- Remote Code Executionとして、Advisoryが更新された。
- https://groups.google.com/d/msg/rubyonrails-security/zRNVOUhKHrg/GmmcVXcmAAAJ
- Thanks to @sorah @tenderlove
aida.t x7c1
mala
/ CVE-2019-5418_is_RCE.md
Last active
June 26, 2025 03:41
Rails の CVE-2019-5418 は RCE (Remote code execution) です
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| val dockerPublish = taskKey[Unit]("ダミーのタスク。本来sbt-native-packagerのやつ") | |
| lazy val commonSettings = Def.settings( | |
| dockerPublish := { | |
| import java.time.LocalTime | |
| println(s"${LocalTime.now()} ${name.value} のpublish開始") | |
| // 並列で実行されるのがわかりやすいように、途中sleepする | |
| Thread.sleep(3000) | |
| println(s"${LocalTime.now()} ${name.value} のpublish終了") | |
| } |
taichi
/ code_review_basics.md
Last active
November 17, 2025 18:46
チームでコードを書き始めた後、「どうやらレビューってやつをした方が良いらしい」くらいの若手に向けた資料です。
djspiewak
/ we-are-the-cure.md
Last active
January 31, 2025 15:47
Miles Sabin recently opened a pull request fixing the infamous SI-2712. First off, this is remarkable and, if merged, will make everyone's life enormously easier. This is a bug that a lot of people hit often without even realizing it, and they just assume that either they did something wrong or the compiler is broken in some weird way. It is especially common for users of scalaz or cats.
But that's not what I wanted to write about. What I want to write about is the exact semantics of Miles's fix, because it does impose some very specific assumptions about the way that type constructors work, and understanding those assumptions is the key to getting the most of it his fix.
For starters, here is the sort of thing that SI-2712 affects:
def foo[F[_], A](fa: F[A]): String = fa.toString
dekosuke
/ splarate.py
Created
October 27, 2015 07:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # coding:utf-8 | |
| population = 10000 | |
| num_round = 10000 | |
| ranks = ["C-","C", "C+", "B-", "B", "B+", "A-", "A", "A+", "S", "S+"] | |
| reward_win = [20, 15, 12, 12, 10, 10, 10, 10, 10, 5, 3] | |
| reward_lose = [10, 10, 10, 10, 10, 10, 10, 10, 10, 5, 6] | |
| num_ranks = len(ranks) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cabal-dev install | |
| Resolving dependencies... | |
| cabal: Could not resolve dependencies: | |
| trying: inmanis-0.0.0 (user goal) | |
| trying: http-conduit-1.4.1.10 (dependency of inmanis-0.0.0) | |
| trying: base64-bytestring-0.1.2.0 (dependency of http-conduit-1.4.1.10) | |
| trying: attoparsec-0.10.2.0 (dependency of http-conduit-1.4.1.10) | |
| trying: yesod-test-0.2.1 (dependency of inmanis-0.0.0) | |
| trying: HUnit-1.2.4.2/installed-6a8... (dependency of yesod-test-0.2.1) | |
| next goal: yesod-platform (dependency of inmanis-0.0.0) |
jboner
/ latency.txt
Last active
December 14, 2025 16:19
Latency Numbers Every Programmer Should Know
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Latency Comparison Numbers (~2012) | |
| ---------------------------------- | |
| L1 cache reference 0.5 ns | |
| Branch mispredict 5 ns | |
| L2 cache reference 7 ns 14x L1 cache | |
| Mutex lock/unlock 25 ns | |
| Main memory reference 100 ns 20x L2 cache, 200x L1 cache | |
| Compress 1K bytes with Zippy 3,000 ns 3 us | |
| Send 1K bytes over 1 Gbps network 10,000 ns 10 us | |
| Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD |
nog
/ rails server with clear log
Created
March 5, 2012 05:40
Rails3のログがAssetPipelineで著しく見難かったので試行錯誤した上の最終解をメモしておく。空行0も見難いんだけど最後の"-A 1"でリクエスト毎のセパレータ出せて見易くなった。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #with rails server | |
| echo "STDOUT.sync = true" >> config/environments/development.rb | |
| rails s | grep --line-buffered -vE '(Started GET "/assets/|Served asset|^$)' -A 1 | |
| #with tail -f | |
| tail -f log/development.log | grep --line-buffered -vE '(Started GET "/assets/|Served asset|^$)' -A 1 |
NewerOlder