|
> Python, Node, and C/C++ extensions to those, you can do everything you need. Or you can use Java and have libraries that cover almost anything provided in those languages, having access to a massive pool of labour when needed. > * Log4shell, amongst other vulnerabilities. As if no Python, JS, C/C++ libraries ever had vulnerabilities? That's a non-sequitur, every ecosystem has security issues, the most important aspect is how quickly they are fixed. Given Java's massive size, a lot of libraries see high usage, and are actively developed, so security patches are released quite quickly. > * Standard repo usage is terrible. What does this even mean? Standard library? Java has its place, it's boring technology that gets things done, and let companies hire from a immense pool. By the way, over 25 years of carreer I have professionally worked with Java, Scala, Kotlin, Clojure, Obj-C, Go, Python, Ruby, PHP, JS, even ASP 3.0, and some .NET (C# and F#). I'm not a Java purist but I call your arguments a bit bullshit, all of these languages have their places, strengths and weaknesses, the sooner you realise they are tools and if they are generally used perhaps there's something valuable about each of them, the sooner you stop wasting time trying to argue why "X sucks, use Y". Use the best tool for the job, knowing more tools is never bad. |
This is pretty funny.
or example, the other day I wrote a menu for mac os using rumps. Simply pip install rumps, write code, run, boom Mac os menu. Let me know when I can do the equivalent for java, or any other "performant" language.
>As if no Python, JS, C/C++ libraries ever had vulnerabilities?
Comparing the severity of log4shell to any python vulnerability is beyond crazy.
You have the Apache foundation, pushing its logging library as the industry standard, and multiple people saw no problem with not only the idea of a log statement being able to execute arbitrary code from the internet, but also making it the default behavior.
If at that point, everyone would instantly abandon any software from Apache in Java, I would have more respect for Java devs. But of course, they can't, because the ecosystem is so small that there is no replacements, so everyone is forced to cuck out to Apache, and who knows what and when other idiotic decision they are going to make.
And as a reminder, this used to be a thing https://www.reddit.com/r/java/comments/19s23g/online_counter...
There are plenty of other issues to cover on Java, but the log4shell pretty much is indefensible. Even if Im wrong about everything else, my argument still stands on that alone.