IndieWeb post types

https://twitter.com/volker_simonis/status/1469256987196100608

Howto detect if affected: Start netcat parallel to your app: "nc -lp 1234", then type the following into app where it gets logged (e.g. the query string of your search): "${jndi:ldap://127.0.0.1:1234/abc}" If you then see garbage/emojis in the netcat console your're vulnerable!

Uwe Schindler 👮💳💉💉 (@thetaph1)Fri, 10 Dec 2021 11:51 GMT

I've written a simple (i.e. standalone, no dependencies) Java program which patches JndiLookup.lookup() to return a fixed string and not parse its arguments. This should fix CVE-2021-44228 (i.e. RCE in Log4j) without restarting your JVM process. #Log4J github.com/simonis/Log4jP…

Volker Simonis (@volker_simonis)Fri, 10 Dec 2021 10:45 GMT

I once went on a first date with this guy who, at the end of the date, turned to me and said, “This was fun! I’ll reach out regarding next steps,” immediately apologized for using work language, and ran away embarrassed. I wonder what happened to him, OH RIGHT WE LIVE TOGETHER.

Andrea (@an_dree_ahhh)Thu, 09 Dec 2021 23:16 GMT

Jeff Bezos' 9-minute joyride to the edge of space created more carbon emissions than 1 billion people produce in an entire lifetime

W.E.D.em Boyz (@LeftistWonk)Thu, 09 Dec 2021 04:55 GMT

It is literally impossible for a film to have a shot that looks this cool now. You just can't top this

THEY/SHE BALLARD (@BODY_W0_WHORGAN)Thu, 09 Dec 2021 22:11 GMT

The annoying thing about working on private codebases is often I write code I'm really pleased with and I'd absolutely love to share it! But there's so much business logic baked in that either doesn't make sense or I can't show without upsetting customers 😢

Katy 🐭✨ (@KatyCodesStuff)Fri, 10 Dec 2021 09:31 GMT

I just knocked up a quick JavaAgent that works around the log4j zero day: github.com/stuartwdouglas…. It basically just nulls out the JndiLookup class in log4j.

Stuart Douglas (@stuartwdouglas)Fri, 10 Dec 2021 06:27 GMT

Today is my last day with @Justice_Digital. Super proud of everything we accomplished over the past three years. No doubt I’m leaving one of the best digital teams in government.

Tom Withers (@tomtucka)Fri, 10 Dec 2021 09:40 GMT

https://twitter.com/tomtucka/status/1469240717168025602

I’ve decided to take the leap into contracting so I can travel more, I’ll be joining teams in @GDSTeam next week for the next 12 months, after that I’m planning to take 4 months off to travel south east Asia!

Tom Withers (@tomtucka)Fri, 10 Dec 2021 09:40 GMT

best new yorker cartoon in decades probably

Aleph (9, 5) (@woke8yearold)Thu, 09 Dec 2021 04:11 GMT

If you can get a certificate in it, it’s not Agile. You can’t certify "do what works & if it doesn’t work, fix it." You can’t certify "talk to each other." You can’t certify "build small." You can’t certify "treat people with respect." You can’t certify "pay attention & learn."

Allen Holub (@allenholub)Fri, 10 Dec 2021 02:22 GMT

I see folks making fun of the CVE issued for the default password on Raspberry Pi I personally want to see CVEs for EVERY _static_ default credential. I want it to show up in searches for the vendor name or product, CVE counts for a vendor, and in risk ratings for the product.

Tom Sellers (@TomSellers)Wed, 08 Dec 2021 16:54 GMT

https://twitter.com/jacobian/status/1469131850962518017

I deleted an incorrect tweet about mitigations. Here's the correction: PoC is here: github.com/tangxiaofeng7/… (and it's legit, I've seen verification). Mitigation: update to log4j 2.10 and set the env var LOG4J_FORMAT_MSG_NO_LOOKUPS=true; OR upgrade to 2.15rc1 or above.

jacobian (@jacobian)Fri, 10 Dec 2021 02:35 GMT

If you're running a server with #Log4J, please add the following JVM argument to your command line immediately to protect against a 0-day exploit. -Dlog4j2.formatMsgNoLookups=true lnkd.in/gHmEFJ9w #Java #Security #Infosec

Bruno Borges (@brunoborges)Fri, 10 Dec 2021 06:07 GMT

RagnarRox 🏴‍☠️ (@RagnarRoxShow)Thu, 09 Dec 2021 12:26 GMT

I’m starting to worry that @tomkrazit and the rest of the @protocol gang are going to give me a run for my money on ridiculous @awscloud puns.

Corey Quinn (@QuinnyPig)Thu, 09 Dec 2021 17:37 GMT

I am begging you to read this engagement announcement from my parents’ local paper

Atom Atkinson (@AtomAtkinson)Thu, 09 Dec 2021 04:26 GMT

When I’m #WFH but hosting an event, I go posh af for the food I make myself. For my second day at #APIdays, I made scallops with truffle tortellini. 😋

Jennifer Riggins (@jkriggins)Thu, 09 Dec 2021 12:48 GMT

The only times I've been motivated in my career was when I was building a product I was excited about and/or used in my personal life prior to accepting the job. Having a personal stake in the game really improved my morale.

Emma Bostian 🐞 (@EmmaBostian)Thu, 09 Dec 2021 12:45 GMT

https://twitter.com/spacetwinks/status/965428890830344193

A beautiful twist. (for those who want to drill down: scifi.stackexchange.com/questions/1313… )

Micah Wittman (@micahwittman)Mon, 19 Feb 2018 21:49 GMT

you want me to go see the great clown pagliacci. the person who I actually am

Adam Cerious (@Browtweaten)Thu, 09 Dec 2021 01:06 GMT

doctor: treatment is simple. go see orville, very funny clown pagliacci: what about pagliacci? doctor: pagliacci? man i could not name a more suckass clown pagliacci: doctor: just downright dogshit of a clown

Colin Spacetwinks (@spacetwinks)Mon, 19 Feb 2018 03:32 GMT

https://twitter.com/seldo/status/1468719052377890819

Kickstarter: an escrow service you trust to hold funds until a project reaches a threshold and delivers on its goals. Okay but get this: what if you *didn't* trust it?

Laurie Voss (@seldo)Wed, 08 Dec 2021 23:10 GMT

This diagram explains the different shades of being a very senior software engineer, very concisely. One of the best advice I got was from a mentor who recognized I had to split myself into the TPM role. They immediately saw it and helped me to make changes. Beware!!

Post details

Roles overlapping in tech and the intersection you should be beware of...

Gergely Orosz (@GergelyOrosz)Wed, 08 Dec 2021 15:40 GMT

Jaana Dogan ヤナ ドガン (@rakyll)Wed, 08 Dec 2021 17:27 GMT

Roles overlapping in tech and the intersection you should be beware of...

Gergely Orosz (@GergelyOrosz)Wed, 08 Dec 2021 15:40 GMT

https://twitter.com/GergelyOrosz/status/1468606386439344139

Issuing a correction / addition.

Gergely Orosz (@GergelyOrosz)Wed, 08 Dec 2021 15:45 GMT

I FUCKING HATE ENGLISH/AMERICAN CULTURE OF TELLING "FUCK YOU" TO SOMEBODY WITH "RESPECTFUL" TERMINOLOGY. TELL ME "FUCK YOU", YOU FUCKING FUCKS.

`replaces: *` (@Ocramius)Wed, 08 Dec 2021 17:15 GMT

Yay. HUGE client has signed the contract. BIG WIN! Now it's revealed they're anti abortion, anti trans and all sorts of other stuff. I've told them we're walking. Good money to promote your vile agenda? No thanks.

Jon Payne (@MrJonPayne)Wed, 08 Dec 2021 10:35 GMT

the A in CAP stands for “AWS us-east-1”

cratelyn (@monadliker)Tue, 07 Dec 2021 16:16 GMT

this code sample generates 228 kB of clientside JavaScript (72.2 kB compressed)

Post details

echo 'export default () => 'Hello, Twitter' > pages/index.js

Next.js (@nextjs)Tue, 07 Dec 2021 02:27 GMT

Zach Leatherman (@zachleat)Wed, 08 Dec 2021 03:19 GMT

"I have too many tabs open!" I only see 4 tabs open... I dream of having that many open tabs instead of the 116342 I have open right now!

Santa Danny Thompson (@DThompsonDev)Tue, 07 Dec 2021 19:09 GMT