I’m not talking just about Microsoft SQL Server specifically here, nor T-SQL. Let’s zoom out a little and think bigger picture for a second: is the SQL language itself a problem?
Sometimes when I talk to client developers, they gripe about the antiquated language.
The order of a SELECT statement doesn’t make any sense. You shouldn’t state what you’re looking for, before you even say where you wanna get the data from. The FROM should really go first so that query-completion tools like IntelliSense have a fighting chance to help you write the SELECT part. If we started writing our queries like this:
FROM dbo.Users u INNER JOIN dbo.Posts p ON u.Id = p.OwnerUserId SELECT ...
Then as you started typing stuff in the SELECT, you could actually get useful stuff out of IntelliSense. How many times have you started typing a query, and query completion tools start throwing all kinds of system functions at you? Idiotic.
Exception handling is a painful mess. Let’s be honest here: the majority of stored procedures and functions out there don’t have error handling. They YOLO their way through the data, hoping and praying that things are as we expect, we have the right permissions, structures haven’t changed, and the data is in a useful state. Everybody looks the other way and mumbles, “We’ll handle errors on the application side,” when in reality those errors are either thrown directly at the innocent user, or simply suppressed and not logged anywhere.
It’s not really a standard. Oh sure, SELECT/FROM/WHERE/ORDER BY works in most databases, but even trivially simple applications break if you try to port them from one database management system to another. Your skills transfer in a similar way: even if you’re great at T-SQL exception handling, you’re still gonna have to tweak the way you do it in Postgres. The concepts are standard, but the specifics are different.
Unit testing is a pipe dream. App code developers know if their code changes will break something. Database developers just punt their stuff into development, run the query a few times, nod because no errors get thrown, and then toss it into production. When code breaks weeks or months later, all we hear is, “Nothing’s been changed.”
In some ways, we have, with object-relational mapping (ORM) tools like Entity Framework, Hibernate, and Django. The database administrator readers here in the audience usually cringe when they hear those words, but the reality is that developers leverage those tools heavily to build new applications. I don’t blame them. I would too, for all the reasons I talked about above.
What those tools do is translate your desires into SQL, though, which brings us right back where we started. Often, the SQL they generate sucks for performance, thus the typical DBA’s feelings about ORMs. So why haven’t we got a new standard way for applications to talk directly to databases, in a secure, performant, and easy-to-write way?
It’s not for lack of trying: at least once every 6 months, I see a post on HackerNews about a better replacement for SQL. Someone puts a lot of thought into the problems, puts a lot of work into a replacement, and then proudly announces it.
And nobody uses it.
Because SQL is the lowest common denominator that works damn near everywhere, for values of “works.”
It works on the back end. Remember when NoSQL came out, and everybody was all “databases r doomd”? And remember what business users said when they wanted to run their reports? NoSQL persistence layers pretty quickly changed their tune, saying, “Oh, well, uh, we meant Not Only SQL, that’s what we meant,” as they struggled to quickly slap in SQL compatibility. Even MongoDB, king of NoSQL, implemented SQL support.
It works on the front end, especially the reporting front end, which is what managers care about. The people who sign the checks wanna see their data in Power BI and Excel. Every new reporting tool that comes out, in order to check boxes and say they’re compatible with every database, implements SQL support. Oh sure, these tools write horrific queries, but they check the box to say they can get data out of all your different persistence layers, and they do it with SQL first because it’s cheap and easy to support lots of databases that way.
I’ll leave you with an amusing quote from Bjarne Stroustrup:
There are only two kinds of languages: the ones people complain about and the ones nobody uses.
I want to read all the newsletters I subscribed to.
I want to read everything in the ten web dev community slacks I joined.
I want to read everything on the seven Discord servers I am on.
I want to read every blog post in the hundreds of feeds I follow.
I want to read every toot of the people I follow on Mastodon.
I want to find more people to follow.
I want to ensure I didn’t miss your cool and happy announcement.
I want to attend your conference/meet-up virtually.
I want to watch your livestream and support you.
I want to view the videos in the archive of this conference that I missed in person.
I want to listen to that audiobook that I’ve had for months.
I want to listen to your podcast.
But I need to work and live life outside of consumption and entertainment.
And then worry that I am behind.
Then, I worry that I must apply the latest knowledge and wisdom, but I probably have missed it.
And worry that pals could think that I ignored them.
I want it all, but it is impossible.
“Red touch yellow, legless fellow. Red touch black, legs they lack.”
Remembering that neither coral snakes nor scarlet kingsnakes have legs.
“Uplifting. Star-spangled. Anthem.”
Remembering the letters in “USA.”
“A caT has two. A dOg has one.”
How many horns common household pets would have if those household pets had horns, and also if cats had two of them while dogs only had one.
“Red touch yellow, kill a fellow. The largest nation, Russian Federation.”
Distinguishing between a coral snake and the country of Russia.
“An airplane takes you up to a different plane. A submarine goes in the water.”
Determining whether a vehicle is an airplane or a submarine.
“ER = Eating Rounds. ING = Inside, Normally Garments.”
Remembering whether plates go in a dishwashER or a washING machine.
“Red sky in the morn, a day is born. Red sky at night, a day takes flight.”
Distinguishing between sunrise and sunset.
“fLoors are Lower.”
Telling the difference between a roof and a floor.
“Radical scientists invent time machine so they won’t read spoilers about next show death.”
Recalling the words to the mnemonic, “Red sky in the morning, sailors take warning. Red sky at night, sailor’s delight.”
“Points are three, then feel free. Point is one, flee and shun.”
Remembering which end of a fork to bite down on.
“Big cats terrify antelopes.”
Remembering the standard aging process of baby to child to teenager to adult.
“All tigers can bite.”
Remembering the aging process for literary character Benjamin Button.
“A terrible cardiologist thoughtlessly told Terence to taste thirty thermometers.”
Remembering the aging process for literary character Benjamin Button if his reversed aging was fixed partway through the story, but then he got caught in a time loop and kept living his teenage years over again.
“Red touch gray, get away. Blue touch green, be serene.”
Distinguishing between coral snakes and scarlet kingsnakes if they had different colors, but also one of them was still poisonous and the other wasn’t.
“All good boys deserve fudge.”
Remembering the notes on the lines of the treble clef musical staff slightly wrong.
“See from their view? Then that’s you. See from afar? Someone else they are.”
Determining whether someone is yourself or a different person.
“Ripping up a rare artwork, Edward realizes Friday Raphael paintwork biting afternoons aren’t really acceptable socially.”
The first word of every previous mnemonic in this list.
![]()
Meta's AI Watermarking Plan Is Flimsy, at Best
Watermarks are too easy to remove to offer any protection against disinformation
The most obvious weakness is that Meta’s system will work only if the bad actors creating deepfakes use tools that already put watermarks—that is, hidden or visible information about the origin of digital content—into their images. Most unsecured “open-source” generative AI tools don’t produce watermarks at all.
...
We are also concerned that bad actors can easily circumvent Meta’s labeling regimen even if they are using the AI tools that Meta says will be covered, which include products from Google, OpenAI, Microsoft, Adobe, Midjourney, and Shutterstock. Given that it takes about 2 seconds to remove a watermark from an image produced using the current C2PA watermarking standard that these companies have implemented, Meta’s promise to label AI-generated images falls flat.
We know this because we were able to easily remove the watermarks Meta claims it will detect—and neither of us is an engineer. Nor did we have to write a single line of code or install any software.
BBC is the first large media to have implemented #C2PA for one of their video, available at https://www.bbc.com/news/world-latin-america-68462851
The video is a montage of 2 social media videos with a map and added text and logo overlay, done by the fact checking unit of BBC: BBC verify
Key finding
BBC verify went through 3 different manifests for the same video.
One of the video, authenticated as "Genuine" is "Fake"
manifest 1, published 2024-03-04T15:02:32.337Z
1: No Ingredient assertions, instead a CBOR:ReviewBody tag describing how they authenticated the videos (OSINT), and a link to the original url of one of the video
2: The info box about the C2PA metadata under the video mirror the CBOR:ReviewBody, but is heavily redacted.
manifest 2, published 2024-03-04T18:03:59.565Z
The info box about the C2PA metadata has changed, I check the video, and it has been republished
1: The video has a new manifest, doesn't include any reference to manifest 1
2: No Ingredient assertions
3: The manifest 1 CBOR:ReviewBody is stripped out from all urls
4: The info box about the C2PA metadata under the video is now identical to the CBOR:ReviewBody
manifest 3, published 2024-03-05T11:25:10.796Z
The video file is moved to a cloudfront.net CDN server (The video was originally on an AKAMAI CDN for a BBC R&D metadata api)
1: The video has a new manifest, doesn't include any reference to manifest 1 or 2
2: It's manifest 2 with a new signature
Fake video finding, 2024-03-06 in the morning https://twitter.com/botsdontcry1/status/1765285019646308374
I found out that one of the 2 social media video was edited with an added soundtrack (Loud Gunshots) to create more dramatic effects, before being published to the social media.
It's easy, The social media (TikTok) has a disclaimer about the added soundtrack, but the fact checkers didn't bother.
Just listening to the audio of the video feels weird, a simple display of the audio waveform show a repetitive 15s in length sample (The gunshots).
Thanks for your detailed review about C2PA!