Mining the Logs | Coder Radio 444

The broader software problem the Log4Shell vulnerability reveals, and the story of how Chris lit his Coder robe on fire... While wearing it.

Sponsored By:

• Linode: Receive a $100 60-day credit towards your new account. Promo Code: linode.com/coder
• Network Membership Holiday Discount: Support the entire network, and get access to every member's special feed for every show on the network. Sign-up before the end of the year and save $2/m for a year!

Support Coder Radio

Links:

• Apple Silicon Guide — A guide covering Apple Silicon including the applications, libraries and tools that will make you a better and more efficient with your Apple Silicon powered device.
• notes.jupiterbroadcasting.com — This site is a searchable archive of the show notes for the all Jupiter Broadcasting shows. Home to the best shows on Linux, Open Source, Security, Privacy, Community, Development, and News.
• How does Jupiter Broadcasting's notes site work? — It was a normal (for 2021) Sunday evening back in July, I was minding my own business, obviously doing something super cool, when I spotted a message from a certain badger-y fellow in the Self Hosted show’s Discord
• Hackers start pushing malware in worldwide Log4Shell attacks — When the Log4j application parses these logs and encounters the string, the bug will force the server to make a callback, or request, to the URL listed in the JNDI string. Threat actors can then use that URL to pass Base64-encoded commands or Java classes to execute on the vulnerable device. 
• Microsoft quietly told Apple it was willing to turn big Xbox-exclusive games into iPhone apps — In reality, Microsoft was willing to play along with many of Apple’s demands — and it even offered to bring triple-A, Xbox-exclusive games to iPhone to help sweeten the deal.
• What’s in Apple’s iOS 15.2, iPadOS 15.2? Nude-Image Detection — In order for the feature to work, parents need to enable it on a family-sharing account. 
• Linux Action News 219: Log4Shell Coverage — The Log4Shell vulnerability is making waves this week; we'll explain why and break down how it works.