The claim that Java is insecure is just a meme right? I know that sandbox is shit but that's that really needed for standalone applications.
The claim that Java is insecure is just a meme right...
Liam Wright
Ayden Ross
Java in what sense?
Java web applets? Horribly insecure, that's why it's been abandoned for browser-based stuff.
Java as a language, used for client-side stuff? I don't see what's wrong with it.
Every now and then, I hear people talking about issues relating to Java serialization and deserialization. But that's about it. It has a ton of users and a lot of money behind it, and it still gets frequent updates. That's more than you can say for toy languages that are only used by people in academia. The built-in Oracle stuff is pretty good.
The only real issue is with bad code, like copying and pasting bad shit from Stack Overflow, or using 3rd party libraries which may or may not be secure and might not have a bug ticketing system or auditing/fixes.
And of course, nothing can fix a bad programmer. Off-by-one errors, misconfigurations, hardcoded passwords, insufficient randomness for RNG, unvalidated user input, etc.
Isaiah Kelly
I memed my mom once
Zachary Richardson
It's a lot safer than C.
Colton Ross
Definitely. C doesn't care if something is initialized or not. Pointers and memory management might give you e-cred with boomer programmers, but at the end of the day, when you leave memory safety up to the programmer, that's not good. It should have built-in security to make things easier. Rust, for example, is slightly better.
But just like how we don't code directly in assembly anymore, it doesn't make sense to use C or C++ anymore unless you REALLY need that extra performance, which many things don't.
Brandon Smith
Best part of Java is the JVM, not the language itself.
Jack Baker
The JVM has its exploits, and so does the Java STL. That said, Zig Forums really is retarded about this stuff; some people here swear they won't install Java because it's insecure, but they don't realize that as long as you only run the programs you trust, there is absolutely nothing to fear. More or less like any program you run in your computer.
Tyler Wright
The picture in the OP is even funnier when you realise he was caught for using Freenet (a java application)
Jaxson Hernandez
The previous version (JRE 10) had 12 minor DoS exploits known. Compare that to the number of severity of exploits known for any version of Chrome or Firefox.
Security is a function of when those exploits become known, how good the company is about patching them quickly, and how good users are about keeping their software up to date. You can get owned pretty hard running any piece of software from 15 years ago.
There is no STL in Java. There is a built-in Collections API, and there are 3rd party replacement APIs which have had serialization exploits per
Austin Scott
...
Parker Diaz
A false sense of security for skids, LARPers, and freetards.
Jason Garcia
That's a pretty great track record they have.
Zachary Jones
Sure, but the point stands. Even OpenBSD versions from 1 year ago can get you owned. There's also the uncounted zero-days that BSD's suffer from due to less eyes on the code in general.
Aiden Adams
vm != sandbox
Levi Perry
only literal street shitters who cannot find another job in their home country of pajeetistan program in Java.
Jace Clark
kill yourself
Dominic Howard
Are you retarded user? If could get a job, you would know that you are more likely to work with existing code than to create something from scratch.
Juan Brooks
t. only proficient in a meme language
Dominic Long
Because it was written in C.
Blake White
very few CVEs doesn't mean it's really secure
it just means no researchers are FINDING the vulnerabilities
more eyes = more exploits
for all you know, there could be something like shellshock for BSD in the sense that it's been there forever but nobody noticed it for years and years
more people auditing linux = more people finding bugs
Jaxson Ward
JVM developers wrote in C so that I don't have to. They are heroes.
Samuel Howard
that's a very low bar, to be fair.
an insecure meme
way to miss the point
William King
C code can have zero bugs (very hard, obviously; you need something like compcert or a good enough compiler, too).
Java code, on the other hand, will always rely on a shitty bloated JVM full of bugs developped by Oracle streetshitters.