We Should Demand Better

I ran across an interesting open letter. Most of these are from individuals, often complaining or lamenting on the way something in the world works, or maybe doesn’t work.

This latest letter was from the Chief InfoSec Officer at JPMorganChase, a large worldwide bank. This open letter was written to the software suppliers looking to do business with JPMorganChase, especially those in the SaaS area (Software as a Service). The letter opens by noting that SaaS is enabling cyber attackers and asks for three things: prioritize security over features, modernize security architecture, and work with security collaboratively to prevent abuse of connected systems.

It’s a good letter. It talks about the problems at a high level, but is specific enough to recognize problems. Software is often delivered as a SaaS type application, even when there might be local components. For example, I lament Postman working this way, as it now seems to now require me to be connected in order to work. That’s something I learned while trying to get work done on an airplane, and I couldn’t get to any of my queries as I didn’t have wi-fi, despite the application running locally on my laptop.

The threat of more attackers is amplified by the connectedness of new systems, new agents, and new protocols that allow a breach to escalate deeply inside systems. This is something we’ve faced in the past, but not at the scale that we face it today. Automation has become embedded in the computing world, not just inside organizations, but also inside hacking organizations. Malicious actors can and do use scripted attacks at a rate that we haven’t experienced in the past.

I wish that most people purchasing software would prioritize security when making a decision, but often price and expediency outweigh anything else. While I do see many companies asking for security information, too often the requests are at high levels, and vendors can word their answers in a way to satisfy the screen without actually improving their own security coding and architecture.

I do think the authorization and authentication of users is improving, so I have hope that more patterns and frameworks are published and widely used, and we’ll see more consistent security throughout software. Now, if we can just ensure the authors of those platforms do a good job of security, we might see the request from JPMorganChase come true.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 2 Comments

Prompt AI helping with Auditing

I had a conversation with a customer asking this question: how can I tell who called a stored procedure so I can audit the action?

I decided to see if Prompt could help me here.

This is part of a series of experiments with AI systems. This is also part of a series of posts on SQL Prompt. You can see all my posts on SQL Prompt under that tag.

The Setup

I had this code, which is a simple stored procedure. I sketched this out, but I’m looking for a function to add to my code that helps me audit the caller.

2025-09_0128

I opened the Prompt AI (ALT+Z) and asked the question you see in the image. I also asked to assign it to the variable, but didn’t exactly specify everything.

2025-09_0129

In the image below, you can see the code that changed. Prompt AI added the System_User function, which is exactly what I wanted.

2025-09_0130

I accepted this and then asked to change this to the user instead of the login.

2025-09_0131

Again, the function I wanted was added: CURRENT_USER.

2025-09_0132

I know what I needed, or I had an idea. However, if I wasn’t sure what function to use or if there was one, this is handy. I’m working inline, rather than going to a browser and hitting Books Online or Googling for the answer. I can keep coding or looking at my code as the AI runs.

If I ask for an explanation, I get one, which helps me judge if this is actually the code I want.

2025-09_0133

If you have SQL Prompt, get Prompt AI a try by opening it with ALT+Z.

If you haven’t tried SQL Prompt, download the eval and give it a try. I think you’ll find this is one of the best tools to increase your productivity writing SQL.

Video Walkthrough

I show this live in the video below.

Posted in Blog | Tagged , , , | Comments Off on Prompt AI helping with Auditing

The Improvement Limit

I caught a short post from Gary Bargsley on LinkedIn that had this quote: “Many people do not believe this is true. If there isn’t a fire to put out, then you are not doing a good job.” He included a repost from Shaik Ashraf with that quote and an image that explains better what things a DBA is doing because they aren’t always busy.

I would say that by busy we think of a DBA as rushed and always trying to fix something that isn’t working well. I’ve certainly walked into operational positions where this was the case. Things weren’t working smoothly or breaking regularly. My phone was always ringing, as I moved from crisis to crisis. For some systems, rebooting them regularly was the fix, not because I didn’t want to determine a root cause and fix them, but because I had too many other priorities. A reboot at least recompiled plans, cleared caches, and got the system working for a few days.

In those environments, it often took me about 6 months to make changes, implement some standards, find root causes and fix them, and change the way others worked. My approach was to find a problem, consider a solution, and present it to others in a rational way with evidence. I could almost always get approval to start making changes. Or I could convince a manager/director to get others to make changes to stabilize the environment.

Almost always.

Not always. And I’ve had a few jobs where things were broken, but everyone else wanted to keep their existing process and keep adding new features/apps/database/etc. and let the DBAs deal with the instability. After all, if I’m working for a salary, does my boss care how much I work? If he/she doesn’t, then I have learned I need to find a new job.

After 6 or so months, I often find that I’ve reached an improvement limit of some sort. There isn’t a lot I can continue to change and fix, usually because of dependencies and a lack of desire by someone else to change. New work can often be built better, but I’ve often found that I have to live with anything else I haven’t been able to change. Even something as simple as adjusting a query can be a problem when the app developers don’t have an incentive to help.

Have you reached an improvement limit in your job? Or maybe you have reached a limit to what you are willing to improve, given the environment in which you work.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 2 Comments

Adding a Local Model to Ollama through the GUI

I saw some good reviews of the small gemma3 model in a few places and wanted to try it locally. This

If you want to get started, read my post on setting up a Local LLM. This post gives an alternative to connecting to the container from the CLI and running a command.

This is part of a series of experiments with AI systems.

Adding a Model

Using the Ollama-WebUI server, it’s easy to add models. I wrote about setting up the UI and I’m running that as my interface to the local model. I created a new container for this post, so when I see the interface, there are no models to choose from. You can see this below.

2025-09_0090

I need a model because if I try to ask a question, I get an error that the model is not selected. You can see the error at the top in this image and the query at the bottom.

2025-09_0091

If I click the gear icon by the model drop down, I get a list of settings. One of these is “Models”, which is third on the left.

2025-09_0092

I click Models and get this list. As you can see I have no models. Notice I need a model name to enter. However, where the cursor is below, there is a “click here” for a list of models.

2025-09_0094

This opens the Ollama site at https://ollama.com/library

2025-09_0095

If I scroll down, I see the gemma3 model. If I click this I see a few different ones. I am not a big fan of latest, but this is a test. I decided to just grab it since I’m not programming things.

2025-09_0097

If I enter this in my WebUI and click download, it starts downloading.

2025-09_0098

Progress is shown, and it’s not quick. I went on to other work and this is the view about 15 minutes later.

2025-09_0100

Once this is complete, I close settings and see my model in the list. Since this is the only model for this container, I’ll click “set as default”.

2025-09_0102

Now I can get my fun fact:

2025-09_0103

Now I have a safe, secure, local model to use. If you want to see this run in real-time, check out this video:

Posted in Blog | Tagged , , | Comments Off on Adding a Local Model to Ollama through the GUI