Why do people still use Java in 2017?
>Apache Struts is a framework for developing Java-based apps that run both front-end and back-end Web servers. It's relied on heavily by banks, government agencies, large Internet companies, and Fortune 500 companies. Experian, one of the three big credit reporting services and annualcreditreport.com, which provides free credit reports, both reportedly rely on Apache Struts as well.
HASKELLL YES OUR TIME HAS COME
Structs is old shit.
It was fixed months ago though. Don't blame Java for the rest of the private sector's laziness.
>Critical Apache Struts bug was fixed in March.
More like why do people at big corps STILL fail to apply critical bugfixes on hugely sensitive software.
Big software projects have versioning that respects API contracts, there is no excuse.
>More like why do people at big corps STILL fail to apply critical bugfixes on hugely sensitive software.
Pajeets don't like them because they fuck with their shitty code and contractors don't care because they won't be around to deal with the fallout. Frankly given the state of the industry I'm surprised this hasn't happened to a big company sooner.
Hey now, it was *only* 2 months old. That's well within the range of what is considered an acceptable buffer zone for validating and confirming the correct behaviour of new updates before important systems receive them and potentially go down from unexpected problems stemming from said upgrades.
It is precisely *because* it is hugely sensitive software that they can't go around messing with software updates all nilly-willy without properly validating them first.
because cheap colleges that are 15 years behind in their course offerings still tout it as the pinnacle of their CS
yes hes talking to all of you university of phoenix cucks
It would have taken what, a week to test it in a QA environment? Unless the giant with sensitive software doesn't have a proper QA environment which is nonsense.
Exploits are tracked in a national database, if the application can't be patched it should at least be isolated until the issue is solved. It takes 10 minutes a day to check for new exploits.
>C cucks still mad that no one wants to build and maintain web servers in their old ass language
>Python/Ruby/C# numales who can't into adult languages still mad that most mature and high paying companies rely on Java for their server needs instead of their meme frameworks
I appreciated java in university. Only until I started seeing how people use it in the real world did I start to hate it.
Design patterns and OOP taken too far by some architect.
C fags should stay quiet about this one actually, because their language has introduced more remote code execution exploits than any almost other language.
Also remember that while they probably get this advice all the time, the corporate bigwigs don't always see things the same way as their IT departments; They'd rather take the lower risk of waiting things out than try to force updates through early. It's all a big game of risk management, and the "risk" of being the target of a hacking attempt pales compared to the risk of having a system outage. They made their choice; 99% of the time it would've been fine, this time it bit them in the arse.
I know how risk management, I feel they really understate the chance of it happening and understate the economic losses that would be incurred when the risk materializes.
Sorta dumb to build a risk chart without consulting both IT experts and legal experts while on it.
>blaming implementation errors on the language
go back to school
>Program written in C has security error
>DUDE WHAT A SHIT IMPLEMENTATION
>Program/framework written in Java has a security issue
>DUDE WHAT A SHIT LANGUAGE
Hmmm
>doesn't understand language abstraction
c is a small framework therefore it cnnot be of fault
java on the other hand is very big so.......
this
c only does what you tell it to
>I dont understand intent vs implementation REEEEEEEEEEEEE
>implying implementation errors that cause critical vulnerabilities isn't a C feature
Happens to the best of us. Why did heartbleed pass so many years undetected in a basic pillar of security for thousands of systems?
Such a small framework that there are 4 or more variants of strcpy because of how buffer overflow happy it is, not to mention hundreds of instances of undefined behavior that you may reach without even noticing.
This meme is far too common. Undefined behavior means ANYTHING can happen.
Do you actually use the language?
>lower risk of waiting things out
>lower
Well, they kind of fucked up their risk assessment there.