Published
Weekend Reading — 🪵 Log4Jorts
This week is going to be short, someone is not caught up with their social media and feeds, but we do have some fun stories and cats.
🧰 Tools of the Trade
Thomas Steiner The new Adobe Express is lightweight design tools for the rest of us, and just open it in a browser and start using it, nothing to install, no updates to manage.
New PWA alert from Adobe: Creative Cloud Express (Adobe Creative Cloud Express) makes many small utilities available for free, for example, background removal. It's an installable experience and well deserves a spot in your apps folder. 🧰🎨
- The sign-up experience asking for my birthday and other marketing qualifying questions … could have done without that
znck/grammarly Unofficial Grammarly extension. It won't correct, but it will highlight grammatical errors and make suggestions. Best, it works with Markdown files, so now my README.md can have some proper grammar.
Code Hike Write code walkthroughs with MDX, render interactive pages with React.
PNG Parser Differential This page looks different on iOS/Safari than it does on other devices/browsers.
Dividend Growth Investor When they say “automate yourself out of a job” and you do and you still get paid the next 5 years …
🕸️ Web-end
As some of you may know, today the web celebrates a milestone: CSS turned 25 yrs old. 🎂 Yes 🎉. The style sheet language meant to embellish, can however be a little hellish. Yes. It can create some little bottlenecks. We're sharing a few posts you might enjoy. ⬇️ 🧵 Thread.
Annabelle “Another day another me. Made this with CSS.”
🧑🤝🧑 Teamwork
Half of a career in tech is requesting Google Doc access until you die.
Shreyas Doshi 👇 A thread explaining the difference between product thinking vs project thinking. I'm not picking side, but let me tell you, if you're working for a team that does one, expecting it would do the other, you'll be disappointed and discouraged.
As they grow in size, teams within megacorps and startups tend to implicitly bias more towards Project Thinking and not enough Product Thinking.
Product Thinking is a mindset and a process that, once you see, you cannot unsee it.
Product Thinking, Project Thinking, a thread:
📈 Business Side
I blew $720 on 100 notebooks from Alibaba and started a Paper Website business Cool story though:
I started a business that lets you build websites using pen and paper. In the process I went viral on Twitter, made $1,000 in two days, and blew $720 on 100 paper notebooks from Alibaba.
🔒 Locked Doors
The last time the Internet had an all-hands meeting it was Heartbleed.
Cybereason/Logout4Shell Using the Log4Shell vulnerability to vaccinate servers against Log4Shell:
The Cybereason research team has developed the following code that exploits the same vulnerability and the payload therein sets the vulnerable setting as disabled. The payload then searches for all
LoggerContext
and removes the JNDIInterpolator
preventing even recursive abuses. this effectively blocks any further attempt to exploit Log4Shell on this server.
Thinking of putting a JNDI log4j trigger in my email signature so I can see if anyone’s logging copies of my mail. Would be exciting to get some pings back from, say, Alexandria Virginia
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution So office scanners/copiers have this compression algorithm called JBIG2, which would sometimes mess up the text you’re scanning(*). The iOS PDF rendering stack supports this format. Cue a subtle bug, which lets you “program” the de-compression algorithm and turn it into a VM …
JBIG2 doesn't have scripting capabilities, but when combined with a vulnerability, it does have the ability to emulate circuits of arbitrary logic gates operating on arbitrary memory. So why not just use that to build your own computer architecture and script that!? That's exactly what this exploit does. Using over 70,000 segment commands defining logical bit operations, they define a small computer architecture with features such as registers and a full 64-bit adder and comparator which they use to search memory and perform arithmetic operations. It's not as fast as Javascript, but it's fundamentally computationally equivalent.
* I think you can tell when a PDF was scanned with one of these devices: it will let you select and copy text, but not contiguous texts, and random word breaks and disappearing letters.
Use programming-positive language!
🚫 DON'T say "arbitrary code execution vulnerability"
✔️ DO say "surprise extension API"
⭐ None of the Above
Karl Ammaaaazing! “Hey y’all! I compiled my best and favorite reloads! No robot voice and now widescreen format! Enjoy!! :)”
My 8-yr old grandson came running downstairs shouting, “Grandaaaad!”
I said, “What?”
“No need to buy me a bike for Xmas Grandad!”
I said, “Why not?”
“Cos I jus found one behind the wardrobe!”
AITA for “perpetuating ethnic stereotypes” about Jorts? There’s an important update on the Jorts story and this is how cats become internet celebrities:
More importantly: the cats’ presence greatly enhances our work with our clients, and Jorts’ friendly nature has been so great. Both cats truly are doing important work. Truly Jorts deserves to be treated with respect.
We all deserve to be treated with dignity at work, so I will apologize to Jorts about some things that were insensitive or disrespectful.
Mel ✅
The dopamine-seeking urge to add something you just finished to your to-do list just so you can check it off.
Lyle (not Kyle) McKeany 👇 This thread is not what it looks like:
HOW TO WRITE BETTER STORIES IN 4 EASY STEPS
I’ve spent the better part of the past year writing and publishing my newsletter. Over that time, a lot of people have asked me how I do it.
Thread 🧵
Buitengebieden “This is the best thing ever.. Well done little one.. 💪”