The discoverability of a hardware hack as reported makes the whole thing fail to ring true for me.
As Joe alludes to, why do something so discoverable when there are numerous other attack vectors that would preserve plausible deniability?
It appears close to a one-time trick, if you’re China. Once the trust is gone, it’s not coming back. Supply chains are already coming back home due to automation and consequently less reliance on cheap manual labour.
The case would have to be compelling - something that could not be achieved otherwise. That case is yet to be made.
Sure - I’m not claiming that as a database issue at all. It’s just a side addendum to note that sometimes technical decisions can have a political aspect.
My own experience chimes with this somewhat, having used MongoDB on my last project - quite often application data storage requirements are relatively trivial - and it is a boon to do away with the ORM layer and be able to vary any given object schema without touching the database (although in practice a .js data migration script may be involved, so this is moot). As a sidenote local cultural issue, the fact that we can operate the MongoDB servers ourselves, whereas RDBMS instances are with a central team and buried under a layer of bureaucracy was also probably an operational consideration.
When it comes to joins, these have lately been added to MongoDB, as has SQL - although the functionality is still rudimentary compared to a mature RDBMS.
But where we experienced pain was when the business decided they wanted to do live reporting. We ended up piping the data into a SQL Server instance and using SSRS.