A New Word: Povism

Posted on August 16, 2024 by way0utwest

povism – n. the frustration of being stuck inside your own head, unable to see your face or read your body language in context, only ever guessing how you might be coming across – which makes you think of yourself as a detached observer squinting out at a lushly painted landscape, though to everyone else you seem woven into the canvas.

That’s quite a definition. I know that many people aren’t aware of their body language or their expression. I know that watching myself in recordings has taught me to be aware of what I look like. However, before I did that, I didn’t realize how I reacted at times.

I see this often while coaching, and it can be hard to get players to realize their body language and expressions impact other players. Or the coaches.

I think I have some povism, and often would wish there were a monitor or mirror that helped me see what I look like. Easier to do on stage, but hard to do in life. Mostly, I can only reduce povism by asking my wife or kids to tell me when I am not projecting what I want.

From the Dictionary of Obscure Sorrows

Posted in Blog | Tagged , | Comments Off on A New Word: Povism

Speaking at SQL Saturday Denver 2024

Posted on August 14, 2024 by way0utwest

It’s just a couple of days away from SQL Saturday Denver 2024. This Saturday, come join me at the Lowry Convention Center in Aurora for some great talks. We are lucky in the Denver area that we have quite a few great speakers and talented data professionals, so check out the schedule.

Then register and come.

Come learn about SQL Server, about PostgreSQL, Snowflake, Powershell, and more. I’m looking forward to sitting in a few sessions, and I have a few of my own. I’ll be delivering these talks:

  • Best Practices for Seamless Database Deployments
  • Architecting Zero Downtime Deployments

I hope to see you there.

Posted in Blog | Tagged , , | Comments Off on Speaking at SQL Saturday Denver 2024

Expanding Northwind with Prompt+

Posted on August 14, 2024 by way0utwest

I was trying to do a little testing of our subsetter and needed a larger database. So I decided to ask Prompt + to help me with a little AI assist. This post looks at what happened.

This is part of a series of experiments with AI systems.

Getting More Data

I had a Northwind_FullRestore from my experiments with Alex Yate’s quick PoC tool. I selected that database and asked for a little code. I asked the AI to give me 1000 more rows of data in the Customers table. I got this code.

-- This script inserts 1000 rows data entry into the dbo.Customers table
WITH numbers
AS ( SELECT TOP (1000)
             ROW_NUMBER () OVER (ORDER BY
                                   (SELECT NULL)) AS num
      FROM sys.all_objects)
--INSERT INTO dbo.Customers
--  (CustomerID, CompanyName, ContactName, ContactTitle, Address, City, Region, PostalCode, Country, Phone, Fax)
SELECT
   'CUST' + RIGHT('0000' + CAST (num AS nchar(4)), 5)
, 'Customer' + CAST (num AS nvarchar)
, 'Contact' + CAST (num AS nvarchar)
, 'Title' + CAST (num AS nvarchar)
, 'Address' + CAST (num AS nvarchar)
, 'City' + CAST (num AS nvarchar)
, 'Region' + CAST (num AS nvarchar)
, 'PostalCode' + CAST (num AS nvarchar)
, 'Country' + CAST (num AS nvarchar)
, 'Phone' + CAST (num AS nvarchar)
, 'Fax' + CAST (num AS nvarchar)
FROM numbers;

Then I decided to go big. I changed my prompt, as you see below, and got more data. My new prompt: expand this to add 10GB of data to this table

I got this code:

-- This script adds approximately 10GB of data to the dbo.Customers table
-- Firstly, we need to calculate the approximate size of each row. 
-- For simplicity, we'll assume each row is ~1KB in size after considering nvarchar data expansion.
-- Therefore, to add 10GB of data, we need approximately 10,000,000 rows.
WITH numbers
AS ( SELECT TOP (10000) -- This will generate 10,000 rows in the CTE
             ROW_NUMBER () OVER (ORDER BY
                                   (SELECT NULL)) AS num
      FROM
        sys.all_objects a
      , sys.all_objects b)
INSERT INTO dbo.Customers
   (CustomerID, CompanyName, ContactName, ContactTitle, Address, City, Region, PostalCode, Country, Phone, Fax)
SELECT
   'CUST' + RIGHT('00000000' + CAST (numbers.num + seqnum AS nvarchar), 8) -- 8 character CustomerID to accommodate large number of rows
, 'Customer' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Contact' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Title' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Address' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'City' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Region' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'PostalCode' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Country' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Phone' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
, 'Fax' + CAST (numbers.num AS nvarchar) + CAST (seqnum AS nvarchar)
FROM
   numbers
   CROSS JOIN
     ( SELECT TOP (1000)
              ROW_NUMBER () OVER (ORDER BY
                                    (SELECT NULL)) AS seqnum
       FROM sys.all_objects) seq;

The Results

The results were a bit underwhelming. I ran it and got this:

8-2-2024-0005

The problem here is that the CustomerID is a 5 character field. The comment in the code notes that this is now an 8 character field, but that’s not great as I might not want to change the size of the field.

I then asked this: change this script to ensure the customerID is less than 5 characters and alphanumeric

I got the same script, but the first line of the select was:

'CUST' + RIGHT('00000000' + CAST (numbers.num + seqnum AS nvarchar), 8) 
-- 8 character CustomerID to accommodate large number of rows

Now when I run it, I get a problem with postal code, which now has the truncation error.

My Thoughts

It’s easy to say this was a failed experiment. I didn’t get working code. But I got a bunch of code that was close to what I need, in a fraction of the time that it would take me to write this, even with SQL Prompt. Then add in the fact that I can edit this code to what I need, which works, and saves me times.

I think this has potential for shortcutting some work and getting me closer to what I need quickly, even if it’s not perfect. If I’d have asked a junior dev to help me with this, I might still have to edit their code. Just as I do with my AI assistant.

Posted in Blog | Tagged , , , , | Comments Off on Expanding Northwind with Prompt+

Prevent SQL Injection

Posted on August 14, 2024 by way0utwest

I would hope most of you reading this know what SQL Injection (SQi) is and how you can prevent it. Or at least what patterns cause problems. If not, here’s a short explanation that is worth reading. If you have more questions, ask in our forums.

SQL Injection has been, and continues to be, a problem in many systems. In fact, I chatted with Mike Walsh recently after he’d published this post on an attack for one of his clients. He has some notes that explain how your database server might be vulnerable, as well as a description of a recent attack example. He also notes that many of you are responsible for protecting data, which is separate from other security mechanisms. You need to be sure you are protecting your data, even in vendor applications.

I’ve seen similar issues in the past, both in homegrown and purchased applications, where text fields aren’t checked and SQL is built by concatenating user input with code. I’ve complained to vendors, though often a short repro helps them see the problem and I’ve found many companies will patch systems, albeit sometimes slowly.

There are application firewalls that can help, and certainly limiting access to those users who need access is always good, but that’s not helpful when the application is something that many clients use.

The best protection is education. If you don’t know what to do, or your developers don’t listen to you, perhaps engaging a consultant like Mike will help. I’m amazed at how often people listen to an outsider when they ignore the same advice from someone they work with. That might be especially true for managers who are more concerned with doing more new work rather than fixing something that’s not quite working well.

Security is becoming a bigger issue in many organizations. Not because we might get fined, but often because our customers might decide to choose another service if we can’t protect their data. There are other choices these days for most of the services we provide, and many organizations are finding customers increasingly fickle and quick to leave. This might not be the case in business-to-business work, but it does happen.

We often won’t be perfect in our security and even if we are, our systems will change and new vulnerabilities or attack vectors will appear. We can work on the problems we know and improve security over time. SQL Injection is fairly simple to prevent, but it takes some education, some practice, and some code review.

All things good database professionals should be doing.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged , | 2 Comments