The paper (linked from the article) has a photo of the actual tablet in question, which was apparently discovered circa 1900.
The paper (linked from the article) has a photo of the actual tablet in question, which was apparently discovered circa 1900.
SQL, where injection is still in the top 10 security risks
This is absolutely true, but it’s not what it looks like on the surface, and if you dig into the OWASP entry for this, you’ll see they talk about mitigation.
You can completely eliminate the possibility of injection attacks using well-understood technologies such as bind variables, which an ORM will usually use under the covers but which you can also use with your own queries. There are many, many database applications that have never once had a SQL injection vulnerability and never will.
The reason SQL injection is a widespread security risk, to be blunt, is that there are astonishingly large numbers of inexperienced and/or low-skill developers out there who haven’t learned how to use the tools at their disposal. The techniques for avoiding injection vulnerability are simple and have been well-documented for literally decades but they can’t help if a lousy dev decides to ignore them.
Now, a case could be made that it’d be better if instead, we were using a query language (maybe even a variant of SQL) that made injection attacks impossible. I agree in principle, but (a) I think this ends up being a lot harder than it looks if you want to maintain the same expressive power and flexibility SQL has, (b) given that SQL exists, “get bad devs to stop using SQL” doesn’t seem any more likely to succeed than “get bad devs to use bind variables,” and © I have too much faith in the ability of devs to introduce security vulnerabilities against all odds.
it would be great to “just” have a DB with a binary protocol that makes it unnecessary to write an ORM.
Other people have talked about other parts of the post so I want to focus on this one.
The problem an ORM solves is not a problem of SQL being textual. Just switching to a binary representation will have little or no impact on the need for an ORM. The ORM is solving the problem that’s in its name: bridging the conceptual gap between an object-oriented data model and a relational data model. “A relational data model” isn’t about how queries are represented in a wire protocol; instead, it is about how data, and relationships between pieces of data, are organized.
So, okay, what if you get rid of the relational data model and make your database store objects directly? You can! NoSQL databases had a surge in popularity not too long ago, and before that, there have been lots of object databases.
What you’re likely to discover in an application of any real complexity, though, and the reason the industry has cooled somewhat on NoSQL databases after the initial hype cycle, is that the relational model turns out to be popular for a reason: it is extremely useful, and some of its useful properties are awkward to express in terms of operations on objects. True, you can ditch the ORM, but often you end up introducing complex queries to do things that are simple in SQL and the net result is more complex and harder to maintain than when you started. (Note “often” here; sometimes non-relational databases are the best tool for the job.)
And even in an object database, you still have to know what you’re doing! Storing objects instead of relational tuples won’t magically cause all your previously-slow queries to become lightning-fast. You will still need to think about data access patterns and indexes and caching and the rest. If the problem you’re trying to solve is “my queries are inefficient,” fixing the queries is a much better first step than ditching the entire database and starting over.
You’re not missing much power with jOOQ, in my opinion as someone who has used it for years. Its built-in coverage of the SQL syntax of all the major database engines is quite good, and it has easy type-safe escape hatches if you need to express something it doesn’t support natively.
jOOQ is really the best of both worlds. Just enough of an ORM to make trivial CRUD operations trivial, but for anything beyond that, the full expressive power of SQL with added compile-time type safety.
And it’s maintained by a super helpful project lead, too.
I think this is a more subtle question than it appears on the surface, especially if you don’t think of it as a one-off.
Whether or not Scientology deserves to be called a “religion,” it’s a safe bet there will be new religions with varying levels of legitimacy popping up in the future. And chances are some of them will have core beliefs that are related to the technology of the day, because it would be weird if that weren’t the case. “Swords” and “plowshares” are technological artifacts, after all.
Leaving aside the specific case of Scientology, the question becomes, how do laws that apply to classes of technology interact with laws that treat religious practices as highly protected activities? We’ve seen this kind of question come up in the context of otherwise illegal drugs that are used in traditional rituals. But religious-tech questions seem like they could have a bunch of unique wrinkles.
Agreed that this was a letdown. It felt like it should have been the first 15-20 minutes of a full episode, not a full episode on its own.
Here’s some Apache-licensed code that addresses this exact problem. The language files are in CSV format and get turned into JS files as a build step. It prints warnings for strings that are missing from other languages. In dev environments, there’s middleware that watches for edits to the CSV files and rebuilds the JS files.
Tunic, but that was kind of the point.
A bit off-topic, but why do people still insist on writing its name in all caps? That was the original name, granted, and you can still find it here and there in the tool, but it has been called “Jira” for years now.
O’Reilly books were my go-to when I worked at a company that had a training budget I had to spend every year. Not hard to rack up a couple hundred dollars of book purchases.
Or the flipside of that: the foreigners in “Squid Game” whose English dialogue sounded like it was written by someone who’d taken a couple years of English in high school and never had an adult conversation.
Probably true for most languages. The one that bugs me is when they hire a Chinese-American actor to speak Mandarin but the actor doesn’t actually speak Mandarin fluently or speaks it with such a thick accent that I stop being able to believe the character is from China.
This does feel like a real improvement. Nicely done! In the unlikely event I’m introducing someone new to Star Wars in the future, I’ll be sure to point them at this edit instead of the whole series.
One thing that’s probably unavoidable given the source material but bugged me a bit is that because each of the original episodes had a climax, the edit doesn’t have a story structure where the tension builds up steadily to a peak; it kind of alternates between hitting the gas and hitting the brakes.
Also, minor nitpick: the miniseries was 6 episodes, but some of them were short so the runtime was more like 4.5 hours.
Their track record isn’t that bad, is it? Castlevania and Edgerunners were pretty good adaptations. Dragon Age was all right. And Arcane was amazing, though Netflix wasn’t involved in that one early on. So there’s reason to be at least cautiously optimistic, IMO.
Not just by the time of Kirk. He’s already gone by the time of “The Cage.”
EDIT: No, I got my timeline screwed up. “The Cage” predates SNW. Oops.
Thanks. Not something I’d want to do (I like my work and personal tabs in totally separate windows) but obviously that’s just personal preference.
How do multi-account containers differ from Chrome profiles?
Saw this at the Comic-Con screening and it works better than I expected, especially the physical comedy. The exaggerated cartoon antics are still there, but toned down just enough to not seem out of place in live action.
I don’t think Netflix actually cancels shows after two seasons any more often than other networks do.
Somehow people got it into their heads that Netflix is far more cancel-happy than its competitors, but if you look at the numbers, traditional TV networks have had like a 50% cancellation rate for decades.
Even TOS was cancelled after two seasons!
If Netflix is more prone to cancelling shows at all, which I’m not convinced is even true, it can’t be by an enormous margin.