative AI applications Generative AI applications can perform a variety of tasks including text summarization answering questions code generation image creation and writing essays and articles AWS … |
2023-02-21 17:40:33 |
| AWS |
AWS Networking and Content Delivery |
Writing and testing CloudFront Functions with production traffic |
https://aws.amazon.com/blogs/networking-and-content-delivery/writing-and-testing-cloudfront-functions-with-production-traffic/
|
Writing and testing CloudFront Functions with production trafficWhile maintaining a web application sometimes we need to build a simple logic that must nbsp run in low latency For example you may want to set up website redirection based on condition or quickly verify an incoming header CloudFront Functions is ideal for these use cases since it lets you write lightweight JavaScript code that … |
2023-02-21 17:23:00 |
| AWS |
AWS Security Blog |
Top 2022 AWS data protection service and cryptography tool launches |
https://aws.amazon.com/blogs/security/top-2022-aws-data-protection-service-and-cryptography-tool-launches/
|
Top AWS data protection service and cryptography tool launchesGiven the pace of Amazon Web Services AWS innovation it can be challenging to stay up to date on the latest AWS service and feature launches AWS provides services and tools to help you protect your data accounts and workloads from unauthorized access AWS data protection services provide encryption capabilities key management and sensitive data … |
2023-02-21 17:57:31 |
| AWS |
AWS |
Managing application workloads with Red Hat Advanced cluster Managed (RHACM) | Amazon Web Services |
https://www.youtube.com/watch?v=XB9ivwyI2A8
|
Managing application workloads with Red Hat Advanced cluster Managed RHACM Amazon Web ServicesIn this session we will explore how hybrid customers can make use of Red Hat Advanced cluster Managed RHACM to constantly manage application workloads across a fleet of OpenShift clusters Learn more at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AWS AmazonWebServices CloudComputing |
2023-02-21 17:33:14 |
| AWS |
AWS |
Red Hat OpenShift Service on AWS (ROSA) compliance and certification | Amazon Web Services |
https://www.youtube.com/watch?v=DxL62vxhEVM
|
Red Hat OpenShift Service on AWS ROSA compliance and certification Amazon Web ServicesWhen assessing a managed service such as Red Hat OpenShift Service on AWS ROSA there are a few things customer security teams are concerned about who has access what are they doing and does the platform and process meet all the requirements my business has for security and governance In this session we will explore which certifications and compliance components ROSA has and how to get documentation to validate this Learn more at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AWS AmazonWebServices CloudComputing |
2023-02-21 17:31:26 |
| AWS |
AWS |
Managing Clusters with Red Hat Advanced cluster Managed (RHACM) | Amazon Web Services |
https://www.youtube.com/watch?v=CypeTq8bCpg
|
Managing Clusters with Red Hat Advanced cluster Managed RHACM Amazon Web ServicesCustomers do not have a single OpenShift cluster most have production and non production environments in separate AWS accounts Many customers have workloads running in multiple AWS regions or have a hybrid use case spanning on premises and AWS In this session we will discuss how Managing Clusters with Red Hat Advanced cluster Managed RHACM can be used to help provision manage and gain visibility in to a fleet of OpenShift Clusters Learn more at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AWS AmazonWebServices CloudComputing |
2023-02-21 17:30:25 |
| AWS |
AWS |
What is Red Hat Advanced Cluster Security (RHACS) | Amazon Web Services |
https://www.youtube.com/watch?v=kavIPrHJ3B0
|
What is Red Hat Advanced Cluster Security RHACS Amazon Web ServicesIn this session we will explore how customers are managing their DevSecOps patterns across multiple OpenShift Clusters spanning multiple AWS regions using Red Hat Advanced Cluster Security RHACS Learn more at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster AWS AmazonWebServices CloudComputing |
2023-02-21 17:25:32 |
| AWS |
AWS |
Athome Group scales their business with AWS - Benelux Cloud Adventures | Amazon Web Services |
https://www.youtube.com/watch?v=q4lsGsueRWQ
|
Athome Group scales their business with AWS Benelux Cloud Adventures Amazon Web ServicesSince Athome Group runs athome lu the premier property portal in Luxemburg CTO Brice Zossi shares Athome s digital transformation journey in the cloud and how they use AWS to scale their business and increase the availability of their services Curious about more detail of Athome s implementation on AWS Watch the deep dive Learn more at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster BeneluxCloudAdventures AWS AmazonWebServices CloudComputing |
2023-02-21 17:18:01 |
| AWS |
AWS |
Athome Group reaches 99.97% availability of their services on AWS - Benelux Cloud Adventures |
https://www.youtube.com/watch?v=64efJYPh5UA
|
Athome Group reaches availability of their services on AWS Benelux Cloud AdventuresSince Athome Group runs athome lu the premier property portal in Luxemburg System Engineering Manager Rémi Jachniewicz takes you through their implementation on AWS and shares his experiences Curious what this brings to Athome s customers Watch the story of CTO Brice Zossi Learn more at Subscribe More AWS videos More AWS events videos ABOUT AWSAmazon Web Services AWS is the world s most comprehensive and broadly adopted cloud platform offering over fully featured services from data centers globally Millions of customers ーincluding the fastest growing startups largest enterprises and leading government agencies ーare using AWS to lower costs become more agile and innovate faster BeneluxCloudAdventures AWS AmazonWebServices CloudComputing |
2023-02-21 17:17:53 |
| AWS |
AWS - Webinar Channel |
Analytics in 15: What's New with Amazon QuickSight- AWS Analytics in 15 |
https://www.youtube.com/watch?v=DZRQmE9lZPo
|
Analytics in What x s New with Amazon QuickSight AWS Analytics in Catch up on QuickSight s newly launched capabilities including paginated reporting in the cloud billion rows of data with SPICE new API capabilities and new QuickSight Q capabilities including ML powered semantic inferencing forecasting new question types and more Learning Objectives Objective Recap what s new with Amazon QuickSight Objective Learn how to use QuickSight as a unified BI tool for your reporting needs with the addition of the newly launched Paginated Reports feature Objective See how to answer your business questions quickly with new QuickSight Q functionality including forecasting and updated question types To learn more about the services featured in this talk please visit To download a copy of the slide deck from this webinar visit |
2023-02-21 17:15:00 |
| AWS |
AWS Security Blog |
Top 2022 AWS data protection service and cryptography tool launches |
https://aws.amazon.com/blogs/security/top-2022-aws-data-protection-service-and-cryptography-tool-launches/
|
Top AWS data protection service and cryptography tool launchesGiven the pace of Amazon Web Services AWS innovation it can be challenging to stay up to date on the latest AWS service and feature launches AWS provides services and tools to help you protect your data accounts and workloads from unauthorized access AWS data protection services provide encryption capabilities key management and sensitive data … |
2023-02-21 17:57:31 |
| 海外TECH |
MakeUseOf |
Advantages and Disadvantages of Using Social Media for Job Hunting |
https://www.makeuseof.com/advantages-disadvantages-social-media-job-hunting/
|
Advantages and Disadvantages of Using Social Media for Job HuntingIs social media an effective job hunting tool Learn the advantages and disadvantages of using it for job hunting and how to make the most of it |
2023-02-21 17:31:20 |
| 海外TECH |
MakeUseOf |
How to Fix the “The Requested Value Cannot Be Determined” Error on Windows |
https://www.makeuseof.com/requested-value-cannot-be-determined-error-windows/
|
windows |
2023-02-21 17:16:19 |
| 海外TECH |
DEV Community |
Como Consegui uma Carreira em DevRel Ainda na Faculdade |
https://dev.to/devrelbr/como-consegui-uma-carreira-em-devrel-ainda-na-faculdade-anc
|
Como Consegui uma Carreira em DevRel Ainda na Faculdade SumárioIntroFazendo Umas PiadinhasO PODER do NetworkingLevando um Hobby a SérioMUITA Coisa pra AprenderResumindo Como Começar uma ComunidadeConclusãoTL DRNesse blog vou compartilhar a minha história acidental como criadora de conteúdo que me levou a conhecer pessoas incríveis e a oportunidade de trabalhar na área de DevRel enquanto ainda estou na faculdade Vou falar sobre o que aprendi atéagora desde os meus primeiros tweets atéa construção de uma carreira internacional Apanhei bastante pelo caminho e essas são as maiores lições e dicas que tenho para quem gostaria de seguir um caminho parecido Intro Sem ter muito o que fazer durante a pandemia do Covid decidi entrar em uma antiga conta minha do Twitter que eu nunca realmente usei e devia ter um pouco mais de followers na época Comecei a seguir muitos tópicos e contas que eu achava interessante e alguns deles eram relacionados com Ciência da Computação Nessa época eu jáprogramava ocasionalmente na faculdade e játinha tido contato com programação pelo programa CS de Harvard essencial para quem estácomeçando no meu ensino médio que fiz técnico em informática e alguns projetos soltos por aí Mas nada muito uaaau Eventualmente me deparei com uma hashtag que me chamou muita atenção o DaysOfCode Que consiste basicamente da galera codando por dias seguidos no mínimo hora por dia e tweetando sobre o que aprendeu naquele dia Decidi começar a aprender um pouco de front end jáque tinha muito conteúdo da galera ajudando a começar e era o tópico mais falado no tech twitter naquela época Isso literalmente eu sem seguidores tá Estava fazendo apenas pra me forçar a codar consistentemente e bater o ponto nem que fosse uma horinha só Por isso os tweets que eu fazia com a hashtag não tinha o intuito de ser muito informativo ou tentando ensinar algo Geralmente era apenas um pensamento engraçado ou uma observação interessante de algo que eu aprendi Por causa do alcance dessa hashtag na época feita justamente com o intuito de dar visibilidade para novos devs e se ajudar como comunidade esses tweets começaram a ganhar uns likes Lembro que no primeiro post játive um engajamento e fiquei muito animada porque minha conta era realmente bem isolada Fui acumulando seguidores um pouquinho todo dia e os tweets começaram a ganhar cada vez mais alcance Nessa época eu interagia muuito com a galera através de DMs e comentários formei amigos que converso atéhoje e conheci pessoas que são literalmente lendas do tech twitter como o legendário Jack Forge que me ajudaram muito Todo mundo era muito legal e aquilo tudo era muito novo e interessante para mim Fazendo Umas Piadinhas Muitas pessoas começaram a me seguir por se identificar com tipo de conteúdo mais sarcástico que eu também gostava de fazer E sem querer fui formando meu nicho Conseguir criar e identificar o seu nicho éuma das etapas mais importantes na criação de conteúdo e éo que vai fazer a diferença entre vocêcrescer rápido ou devagar Com o tempo eu entendi que quando postava conteúdo para esse nicho o engajamento tomava maiores proporções Isso acontece porque minha audiência são pessoas que gostam desses tweets e járelacionaram eles com a minha conta então elas são muito mais prováveis de curtir ou retuitar esse conteúdo Ser receptivo nos comentários faz as pessoas interagirem com vocêcom mais frequência Aqui estão alguns dos comentários desse mesmo post que acabei de mostrar Comentários também são uma das ferramentas mais poderosas para aumentar o seu alcance A maior parte de como as pessoas vão te ver e decidir se gostam ou não de vocêéobservando como vocêinterage com outros usuários ou seguidores nos comentários Todo o processo de entender como criação de conteúdo funciona e como utilizar o algoritmo ao seu favor são pontos cruciais se vocêplaneja criar uma audiência para o seu conteúdo Nesse post eu ganhei muito alcance apenas respondendo comentários e contas com poucos seguidores também ganharam bastante visibilidade com um simples reply O PODER do Networking Quando eu estava começando interagir com a comunidade foi crucial para o meu crescimento Além disso te permitir conhecer pessoas incríveis muitos são dispostos a ajudar ou ter um rápido bate papo que pode fazer a diferença na sua carreira Por causa dessas interações tive mentorias peguei insights de uma galera FODA fui convidada para eventos online e muitas outras oportunidades que nunca teria tido sem a ajuda da comunidade Não consigo enfatizar o suficiente como éimportante independentemente do seu conteúdo número de seguidores ou quantidade de curtidas fazer conexões com outras pessoas No final éisso que realmente importa Resumindo esses são os passos que considero fundamentais para ter sucesso em todas essas dicas atéagora Escolha seu nichoAche pessoas referências neleInteraja com o conteúdo dessas pessoasCrie seu próprio conteúdoSe mantenha consistenteInteraja com a comunidadeSeguindo os passos a égarantido que vocêcomece a chamar atenção para a sua conta Seu trabalho agora éconverter essa atenção para followers No passo se atente a produzir valor e focar no seu nicho específico Seja original e poste as coisas de forma autêntica sempre guarde um tempinho para planejar o seu próximo passo Isso vai fazer com que as pessoas queiram te seguir e interagir com o seu conteúdo Para os passos e tente postar todo dia Isso vai fazer com que as pessoas vejam mais de vocêe aumentar a chance de se tornar um seguidor Responda os comentários que puder e interaja com seus seguidores Ninguém gosta de seguir uma conta fantasma Levando um Hobby a Sério Criar uma presença online foi um processo que me ensinou muito mas que por muito tempo encarei apenas como um hobby que me motivava a programar de forma consistente Eu apenas fazia porque gostava Mas como isso me levou para DevRel Quando estava saindo de um estágio como desenvolvedora de software recebi uma proposta para trabalhar meio período como gerente de comunidade para uma startup canadense chamada Shakudo onde trabalho atéhoje Obviamente fiquei muito animada com a proposta de trabalhar pra fora do país e ainda mais com algo que eu jágostava de fazer de graça Nesse período me formei em Ciência e Tecnologia da Computação na UFRN que éum generalista para entrar no meu atual curso Engenharia da Computação Eventualmente as habilidades técnicas que construídurante os anos sozinha e na faculdade junto com a minha experiência com criação de comunidades me ajudaram a entrar integralmente como Developer Advocate na Shakudo Agora sou responsável por fazer demos com o produto criar estudos de caso escrever documentação e gerenciar várias iniciativas certificando que estão alinhadas aos objetivos da empresa Irei falar mais sobre meu dia a dia como Developer Advocate em futuros posts do DevRel Brasil A maior parte do meu time trabalha presencial no Canadáentão muitas vezes estou assim Mas Sabrina eu PRECISO criar uma audiência própria para trabalhar em DevRel A resposta é NÃO Não énecessário ter qualquer influência online para ser um bom DevRel atéporque não vai ser todo mundo que quer se expor publicamente assim PORÉMSe vocêquer trabalhar nessa área ébom ter algum histórico de sucesso criando conteúdo e desenvolvendo comunidades além das skills técnicas Falo sobre presença online pois éo método que funcionou para mim e para dezenas de conhecidos que trabalham com DevRel hoje Contudo diria que esse não éo caso para uma grande parte de profissionais DevRel Como existem diversas portas de entrada tudo depende de vocêe como vocêquer construir a sua carreira MUITA Coisa pra Aprender Com certeza hámuitas coisas que vocêprecisa aprender para ter sucesso em DevRel Énormal que algumas delas sejam mais fáceis para vocêdo que outras por isso minha dica é Faça algo ruim com esforço para depois fazer algo bom sem esforço Não tente alcançar a perfeição logo de cara Se vocêfizer algo que não parece tão bom agora mas que pode ser melhorado poste analise o que pode ser aprimorado e vámelhorando com o tempo Lembre que Roma não foi construída em um dia Acredite esse processo eventualmente se tornaránatural para você aumentando a quantidade de conteúdo de qualidade que vocêvai conseguir gerar em pouco tempo Não deixe de postar o seu processo de aprendizagem nas redes sociais Além de ser um ótimo tipo de conteúdo ébastante motivador para quem gostaria de fazer algo semelhante Resumindo Como Começar uma Comunidade Se vocêainda não tem uma presença online e estáse perguntando como começar do zero a sua própria marca pessoal ou comunidade de desenvolvedores aqui estão algumas coisas que vocêdeve considerar antes de começar adoidado Planeje sua rede socialAqui eu falo bastante sobre o Twitter pois acaba sendo a rede que gosto mais e que me proporcionou diversas oportunidades Isso não significa que outras redes também não tenham oportunidades incríveis para o crescimento pessoal e de uma comunidade Outros exemplos são Instagram Twitch Reddit Youtube e Discord Antes te começar analise qual se encaixa melhor no seu perfil e que tipo de conteúdo gostaria de produzir Aqui estão alguns exemplos de comunidades de desenvolvedores bem sucedidas nessas outras redes Javascript Wizz InstagramMidudev TwitchWebDev RedditJoma Tech YoutubeHeart Developers Discord Comece pequenoColocar objetivos grandes logo de cara pode facilmente levar a frustração desmotivação ou burnout Vocêtem mais chances de se dar melhor se focar em ganhar followers ou membros em semana do que em um ano Mantenha ConsistênciaNão custa nada repetir o quanto isso éessencial Um dos métodos que utilizei para me manter consistente foi a hashtag DaysOfCode Independente do que vocêescolha para isso e importante éaparecer todo dia e criar um pouquinho de valor para a comunidade Entenda o seu nicho comunidade estude o que outras pessoas estão fazendo e aplique esse conhecimento no seu conteúdo consistentemente InoveTer um diferencial éum fator importante para escalar sua comunidade Se pergunte jáexistem muitas comunidades láfora que desenvolvedores podem participar Por que eles escolheriam participar da sua Pense em algo que vocêgostaria de ver acontecendo hoje que ainda não tenha muito suporte Pode ser um projeto open source que ajudaria muita gente a começar em alguma linguagem Ou uma forma de facilitar a entrada e pessoas transacionando a carreira para tech depois dos Talvez uma comunidade totalmente focada em criar coisas no code ou com inteligência artificial Escolha algo que vocêtenha afinidade e crie algo novo que você gostaria de ver dentro daquela área As chances são que muita gente também gostaria de participar da sua ideia Conclusão Compartilhei aqui um pouco da minha experiência e de muitas pequenas coisas que me levaram a conseguir trilhar uma carreira internacional enquanto ainda termino a faculdade de Engenharia de Computação No entanto a dica mais valiosa que aprendi atéhoje e que pode ajudar em qualquer carreira e na vida em geral é esteja sempre pronto para falhar e aprender Se vocêaprender constantemente trabalhar duro e não ser um cuzão as chances de vocêser extremamente bem sucedido em DevRel ou em qualquer outra carreira são enormes Espero que esse post tenha te ajudado a entender um pouco mais sobre a importância da criação de uma presença online e no melhor dos casos seja a sementinha de motivação para alguém começar a construir sua própria comunidade de desenvolvedores |
2023-02-21 17:43:43 |
| 海外TECH |
DEV Community |
NPM & Yarn: A CLI Comparison |
https://dev.to/arafat4693/npm-yarn-a-cli-comparison-56nb
|
NPM amp Yarn A CLI ComparisonBookmark this article If you are migrating from npm to yarn or viceversa Here is a list of all commonly used commands in NPM and Yarn CommandNPMYarnInitializing a projectnpm inityarn initRunning tests for the current packagenpm testyarn testConfirming if any package is outdatednpm outdatedyarn outdatedPublishing a packagenpm publishyarn publishRunning a scriptnpm runyarn runCleaning the local package cachenpm cache cleanyarn cache cleanLogging in and outnpm login logout yarn login logout Installing dependenciesnpm installyarnInstalling packagesnpm install package name yarn add package name Uninstalling packagesnpm uninstall package name yarn remove package name updatingnpm updateyarn upgradeupdating packagenpm update package name yarn upgrade package name Installing package globallynpm install global package name yarn global add package name Uninstalling package globallynpm uninstall global package name yarn global remove package name Interactively updating dependenciesnpm run upgrade interactiveyarn upgrade interactiveRunning packages without downloadingnpxyarn dlxChecking licenses of dependenciesN Ayarn licenses ls ConclusionIn most cases you will only need some of these commands However Getting an idea of all of these commands is always a plus point This list will help you remember easily and in migrating for you and your teams If you feel I forgot any essential commands please let me know in the comment section Thanks for reading this article from start to end I will see you all in my next article |
2023-02-21 17:28:07 |
| 海外TECH |
DEV Community |
Java Serialization Filtering - Prevent 0-day Security Vulnerabilities |
https://dev.to/codenameone/java-serialization-filtering-prevent-0-day-security-vulnerabilities-ipk
|
Java Serialization Filtering Prevent day Security VulnerabilitiesI ve been a Java developer long enough to remember the excitement when Sun introduced the concept of serialization in the JVM In the world of C we could just write a struct into a file but this was always problematic It wasn t portable and had many issues But for Java we could just write the class and it “worked This was pure magic Java was still mostly in use in the client side and when we thought about security we had different vulnerabilities in mind The sandbox occupied most of our security discussions Fast forward a couple of decades and today when most developers discuss serialization the discussion isn t so positive Serialization as Brian Vermeer puts it is “the gift that keeps giving In fact just after I created this video a new deserialization vulnerability in SnakeYaml was exposed Serialization is one of the biggest security problems in many programming languages it isn t just a JVM problem Hackers can use tools designed to deliver a serialization exploit chain You can then generate a gadget used to deliver the exploit without too much knowledge of the system That is scary stuff I m not a security expert I care more about the solution How do we make sure that the next zero day doesn t affect us How do we harden our server code against serialization attacks Do we need Serialization We rarely need serialization Ideally if you can remove serialization entirely from your code and can avoid rd party code that uses serialization you can just block it completely This will mean that even if a zero day comes up the serialization portion will fail You might have a bug but it won t be an exploitable vulnerability Sometimes we need a bit of serialization In that case we can include only the well known classes needed and block everything else out JEP Serialization FilteringThe solution came in Java in the form of serialization filtering as part of JEP There are critical patch updates for older JDKs such as JDK u So if you must stay in an older version it s still possible to use this feature It is possible to use this feature with no code changes although we might want to change the code for additional functionality The fundamental problem is testing that important systems don t break We might run into difficulty when verifying serialization usage e g in distributed caching layers A cache might serialize objects to synchronize them between nodes over the network We might miss that dependency when running tests locally but fail in production In those cases you can follow the strategies listed below to solve the problems Whitelist vs BlacklistThere are two approaches we can take when filtering specific serializable objects Whitelist block everything and allow specific classes or packages in Blacklist block specific problematic classes and packages A blacklist lets us block well known vulnerabilities and that might be enough But we have no guarantee that we blocked everything A whitelist is usually the more secure option yet it might break your code if you missed a class that s required in an edge case We can set the filter on the JDK itself by editing the java security properties file That might make sense if you package a JDK with your application Personally I prefer using the command line argument to configure that e g java “ Djdk serialFilter jar MyJar jarThis command will block all serialization Notice I need to use the quotes to prevent bash from expanding the star sign The exclamation point means we wish to block and the star means we block everything The following code is a blacklist We re blocking a specific package We can also narrow it down to a specific class But as I said before this isn t ideal java “ Djdk serialFilter mypackage jar MyJar jarBesides the inherent problems with the blacklist a major problem is knowing what to block There are obvious targets like classes that have been vulnerable in the past e g java rmi server UnicastRemoteObjectjava util logging Handlerjava util zip Inflaterorg apache commons collections functors InvokerTransformerorg apache commons collections functors InvokerTransformerUnfortunately this list is not exhaustive and I couldn t find any list that I can use as a source for a proper blacklist We can look through the Common Vulnerabilities and Exposures CVE database for exploits but that s painstaking work Finally we have a whitelist where we allow the classes under the package mypackage We can serialize them as usual The JVM seamlessly blocks everything else This is pretty close to the ideal situation We can add additional classes and packages as necessary by adding them and separating them with a semicolon java “ Djdk serialFilter mypackage jar MyJar jar What about Complexity How do you know which classes are serialized in the code How do you get an alert if your code blocked a serialization attempt This might be something you would want to track since it might be the system breaking or it might be an attempted hack Both are valid reasons for an alert You can t do that declaratively but you can write code that can use sophisticated logic to determine whether serialization should succeed This is a sample from the Oracle documentation of a simple serialization filter Notice it can reject the serialization or leave it undecided This is part of a filter chain where each stage in the validation process can reject the serialization or pass it on to the next stage We can bind the filter globally as we do here or do it on a per stream basis The API is remarkably flexible and provides a lot of information about the process ObjectInputFilter Config setSerialFilter info gt info depth gt Status REJECTED Status UNDECIDED TL DRYou should always use serialization filtering when running a JVM deployment This should always be the case Serialization filtering was backported to older JVM versions so there is absolutely no excuse Serialization filtering requires no code changes and we can enable it via global configuration or command line At the very least you can use it to blacklist known vulnerabilities Ideally we should block all serialization and whitelist specific classes or packages as needed |
2023-02-21 17:17:11 |
| 海外TECH |
DEV Community |
File Handling: The Best File Formats for Web Development |
https://dev.to/get_pieces/file-handling-the-best-file-formats-for-web-development-2225
|
File Handling The Best File Formats for Web DevelopmentWe ve all spent too much time trying to find the files we ve mislabeled misplaced or prematurely deleted As a web developer you must handle your files correctly to avoid unnecessary loss Properly handling files refers to storing available data or info in a file and using the correct format that would suit your website s state The challenges associated with mishandling your files can be daunting so let s jump in together Structuring and Organizing your Website s FilesHandling your files requires careful organization to be successful Creating a well organized system for your website s files will save time In addition making the structure easily viewable will make it simpler for others to work on your site File StructuresWhen it comes to your website s structure make sure your file structure is easy to navigate and understand This means using clear and concise folder names that describe the content within them Secondly you want to keep your files well organized so that you can locate them when you need them This means creating subfolders and grouping similar files together Finally make sure that your file sizes are compressed so that they load quickly and don t occupy too much space on your server You can use two main types of folder structures The hierarchical folder is the most common type of folder structure and is used by most operating systems including Windows macOS and Linux Unix You can easily create folders within one folder for example folder is inside folder folder is inside folder etc On the other hand in the flat folder structure all of the files are stored in one level without a hierarchy Your website s file structure is important for two reasons first it can help improve your site s performance and second it can make it easier for you to find files when you need them Types of DirectoriesA root directory is the main folder where you will store all of your website s files Within your root directory you should create a few key folders Store your website s HTML files in an HTML folder Put your website s CSS files in a CSS folder Store your website s JavaScript files in a “Javascript folder You can also Nest folders create multi level folders to making your structure a little simpler Keeping all of your website s files in one main directory can be helpful if you have a small website with only a few pages Another way to organize your website s files is to create separate directories for each section or page of your site This can be useful if you have a larger website with many different pages and sections Primarily be consistent with how you organize your website s files so that it ll be easier to find and use the files when you need to make changes to your website Tips for ImplementationUse a consistent naming convention for all of your files Using short memorable file names e g HTML gt folder will make it simple to find and manage files Create folders for different types of files For example create a folder for images one for videos and one for PDFs or DOCs Keep track of where each file is located An excellent way to do this is to create a master list of all of the files on your site and update it whenever you add or remove anything Periodically review your file structure and make sure it s still effective As your site grows you might need to adjust how you organize things Choosing the Best File FormatWhen choosing the best file formats it s important to consider flexibility quality of resolution and the ability for image video and audio files to be compressed while retaining quality The best file format for a given document is the one that offers the most benefits There are different types of file formats but not all of them are good for specific purposes Image FormatsScalable Vector Graphics SVG is an XML based vector image format popular in web design because of its scalability across different devices and platforms It takes a little time to get used to but SVG files have many benefits over other types of image formats including that they can be created and edited with any text editor The Joint Photographic Experts Group JPEG created the JPEG standard which was published in The JPEG standard was intended as a successor to the GIF and TIFF standards Still it became more popular than its predecessors because of its comprehensive support and better compression rates JPEG is best used for photos because it can accurately handle large color spaces while maintaining a relatively small file size The Portable Network Graphics PNG file format is a bitmap image format that supports bit images and bit transparency It was created as an improved non patented replacement for the GIF which lacked support for authentic color images The PNG format was designed in by a team at the company Silicon Graphics The team wanted to create a graphics file format that would not lose any image data during compression The Web Picture Format WebP is a new image format that provides better compression than JPEG or PNG It is supported by Chrome Opera and Android but not by Firefox or Internet Explorer Google developed it in to provide lossless and lossy compression for images on the web It was designed to be an alternative to JPEG and PNG images with similar quality but much smaller file sizes The Graphics Interchange Format GIF is a file format for storing images and animation GIFs are usually animated you can also use them to provide text or other graphics with an animation effect They are created using graphic design software like Adobe Photoshop but they can also be made using an app on a computer or mobile device Video FormatsHere is a list of the best video files WebM is a video format that is open source and royalty free It was developed in by Google as an alternative to H MPEG AVC which runs with HTML The codec of this format doesn t require much to compress and unzip files WebM is used on YouTube and Facebook Some devices support WebM natively while others need third party software to play WebM videos Audio Video Interleave AVI is the most commonly used video format on Windows computers You can create AVI files using the built in video recording feature of some versions of Microsoft Windows or a third party video capturing device such as a webcam It is a container file format that can contain both audio and video data and it can also include other types of data such as subtitles Moving Picture Experts Group MPEG MP is a video format that stores and distributes digital video It s a container format containing multiple videos audio or tracks It is a standard file format for storing video on DVDs The MP file extension is also used for other media such as MP audio and MPEG transport streams Advanced Video Coding High Definition AVCHD is a file format for recording high definition video without converting or transcoding it It also supports uncompressed audio formats such as Dolby TrueHD and DTS HD Master Audio The QuickTime File Format is an Apple created container format that supports video audio text graphics and other data formats When choosing a video format select the one that meets your application requirementsーendeavor to select the formats most browsers accept and choose a video format with the right quality Audio FormatsHere s a list of the best Audio File Formats An MP file is an audio file encoded at a constant bit rate or variable bit rate which is compressed with the use of a psychoacoustic model They are more popular than WAV and AIFF formats because of their size The files have different applications including music speech and audiobooks You can play MPs on any device that has an MP player installed in it Advanced audio coding AAC is a complex process that requires a lot of time and effort but the benefits are worth it The process begins with recording an analogue signal that is then converted to a digital signal This digital signal is later encoded into an MP file or any other audio format of your choice OGG is an accessible lossy open source audio file format for general purpose audio It is designed to be efficient in terms of storage space and data transmission rates OGG was adopted by several companies including Apple and the BBC as the preferred format for streaming and playback of their content Waveform WAV audio files are a type of audio file that represents sound as an oscillating waveform This file is often used in audio files for music production and was initially developed by the Yamaha Corporation They are also compatible with popular music software programs such as Pro Tools and Logic Pro The best audio format for sound quality is a format that has the highest bitrate and sample rate which produce better quality audio The best audio formats for sound quality are wav mp AIFF and flac while the best audio files for the web include MP and MP file formats Some File Uploading Tips for Web DevelopersIf possible use the PNG file format when uploading images because it s a lossless format Ensure that your file type is set to All Files when uploading from your computer as this will allow the browser to determine what file type it should use when displaying your uploaded file If your uploaded image has an alpha channel use the save for web option in Photoshop so that there are no unnecessary pixels in the image When saving video or audio files ensure they re saved as MP or MP respectively When uploading an audio file in WAV format specify that it s an uncompressed audio file Knowing about file metadata is helpful for validation and helps you make informed decisions Learn how to use the file accept attribute to limit the type of files to upload Manage your file content using the FileReader object to convert the file to a binary string After that add a load event listener to finally get the binary strings to upload Use metadata to read and validate file size Give users a seamless file upload experience by adding a progress bar You can use HTML s progress tag to create a progress bar the FileReader has an event called progress that is used to analyze how much has been loaded ConclusionIf you want your web application to run smoothly it is essential to keep its files structured organized and saved in the correct folder with a descriptive name When you prioritize handling your files correctly you avoid development hiccups and improve your general productivity |
2023-02-21 17:15:10 |
| Apple |
AppleInsider - Frontpage News |
President Biden upholds potential Apple Watch ban |
https://appleinsider.com/articles/23/02/21/president-biden-upholds-potential-apple-watch-ban?utm_medium=rss
|
President Biden upholds potential Apple Watch banPresident Biden has decided not to block a possible Apple Watch import ban which can go ahead if AliveCor can overturn a previous ruling that its patents in question are invalid AliveCor has told AppleInsider that it has been informed that the International Trade Commission ITC ruling in its favor has been cleared by the White House President Biden has therefore chosen not to block the pending ITC ruling that Apple infringes on AliveCor s patents with the ECG features in the Apple Watch Apple previously won its claim that three of the patents should be invalidated which would render the ITC ruling moot Enforcement of the ban is awaiting the conclusion of AliveCor s appeal of the invalidation Read more |
2023-02-21 17:08:48 |
| Apple |
AppleInsider - Frontpage News |
US Apple Watch ban still unlikely after Biden decides not to block it |
https://appleinsider.com/articles/23/02/20/us-apple-watch-ban-unlikely-as-apple-fights-patent-claim?utm_medium=rss
|
US Apple Watch ban still unlikely after Biden decides not to block itPresident Biden has not blocked a ban on Apple Watch sales in the US over patent infringement ーbut the ban still depends on AliveCor getting a patent trial verdict overturned on appeal Back in December the International Trade Commission ITC confirmed its ruling that Apple has infringed on AliveCor s heart rate monitoring patents in the Apple Watch As detailed in ITC and AliveCor coverage in June April and the related patent suit in December AliveCor has always pressed for a ban on Apple Watch sales The ITC s most recent ruling automatically triggered a review process that could see President Biden having to decide whether or not to approve what was called the Final Determination Now the Presidential Review period has been cleared and in theory a ban could take place Read more |
2023-02-21 17:20:48 |
| 海外TECH |
Engadget |
Apple's 1TB 12.9-inch iPad Pro is cheaper than ever |
https://www.engadget.com/apples-1tb-129-inch-ipad-pro-is-cheaper-than-ever-174640701.html?src=rss
|
Apple x s TB inch iPad Pro is cheaper than everAs tablets get more powerful some are becoming suitable replacements for laptops That s particularly the case with the higher capacity models of Apple s iPad Pros Right now the larger inch models with either TB or TB of storage are off at Amazon The deal covers both the Wi Fi only models and configurations with cellular connectivity The sale brings the TB Wi Fi model down to instead of and makes the TB Wi Fi plus cellular model instead of A discount still doesn t make these cheap devices by any stretch but if you ve been thinking about upgrading your laptop and also want the portability of a tablet this could be a good time to buy nbsp We gave the iPad Pro a review score of when it debuted late last year The latest generation of the iPad Pro didn t see a total rebuild like the standard iPad did but that s not necessarily a bad thing The Pro already benefited from having an amazing screen and superior build but this time around Apple increased processing power with the addition of their M chip The latest operating system iPadOS added Stage Manager an innovative multitasking system that lets you easily use multiple windows while working with your iPad nbsp Combine the software tweak with a faster chip and you ve got a slab that aspires to do laptop duty ーespecially after adding in accessories like the Magic Keyboard and the latest generation Apple Pencil On the screen front the inch Pro features a Liquid Retina XDR panel with mini LED backlighting for great range and contrast The Pro also houses a solid all day battery and robust speakers Around back there s one megapixel wide and oneMP ultra wide camera plus a flash and LIDAR scanner The ultra wide MP front facing camera is still oriented to the portrait side making you a little off center on video calls if you re docked into a keyboard It s also not a light tablet weighing in at a pound and a half but perhaps that s to be expected from such a powerful machine nbsp nbsp Follow EngadgetDeals on Twitter and subscribe to the Engadget Deals newsletter for the latest tech deals and buying advice |
2023-02-21 17:46:40 |
| 海外TECH |
Engadget |
Sony’s new midrange headphones borrow the premium WH-1000XM5's V1 chip |
https://www.engadget.com/sonys-new-midrange-headphones-borrow-the-premium-wh-1000xm5s-v1-chip-173338347.html?src=rss
|
Sony s new midrange headphones borrow the premium WH XM x s V chipSony is launching a pair of midrange headphones that borrow some tech from the company s WH XM The new WH CHN is an over ear pair using the same V chip from Sony s flagship model which should help provide high quality sound and active noise cancelation ANC for a much lower price The company says the WH CHN s battery will last up to hours with ANC enabled The headphones also include Digital Sound Enhancement Engine DSEE support Sony s audio upscaling tech that may improve the sound of compressed music files on services like Spotify It also has multipoint connectivity and two microphones in each ear cup which assists it in offering levels of noise canceling ambient sound Of course you can tweak its settings with the companion Sony Headphones Connect app Sony has a good track record with its mid range headphones Like with this model the company typically carries over a few features from its premium cans while skimping in enough places to keep the price down In this case it lacks the second ANC processor from the WH XM So although they ll have lesser noise canceling than their more expensive siblings the V chip should still make for terrific ANC for their price The WH CHN will be available in black blue and white when it begins shipping this spring SonySony also announced a new entry level pair of on ear headphones the WH CH which will skip ANC but offer an impressive hours of battery life They will also include DSEE and multipoint connection The WH CH will also launch this spring in black blue and white They will cost a mere |
2023-02-21 17:33:38 |
| 海外TECH |
Engadget |
PlayStation lines up a State of Play for February 23rd |
https://www.engadget.com/playstation-lines-up-a-state-of-play-for-february-23rd-172640508.html?src=rss
|
PlayStation lines up a State of Play for February rdSony has revealed when its first State of Play showcase of will take place You ll be able to watch the stream at PM ET on February rd on PlayStation s Twitch and YouTube channels Don t expect too much in the way of news on big first party games for PlayStation such as Marvel s Spider Man Sony says the State of Play will include fresh looks at some anticipated third party games as well as a first glimpse at five titles on the way to PlayStation VR later this year ーhopefully including Half Life Alyx As a reminder the impressive but pricey VR headset arrives this week Sony will round out the showcase with a deep dive into Suicide Squad Kill the Justice League You ll get to check out more than minutes of gameplay and other details about the Batman Arkham Knight followup which can be played either solo or with up to three other people and is scheduled to land on May th State of Play is back Tune in Thursday at pm PT for ️Five new PS VR titles from partners ️Hot indie and third party reveals ️An extended look at Suicide Squad Kill the Justice Leaguepic twitter com muRXZJFkーPlayStation PlayStation February |
2023-02-21 17:26:40 |
| Cisco |
Cisco Blog |
MWC Barcelona: What connections will you make in 2023? |
https://feedpress.me/link/23532/15985934/mwc-barcelona-what-connections-will-you-make-in-2023
|
industrial |
2023-02-21 17:55:44 |
| 海外科学 |
NYT > Science |
Parched California Misses a Chance to Store More Rain Underground |
https://www.nytimes.com/2023/02/21/climate/california-storms-groundwater-aquifer-recharge.html
|
Parched California Misses a Chance to Store More Rain UndergroundTorrential rains could have helped to replenish depleted aquifers but some say state bureaucracy designed to distribute water fairly has stood in the way |
2023-02-21 17:17:54 |
| 海外科学 |
NYT > Science |
Paul Berg, Nobel-Winning Pioneer of Genetic Engineering, Is Dead at 96 |
https://www.nytimes.com/2023/02/21/science/paul-berg-dead.html
|
Paul Berg Nobel Winning Pioneer of Genetic Engineering Is Dead at In he transferred material from one organism to another creating the first recombinant DNA or rDNA He later helped lead a historic effort to write protocols for genetic research |
2023-02-21 17:13:24 |
| ニュース |
BBC News - Home |
Nurses in England to suspend 48-hour strike |
https://www.bbc.co.uk/news/health-64722953?at_medium=RSS&at_campaign=KARANGA
|
college |
2023-02-21 17:40:22 |
| ニュース |
BBC News - Home |
Asda and Morrisons limit sales of some fruit and vegetables |
https://www.bbc.co.uk/news/business-64718823?at_medium=RSS&at_campaign=KARANGA
|
tesco |
2023-02-21 17:18:49 |
| ニュース |
BBC News - Home |
No 10 defends handling of Northern Ireland Protocol talks |
https://www.bbc.co.uk/news/uk-politics-64717754?at_medium=RSS&at_campaign=KARANGA
|
ireland |
2023-02-21 17:38:28 |
| ニュース |
BBC News - Home |
Neo-Nazi threats probed by anti-terrorism police |
https://www.bbc.co.uk/news/uk-64720973?at_medium=RSS&at_campaign=KARANGA
|
action |
2023-02-21 17:44:23 |
| ニュース |
BBC News - Home |
Constance Marten: couple putting baby at risk, says midwife |
https://www.bbc.co.uk/news/uk-64721075?at_medium=RSS&at_campaign=KARANGA
|
constance |
2023-02-21 17:11:21 |
| ニュース |
BBC News - Home |
Women's T20 World Cup: England post record score in victory over Pakistan |
https://www.bbc.co.uk/sport/av/cricket/64721495?at_medium=RSS&at_campaign=KARANGA
|
Women x s T World Cup England post record score in victory over PakistanEngland post a Women s T World Cup record score of as they beat Pakistan by runs to finish the group stage unbeaten |
2023-02-21 17:07:33 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
相手に圧倒的に信頼される「魔法のフレーズ」とは? - ひとこと化 |
https://diamond.jp/articles/-/318052
|
魔法 |
2023-02-22 02:55:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
【精神科医が教える】 ふとネガティブなことが頭に浮かぶ…そんなとき“一瞬で気分が晴れる”とっておきの方法 - 精神科医Tomyが教える 心の執着の手放し方 |
https://diamond.jp/articles/-/316277
|
【精神科医が教える】ふとネガティブなことが頭に浮かぶ…そんなとき“一瞬で気分が晴れるとっておきの方法精神科医Tomyが教える心の執着の手放し方【大好評シリーズ万部突破】誰しも悩みや不安は尽きない。 |
2023-02-22 02:50:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
部屋をうす暗くすると不調も痛みも消えやすい? 整体プロおすすめの夜習慣 - すごい自力整体 |
https://diamond.jp/articles/-/317976
|
矢上真理恵さんのお父様でもある矢上裕さんは年前、鍼灸師・整体治療家として治療しながら、効果の高い施術を自分におこなえるように改良し「自力整体」を完成。 |
2023-02-22 02:45:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
読み手をイラっとさせる「ムダな表現」4選【書籍オンライン編集部セレクション】 - 落とされない小論文 |
https://diamond.jp/articles/-/317856
|
読み手をイラっとさせる「ムダな表現」選【書籍オンライン編集部セレクション】落とされない小論文これから始まる国立大受験・公務員試験の受験者必読元NHKアナウンサーの超人気講師が、本の「失敗答案」から統計的に導いた「全試験共通の減点基準」初公開。 |
2023-02-22 02:40:00 |
| ビジネス |
ダイヤモンド・オンライン - 新着記事 |
サムスンの半導体進出をシリコンバレーがこぞって支援した理由 - 半導体戦争 |
https://diamond.jp/articles/-/318143
|
付加価値 |
2023-02-22 02:35:00 |
コメント
コメントを投稿