This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-12-14
Channels
- # adventofcode (38)
- # announcements (42)
- # aws (3)
- # babashka (8)
- # beginners (165)
- # calva (36)
- # chlorine-clover (14)
- # cider (6)
- # clj-kondo (5)
- # cljsrn (33)
- # clojure (27)
- # clojure-australia (1)
- # clojure-czech (1)
- # clojure-doc (1)
- # clojure-europe (26)
- # clojure-nl (6)
- # clojure-spec (6)
- # clojure-uk (3)
- # clojurescript (10)
- # code-reviews (20)
- # conjure (1)
- # core-logic (5)
- # cursive (3)
- # data-science (5)
- # datomic (35)
- # emacs (1)
- # figwheel-main (3)
- # fulcro (10)
- # honeysql (1)
- # introduce-yourself (4)
- # jobs (3)
- # jobs-discuss (4)
- # minecraft (2)
- # missionary (28)
- # nextjournal (3)
- # off-topic (45)
- # pathom (7)
- # polylith (1)
- # portal (22)
- # practicalli (2)
- # re-frame (4)
- # reagent (19)
- # releases (3)
- # remote-jobs (3)
- # reveal (1)
- # rum (4)
- # shadow-cljs (37)
- # spacemacs (14)
- # sql (1)
- # tools-build (7)
- # tools-deps (16)
- # vim (13)
- # xtdb (15)
(alt: a 6-panel comic of a person laying in bed sleeping. second panel has a brain saying "log4j on your toaster". third panel has the person in bed saying "that's not a thing". fifth panel the person looks angry. sixth panel the person is awake looking at their phone angrily, apparently looking up whether their toaster has log4j)
I totally got this from your alt text, without needing to expand and look at the image itself -- thank you (I have all images collapsed on Slack).
Oh man, that would be a rad story. Sadly, the folklore laments that the days of Lisping at the JPL / NASA are long past. I read something about FORTH flying on their spacecraft in the 2010s, but not about Lisps.
> What I meant was, this log4j thing is actually a REPL by accident Aaah ok... by "REPL thing in space 'again'" I thought you meant this: https://flownet.com/gat/jpl-lisp.html
i've just watched https://youtu.be/BcHI3U0FuoY?t=2797 and i wonder what idea is behind these diagrams that cognitect uses? a book, or a paper, or is it completely home made?
Not sure if it's exactly what you're looking for, but I believe the idea is to just understand the flow of things visually as part of the design process. Tangentially, I don't know if it was used to create this specifically, but Rich has mentioned Omnigraffle many times.
no, i am quite clear on the tool and the general idea. i thought that usually there is someone else's book behind the idea, which goes in details about the topic.
It's not really based on anything afaik
Other than just basic data flow diagrams or ERD
Woah I had not seen Stuart's flowing locks before!!
Rich often uses Omnigraffle on a Mac for drawings, so I've heard, but that isn't the crucial factor in these drawings, other than look & feel
I've heard one or more of the Clojure core team emphasize the importance of drawings in software system design work.
Although not specifically industry standard kinds of things like UML diagrams. Mainly any drawing that makes the ideas and structure clear.
following on the heels of log4j's vuln, logback has a critical update: http://mailman.qos.ch/pipermail/announce/2021/000164.html
I guess I could put this in announcements since it's a release
At the risk of making this more than it sounds, nowhere in the ticket, nor announcement does it mention it is a critical update.
they link to a PoC for RCE with logback. they don't call it critical but I do https://github.com/cn-panda/logbackRceDemo
who says it's not up to us?
I can call a vulnerability, and the associated update, critical if I want to. I have hereby claimed that authority
You don't speak for the authors of the library I imagine. I would let them speak for themselves on how they announce it to the world.
you would, and if you were announcing it to people then you could, but you didn't and I did and I feel like I'd be doing an injustice by not stressing that it's critical
call it a difference of opinion
see the thread in #announcements about why it's not overblown to call it critical
Unfortunately, what you post reaches a larger audience than deeming it a difference of opinion. What is shared here matters, so the choice of words and how we communicate that out to the channel has to be thought of carefully. The ticket (in jira) does not mark it as critical. I would rather hear from the authors who are responsible for the library than some 3rd party voice in some other community.
I linked to it, read at your leisure
and your replies in here stand as a contrary opinion for anyone who wants to read more about it, so you've done your duty for where you place authority. I can assess security threats myself and my organization is treating it as critical
How you treat it in your organisation is entirely up to you. I go by the authors of the library. They have not said at all it is a "critical" update.
Thanks for posting, @U02N27RK69K — I must admit, I spit out my coffee when I read this: > We have also removed all database (JDBC) related code in the project with no replacement. Logback can reach out to JDBC? 😂😂 😭😭😱😱:face_vomiting::face_vomiting:
done. leaving here for visibility because of the chaos of the last week around logging