If you're surprised about the log4j vulnerability, just wait until you hear what happens when you put a java.net.URL into a hashtable
28
448
1,705
Conversation
Replying to
And that's the moment at which one should read the docs and find out what's the difference between the URL and URI classes.
3
48
Replying to
No, it’s the moment we go to oracle hq and demand they mark URL as deprecated
2
106
It's how you get a URLConnection via the openConnection method so they can't really get rid of it without providing a replacement.
URLConnection itself has some quirks that may not be expected such as automatic HTTP connection pooling where close makes it available for reuse.
1
1
There are a lot of quirks even in the most basic parts of the standard library. Needing Arrays.equals() due to them initially forgetting to override Object.equals() is one of those. Bad enough remembering to use String.equals(), etc. due to it not having a generic == operator.
1
2
The heavy usage of reflection, dynamic class loading and variants of those like the overly powerful Java object serialization in the ecosystem is pretty gross. It'd be be nice if there was a simple way to disable the most horrible parts of it without the SecurityManager bloat.
If you compare it to Python, Ruby and other dynamic languages it's definitely not nearly as bad when it comes to those things. It's worse than most statically compiled and statically typed languages because it's very much a dynamic language. It's just barely statically typed...
1