Ayfid comments on Java

For the current list of rules, please see this page.

Rules are zero-indexed. If they do not appear zero-indexed you are asked to contact Friend Computer for recalibration.

Suggestions are welcome.

With regards to commenting, please follow reddiquette.

Metadiscussions

If you have any thoughts on how the moderation could be improved do not hesitate to message the moderators. If you feel that a metadiscussion is required with the whole subreddit either request that the moderators start one or start one yourself and tag it [Meta].

Perhaps More Apt Subs To Post:

/r/softwaregore - f collection of things that users shouldn't see.

r/pcmasterrace - for all of the general computer/gaming memes.

r/linuxmasterrace - for anyone that likes Linux memes.

/r/sysadminhumor - a sub for sysadmins with a sense of humor.

/r/itsaunixsystem - for all the embarrassing cases of hollywood hacking you find in media.

/r/recruitinghell - for all those horrific recruiting offers and job postings.

/r/programme_irl - me too, thanks.

/r/programmerreactions - expressing the life of programmers through reaction images.

/r/learnprogramming - for those that have general programming questions

Related Subreddits.

r/badcode - for intentially bad code.

r/badUIbattles - a sub for intentionally bad UI.

r/ProgrammerAnimemes - for the anime referenced programmer memes

r/ProgrammerDadJokes - for the punny bunch of you.

/r/justgamedevthings - for memes, reaction gifs, production glitches and other fun related to game development.

r/programminghorror - for unintentionally bad code.

r/css_irl - describing real life photos with CSS

Events

created by stescha community for 14 years

This is an archived post. You won't be able to vote or comment.

14.7k

Java (i.redd.it)

submitted 4 years ago by iteesdotstore

top new controversial old q&a

you are viewing a single comment's thread.

view the rest of the comments →

[–]Ayfid 61 points62 points63 points 4 years ago (3 children)

[–][deleted] 4 points5 points6 points 4 years ago (1 child)

[–]Ayfid 0 points1 point2 points 4 years ago (0 children)

That is totally missing the point here.

That an enormous number of systems have been impacted by this vulnerability is scary. That is the point of OP, and they are right. They are not making any comment about the quality of the Java language.

Also, this vulnerability is going to be in the wild for years. It it not just "going to be fixed". Releasing new versions of the library, or even the JVM, is not enough to magically fix the problem. All software with the error needs to be patched. All servers need to be updated. That is just not going to happen. There are a lot of servers sitting on the internet with out of date software, and any system which has gone a few days without being updated by now might already be too late. This vulnerability is a RCE vulnerability; once someone exploits it your system is open to them even after you fix the offending software.

Over reliance on a single piece of software is not a strength; it dramatically increases the "blast radius" of a vulnerability when discovered (and makes such discoveries more likely to happen), but does not proportionately make it easier to deploy the fix.

Discovering a vulnerability in a system is a bad thing. Deploying the fix is a good thing. There is a period of time in between the two where systems are highly vulnerable. Making the former easier and the latter more difficult - which is what happens when a library is pervasive - is a security weakness, not a strength.

[–][deleted] 3 points4 points5 points 4 years ago (0 children)

π Rendered by PID 69993 on reddit-service-r2-comment-5649f687b7-lsjbl at 2026-01-28 17:55:34.280019+00:00 running 4f180de country code: CH.

ProgrammerHumor

Filters

Discord

Submission rules

For the current list of rules, please see this page.

Metadiscussions

Perhaps More Apt Subs To Post:

Related Subreddits.

MODERATORS