I presume they were just playing it safe to not let the M1 migration flop.
If you're dragging your users through a big migration the last thing you need is complaints about the new hardware...
It's not really added functionality, more unintended consequences of too much flexibility. Java contains JNDI (Java naming & directory interface), a very unified 'directory' system for all kinds of configuration of which LDAP is just one of the backend implementation options. The key issue is you can call into other objects which is unwise to do when used with untrusted user input.
> The key issue is you can call into other objects which is unwise to do when used with untrusted user input.
This, and while in this case it is specifically unwise on security terms, there are plenty of other example where the feature are completely cosmetic and deviates from the core user requirements/scenario.
Would it even be possible to create today's software ecosystems by mandating all libraries are maintained and supported to the strictest standards?
That would be the end of open source, hobbyists and startup companies because you'd have to pay up just to have a basic C library (or hope some companies would have reasonable licensing and support fees).
Remember one of the first GNU projects was GCC because a compiler was an expensive, optional piece of software on the UNIX systems in those days.
That would be the end of the software industry. No company outside of aerospace and medical devices is capable of delivering this and I even have my doubts about those two, though at least they are trying.
It's not talking to an LDAP server, it's the functionality for talking to an LDAP server that is causing the issue. Even if you don't need LDAP you're still vulnerable when a client can inject information in a log message.
Why is this functionality needed in the first place? I want to write log, some kind of string, into some kind of files, with rotation, maybe even send it somewhere that expect logs.
Why parse whatever is in the logs, at all?
Imagine the same stuff in your SSH client, it would parse the content before sending them over because a functionality requires it to talk to some server somewhere, it's insanity.
Log4j contains a very big collection of extensions for just about anything including inserting data from various sources.
Of course it's overkill for lots of situation, but nobody ever uses all functionality. It's just that nobody can agree on which functionality is useless ;)
I think that's reasonable regarding expectations, but the flip side is you can't make a vegan patty and call it 'vegan burger like patty'.
The discussed regulation smells heavily of measures to protect the meat industry rather than the consumer who is absolutely able to discern between the classic and vegetarian alternatives.
Why not? Consumers are more likely to give vegetarian products a chance when they are 'drop in' replacements. A 'vegetarian burger' instead of a 'burger' would sell better than a 'plant based patty'.
While you can force law abiding people to give up their encryption because it's against the law there's no way to prevent encryption from being used by people that are already violating several laws...
> BYD released that many since you wrote this comment :)
You say that like it's an advantage while it's really the opposite. As a car buyer I'm only looking at cars their manufacturer plans to fully support over their lifetime.
That rules out new, unproven manufacturers as well as the ones with proven bad support.
I own 2014 Tesla S, my next door neighbour has 2024 Tesla S, same f’ing car. Tesla X was modern looking back in 2017, looks the same now. Tesla 3 is chopped up S and Y is 3 blown up in height a bit. These are all old outdated cars - hence the dinosaur comment.
Support-wise, trying owning an older model of Tesla like a do and you’d know that your statement cannot be further from the truth, my car bricked several times after a software update and getting repairs done gets met with “oh that’ll take __ to get parts”
There's plenty of choice in the Netherlands just for small electric cars:
Honda E, Fiat 500E, Corsa E, BMW i3, Mini electric, Nissan Leaf, Renault Zoe (or even Twizy), Smart Fortwo EQ, Citroen C-zero, Dacia Spring
If that's not small enough there are city cars like Citroen Ami and others but those are more glorified golf carts with very limited range.
reply