Really #jetbrains? I can use 2.537 different databases as datasource but the only plugin that allows me to use LDAP as datasource is 3rd party provided and 4 years old?
So back to Apache Directory Studio again... ๐ก
A well. Who needs a fast and reliable tree-structured NoSQL datastore anyhow ๐คท
Every time I paste code in #CLion Nova, it tries to run some โCode Cleanupโ tool, and I canโt figure out why. I have to undo it because it keeps changing many of the lines in the file Iโm working in.
I donโt know what setting controls this, or how it got turned on. Maybe itโs a bug in โNova?โ This is my first time using it, and itโs still in โbeta.โ
๐จ Latest issue of my curated #cybersecurity and #infosec list of resources for week #50/2023 is out! It includes the following and much more:
โ ๐ ๐บ๐ธ U.S. nuclear research lab #databreach impacts 45,000 people
โ ๐ฉ๐ช #Toyota Germany Says Customer Data Stolen in #Ransomware Attack
โ ๐ ๐ง #Bitcoin ATM company Coin Cloud got hacked. Even its new owners donโt know how
โ ๐ ๐บ๐ธ Norton #Healthcare discloses data breach after May ransomware attack
โ ๐ท๐บ Russian SVR-Linked #APT29 Targets #JetBrains TeamCity Servers in Ongoing Attacks
โ ๐ฅ #LockBit ransomware now poaching #BlackCat, NoEscape affiliates
โ ๐ป๐ณ ๐ป #Microsoft seizes domains used to sell fraudulent #Outlook accounts
โ ๐ซ๐ท ๐ธ French police arrests Russian suspect linked to #Hive ransomware
โ ๐จ๐ณ Chinese APT Volt Typhoon Linked to Unkillable SOHO Router #Botnet
โ ๐บ๐ฆ ๐ท๐บ Ukrainian military says it hacked #Russia's federal tax agency
โ ๐จ๐ณ ๐ช Researchers Unmask Sandman APT's Hidden Link to China-Based #KEYPLUG Backdoor
โ ๐บ๐ฆ ๐ก #Ukraineโs largest mobile communications provider down after apparent #cyberattack
โ ๐ช๐ธ Kelvin Security hacking group leader arrested in #Spain
โ ๐ป ๐ฎ๐ปโโ๏ธ #ALPHV ransomware site outage rumored to be caused by law enforcement
โ ๐น ๐ต๐ปโโ๏ธ #UniFi devices broadcasted private video to other usersโ accounts
โ ๐ท๐บ ๐ช๐บ Russian Diplomat Expelled Amid EU Spy Purge Is Now An OSCE Election Observer In Serbia
โ ๐บ๐ธ Harry Coker confirmed to be the next National Cyber Director
โ ๐ช๐ธ ๐บ๐ธ Spain expels two US spies for infiltrating secret service
โ ๐ #MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
โ ๐ฉน #ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
โ ๐ฆ ๐ต๐ธ New Pierogi++ #Malware by #Gaza Cyber Gang Targeting Palestinian Entities
โ ๐ฆ ๐ฎ๐ท Iranian State-Sponsored #OilRig Group Deploys 3 New Malware Downloaders
โ ๐ฆ ๐ฉ๐ช New MrAnon Stealer Malware Targeting German Users via Booking-Themed #Scam
โ ๐ช #Google's New Tracking Protection in Chrome Blocks Third-Party #Cookies
โ ๐ ๐จ๐ปโ๐ป #Zoom Unveils Open Source Vulnerability Impact Scoring System
โ ๐ฉน ๐งฑ #Sophos backports RCE fix after attacks on unsupported #firewalls
โ ๐ ๐งฑ Over 1,450 #pfSense servers exposed to RCE attacks via bug chain
โ ๐ฉน ๐ #Apple Ships iOS 17.2 With Urgent Security #Patches
โ ๐ Over 30% of #Log4J apps use a vulnerable version of the library
๐ This week's recommended reading is: "Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd Edition)" by Justin Seitz and Tim Arnold
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end โฌ๏ธ
I am happy to try LLMs that run locally in my IDE. I never want to stream all my data to OpenAI or any other service's data vacuum as I code. Which leads me to ask which of the two categories do these plugins fall into, JetBrains? I'm disabling them because they aren't doing squat for this Dart/Flutter developer anyway right now but I'm not going to activate them until I'm certain they aren't streaming every flipping keystroke back to the usual suspects. I'd say state explicitly in the overview whether it runs local or does network stuff or even better have a setting to disable all network traffic of this sort across the board since plugin manufacturers could be up to similar things. Hell maybe I need a firewall rule to block outgoing network traffic from the IDE, assuming I could do that without breaking all the local network traffic needed to connect to apps, emulators, etc. for debugging... #JetBrains#JetBrainsAI#OpenAI#ML#AI#DartLang#flutter
Using #JetBrains Annotations in #JetBrainsRider, you can get endpoint code completion for any method that takes a URL from existing endpoints within the current #aspnetcore solution.
This is pretty powerful stuff for #dotnet developers.
Update on the whole Flutter Plugin not working with the latest IntelliJ 2023.3 that was released on December 2nd. As of yesterday afternoon the Flutter Plugin is again working. Not a moment too soon either, I needed all my Flutter tools again so had to find a 2023.2 install that morning only to find the update pushed out a few hours later :). #flutter#IntelliJ#JetBrains
@khalidabuhakmeh Sorry for pinging you directly, but you are the one that I follow that might have an answer for me:
regarding the new #JetBrains#AI When I activate it in Fleet is it active for every file I open in Fleet? I basically use Fleet nowadays as my "normal" text editor but I would like to not have the AI doing stuff for normal files.
> Itโs finally here! Weโve just released our long-awaited AI Assistant publicly! It is now
> available for the millions of developers using JetBrains IDEs and coding tools.
> With AI Assistant, weโre bringing the latest generation of AI to you: in your
> editor, in your workflows, right where you do your work.
Does "I #dread they're going to #release this someday" count as "long-awaited"?
I have no interest in this BS. Nice to see you're wasting my #license#money.
Speaking of IntelliJ updates, I do hate when the Flutter or Dart Plugins are broken right after a release...like they apparently are today. I often wonder if it is an overly stringent version check or a legitimate problem. Thankfully today I can just get by on CLI and using IntelliJ just for the editor. #flutter#DartLang#JetBrains#IntelliJ
With this morning's IntelliJ update I started seeing these AI prompts. While it is exciting to see it coming to desktop software not just up running in the browser I'm still not touching these things until it goes to local only running models. Even if I trusted all these companies with all this data I'm sick of feeding evena higher precentage of our digital lives into the data lakes of the same companies or their proxies (yes I'm referring to you OpenAI). #JetBrains#AI#LLM#OpenAI Introducing JetBrains AI and the In-IDE AI Assistant | The JetBrains Blog
Iโd prefer to do most of my dev work on Linux and Iโm using #jetbrains IDEs for all other languages, so Rider seems like a good choice.
But I remember some people complaining it cannot match Visual Studio when it comes to .net in certain areas? #gameDev
Oh, what a great review of some of the new parts of Django 5.0 by @sarahboyce What a lovely video! She mentioned some of the great people behind the changes, too!
In the last few days Iโm experimenting with substituting CRUD API code with Stored Procedures which directly produce the endpoints JSON as a single-row scalar value. API is then just a wrapper that authenticates, validates input and streams the DBโs JSON directly to the client.
No ORMs, no SQL generators etc.
All SQL is where it should belong: in the database
API does only single โCALL myfunc(โฆ)โ db calls
A simple centralised error handler can accurately report errors from the database
No weird mixed row/json columns scanning into structs and re-marshalling everything to JSON
Codebase is collapsing to 20% (by LOCs)
Stored Procedures can use wonderfully declarative SQL code
Response times in the microseconds, even for multiple queries, all happens inside the DB
More side effects:
the data model can change and evolve without touching the API at all
Zero deploys mean zero downtime
the API application is so tiny, I could easily switch it to any programming language I want (yes, even Common Lisp) without worrying about available databases libraries, type mapping and rewriting tens of thousands of lines of intermixed language/SQL-code.
The general direction of the dev industry is heading in the opposite direction. More ORMs, more layers, more database abstraction. More weird proprietary cloud databases with each their own limited capabilities and query language.
So you tell me: Is it crazy? Is it wrong? Why do I have doubts despite everything working out beautifully?
Intermediate report 2 on my "Stored Procedure" project (long post).
I think it's time to talk about some of the downsides of Stored Procedures.
I think I've now accumulated enough knowledge to do so. The following applies mostly to MySQL.
Drivers
Support for Stored Procedures in Go is terrible. It is clear that maintainers of the drivers do not care to implement full functionality for Stored Procedures, just because "nobody uses them".
One notable exception is the Go driver for SQL Server, which is now maintained by Microsoft itself and is excellent.
I patched the MySQL driver for Go to support OUT parameters, after studying the MySQL Client/Server protocol and writing a small prototype driver myself. The MySQL driver[1] project is plagued by lack of interest and rudeness of the maintainers ("you are wasting my time" is a common response). What makes the situation even more complex is that there is also MariaDB and both act slightly different and start to diverge more and more.
I think it would be wise for #Oracle to step in and produce an official Go driver for MySQL exclusively.
However, after some hours I figured out the issue and I was able to implement full support for OUT parameters and multi-resultsets.
Tooling
There are many UI tools for macOS but the only one that is capable of serious database development is DataGrip from #JetBrains. Other UI tools either have no support for Stored Procedure development at all or are too rudimentary in that they provide no language support. I've tried them all.
Dev experience
I love writing SQL for Stored Procedures but there are some unique downsides I want to highlight.
โ Passing table data between Stored Procedures is only possible either by creating temporary tables and "by convention" use them in the other SP or by creating JSON Arrays. Since tools do not know about these temporary tables, they will regard their usage as a potential error in your code.
TEMPORARY TABLEs are also the only way to collect multi-row SELECT results of a Stored Procedure.
โ MySQL does not support the INSERT INTO/UPDATE ... RETURNING clause [unlike PostgreSQL], meaning that if you do multiple inserts/updates and want to know the auto-created IDs of these rows, this is only possible by using a CURSOR with a LOOP and accumulate the results in a TEMPORARY TABLE.
โ CURSORs are ugly beasts. You have to DECLARE them (which is only allowed at a specific position in your code), OPEN them, FETCH row by row into user variables (which you are have to declare, too) and CLOSE them.
โ Exception handling in Stored Procedures is somewhat convoluted. There is no Try/Catch construct. You can "SIGNAL" errors or warnings and can optionally write HANDLERs for specific exceptions but these do not transfer execution, you need to create and modify variables that you have to check in your code, since the SP just continues to run.
โ MySQL gladly accepts SPs with buggy code. It is imperative to write "Test-SPs" to make sure they run as intended.
โ Since SPs are defined in the same namespace (database) with your tables, views, functions etc. it is important to find a clear naming scheme, otherwise it will get very messy. There are no "packages" or "schemas" in MySQL.
โ MySQL does not have user-defined types. If you declare variables for a specific column over and over, you have to rephrase theirs data types. PostgreSQL has a way to say "this variable is of type [table.column_xyz]". Not so in MySQL.
Having said all that, writing pure SQL with all these limitations provides a sense of clarity to focus on the problem at hand. Instead of thinking about "how" to solve, you focus on "what" to solve. Because you can solve anything with SQL [2] :-). Also, your app will be damn fast with Stored Procedures.
I hope I can cross the finish line next week and have actual results to share.