SQL remains the fundamental language for data work, evolving from its 1970s origins to dominate modern data landscapes. Despite challenges from NoSQL and big data technologies, SQL has absorbed their capabilities—streaming, transformations, geospatial, and machine learning. The language continues expanding with modern features like window functions and analytics semantics, while Python serves as the complementary tooling language for data engineering workflows. SQL's declarative nature and widespread adoption across cloud services like BigQuery and Snowflake cement its position as the gravitational center of data processing.

Spring Boot 4 and the Spring portfolio now provide null-safe APIs using JSpecify annotations to help prevent NullPointerExceptions. The Spring team has annotated most major projects including Spring Framework 7, Spring Data 4, and Spring Security 7 with explicit nullability information. Developers can leverage this through IDE support (IntelliJ IDEA 2025.3+) for warnings, or use build-time checkers like NullAway for stricter enforcement. Kotlin 2 automatically translates these annotations to native Kotlin nullability. This allows teams to choose their level of null-safety adoption, from simple IDE warnings to fully null-safe applications, without breaking existing APIs.

Paul Hudson built Hacktivate, a capture-the-flag game teaching cybersecurity fundamentals to teens through 240 challenges covering SQL injection, cryptography, networking, and steganography. The app runs entirely locally on Apple devices using Swift and SwiftUI, featuring a sandboxed environment with simulated servers, terminals, and networks. Inspired by classic games like Syndicate and Command & Conquer, it combines retro aesthetics with practical skills like packet sniffing, hash cracking, and digital forensics. The 45,000+ lines of code include a Linux terminal emulator, web server, and various security tools, all designed to provide structured, privacy-preserving learning without external dependencies.

Vibe coding with AI agents is effective for shipping side projects quickly, but removes the satisfaction and learning that comes from hands-on development. While tools like GitHub Copilot and Spec Kit can automate implementation from specifications, watching agents write code is tedious and lacks the joy of problem-solving. The author reserves AI-assisted coding for projects where only the final output matters, preferring to manually build applications where the tech stack or implementation details are interesting.

Explores the evolution of URL handling in Java, questioning whether generic URL APIs like URL.openConnection() were a good design choice. The author argues that Java 11's HttpClient, being protocol-specific rather than generic, represents better API design. Generic URL handling introduces security risks, performance unpredictability, and forces lowest-common-denominator APIs. Modern applications typically handle a single URL scheme and benefit from specialized, focused implementations rather than attempting universal URL support.

Chrome 135 introduces Invoker Commands, allowing buttons to perform actions on dialogs and popovers declaratively using commandfor and command attributes, eliminating the need for JavaScript onclick handlers. The feature supports built-in commands like show-modal, close, and toggle-popover that mirror their JavaScript counterparts, plus custom commands prefixed with double dashes that can be handled via the toggle event. A polyfill is available for broader browser support.