360° IT Check #28 — Stack Overflow’s Copy and Paste Statistics, the Log4j Saga, And More!
360° IT Check
This is the first 360° IT Check in the New Year. We hope that you are going to have a wonderful 12 months ahead of You!
Stack Overflow’s Copy+Paste Statistics
As Stack Overflow’s Team is enjoying a break now (as of writing this post), they are republishing their most popular pieces from 2021 (which is last year, now, folks). One of these republished posts is about the statistics regarding the use of the powerful combo of Ctrl+C, Ctrl+V (or cmd+C, cmd+V) that the software development community is used to doing in a pickle.
Secondly, it turns out that as the reputation of a user increases, the number of times they copy decreases. If we are to make a hypothesis, it could be due to the fact that they don’t usually regard most of the answers as good enough. The threads on the most popular questions can get heated, and quite long.
Lastly, you might wonder what is the most copied category. The answer is… HTML & CSS. Not the most challenging topic, though the most popular one. Python won another popularity contest, however. Out of the ten top categories, the popular programming language is a part of four of them.
Posts such as this one from Stack Overflow help uncover some programming mysteries, such as where is the general community heading towards.
As the threat of a vulnerability in Log4j seemed to have finally been gone after an upgrade to version 2.16.0, it now seems… it is not the case. As it turns out, the safe iteration of the library is 2.17.1, instead.
We have to now wait until we now know for sure that this is the last upgrade that engineers will have to perform. We will keep monitoring the situation, and will let you know on our blog whether the story will evolve further. For now, the simplest solution is upgrading Log4j to versions 2.17.1, 2.3.2 or 2.12.4. The team behind the popular logging library has officially marked the aforementioned iterations as free from the issue. Here is the commit that fixed it, while here you may see the issue’s page.
For more information about the security flaw, refer to this report.
NVD In Review
NVD is the National Vulnerability Database, a U.S. Government “repository of [standards-based] vulnerability management data.” In short, if you want to obtain reliable information about a security vulnerability, then that site is likely to get visited first.
One @jgamblin published a website, which serves a summary of all reports published in the NVD.
There are few interesting conclusions one can draw: for example, the year 2016 was the silence before the storm. In 2016, there were 6449 vulnerabilities reported, while a year later, that number jumped to 14,644!
Secondly, the researchers at RedHat can be proud, since they have taken the top spot in terms of signalling security flaws. Microsoft placed second, while Oracle placed third.
Lastly, the most popular severity score assigned to reports is around a 6 on a scale of one to ten.
GitCoin Grants Round 12; The Benefits Of Web3 Fundraising
GitCoin, the project that pays people to work on open-source software (with the focus on building Web3), funds innovative projects in a wide area of categories as well. They are doing so in their funding rounds, called “Grants Round.” The most recent one was the twelfth one to date.
In their latest funding round, they have distributed a total of 6.1 million US Dollars in ten rounds:
The main round advances projects “in the Ethereum’s ecosystem & beyond”
Six rounds dedicated to specific “Web3 ecosystems”
Three “cause” rounds, where specific social causes get funds to fight negative social phenomena, or support the positive ones
The cause rounds are dedicated to the climate, advocacy, and longevity. The top 3 projects who raised the most money are:
Coin Center, the non-profit dedicated to the policy issues facing cryptocurrencies
Electronic Frontier Foundation, an organization dedicated to “digital privacy, free speech, and innovation”
The Tor Project, an organization united behind the goal to make the internet free of censorship
360° IT Check is a weekly publication where we bring you the latest and greatest in the world of tech. We cover topics like emerging technologies & frameworks, news about innovative startups, and other topics which affect the world of tech directly or indirectly.