The good news is, they reverted that 404 -> 403 option, and *some* of our projects updated to use Artifactory first instead of last.
September 24, 2025 at 12:19 PM
The good news is, they reverted that 404 -> 403 option, and *some* of our projects updated to use Artifactory first instead of last.
Artifactory: IT was instructed to prevent crawling, so one thing they did was change Artifactory replying 404 for missing artifacts to replying with 403 (like all other urls on other services they ran)
Result: 403 kills gradle builds, so nobody used artifactory and if they did, they put it last.
Result: 403 kills gradle builds, so nobody used artifactory and if they did, they put it last.
September 24, 2025 at 12:05 PM
Artifactory: IT was instructed to prevent crawling, so one thing they did was change Artifactory replying 404 for missing artifacts to replying with 403 (like all other urls on other services they ran)
Result: 403 kills gradle builds, so nobody used artifactory and if they did, they put it last.
Result: 403 kills gradle builds, so nobody used artifactory and if they did, they put it last.
And from my last 🧵 here's the sample that had attributes lying about their lengths being patched automatically (amongst many other tricks).
July 5, 2025 at 6:01 AM
And from my last 🧵 here's the sample that had attributes lying about their lengths being patched automatically (amongst many other tricks).
Anyways, Recaf will soon support loading these classes so you don't have to go through any of this pain like I did.
July 3, 2025 at 11:10 PM
Anyways, Recaf will soon support loading these classes so you don't have to go through any of this pain like I did.
The exact line in the Hotspot class file parser responsible for supporting this can be found here: github.com/openjdk/jdk/...
The code is so old it predates OpenJDK's git history. No, not moving to GitHub. Git. This code has been around since before they migrated to using VCS/Git. At least 18 y/o.
The code is so old it predates OpenJDK's git history. No, not moving to GitHub. Git. This code has been around since before they migrated to using VCS/Git. At least 18 y/o.
July 3, 2025 at 11:03 PM
The exact line in the Hotspot class file parser responsible for supporting this can be found here: github.com/openjdk/jdk/...
The code is so old it predates OpenJDK's git history. No, not moving to GitHub. Git. This code has been around since before they migrated to using VCS/Git. At least 18 y/o.
The code is so old it predates OpenJDK's git history. No, not moving to GitHub. Git. This code has been around since before they migrated to using VCS/Git. At least 18 y/o.
Here's the reported length in the attribute vs a hex viewer annotated with the relevant locations showing the discrepancy.
July 3, 2025 at 10:56 PM
Here's the reported length in the attribute vs a hex viewer annotated with the relevant locations showing the discrepancy.
The sample here reports the Code attribute has 163 bytes. But if you read the attribute fully (with spec complaint parsing) then you see that it actually is 189 bytes.
The trick here is for any Code attribute on a method, you shift your read buffer index to the actually red position.
The trick here is for any Code attribute on a method, you shift your read buffer index to the actually red position.
July 3, 2025 at 10:44 PM
The sample here reports the Code attribute has 163 bytes. But if you read the attribute fully (with spec complaint parsing) then you see that it actually is 189 bytes.
The trick here is for any Code attribute on a method, you shift your read buffer index to the actually red position.
The trick here is for any Code attribute on a method, you shift your read buffer index to the actually red position.
We're in the annoying/grift phase of AI hyped slop. You can toss something together, put it up on vercel, and paint the sleek "AI powered" marketing over the site, to make yourself a low-investment high return product. This "success" furthers the AI hyped slop bubble and encourages others to cash in
June 22, 2025 at 1:47 AM
We're in the annoying/grift phase of AI hyped slop. You can toss something together, put it up on vercel, and paint the sleek "AI powered" marketing over the site, to make yourself a low-investment high return product. This "success" furthers the AI hyped slop bubble and encourages others to cash in
And most often, people don't care either. A lot of people using AI for code-gen are making low-stakes applications. Nobody cares if there's a security hole in a personal program, or if its a bit slow. When your app is simple and doable with common tech stacks it can get a fair portion done for you.
June 22, 2025 at 1:41 AM
And most often, people don't care either. A lot of people using AI for code-gen are making low-stakes applications. Nobody cares if there's a security hole in a personal program, or if its a bit slow. When your app is simple and doable with common tech stacks it can get a fair portion done for you.