norden.social

0 posts0 participants0 posts today

Christian GrobmeierIt feels good when something is finished, and I just finished the article for the new Javapro magazine. It's about the history of <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a>. Proud of it. Needed a lot of chocolate. Not from <a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> though, but <a href="https://mastodon.social/tags/Japan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Japan</a> :)

Nicolas Fränkel 🇺🇦🇬🇪Introduction to Apache <a href="https://mastodon.top/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a> <a href="https://mastodon.top/tags/Kotlin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kotlin</a><a href="https://www.baeldung.com/kotlin/apache-log4j-introduction" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.baeldung.com/kotlin/apache-log4j-introduction</a>

Christian GrobmeierSpent the past year working with <a href="https://mastodon.social/@pkarwasz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@pkarwasz</a> on <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a>. What started as patches turned into deep dives into <a href="https://mastodon.social/tags/SBOM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SBOM</a>, VEX, and securing supply chains.In 2025, we’re building a small <a href="https://mastodon.social/tags/Maven" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Maven</a>-based tool to help <a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> devs write more secure software. No big funding—just two folks in the trenches trying to get it right.Let’s talk if your company’s digging into SBOM or <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a>. We’re happy to share insights or lend a hand!

Marcel SIneM(S)US20 Jahre <a href="https://social.tchncs.de/tags/Melani" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Melani</a>: Die grössten Fälle - inside-it.ch <a href="https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219</a> <a href="https://social.tchncs.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hacking</a> <a href="https://social.tchncs.de/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberCrime</a> <a href="https://social.tchncs.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.tchncs.de/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://social.tchncs.de/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DDoS</a> <a href="https://social.tchncs.de/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a> <a href="https://social.tchncs.de/tags/HeartBleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HeartBleed</a> <a href="https://social.tchncs.de/tags/Emotet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Emotet</a> <a href="https://social.tchncs.de/tags/NotPetya" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NotPetya</a> <a href="https://social.tchncs.de/tags/Stuxnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stuxnet</a> <a href="https://social.tchncs.de/tags/WannaCry" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WannaCry</a>

Christian GrobmeierYou can call yourself a senior programmer when you have at least one in your life, told yourself: "I should have logged this." <a href="https://mastodon.social/tags/java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#java</a> <a href="https://mastodon.social/tags/logging" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#logging</a> <a href="https://mastodon.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a>

Christian GrobmeierSome memories of my trip to <a href="https://mastodon.social/tags/japan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#japan</a>... <a href="https://grobmeier.solutions/en/japan-2024.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://grobmeier.solutions/en/japan-2024.html</a> <a href="https://mastodon.social/tags/java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#java</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://mastodon.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a>

Andreas ScherbaumToday, 3 years ago, the (in)famous <a href="https://mastodon.social/tags/Log4Shell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4Shell</a> vulnerability was made public.This was an arbitrary code execution in the popular <a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> logging framework <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a>, the issue was there since 2013. This vulnerability received a CVSS severity rating of 10, the highest possible.Hope you all updated your billions of devices running Java out there already!

Oliver DingWenn Du mitbekommst, dass zwar eine Java-Komponente explodiert ist, aber die im Betrieb genutzte, auf Java und Oracle basierende Hauptanwendung offenbar gar kein <a href="https://bsky.brid.gy/hashtag/log4j" rel="nofollow noopener noreferrer" target="_blank">#log4j</a> verwendet und dort daher keine Sicherheitslücke gepatcht werden muss.

Christian GrobmeierExcited and honored to speak at the <a href="https://mastodon.social/tags/Japan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Japan</a> <a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> User Group this November! I’ll dive into the story behind <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a> and <a href="https://mastodon.social/tags/Log4shell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4shell</a>, explore the impacts on the open-source ecosystem, and discuss lessons learned since. Looking forward! <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> <a href="https://mastodon.social/tags/JUG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JUG</a> <a href="https://www.java-users.jp/post/night202411/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.java-users.jp/post/night202411/</a>

Christian GrobmeierI'm getting my hands dirty with <a href="https://mastodon.social/tags/RevealJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RevealJS</a> for a talk about <a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a>, <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a>, and <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a> in Tokyo. This time, I will only travel light with my <a href="https://linuxrocks.online/@tuxedocomputers" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tuxedocomputers</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> laptop, so I started creating my presentations in an open format (as I should have done before). <a href="https://mastodon.social/tags/javascript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#javascript</a>

Benjamin Carr, Ph.D. 👨🏻‍💻🧬How to make <a href="https://hachyderm.io/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://hachyderm.io/tags/software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#software</a> more secure The <a href="https://hachyderm.io/tags/xz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#xz</a> attack, which followed other well-known cybersecurity incidents involving open source software like <a href="https://hachyderm.io/tags/Heartbleed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Heartbleed</a>, <a href="https://hachyderm.io/tags/Shellshock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shellshock</a>, and <a href="https://hachyderm.io/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a>, was another stark reminder that open source software, given how widespread it is, can pose significant <a href="https://hachyderm.io/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> risks.   <a href="https://techcrunch.com/2024/11/01/how-to-make-open-source-software-more-secure/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://techcrunch.com/2024/11/01/how-to-make-open-source-software-more-secure/</a> <a href="https://hachyderm.io/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsec</a>

Christian Grobmeier<a href="https://mastodon.social/tags/Sonatype" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sonatype</a> released its new report saying that 13% of <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a> downloads are still vulnerable. It does not mean you are a target, but you should double-check and update when possible.<a href="https://mastodon.social/tags/java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#java</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychain</a> <a href="https://www.sonatype.com/en/press-releases/sonatypes-10th-annual-state-of-the-software-supply-chain-report" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.sonatype.com/en/press-releases/sonatypes-10th-annual-state-of-the-software-supply-chain-report</a>

Christian Grobmeier3 years after <a href="https://mastodon.social/tags/Log4shell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4shell</a>, Bloomberg wrote "Hackers are still targeting <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a>". The article is not mindblowing, but it reminds us to update! <a href="https://www.bloomberg.com/news/newsletters/2024-10-09/hackers-still-target-outdated-software-flaw-despite-available-fixes?srnd=undefined" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bloomberg.com/news/newsletters/2024-10-09/hackers-still-target-outdated-software-flaw-despite-available-fixes?srnd=undefined</a>

Christian GrobmeierIn November, I will be in <a href="https://mastodon.social/tags/Kyushu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kyushu</a> (<a href="https://mastodon.social/tags/Hakata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hakata</a>), <a href="https://mastodon.social/tags/Osaka" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Osaka</a>, and <a href="https://mastodon.social/tags/Kyoto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kyoto</a>. I hope to meet <a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> and <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> people there. I am also willing to have a talk in a user group about <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a> or similar topics. If you want to meet or know a place where I can get in touch with people, please let me know. <a href="https://mastodon.social/tags/Japan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Japan</a>

Luca<a href="https://chaos.social/@Sofie_unlabeled" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Sofie_unlabeled</a> ich fand’s heute allgemein lustig, wie oft ich gelesen hab „mit Linux wäre das nicht passiert“. 1. <a href="https://troet.cafe/tags/Crowdstrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Crowdstrike</a> gibts auch für Linux. Vermutlich hätte der Bug nicht zum selben Fehlverhalten des OS geführt, oder eben doch? 2. Es gibt und gab in der letzten Zeit so viele gravierende Fehler im <a href="https://troet.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a>-Umfeld, dass der Satz „mit Linux wäre das nicht passiert“ inzwischen einfach nur noch Quatsch ist, siehe kürzlich <a href="https://troet.cafe/tags/xzutils" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#xzutils</a> und vor erst Längerem <a href="https://troet.cafe/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a>

BillWait, didn't we fix this?<a href="https://securityaffairs.com/163984/hacking/critical-apache-log4j2-flaw-still-threatens-global-finance.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://securityaffairs.com/163984/hacking/critical-apache-log4j2-flaw-still-threatens-global-finance.html</a><a href="https://infosec.exchange/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a> <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychain</a> <a href="https://infosec.exchange/tags/ttf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ttf</a>

Christian GrobmeierNächste Woche bin ich bei der <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> Usergroup in Augsburg zu Gast. Ich freue mich schon sehr! Thema: "Mehr arbeiten, aber dafür umsonst. Wie geht das?" ;-)Wer nicht weiß wie kostenfrei arbeiten geht, oder mehr über <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a>, <a href="https://mastodon.social/tags/Log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4j</a> oder das <a href="https://mastodon.social/tags/Log4shell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Log4shell</a> aftermath wissen will - willkommen.Danke für die Einladung, <a href="https://chaos.social/@lug_augsburg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lug_augsburg</a> <a href="https://www.luga.de/static/LIT-2024/talks/lasst_uns_kostenlos_arbeiten/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.luga.de/static/LIT-2024/talks/lasst_uns_kostenlos_arbeiten/</a>

Thomas Fricke (he/him)<a href="https://hachyderm.io/@oliof" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@oliof</a> <a href="https://mastodon.online/@ChrisF" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ChrisF</a> <a href="https://chaos.social/@isotopp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@isotopp</a> Ich verrate kein Geheimnis, wenn der <a href="https://social.lfx.dev/@openssf" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@openssf</a> bei den Zahlen ein bisschen Vorbild war. Mehr Details wie dort die Strategie aussieht gibt es hier <a href="https://www.bsi.bund.de/SharedDocs/Termine/DE/2023/B3_im_Dialog_2023.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bsi.bund.de/SharedDocs/Termine/DE/2023/B3_im_Dialog_2023.html</a>Der B3 Workstream u.a. mit <a href="https://fromm.social/@mainec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mainec</a> <a href="https://mastodon.social/@bkastl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bkastl</a> <a href="https://geraffel.social/@littledetritus" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@littledetritus</a> und viel Unterstützung durch das <a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bsi</a> verdient auch noch etwas Aufmerksamkeit.Dort gibt es auch einen Beitrag von den Entwicklern von <a href="https://23.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a>Ich habe keine Hemmungen, bei <a href="https://23.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> von der freien Wirtschaft Geld einzusammeln.

Christian GrobmeierI have been working a lot on the <a href="https://mastodon.social/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a> website recently! Supported by <a href="https://mastodon.social/@sovtechfund" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@sovtechfund</a> we are able to look at this much better version very soon! <a href="https://mastodon.social/tags/java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#java</a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>

Tarnkappe.info📬 Outlook Sicherheitslücke: Microsoft schließt eigenes Log4J <a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITSicherheit</a> <a href="https://social.tchncs.de/tags/CVE202421413" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE202421413</a> <a href="https://social.tchncs.de/tags/eMails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eMails</a> <a href="https://social.tchncs.de/tags/log4j" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log4j</a> <a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://social.tchncs.de/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Outlook</a> <a href="https://social.tchncs.de/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sicherheitslücke</a> <a href="https://sc.tarnkappe.info/aa381f" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://sc.tarnkappe.info/aa381f</a>

Recent searches

Search options

Administered by:

Server stats:

#log4j