投稿時間:2023-07-13 06:29:12 RSSフィード2023-07-13 06:00 分まとめ(33件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
AWS	AWS Big Data Blog	Configure end-to-end data pipelines with Etleap, Amazon Redshift, and dbt	https://aws.amazon.com/blogs/big-data/configure-end-to-end-data-pipelines-with-etleap-amazon-redshift-and-dbt/	Configure end to end data pipelines with Etleap Amazon Redshift and dbtThis blog post is co written with Zygimantas Koncius from Etleap Organizations use their data to extract valuable insights and drive informed business decisions With a wide array of data sources including transactional databases log files and event streams you need a simple to use solution capable of efficiently ingesting and transforming large volumes of data in real …	2023-07-12 20:54:22
Ruby	Railsタグが付けられた新着投稿 - Qiita	HerokuをずっとHogeだと思ってたのでまとめた	https://qiita.com/giver0720/items/91dcb03830cf99bccc64	heroku	2023-07-13 05:49:27
海外TECH	Ars Technica	These are the last Prime Day deals on Switch, Xbox, and PlayStation games	https://arstechnica.com/?p=1953325	tsushima	2023-07-12 20:40:06
海外TECH	Ars Technica	Tax preparers that shared private data with Meta, Google could be fined billions	https://arstechnica.com/?p=1953412	impacts	2023-07-12 20:36:01
海外TECH	MakeUseOf	11 Free Movie Streaming Sites With No Sign Up Requirements	https://www.makeuseof.com/free-movie-streaming-sites-no-sign-up/	requirementswant	2023-07-12 20:31:18
海外TECH	MakeUseOf	The Best Routers for Under $100	https://www.makeuseof.com/best-routers-for-under-100/	affordable	2023-07-12 20:15:18
海外TECH	MakeUseOf	11 Alternatives to Omegle	https://www.makeuseof.com/alternatives-to-omegle/	alternatives	2023-07-12 20:15:18
海外TECH	MakeUseOf	Can a Hacker See What You’re Looking at in Incognito Mode?	https://www.makeuseof.com/can-a-hacker-see-incognito-mode/	incognito	2023-07-12 20:01:17
海外TECH	DEV Community	Microsoft at EuroPython 2023	https://dev.to/europython/microsoft-at-europython-2023-5587	Microsoft at EuroPython We re thrilled to be a Platinum Sponsor of EuroPython again this year happening from July th rd in Prague Czechia If you can t make it in person you can still attend the conference remotely as EuroPython is a hybrid event this year Our team member Steve Dower will be giving talks during the conference Python amp Visual Studio Code Copilot Revolutionizing the way you do data science CPython Developer Panel Make sure you don t miss them We ll also be at the Microsoft booth talking about the hard work our teams have been doing to continue supporting the Python community and to improve the experience for Python developers across our products over the past year For instance Visual Studio Code which has become the most used editor for Python developers in has a new and improved experience when working with Jupyter notebooks a revamped test explorer via the Python extension and now comes with new Python dev tools extensions such as pylint black and isort We have also enabled a smooth and lightweight editing experience on the web with vscode dev and github dev and a feature rich one in GitHub Codespaces We have also improved Data Science workflows inside of Visual Studio Code Polyglot notebooks now supports Python allowing you to use multiple programming languages natively all in the same notebook in Visual Studio Code No more needing wrapper libraries or magic commands to work with your favorite languages in the same notebook With polyglot notebooks each language in Polyglot Notebooks gets a first class editing experience with language server support such as autocompletion syntax highlighting and signature help Variable explorer now allows you to check values and share variables across all the supported languages Additionally we have launched the Data Wrangler extension in Visual Studio Code With Data Wrangler you can seamlessly clean and explore your data in VS Code It offers a variety of features that will help you quickly identify and fix errors inconsistencies and missing data You can perform data profiling and data quality checks visualize data distributions and easily transform data into the format you need Plus Data Wrangler comes with a library of built in transformations and visualizations so you can focus on your data not the code As you make changes the tool generates code using open source Python libraries for the data transformation operations you perform This means you can write better data preparation programs faster and with fewer errors The code also keeps Data Wrangler transparent and helps you verify the correctness of the operation as you go In the machine learning and AI realm Azure Machine Learning Visual Studio Code Web integration is now in public preview VS Code for the Web provides you with a full featured development environment for building your machine learning projects all from the browser and without required installations or dependencies And by connecting your Azure Machine Learning compute instance you get the rich and integrated development experience VS Code offers enhanced by the power of Azure Machine Learning Furthermore Prompt Flow for Azure Machine Learning is now in preview Prompt Flow provides a streamlined experience for prompting evaluating tuning and operationalizing large language models With prompt flow you can quickly create prompt workflows that connect to various language models and data sources This allows for building intelligent applications and assessing the quality of your workflows to choose the best prompt for your case These are only some of the many things we look forward to chatting with you at EuroPython But if you can t make it there no problem you can always connect to us through our Discord channel Whether it s in person or virtually we all look forward to meeting you Original Post	2023-07-12 20:28:33
海外TECH	DEV Community	Unveiling the Sudo Heap Overflow Vulnerability (CVE-2021-3156): A Critical Security Flaw Reappears	https://dev.to/tutorialboy/unveiling-the-sudo-heap-overflow-vulnerability-cve-2021-3156-a-critical-security-flaw-reappears-1ocf	Unveiling the Sudo Heap Overflow Vulnerability CVE A Critical Security Flaw Reappears IntroductionIn this blog post we dive into the intricacies of the Sudo Heap Overflow Vulnerability CVE On January Qualys Research Labs discovered a flaw in sudo When sudo parses the command line parameters the truncation character is wrongly judged which leads to the attacker maliciously constructing a payload causing sudo to overflow the heap This vulnerability can cause Local privilege escalation Environmentenvironment version•ubuntu •sudo pUse the following command to compile and installcd sudo SUDO p mkdir build configure prefix home pwn sudo CFLAGS O g make amp amp make install Vulnerability poc sudoedit s Executing the above POC and executing sudoedit will display the words malloc invalid size which is a typical exception caused by a heap overflow Vulnerability AnalysisThe Source code analysisset cmnd function File plugins sudoers sudoers c static int set cmnd void if sudo mode amp MODE RUN MODE EDIT MODE CHECK Need to meet the setting of the flag bit To enter the escape process set user args if NewArgc gt char to from av size t size n Alloc and build up user args for size av NewArgv av av Traverse each parameter size strlen av Calculate the length of each parameter if size user args malloc size NULL Dynamically allocate a section of memory through malloc to store parameter content sudo warnx U s s func U unable to allocate memory debug return int if ISSET sudo mode MODE SHELL MODE LOGIN SHELL The setting of the flag bit needs to be satisfied to enter the escape process When running a command via a shell the sudo front end escapes potential meta chars We unescape non spaces for sudoers matching and logging purposes for to user args av NewArgv from av av Traverse each environment variable and copy the content to the memory while from The vulnerability point when scanning the parameter content encounter needs to be escaped such as t n etc so sudo only judges whether is followed by a space character that is the isspace function is used to judge The characters included in isspace are as follows x space SPC space character t x horizontal tab TAB horizontal tab character n xa newline LF newline character v xb vertical tab VT vertical tab character f xc feed FF form feed character r xd carriage return CR does not include above carriage return The parameters are separated by so when is followed by from will cause the next parameter to be copied in and finally cause the heap block to overflow amp amp isspace unsigned char from from to from to to Therefore the vulnerability lies in the need to escape the escape character when entering the set cmnd function but the function does not judge the escape character as the end of the parameter that is x parse args functionThe parse args function is used to reverse escaping that is if there are escape characters in the parameter a will be added before each escape characterFile src parse args c if ISSET mode MODE RUN amp amp ISSET flags MODE SHELL The setting of the flag bit needs to be satisfied before entering the reverse escape process char av cmnd NULL int ac if argc shell c command char src dst size t cmnd size size t argv argc argv strlen argv argc cmnd dst reallocarray NULL cmnd size if cmnd NULL sudo fatalx U s s func U unable to allocate memory if gc add GC PTR cmnd exit for av argv av NULL av for src av src src quote potential meta characters if isalnum unsigned char src amp amp src amp amp src amp amp src dst dst src dst if cmnd dst dst replace last space with a NUL dst ac c cmnd This is why the set cmnd function needs to escape the parameters so if the parse args function is first used to reverse the parameters and then the set cmnd function is used to escape then there will be no loopholes in sudoBypass inspectionSo how to bypass the set cmnd function and directly enter the parse args function is the key factor for the vulnerability to be successfully triggeredThe first is how to enter the set cmnd function sudo will go through double detectionsudo mode needs to have the flag bit of MODE RUN MODE EDIT or MODE CHECKsudo mode needs to have the flag bit of MODE SHELL or MODE LOGIN SHELLFile plugins sudoers sudoers c if sudo mode amp MODE RUN MODE EDIT MODE CHECK The setting of the flag bit needs to be satisfied to enter the escape process if ISSET sudo mode MODE SHELL MODE LOGIN SHELL Need to meet the setting of the flag bit to enter the escape process If you want to get the flag bit of MODE SHELL you need to set the s parameter at this time through SET flags MODE SHELL set the flag to MODE SHELL and the default mode is NULL so setting the s parameter can make the flag set both MODE SHELL and MODE RUN File src parse args c case s sudo settings ARG USER SHELL value true SET flags MODE SHELL break if mode mode MODE RUN running a command But if you use sudo s it will cause the flag to set MODE SHELL and MODE RUN and you will enter the process of the parse args function which will add a in front of all non alphanumeric characters which will cause us to fail Construct the vulnerability character of x so if we want to exploit the vulnerability successfully we don t need the program to enter the set cmd function but we cannot enter the parse args functionFile src parse args c if ISSET mode MODE RUN amp amp ISSET flags MODE SHELL The setting of the flag bit needs to be satisfied before entering the anti escaping process for av argv av NULL av for src av src src quote potential meta characters if isalnum unsigned char src amp amp src amp amp src amp amp src dst dst src At the beginning of the parse args function it will detect whether it is called by sudo or sudoedit If it is called by sudoedit it will directly set MODE EDIT to the mode thus bypassing the mode NULL When the flag needs to be set to MODE RUN so use sudoedit s you can set the flag to set MODE EDIT and set MODE SHELLFile src parse args c proglen strlen progname if proglen gt amp amp strcmp progname proglen edit progname sudoedit mode MODE EDIT sudo settings ARG SUDOEDIT value true The second path to enter set cmnd is to set the flag to MODE EDIT MODE SHELL Such input can bypass the parse args function and prohibit entry to the set cmd function This is why the heap overflow of sudo needs to be triggered by sudoedit s instead of sudo the sFile plugins sudoers sudoers c if sudo mode amp MODE RUN MODE EDIT MODE CHECK The setting of the flag bit needs to be satisfied to enter the escape process if ISSET sudo mode MODE SHELL MODE LOGIN SHELL Need to meet the setting of the flag bit to enter the escape process Exploit Vulnerability Exploitation AnalysisSince the program has an obvious heap overflow vulnerability it is necessary to sort out how the heap overflow is exploited •Find a heap block whose value will affect the flow of program execution which is called an available heap block •Find an operation that can freely control the location of the heap block and deploy the heap block applied by the vulnerable function above the exploitable heap block When the heap overflow is triggered the value of the exploitable heap block can be rewritten to our expected value Available HeapsNSS is used to parse and obtain different types of name information such as how to obtain user information by name and NSS needs to be called when sudo needs to obtain user information When using NSS to obtain information it actually performs corresponding behaviors through different dynamic link libraries and the file names of these libraries exist in the configuration file of etc nsswitch confFor example if you want to query the passwd file you need to use libnss files so and libnss systemed soSo how to load these dynamic link libraries needs to depend on the nss load library function and this related information is stored in the service user structure which is stored in the heap memory Then it is necessary to study whether the value of the structure will affect the execution flow of the program The code is as follows File nsswitch c static int nss load library service user ni if ni gt library NULL This service has not yet been used Fetch the service library for it creating a new one if need be If there is no service table from the file this static variable holds the head of the service library list made from the default configuration static name database default table ni gt library nss new service service table amp default table ni gt name if ni If the value of gt library is NULL a new ni gt library will be created and all members will be initialized if ni gt library NULL return if ni gt library gt lib handle NULL Since ni gt library is newly created ni gt library gt lib handle must be NULL Load the shared library size t shlen strlen ni gt name strlen nss shlib revision int saved errno errno char shlib name shlen Construct shared object name st y st y st y st y shlib name libnss ni gt name so shalib name is obtained according to splicing nss shlib revision ni gt library gt lib handle libc dlopen shlib name load dynamic link libraryThe key point of the above code is that the program will use libc dlopen to open the dynamic link library specified by shalib name and shalib name is obtained by a series of splicing through ni gt name and ni gt name is stored in the structure service user In ni the structure is stored in the heap memory Then we found the key value ni gt name which is a key variable that can modify the execution flow of the program For example if we change ni gt name to X test then the final splicing result will get libnss X test so then if we create a new libnss X in the current directory and create a test so in the directory The dynamic link library then sudo will load and execute the code in our dynamic link library So far we have found the first key factor of utilization which is the use of heap blocks The operation of arranging blocksSince we have found the available heap blocks if we can deploy the heap overflowed heap blocks above the available heap blocks and use the heap overflow to modify ni gt name the effect of arbitrary code execution can be completed In the main function of sudo the setlocate function will be executed setlocale is a function used to set the locale of the program and there are corresponding implementations in many programming languages ​​and operating systems Regional settings refer to the collection of related information such as the language region date format currency symbol etc used by the program at runtime By setting the locale the program can adapt to localization needs according to different regions and language environments export LC ALL en US UTF XXXXIn the setlocal function a lot of heap block allocation and release operations are involved When calling setlocal LC ALL the program will search for the value of the locale through the value set by the environment variable and the search for the environment variable depends on nl find locale function nl find locale function File locale findlocale c struct locale data nl find locale const char locale path size t locale path len int category const char name LOCALE can consist of up to four recognized parts for the XPG syntax language territory codeset modifier Besides the first all of them are allowed to be missing If the full specified locale is not found the less specific one are looked for The various part will be stripped off according to the following order codeset normalized codeset territory modifier The format of the area is C en US UTF XXXXXX nl explode name is used for judgment Which part exists and which part is missing mask nl explode name loc name amp language amp modifier amp territory amp codeset amp normalized codeset if mask Memory allocate problem return NULL locale file is dynamic for regional settings Memory allocation locale file nl make lnflist amp nl locale file list category locale path locale path len mask language territory codeset normalized codeset modifier nl category names get category return NULL if locale file NULL Find status record for addressed locale file We have to search through all directories in the locale path locale file nl make lnflist amp nl locale file list category locale path locale path len mask language territory code set normalized codeset modifier nl category names get category if locale file NULL This means we are out of core return NULL nl make lnflist function nl make lnflist will allocate heap blocks according to the value we pass in File intl lnflist c struct loaded lnfile nl make lnflist struct loaded lnfile lnfile list const char dirlist size t dirlist len int mask const char language const char territory const char codeset const char normalized codeset const char modifier const char filename int do allocate Dynamic allocation according to the length of the area value we pass in abs filename char malloc dirlist len strlen language mask amp XPG TERRITORY strlen territory mask amp XPG CODESET strlen codeset mask amp XPG NORM CODESET strlen normalized codeset mask amp XPG MODIFIER strlen modifier strlen filename setlocale function The overall operation of the setlocale function is to read the value of the environment variable to obtain the value of the regional setting and allocate the heap block size according to the value of the regional setting If there is any specification that does not meet the regional value all previously applied heap blocks will be released File locale setlocale c while category gt if category LC ALL Use the nl find locale function to obtain the value of the environment variable and store it in newdata category newdata category nl find locale locale path locale path len category amp newnames category else Use the strdup function to allocate space in the heap memory and copy newdata category into it newnames category strdup newnames category if newnames category NULL break if category LC ALL amp amp newnames category nl C name amp amp newnames category nl global locale names category free char newnames category The primitive as long as there is a regional setting value that does not conform to the specification all previously applied heap blocks will be released Therefore the size of the heap can be controlled by the area value and then a wrong area value is set at the end to control the position of the heap So far we have found an operation that can control the heap LC IDENTIFICATION C UTF XX XX If the length is x then malloc x LC MEASUREMENT C UTF XX XXX If the length is X then malloc x LC TELEPHONE XXXX If it does not conform to the specification of the area value free will be called analysis of expSince we need to control the heap block of server user we need to know the size of the heap block Through debugging we can see that it is a heap block of x so use setlocate to release a few more heap blocks of x then server user will use what we released pile of blocks Immediately after that allocate the vulnerability heap block above the server user heap block Since the server user heap block is constructed by ourselves we only need to release the vulnerability heap block while releasing the heap block and the application for the vulnerability heap block can be set according to the length of the parameterSet the function of setting the area value as the primitive of heap block allocation and release and use the character after to control the size of the heap blockFreeing heap blocks with wrong region valuesFinally how to fill in the exploitable heap block Here heap overflow is used and the filling string is constructed in the environment variable so that the exploitable heap block can overwrite the content value of the exploitable heap block However it should be noted here that we need to Ni gt library is filled with x and x cannot be directly input into the environment variable so it is necessary to observe how the vulnerable function copies characters again According to the code analysis as long as is followed by x then we can directly copy the value of x to the heap memory Then modify ni gt name to the dynamic link library we think is constructed File plugins sudoers sudoers c if from amp amp isspace unsigned char from if is followed by x from At this point from will point to x to from Use x to copy the value Set multiple environment variables so that there are multiple x in the memory so use x to cover the memory value of the heap The demonstration effect is as follows Bug FixesThe repair of the vulnerability is to make an additional judgment on the flag bit of MODE EDIT and add a check of after a plugins sudoers sudoers c Sat Jan b plugins sudoers sudoers c Sat Jan If run as root with SUDO USER set set sudo user pw to that user XXX causes confusion when root is not listed in sudoers if sudo mode amp MODE RUN MODE EDIT amp amp prev user NULL if ISSET sudo mode MODE RUN MODE EDIT amp amp prev user NULL if user uid amp amp strcmp prev user root struct passwd pw if user cmnd NULL user cmnd NewArgv if sudo mode amp MODE RUN MODE EDIT MODE CHECK if ISSET sudo mode MODE RUN MODE CHECK if ISSET sudo mode MODE RUN MODE EDIT MODE CHECK if ISSET sudo mode MODE EDIT extra judgment on MODE EDIT const char runchroot user runchroot if runchroot NULL amp amp def runchroot NULL amp amp strcmp def runchroot sudo warnx U s s func U unable to allocate memory debug return int NOT FOUND ERROR if ISSET sudo mode MODE SHELL MODE LOGIN SHELL if ISSET sudo mode MODE SHELL MODE LOGIN SHELL amp amp ISSET sudo mode MODE RUN sudo s is required to escape When running a command via a shell the sudo front end escapes potential meta chars We unescape non spaces for to user args av NewArgv from av av while from if from amp amp isspace unsigned char from if from amp amp from amp amp Added the judgment of isspace unsigned char from from if size to user args lt sudo warnx U internal error s overflow func debug return int NOT FOUND ERROR to from if size to user args lt sudo warnx U internal error s overflow func debug return int NOT FOUND ERROR to to SummarizeSudo heap overflow attack processFirst use setlocate as the primitive for heap block allocation and release and construct a suitable heap layout to ensure that the server user heap block is as close as possible to the heap block created by the vulnerable code Secondly the heap overflow is used to overwrite the ni gt name value of the server user heap block and the overwritten value is a maliciously constructed dynamic link library name Finally wait for the dynamic link library to be loaded and executed Limitations of Sudo Heap Overflow ExploitationSince the sudo heap overflow depends on the layout of the heap different versions of sudo or the operating system will affect the exploitation of the vulnerability	2023-07-12 20:18:43
Apple	AppleInsider - Frontpage News	Apple reissues Rapid Security Response for iOS 16.5.1 and macOS 13.4.1	https://appleinsider.com/articles/23/07/12/apple-reissues-rapid-security-response-for-ios-1651-and-macos-1341?utm_medium=rss	Apple reissues Rapid Security Response for iOS and macOS After pulling the Rapid Security Response for iOS iPadOS and macOS a few days prior Apple has reissued the software updates Apple reissues RSR patch for iPhone iPad and MacApple s Rapid Security Response RSR is a standard part of the company s security updates system The whole point is to quickly address significant issues related to the software without forcing end users to wait for a full update Read more	2023-07-12 20:48:16
Apple	AppleInsider - Frontpage News	macOS Sonoma brings iCloud Password extension to third-party browsers	https://appleinsider.com/articles/23/07/12/macos-sonoma-brings-icloud-password-extension-to-third-party-browsers?utm_medium=rss	macOS Sonoma brings iCloud Password extension to third party browsersmacOS Sonoma saw the release of its first public beta recently and along with it Apple is bringing its password manager feature to third party web browsers Apple PasswordsApple wants to make it easy to manage passwords and not just within its own software and apps For example in the company launched an official iCloud Passwords extension for Google s Chrome on Windows broadening the availability of iCloud Keychain Read more	2023-07-12 20:11:18
海外TECH	Engadget	Amazon Prime Day 2023 Day 2: The best deals you can still get	https://www.engadget.com/amazon-prime-day-2023-day-2-the-best-deals-you-can-still-get-111813236.html?src=rss	Amazon Prime Day Day The best deals you can still getThe second half of Amazon Prime Day is here and you can still pick up a bunch of tech on sale This year has brought a number of solid Prime exclusive deals on some of our favorite tech including Apple AirPods Google Pixel phones and of course Amazon s own devices like Echos Kindles Fire TV Sticks and more Whether you re just getting around to shopping Amazon Prime Day deals or you re returning today to see what else you can pick up on discount we ve collected the best Prime Day deals here so you don t have to go searching for them Apple AirPods ProApple s second generation AirPods Pro are on sale for for Prime Day These buds are a huge improvement over their predecessors offering improved sound quality ANC and transparency mode We still consider these to be the best earbuds for iPhone users thanks to their Apple specific features like quick pairing and switching and hands free Siri Apple AirPods nd Generation The latest AirPods might have a few extra bells and whistles but the second generation Apple AirPods are a great choice for They re currently off their sticker price of for Prime Day the lowest we ve seen them in a while This model mirrors its successor in having an H chip Siri automatic switching between devices and a lightning charging case The biggest consideration is battery life with these AirPods offering five hours of uninterrupted use and over hours with the charging case If you re looking for AirPods for your commute or walks the price difference makes the second gen AirPods a solid option Apple Watch Series The Apple Watch Series is the brand s latest flagship wearable and usually sells for for the mm GPS model Prime Day brings it down to which is off its regular price The Series is our top pick in our guide to smartwatches because it combines detailed health and fitness tracking with seamless iPhone integration New features include temperature sensors ECG and blood oxygen readings crash detection and improved sleep metrics The upcoming WatchOS will bump the utility even more with widgets plus expanded health fitness and mindfulness features Apple inch iPadApple s th generation iPad is down to which a record low It s the budget pick in our guide to the best iPads and while it doesn t have the thin bezels and as much accessory support as our top pick it s the most affordable way to snag an iPad It s a great couch companion that performs well for casual browsing binge streaming and light gaming Apple MacBook Air MThe M MacBook Air released back in but it remains a worthy option if you want a Mac for light work and web browsing for as little cash as possible The entry level configuration is now on sale for which is a new low This model s keyboard trackpad display and battery life continue to impress and the quiet M chip is still fast enough for the essentials This configuration is strictly for casual use though as it only has GB of RAM and a GB SSD You ll have to live with a more basic p webcam too and you ll miss out on the improved speakers and slimmer bezels of the M model We gave the M Air a review score of at launch Apple MacBook Air inch The new larger version of Apple s MacBook Air M is down to for a configuration with GB of RAM and a GB SSD That s a modest drop from its usual price on Amazon but the notebook only just arrived last month and it s less than buying from Apple directly The M Air is the top pick in our guide to the best laptops and we gave it a review score of in June It checks just about all the requisite boxes for a mainstream notebook with a thin and light design bright and accurate display comfortable keyboard long lasting battery and more than enough performance for everyday use This inch model has all the same benefits of the prior inch model but adds a more powerful speaker system and slightly upgraded GPU alongside the bigger screen Sony WH XMOur current favorite pair of wireless headphones Sony s WH XM are down to for Prime Day It s the total package that combines great audio quality with excellent ANC and a comfy fit to make a pair of headphones you ll be able to wear all day long if you wish It also supports multipoint connectivity and a hour battery life Bose QuietComfort The Bose QuietComfort headphones have dropped to a new low of for Prime Day which is a whopping off their usual price These cans earned a spot in our best wireless headphone guide thanks to their comfortable if a little dated design excellent ANC and balanced audio Google Pixel Buds ProGoogle s flagship wireless earbuds the Pixel Buds Pro are down to for Prime Day a new all time low Google took all of the lessons it learned when making previous earbuds and got a lot of things right with the Pixel Buds Pro These will be great for Android users who want buds with punchy bass good ANC reliable touch controls and wireless charging Anker Soundcore Space AThe Soundcore Space A was already our favorite pair of wireless earbuds for those on a budget and now it s even more affordable now for Prime Day The Space A provides the kind of performance and features you d expect from true wireless earbuds that cost twice as much strong ANC a small and light design a warm sound that s enjoyable out of the box but customizable through a companion app a transparency mode wireless charging solid battery life around eight hours per charge and the ability to connect to two devices at once Ultimate Ears Wonderboom The Wonderboom from Ultimate Ears is currently percent off for Prime Day dropping it down to instead of the usual That s the lowest price we ve seen in a while matching the all time low it hit just before Black Friday last year In our tests the Wonderboom delivered the biggest sound of any speakers in its size range plus it has a cute design with a strap and comes in bright blue hot pink or a more sedate gray note that the black colorway isn t discounted JBL Charge JBL s Charge is usually but is down to for Prime members It also made Engadgets speaker guide and has a separate tweeter and dual bass radiators for bigger sound and of course can handle a dunk in water It s got a long hour battery life and can even share some of that juice with your phone via the USB C port Amazon KindleThe standard Kindle is already Amazon s most affordable ereader and Prime Day drops it down to from its usual price tag which is a new all time low This latest model saw a lot of improvements when it was updated in Capacity was doubled to GB and the screen resolution jumped up to ppi for much clearer text We named it the best budget option in our ereader guide because its perfect entry point to reading and borrowing ebooks and audiobooks Kindle PaperwhiteThe Kindle Paperwhite has a bigger screen and a few extra features over the standard Kindle and is now which is off its MSRP An adjustable warm front light makes it easier on your eyes at night and the waterproof feature means you can read by the pool or in the bath The price applies to the GB version If you want more storage you can grab the GB capacity model for Kobo Clara EThe Kobo Clara E is now instead of It s our top pick in our ereader guide and doesn t often go on sale We like the textured back crisp text and responsive touch controls It s also waterproof ad free and has a comfortable warm light for night reading The Kobo store has millions of books and is easy to navigate and the Clara E makes it easy to borrow ebooks from your local library Samsung Pro Plus microSDThe top pick in our best microSD cards guide Samsung s Pro Plus in GB is on sale for right now It had some of the best overall speeds of any of the microSD cards we tested and it has all of the important ratings that a good card should have U V and A It ll be a great pick for your tablet smartphone or Nintendo Switch and it comes with a full sized adapter in case you need to use it with a camera or connect it to your computer Samsung Evo Select microSDSamsung s Evo Select microSD card has dropped to for Prime Day It s a step behind the top pick in our microSD card guide mostly due to its slower sequential write speeds but it s argubly the best value microSD card you can get right now Samsung T ShieldThe Samsung T Shield SSD has been discounted to for Prime Day The T series as a whole includes some of our favorite SSDs and the Shield is the most durable of the bunch The portable drive has an IP rating for water and dust resistance and it can withstand drops from up to feet high On top of that its MB s read write speeds should be enough for most people s needs Samsung ProSamsung s Pro SSD has dropped to for Prime Day It s another good option for the PS especially since you can spring for a model with an included heatsink if you want The Pro has read speeds up to MB s and reliable thermal controls Crucial MXCrucial s MX internal drive has been discounted to for Prime Day It has sequential read speeds of MB s and a standard inch design that should make it easy to swap in for your desktop s or laptop s used up drive Tile SlimThe Tile Slim is down to for Prime Day In our tests it was louder than the other wallet focused trackers we tried it was even louder than the Tile Mate which is also on sale It works with both Android and Apple devices and its thick credit card shape nicely slides into slots of a typical wallet Amazon Echo DotAmazon has knocked the price of the latest Echo Dot down to which is more than half off its normal price It s one of the best smart speakers you can get right now thanks to its orb like design surprisingly good sound quality for its size and handy Alexa integration The newest Echo Dots can also act as Eero WiFi boosters adding up to square feet of coverage to your existing Eero system If you re looking for something even more affordable the new Echo Pop is down to right now as well Amazon Echo Show The latest Echo Show is half off and down to a record low of The Show has been one of the best smart displays available for quite some time and it ll be particularly good for anyone who wants an Alexa capable smart display that won t take up a lot of space It also makes for a good alarm clock thanks to its sunrise alarm and tap to snooze features The newest model has a faster processor improved sound quality and an additional microphone for better Alexa performance Amazon Fire Max Amazon s recently released Fire Max tablet is on sale for for Prime Day It s the best discount we ve seen since the Amazon s most powerful tablet launched in May The slab has an inch x touchscreen an octa core processor GB of RAM up to GB of built in storage and up to hours of battery life It can also work with a detachable keyboard and stylus so you could use it like a in laptop Samsung SBThe inch Samsung SB is on sale for matching its all time low Typically this highly rated set has cost an extra to in recent months The SB s QD OLED panel combines OLED tech with a quantum dot layer allowing it to deliver high contrast and wide viewing angles without sacrificing as much as typical OLED TVs in terms of brightness and color saturation This means it should provide a rich image even in brighter rooms It can also play up to K Hz which is handy for the PS or Xbox Series X but like all Samsung TVs it doesn t support Dolby Vision HDR The SB is a model so it s on the way out in favor of the new SC The latter supports a faster Hz refresh rate and runs its ports through an external box which makes the design thinner Other reviewerssay it can get a bit brighter too But the S currently costs and for a and inch model respectively and its upgrades don t appear to be massive enough to justify that extra cost for most If you re in the market for a premium TV the SB should remain the better value while it s still available Samsung The Frame smart TVSamsung s inch The Frame TV is down to which is a new low and about off its typical street price The Frame is a TV for those willing to trade some picture quality for classy aesthetics as it s designed to look like a piece of art you can mount against a wall When you aren t watching something you can use it to display artwork and photos A few digital art pieces come included while others are sold with a subscription The Frame s QLED panel lacks local dimming so its contrast and HDR performance can t really compete with the best options in its price range It only has one HDMI port too But the image is still far from poor and its design does well to blend into a wall as we ve professed before Roku Streaming Stick KRoku s Streaming Stick K is down to for Prime Day or off its usual price It s our favorite streaming device at the moment because it packs a ton of features into an affordable package It streams K HDR content with Dolby Vision and it supports AirPlay and private listening with headphones Amazon Fire TV Stick K MaxThe Fire TV Stick K Max is on sale for which is below its list price and lower than the usual sale price we ve seen over the course of the year This is Amazon s fastest streaming stick and its remote comes with Alexa baked in It supports the major HDR standards in Dolby Vision HDR and HDR and like the rest of the Fire TV lineup it works with just about all of the necessary streaming apps Unlike the standard Fire TV Stick K it also has a WiFi radio though you ll need a compatible router and an unusually fast internet connection to ever see any advantage from that Amazon Fire TV Stick K LiteWe call the Fire TV Stick Lite the best budget pick in our guide to the best streaming devices It s essentially the same as the standard Fire TV Stick only its remote lacks built in volume and TV controls It can t output Dolby Atmos audio to a compatible sound system either It makes up for all of this by being extremely affordable and Prime Day has only furthered that you can pick it up for which is a percent discount Meta Quest gift cardAmazon includes a free gift card when you buy the Meta Quest VR headset for Prime Day so your total for the bundle will be This is the best VR headset for most people right now thanks to its relatively affordable price cordless and comfortable design fast switching LCD screens Hz refresh rate and solid motion controllers Google Pixel aThe Google Pixel a is on sale for right now or off its usual rate and an all time low This is the best midrange phone you can get right now thanks to its speedy Tensor G chip smooth Hz display and support for wireless charging The a also has solid cameras and an IP water resistant design Samsung Galaxy S UltraSamsung s Galaxy S Ultra has dropped to a record low price of for Prime Day and the rest of the lineup is on sale too The Ultra in particular is the best Android smartphone you can get right now thanks to its Snapdragon Gen chip big bold Hz display built in S Pen and excellent main camera Nest WiFi Pro PackThe Google Nest WiFi Pro three pack gives you all the same technology as the pair but with a wider range With three routers you can access WiFi across square feet At percent off the trio is making each Nest WiFi Pro only ーit s a steal considering they typically retail for each As for color get them all in Snow or get a mix of Snow Fog and Linen TP Link Deco XE mesh WiFi systemThe best mesh WiFi system out right now TP Link s Deco XE is down to a record low of for Prime Day While this set doesn t have one stand out feature that puts it above the competition it does a great job balancing power and usability It has an easy setup process an equally easy to use mobile app and it provides a stable and fast WiFi network that will cover most homes well This is the best price we ve seen on the three pack that usually costs Shark AI Ultra in robot vacuumShark s vacuum and mop machine has dropped to for Prime Day It s one of the best robot vacuums you can get right now because of its versatility and decent starting price so if you can pick it up while it s on sale that s even better It comes with a water reservoir with a cloth attached to it that lets you mop hard floors when you need to The standard dustbin will hold all debris during vacuuming and the machine is smart enough to empty its clean base automatically after every vacuuming job you ll have to empty the water reservoir on your own TP Link Kasa Smart WiFi Light BulbOur favorite budget smart light bulbs are TP Link s Kasa Smart WiFi Bulbs which are percent off right now for the two pack bringing it to Installation is easy and the lights stayed reliably connected during testing plus the companion app is simple Blink Mini packA two pack of Blink Mini security cameras is on sale for for Prime Day That s only more than we saw it during the holiday shopping season last year While these cameras are wired they have most of the same features as the standard wireless Blink cameras including p video recordings and support for two way talk and motion alerts Fitbit Charge The Fitbit Charge is our favorite overall tracker and is currently or off its usual price Fitness trackers aren t as fully featured as smartwatches but that typically means they have a longer battery life and cost a little less We like the Charge for its comprehensive activity tracking and health monitoring that comes in a thin profile with a multi day battery life It also pairs with both Apple and Android phones Razer Huntsman MiniThe compact Razer Huntsman Mini is down to for a model with either Clicky Purple or Linear Red opto mechanical switches Neither deal is quite an all time low but the two models have usually retailed in the to range over the last few months The Huntsman Mini is the top pick in our guide to the best percent keyboards as its keys are pleasant and consistently responsive for gaming The whole thing feels well built with quality PBT keycaps and RGB lighting on a per key basis Each key can be programmed through macros as well The switches here aren t ideal for those who like a springy and more tactile though and the ultracompact design won t be for everyone BitDo Ultimate C Wireless ControllerThis simplified version of BitDo s Ultimate Wireless Controller is percent off and down to for Prime Day It works on Windows Android Steam Deck and Raspberry Pi and it connects via G wireless or via a USB dongle that comes with it BitDo controllers are some of our favorites thanks to their solid build quality and fun yet comfortable designs and this one has a battery life of hours so you can get a lot of playtime in before it needs a recharge Logitech Litra GlowLive streamers or anyone who wants to look better on camera should snag Logitech s Litra Glow LED light while it s on sale for Prime members We recommend it in our guides because the USB powered device delivers a diffuse soft glow without harsh shadows and comes with an extendable monitor mount Razer Blade A configuration of the Razer Blade with a Core i H processor GeForce RTX Ti GPU Hz QHD display GB of RAM and TB SSD is down to for Prime Day That s about off its usual street price in recent months We gave the Blade a review score of last year and we currently recommend it as a premium pick in our guide to the best gaming laptops This config is a model the latest version is largely a spec bump but it ll still be powerful enough to play most modern games at high settings and frame rates particularly with DLSS The main reason to pay the premium for any Blade laptop though is because it packs that power in a slim and premium feeling aluminum design Just note that it can run hot and that its battery life is fairly short Your Prime Day Shopping Guide See all of our Prime Day coverage Shop the best Prime Day deals on Yahoo Life Follow Engadget for the best Amazon Prime Day tech deals Learn about Prime Day trends on In the Know Hear from Autoblog s car experts on must shop auto related Prime Day deals and find Prime Day sales to shop on AOL handpicked just for you This article originally appeared on Engadget at	2023-07-12 20:35:45
海外TECH	Engadget	Samsung Frame smart TVs drop to as low as $548 for Prime Day 2023	https://www.engadget.com/samsung-frame-smart-tvs-drop-to-as-low-as-548-for-prime-day-2023-201921481.html?src=rss	Samsung Frame smart TVs drop to as low as for Prime Day You ll want to act quickly if you re shopping for a truly stand out TV set Samsung s Frame TVs are on sale at Amazon for Prime Day and the discounts are particularly steep for some models The line now starts at for the bedroom friendly inch model but the sweetest deal is for the inch model which has dropped to a record low of ー percent off You won t get an add on bezel at those prices but the savings are large enough that you might not mind The appeal of Frame TVs is as clear as ever it s a set that doubles as artwork when it s not in use Mount it on your wall the kit is thankfully included and it blends into the decor using either professional images or your own You ll usually have to subscribe to the Samsung Art Store or buy individual works if you want classics but it could be worthwhile to have a Van Gogh or Vermeer in your living room The models have a matte finish that cuts reflections and gives them a canvas like appearance These aren t Samsung s highest end TVs so you won t get the crispness of an K panel or the vivid contrast of OLED They still offer an accurate K picture however and they re full featured sets with voice assistant control a game mode and a wide range of apps At these prices they re easy choices if you either want a wall mounted TV or were otherwise resigned to buying an ordinary screen Your Prime Day Shopping Guide See all of our Prime Day coverage Shop the best Prime Day deals on Yahoo Life Follow Engadget for the best Amazon Prime Day tech deals Learn about Prime Day trends on In the Know Hear from Autoblog s car experts on must shop auto related Prime Day deals and find Prime Day sales to shop on AOL handpicked just for you This article originally appeared on Engadget at	2023-07-12 20:19:21
海外TECH	Engadget	Congressional report condemns tax prep companies for sending data to Meta, Google	https://www.engadget.com/congressional-report-condemns-tax-prep-companies-for-sending-data-to-meta-google-200254131.html?src=rss	Congressional report condemns tax prep companies for sending data to Meta GoogleA Congressional investigation concluded that several tax prep providers shared sensitive filing data with Meta and Google It follows a report from The Markup highlighting the practice in which TaxSlayer H amp R Block and TaxAct used Meta s Pixel tracking tool to harvest info like filing status approximate adjusted gross income refund amount names of dependents and which text entry fields users clicked on Meta is already facing a lawsuit connected with the initial reporting The panel sent the conclusions to the IRS FTC DOJ and Treasury Inspector General for Tax Administration TIGA urging the agencies to investigate and prosecute if applicable “Big Tax Prep has recklessly shared tens of millions of taxpayers sensitive personal and financial data with Meta for years without appropriately disclosing this data usage or protecting the data and without appropriate taxpayer consent the report reads “The findings of this report reveal a shocking breach of taxpayer privacy by tax prep companies and by Big Tech firms that appeared to violate taxpayers rights and may have violated taxpayer privacy law The review found the Meta Pixel tracker also gathered data about “whether taxpayers had visited pages for many revealing tax situations such as having dependents certain types of income such as rental income or capital gains and certain tax credits or deductions In addition it transmitted the full names email country state city zip codes phone numbers and gender as hashed values The information was also collected from taxpayers using TaxAct s Free File service ーwhich is through a partnership with the IRS Congressional investigators listed in the report include Senators Elizabeth Warren D MA Ron Wyden D OR Richard Blumenthal D CT Tammy Duckworth D IL Bernie Sanders I VT and Sheldon Whitehouse D RI and Rep Katie Porter D CA “The tax prep firms were shockingly careless with their treatment of taxpayer data the investigation concluded “They indicated that they installed the Meta and Google tools on their websites without fully understanding the extent to which they would send taxpayer data to these tech firms without consulting with independent compliance or privacy experts and without full knowledge of Meta s use of and disposition of the data The panel also chided Meta and Google for acting “with stunning disregard for taxpayer privacy The report cites laws that say “a tax return preparer may not disclose or use a taxpayer s tax return information prior to obtaining a written consent from the taxpayer while mentioning that the tax prep companies failed to do that Although tax filing companies can legally hand data to “auxiliary service providers in connection with the preparation of a tax return the panel said Meta and Google don t meet that definition since the tracking was used for advertising Violations can lead to fines of up to per instance likely pocket change for these companies and up to a year in prison This article originally appeared on Engadget at	2023-07-12 20:02:54
海外TECH	CodeProject Latest Articles	Unity Graphics Emulator for Native Plugin Development	https://www.codeproject.com/Articles/1216876/Unity-Graphics-Emulator-for-Native-Plugin-Developm	development	2023-07-12 20:18:00
海外TECH	WIRED	18 Best Prime Day Mattress Deals (2023): Mattresses, Sheets, Weighted Blankets	https://www.wired.com/story/best-amazon-prime-day-mattress-and-sleep-deals-2023-2/	amazon	2023-07-12 20:47:00
海外TECH	WIRED	How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom	https://www.wired.com/story/microsoft-cloud-attack-china-hackers/	How a Cloud Flaw Gave Chinese Spies a Key to Microsoft s KingdomMicrosoft says hackers somehow stole a cryptographic key perhaps from its own network that let them forge user identities and slip past cloud defenses	2023-07-12 20:34:17
海外TECH	WIRED	Our Fave Cookware Deals at All-Clad's Factory Seconds Sale	https://www.wired.com/story/all-clad-vip-factory-seconds-deal-july-2023/	dings	2023-07-12 20:33:32
海外TECH	WIRED	101+ Best Prime Day Deals for Your Kitchen and Home (2023)	https://www.wired.com/story/best-amazon-prime-day-smart-home-kitchen-deals-2023-2/	cameras	2023-07-12 20:17:00
海外TECH	WIRED	The 50+ Best Amazon Prime Day Deals Under $50	https://www.wired.com/story/best-amazon-prime-day-deals-under-50-2023-2/	affordable	2023-07-12 20:12:00
金融	ニュース - 保険市場TIMES	ジブラルタ生命、営業社員向けのプログラムを全国展開	https://www.hokende.com/news/blog/entry/2023/07/13/060000	ジブラルタ生命、営業社員向けのプログラムを全国展開「年育成プログラム」ジブラルタ生命保険株式会社は月日、同社の営業社員向けプログラムを全国にて展開すると発表した。	2023-07-13 06:00:00
ニュース	BBC News - Home	Emmy nominations 2023: The Last of Us and Succession up for top TV awards	https://www.bbc.co.uk/news/entertainment-arts-66179844?at_medium=RSS&at_campaign=KARANGA	abbott	2023-07-12 20:02:37
ビジネス	ダイヤモンド・オンライン - 新着記事	旧統一教会フロント組織の「潜入ドキュメンタリー」を私が作った理由 - 情報戦の裏側	https://diamond.jp/articles/-/325814	国際勝共連合	2023-07-13 06:00:00
ビジネス	ダイヤモンド・オンライン - 新着記事	楽天・三木谷王国は典型的ワンマン組織、トップに直言できる「参謀役不在」の危うい実態 - 楽天 解体寸前	https://diamond.jp/articles/-/324986	三木谷浩史	2023-07-13 05:25:00
ビジネス	ダイヤモンド・オンライン - 新着記事	王者エムスリーと絶好調JMDCが「2強」形成、急拡大する医療IT業界の5年後の未来 - 日本再浮上＆AIで激変！ 5年後のシン・業界地図	https://diamond.jp/articles/-/325729		2023-07-13 05:20:00
ビジネス	ダイヤモンド・オンライン - 新着記事	社会保険労務士は“独立後”が真の勝負！同業者が増える中での「稼げる金脈」の作り方 - ChatGPTで激変！コスパ・タイパで選ぶ 最強の資格＆副業＆学び直し	https://diamond.jp/articles/-/325375	chatgpt	2023-07-13 05:15:00
ビジネス	ダイヤモンド・オンライン - 新着記事	【無料公開】マンション管理組合「ヒト問題」の解決法、誰も理事をやらない・総会で合意できない… - Diamond Premiumセレクション	https://diamond.jp/articles/-/325852	diamond	2023-07-13 05:10:00
ビジネス	ダイヤモンド・オンライン - 新着記事	円安ドライバーは日本の「実質金利低下」、日銀の慎重姿勢でドル円相場は高止まり - マーケットフォーカス	https://diamond.jp/articles/-/326040	実質金利	2023-07-13 05:05:00
ビジネス	電通報 | 広告業界動向とマーケティングのコラム・ニュース	為末大氏の近著「熟達論」に思う	https://dentsu-ho.com/articles/8623	緩急自在	2023-07-13 06:00:00
ビジネス	東洋経済オンライン	｢レアメタルの宝庫｣深海の資源採掘めぐり大紛糾 ベンチャーが小国抱き込み､国際会議でゴーサイン狙う | 資源・エネルギー | 東洋経済オンライン	https://toyokeizai.net/articles/-/686167?utm_source=rss&utm_medium=http&utm_campaign=link_back	東洋経済オンライン	2023-07-13 05:50:00
ビジネス	東洋経済オンライン	ツルハHD｢創業家を優先｣ファンド株主が問題視 オアシス代表｢3年も対話を続けたが失望した｣ | 専門店･ブランド･消費財 | 東洋経済オンライン	https://toyokeizai.net/articles/-/686177?utm_source=rss&utm_medium=http&utm_campaign=link_back	東洋経済オンライン	2023-07-13 05:30:00
ビジネス	東洋経済オンライン	理研が逸材を中国に流出させた｢アカハラ｣の全貌 講座制のもとで若手研究者が直面する不条理 | 若手研究者が潰される国・日本 | 東洋経済オンライン	https://toyokeizai.net/articles/-/685768?utm_source=rss&utm_medium=http&utm_campaign=link_back	東洋経済オンライン	2023-07-13 05:20:00