sucks
log4j_POC
sucks | log4j_POC | |
---|---|---|
3 | 4 | |
254 | 242 | |
- | - | |
10.0 | 0.0 | |
almost 4 years ago | about 3 years ago | |
Python | ||
GNU General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sucks
-
Ladybird: A new cross-platform browser project
This is correct, and it's why most open-source software will never have much in the way of users:
> They're written from the perspective of the developers
And I get it. A few years back I had an open-source project [1] get users and it was terrible. What had previously been a fun technical exercise became a pain in the ass that felt a lot like actual work. I was relieved when my hardware broke and I had an excuse to archive the project.
But that does create a huge gap that mostly gets filled by commercial interests.
[1] https://github.com/wpietri/sucks
-
Professional maintainers: a wake-up call
It seems like you haven't quite got the concept of open source. If everybody consumes and nobody contributes, how long will that last?
A while back I bought a cheap robot vacuum. Their scheduling feature didn't meet my needs, so I reverse-engineered the protocol and open-sourced a cron-friendly CLI tool and a library so people could do other things with it: https://github.com/wpietri/sucks
Honestly, this was a mistake on my part. It was a demanding audience of home-automation hobbyists mostly without programming skills. The company was thoroughly unhelpful. When my vacuum finally broke, I was relieved, as I had a good excuse for trying to hand off the project. Nobody stepped up, so I shut it down. I just ran out of interest in doing free work to support a company worth billions.
I really admire the community spirit of open source But it's not sustainable if companies making their money off it keep depending on the niceness and generosity of others without giving back enough to keep them happy, healthy, productive people.
-
XMPP, a Comeback Story: A Protocol for Robust, Private and Decentralized Comms
I reverse-engineered the comms for my cheap Ecovacs robot vacuum and was surprised to discover that, like some angsty teen, it spent all day hanging out in an XMPP chatroom waiting for somebody to talk to it: https://github.com/wpietri/sucks/blob/master/developing.md
log4j_POC
- The Log4Shell vulnerability may have been exploited since August 2021
-
Professional maintainers: a wake-up call
> library had a bug
That was exploited since April
https://github.com/nice0e3/log4j_POC
... this 'bug' is RCE on the logging infrastructure.
> Can you explain why you think the majority of authors/maintainers burn out?
Please try maintaining a popular FOSS project for a few years and explaining to your wife why you neither have any money nor have any time.
-
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
You are talking about this? https://github.com/nice0e3/log4j_POC
No. That was another vulnerability which was for an older version of log4j, end of life 2015. https://www.cvedetails.com/cve/CVE-2019-17571/
-
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
Someone had a POC 9 months ago https://github.com/nice0e3/log4j_POC
What are some alternatives?
cinny - Yet another matrix client
selling-partner-api - A PHP client library for Amazon's Selling Partner API
matrix-bifrost - General purpose bridging with a variety of backends including libpurple and xmpp.js
CVE-2021-44228-Apache-Log4j-Rce - Apache Log4j 远程代码执行
meshnet-lab - Emulate huge mobile ad-hoc mesh networks using Linux network namespaces.
CVE-2021-44228-Apache-Log4j
sh - Python process launching
ohmyzsh - 🙃 A delightful community-driven (with 2,300+ contributors) framework for managing your zsh configuration. Includes 300+ optional plugins (rails, git, macOS, hub, docker, homebrew, node, php, python, etc), 140+ themes to spice up your morning, and an auto-update tool so that makes it easy to keep up with the latest updates from the community.
polyjuice_server
deon - DeObject Notation Format
ocaml-matrix - Implementation of a matrix server in OCaml for MirageOS