|
Did a scan on my machine. IntelliJ Idea uses it.
|
|
|
|
|
Where I work (Windows shop) we only have two candidates, TeamCity and Jira, both were not affected.
|
|
|
|
|
Well plenty of 1999 stuff is still running in production in plenty of places.. why changes something that is working hey?!
AS400 and Cobol is much older and still widely in use!
modified 18-Dec-21 5:13am.
|
|
|
|
|
I have a Linux Jenkins build server and whilst the Jenkins core doesn't use log4j the groovy scripting language does and possibly some plugins.
"Life should not be a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside in a cloud of smoke, thoroughly used up, totally worn out, and loudly proclaiming “Wow! What a Ride!" - Hunter S Thompson - RIP
|
|
|
|
|
Another reason not to blindly jump on any "new" framework, just because it's "new".
BTW, my team is full of programming gods, and we don't do logging. At all.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Programming gods wouldn't use a third-party logging library anyway; if needed, they'd roll their own.
|
|
|
|
|
I don't understand it...
A logging library should simply log messages, right?
How can a logging library become vulnerable? I think only if it does taking actions for specific messages. And that is not the job of a logging tool
[Edit]
Good explanation I found here: All About Log4j Log4Shell 0-Day Vulnerability - CVE-2021-44228[^]
modified 18-Dec-21 7:02am.
|
|
|
|
|
Any library can become vulnerable if it doesn't bounds check everything.
Back when I was a youth - and I don't recommend this - I rooted a server using their print daemon.
It *is* weird that it's happening with the JVM, given java code is managed and thus relatively hardened, but I don't know *anything* about the exploit so I can only speak about exploits in general.
Real programmers use butterflies
|
|
|
|
|
I agree. But a logging tool which becomes vulnerable by the data it should log is something idiotic, at least for me
|
|
|
|
|
Well, in their defense, because of the string, date and file manipulation there are plenty of potential opportunities to exploit a library like that.
Real programmers use butterflies
|
|
|
|
|
I heard it was an exploit in native code. A perfect example on why you should avoid native libraries.
"God doesn't play dice" - Albert Einstein
"God not only plays dice, He sometimes throws the dices where they cannot be seen" - Niels Bohr
|
|
|
|
|
Ah, that makes sense.
Real programmers use butterflies
|
|
|
|
|
They are poking and probing:
https://lous-stuff.com[^]
#4 the other day.
>64
If you can keep your head while those about you are losing theirs, perhaps you don't understand the situation.
|
|
|
|
|
Apparently Ab Initio uses it.
|
|
|
|
|
There are tons of legacy systems built on old open source libraries. This is one of them. The problem I see coming is now that two of the major open source libraries have been found to be vulnerable (OpenSSL was the other one) cyber criminals and their government employed counterparts will start scanning older open source code for more vulnerabilities. Far too many entities never update their systems, especially when they're running open source systems that tend to be harder to update.
|
|
|
|
|
I just had to enable the Firmware TPM in the BIOS. I also enabled Hardware Virtualization while I was in there, so VirtualBox now works.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
I did a bunch of that mess to make mine compliant but I'm still on 10.
Real programmers use butterflies
|
|
|
|
|
I don't have to worry about that because I use Linux.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
For those who didn't realize this but need to run Win11, for example, to test against:
I have systems that do not support TPM 2.0 so they refuse to install Windows 11, but Hyper-V implements its own version...so even though the host won't run Win11, I have Win11 running in VMs on those systems.
|
|
|
|
|
Just discovered you can set the color of the mouse pointer (hand, etc.) in Windows 10; also makes for a better "beam" in VS, Notepad, etc. I chose Magenta; you can customize any color. ("Cursor and Pointer" under Settings)
I never noticed this option before; it may be a function of the mouse. My wired one gave out and I paired a Bluetooth (MS "Designer") mouse I had around from a few years back (for some reason).
I find the color better for me than the default when hunting for it.
(While I prefer wired, this mouse seemed to get better with time ... or it was me)
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
I found it very useful to colour the mouse pointer as well as use the 'CTRL' show location option, last year before my cataract surgery trying to find the pointer on multiple monitors when everything had misty appearance was hard work.
|
|
|
|
|
It's white.
I'm partially colorblind. Deuter..thingy. Had to do with red, and all colors that females can derive from that.
HotS supports it as a setting. Windows doesn't. While, in the past, the accessibility was one of their key sales points.
Thank you, WPF.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
I've been looking over "color safe combinations" for my app ... they don't look very safe to me. Or, I have no idea what "color safe" means. (Probably)
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|
|
Long ago, in a galaxy far away.. Some time ago for me at least.
There was this co student that could hardly see anything. His color scheme in W3.1 was Yellow/Black, something he could see clearly, and became a programmer. I always adhered to the Windows color scheme, so that bright and dark do not clash; never did I allow marketing outside the lines.
Color safe is black and white. If you don't know better, then use the predefined colors of Windows, and stick to their theme.
I see it everywhere; machines where you could get a ticket as a blind man, replaced by a "touch screen". Never seen a blind man operate those. I am ashamed of this generations' idea of "IT".
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
No idea what the "predefined colors of Windows" means.
For this one app, I need 21 (sensible) colors. Topographic elevations. For those that can't "see colors", they'll have to interpret contour lines. Gray scale may be an (unattractive) option.
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
|
|
|
|