投稿時間:2023-04-01 19:11:38 RSSフィード2023-04-01 19:00 分まとめ(13件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
python	Pythonタグが付けられた新着投稿 - Qiita	実験自動化(Lab Automation)のススメ	https://qiita.com/notori48/items/519eeced7a1d9e7ee735	labhack	2023-04-01 18:01:55
js	JavaScriptタグが付けられた新着投稿 - Qiita	try/catch/finally文 例外処理メモ	https://qiita.com/yuta-10112022/items/ec55707927f5dccd3c53	catch	2023-04-01 18:37:15
AWS	AWSタグが付けられた新着投稿 - Qiita	Terraformを使ってAWSのRDS(Postgres)を構築しよう！	https://qiita.com/shun198/items/5fd6b29962a8c259ae56	rdspostgres	2023-04-01 18:08:07
GCP	gcpタグが付けられた新着投稿 - Qiita	Google Cloudアップデート (3/9-3/15/2023)	https://qiita.com/kenzkenz/items/0072447864b55deceb93	cloud	2023-04-01 18:32:13
GCP	gcpタグが付けられた新着投稿 - Qiita	Google Cloudアップデート (3/2-3/8/2023)	https://qiita.com/kenzkenz/items/f51e6e4c53dd66c11ef5	bigquery	2023-04-01 18:30:03
海外TECH	DEV Community	Hijacking PicoCTF 2023	https://dev.to/brunoblaise/hijacking-picoctf-2023-3g3o	Hijacking PicoCTF hijacking pointsAUTHOR THEONESTE BYAGUTANGAZADescriptionGetting root access can allow you to read the flag Luckily there is a python file that you might like to play with Through Social engineering we ve got the credentials to use on the server SSH is running on the server Note This challenge launches an instance on demand This challenge was solved by Kubana in my team So google searching using python for privilege escalation in linux I got an article which detailed how to do just that except the spawning shell part which I got from a youtube video Connecting to the server I checked what I can run with sudo with sudo l and got User picoctf may run the following commands on challenge ALL usr bin vi root NOPASSWD usr bin python home picoctf server pyCool we can run the script with sudo Now inside the script we have an import of base we could hijack a function used by this library I changed the code to just run the commands hi hi out base bencode hi encode utf decode utf print out We need to hijack the function bencode specifically to get root and we could do so by editing the original library base py The file was located inside usr lib python base py so running vim on it I could edit the file I imported pty and at the start of the function bencode I added the line def bencode s altchars None Encode the bytes like object s using Base and return a bytes object Optional altchars should be a byte string of length which specifies an alternative alphabet for the and characters This allows an application to e g generate url or filesystem safe Base strings pty spawn bin bash code Finally we can run the file with sudo usr bin python home picoctf server py got me a root shell Going into the directory challenge and catting the file gives the flag picoCTF your flag	2023-04-01 09:51:04
海外TECH	DEV Community	BabyGame01 PicoCTF 2023	https://dev.to/brunoblaise/babygame01-picoctf-2023-4bh8	BabyGame PicoCTF babygame pointsAUTHOR PALASH OSWALDescriptionGet the flag and reach the exit Welcome to BabyGame Navigate around the map and see what you can find The game is available to download here There is no source available so you ll have to figure your way around the map You can connect with it using the port they give you This challenge wasn t solved by me but all the credits go to laundry Bla bla the game is to get to a specific square in the game using wasd cool Let s look at the code itself using IDA int cdecl main int argc const char argv const char envp char v esp h ebp AAh int v esp h ebp AAh BYREF char v esp Ah ebp ACh char v esp Eh ebp Ah BYREF unsigned int v esp AAh ebp Ch int p argc esp AEh ebp h p argc amp argc v readgsdword xu init player v init map v v print map v v signal sigint handler do do v getchar p argc move player v v v print map v v while v while v puts You win if v puts flage win fflush stdout return To win we need to make v not zero Because it was placed super well above the varible v I tried for ages to perfom a buffer overflow using the getchar function itself dud The relevant piece of code to solve this is in the move player function BYTE cdecl move player DWORD a char a int a BYTE result eax if a player tile getchar if a solve round a a BYTE a a a switch a case w a break case s a break case a a break case d a break result BYTE a a a result player tile return result secret commands are now shown to us l gt used to assign player tile a value from getchar p gt solve the game Now time to solve Before we begin remember to first try all move wasd so that you don t get existed in the game before finishing it w and a using those two we can win move the player to Player position and then using a move your player to go off map a till you see that the flag have changed from to or Now you can move to the final position to win using l and then p to win and there you go your flag picoCTF your flag	2023-04-01 09:43:09
海外TECH	DEV Community	Programming is the art of trade-off	https://dev.to/zenstack/programming-is-the-art-of-trade-off-1751	Programming is the art of trade offNo matter what programming language you are using one common suggestion you all probably hear is that Don t use switch statementsBesides people usually forgetting to add the break statement the more profound reason is that developers often avoid using special cases in their code Instead they prefer to use more flexible and powerful constructs such as polymorphism or dictionaries I heard lots of experienced developers say that they view their code as art It s not hard to understand since they spend hours or even days working on a particular piece of code Therefore they view their code as a reflection of their personal style and aesthetic preferences much like artists who create works of art However this pursuit of elegant well designed code can sometimes lead to a disregard for special case handling It s easy to get carried away with the desire to create perfect code but this obsession can sometimes blind developers from seeing the real problems they are trying to solve In other words this fixation on perfect code can be like a stain on white paper obscuring the bigger picture Special Case In my previous company we updated our product from a web data analytics platform to a complete marketing platform The major feature supporting this upgrade is to add a CDP Customer Data Platform under the hood Therefore you can create a user segment and make personalized content for them when they visit your website How to achieve that Technically we store all the user behavior data collected from the website in a MongoDB When a visitor comes we will try to see whether he could match a particular user segment based on his identity a cookie ID generated by our SDK for the anonymous user or a real user ID identified by the tracking event like login After launching for a while we found that the segment matching process becomes slower and slower It turns out that the main reason is that the data stored in MongoDB are way more than we expected which increases the read latency dramatically There is a very well known fact that up to of potential customers landing on corporate websites are completely anonymous After checking our database it s almost the same number If so in the real world most anonymous users probably would never visit the website again why do we still need to hold their behavior data forever I shared my idea with the leader of the backend team and we commenced discussions on potential solutions He If you want to remove an anonymous user s data how could you make sure he will never come back again Me Well I couldn t But we could guess there is a big chance he will never return based on some heuristic method For example if one anonymous user s last activity was already days ago which is the cookie lifetime for Safari He What if he comes again one day after days Me Hm so we need to find a way to recover his behavior data How about we create a separate cold database to store all the deleted anonymous user data For an anonymous user who comes to the website we could first check whether we could find his data in the normal database if not then we try to find his data from the cold database and reactive the data by moving it from the cold database to the normal database He It sounds like a solution But we need to write additional code for this special case And also if it happens it will become even slower than now because of an extra database query Me Yes it s a special case that we need to handle but it could solve the problem And since it s a special case let s see how often it could happen After making the change the problem is solved and according to the log the special case rarely happens Special Case My co founder and I are building the full stack toolkit ZenStack on top of Prisma One of our customers asked if we could resolve an unresolved Prisma issue Add findManyAndCount to return count of queried items Don t know why Prisma didn t provide that but it seems like an easy wrapper to achieve so const items count await prisma transaction async tx gt const items await tx user findMany query const count await tx user count where query where return items count Obviously it requires two queries for each API call But that s the fundamental database limitation it seems nothing we can do right One of our customers doesn t think so he offered another special case handling as below const items count await prisma transaction async tx gt const items await tx user findMany query If it is true we could avoid another query if query take amp amp items length lt query take return items count items length const count await tx user count where query where return items count Here is his quote Especially when building an admin dashboard extra counts every time you change a filter or a sort direction on a table add up if your database usage is metered so if the assuredly awesome ZenStack solution could factor that in ConclusionSince many people consider programming to have a strong relationship with mathematics They usually try to find a single solution that fits all cases like a mathematical formula However programming is not about writing code that runs it is about finding effective solutions to real world problems Real world problems are often complex and multifaceted and as such they typically do not have a one size fits all approach I do believe programming is an art but it s an art of trade off It s a trade off between time and space stability and flexibility performance and code complexity etc The ability to balance these trade offs is an essential part of programming and is what makes it an art Therefore as long as you know it s the right trade off don t be afraid to make the special case and write more code for that That s part of the art P S We re building ZenStack a toolkit that supercharges Prisma ORM with a powerful access control layer and unleashes its full potential for full stack development	2023-04-01 09:24:29
海外TECH	Engadget	NLRB says Activision Blizzard illegally surveilled employees during a walkout	https://www.engadget.com/nlrb-says-activision-blizzard-illegally-surveilled-employees-during-a-walkout-094211193.html?src=rss	NLRB says Activision Blizzard illegally surveilled employees during a walkoutActivision Blizzard is facing yet another complaint by the National Labor Relations Board NLRB The labor agency has “found merit with several elements of the unfair labor practice charges filed by the Communications Workers of America CWA on behalf of the company s workers the union has told Engadget This particular case pertains to the CWA s accusations that the game developer illegally surveilled workers when they walked out in July last year to protest the lack of gender equality in the company the overturning of Roe v Wade as well as Activision Blizzard s alleged union busting practices nbsp The NLRB found after an investigation that the company broke labor laws by using managers and security staff to monitor workers during the walkout In addition the labor board found merit in the CWA s accusation that the developer threatened to cut off workers access to an internal chatroom where they discussed their pay hours and overall working conditions According to IGN though NLRB has dismissed one charge regarding the company cutting off people s chat access to an all hands meeting The publication says Activision Blizzard s chief administrative officer Brian Bulatao has informed workers that chat was shut down for future all hands because that particular meeting turned toxic Attendees used it as a chance to “disparage the work of the Diablo Immoral team and others he explained An NLRB spokesperson told Reuters that it will move forward and prosecute Blizzard if the company doesn t settle The company s labor practices were thrust into the spotlight after California filed a lawsuit against it in for fostering a “frat boy workplace After a two year investigation the state s Department of Fair Employment and Housing had determined that the developer discriminated against female employees It s one labor issue after another for Activision Blizzard after that mostly related to workers organizing efforts To note the company is also facing another NLRB complaint accusing it of violating labor laws by implementing an overbroad social media policy that prevented workers from talking about their working conditions and threatening employees who were exercising their right to join a union Activision Blizzard told Engadget that those allegations were “false This article originally appeared on Engadget at	2023-04-01 09:42:11
ニュース	BBC News - Home	Dover ferry passengers warned of long delays as coaches queue up	https://www.bbc.co.uk/news/uk-65143093?at_medium=RSS&at_campaign=KARANGA	weather	2023-04-01 09:26:52
ニュース	BBC News - Home	'I'm still alive' jokes Pope as he leaves hospital	https://www.bbc.co.uk/news/world-europe-65147392?at_medium=RSS&at_campaign=KARANGA	alive	2023-04-01 09:41:00
ニュース	BBC News - Home	Russia assumes UN Security Council presidency despite Ukrainian anger	https://www.bbc.co.uk/news/world-europe-65146557?at_medium=RSS&at_campaign=KARANGA	council	2023-04-01 09:27:46
ニュース	Newsweek	日米関係が今こそ「中東で」進化を遂げるべきこれだけの理由	https://www.newsweekjapan.jp/stories/world/2023/04/post-101270.php		2023-04-01 18:30:30