Alexis Tual

@ndeloof Content de lire ce tweet, ses réponses et me sentir moins seul. Le "business trip" en question m'aurait couté en émissions 1 an de mes déplacements en voiture (nécessaires) pour 5 jours de travail/sociabilisation

🧵 Announcing Predictive Test Selection gradle.com/gradle-enterpr… Run only tests likely to provide useful feedback on a code change using a probabilistic machine learning model. [1/10]

@glaforge @jljouannic Je confirme, ce brouter m’a sorti de bons itinéraires alternatifs que google maps n’envisage pas 👍🏻

@jljouannic Ah oui, connais pas, merci, je jetterai un œil !

Bonne résolution du matin : on va tenter l'aventure du trajet au bureau en vélo 🚴‍♀️ Paraît que c'est bon pour la planète 🌍

Earlier today, the Spring maintainers confirmed a new 0-day vulnerability - #SpringShell (or #Spring4Shell) - which lies at the heart of an extremely popular framework for building web applications. Learn all about SpringShell in this new blog: jfrog.com/blog/springshe…

@Sh0ckFR Yes👍this is one is taylored for this binding issue and was righfully advised in blog posts, there might be also more generic ways like docs.spring.io/spring-securit…. But "domain code oriented" ways like custom validators come too late in the party to be effective I'm afraid

@Sh0ckFR No worries, I meant: as long as the greeting handler takes a POJO (of any type), it will trigger the vulnerable code. Sanitizing would have to be done upfront prior to reaching the Controller code with a kind of generic interceptor (forgot the name in Spring/Tomcat world)

@_Ray4all Here you go

@alex_tual Ah génial, une version 5.x ou 6 directement?

Reproduced the SpringShell, it’s brilliant, reminded me of the old days 😅

@Sh0ckFR Well, the vulnerable code sits in spring libs and is executed prior to reaching user/dev code 🙃

@_Ray4all Oui le patch vient de sortir, à appliquer urgemment

@alex_tual Dans les établissements c’est plus la partie mvc qu’on utilise. On va devoir faire une mise à jour

@poenicum Oui, Tomcat 8 en standalone, a priori ça ne fonctionne pas en embedded pour l’instant

@_Ray4all Celuu de spring cloud est facile, celui sur spring mvc est plus dur à exploiter mais fun 😅

@alex_tual Il y a François qui m’a dit que tu lui as signalé sur spring cloud.

@CedricChampeau Perso je suis pas ultra fan de ma PAC air/air (sauf l’été en mode froid): bruit, sensation du chaud pulsé, rendement si températures extérieures autour de 0… mais ds un autre logement j’ai eu du air/eau avec plancher chauffant et c’était le top 🤷🏼‍♂️

@jlafourc @CedricChampeau @BenediktRitter @gradle @kotlin @ApacheGroovy Same I actually prefer to write explicitly prop.set(…) because prop = is not doing what you would expect in Groovy (which is setProp(…))

@CedricChampeau @BenediktRitter @gradle @kotlin @ApacheGroovy I tried the Kotlin version for the first time recently and I find it slightly less elegant as a DSL... Maybe the old habits 😊 but what is this "set" method for properties ? 😜

Did not know Boris Johnson was a rubygem maintainer 🙃

@_Ray4all Je pense que c'est le cas dans certains pays

@alex_tual Certains n’ont pas de prénom ?

Ah bon ? 😅

Thrilled to announce that we closed $27M in Series C funding. The round was led by Triangle Peak Partners and participating investors including True Ventures, DCVC, Bain Capital Ventures, Harmony Partners, and StepStone Group. ➡️ Learn more - gradl.es/3HtKBC9

@glaforge What could go wrong 😅 ?

"Browsix: Unix in the browser tab" Woah, that's fun, running some unix programs in web workers in your browser! buff.ly/3zvGmCv

Log4Shell's unfriendly reminder: 3rd party increase your attack surface over features you don't use or you don't even know they exist... 🥲