Interesting Links for 16-12-2021

[andrewducker]

How autistic people are different - what's the research?

(tags:research autism )

Why doesn't Scotland have tougher Covid measures? (Because Westminster won't give them the money to pay for them)

(tags:uk scotland pandemic OhForFucksSake )

Leave voters go cold on Boris Johnson's Brexit deal

(tags:uk europe BorisJohnson )

Pfizer's anti-COVID drug still looks effective after further analysis (no deaths, 80% drop in hospitalisation)

(tags:pandemic GoodNews )

Mayo Clinic research finds immune system responds to mRNA treatment for cancer

(tags:immune_system cancer GoodNews )

log4j memes (If you laughed at these then I'm sorry about how your last few days have gone)

(tags:logging java security meme )

Polar bear cub born at Highland Wildlife Park

(tags:bears scotland )

Comments

[dewline]

1. We definitely need to get to a place where "different isn't bad" here in our research here. But we've got that "25-35 % of humans are authoritarianism-seeking" Problem to deal with as an existential threat in a way that neuro-divergent people are not...and they're the ones with the upper hand right now, right?

2. Dammit.

3. This was expected, right?

4. I hope so.

5. Okay, this looks helpful and hopeful...

[cmcmck]

Bear! :o)

[simont]

With bucket on its head!

[mellowtigger]

Those are some nice autism links in that blog post. The enteric brain connection still intrigues me. I spent a whole decade with terrible diarrhea. And I gave up gluten at the recommendation of a neurologist who couldn't find any other explanation for my continuing nerve damage, which is good as long as I stay away from gluten.

[calimac]

6) [word for "looking something up on Wikipedia and still being clueless as to what it is"]

[andrewducker]

I shall attempt to explain. Apologies if I fail!

Log4j is a free library of code designed to be used by other applications to provide logging functionality (where "log" means "make a note of", not "chop down trees"). It's been around for 20-odd years and is used in an awful lot of applications, as it became somewhat of a standard library that everyone who needed to log information used.

When it was first created, there was a lot less worry about security, and a bunch of functionality was included to allow it to do very powerful things, without thinking "How would a determined hacker make use of this?"

And then, a week ago, someone worked out a really easy way to make it do *anything*, from a remote computer, effectively allowing them to take over the computer it was running on.

As it is a code library, and thus included inside other applications, lots of companies are now desperately scanning all of their computers to see if they have anything that uses it - and finding it in everything from software they have bought in to things that were written internally up to 20 years ago and haven't been touched since. All of these need to be fixed, and there might be hundreds of them across a larger company.

[jducoeur]

There's also a lesson in all of this, which is that programmers are subject to the same herd instincts as everybody else. This isn't even a weird or hard-to-detect security bug -- it's just that, since everybody has been using this library for such a long time, everyone figured it was safe and didn't poke at it hard enough.

[calimac]

Thank you. So I presume that "logging functionality" means an automated way of keeping track of changes in the code or the likes of that?

[andrewducker]

Ah, no. It means "Keeping track of what the code is doing".

So you tend to put in a variety of "log statements" in your code, so that if something goes wrong then you can go and look at the logs and see what they say was happening at that point.

So Dreamwidth will probably have a log file (or database) containing entries like:
User "Calimac" left a comment ID 28374142 on post 4087166 by andrewducker
Notification email sent to andrewducker