Interesting Links for 16-12-2021
Dec. 16th, 2021 12:00 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
- How autistic people are different - what's the research?
- (tags:research autism )
- Why doesn't Scotland have tougher Covid measures? (Because Westminster won't give them the money to pay for them)
- (tags:uk scotland pandemic OhForFucksSake )
- Leave voters go cold on Boris Johnson's Brexit deal
- (tags:uk europe BorisJohnson )
- Pfizer's anti-COVID drug still looks effective after further analysis (no deaths, 80% drop in hospitalisation)
- (tags:pandemic GoodNews )
- Mayo Clinic research finds immune system responds to mRNA treatment for cancer
- (tags:immune_system cancer GoodNews )
- log4j memes (If you laughed at these then I'm sorry about how your last few days have gone)
- (tags:logging java security meme )
- Polar bear cub born at Highland Wildlife Park
- (tags:bears scotland )
no subject
Date: 2021-12-16 01:50 pm (UTC)2. Dammit.
3. This was expected, right?
4. I hope so.
5. Okay, this looks helpful and hopeful...
no subject
Date: 2021-12-16 02:07 pm (UTC)no subject
Date: 2021-12-16 03:15 pm (UTC)no subject
Date: 2021-12-16 09:48 pm (UTC)no subject
Date: 2021-12-16 11:12 pm (UTC)no subject
Date: 2021-12-17 09:09 am (UTC)Log4j is a free library of code designed to be used by other applications to provide logging functionality (where "log" means "make a note of", not "chop down trees"). It's been around for 20-odd years and is used in an awful lot of applications, as it became somewhat of a standard library that everyone who needed to log information used.
When it was first created, there was a lot less worry about security, and a bunch of functionality was included to allow it to do very powerful things, without thinking "How would a determined hacker make use of this?"
And then, a week ago, someone worked out a really easy way to make it do *anything*, from a remote computer, effectively allowing them to take over the computer it was running on.
As it is a code library, and thus included inside other applications, lots of companies are now desperately scanning all of their computers to see if they have anything that uses it - and finding it in everything from software they have bought in to things that were written internally up to 20 years ago and haven't been touched since. All of these need to be fixed, and there might be hundreds of them across a larger company.
no subject
Date: 2021-12-18 05:30 pm (UTC)There's also a lesson in all of this, which is that programmers are subject to the same herd instincts as everybody else. This isn't even a weird or hard-to-detect security bug -- it's just that, since everybody has been using this library for such a long time, everyone figured it was safe and didn't poke at it hard enough.
no subject
Date: 2021-12-17 04:37 pm (UTC)no subject
Date: 2021-12-17 04:53 pm (UTC)So you tend to put in a variety of "log statements" in your code, so that if something goes wrong then you can go and look at the logs and see what they say was happening at that point.
So Dreamwidth will probably have a log file (or database) containing entries like:
User "Calimac" left a comment ID 28374142 on post 4087166 by andrewducker
Notification email sent to andrewducker