This is the first 360° IT Check in the New Year. We hope that you are going to have a wonderful 12 months ahead of You!
As Stack Overflow’s Team is enjoying a break now (as of writing this post), they are republishing their most popular pieces from 2021 (which is last year, now, folks). One of these republished posts is about the statistics regarding the use of the powerful combo of Ctrl+C, Ctrl+V (or cmd+C, cmd+V) that the software development community is used to doing in a pickle.
Firstly, one in four visitors to Stack Overflow ends up copying code, as the title of The Stack Overflow Podcast episode claims. With the site having millions, and millions of visitors, the 25% is quite a lot of people.
Secondly, it turns out that as the reputation of a user increases, the number of times they copy decreases. If we are to make a hypothesis, it could be due to the fact that they don’t usually regard most of the answers as good enough. The threads on the most popular questions can get heated, and quite long.
Lastly, you might wonder what is the most copied category. The answer is… HTML & CSS. Not the most challenging topic, though the most popular one. Python won another popularity contest, however. Out of the ten top categories, the popular programming language is a part of four of them.
Posts such as this one from Stack Overflow help uncover some programming mysteries, such as where is the general community heading towards.
For the full post, go here.
As the threat of a vulnerability in Log4j seemed to have finally been gone after an upgrade to version 2.16.0, it now seems… it is not the case. As it turns out, the safe iteration of the library is 2.17.1, instead.
We have to now wait until we now know for sure that this is the last upgrade that engineers will have to perform. We will keep monitoring the situation, and will let you know on our blog whether the story will evolve further. For now, the simplest solution is upgrading Log4j to versions 2.17.1, 2.3.2 or 2.12.4. The team behind the popular logging library has officially marked the aforementioned iterations as free from the issue. Here is the commit that fixed it, while here you may see the issue’s page.
For more information about the security flaw, refer to this report.
NVD is the National Vulnerability Database, a U.S. Government “repository of [standards-based] vulnerability management data.” In short, if you want to obtain reliable information about a security vulnerability, then that site is likely to get visited first.
One @jgamblin published a website, which serves a summary of all reports published in the NVD.
There are few interesting conclusions one can draw: for example, the year 2016 was the silence before the storm. In 2016, there were 6449 vulnerabilities reported, while a year later, that number jumped to 14,644!
Secondly, the researchers at RedHat can be proud, since they have taken the top spot in terms of signalling security flaws. Microsoft placed second, while Oracle placed third.
Lastly, the most popular severity score assigned to reports is around a 6 on a scale of one to ten.
For the full analysis, go to this website.
GitCoin, the project that pays people to work on open-source software (with the focus on building Web3), funds innovative projects in a wide area of categories as well. They are doing so in their funding rounds, called “Grants Round.” The most recent one was the twelfth one to date.
In their latest funding round, they have distributed a total of 6.1 million US Dollars in ten rounds:
The cause rounds are dedicated to the climate, advocacy, and longevity. The top 3 projects who raised the most money are:
What’s more is that out of the top 10 projects with the most money raised, two of them were dedicated to longevity research. Lifespan.io summed up the 12th financing round as a “Win-Win” for Aging Research, and how Web3 fundraising is more beneficial to such projects than the standard way. E.g., due to the way that this form of fundraising works, $12,000 was raised to research a possible remedy to Alzheimer’s disease, a possibly risky goal, when traditionally, grants are awarded to research that is highly likely to succeed.