/tech/ - Technology★

Java in what sense?

Java web applets? Horribly insecure, that's why it's been abandoned for browser-based stuff.

Java as a language, used for client-side stuff? I don't see what's wrong with it.

Every now and then, I hear people talking about issues relating to Java serialization and deserialization. But that's about it. It has a ton of users and a lot of money behind it, and it still gets frequent updates. That's more than you can say for toy languages that are only used by people in academia. The built-in Oracle stuff is pretty good.

The only real issue is with bad code, like copying and pasting bad shit from Stack Overflow, or using 3rd party libraries which may or may not be secure and might not have a bug ticketing system or auditing/fixes.

And of course, nothing can fix a bad programmer. Off-by-one errors, misconfigurations, hardcoded passwords, insufficient randomness for RNG, unvalidated user input, etc.

I memed my mom once

It's a lot safer than C.

>>993082

Definitely. C doesn't care if something is initialized or not. Pointers and memory management might give you e-cred with boomer programmers, but at the end of the day, when you leave memory safety up to the programmer, that's not good. It should have built-in security to make things easier. Rust, for example, is slightly better.

But just like how we don't code directly in assembly anymore, it doesn't make sense to use C or C++ anymore unless you REALLY need that extra performance, which many things don't.

>>993077 (OP)

Best part of Java is the JVM, not the language itself.

The JVM has its exploits, and so does the Java STL. That said, /tech/ really is retarded about this stuff; some people here swear they won't install Java because it's insecure, but they don't realize that as long as you only run the programs you trust, there is absolutely nothing to fear. More or less like any program you run in your computer.

The picture in the OP is even funnier when you realise he was caught for using Freenet (a java application)

>>993086

>JVM has its exploits

The previous version (JRE 10) had 12 minor DoS exploits known. Compare that to the number of severity of exploits known for any version of Chrome or Firefox.

Security is a function of when those exploits become known, how good the company is about patching them quickly, and how good users are about keeping their software up to date. You can get owned pretty hard running any piece of software from 15 years ago.

>Java STL

There is no STL in Java. There is a built-in Collections API, and there are 3rd party replacement APIs which have had serialization exploits per >>993080

>>993103

<You can get owned pretty hard running any piece of software from 15 years ago.

>what is openbsd

>>993143

That's a pretty great track record they have.

>>993156

Sure, but the point stands. Even OpenBSD versions from 1 year ago can get you owned. There's also the uncounted zero-days that BSD's suffer from due to less eyes on the code in general.

vm != sandbox

only literal street shitters who cannot find another job in their home country of pajeetistan program in Java.

>>993084

>But just like how we don't code directly in assembly anymore, it doesn't make sense to use C or C++ anymore unless you REALLY need that extra performance, which many things don't.

>You can't be trusted not to write shit code goy

>Buy the latest jewtel if you want extra performance don't write your software to be fast and efficient goy!

>Rust, for example, is slightly better

>it doesn't make sense to use C or C++ anymore

>Use this latest memelang goy!

kill yourself

>>993197

Are you retarded anon? If could get a job, you would know that you are more likely to work with existing code than to create something from scratch.

>>993197

t. only proficient in a meme language

>>993085

Because it was written in C.

>>993156

very few CVEs doesn't mean it's really secure

it just means no researchers are FINDING the vulnerabilities

more eyes = more exploits

for all you know, there could be something like shellshock for BSD in the sense that it's been there forever but nobody noticed it for years and years

more people auditing linux = more people finding bugs

>>993247

JVM developers wrote in C so that I don't have to. They are heroes.

>>993082

that's a very low bar, to be fair.

>>993113

>what is openbsd

an insecure meme

>>993235

way to miss the point

C code can have zero bugs (very hard, obviously; you need something like compcert or a good enough compiler, too).

Java code, on the other hand, will always rely on a shitty bloated JVM full of bugs developped by Oracle streetshitters.