Pete Hunt 🚁 · Dec 11, 2021 · 9:05 PM UTC

Pete Hunt 🚁

Pete Hunt 🚁 @floydophone

11 Dec 2021

If you're surprised about the log4j vulnerability, just wait until you hear what happens when you put a java.net.URL into a hashtable

294

114

1,564

Bruno Borges · Dec 14, 2021 · 7:11 AM UTC

Bruno Borges @brunoborges

14 Dec 2021

You mean the behavior as clearly documented since Java 1.0 (1996)? And with an alternative, java.net.URI, since Java 1.4 (2001)?

Stefan Tilkov · Dec 14, 2021 · 7:15 AM UTC

Stefan Tilkov · Dec 14, 2021 · 7:15 AM UTC

Stefan Tilkov @stilkov

14 Dec 2021

Replying to @brunoborges @floydophone

It’s still fascinating how something that was at least acceptable enough initially, and worth maintaining compatibility for since forever, is now such an obviously bad idea. Hindsight is genius, as usual, but still …

Dec 14, 2021 · 7:15 AM UTC

Pete Hunt 🚁 · Dec 14, 2021 · 8:06 AM UTC

Pete Hunt 🚁 @floydophone

14 Dec 2021

Replying to @stilkov @brunoborges

yeah i can 100% understand the thinking at the time. but it is really a super dangerous footgun now.

more replies

Ulrich Winter 🌻⚡️🚴  · Dec 14, 2021 · 7:24 AM UTC

Ulrich Winter 🌻⚡️🚴  @umwinter

14 Dec 2021

Replying to @stilkov @brunoborges @floydophone

Remember: That outlived from a time, when entity beans had remote interfaces.

Elon Parody Musk · Dec 14, 2021 · 10:45 AM UTC

Elon Parody Musk @sashan16

14 Dec 2021

Replying to @stilkov @brunoborges @floydophone

I can’t even understand the thinking at the time. Hashing a value/object shouldn’t depend on an network service.

Frank ⚫ · Dec 14, 2021 · 7:21 AM UTC

Frank ⚫ @fquednau

14 Dec 2021

Replying to @stilkov @brunoborges @floydophone

I think that will keep happening, as the whole IT technosphere is growing into more and more complexity where even a small number of bad actors can do incredible harm. In a few decades, plugin systems and npm in its current form will seem like utter madness.