Log4j security Issues have come up and then been (ab)used a lot since October 2021 due to defects in its design that affect a lot of other products
It is a 20-year-old open source project Meaning that it is essentially a free software Library that may be used inside any number of a very large number of other pieces of software out there
Its purpose is to create a log file reporting what the main software is doing.
There is a small chance you may be aware that your piece of software uses this.
There’s a bigger chance you use some software that has got this embedded in it That will cause your security problems- And you may not even be aware of it.
The game software “Minecraft” is the most prominent example, but exists elsewhere.
The probability exists that in fact problems will arise from websites and web hosts who are more likely to use this software meaning that they could be issues securely accessing certain websites,
I will add more items here as I learn about it
By that I mean, you cannot be sure that Facebook, Twitter, your bank, PayPal etc. don’t in some form use this in their infrastructure – being 20 years old, quite often software infrastructure is incompletely documented and it’s not realized this is being used
Companies do have to be motivated to go look for it, and in the worst case they wait for something to fail then run 🏃♀️ and jump on it – the problem is, nothing may go wrong but it could be used as a way to steal passwords & credentials
If you were someone that is abusing the service in order to steal passwords and credentials, it behooves you to not damage the website so that nobody would notice… Just remember that.
I did not design this therefore I am not supposed to criticize this,
am I?
But I did pay for this Device so does that give me Some Rights about Complaining?
How about if I am borrowing someone else’s stuff? Here we go:
This above describes ONE button which affects a tiny display area of display on a remote concerning… well, you tell me.
That’s all you really need to know.
If you think I am not being helpful saying what the other seven controls are in the instructions, believe me, you don’t want to know. the only one that’s straightforward is the ‘On/Off” button which even so has a layer of qualifications about what exactly that means..
The symbology/synology is truly obscure even given that the Design is obviously from China and would better have been presented in Kana or actual ideograms
</RANT>, as they ‘Say’.
I was talking to my friend S. today about why a blog just like this one could help one’s business.
On this site I blog my technical stuff all the time.
You might be surprised to learn that’s mainly so I can actually keep a record of some of the things I have learned which is a fraction of all the things that go past my desk every day.. Hopefully your Google search brought you here because of the terms used, so you know I have dealt with your situation on some level.
Item-
Make blogging as easy, fast straightforward and trouble free as possible:
This blog was “written” On the free WordPress app for the iPhone into which you can dictate which I’m doing right now
Item–
If what you are blogging about seems too simple to mention remember that people enjoy simple stuff when they are having trouble with it, so long as it’s explained in an un intimidating way.
Nothing is more frustrating than to hear somebody say to you: “oh that’s simple enough” when you know that it’s not – to which the response must be
“If you find it so easy, you go ahead and do it”
Item- Do just one thing and prevent self censorship
So, why do corrections from the outset🥸? Fix it later but get it out the door.
It’s not a nuclear weapon or a defibrillator design. No-one will die.
it won’t even harm anything except your own self critic & ego if it’s Not Quite Right –
yet. Because it seldom if ever IS right. Be Judicious With Your Critics- I don’t; mean ‘choose sycophants’ I mean choose those who have constructive insights and well proven techniques, not anecdotal things like:
‘Cat Pictures Always Improve Rankings!’
I just corrected that paragraph right now before finishing. Mistake. Better to go back and fix it after. I am subject to breaking the ‘rules’ I am talking about, too
Try to avoid overthinking things and just get the stuff out there with as few technical obstacles as possible
Case in point for my friend’s blog -she is a smart, determined virtual assistant which in simple terms means being roaming office assistant and facilitator with high attention to detail mostly working online who won’t give up when things get “interesting”.
She was just asked by client ‘R’ to file paperwork for a fictitious business name renewal. This is a bit of bureaucracy which anyone who runs any kind of business is really supposed to do and on the face of it appears easy if you do it more than once-
She spent some time that I will not go into researching the county and state websites for the correct way to do this and any missing pieces of the puzzle.
Yes, of course it is easy to do but somewhat trickier to get it right
There’s a reason to take a driver test, for example,
because it’s easy to drive a car but you need to get it right :-)
Interestingly this morning after my rambling about what a good idea this was, then I realized, “If it’s so easy, why don’t I just do it?”
Why ask your dog to do tricks that you wouldn’t do yourself?
so here we are. This. Here. Now.
I timed this initial free-ish form dictation and it was completed in under 10 minutes. corrections may take another 15 minutes because Google likes images put in with the blog. Here, I hope this one will Help! “You Just Never Know”
( I avoid that term but used it anyway)
That’s possible on the WordPress app on the iPhone but it’s far easier and basically faster to do that step from a full screen on my laptop.
All about Efficiency. 60 seconds. I timed it.
But that is a whole different blog about making your blog itself tasty to Google. Which brings me to one final point:
Do one thing. Do only one thing. Do nothing but that one thing.
What I mean by that is right now, I am dictating a blog and not messing around with WordPress being funky, Internet woes, or my rotten typing skills or being distracted by the need to go to the bathroom or figure the right moment.
There never is the right moment except: now.
Surely I could afford 10 minutes right now, couldn’t you?
And why not dictate your Blog while in the bathroom
(That’s two things but one is automatic, I assume, so may not count?).
And if your technology is letting you down so you cannot get done with that one thing?
Stop that one thing so the Obstacle Itself becomes that One Thing. I was strongly influenced among others by the author A.J.Jacobs about this.
“Identify The Problem” is always the 1st. step in troubleshooting.
Then, Visit That.
I really propose it in my personal life and technology career everything consists of
one work around or another at a time and occasional single Final Fixes; But not Often..
The android phone such is made by LG, Samsung and others can over time become cluttered with software and files and unusable,
this can affect the speed of operations and even call quality
This can happen naturally over time as older phones have poor quality housekeeping and do not regulate their storage very well..
Can also happen because of the millions of applications out there, a few of which you may have on your phone which have been found to cause problems by snooping and behaving badly; Google often finds out about these and disables them, but not always.
Ideally you would have access to a second completely empty android phone and simply switch over. You do need to check the Google account you used on your phone which is the account it uses to back up your contacts and other information onto the Internet in the so-called cloud.
You can visit https://contacts.google.com first, on a webpage on a separate computer ideally and be sure to use the exact same account as exists on your phone right now (some people have more than one Google account… )
to see that your important contacts and phone numbers are indeed stored in the google Cloud.
What you see there is what will come back after you have reset the phone and put the Google account back in
Other stuff will be backed up as well; Be sure you have the right password!
but possibly important things may not be backed up such as text message history
Not taling about public transport here so much is the interface on computers whether they are Mac or PCs, to communicate with peripherals, a.k.a. outside devices. I would give credit for this graphic but I can’t remember where it came from and I’m looking for a clearer one
Some of these interfaces are not available in all machines for example PCI/PCI-E requires plug-in slot on what is typically a desktop machine- if you are a Mac user you need to pick one of the species of Mac pro tower machines for that because you will not be able to do it on a Mac mini nor any laptop
Switching Email address?
Switching hosting-providers?
Gigabytes of valuable mail you cannot afford to lose?
You could use free THUNDERBIRD Email program and load it with more than one IMAP Email account, for each Email system you have
Then drag files and folders between the two- effective for low volumes but highly unreliable and requires a high level of attention to detail, double-checking and second guessing as it is you alone that keeps track of what you have and have not copied- The rate is typically about 30 standard sized messages per minute- Attachments can slow down or break the transfer : (
Best Strategy-
First:
Backup your Email somehow, do some Housecleaning- Sorting messages by attachment size and try to kill of the largest offenders– you can detach important attachments like photos THEN delete the messages- Thunderbird even allows you to “Detach” attachments leaving the parent email behind without its attachment,
Sort By Subject
This will bring all the Mailing-List items into a group as they tend to share the same initial wording at least like
“[Poodle Fanciers] Q: About miniatures…” Sort by Sender.
Whoever sends you all this cartoons everyday can be batched up and dealt with. Finally: Empty Trash.
Art Of Logic specializes in large IMAP mail migrations using PERL scripts customized from the command line using https://imapsync.lamiral.info by Gilles Lamiral. That site actually will do up to 3GB free at one go for you
(YOu are of course trusting your Username & Password to him while doing so 🙂 I use highly customized version of this script whose only size limitation is the transfer rate and time
We can move a whole office of Emails between hosts for you or between providers
In particular we can migrate you off ugh Office365, Yahoo!, AOL.COM and other vexatious troublesome hosts.
It seems like you may have Downtime on your valuable communications– Not necessarily.
We can sync up your Email folders from our high speed colocated servers without interfering with your Workflow.
In fact, we specialize in moving everyone’s Emails into the likes of GMAIL, Google Apps AKA Google Workspace
Usually $5/mo per account, this is free if you are a legitimate NonProf 501(c)(3) for your whole enterprise.
We can do this for you, too.
WordPress is a so-called content management system that is the public face of very many websites, over 50% of them out there now.
ArtOfLogic both moves sites for you and can create them from scratch for you.
WordPress software itself is free and does not belong to any particular platform or place, but is supported by a great many web hosts (the company that stores and displays your pages for you) around the world. While it is not rocket science in itself, using standard web technologies named PHP page scripts and MySQL database, typically it will be heavily customized by the web host themselves and also by the client (likely you or your designer)
with various plug-ins and artistic flourishes.
ArtOfLogic has been working with PHP /SQL for 20+ years & has been building and moving WordPress websites for over 10 years, an increasing amount of this consultancy consists of helping people to move their entire website from one host to another as transparently as possible.
We stopped hosting such websites for clients ourselves several years ago because clients are better served by using major systems that have 24 x 7 support, high reliability and monitoring and multiple redundancies- at prices around $100 a year
Some hosts that shall remain nameless and notoriously difficult and expensive to deal with and some do not even have a real person to speak to on the phone. So we help you Leave.
The client remains in control of the new registration of their domain name, the domain name database service,
the hosting and the WordPress itself. For our part, we make sure when it comes over that unneeded things are left out, and that several important tools are added to perform metrics and security, and that it’s all up-to-date
You have to keep the Bulgarians out while being able to measure your real visitors!
ArtOfLogic do very little graphic design (We designed this site ourselves and it shows!) but can refer that out.
We also install themes of your choice with the caveat that these can sometimes be quite complex and involved with interesting layouts and behaviors. There are ready-made templates by the thousands, some of them free and some of them very complex and costly.
Over 8000 free right here: https://wordpress.org/themes/
The same goes for plug-ins – these are additional pieces of software that add functionality to your website such as photo galleries geolocation, weather reports and so forth.
Again, many but not all are free. See here https://wordpress.org/plugins/
As a sidenote – because of understanding the underlying technology we will also perform the kind of optimising that makes your site attractive to Google and other search engines with settings that even a few years ago did not have a major impact – for example all sites now are expected to have a security certificate “https//” and a so-called site map which should be auto generated every time there is a change.
Google no longer wants to go looking for your Changes,
It needs to be told what you’ve done and when you have done it otherwise it will not bother anymore ‘crawling’ your site as it used to. Here is our auto generated Sitemap, for example
auto generated by a free Plugin named YOAST
Remember, that paying for Google advertisements is a poor substitute for being found as well as you possibly can be, using free, organic searches with metrics to help your decisions about advertising
Being found by Google is not black magic; It’s well documented how to make them interested in your site and we have been doing this for years. Only then should you consider paying for ads and be very sure that you are presented with the return on your investment if you hire a search engine optimizing (SEO) company- and oh-
Look for their Portfolio.
Whatever we do, we always provide the stats.
Your visit with us will wrap up by making sure the pieces are in place for the site to update itself regularly against break in attempts and mischief, which you are notified of by email.
If you decide to sign a contract we take care of all of this for you complete with reports every month. We also perform Uptime Monitoring.
We have specialized for years with nonprofits but will gladly work with almost anybody anywhere 🙂
(Google Workspace email etc. is free to non profits- we help you do that up if needed)
We also provide training- a fairly new addition to our services.
FFMpeg: https://ffmpeg.org/ is an Extremely Ugly, Extremely *powerful* command line tool to process movies and stills.
My examplesa are for Linux, likely MACOS- Windows varies slightly.
Here are some of my most useful commands as a reference for Myself, really:
Break [MJPEG] Input Movie into single JPG still frames in the same directory:
[h265 is super compressed, libfdk_aac is the highest quality AAC encoder you can use]
Above example, but Batch convert files into an (existing) folder “output” below this one, keeping main filename:
for i in *.avi; do ffmpeg -i "$i" -c:v libx265 -c:a libfdk_aac./output/"${i%.*}.mp4"; done
Top Example, Batch, convert multiple videos into a huge collection of numbered frames (for fun work re concatenating, etc) This will create: file1_0000.jpg (4 digitas count upward)
file2_0000.jpg (same Story for file1.avi, file2.avi: for i in *.avi; do ffmpeg -i "$i" -c:v copy ./output/"${i%.*}_%3d.jpg"; done
Scenario 1: a Joke. Or is it? Woman walks in the park and sees a man and a dog sitting at a bench. “Does your dog bite?”, asks the woman
“No”.
So, The woman proceeds to pet that dog, which promptly bites her. “I thought you said your dog didn’t bite?” says she, angrily indeed.
Says He: “This is not my dog.”
Lady Loses based on a wrong assumption.
Gentleman loses due to lack of, well,
common decency in recognizing assumptions of others
Scenario 2: Serious. Sort of. You are in a park, the same hypothetical park may be.
A dog & its (Obvious) owner are there and Rover approaches you. So you say:
“Can you call your dog back please?”
The owner says something like” “Oh she is friendly” or similar. Wrong answer. basically, a non-sequitur. You did not ask: “Is your dog friendly?”
Right one is “Yes” and “Heel” or something to comply,
Isn’t it? Anything else basically says: “!F..k you!”
Or am I crazy? Just get the Dog Away. As Above!
The reasoning is the same as above.
Treatment:
Technology is never about technology,
owning a dog is not about owning a dog. Let that sink in.
it’s always about being so called Human.
We Humans imagined, considered, designed, implemented and supported various choices whether it was a about a fire-stick, tractor, Boston terrier or nuclear weapon.
Forget the dog.
Think: “Human!”
Scenario 3: Tech Support: “We have never had any complaints about (xyzzy) before”
Problem: This assumes everything is Fine and that their “dog” does not or would not or could not bite you or yours
But you just got bitten. Dump that company.
In providing tech support I generally avoid the parental incantation:
“Because I Say So” about removing questionable software, for example.. and I try hard to cite the source of my concerns, usually with well respected web site links.
Security-wise, I love “Krebs On Security” by the way.
It’s also hard to be the point-person for design screw ups elsewhere.
“I am not responsible for this other person’s dog, right?”
I am well aware of the other company’s shortcomings that are unknown to the caller.
They are calling ME and not calling Company 1XYZ
They may have tried, mind you.
This is a minefield of problems,
Should I take on the shortcomings of Company 1XYX?
Am I willing to get a client’s transfer of angst against 1XYZ to me?
Yes. on two conditions.
1) I cannot guarantee success or that it will not get worse
2) It’s at least $500/hr with all meals and ‘entertainment’ included and may get posted to YouTube,
Those of you who know me will know which products & company I am referring to- and a few well known Web Hosts to boot.
Scenario #3
A tennis star goes to the doctor and reports pain on raising her arm above horizontal- a limited range of motion, it might be called.
“So it hurts when you raise your left arm?” says the good doctor
“Yes” says she
“Well, that’s easy. just don’t do that then”
says the good doctor.
Treatment:
The only real computer security that exists is the computer you don’t have that’s not plugged in and you never owned or touched.
Practical, right? Just don’t do the thing that causes the Problem.
So the only real identity security is the one you don’t have
Unrealistic, right?
Nevertheless, guess what? #3 CAN be a useful insight.
If your database keeps screwing up, ask yourself,
“Does my information need to be in a database at all?”
Years ago I heard- and this may be apocryphal- that nuclear submarines- high tech like nothing else- would keep an inventory of supplies and spares on paper index cards.
Not infallible but orders of magnitude more reliable. Somerset Maugham, the somewhat famous British writer started out hoping to be a painter in Paris, and was told:
“You are good but you will never be great”- So he took up writing…….
Credits: MARYX Blog (Click Image)
Scenario #4 AND Treatment, All In One!
the so called X Y Problem
In imagining Y is the solution to problem X, means to support problems with Y completely lose the original objective: Problem X.
Example:
“Ink Jet Printer Ink Is So Expensive!”
so, I tried elaborate “Solutions to Problem Y”: refurbished cartridges, refilling cartridges, “economy” printing, different brand of inkjet printer that could print using a single black and white cartridge even when the colors had run out. Yep. You know what I am talking about. I even got a “Chip Resetter” to defeat the manufacturer’s clever trickery that tried to force you to buy only their own fresh cartridges. Here’s looking at you, HP, Epson…
All of it a Big Problem- several, really.. and Very Interesting:
Which led me to think:
The problem is really X: “Cheaper Printing- How?”
not: “Expensive cartridges are a Problem”. If I mostly print in black & white, why not use a laser printer?
(Color lasers are still too expensive for me)
In fact, at “root cause” one might even ask- Why print at all? If you need to give some pages to someone, why not send a PDF files..?
Just Sayin’.. (I hate that expression)
On the face of it, a laser printer may cost a bit more.
Inkjet printers are “loss leaders” or “Sample Drugs” so you are now stuck with cartridges that cost more than the printer itself when you need them. I did check- Most laser printers don’t have a means to prevent you refilling them or buying inexpensive refurbished ones.
In my case: a monochrome Canon MF4700 has lasted me 8+ years and a 1200 page toner cartridge costs $8 refurbished from Amazon.
(Less Crap in the Landfill, guys!)
I use the vendor feedback and the knowledge I can return it if need be. NO PROBLEM!
So! How do I print in color, if indeed I must?
I send them to a Print Service like Kinko or CVS or Shutterstock.
So! your Business generates forms that are required to have colored fields? (This is true if you do Insurance claims etc)
Simple. Order a batch of pre printed color forms from Kinko, etc, then overprint with your black and white laser.
Some forms are even available online as PDFs.
Hell, many of them you can even order from Amazon if they are a common type such as bank check stock
Love photographs? I now have mine loaded into a digital Photo frame
Above are several examples of the X Y Problem at work-
Job #1 in Troubleshooting is, “Define the Problem”
Not: “Assume a solution and have at it” : )
Scenario #6
“I have an opaque solution using jargon to your simple problem”
Sometimes when providing reference link to articles describing someone’s technical problem I realize there is enough jargon present to alienate that person.
Even the words: “Update” and “Upgrade” and the important difference between those 2 words- which are totally distinct- can cause bafflement.
Worse, context can change meanings in horrible ways.
“Arguments” in computer science are words and numbers used as inputs to a program, not about people beating each other up.
It also has a different meaning in debate which is not what is commonly understood to mean.
“Do not assume we speak a common language”
“Do not assume someone understands correctly just because they did not ask you what some word meant”
Most people I meet are smarter than they think about technology, given half a chance and not blindsided by jargon & tech elitism.
Conclusions:
Who noticed there was no Scenario #5? I went 1,2,3,4, to #6. “Always Question your Own Assumptions First”
But It’s my blog, I can do what I like, right? Most tech companies and vendors essentially get to do whatever they like with their bottom line being the driving force, not the product.
If an oil company could make as much money by not drilling refining and selling oil, don’t you think they would?
There’s a very common misconception that “Big Companies Must Know What They Are Doing”.
or they are in the business of doing whatever it is they sell.
False- Their first responsibility is to their shareholders, not you.
Ironically- a great or at least useful product with no real need for improvement can kill a company as the need for further income may be gone. (Looking at you, Wordstar!) It’s why so many companies now have gone to a Subscription model where you pay monthly.
Damn them.
Not for profits are rather different which is why I prefer them
Commercial companies can afford to screw up more often and bigger than you and I can and they consist entirely of fallible arrogant humans just like you or me.
One year my business partnership (Pre Dot-Com Crash in 1999) only broke even in the same year IBM lost billions. Was I doing “Better’ than IBM? worth thinking about that.
Let us, we so-called Humans watch our assumptions closely.
We,
And our dogs.
Credits: Various royalty free photo agencies or as Linked.
Thank you
Draft. Comments Welcomed!
Be Judicious With Your Critics- I don’t; mean 
Woman walks in the park and sees a man and a dog sitting at a bench. “Does your dog bite?”, asks the woman
You are in a park, the same hypothetical park may be.
Tech Support: “We have never had any complaints about (xyzzy) before”
