This is huge. I’ve spent years jumping through hoops to get Go projects signed off for FIPS-140 and I always worried that something was going to go wrong and we’d have a compliance nightmare on our hands. They just made it super easy.
- Unescape, sanitize or validate at all entry points.
- Escape all outputs (this includes the database queries).
If you follow those simple rules, you never have to check once you are past a controller. And you should fuzz your controllers to make sure no unexpected data makes it past there.
I used to drive a Camry where on the factory radio, bass and treble had individual knobs and you could adjust them without taking your eyes off the road. Oh, those were the days.
The quality of engineering varies wildly within Oracle, to the point that entire divisions can be relied on to produce absolute garbage because longevity completely trumps talent. Oracle Cloud has great engineering (which these days is quite hampered by bureaucracy and misplaced frugality, in my opinion), but outside OCI and a few small select orgs, the situation is dire.
At a couple points my org had hiring crunches and leadership’s short term solution was to find employees from other orgs that could be “loaned” to us. The quality was universally jaw-droppingly low. I had to do code reviews and they would do the craziest junior-developer no-standards stuff that would cause their PRs to get rejected repeatedly, because not only did they make dumb decisions, they didn’t even understand the explanations of why they were dumb decisions. It was infuriating and a horrible waste of time, and the second time around, we tried to say we don’t want that kind of help, but leadership insisted that the free manpower was not optional.
That sort of loaned manpower isn't free, despite management's continued delusions that it is. Loaners have a cost, both up-front (onboarding, mentoring, reviews, etc) and on-going (lack of organic expertise in the new code remaining on the team, maintenance of suboptimal or inconsistent code, etc). But they're not the sorts of costs that show up well on balance sheets, so good luck convincing anyone that they exist.
Space is very bad for the human body, you wouldn't be able to leave the humans there waiting for something to happen like you do on earth, they'd need to be sent from earth every time.
Also, making something suitable for humans means having lots of empty space where the human can walk around (or float around, rather, since we're talking about space).
Underwater welder, though being replaced by drone operator, is still a trade despite the health risks. Do you think nobody on this whole planet would take a space datacenter job on a 3 month rotation?
I agree that it may be best to avoid needing the space and facilities for a human being in the satellite. Fire and forget. Launch it further into space instead of back to earth for a decommission. People can salvage the materials later.
The problem isn't health “risk”, there are risks but there are also health effects that will come with certainty. For instance, low gravity deplete your muscles pretty fast. Spend three month in space and you're not going to walk out of the reentry vehicle.
This effect can be somehow overcome by exercising while in space but it's not perfect even with the insane amount of medical monitoring the guys up there receive.
Good points. Spin “gravity” is also quite challenging to acclimatize to because it’s not uniform like planetary gravity. Lots of nausea and unintuitive gyroscopic effects when moving. It’s definitely not a “just”
Every child on a merry go round experiences it. Every car driving on a curve. And Gemini tested it once as well. It’s a basic feature of physics. Now why NASA hasn’t decided to implement it in decades is actually kind of a mystery.
I find the quest 3 with virtual monitors actually pretty good from a text-reading perspective and I can use it for a long time, but that’s using a lower resolution than my native monitors. One thing I think is interesting about it is I don’t need my reading glasses, whereas I very much do when looking at a real monitor. I find the virtual display setup somewhat intolerable for other reasons, though, like the inflexibility about how the displays are arranged, and there’s the physical bit about having a bulky HMD on.
Regarding inflexibility of monitor placement, what are you using as the interface application? Virtual Desktop Streamer let's you move monitors basically anywhere that you want them.
I once attended a live talk by Leslie Lamport and as he talked, I had the overwhelming feeling that something was wrong, and was thinking “did he have a stroke or something?” but then I realized I had just always watched his lectures online and had become accustomed to listening to him at 2x.
Is it actually important that we come up with a formal definition of these things, though? They are colloquial terms, there is some overlap, and people are always going to use one or the other “incorrectly” according to you. It’s more important that we recognize that’s a potential source of differing terminology and ignore that rather than fixating on it.
Indeed. This compulsion is infuriating because it becomes normalized to require an app for things that very much should be a website.
At least once a month I have the experience where I either have to ask someone “am I forced to used your app to use your product/service” and they are baffled by the resistance. I just went through the exercise of net-sniffing my kids’ school bus status app because it is obviously just a wrapper around a web UI but nobody —- not the district nor the company that makes the app —- will actually admit this. Turns out there is a secret web page that offers the EXACT same functionality from a mobile browser. And the kicker: it works better.
reply