|
| Editorial |
Software Flexibility (Avoiding the next hack) As computer scientists, it often feels like our job is to tell the business user, "No, we can't do that because the software you asked for, and we built, doesn't allow it ..." Then, after a long and relatively silly meeting where your soul dies a little, the business user typically gets 80% of what they wanted (and are no more than 8% satisfied), and horrible hack number 20456 gets implemented. Some hacks are innocuous-looking enough. A seldom-used salary column stores a supplemental email address. That column was mostly empty, and our super urgent need is more important than why this column was added, right? (Clearly, they were storing a number in a text column, so perhaps they got what they deserved?) These "misappropriation of column" hacks are unlikely to bother much code, but untangling the mess can be a substantial undertaking when they do. Other hacks are far more heinous. Say you have a system where users order products. A longstanding business rule is that if an order is paid with a credit card, a coupon for 20% off is sent. The solution was hardcoded into the application code; everything worked, met requirements, and passed all the tests... so the programmers moved on. This seems like an acceptable solution to a new person who does not know how business works. But a few time units later (days, weeks, probably not months later), the business user comes in and says, "Starting tomorrow, all orders get the same coupon." After profanely shouting something, including the word "tomorrow," in your head, It is time to make it happen. So you start hunting around.
Of course, in my (aggregated from other true stories) story, we know that the method created to send coupons was hard-coded to be triggered in one (and only one) way. Given the time constraints of "tomorrow," are likely too fast for the average company... horrible hack number 20457 is probably coming up next. This hack (as stated, based in truth) was put into place where customers not paying with a credit card would have a non-processed credit card charge added by the person taking the order. This fake charge caused a coupon to be created, and orders and payments were still processed. In a few days, those payments were simply deleted. Hack completed, and quite successfully, too... in terms of a coupon being sent. Unfortunately, now it looks like all orders are paid (at least somewhat) by credit card. Slowly, customers noticed reports all say 100% of orders were paid for electronically. The Data Warehouse/ETL team has to spend days and weeks working on hack #20458 because, as it turns out, reporting data didn't wait for the fake payments to be deleted before loading data to the Data Warehouse. And so on. How do we avoid hacks such as these? If you thought to yourself, "Everyone should just say no to the request and take the time to build the new iteration correctly," you win the optimist of the week prize. Sometimes you have to do the request immediately. My previous boss occasionally transmitted an offer to the members, and we had a few hours to implement it. Only sometimes is this something that you can prepare for. The real answer is that we cannot completely stop it. Software can never be created so perfectly that we can cover everything someone comes up with within 10 minutes, no matter how good we are. But when creating software, we certainly can see places where flexibility will likely be needed. Understand your customer, and realize that the customer's needs are very likely to grow faster than you can adapt rigidly written software. Even if you have to hard code everything, just modularizing code to individual activities that make sense is always good. For example, if the coupon ordering process was its own piece of code or its own microservice, the solution to this problem may have been easier. Achieving the right amount of flexibility is a work of art. Too much, and you are wasting time. Too little, and you are potentially wasting a lot more time. Knowing where that balance is a very tough challenge that generally comes with a lot of experience. Louis Davidson (@drsql) |
|
| The Weekly News |
| All the headlines and interesting SQL Server information that we've collected over the past week, and sometimes even a few repeats if we think they fit. |
| Vendors/3rd Party Products |
To get the most out of your PostgreSQL database, find out the six performance metrics that ought to be central to your PostgreSQL monitoring strategy. |
This article demonstrates two techniques for allowing Flyway to read extra configuration information from a secure location, possibly encrypted. The first technique pipes the contents of the config file to flyway via STDIN, and the second uses PowerShell splatting. This makes it much simpler to use Flyway to manage multiple development copies of a database using role-base security. |
| AI/Machine Learning/Cognitive Services |
A feature store is a centralized platform for managing and serving the features used in machine learning (ML) models. A feature is an individual measurable property or characteristic of... |
Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software. |
The remote possibility of rogue, killer AI has overshadowed more pressing issues — like transparency. |
| Administration of SQL Server |
In this article, we look at two different methods ... |
Learn about various metadata you can query from SQL Server with these example scripts and explanations. |
Have you ever had an issue with SQL Server Database Mail settings being unexpectedly changed? If so, you have a few options when it comes to making corrections. A... |
| Azure CosmosDB |
A computed property is a virtual property that is not physically stored in a document. You can use data from other properties of a document to calculate... |
| Azure SQL |
This article explains the process to change the pr... |
|
| Cloud - Azure |
You can now take advantage of unused Azure computing with Azure Container Instances (ACI) |
| Conferences, Classes, Events, and Webinars |
Is your team looking to modernize and migrate your data but have questions about the complex organizational challenges? This webinar panel on June 29th covers all aspects of data modernization and migration that senior IT leaders should be aware of, including organization culture, communication, and politics. Why not send it to your boss? |
Your first speakers in the lineup for PASS Data Community Summit 2023 have been announced! Check out the full details for this year's Pre-Cons and Learning Pathways, and find out why some of our speakers are particularly excited for what’s in store this year. |
| HA/DR/Always On/Clustering |
Bad things can happen to any organization at any t... |
| JSON |
Learn how to use the new JSON_PATH_EXISTS function... |
| Microsoft Fabric ( Azure Synapse Analytics, OneLake, ADLS, Data Science) |
Microsoft Fabric is out there for a few weeks now.... |
Three types of objects in the Microsoft Fabric hav... |
From June 1, 2023, Microsoft Fabric (preview) capa... |
Microsoft Fabric is an end-to-end data analytics Saas solution product of Microsoft. It brings many workloads in the analytics area, including Data Integration, Warehousing, Engineering, Business Intelligence, Data Science,... |
The key to Microsoft Fabric is definitely OneLake! OneLake enables the reuse of data within Fabric to help drive all of the engines. One copy of the data! Josh... |
| Oracle/PostgreSQL/MySQL/other RDBMS |
In the first two articles of this series about PostgreSQL privileges, we reviewed how to create roles, grant them privileges to database objects, and how object ownership is an important aspect in managing access and control within the database. But how do you go about creating a set of roles and default privileges that will provide the right level of control and access? Let’s dig a little deeper. |
| PowerPivot/PowerQuery/PowerBI |
Let’s set the scene. You’ve built a wonderful,... |
In a recent article I talked about deploying Power BI reports through any number of environments (not just three, and automatically!). In this new post I look at how... |
At Power BI Tips, we’re committed to providing you with the best tools and resources to enhance your report building experience. That’s why we’re thrilled to announce a range... |
| Professional Development |
It’s been a while since I’ve blogged. It’s j... |
| Security News and Issues |
The bug is very dangerous and impacts a big swath ... |
| T-SQL and Query Languages |
When I first saw a bullet item stating SQL Server 2022 would support instant file initialization for log file growth, I was excited. When I later learned it only applies to automatic growths, and only those of 64 MB or less, I was a little less excited. But after playing with it, I’m a believer. |
A Little About The OUTPUT Clause In SQL Server Going Further If this is the kind of SQL Server stuff you love learning about, you’ll love my training. I’m... |
In this article, we will delve into the use cases for SQL Server heaps, scenarios where caution should be exercised, and effective management techniques. First appeared on SQL SERVER Heaps:... |
This is the second part of a series on SQL Server Dynamic Data masking. The first part in the series was a brief introduction to dynamic data masking, including... |
| Tech News |
Microsoft plans to redirect all users with unsuppo... |
| Testing Software |
Software development is a very tough discipline. R... |
|
webmaster@sqlservercentral.com