When somebody makes an error in our team, we never blame the keypresses of an individual, but rather the team processes that fell short. When bad things happen, we see it as an opportunity to improve our workflow and do it better in the future 👍

Freek Van der Herten 🔭 (@freekmurze)Mon, 20 Dec 2021 10:07 GMT

I just found an ingenious way to get around the impending @Docker Desktop licensing kerfuffle: I paid them money for the software that I use all the time

Josh Long (@starbuxman)Fri, 17 Dec 2021 00:15 GMT

We can’t build in public And burnout in private. This sets an unrealistic standard for all following us. Managing mental health and burnout is a big part of founder life.

Amanda Goetz (@AmandaMGoetz)Tue, 14 Dec 2021 21:09 GMT

https://twitter.com/blprnt/status/1471983266056089612

Imagine if even one of these moonshot motherfuckers had done anything but profit from these last 20 months of misery.

Jer Thorp (@blprnt)Fri, 17 Dec 2021 23:23 GMT

Imagine if Jeff Bezos had spent a small piece of his fortune to ship a COVID test with every Amazon package this month.

Jer Thorp (@blprnt)Fri, 17 Dec 2021 23:18 GMT

https://twitter.com/BlueSpaceCanary/status/1471695226188099589

String interpolation in log messages has been removed in Log4j 2.16.0, so one would have to use this pattern explicitly in the Log4j configuration file. In other words, an attacker would need to be able to overwrite the Log4j configuration to exploit this.

(╯°□°）╯︵ ┻━┻ (@joschi83)Fri, 17 Dec 2021 08:29 GMT

I was today years old that I learned when you hash a URL in Java it does a DNS lookup to get the IP address associated with the hostname as part of the hash function.

Post details

If you're surprised about the log4j vulnerability, just wait until you hear what happens when you put a java.net.URL into a hashtable

Pete Hunt 🚁 (@floydophone)Sat, 11 Dec 2021 21:05 GMT

Nicholas Weaver (@ncweaver)Mon, 13 Dec 2021 17:58 GMT

People making fun of log4j as if they never slammed some bash to parse out database credentials for reasons.

Smasher of DBs. First of her name. (@dbsmasher)Sat, 11 Dec 2021 19:19 GMT

This week did not show us weakness in Log4J, Java, or open source. It showed us their relevance and resilience. My🤘🏻to the folks keeping us safe with timely workarounds, fixes, and communications. This was a masterclass in global incident response.

Andrew Lee Rubinger (@ALRubinger)Sun, 12 Dec 2021 07:01 GMT

It's incredibly annoying to see a snickering gallery of technologists laughing at the log4j vulnerability because it's Java. It's sophomoric and they should grow up and get over themselves.

John Graham-Cumming (@jgrahamc)Sat, 11 Dec 2021 17:46 GMT

this is the best opening to a technical book the world has ever seen and i will fight anyone who says otherwise

Actually, (@eaton)Mon, 06 Dec 2021 18:37 GMT

Sitting in the Google Meet waiting room until more people show up because you have crippling social anxiety and hate awkward/forced conversations 🙃

Emma Bostian 🐞 (@EmmaBostian)Fri, 10 Dec 2021 09:32 GMT