The Overflow #110: The Log4j vulnerability by the numbers

Article hero image

Welcome to ISSUE #110 of The Overflow! This newsletter is by developers, for developers, written and curated by the Stack Overflow team and Cassidy Williams. This week: making hard decisions about optimizing software quality attributes, exploring whether running a random search 60 times is as good as a fancy algorithm, and the wrong way to learn TypeScript.

From the blog

Plan for tradeoffs: You can’t optimize all software quality attributes stackoverflow.blog When designing software, you can’t always get what you want. But if you plan sometime, you just might find you get what you need.

Here’s how Stack Overflow users responded to Log4Shell, the Log4j vulnerability affecting almost everyone stackoverflow.blog When the Log4j vulnerability was announced, related questions saw an 1,1122% increase in traffic. Knowledge reuse in action! Read more insights on the recent massive security vulnerability in our our data deep dive.

Who’s going to pay to fix open source security? stackoverflow.blog What happens when massive amounts of people rely on databases maintained by only a few unpaid volunteers?

MongoDB Architecture Guide promotion Learn the foundational concepts of MongoDB’s application data platform and how it can help developers innovate faster when building a wide range of apps.

Interesting questions

How can a Scrum daily not be a status pull? pm.stackexchange.com If you’re still relying on “the three questions” in your dailies, you might be missing the collaboration part.

What is the idea behind “p or not p” being a tautology? philosophy.stackexchange.com The first rule of tautology club is the first rule of tautology club.

The “amazing hidden power” of random search? stats.stackexchange.com If you ever wanted your stats explanations illustrated with Simpsons quotes, you’re in luck.

In ML, why do notebooks only select the best variables? datascience.stackexchange.com Beware the curse of dimensionality!

Links from around the web

Eleventy v1.0.0, the stable release www.11ty.dev The static site framework Eleventy, which has gained love and praise throughout the dev community, just released v1.0!

Announcing Parcel CSS: A new CSS parser, compiler, and minifier written in Rust! parceljs.org Rust AND CSS? Together? Now this you might just have to see.

CSS Cascade Layers: An overview of the new @layer and layer() CSS primitives www.youtube.com Speaking of CSS, it’s got new layers, and they’re particularly cool for anyone who misses the ol’ days of converting PSD files into websites. Just kidding, they’re cooler than that, we promise.

How not to learn TypeScript fettblog.eu A lot of devs who are used to being flexible with their type systems *cough* JavaScript *cough* and Python *cough* drag their feet when it comes to TypeScript. Here’s some useful tips for when you inevitably have to learn it.

Onboard, organize, and bring your team up to speed in a jiffy. Try Stack Overflow for Teams.

Login with your stackoverflow.com account to take part in the discussion.