It Depends

Hello Secure World - MS Site Worth Looking At

Saw this in the MSDN flash yesterday, MS has a new Silverlight site up (newest toy and all!) that focuses on security, but the part that intriged me is if you click on the virtual labs, there are some great exercises that walk you through actually hacking sites using various techniques including our favorite - sql injection! Pass this link on to your developers, even in 2008 there are still people who don't know about sql injection.

The Long Tail

Another book I read recently, The Long Tail by Chris Anderson of Wired Magazine goes into detail talking about some of the changes in retail brought on my the internet with the main premise (in my words) being that companies like Amazon, Netflix, and Itunes sell fewer copies of a far larger number of items than brick and mortar stores do. Not earth shaking perhaps at first, it makes sense that all of those (and more) can afford to stock a far larger variety of inventory than a retail location. It's a move away from selling the top 10 killer items of the week to selling 10,000 items that will all be useful to someone somewhere.

An example closer to home, I believe SQLServerCentral.com also has a long tail. With perhaps 2000 articles and far more forum posts, it presents a huge surface area to Google (and us) that is wide and one link deep for the most part. It may have changed since the Red Gate acquisition, but prior to that it was amazing to see that of a million page views/month they were scattered almost equally across every piece of content on the site. The nature of the web - and the long tail - make it feasible to publish many of the niche articles present here on SSC. A lot fewer of them would make it into a print magazine or a book because they just would not appeal to a large enough segment.

So if you're thinking of an internet business, look for one that can provide greater variety and depth than a retail store and you might have something. Not sure it works for burgers, dry cleaning, and lawn care, but plenty of other ideas out there!

IT Transparency Posted on SSC

As I mentioned yesterday the article I wrote on IT Transparency is finally live today and now the wait to see what the response is! I hope you'll drop me a comment after you read it, either here on the blog or in the SSC forum attached to the article.

Agenda Posted for South Florida Code Camp

I'll be there doing a presentation on Transactional Replication, and my friend Chris Rock will be doing on on LINQ to SQL. This will be my first time attending this event, so I'm looking forward to seeing some new speakers (not that I don't appreciate those that speak in Orlando/Jacksonville/Tampa!). See the full schedule at  http://codecamp08.fladotnet.com/Agenda.aspx.

IT Transparency, the intro!

Tomorrow SSC is scheduled to publish an article I wrote on IT Transparency which gives a first person account of one strategy I used to try to make it a little easier for the business to see where IT time/money was going. Debated over whether to publish it, not necessarily the best fit on a SQL Server centric site and it's an unusual strategy with a bit of a story to it. We shall see.

Since I wrote it some months ago I've had the chance to reflect further and as a business owner, I think there are two things that IT needs to show me that would really help me understand their efforts. One would be about the current backlog. All IT teams have backlogs, sometimes consisting of thousands of hours of items requested by customers, operations, even IT itself. Seeing that number published each week along with how many hours were applied to it in the past week would help any business see that progress was being made, or not. It's very common for priorities to get misshaped and misunderstood, so if I saw the backlog stay static that would indicate either that we needed more staff (not the favorite answer!) or that we need to focus harder on where IT spends it's time. Note that doesn't mean IT is doing something wrong, rather that they are being pushed and pulled towards immediate needs rather than tackling tasks that really would drive the business forward. The other thing a business needs to see is the tempo. Are IT people working 40 hrs a week or 60? The worst case would a backlog that is growing while we see IT averaging 50+ hours a week. That would indicate a slow steady slippage that could eventually spell doom; more hours, less effectiveness, the death spiral.

Remember, IT is a service, and an expensive one.

Let me offer a rough analogy. For those of you who use a lawn service or get their car washed, it's easy to monitor. It's a fixed cost and you can tell at a glance if the work they were supposed to do got done or not. To a large degree you can even see if they are doing it efficiently even though it's a cost based rather than time based transaction. Contrast that with bringing in a plumber to fix a problem, or hiring an attorney. Now you're looking at a time based transaction that has no real upper limit for cost and what's worse, you can't really understand a lot of what they are doing or why it takes so long! Which does IT resemble more? Can you blame an business for obsessing a little over IT costs and wanting to have some insight into how and why their money is spent?

I'll post again in the future about why IT tends to be opaque rather than transparent!

Visiting the Charlotte SQL User Group on Feb 27th

I'll be visiting the Charlotte SQL Group on Feb 27th and I'll be doing one of my favorite presentations, Transactional Replication for Beginners (and probably talking a little about career development as well). I'm looking forward to the trip, always fun to see how other user groups work and to meet some new people. I'll also be stopping by the offices of my favorite SQL tool vendor, SQLSentry, hoping to get a look at whatever new ideas they might have in development and to just spend some time with a great team.

See you there!

Interesting Article about Measuring Performance in Software Test Mag

The Jan 2008 issue of Software Test & Performance Magazine  (available as free PDF download, you can also download back issues through 2004) has an article called 'Gauging Performance in the Absence of Metrics' that I found interesting. From a SQL perspective it's a good read because it talks about how you decide what is fast enough and it takes into account there are a lot of pieces vying for time; UI, network, database. It also talks about setting goals for concurrency and how it's possible to acheive the goal but still not hit the mark because of the way the goal is described.

To some degree it's all in how you write the requirements (tests)! It's not often we (DBA's) get a real definition of how fast anything needs to be, in practice we just try to make everything fun fast! Not the worst strategy, but all tuning is about trade offs and having some real values to hit would help us assess the trade offs in formal fashion. If nothing else this is an interesting view into the world of the tester and I suspect we all agree that we could stand to improve our testing.

System Sessions/Spids Rather than Spid < 50

Saw System Sessions posted on the PSS blog and it shows an example of information being written to the error log as 'spid5s', where the trailing 's' indicates a system session (spid). You can also filter them out of the processes by doing this:

select * from sysprocesses where spid < 50" you should use "select * from sys.dm_exec_sessions where is_user_process = 0"

Not a huge change, but using spid < 50 always seemed like a hack. We'll never have more than 50 system spids!

Free Subscriptions to Visual Studio Magazine

First time I've noticed this being offered, saw it posted on the Orlando .Net Users Group (ONETUG) site. Sign up is easy enough, just one page to register and they also offer a digital edition for those who prefer paperless. Register for your subscription, they've had some good LINQ content and the occasional SQL article.

Learning to Blog via Books

I was chatting with a friend recently and in the course of 'what are you up to lately' I mentioned I had been doing some reading about how to blog, which resulted in the raised eyebrow and 'how hard can be blogging be' look. You just set up a blog and write, right? Absolutely it's that simple and you don't have to make it any more complicated if you don't want to.

I've been blogging since May and from the start my first goal was to make sure I could post something on a recurring basis, and to try to stick to a technical theme. So far I've managed that (I'll let you decide how well) and so it's time to move forward a step or two - call it my professional development plan for my blogging career. I'm not sure yet what that second phase should look like. So, I go back to one of my long held beliefs; when you start something new; podcasting, blog, stamp collecting, kite flying, etc, subscribe to the magazines and read a couple books before you jump in too hard. It's helped me more than once in unexpected ways, all it takes is effort and some money!

So I'm reading. I've read Secrets of Successful Blogging, What No One Ever Tells You About Blogging and Podcasting: Real-Life Advice from 101 People Who Successfully Leverage the Power of the Blogosphere, and Blogging Heroes: Interviews with 30 of the World's Top Bloggers. I've no intention of turning this blog into a commercial venture, but still there are some tricks worth learning to make it more effective and I might decide to launch a different blog that would have the goal of making money. It's hard to quantify what I've learned, but I know a lot more about blogging than I did before, and somewhere along the line that will help me do a better job of it.

I'll have a follow up posted in the next week or two with some more specific tips I learned and maybe I'll have fleshed out a larger blog strategy by then as well.

Connecting to a Reporting Services Model

There's always been some confusion about models in Reporting Services, many people ignore them thinking that they are only for use by Report Builder. Models can also be used by BI Design Studio and should be used for all the same reasons that make it useful in RB - it hides the joins from the person creating the report, you can 'pretty up' a model to have field names that are easier to understand on a report, and models even include a lot of cube like attributes that make reporting easier. Unfortuneately BIDS doesn't provide much help in connecting to the model, it just gives you a textbox and waits for you to type the connection string rather than offering the option of a builder. You can find details on how to do it at How to Create a Report Model Datasource.

For those that have never built a model it's essentially a super view. You add all the tables to the model that you need for reporting and then draw the relationships. It will add the foreign key relationships automatically, but you can override those or add in those that might have been omitted from the physical model. Once you save the view building the model is just a 10 step wizard away from being done. Give it a try sometime.

Free Ebook Chapter(Book) - Introducing SQL Server 2008

Saw it mentioned in the recent MSPress newsletter, Peter DeBetta is writing Introducing SQL Server 2008 and right now Chapter 1 on the Declaritive Management Framework (essentially Group Policy for SQL Server) is a free download. If you sign up you'll get the entire e-book when it's completed. Can't beat free!

MS Making .Net Framework Source Code Available

Scott Guthrie posted the announcement on his blog today. It's a 'read only' license with a few other limitations, but in general this is a great thing for .Net developers. Sometimes you're just curious, sometimes it's really important to see what goes on at the deepest levels. It really makes me wish - again - that MS would release the source code for SQL Server, or at least the optimizer, the one black box that so many of us spend time trying to understand based on what we see happening, rather than truly seeing why it made a decision.

Partitioning Part 4 Posted on SSC

Partitioning Part 4 concludes the series with a look at 'real' partitioning in SQL 2005 Enterprise Edition. Overall the series worked out reasonably well, accomplished my goal of introducing the technology and options without getting into dense technical detail. There is definitely more to explore in partioning than I've covered!

Sun Acquires MySQL

Just posted on Jonathan Schartz's blog. They've definitely been playing more in the open source arena, now they've got a reasonably good database product.