I'm quite proud of this video. It discusses a lot of work that our team put in IntelliJ Scala Plugin while at the same time it itself is a result of a lot of work as well.
22.5 minutes long but, I swear, with the amount of info in it, it would be impossible to make it shorter.
Really #jetbrains? I can use 2.537 different databases as datasource but the only plugin that allows me to use LDAP as datasource is 3rd party provided and 4 years old?
So back to Apache Directory Studio again... 😡
A well. Who needs a fast and reliable tree-structured NoSQL datastore anyhow 🤷
Every time I paste code in #CLion Nova, it tries to run some “Code Cleanup” tool, and I can’t figure out why. I have to undo it because it keeps changing many of the lines in the file I’m working in.
I don’t know what setting controls this, or how it got turned on. Maybe it’s a bug in “Nova?” This is my first time using it, and it’s still in “beta.”
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #50/2023 is out! It includes the following and much more:
➝ 🔓 🇺🇸 U.S. nuclear research lab #databreach impacts 45,000 people
➝ 🇩🇪 #Toyota Germany Says Customer Data Stolen in #Ransomware Attack
➝ 🔓 🏧 #Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how
➝ 🔓 🇺🇸 Norton #Healthcare discloses data breach after May ransomware attack
➝ 🇷🇺 Russian SVR-Linked #APT29 Targets #JetBrains TeamCity Servers in Ongoing Attacks
➝ 👥 #LockBit ransomware now poaching #BlackCat, NoEscape affiliates
➝ 🇻🇳 💻 #Microsoft seizes domains used to sell fraudulent #Outlook accounts
➝ 🇫🇷 💸 French police arrests Russian suspect linked to #Hive ransomware
➝ 🇨🇳 Chinese APT Volt Typhoon Linked to Unkillable SOHO Router #Botnet
➝ 🇺🇦 🇷🇺 Ukrainian military says it hacked #Russia's federal tax agency
➝ 🇨🇳 🚪 Researchers Unmask Sandman APT's Hidden Link to China-Based #KEYPLUG Backdoor
➝ 🇺🇦 📡 #Ukraine’s largest mobile communications provider down after apparent #cyberattack
➝ 🇪🇸 Kelvin Security hacking group leader arrested in #Spain
➝ 🔻 👮🏻♂️ #ALPHV ransomware site outage rumored to be caused by law enforcement
➝ 📹 🕵🏻♂️ #UniFi devices broadcasted private video to other users’ accounts
➝ 🇷🇺 🇪🇺 Russian Diplomat Expelled Amid EU Spy Purge Is Now An OSCE Election Observer In Serbia
➝ 🇺🇸 Harry Coker confirmed to be the next National Cyber Director
➝ 🇪🇸 🇺🇸 Spain expels two US spies for infiltrating secret service
➝ 📝 #MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
➝ 🩹 #ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
➝ 🦠 🇵🇸 New Pierogi++ #Malware by #Gaza Cyber Gang Targeting Palestinian Entities
➝ 🦠 🇮🇷 Iranian State-Sponsored #OilRig Group Deploys 3 New Malware Downloaders
➝ 🦠 🇩🇪 New MrAnon Stealer Malware Targeting German Users via Booking-Themed #Scam
➝ 🍪 #Google's New Tracking Protection in Chrome Blocks Third-Party #Cookies
➝ 🐛 👨🏻💻 #Zoom Unveils Open Source Vulnerability Impact Scoring System
➝ 🩹 🧱 #Sophos backports RCE fix after attacks on unsupported #firewalls
➝ 🔓 🧱 Over 1,450 #pfSense servers exposed to RCE attacks via bug chain
➝ 🩹 🍏 #Apple Ships iOS 17.2 With Urgent Security #Patches
➝ 🐛 Over 30% of #Log4J apps use a vulnerable version of the library
📚 This week's recommended reading is: "Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd Edition)" by Justin Seitz and Tim Arnold
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
I am happy to try LLMs that run locally in my IDE. I never want to stream all my data to OpenAI or any other service's data vacuum as I code. Which leads me to ask which of the two categories do these plugins fall into, JetBrains? I'm disabling them because they aren't doing squat for this Dart/Flutter developer anyway right now but I'm not going to activate them until I'm certain they aren't streaming every flipping keystroke back to the usual suspects. I'd say state explicitly in the overview whether it runs local or does network stuff or even better have a setting to disable all network traffic of this sort across the board since plugin manufacturers could be up to similar things. Hell maybe I need a firewall rule to block outgoing network traffic from the IDE, assuming I could do that without breaking all the local network traffic needed to connect to apps, emulators, etc. for debugging... #JetBrains#JetBrainsAI#OpenAI#ML#AI#DartLang#flutter
Using #JetBrains Annotations in #JetBrainsRider, you can get endpoint code completion for any method that takes a URL from existing endpoints within the current #aspnetcore solution.
This is pretty powerful stuff for #dotnet developers.
Update on the whole Flutter Plugin not working with the latest IntelliJ 2023.3 that was released on December 2nd. As of yesterday afternoon the Flutter Plugin is again working. Not a moment too soon either, I needed all my Flutter tools again so had to find a 2023.2 install that morning only to find the update pushed out a few hours later :). #flutter#IntelliJ#JetBrains
@khalidabuhakmeh Sorry for pinging you directly, but you are the one that I follow that might have an answer for me:
regarding the new #JetBrains#AI When I activate it in Fleet is it active for every file I open in Fleet? I basically use Fleet nowadays as my "normal" text editor but I would like to not have the AI doing stuff for normal files.
> It’s finally here! We’ve just released our long-awaited AI Assistant publicly! It is now
> available for the millions of developers using JetBrains IDEs and coding tools.
> With AI Assistant, we’re bringing the latest generation of AI to you: in your
> editor, in your workflows, right where you do your work.
Does "I #dread they're going to #release this someday" count as "long-awaited"?
I have no interest in this BS. Nice to see you're wasting my #license#money.
Speaking of IntelliJ updates, I do hate when the Flutter or Dart Plugins are broken right after a release...like they apparently are today. I often wonder if it is an overly stringent version check or a legitimate problem. Thankfully today I can just get by on CLI and using IntelliJ just for the editor. #flutter#DartLang#JetBrains#IntelliJ
With this morning's IntelliJ update I started seeing these AI prompts. While it is exciting to see it coming to desktop software not just up running in the browser I'm still not touching these things until it goes to local only running models. Even if I trusted all these companies with all this data I'm sick of feeding evena higher precentage of our digital lives into the data lakes of the same companies or their proxies (yes I'm referring to you OpenAI). #JetBrains#AI#LLM#OpenAI Introducing JetBrains AI and the In-IDE AI Assistant | The JetBrains Blog
In the last few days I’m experimenting with substituting CRUD API code with Stored Procedures which directly produce the endpoints JSON as a single-row scalar value. API is then just a wrapper that authenticates, validates input and streams the DB’s JSON directly to the client.
No ORMs, no SQL generators etc.
All SQL is where it should belong: in the database
API does only single „CALL myfunc(…)“ db calls
A simple centralised error handler can accurately report errors from the database
No weird mixed row/json columns scanning into structs and re-marshalling everything to JSON
Codebase is collapsing to 20% (by LOCs)
Stored Procedures can use wonderfully declarative SQL code
Response times in the microseconds, even for multiple queries, all happens inside the DB
More side effects:
the data model can change and evolve without touching the API at all
Zero deploys mean zero downtime
the API application is so tiny, I could easily switch it to any programming language I want (yes, even Common Lisp) without worrying about available databases libraries, type mapping and rewriting tens of thousands of lines of intermixed language/SQL-code.
The general direction of the dev industry is heading in the opposite direction. More ORMs, more layers, more database abstraction. More weird proprietary cloud databases with each their own limited capabilities and query language.
So you tell me: Is it crazy? Is it wrong? Why do I have doubts despite everything working out beautifully?
Intermediate report 2 on my "Stored Procedure" project (long post).
I think it's time to talk about some of the downsides of Stored Procedures.
I think I've now accumulated enough knowledge to do so. The following applies mostly to MySQL.
Drivers
Support for Stored Procedures in Go is terrible. It is clear that maintainers of the drivers do not care to implement full functionality for Stored Procedures, just because "nobody uses them".
One notable exception is the Go driver for SQL Server, which is now maintained by Microsoft itself and is excellent.
I patched the MySQL driver for Go to support OUT parameters, after studying the MySQL Client/Server protocol and writing a small prototype driver myself. The MySQL driver[1] project is plagued by lack of interest and rudeness of the maintainers ("you are wasting my time" is a common response). What makes the situation even more complex is that there is also MariaDB and both act slightly different and start to diverge more and more.
I think it would be wise for #Oracle to step in and produce an official Go driver for MySQL exclusively.
However, after some hours I figured out the issue and I was able to implement full support for OUT parameters and multi-resultsets.
Tooling
There are many UI tools for macOS but the only one that is capable of serious database development is DataGrip from #JetBrains. Other UI tools either have no support for Stored Procedure development at all or are too rudimentary in that they provide no language support. I've tried them all.
Dev experience
I love writing SQL for Stored Procedures but there are some unique downsides I want to highlight.
– Passing table data between Stored Procedures is only possible either by creating temporary tables and "by convention" use them in the other SP or by creating JSON Arrays. Since tools do not know about these temporary tables, they will regard their usage as a potential error in your code.
TEMPORARY TABLEs are also the only way to collect multi-row SELECT results of a Stored Procedure.
– MySQL does not support the INSERT INTO/UPDATE ... RETURNING clause [unlike PostgreSQL], meaning that if you do multiple inserts/updates and want to know the auto-created IDs of these rows, this is only possible by using a CURSOR with a LOOP and accumulate the results in a TEMPORARY TABLE.
– CURSORs are ugly beasts. You have to DECLARE them (which is only allowed at a specific position in your code), OPEN them, FETCH row by row into user variables (which you are have to declare, too) and CLOSE them.
– Exception handling in Stored Procedures is somewhat convoluted. There is no Try/Catch construct. You can "SIGNAL" errors or warnings and can optionally write HANDLERs for specific exceptions but these do not transfer execution, you need to create and modify variables that you have to check in your code, since the SP just continues to run.
– MySQL gladly accepts SPs with buggy code. It is imperative to write "Test-SPs" to make sure they run as intended.
– Since SPs are defined in the same namespace (database) with your tables, views, functions etc. it is important to find a clear naming scheme, otherwise it will get very messy. There are no "packages" or "schemas" in MySQL.
– MySQL does not have user-defined types. If you declare variables for a specific column over and over, you have to rephrase theirs data types. PostgreSQL has a way to say "this variable is of type [table.column_xyz]". Not so in MySQL.
Having said all that, writing pure SQL with all these limitations provides a sense of clarity to focus on the problem at hand. Instead of thinking about "how" to solve, you focus on "what" to solve. Because you can solve anything with SQL [2] :-). Also, your app will be damn fast with Stored Procedures.
I hope I can cross the finish line next week and have actual results to share.