Work in one of the largest financial org in the world as a Java dev for critical system (albeit not internet facing), learned of this just now on this thread...
Edit: upon checking, we're safe, it doesn't impact log4j1, only the second version. We're not cowboys using versions as young as 2012 lol.
I'm sure many folks here spent their Friday, Saturday, and possibly even Sunday patching, and won't speak up in case their profile connects to their company.
Friday mid-afternoon a Google search for the exploit showed there were many websites in several languages giving instruction on how to exploit the vulnerability. This is hitting hard and fast.
It was on the news in my country. There have been several notable ransomware attacks in the last few years, it's become an issue for a country and government that's gone all in on digital.
COVID-era restrictions to Europe and India are dropping on November 8th. Be prepared for a reflux of desperate migrants who will happily take those jobs.
(Disclaimer: I'm one of them).
> I think covid was a splash of cold water that's caused many of the people in my circle to re-evaluate how they spend their time. Tech workers are so in demand that we can freely change jobs so it follows that many people would availing that option.
No it doesn't. Hyperinflation means that although our BTC is worth more in USD, when we go to exchange our BTC for USD to go on that holiday, we'll need to give up more of our BTC since we need more USD to pay.
It would be much better if there is no hyperinflation. More and more people are moving parts of their money/assets into cryptocurrency. In the long run, holders like us will benefit. We all suffer when there's hyperinflation.
Disclaimer: My wife and I hold a significant amount of BTC in our child's trust fund.
Isn’t the thinking that BTC would increase relative to the hyper inflating currency to compensate for the inflation? So you wouldn’t have to pay more BTC for that holiday?
Reading through the entire Coinbase Cloud page and even going into the Coinbase Cloud Exchange docs (https://docs.cloud.coinbase.com/exchange/docs) doesn't make it clear what this offers over Coinbase's current API.
The difference of those two docs is one is coinbase.com, their more retail oriented option (picture robinhood), and pro.coinbase.com which is a more advanced trading platform (think or swim or other more mature investor platforms). The fee structures are different, order types, visualizations, etc (even though they likely use the same infrastructure for both) and they segregate a user’s accounts between the two (though you can freely transfer between the two).
Another major difference is on the retail platform you’re not going to see an orderbook - just a price.
All that to say, I think the main difference is access to more information about the overall market, more advanced orders, better pair selection (that usually eventually ends up on the retail platform), and the more mature financial platform.
These new docs replace the previous pro/prime API docs and extend it into new products.
The cloud product/label is where they intend to build out a suite of service offerings. API wasn't broad enough to encompass what they intend to do next.
Hi, Joe here, heading up Coinbase Cloud. tldr; this is our first step in providing a full set of API based services to build crypto applications and unifying the existing APIs that exist.
Importantly, this will go well beyond interacting with Coinbase existing products and provide tooling needed to make it easier for developers to build new web3 applications.
I feel like installing a security tool by curling a random script off the internet and piping it into `/bin/bash` is a bit contradictory. Surely there's a better way to install this?
If you're smart enough to realize that there might be something to worry about, you should be smart enough to be able to figure out how to divide the command into three parts instead of one (download the script, inspect the contents and then run the same inspected [local] script).
Every time a project with curl | sh is featured on HN this comes up. At this point we might as well write a bot that scrapes submitted pages for "curl * | * (sh|bash)" and leave this comment for all of them.
> If you're smart enough to realize that there might be something to worry about, you should be smart enough to be able to figure out how to
This is gatekeeping 101.
Some people are just starting out in security/software engineering and things like this might not be obvious to them. It's good that you have suggested what to do but there are different ways to "suggest" things.
> Some people are just starting out in security/software engineering and things like this might not be obvious to them
That's fair enough. But I wished these beginners then didn't make claims like "security tools cannot be installed like this, it's insecure", and we would all be better off.
Either you know what you're talking about and you share your knowledge. Or, you listen and ask questions in order to eventually know what you're talking about.
> What? How?
In many hobby communities, whenever new people ask questions, which are obvious to the more experienced people, some more experienced people become hostile/use more hostile language/say things like "you should know this wtf" etc. A fairly recent example I saw on Reddit of what I mean https://www.reddit.com/r/AdeptusMechanicus/comments/h7s5gw/g...
> That's fair enough. But I wished these beginners then didn't make claims like "security tools cannot be installed like this, it's insecure", and we would all be better off.
I understand where you are coming from but this is an eternal struggle with any profession.
> Either you know what you're talking about and you share your knowledge. Or, you listen and ask questions in order to eventually know what you're talking about.
Well, this is for users who do not want to work hard:)
If you wish, you can clone the project and build, other option- you can download the file from the release url.
It should be pretty simple to understand from the install.sh script.
Good luck :)
I work for a large non-US based tech company and have not heard anything about this beyond HN.