幹壞事是進步最大的原動力
在 Hacker News 首頁上看到 Google 提供了一套用 Golang 寫的工具,可以掃描 JAR 檔裡面是否有中獎的 Log4j:「log4jscanner」,對應的討論在「Log4jscanner (github.com/google)」這邊。
看起來是內部工具,放出來前先把 vcs history 清掉了:
We unfortunately had to squash the history when open sourcing. The following contributors were instrumental in this project's development: [...]
另外討論裡也有人提到「OWASP Dependency-Check」這個工具也可以掃,這套就更一般性了:
Dependency-check automatically updates itself using the NVD Data Feeds hosted by NIST.
Firefox 86 (新推出的 standard 版本) 推出了 Total Cookie Protection:「Firefox 86 Introduces Total Cookie Protection」。
每個站的 cookie 都有獨立的空間:
Our new feature, Total Cookie Protection, works by maintaining a separate “cookie jar” for each website you visit. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website.
然後對於需要跨站類的應用另外處理,像是 3rd-party login:
In addition, Total Cookie Protection makes a limited exception for cross-site cookies when they are needed for non-tracking purposes, such as those used by popular third-party login providers. Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you’re currently visiting. Such momentary exceptions allow for strong privacy protection without affecting your browsing experience.
這樣的確把 cookie 的追蹤能力壓低很多,不過應該也會有不少站台掛掉...
AWS 推出了 Amazon DynamoDB 的相容 Docker Image,讓開發者可以在本地端測試 DynamoDB 的 API:「Use Amazon DynamoDB Local More Easily with the New Docker Image」,在 amazon/dynamodb-local 這邊可以拉到,裡面其實是包 Java:
DynamoDB local is now available to download as a self-contained Docker image or a .jar file that can run on Microsoft Windows, Linux, macOS, and other platforms that support Java.
這樣在 Continuous Integration (CI) 的過程裡面也可以拉起 service 測試...