Show Navigation
Notices by musicman (musicman@nu.federati.net), page 44
-
welp, I guess there's no turning back: https://www.openlogic.com/open-at-home
-
Pluralsight thinks I know things on K8s. I don't think I know enough to be giving presentations on it, but we'll see how it goes.
-
#RUSA waited until June 28 to cancel July. I need to put the Aug 8 ride out of my head until Aug 1, but that is going to be pretty tough.
-
https://camel.apache.org/camel-k/latest/index.html
um, I am pretty sure a few other things are needed...
-
this is NOT the talk I was talking about giving.
I am not exactly sure why this has come to me except that it is something that I need to learn, and it is an intro talk. We have #Camel experts on the team (people that have given talks on it at ApacheCon, for example)
-
well, more specifically, Camel K.
-
I knew about it, but not much more than that. Now I am giving a talk on it...
-
finder on Mac is spectacularly bad.
-
Anybody got any #ApacheCamel resources they like?
-
I know @pete ...but I didn't when we fediverse met.
There have been a few others that have come and gone over the years, but mostly just twitter refugees that went back when they figured out the fail whale (which I think was them moving to #Java).
@edythemighty and @marxistvegan are probably the two I spent the most time talking to here, but again, neither of them did I know IRL before fediverse. I still keep up with Edy, but he's just not in the fediverse.
-
fucking hell. Just got asked to give another talk at our internal conference. I guess it is nice to be wanted, but I have enough going on already...
-
so, my talk for our internal conference got accepted. Now I actually have to put it together.
This is a different talk than the SeaGL talk.
-
"I am local to the Pacific Northwest" they seem to be giving preference to locals, but I can reuse the abstract.
-
my YouTube stuff is all CC BY, so people can post wherever they like. Perhaps I will toss it on archive.org as well if I ever do it. Related post coming up...
-
Are there any tech conferences looking for talks right now? I just thought of one I think a lot of people would like.
As I type, I realize I can just record it on YouTube, but still, perhaps I can tailor it a bit for specific audiences.
-
The #Alfresco manual install has the same issue that the docker containers do...maybe more so. The package downloads are not getting any updates. At least with the containers you can easily replace the container (not that it is guaranteed to work, but it did with the search services I tried yesterday)
-
tempted to ask this guy if he knows about the Page Up key...
-
yeah, I can read the logs, but the info I want isn't there. I was going to increase the logging level higher than INFO
-
I missed the standup today, but it might have been mentioned there. We don't do any hosting, so we just wait for people to ask...usually. It's possible we would reach out to customers we know would have this.
I only vaguely watch the queue at this point.
I don't see a lot of Tomcat tickets, but there is one from yesterday. It doesn't *seem* related, but I can't say for sure without digging in, which is probably not going to happen.
I should check to see what version of Tomcat #Alfresco is using, but Alfresco isn't public facing, so I'm not that worried about it. And right now, there's not really any data to worry about losing.
-
SECURITY CVE-2020-13935 Apache Tomcat WebSocket Denial of Service
https://nu.federati.net/url/272819
>CVE-2020-13935 Apache Tomcat WebSocket Denial of Service
>
>Severity: Important
>
>Vendor: The Apache Software Foundation
>
>Versions Affected:
>Apache Tomcat 10.0.0-M1 to 10.0.0-M6
>Apache Tomcat 9.0.0.M1 to 9.0.36
>Apache Tomcat 8.5.0 to 8.5.56
>Apache Tomcat 7.0.27 to 7.0.104
>
>Description:
>The payload length in a WebSocket frame was not correctly validated.
>Invalid payload lengths could trigger an infinite loop. Multiple
>requests with invalid payload lengths could lead to a denial of service.
>
>Mitigation:
>- Upgrade to Apache Tomcat 10.0.0-M7 or later
>- Upgrade to Apache Tomcat 9.0.37 or later
>- Upgrade to Apache Tomcat 8.5.57 or later
>
>Credit:
>This issue was reported publicly via the Apache Tomcat Users mailing
>list without reference to the potential for DoS. The DoS risks were
>identified by the Apache Tomcat Security Team.
>
>References:
>[1] http://tomcat.apache.org/security-10.html
>[2] http://tomcat.apache.org/security-9.html
>[3] http://tomcat.apache.org/security-8.html
SECURITY CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service
https://nu.federati.net/url/272820
>CVE-2020-13934 Apache Tomcat HTTP/2 Denial of Service
>
>Severity: Moderate
>
>Vendor: The Apache Software Foundation
>
>Versions Affected:
>Apache Tomcat 10.0.0-M1 to 10.0.0-M6
>Apache Tomcat 9.0.0.M5 to 9.0.36
>Apache Tomcat 8.5.1 to 8.5.56
>
>Description:
>An h2c direct connection did not release the HTTP/1.1 processor after
>the upgrade to HTTP/2. If a sufficient number of such requests were
>made, an OutOfMemoryException could occur leading to a denial of service.
>
>Mitigation:
>- Upgrade to Apache Tomcat 10.0.0-M7 or later
>- Upgrade to Apache Tomcat 9.0.37 or later
>- Upgrade to Apache Tomcat 8.5.57 or later
>
>Credit:
>This issue was reported publicly via the Apache Tomcat Users mailing
>list without reference to the potential for DoS. The DoS risks were
>identified by the Apache Tomcat Security Team.
musicman
GeniusMusing
All Jonkman Microblog content and data are available under the