15 years of experience with SQL Server is similar to me, excluding my experience with other enterprise DB's (Oracle and Informix mostly but also some DB/2). I began using SQL Server with 6.5 and at one point had DBA responsibilities for 6.5, 7 and 2000 concurrently.
Since the middle tier is now embedded in the database, it is impossible to ever create a three tier application.
Not only is it possible, but by placing the logic in the sp's it is immediately searchable for the DBA. Migrating data is made considerably simpler also. You can still use your middle tier language / platform of choice, but the end result is more structured.
I could simply go into my C# data access layer and add a handful of lines of code that would dynamically watermark the image as it is being retreived [sic] from the database. A data access layer written in T-SQL could never do this.
Well, first of all you're storing BLOB's in the DB, which is inefficient both in backup strategy as well as in retrieval and long-term archival. Filesystems are good at what filesystems do, so let them do it. You're going to be pointing to an index of an index and the end result will be like accessing data on a very fragmented hard drive. And conversely your DBA has no idea that you're doing this, he/she only knows that I/O is poor and cache misses are high. (Even with FILESTREAM in 2008 this is still true, store them outside the DB!)
How would you create a covering index if a developer demanded all columns of a table be returned, but he didn't really need them? How do you performance tune an application that requests the details for 10,000 customers by calling the customer profile retreival procedure 10 thousand times?
The way I do part of this is take snapshots of something similar to sp_help2 results every x minutes to a DB, and the top scoring queries past a certain level get reviewed. If I see something out of the ordinary, such as seeing a drop in performance (or the help desk reporting an issue), I walk down the hall or call the developer into my office and we take care of the issue. It's a learning experience for the developer. If it's severe enough I disconnect the query and/or service making the requests. We can't have a coder's shortcuts taking down servers or making them available. This only has to happen a couple of times before the programmer learns to speak with me / work with me prior to implementing something they suspect might be bad. If it keeps happening, the developer is let go.
How would you create a covering index if a developer demanded all columns of a table be returned, but he didn't really need them?
During my interview process, we discuss that we're a small crew and everyone is expected to do their best. I always have time for questions and would rather handle things before they are implemented and cause issues. Nevertheless I have had a couple of developers who had to be let go because of things like this. Really, I don't have time to babysit. You're either at a professional level or you're not.
The only person is a position to stop SQL injection is the application developer. The damage has been done before the DBA's code is even called.
What? I'm not talking about someone substituting a value in a query with another (legal) value. I'm talking about people trying to insert clauses etc. Random ad-hoc SQL is heavily discouraged; practically everything goes through SP's. Not only does that allow me to migrate data as needed without breaking things, but it also allows me to add logging / troubleshooting code to the sp when there's a problem. It has reaped many rewards for my employers over the years.
I understand that you will never back any development model that will eliminate your job...
First of all, you've got some balls, which I admire, but you're too stupid to know when to shut up and you've needlessly
Dynamic SQL inside sp's defeats the entire point of sp's.
I disagree. In MS SQL Server 2000 there are many times when Dynamic SQL is the least bad method to do something. The benefits include storing logic in the DB instead of in various apps where it can't be tracked for schema changes. Forcing a procedure NOT to use a stored execution plan -- which can hobble queries with any decent amount of data.
The only difference is that you have to do data sanitization with T-SQL instead of a language that has evolved since the 1980s.
I hope you're not trying to tell me your DBA trusts your app writers to sanitize everything? The final level for security and scrubbing IS the DB, and skipping over that to run some code NOT designed to best work in a DB environment is silly. I have no idea what language you're suggesting, but again in your scenario the DBA loses control over what really happens. You as a programmer need a recompile or recode to fix a simple business logic change, and heaven help you if it's overly complicated.
Step back and let the DBA's do their job. That means egress / ingress over all apps which want to use the DB. Concentrate on programming-level tasks such as maintaining your UI and using the retrieved data efficiently. There is no way you will create more efficient DB code than a competent DBA, and you should not have to worry about the hinting / indexes / partitioned views etc that DBA's consider when making sure your stuff runs well.
What you could do is create a log of all requests, with the parameters used, for chunks of your application and use that to both establish a baseline for performance as well as an indicator of lagging performance. This benefits both you and the DBA and I'm sure they would help you accomplish this task.
Exactly my point. If you don't like the terms then go do something else. It seems massively stupid to pass up such an opportunity, but really we don't need you if you don't want to play. Got it? So don't stand here complaining all day, you get nothing done and we're getting tired of all the whining.
Or do you really believe a post on Slashdot will change everything? Boy have I got some unicorns to sell you!
Sp's provide a significantly higher degree of control over allowed values without having to resort to app-level scrubbing. They also tend to perform a little bit quicker.
That said, things like multiple optional parameters will cause you to tear your hair out as a bad execution plan can be chosen. You have dynamic SQL inside sp's but there's no way I would use that on a public-facing site. Maybe 2008 solves some of this; I am anxious to try it out after skipping the mess that was 2005.
The difference is academic in this case. You have someone who held a public position and is now making a bold statement. If this were some unknown person with shaky credentials it would not have been a story.
I guess the point of it is "Is Microsoft the weak link when it comes to security?" to which the only answer can be "Yes." Kudos to the White House team for telling it like it is!
I think that's fair enough and better than the support for non-Windows machines in companies who primarily use Windows. I know here we've recently got people buying iPhones and iPads and the chinks are in the wall.
I was told by several women that they didn't like Drakkar, Gio, Polo, Givenchy Pi, Joop, Oscar de la Renta, Quorum, Paloma's Minotaur, and Boss. At first I thought it was just the girl but it seems some actually prefer the cheap air-freshener scents. To prefer Bath and Body works or Old Spice / Coty / CK seems very alien to me. Maybe people are losing the ability to pick up some of the varied tones in these?
Wish we had the staff to support more options; people become so accustomed with doing things one way they never think about how much easier another way could be. And all OS's have strengths and weaknesses, so it's good to see and experience different UI's and workflows to keep the creative juices flowing.
Yes for all that people moan about Apple being a walled garden yada yada I can see Steve Jobs demanding a quick fix regardless of the consequences if there was this kind of foolishness in OS X.
At this point in my life when I see the same old things broken and no real fixes from Microsoft (short of taking things into your own hands and disabling it yourself -- something Grandma will never do) I wonder if the internet has been responsible for too many casual "push it out, fix it later" attitudes. The average Joe kind of expects their system to have viruses and extra crap running and doesn't care enough / doesn't have time to chase down a way to fix all these problems.
I think until there are more srious consequences for software and hardware manufacturers to deliver a product that doesn't get you owned the first time you connect to the Internet, or get infected just because you connected a hardware device, or actively attempt to infect you (as in this case) this will continue to be par for the course. I'm disappointed, disillusioned and a bit jaded and I have no more patience left for this type of foolishness. There's no excuse.
Please don't give them any ideas. Wasn't it GE that had a computer in a fridge? I can just imagine the havoc the microwave could cause if it turned on for an extended time with nothing in it. Couldn't be good.
Nah, he's the one who's been paying for her WOW account so they can run quests together. And so her Night Elf can dance for him when he gets the urge to "party".
This is incorrect. You have no entitlement to any other person's property. You set yourself up for the possibility of being charged just like any other criminal.
Public sentiment is another matter. It's possible that you won't be charged for the crime.
After hours the doors require you to swipe your student ID to get in. It's a pain, so decent folk don't let the door swing shut after getting the reader to take their ID.
Wait... what?? You really don't understand why you have to swipe your card, do you? It's one thing if you know the person -- and yet totally different if you're holding the door open for strangers.
The good news is you're still in school. Stay there until you learn something. If you're lucky you might learn 2 somethings like why this is stupid. Really, get a clue. This is irresponsible especially in today's society.
Add a moving average to an OpenOffice graph. Trendlines are weak. The average Joe won't be able to do this.
Subtotals are very different from what you're accustomed to.
If you have a line graph that you want smoothed, sometimes you need to convert it to an x-y scatter chart. Then redo your data series because they will be all messed up.
If you want a legend in a non-standard place, you can't stretch the graph over the legend. Cut the legend to the clipboard and then paste it where you want (when you cut it the graph will automatically stretch to fit). When you add a data series you will need to insert the legend, cut and paste it again.
Try to add a data series to an existing chart by modifying the chart data source. It won't work the way you think it will; all your existing series will be removed and replaced with the new series. Instead go to the data series and add it there.
I love OO and use it daily, both on Mac OS X 10.4 and in XP. It's getting better with every new version. I'm generally more productive using OO and choose it even though I have a license for Office... other than the gotchas described above and maybe some trivial things that don't come to mind it's been very good. Recently added OO features such as smoothing and giving options to handle the interpolation of missing data have helped me significantly.
Exchange is $40K just in licenses for our employees. That doesn't count the enterprise license or the server to put it on. It doesn't count the AV license for it, or the managed service to prevent others from overwhelming it. It's not inexpensive.
We have remained on an old version of Enterprise because of this very reason... the CAL's are not upgradeable, you have to buy them all over again every time a new version comes out.
And no, software assurance is not the solution. All you're doing is spreading the cost over multiple years, you still have the enormous cost to pay.
What features didn't work for you? We have had Samba integrated with AD as a member server since RHEL 3. Granted we don't use all the features but for us that means:
Single sign-on, no additional passwords for our users to access Linux shares
Instant revocation of rights when an account is locked
Rights are assigned by AD security group and/or AD user
Shares are automatically created and assigned to the user the first time they are accessed
Users print to PDF printers from within Windows and the files are transported from that Linux server to their home folders on another Linux server (and rights are assigned too)
The biggest feature Samba lacks IMHO: A simple way to integrate the winbindd links so that a Samba share mounted from one Linux server onto a SECOND Linux server show the correct user and group permissions / assignments on the second Linux server. Yes there are ways to do this but every time I research it I get nervous and back off. Everything works, you just have to view the remotely mounted share on the hosting server for it to be accurate.
My understanding is you can use ad-hoc distribution for internal apps with no minimum number of employees. They also specifically have another level of distribution (the base level) which allows internal distribution to up to 100 devices.
Ad Hoc Distribution
Share your application with up to 100 other iPad, iPhone, or iPod touch users with Ad Hoc distribution. Share your application through email, or by posting it to a web site or server.
Slashdot Mirror
True. Here's hoping the economies of scale can get prices lower over time.
And the day you have an accident that disfigures you -- or even a bad sunburn -- what then?
Since the middle tier is now embedded in the database, it is impossible to ever create a three tier application.
Not only is it possible, but by placing the logic in the sp's it is immediately searchable for the DBA. Migrating data is made considerably simpler also. You can still use your middle tier language / platform of choice, but the end result is more structured.
I could simply go into my C# data access layer and add a handful of lines of code that would dynamically watermark the image as it is being retreived [sic] from the database. A data access layer written in T-SQL could never do this.
Well, first of all you're storing BLOB's in the DB, which is inefficient both in backup strategy as well as in retrieval and long-term archival. Filesystems are good at what filesystems do, so let them do it. You're going to be pointing to an index of an index and the end result will be like accessing data on a very fragmented hard drive. And conversely your DBA has no idea that you're doing this, he/she only knows that I/O is poor and cache misses are high. (Even with FILESTREAM in 2008 this is still true, store them outside the DB!)
How would you create a covering index if a developer demanded all columns of a table be returned, but he didn't really need them? How do you performance tune an application that requests the details for 10,000 customers by calling the customer profile retreival procedure 10 thousand times?
The way I do part of this is take snapshots of something similar to sp_help2 results every x minutes to a DB, and the top scoring queries past a certain level get reviewed. If I see something out of the ordinary, such as seeing a drop in performance (or the help desk reporting an issue), I walk down the hall or call the developer into my office and we take care of the issue. It's a learning experience for the developer. If it's severe enough I disconnect the query and/or service making the requests. We can't have a coder's shortcuts taking down servers or making them available. This only has to happen a couple of times before the programmer learns to speak with me / work with me prior to implementing something they suspect might be bad. If it keeps happening, the developer is let go.
How would you create a covering index if a developer demanded all columns of a table be returned, but he didn't really need them?
During my interview process, we discuss that we're a small crew and everyone is expected to do their best. I always have time for questions and would rather handle things before they are implemented and cause issues. Nevertheless I have had a couple of developers who had to be let go because of things like this. Really, I don't have time to babysit. You're either at a professional level or you're not.
The only person is a position to stop SQL injection is the application developer. The damage has been done before the DBA's code is even called.
What? I'm not talking about someone substituting a value in a query with another (legal) value. I'm talking about people trying to insert clauses etc. Random ad-hoc SQL is heavily discouraged; practically everything goes through SP's. Not only does that allow me to migrate data as needed without breaking things, but it also allows me to add logging / troubleshooting code to the sp when there's a problem. It has reaped many rewards for my employers over the years.
I understand that you will never back any development model that will eliminate your job...
First of all, you've got some balls, which I admire, but you're too stupid to know when to shut up and you've needlessly
Dynamic SQL inside sp's defeats the entire point of sp's.
I disagree. In MS SQL Server 2000 there are many times when Dynamic SQL is the least bad method to do something. The benefits include storing logic in the DB instead of in various apps where it can't be tracked for schema changes. Forcing a procedure NOT to use a stored execution plan -- which can hobble queries with any decent amount of data.
The only difference is that you have to do data sanitization with T-SQL instead of a language that has evolved since the 1980s.
I hope you're not trying to tell me your DBA trusts your app writers to sanitize everything? The final level for security and scrubbing IS the DB, and skipping over that to run some code NOT designed to best work in a DB environment is silly. I have no idea what language you're suggesting, but again in your scenario the DBA loses control over what really happens. You as a programmer need a recompile or recode to fix a simple business logic change, and heaven help you if it's overly complicated.
Step back and let the DBA's do their job. That means egress / ingress over all apps which want to use the DB. Concentrate on programming-level tasks such as maintaining your UI and using the retrieved data efficiently. There is no way you will create more efficient DB code than a competent DBA, and you should not have to worry about the hinting / indexes / partitioned views etc that DBA's consider when making sure your stuff runs well.
What you could do is create a log of all requests, with the parameters used, for chunks of your application and use that to both establish a baseline for performance as well as an indicator of lagging performance. This benefits both you and the DBA and I'm sure they would help you accomplish this task.
Pathetic!
Exactly my point. If you don't like the terms then go do something else. It seems massively stupid to pass up such an opportunity, but really we don't need you if you don't want to play. Got it? So don't stand here complaining all day, you get nothing done and we're getting tired of all the whining.
Or do you really believe a post on Slashdot will change everything? Boy have I got some unicorns to sell you!
Good. More room for us.
Sp's provide a significantly higher degree of control over allowed values without having to resort to app-level scrubbing. They also tend to perform a little bit quicker.
That said, things like multiple optional parameters will cause you to tear your hair out as a bad execution plan can be chosen. You have dynamic SQL inside sp's but there's no way I would use that on a public-facing site. Maybe 2008 solves some of this; I am anxious to try it out after skipping the mess that was 2005.
+1 insightful. Very good point.
The difference is academic in this case. You have someone who held a public position and is now making a bold statement. If this were some unknown person with shaky credentials it would not have been a story.
It's not as if people didn't already know about Microsoft's abysmal security record. Just a simple query such as http://www.google.com/search?hl=en&safe=off&client=firefox-a&hs=kKP&rls=org.mozilla%3Aen-US%3Aofficial&q=site%3A*.gov+microsoft+advisory&aq=f&aqi=&aql=&oq=&gs_rfai= shows tens of thousands of hits. Maybe Microsoft will be shamed enough to take action and improve their products.
I guess the point of it is "Is Microsoft the weak link when it comes to security?" to which the only answer can be "Yes." Kudos to the White House team for telling it like it is!
If Microsoft execs aren't already aware of that, they should be fired. Part of managing a company is knowing your weaknesses.
Lol! I knew about the coffee pot (it had a CUSeeMe feed IIRC) but not the Coke machine. Thanks for the chuckle.
I think that's fair enough and better than the support for non-Windows machines in companies who primarily use Windows. I know here we've recently got people buying iPhones and iPads and the chinks are in the wall.
I was told by several women that they didn't like Drakkar, Gio, Polo, Givenchy Pi, Joop, Oscar de la Renta, Quorum, Paloma's Minotaur, and Boss. At first I thought it was just the girl but it seems some actually prefer the cheap air-freshener scents. To prefer Bath and Body works or Old Spice / Coty / CK seems very alien to me. Maybe people are losing the ability to pick up some of the varied tones in these?
Wow, sounds like a progressive company!
Wish we had the staff to support more options; people become so accustomed with doing things one way they never think about how much easier another way could be. And all OS's have strengths and weaknesses, so it's good to see and experience different UI's and workflows to keep the creative juices flowing.
Yes for all that people moan about Apple being a walled garden yada yada I can see Steve Jobs demanding a quick fix regardless of the consequences if there was this kind of foolishness in OS X.
At this point in my life when I see the same old things broken and no real fixes from Microsoft (short of taking things into your own hands and disabling it yourself -- something Grandma will never do) I wonder if the internet has been responsible for too many casual "push it out, fix it later" attitudes. The average Joe kind of expects their system to have viruses and extra crap running and doesn't care enough / doesn't have time to chase down a way to fix all these problems.
I think until there are more srious consequences for software and hardware manufacturers to deliver a product that doesn't get you owned the first time you connect to the Internet, or get infected just because you connected a hardware device, or actively attempt to infect you (as in this case) this will continue to be par for the course. I'm disappointed, disillusioned and a bit jaded and I have no more patience left for this type of foolishness. There's no excuse.
Please don't give them any ideas. Wasn't it GE that had a computer in a fridge? I can just imagine the havoc the microwave could cause if it turned on for an extended time with nothing in it. Couldn't be good.
If you're the one waiting for someone else to take action for you, then you're a coward.
If you're trusting a congressperson to do this work for you, you're the dumbass.
Nah, he's the one who's been paying for her WOW account so they can run quests together. And so her Night Elf can dance for him when he gets the urge to "party".
This is incorrect. You have no entitlement to any other person's property. You set yourself up for the possibility of being charged just like any other criminal.
Public sentiment is another matter. It's possible that you won't be charged for the crime.
After hours the doors require you to swipe your student ID to get in. It's a pain, so decent folk don't let the door swing shut after getting the reader to take their ID.
Wait... what?? You really don't understand why you have to swipe your card, do you? It's one thing if you know the person -- and yet totally different if you're holding the door open for strangers.
The good news is you're still in school. Stay there until you learn something. If you're lucky you might learn 2 somethings like why this is stupid. Really, get a clue. This is irresponsible especially in today's society.
I love OO and use it daily, both on Mac OS X 10.4 and in XP. It's getting better with every new version. I'm generally more productive using OO and choose it even though I have a license for Office... other than the gotchas described above and maybe some trivial things that don't come to mind it's been very good. Recently added OO features such as smoothing and giving options to handle the interpolation of missing data have helped me significantly.
Exchange is $40K just in licenses for our employees. That doesn't count the enterprise license or the server to put it on. It doesn't count the AV license for it, or the managed service to prevent others from overwhelming it. It's not inexpensive.
We have remained on an old version of Enterprise because of this very reason... the CAL's are not upgradeable, you have to buy them all over again every time a new version comes out.
And no, software assurance is not the solution. All you're doing is spreading the cost over multiple years, you still have the enormous cost to pay.
The biggest feature Samba lacks IMHO: A simple way to integrate the winbindd links so that a Samba share mounted from one Linux server onto a SECOND Linux server show the correct user and group permissions / assignments on the second Linux server. Yes there are ways to do this but every time I research it I get nervous and back off. Everything works, you just have to view the remotely mounted share on the hosting server for it to be accurate.
Ad Hoc Distribution Share your application with up to 100 other iPad, iPhone, or iPod touch users with Ad Hoc distribution. Share your application through email, or by posting it to a web site or server.
http://developer.apple.com/programs/iphone/distribute.html#compare