Argh. Stop using serialization formats that can instantiate arbitrary classes. http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ …
@elwoz @riking27 @KentonVarda @bcrypt It's possible to design protocol synthesis without this undesirable property.
-
-
@RichFelker@riking27@KentonVarda@bcrypt The most important design decision being "should this API be exposed to external clients?"Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@RichFelker@riking27@KentonVarda@bcrypt ... which is exactly the design decision lots of existing tools try to paper over.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@RichFelker@riking27@KentonVarda@bcrypt Tools that try to blur the line, or try to do both, are poison.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@RichFelker@riking27@KentonVarda@bcrypt Must distinguish marshaling scutwork from actual design decisions. Tools can help with 1, not 2.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.