IT |
ITmedia 総合記事一覧 |
[ITmedia News] 「マイナ保険証の確認をお面で突破」記事が笑われるワケ 「あなたは誰?」の仕組みを解説 |
https://www.itmedia.co.jp/news/articles/2308/03/news174.html
|
itmedia |
2023-08-03 18:30:00 |
TECH |
Techable(テッカブル) |
HOUSEI、AI顔認証と予約システムをセット販売。会員の予約日時に合わせて顔認証でドアを解錠 |
https://techable.jp/archives/215271
|
housei |
2023-08-03 09:00:05 |
AWS |
AWS Japan Blog |
クラウド時代における大規模アジャイル推進法(第1回) |
https://aws.amazon.com/jp/blogs/news/how-to-proceed-large-scale-agile/
|
進行 |
2023-08-03 09:23:26 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
【Python】2つの数値の合計 |
https://qiita.com/Takuya__/items/dba3e41c7a33a60180e7
|
deftwonumbersum |
2023-08-03 18:25:00 |
python |
Pythonタグが付けられた新着投稿 - Qiita |
[CTF]GOT Overwriteを試してみた(備忘録) |
https://qiita.com/hachan0179/items/a4be90c10f1abe54ecee
|
gotoverwirte |
2023-08-03 18:04:47 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
【Ruby】空のハッシュに自己代入(+=)したい |
https://qiita.com/s_makky/items/c7b68ab2df0f3c37b0e1
|
gtundefinedmethodforniln |
2023-08-03 18:43:27 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
Webアプリケーションをdocker化する(Ruby on Rails7.0 × postgres12) |
https://qiita.com/ichiiiAL/items/2d80bd3936270e680630
|
docker |
2023-08-03 18:38:45 |
AWS |
AWSタグが付けられた新着投稿 - Qiita |
【AWS】AWS Organizations への既存アカウント招待について |
https://qiita.com/masaki_seyama_POHD_CCoE/items/b7f54a65962332ca58c4
|
awsorganizations |
2023-08-03 18:31:22 |
Docker |
dockerタグが付けられた新着投稿 - Qiita |
Webアプリケーションをdocker化する(Ruby on Rails7.0 × postgres12) |
https://qiita.com/ichiiiAL/items/2d80bd3936270e680630
|
docker |
2023-08-03 18:38:45 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
【Ruby】空のハッシュに自己代入(+=)したい |
https://qiita.com/s_makky/items/c7b68ab2df0f3c37b0e1
|
gtundefinedmethodforniln |
2023-08-03 18:43:27 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
Webアプリケーションをdocker化する(Ruby on Rails7.0 × postgres12) |
https://qiita.com/ichiiiAL/items/2d80bd3936270e680630
|
docker |
2023-08-03 18:38:45 |
技術ブログ |
Developers.IO |
マネージャーのマネジメント業務をメンバーに開示する価値 |
https://dev.classmethod.jp/articles/visualize-management/
|
組織開発 |
2023-08-03 09:55:53 |
技術ブログ |
Developers.IO |
[アップデート] AWS Batch でマネジメントコンソールからも Linux ARM64 と Windows のジョブ定義が作成出来るようになりました |
https://dev.classmethod.jp/articles/batch-fargate-linux-arm64-windows-x86-containers-console/
|
awsbatch |
2023-08-03 09:16:35 |
技術ブログ |
Developers.IO |
Amazon Inspectorにて特定スキャンのみ実施したい場合の方法について |
https://dev.classmethod.jp/articles/amazon-inspector-specific-scan/
|
amazoninspector |
2023-08-03 09:11:11 |
技術ブログ |
Developers.IO |
AWS FargateにおけるAmazon ECS クラスターの効果的な分け方を様々な観点で考えてみた |
https://dev.classmethod.jp/articles/divide-clusters-in-aws-fargate/
|
amazonecs |
2023-08-03 09:05:46 |
海外TECH |
DEV Community |
Debugging into AWS ECS Task Containers: What You Need to Know |
https://dev.to/aws-builders/debugging-into-aws-ecs-task-containers-what-you-need-to-know-219o
|
Debugging into AWS ECS Task Containers What You Need to KnowHello Devs In previous blog and YouTube video explained how to deploy a WordPress website using Fargate in AWS ECS In this blog going to learn about how to debug into AWS ECS task containers whether it is using Fargate either Serverless or with an EC machine Why is this needed Debugging to ECS task is one of the most important parts of your production support activity whenever there is any incident happening in the production system and you need to know why this is happening any code failure or why the task is getting fails For this to achieve need to log into the ECS task container like we generally logged into the EC machine using the pem file Two types of ECS task containers can configure as per the above image AWS Fargate serverless Amazon EC instancesLet s understand one by one both options How to debug into the ECS task container using EC After logging into the AWS console following steps Go to ECS console gt Select your desired ECS cluster gt Select ECS serviceSelect the task which you want to debug gt Task ConfigurationThen click on Connect under EC console gt Logged into EC machine using pem fileOnce you logged into the EC machine run the command docker ps a to see a list of containers There might be a case where one EC machine will have different others containers which you don t want to check Then you will get a list of containers choose your container and copy Container ID or you can run docker ps a grep keyword so that you can find desired task containerRun docker exec it ContainerID bin bash replace ContainerID exact Container ID column value which you copied in step should be like docker exec it bacc bin bashThen will be inside the task container Here you can debug your code or check the execution log also If you wish to check the container log can run docker logs ContainerID If the container is getting failed you will get to know the reason for the code error This was a much easier option to ssh into the ECS task container because EC was there so that was able to log in to the server But in the case of the Fargate Serverless option there is no EC upfront which we can directly log into it Let s explore it How to debug into the ECS task container for Fargate Serverless Important things to consider is whether the ECS task can run Amazon ECS Exec command or not under task definition So you should able to run the docker exec command automatically and landed on the directly targeted container To achieve this need to following things Enabled ECS Exec for task definition Setting will be enableExecuteCommand flag Install SSM AWS Systems Manager Session Manager this will help us to create a tunnel into a container and your local so could able to log into the container IAM role should have access to run ecs ExecuteCommand commandLet s follow the below steps to achieve the same There is one utility available to check whether exec command is enabled or not for Task definition Clone this repository in your local machineRun the below command or follow the instructions given on the GitHub repository If able to pass this step and can directly jump to the last step Check the output of the command it might show AWS credential is missing the SSM manager is missing etc Follow the instructions as per the GitHub repository bash check ecs exec sh lt YOUR ECS CLUSTER NAME gt lt YOUR ECS TASK ID gt Install Session Manager plugin The session manager plugin allows us to connect EC instances or AWS fargate Follow the instructions to install the plugin on the respective OS given here Add a policy to the IAM role which is used as a role for Task definition to access SSM Version Statement Effect Allow Action ssmmessages CreateControlChannel ssmmessages CreateDataChannel ssmmessages OpenControlChannel ssmmessages OpenDataChannel Resource Add this policy to the same Task definition role Otherwise you will not be able to run aws ecs execute command command Note Resource and other policies can be customised based on your security team s suggestion yaml Version Statement Sid User access to ECS ExecuteCommand Effect Allow Action ecs ExecuteCommand Resource Run the below command to enable enable execute command to enable Task definition to run Exec command For existing services use update service API for new ECS create service bashaws ecs update service cluster lt clustername gt task definition lt task definition name gt service lt service name gt enable execute command for new ECS use create service API bashaws ecs create service cluster lt cluster name gt task definition lt task definition name gt service lt service name gt desired count enable execute command To confirm whether execute command is enabled for Task definition or not run this command bashaws ecs describe tasks cluster sample cluster tasks addabcedad If everything works fine then you will receive a similar responsethe final step is to log into the ECS task container Run this commandaws ecs execute command cluster task container interactive command bin sh bashaws ecs execute command cluster sample cluster task addabcedad container sample container interactive command bin sh Now you are in the ECS task container console You try to check your code reference folder or files Important If you are tasks are running already before your task definition changes step will not take place in the existing running task You need to register a new task or deregister an existing one and try creating a new one I hope this blog helps you to learn Feel free to reach out to me on my Twitter handle AvinashDalvi or comment on the blog This blog is inspired by my day to day production support activity and one of my followers reach out to me for help References |
2023-08-03 09:07:35 |
海外TECH |
DEV Community |
System architecture: move authentication to the API Gateway |
https://dev.to/apisix/system-architecture-move-authentication-to-the-api-gateway-1la3
|
System architecture move authentication to the API GatewayWhen exposing an application to the outside world consider a Reverse Proxy or an API Gateway to protect it from attacks Rate Limiting comes to mind first but it shouldn t stop there We can factor many features in the API Gateway and should be bold in moving them from our apps In this post I ll show how to implement authentication at the Gateway API stage Overall authentication flowThe API Gateway doesn t authenticate but delegates authentication to an authentication provider After authentication the Gateway forwards the request to the app The app checks authentication and gets the associated identity and permissions Now onto the implementation We will implement the above flow with the following components Keycloak for the Identity ProviderApache APISIX for the API GatewayThe Spring ecosystem for developing the app KeycloakKeycloak is a feature rich Open Source identity provider Add authentication to applications and secure services with minimum effort No need to deal with storing users or authenticating users Keycloak provides user federation strong authentication user management fine grained authorization and more KeycloakKeycloak offers the realm abstraction a namespace to group logically related objects We will first create an apisix Realm to our configuration from other configurations The official documentation explains how to do it in great detail We can proceed further with creating objects under the apisix realm The next step is to create an OpenID client for Apache APISIX to call Keycloak in the apisix realm Here are the data General settings Client type OpenID ConnectClient ID apisixCapability config Client authentication ONGo to the Credential tab and note the client s secret value The final step is to create users A user is a person who can log in to the system to access the app Let s create two users john and jane and set their passwords The demo repository already has Keycloak pre configured both users password is doe Spring SecurityWe secure our application via Spring Security Here are the required dependencies lt dependency gt lt groupId gt org springframework boot lt groupId gt lt artifactId gt spring boot starter security lt artifactId gt lt gt lt dependency gt lt dependency gt lt groupId gt org springframework boot lt groupId gt lt artifactId gt spring boot starter oauth client lt artifactId gt lt gt lt dependency gt Protect the applicationCall the Keycloak serverThe protecting code uses Spring Security bean ref lt HttpSecurity gt authorizeHttpRequests it requestMatchers hasAuthority OIDC USER anyRequest permitAll oauthLogin build Any request requires to have the OIDC USER authority Log in via OAuthThe next step is configuring the framework spring security oauth client registration keycloak client id apisix authorization grant type authorization code scope openid provider keycloak issuer uri http localhost realms apisix user name attribute preferred username Use the client created in Keycloak We pass the secret at runtime via an environment variableKeycloak realm to use We override the domain in the Docker compose file via an environment variableUse the user name instead of the token for display purposesI ll use a dummy Thymeleaf page to display the logged in user We need additional dependencies lt dependency gt lt groupId gt org thymeleaf lt groupId gt lt artifactId gt thymeleaf lt artifactId gt lt gt lt dependency gt lt dependency gt lt groupId gt org thymeleaf lt groupId gt lt artifactId gt thymeleaf spring lt artifactId gt lt gt lt dependency gt lt dependency gt lt groupId gt org thymeleaf extras lt groupId gt lt artifactId gt thymeleaf extras springsecurity lt artifactId gt lt gt lt dependency gt Thymeleaf properThymeleaf and Spring integrationOffers dedicated Spring Security tagsThe view is the following lt doctype html gt lt html lang en xmlns sec gt lt body gt lt header gt lt h gt Welcome to My App lt h gt lt p gt lt span sec authentication name gt Bob lt span gt lt gt lt p gt lt header gt lt body gt lt html gt Display the name of the logged in user Apache APISIXLastly let s configure the entry point into our system I assume you re familiar with this blog and don t need an introduction to Apache APISIX If you do feel free to look at the APISIX an API Gateway the Apache way In standalone mode the configuration file is the following routes uri upstream nodes myapp plugins openid connect discovery http keycloak realms apisix well known openid configuration client id apisix client secret rjoVkMUDpUHTEIXhhJuofOOFrbph bearer only false scope openid realm apisix redirect uri http localhost callback ENDKeycloak offers an endpoint that details every necessary endpoint for an OpenID integrationUse the same client as the app In real world scenarios we should use one client per component but it s a demoUse the realm created in the Keycloak sectionAny URL that s a subpath of the protected URL will do Putting it all togetherWe put everything together via Docker Compose services apisix image apache apisix debian volumes config apisix config yml usr local apisix conf config yaml ro config apisix apisix yml usr local apisix conf apisix yaml ro ports keycloak image quay io keycloak keycloak entrypoint bin bash c opt keycloak bin kc sh import file opt keycloak data import keycloak json override true opt keycloak bin kc sh start dev http port environment KEYCLOAK ADMIN admin KEYCLOAK ADMIN PASSWORD admin volumes config keycloak opt keycloak data import ro ports myapp build myapp environment SPRING SECURITY OAUTH CLIENT REGISTRATION KEYCLOAK CLIENT SECRET rjoVkMUDpUHTEIXhhJuofOOFrbph SPRING SECURITY OAUTH CLIENT PROVIDER KEYCLOAK ISSUER URI http keycloak realms apisix LOGGING LEVEL ORG SPRINGFRAMEWORK SECURITY DEBUG depends on keycloak restart on failure Configure standalone modeRoutes and plugins configuration as seen in the previous sectionInitialize Keycloak with the existing saved realmStart KeycloakConfigure the OAuth clientBecause the flow is browser based we will be redirected to a keycloak domain for authentication Hence we have to update our etc hosts with a new keycloak entrySet Spring Security log level to debug helps understand issuesSpring Security eagerly tries to contact Keycloak Keycloak takes a while to initialize itself we need to let the app crash and start again until Keycloak is readyLet s try to access the application via Apache APISIX When we browse to http localhost Apache APISIX redirects us to the Keycloak login page If we log in successfully we are allowed to access the app Notice that we display the username of the person who logged in ConclusionIn this post we described how to move the authentication step to the API Gateway stage delegate authentication to an identity provider and let the app verify the authentication status We implemented it with Apache APISIX Keycloak and Spring Security Many other options are available depending on your environment The complete source code for this post can be found on GitHub ajavageek authentication keycloak apisix To go further Keycloak Administration GuideHow to Integrate Keycloak for Authentication with Apache APISIXA Quick Guide to Using Keycloak With Spring BootOriginally published at A Java Geek on July th |
2023-08-03 09:02:00 |
海外TECH |
Engadget |
Meta memo admits its Ray-Ban Stories smart glasses aren't getting much face time |
https://www.engadget.com/meta-memo-admits-its-ray-ban-stories-smart-glasses-arent-getting-much-face-time-094549256.html?src=rss
|
Meta memo admits its Ray Ban Stories smart glasses aren x t getting much face timeNo matter the level of success a tech company has seen for certain products at least one device always fails to meet expectations after launch Amazon experienced this for its quickly discontinued Fire phone and Meta is seeing it for everything from disinterest in the Metaverse to reportedly Ray Ban Stories its smart sunglasses According to an internal Meta document viewed by The Wall Street Journal less than ten percent of people with Ray Ban Stories regularly use the product Ray Ban sold about of the glasses between their launch in September and February ーwhen Meta conducted the report At that time there were only monthly active users with the company citing issues such as poor connectivity and issues with battery life Yes these people already bought the sunglasses so that s something for the companies but the low retention doesn t exactly instill confidence in continual sales Meta s Reality Labs division which the Ray Ban partnership falls under isn t doing well either with an almost million loss over the first half of Yet even with these poor numbers Meta is set to release a new generation of Ray Ban Stories in either the fall or spring Apparently the new glasses will have improved battery life and cameras and be available as more than the current three sunglass models While the first generation is available for there s no word yet on how the next version of Ray Ban Stories will be priced This article originally appeared on Engadget at |
2023-08-03 09:45:49 |
海外科学 |
NYT > Science |
Electrocution Isn’t the Main Thing Killing Birds Along Power Lines |
https://www.nytimes.com/2023/08/03/science/birds-shot-power-lines.html
|
Electrocution Isn t the Main Thing Killing Birds Along Power LinesA survey of power lines in four Western states found bullet fragments and shotgun pellets in most of the dead birds that were collected |
2023-08-03 09:00:41 |
医療系 |
医療介護 CBnews |
ベースアップ支援加算取得で基本給1万円超アップ-障害福祉施設・事業所の9割近くが加算取得 |
https://www.cbnews.jp/news/entry/20230803182412
|
厚生労働省 |
2023-08-03 18:30:00 |
ニュース |
BBC News - Home |
Greenpeace protesters climb roof of Rishi Sunak's North Yorkshire home |
https://www.bbc.co.uk/news/uk-england-york-north-yorkshire-66391947?at_medium=RSS&at_campaign=KARANGA
|
greenpeace |
2023-08-03 09:57:01 |
ニュース |
BBC News - Home |
Bibby Stockholm: Asylum seekers will be on barge in coming weeks - Oliver Dowden |
https://www.bbc.co.uk/news/uk-england-dorset-66392677?at_medium=RSS&at_campaign=KARANGA
|
bibby |
2023-08-03 09:07:41 |
ニュース |
BBC News - Home |
Adidas generates millions from Yeezys after Kanye West split |
https://www.bbc.co.uk/news/business-66392819?at_medium=RSS&at_campaign=KARANGA
|
kanye |
2023-08-03 09:10:01 |
ニュース |
BBC News - Home |
Canada PM Justin Trudeau and wife Sophie separate |
https://www.bbc.co.uk/news/world-us-canada-66389069?at_medium=RSS&at_campaign=KARANGA
|
conversations |
2023-08-03 09:41:37 |
ニュース |
BBC News - Home |
Netball World Cup 2023: England 56-55 Australia - Roses beat Diamonds in thriller |
https://www.bbc.co.uk/sport/netball/66393291?at_medium=RSS&at_campaign=KARANGA
|
Netball World Cup England Australia Roses beat Diamonds in thrillerEngland hold their nerve to beat Australia for the first time at a Netball World Cup and finish top of Pool F in South Africa |
2023-08-03 09:21:29 |
ニュース |
Newsweek |
ニジェールの政変につけこむワグネルとアメリカの悪夢 |
https://www.newsweekjapan.jp/stories/world/2023/08/post-102347.php
|
得するのはジハーディストだけクラークはその後のXツイッターへの投稿で、「ロシアがアフリカ諸国でクーデターを扇動しているなどと騒ぎ立てるのは避けるべきだが、ロシアはニジェールの政変などを影響力拡大の好機とみなし、巧みに利用する。 |
2023-08-03 18:00:46 |
IT |
週刊アスキー |
「今後さらに多くのことが起こります」X(Twitter)運営が予告 |
https://weekly.ascii.jp/elem/000/004/148/4148361/
|
xtwitter |
2023-08-03 18:30:00 |
IT |
週刊アスキー |
フルフレーム対応のマクロレンズ「PERGEAR 60mm F2.8」第2世代 |
https://weekly.ascii.jp/elem/000/004/148/4148335/
|
pergearmmf |
2023-08-03 18:45:00 |
IT |
週刊アスキー |
MOTTERU、人気シリコンケーブルの新色「アーモンドミルク」発売 |
https://weekly.ascii.jp/elem/000/004/148/4148332/
|
motteru |
2023-08-03 18:30:00 |
IT |
週刊アスキー |
オムニス、メタバースプラットフォーム「ZEPETO」にてアバターが着用可能なシューズとウェア2製品を発売 |
https://weekly.ascii.jp/elem/000/004/148/4148360/
|
zepeto |
2023-08-03 18:30:00 |
IT |
週刊アスキー |
ソフトフロントジャパンとKDDIエボルバ、ボイスボット「commubo(コミュボ)」を大手運輸系会社のITサポート窓口に導入 |
https://weekly.ascii.jp/elem/000/004/148/4148331/
|
commubo |
2023-08-03 18:15:00 |
IT |
週刊アスキー |
ローランド、マイキング・サウンドを再現する機能を搭載したアコースティックアンプを発売 |
https://weekly.ascii.jp/elem/000/004/148/4148338/
|
機能 |
2023-08-03 18:15:00 |
コメント
コメントを投稿