Would YOU patch a global CVE… unpaid… over your vacation? That’s what the #Log4j team did. But the full story goes way deeper — punk roots, #OpenSource fights, near-abandonment & one massive comeback.
Read Christian Grobmeier’s story: https://javapro.io/2025/06/10/the-long-history-of-log4j/
How did a tiny Java logging lib bring the internet to its knees? How did unpaid devs patch it in the middle of global panic? And what’s next for #Log4j? Christian Grobmeier takes you inside one of #OpenSource’s wildest stories.
Read it now → https://javapro.io/2025/06/10/the-long-history-of-log4j/
Von „an/aus“ zu Hierarchien. Von Punk zu @theasf. Von SEMPER zu SourceForge. #Log4j war nie nur ein Tool – es war Revolution, Rebellion, Rettung. Christian Grobmeier nimmt dich mit durch 30 Jahre Code und Chaos.
Lies seine Story, lass sie wirken & teile: https://javapro.io/de/die-lange-geschichte-von-log4j/
Ein Logging-Framework. Ein Bug, der das Internet erschüttert! Ein paar Freiwillige, die es retteten! Die wahre Geschichte von Log4j ist dramatischer als jeder Thriller.
Christian Grobmeier verrät, warum #Log4j überlebte & was das für #OpenSource bedeutet: https://javapro.io/de/die-lange-geschichte-von-log4j/
Gerade hab ich die Folge "Das wichtigste Hobby der Welt" vom Wild Wild Web Podcast gehört. Ein sehr passender Titel, denn es geht um die bekannte Tatsache, dass große Teile der weltweiten IT Infrastruktur auf der Arbeit von ein paar Dutzend #opensource Entwicklern beruht, die den Code fast immer in ihrer Freizeit pflegen. Zuletzt ist das mit dem #log4j Vorfall mal wieder in den Fokus geraten, von dessen Maintainern hier auch jemand zu Wort kommt. Anhören lohnt sich
Wahnsinn. #opensource #linux #log4j #itsec #exploits
"I am no hero" Unfassbar gut, lieber @br_data ! #br #bayerischerrundfunk
Linkempfehlung ARD Audiothek
It feels good when something is finished, and I just finished the article for the new Javapro magazine. It's about the history of #Log4j. Proud of it. Needed a lot of chocolate. Not from #Java though, but #Japan :)
Log4ts — библиотека, которой не должно быть
В этой статье я хочу рассказать о моей библиотеке, которой не должно существовать. Почему её не должно существовать? Потому что функциональность логирования, по моему глубокому убеждению, должна быть в числе первых включена в любой новый язык. А разработчики старых языков тоже должны об этом подумать и включить логирование, если это ещё не сделано, в ближайший релиз. Библиотека Log4ts вдохновлена идеями Log4J и обеспечивает логирование в программах, написанных на TypeScript. Далее в этой статье я расскажу о том, как её установить, использовать и конфигурировать. А в конце я опишу коротенько другие мои библиотеки, которые тоже не должны были бы существовать.
How pray tell is this a good move??
Department of Homeland Security (DHS) disbands all memberships of advisory committees including the Cyber Safety Review Board (CSRB). https://thehackernews.com/2025/01/trump-terminates-dhs-advisory-committee.html #Hackers #CyberSecurity #cybercrime #DHS #CSRB #Log4j #SaltTyphoon #security
Spent the past year working with @pkarwasz on #Log4j. What started as patches turned into deep dives into #SBOM, VEX, and securing supply chains.
In 2025, we’re building a small #Maven-based tool to help #Java devs write more secure software. No big funding—just two folks in the trenches trying to get it right.
Let’s talk if your company’s digging into SBOM or #OpenSource #security. We’re happy to share insights or lend a hand!
20 Jahre #Melani: Die grössten Fälle - inside-it.ch https://www.inside-it.ch/20-jahre-melani-die-groessten-faelle-20241219 #Hacking #CyberCrime #Malware #Ransomware #DDoS #log4j #HeartBleed #Emotet #NotPetya #Stuxnet #WannaCry
Cybercriminelen benutten vakanties voor aanvallen: hoe organisaties zich kunnen beschermen https://www.trendingtech.news/trending-news/2024/12/50348/cybercriminelen-benutten-vakanties-voor-aanvallen-hoe-organisaties-zich-kunnen-beschermen #cybersecurity #vakantieaanvallen #sociale engineering #Log4j #beveiligingsstrategieën #Trending #News #Nieuws
Some memories of my trip to #japan...
https://grobmeier.solutions/en/japan-2024.html
#java #opensource #log4j
Today, 3 years ago, the (in)famous #Log4Shell vulnerability was made public.
This was an arbitrary code execution in the popular #Java logging framework #Log4j, the issue was there since 2013. This vulnerability received a CVSS severity rating of 10, the highest possible.
Hope you all updated your billions of devices running Java out there already!
Excited and honored to speak at the #Japan #Java User Group this November! I’ll dive into the story behind #Log4j and #Log4shell, explore the impacts on the open-source ecosystem, and discuss lessons learned since. Looking forward! #OpenSource #JUG
https://www.java-users.jp/post/night202411/
I'm getting my hands dirty with #RevealJS for a talk about #Java, #OpenSource, and #Log4j in Tokyo. This time, I will only travel light with my @tuxedocomputers #Linux laptop, so I started creating my presentations in an open format (as I should have done before). #javascript
How to make #opensource #software more secure
The #xz attack, which followed other well-known cybersecurity incidents involving open source software like #Heartbleed, #Shellshock, and #Log4j, was another stark reminder that open source software, given how widespread it is, can pose significant #security risks.
https://techcrunch.com/2024/11/01/how-to-make-open-source-software-more-secure/ #itsec
#Sonatype released its new report saying that 13% of #Log4j downloads are still vulnerable. It does not mean you are a target, but you should double-check and update when possible.
#java #security #supplychain
https://www.sonatype.com/en/press-releases/sonatypes-10th-annual-state-of-the-software-supply-chain-report
