Don Kiely's Technical Blatherings

Sun Acquires MySQL

donkiely — Thu, 17 Jan 2008 02:01:17 GMT

Wow. I didn’t see this coming, but Sun Microsystems has acquired MySQL. That blog post pretty much says it, about trying to figure out what this means.

I think overall it is a good thing, particularly since the open source version of MySQL is more likely to flourish under Sun than other potential buyers, notably Microsoft. But I wonder what it means for enterprise users?

Gut reaction: seems like a good fit. Best of luck to both companies, their employees, and users!

Kudos to Patricia Baer for tipping me off before I heard about it from the regular sources!

Second Chance League Charity eBay Auction

donkiely — Tue, 08 Jan 2008 18:43:35 GMT

Please pardon this slightly commercial message, but the auction is a benefit for the Second Chance League, a sleddog rescue organization here in Fairbanks, Alaska. (I’m currently president of SCL, but we have a lot of very talented and enthusiastic volunteers who work with dogs.)

Midnight Mushing has donated 2 beautiful anoraks to SCL for a fundraiser. The first one is now on eBay to be auctioned off.

This anorak is a "2nd" but only because it has a very slight stain (that we could barely make out!!) on the back. Becky of Midnight Mushing apparel is a perfectionist and her clothing is beyond wonderful. This anorak is not only functional but super nice looking. The workmanship is beautiful and these anoraks will last a lifetime of outdoor Alaska--or any cold climate--use!

All of the proceeds go to the Second Chance League in Fairbanks, Alaska, to support its mission of rescuing sleddogs and finding them good, forever homes.

SQL Server 2005 September BOL Refresh Available

donkiely — Tue, 11 Dec 2007 01:17:02 GMT

The September 2007 update for SQL Server 2005’s Books Online (BOL) is finally available for download. The update has been available online since, well, September but this time it took the UE group forever to make the download available. Because of “technical issues,” whatever they might be.

Anyway, go grab it*. An updated BOL is one of your more valuable SQL Server resources.

* No guarantees the link will work forever, or even for very long. But Google always knows.

Update: BOL is now part of Microsof Update! How long has that been? Forever, and I just noticed it? Either way, cool!

PDC Returns to L.A., October 2008

donkiely — Sun, 09 Dec 2007 13:11:10 GMT

Microsoft has just announced that PDC (Professional Developers Conference) will be back 27–30 October 2008 in Los Angeles. That’s good.

But it will be interesting to see how they uniquely position PDC versus TechEd*, now that TechEd has been separated into separate developer and IT weeks in Orlando.

* Interesting link for TechEd: http://www.microsoft.com/events/teched2007/default.mspx. The link says 2007, but at the moment it it is about TechEd 2008.

Is Vista Not Ready for Laptops?

donkiely — Wed, 05 Dec 2007 13:33:47 GMT

I attended a lot of sessions at DevTeach in Vancouver last week. It’s one of my favorite conferences because it is relatively small and therefore intimate, yet it attracts some amazing speakers, including some fine speakers from Microsoft.

Unlike some conferences, all speakers deliver their sessions from their own laptops instead of from a desktop machine provided by the conference. Not surprisingly, most speakers are running Vista since it is Microsoft’s latest and greatest client OS.

But it struck me at how many problems speakers were having with Vista. I’m not sure I attended a single session where some problem didn’t arise (but maybe I’ve blanked the good experiences out of my memory). One speaker couldn’t get the projector to work with Vista without technical help from the A/V support staff, then the magnifier was so small as to be worthless, making it hard to see important stuff. Many machines were slowed to a crawl, presumably from the combined performance-sucking power from PowerPoint and Vista’s Aero interface, not to mention Visual Studio or SQL Server Management Studio.

The carnage was impressive. It seems that Vista pushes the limits of laptop technology. Apparently the OS demands not only a new laptop but a top of the line version of the laptop with all the processor and memory you can throw at it.

And me? No problems at all. I had one issue with Diskkeeper kicking in during a session but I shut that off and problem was over. PowerPoint, Visual Studio, and whatever else I had to run, no problem.

I’m running Windows XP. I think I’ll stick with it for a while longer, maybe even after I replace my three-year-old laptop. Sorry, Microsoft!

Another Reason to Attend DevTeach

donkiely — Wed, 28 Nov 2007 20:06:38 GMT

DevTeach is one of the very fun conferences I speak at regularly, based in Canada. It is small, intimate, attracks some great speakers, and has support from Microsoft. There has long been plenty of good reasons to attend, as indicated by its motto, training you just can’t get any other way.

But now there is another reason: Beer! I’m blown away, but during the afternoon break they set out beer. And none of the 3% stuff either, this is 5%.

So it should be an interesting afternoon of sessions. Thank heavens I did my only session today right after lunch and before the alcohol flowed! Beer and SQL Server encryption just don’t mix.

Now, if I only liked beer…. Oh well.

Is SQL Server 2005's Surface Area Configuration Tool Cluster Aware?

donkiely — Mon, 12 Nov 2007 22:22:52 GMT

At SQL Server Magazine Connections at DevConnections in Las Vegas last week, I had the opportunity to geek out on SQL Server security for a full day at the end of the conference. Attendance was great and I hope that everyone left with a solid foundation of understanding of SQL Server security.

One question that came up was about the Surface Area Configuration utility that ships with SQL Server 2005. The question was whether SAC is cluster-aware. At the time I was showing the command-line version of the tool, but it really applies to both that and the GUI tool. Showing my developer bias, I didn’t know the answer but promised that I’d find out.

The answer is that yes, it is cluster aware, at least to the extent that you can configure remote computers with it. In the GUI version of the tool, use the Change Computer link on the opening page:

In the command line version of the tool, use the -S switch to specify the name of the remote computer. If you leave off this switch, SAC connects to the local computer.

If anyone has specific experiences using SAC in a cluster environment, I’d love to hear about them!

By the way, if you’re not familiar with the command line version, it is a handy way to export and import settings, making it relatively painless to configure multiple SQL Server instances the same way. See the sac Utility entry in BOL for more information.

DebuggerTypeProxy Proxy Class is Compiled into Release Build

donkiely — Fri, 16 Nov 2007 21:50:21 GMT

I recently did a session about debugging ASP.NET applications at the Victoria .NET Developers Association in Victorial, B.C. It was a fun meeting, and as an Alaskan from Fairbanks I always feel a special bond with my Canadian peers down south!

I also had the opportunity to meet Ken Cox, who I’ve long known through Visual Studio Magazine but had never met. He and I have written the majority of the First Looks reviews in the magazine for years. I’ve always thought that he got the coolest products to review, and now I know that he has thought the same thing about me!

Ken asked an interesting question during the session, one that I had never explored. I was showing the DebuggerTypeProxyAttribute attribute, which lets you substitute an entirely different class for display in Visual Studio 2005’s Locals window (as well as other debugging windows where object variables are displayed). It’s a cool way to simplify the display of complex objects for debugging, although it can easily be abused to make debugging harder.

He asked whether the proxy class—used as the substitute display object—is compiled into the release build of the assembly. I didn’t know, but promised to find out.

Turns out that the proxy class is indeed included in the release build. Which, now that I know the answer, makes sense. There really isn’t anything special about the proxy class, and it is conceivable that it could be used for other purposes in the application. In the example I showed, the proxy class was internal to the class it was substituting for in the debug windows, but that isn’t a requirement; it is usually more convenient though.

For the compiler to exclude the class from the assembly, it would have to look at the DebuggerTypeProxy attribute and remove the code before compiling. But that raises all sorts of dependency issues that I’d rather not rely on the compiler to handle. Instead, a developer could use conditional compilation directives to remove the code, if it wasn’t needed in the release build.

A tip of the anorak to Ken for a great question!

World's Simplest Recursive CTE?

donkiely — Mon, 05 Nov 2007 13:17:28 GMT

At SQL PASS this year, I did a session about Common Table Expressions in SQL Server 2005. I had endeavored to come up with an extremely simple recursive CTE, but wasn’t creative enough at the time.

But I revisited the problem in preparation for an updated CTE session at DevConnections this week, and came up with this:

WITH SimpleCTE(Number) AS
(
     SELECT 1
     UNION ALL
     SELECT * FROM SimpleCTE WHERE 0=1
)
SELECT * FROM SimpleCTE

No guarantees that I couldn’t get it even simpler, but this is probably what I’ll show this week. There may be another option for the SELECT * part of the CTE, but I’m not seeing it right now.

BUT! Obviously, this is the result of a thought experiment, and is not practical for anything else I can think of. Don’t take this as any kind of recommended practice!’

SQL Injection and Motherhood

donkiely — Thu, 11 Oct 2007 17:11:00 GMT

Okay, this is just too funny!

From XKCD, a webcomic of romance, sarcasm, math, and language.

Fall Comes to Fairbanks

donkiely — Sun, 16 Sep 2007 23:17:11 GMT

Fall hasn’t just come to Fairbanks, Fall is almost over. Tonight we should get the first frost here in the hills outside town. It’s been a wet, rainy day, so the dog yard is pretty muddy. Snow level is supposed to be about 2,000 feet, still well above us.

Carol and I spent a lot of time this summer building two free-run pens on either side of our main dog yard. We’re gradually building up the number of dogs in each, with the goal that ultimately everyone will be loose, at least when we’re home. (Since I work at home, it is relatively few hours each week that we’re both gone.) I took the picture above from the newest pen, and the photo looks from it through the dog yard and beyond into the other free-run pen. You can just see Crowe’s head at the bottom, with Irish looking toward me. Misty is the white dog looking from the dog yard, along with several other indoor dogs.

Share with Family and Friends: SecurityCartoon.com

donkiely — Sun, 16 Sep 2007 15:52:12 GMT

There’s a cool new cartoon series that deals with security for end users, SecurityCartoon.com. It’s sometimes silly, but it gives good explanations of email, phishing, and general malware for non-tenchical people. It comes from Drs. Sukamol Srikwan & Markus Jakobsson of the computer science department of Indiana University. Based on their bios, they have some pretty solid security credentials.

Check it out, then share with family and friends!

HTML 5 Working Group

donkiely — Wed, 13 Jun 2007 23:43:23 GMT

Wow. I just joined the World Wide Web Consortium’s HTML 5 Working Group as an “Invited Expert.” I had no idea that mere mortals could partake, particularly without being a member of a W3C member organization.

Should be interesting, but I have no idea what I’m in for. All I know so far is that all of a sudden far more emails are making their way through my inbox.

You can see the current state of the spec here. Definitely a work in progress, one that won’t be finished for a couple of years.

Geeking Out on SQL Server 2005 Security at DevConnections

donkiely — Mon, 11 Jun 2007 21:40:53 GMT

I just found out that I’ll be doing a full day, post-conference session on SQL Server 2005 security at SQL Server Magazine Connections at DevConnections in Las Vegas this November.

I’m excited beyond words! I’ve wanted to do this for a long time, and we’re going to geek out on keeping data safe from villans.

Here’s the draft description:

There are few corporate assets as valuable in the information age as data. Enterprises spend billions to collect and generate it, slice and dice it in every conceivable way to mine marketplace intelligence from it, and replicate and back it up using elaborate, redundant schemes. Yet it is all too common to slack on security. Sure, SQL Server 2005 is designed to be "secure by default," but once you add databases and start letting users and their applications access the server you have already poked holes in the security. SQL Server comes with plenty of features that let you secure data, but it can be hard to get a handle on the right ones to use in your environment. During this day of security, we'll explore myriad security features in SQL Server 2005, including granular permissions and how to design an effective authorization system, owners and schemas, and how they can help secure a database, the security issues and dangers with running SQL-CLR code, how to run T-SQL code in different security contexts, the comprehensive encryption features that can protect data, creating and enforcing password policies, how SQL Server protects catalog views and secures metadata, protecting against SQL injection attacks on the server, and more. You'll see lots of code and get lots of practical ideas for how to secure your database. Prerequisites: You'll need to have a good understanding of the basic database features and functions of SQL Server for this workshop, and it helps to have butt heads with SQL Server a time or two trying to get something to work without completely disabling security.

I’ll post more later as I develop the outline and contents.

OWASP Top Ten, 2007 Edition

donkiely — Mon, 11 Jun 2007 16:55:51 GMT

OWASP, the Open Web Application Security Project, has finally released its updated list of Top 10 critical Web application security flaws. If you do Web development, I rather stronly suggest that you be familiar with all the vulnerabilities on the list and how to avoid them. If you take care of all 10, you’ll have a reasonably secure site. It won’t be totally secure because new attacks appear every week, and security takes vigilence.

Practice safe computing!