I was impressed by an earlier mod along similar lines, Portal Stories: Mel. Hope this one is as well-done.

The paper (linked from the article) has a photo of the actual tablet in question, which was apparently discovered circa 1900.

SQL, where injection is still in the top 10 security risks

This is absolutely true, but it’s not what it looks like on the surface, and if you dig into the OWASP entry for this, you’ll see they talk about mitigation.

You can completely eliminate the possibility of injection attacks using well-understood technologies such as bind variables, which an ORM will usually use under the covers but which you can also use with your own queries. There are many, many database applications that have never once had a SQL injection vulnerability and never will.

The reason SQL injection is a widespread security risk, to be blunt, is that there are astonishingly large numbers of inexperienced and/or low-skill developers out there who haven’t learned how to use the tools at their disposal. The techniques for avoiding injection vulnerability are simple and have been well-documented for literally decades but they can’t help if a lousy dev decides to ignore them.

Now, a case could be made that it’d be better if instead, we were using a query language (maybe even a variant of SQL) that made injection attacks impossible. I agree in principle, but (a) I think this ends up being a lot harder than it looks if you want to maintain the same expressive power and flexibility SQL has, (b) given that SQL exists, “get bad devs to stop using SQL” doesn’t seem any more likely to succeed than “get bad devs to use bind variables,” and © I have too much faith in the ability of devs to introduce security vulnerabilities against all odds.

it would be great to “just” have a DB with a binary protocol that makes it unnecessary to write an ORM.

Other people have talked about other parts of the post so I want to focus on this one.

The problem an ORM solves is not a problem of SQL being textual. Just switching to a binary representation will have little or no impact on the need for an ORM. The ORM is solving the problem that’s in its name: bridging the conceptual gap between an object-oriented data model and a relational data model. “A relational data model” isn’t about how queries are represented in a wire protocol; instead, it is about how data, and relationships between pieces of data, are organized.

So, okay, what if you get rid of the relational data model and make your database store objects directly? You can! NoSQL databases had a surge in popularity not too long ago, and before that, there have been lots of object databases.

What you’re likely to discover in an application of any real complexity, though, and the reason the industry has cooled somewhat on NoSQL databases after the initial hype cycle, is that the relational model turns out to be popular for a reason: it is extremely useful, and some of its useful properties are awkward to express in terms of operations on objects. True, you can ditch the ORM, but often you end up introducing complex queries to do things that are simple in SQL and the net result is more complex and harder to maintain than when you started. (Note “often” here; sometimes non-relational databases are the best tool for the job.)

And even in an object database, you still have to know what you’re doing! Storing objects instead of relational tuples won’t magically cause all your previously-slow queries to become lightning-fast. You will still need to think about data access patterns and indexes and caching and the rest. If the problem you’re trying to solve is “my queries are inefficient,” fixing the queries is a much better first step than ditching the entire database and starting over.

You’re not missing much power with jOOQ, in my opinion as someone who has used it for years. Its built-in coverage of the SQL syntax of all the major database engines is quite good, and it has easy type-safe escape hatches if you need to express something it doesn’t support natively.

As a fan of Ms. Marvel, I enjoyed the main campaign well enough, but all the MMO stuff is obnoxious. Luckily you can mostly ignore it and go through the campaign missions single-player. I uninstalled it after getting to the end of the story.

jOOQ is really the best of both worlds. Just enough of an ORM to make trivial CRUD operations trivial, but for anything beyond that, the full expressive power of SQL with added compile-time type safety.

And it’s maintained by a super helpful project lead, too.

I think this is a more subtle question than it appears on the surface, especially if you don’t think of it as a one-off.

Whether or not Scientology deserves to be called a “religion,” it’s a safe bet there will be new religions with varying levels of legitimacy popping up in the future. And chances are some of them will have core beliefs that are related to the technology of the day, because it would be weird if that weren’t the case. “Swords” and “plowshares” are technological artifacts, after all.

Leaving aside the specific case of Scientology, the question becomes, how do laws that apply to classes of technology interact with laws that treat religious practices as highly protected activities? We’ve seen this kind of question come up in the context of otherwise illegal drugs that are used in traditional rituals. But religious-tech questions seem like they could have a bunch of unique wrinkles.

I haven’t run into too many bugs in the game, but in combat it’s frequent for the game to have to sit there for several seconds thinking about what an enemy should do next. Hope that’s one of the performance improvements they’re working on.

Here’s some Apache-licensed code that addresses this exact problem. The language files are in CSV format and get turned into JS files as a build step. It prints warnings for strings that are missing from other languages. In dev environments, there’s middleware that watches for edits to the CSV files and rebuilds the JS files.

Tunic, but that was kind of the point.

A bit off-topic, but why do people still insist on writing its name in all caps? That was the original name, granted, and you can still find it here and there in the tool, but it has been called “Jira” for years now.

O’Reilly books were my go-to when I worked at a company that had a training budget I had to spend every year. Not hard to rack up a couple hundred dollars of book purchases.

You’ll start to get hints of it later in Heavensward, but I’d say the second expansion (Stormblood) is where you start to really get a strong sense that the story has a destination in mind, and especially that the recurring villains have a more specific motivation than “serve the dark god.”

The next expansion (Shadowbringers) starts off feeling like an unrelated side story, but then you realize that it’s actually tying together some of the seemingly unrelated plot threads from earlier in the game by showing you a different perspective on the lore and some of the characters.

The last current expansion (Endwalker) is where you have to address the reason the villains have been doing what they’ve been doing, and it ties a lot of things together including the part of the story you’re on right now. Without spoiling any details, suffice to say that Ishgard isn’t the only nation that has a history with dragons.

There’s always going to be a certain amount of anime craziness, but the big picture does come together much more than is apparent from where you are in the story right now.

This is a pretty good analogy. You could start watching “Stranger Things” from season 3, and you’d figure everything out well enough to follow the story, but the character interactions would be much less meaningful and you’d miss out on a lot of background details that make the setting richer.

Playing the game, it was clear to me that they didn’t have the whole story mapped out in detail from day one. Minor plot threads get dropped and some of the lore isn’t 100% consistent. But that’s also true of a lot of TV shows with continuing storylines. On the whole, the game does an impressive job tying a decade’s worth of expansions together into a single coherent storyline where each part builds on what came before. It’s definitely too much of a slow burn in the beginning, but the setup eventually pays off and it’s one of my favorite stories in all of gaming. Skipping to the last chapter would rob it of a lot of its impact.

Their track record isn’t that bad, is it? Castlevania and Edgerunners were pretty good adaptations. Dragon Age was all right. And Arcane was amazing, though Netflix wasn’t involved in that one early on. So there’s reason to be at least cautiously optimistic, IMO.

Thanks. Not something I’d want to do (I like my work and personal tabs in totally separate windows) but obviously that’s just personal preference.

How do multi-account containers differ from Chrome profiles?

What metric did they use to determine what “top 10%” means? Because that’s the part of this that seems most ridiculous to me given how situation-dependent most engineering decisions are. To illustrate with an extreme example: is “daily+ deployment frequency” a sign of an amazing engineering org if the thing being deployed is updates to your heart monitor firmware?

The “developed or supplied outside the course of a commercial activity” condition is part of why people are up in arms about this. If I’m at work and I run into a bug and submit a patch, that code was developed in the course of a commercial activity.

It also acts as a huge disincentive for companies to open their code at all. If I package up a useful library I wrote at work, and I release it, and some other person downloads it and exposes a vulnerability that is only exploitable if you use the library in a way that I wasn’t originally using it, boom, my company is penalized.