Last week I decided to restrict the access to one of the drives on my main pc, an 80GB drive with quite a bit of files in it, I took so many hours that I had to go to sleep before it was done
it reminded me that we should always assign permissions as early as possible, in the case of disk drives the bigger and more files you have on them, the longer it will take to complete the operation because it has to adjust permissions to every single file on the drive
the same concept applies when developing, but the problem in this case is that YOU (not an automated tool) will have to adjust the security, this may require a change on the architecture, which then introduces bugs, whichs costs time and resources... it can get quite ugly
assign permissions early wherever it applies, it will save you a lot of resources on the future
Saturday, April 29, 2006
Monday, April 24, 2006
manage your SQL connections in one place
where I work at I use about 10 different SQL servers, is hard to keep up with the server names, catalogs, user names and passwords required for each one
wouldn't be nice if I had a central place to access all of them without having to remember all the names/catalogs/user names/passwords, but most importantly, without having to type the same stuff over and over to open my connections in Query Analizer?
even if you use SSPI to access your servers, you'd still have to type the server name and select the database you want to access
that's why I wrote this little utility program, you enter your SQL servers along with the user names, passwords and databases that you want to access and it sits quietly on your tray, where you can access them quickly
you can configure it to open the connections on an existing Query Analizer window, or to open a new one each time you open a connection
when configuring a new connection you can configure which file you want to load, e.g. if you regularly run some queries against certain database, this option would help you
now, if you're worried about security, I added a password to keep all this information encrypted using industry standards
this is a freeware application, it gets the job done for me, suggestions are welcome but I don't guarantee anything
wouldn't be nice if I had a central place to access all of them without having to remember all the names/catalogs/user names/passwords, but most importantly, without having to type the same stuff over and over to open my connections in Query Analizer?
even if you use SSPI to access your servers, you'd still have to type the server name and select the database you want to access
that's why I wrote this little utility program, you enter your SQL servers along with the user names, passwords and databases that you want to access and it sits quietly on your tray, where you can access them quickly
you can configure it to open the connections on an existing Query Analizer window, or to open a new one each time you open a connection
when configuring a new connection you can configure which file you want to load, e.g. if you regularly run some queries against certain database, this option would help you
now, if you're worried about security, I added a password to keep all this information encrypted using industry standards
this is a freeware application, it gets the job done for me, suggestions are welcome but I don't guarantee anything
Wednesday, April 19, 2006
bare minimum required comments for your projects
commenting is one of the things that programmers/developers really suck at
but please, do your self a favor
at the VERY LEAST, put comments at the top of the main source file; for example whenever I start a new project I always put something like:
Program: Program Name
Written by: Eber Irigoyen
on: 04/19/2006
Uses (third party components):
- Indy 9.0.14
- XceedZip 4.5.77.0
- MDAC 2.7
Compiled with: Delphi 7
Description:
- blablabla
- more bla
- etc...
include any history updates here...
is just a few lines and it tells me quite a lot, how many times have you spent hours just because you don't know what version of the X components some co-worker used?
adding these headers will take you only a minute or two, and it can save countless hours in the future
the next thing is whenever you make changes to your project, at least include a description at the top of the main file, along with the version number, your name and date when the update was done
simple things like this are part of being a better developer
note: Updated the article to clarify some points just like Ayende mentions in the comments, another thing is that you should include the 3rd party components in the source repository;
the bare minimum comments in the source and the components in the source repository are real life savers!
but please, do your self a favor
at the VERY LEAST, put comments at the top of the main source file; for example whenever I start a new project I always put something like:
Program: Program Name
Written by: Eber Irigoyen
on: 04/19/2006
Uses (third party components):
- Indy 9.0.14
- XceedZip 4.5.77.0
- MDAC 2.7
Compiled with: Delphi 7
Description:
- blablabla
- more bla
- etc...
include any history updates here...
is just a few lines and it tells me quite a lot, how many times have you spent hours just because you don't know what version of the X components some co-worker used?
adding these headers will take you only a minute or two, and it can save countless hours in the future
the next thing is whenever you make changes to your project, at least include a description at the top of the main file, along with the version number, your name and date when the update was done
simple things like this are part of being a better developer
note: Updated the article to clarify some points just like Ayende mentions in the comments, another thing is that you should include the 3rd party components in the source repository;
the bare minimum comments in the source and the components in the source repository are real life savers!
Thursday, April 13, 2006
Friday, April 07, 2006
how to use google as a dictionary/encyclopedia
in this world of acronyms and new terms everyday we can't keep up with all those things, that's where google comes to the rescue
at the search box just type
define:your term here
here are some samples and their results:
define:google
Google, a popular search engine, is a tool for finding resources on the World Wide Web. Google scans web pages to find instances of the keywords you have entered in the search box.
define:Microsoft Corporation
An incredibly successful supplier of computer software founded in 1975 by Bill Gates and his partner Paul Allen. Microsoft has grown to become the world leader in the software industry by supplying software to the world’s largest computer base (IBM-compatibles). A large portion of Microsoft’s success is due to its popular Windows operating environment.
define:Test Driven Development
Testing methodology associated with Agile Programming in which every chunk of code is covered by unit tests, which must all pass all the time, in an effort to eliminate unit-level and regression bugs during development. Practitioners of TDD write a lot of tests, ie an equal number of lines of test code to the size of the production code.
as you can see you can enter more than a single word to find the definition
now, it gets interesting, you can also enter things like file formats, ZIP, PDF, EXE and get a definition for those as well
define:pdf
Portable Document Format. An electronic document that must be read with the Adobe Acrobat computer program.
define:js
An external JavaScript file. One of the methods of implementing JavaScript on to a page is to write an independent file containing all methods and variables and store it as a .js file. This file is then imported into an HTML or other type of web page as and when required.
how cool is that!
you can also use it as an encyclopedia
define:Salt Lake City
# Salt Lake City is the state capital and most populous city in the U.S. state of Utah. Its population as of the 2000 Census was 181,743. The Salt Lake City-Ogden metropolitan area, defined as Salt Lake, Davis, and Weber counties, had a population of 1,333,914 as of 2000.
define:George Bush
# Bush: 43rd President of the United States; son of George Herbert Walker Bush (born in 1946)
# Bush: vice president under Reagan and 41st President of the United States (born in 1924)
nice!, you can also use it to find acronyms (HTML, WEB, CSS, etc), jeez, how easy is for kids to do homework these days
you might not always get the definition on the first result, but I've seen good results usually in the top 3 definitions
you also get a list of related phrases which may give you a more detailed result on whatever it is you are looking for
at the search box just type
define:your term here
here are some samples and their results:
define:google
Google, a popular search engine, is a tool for finding resources on the World Wide Web. Google scans web pages to find instances of the keywords you have entered in the search box.
define:Microsoft Corporation
An incredibly successful supplier of computer software founded in 1975 by Bill Gates and his partner Paul Allen. Microsoft has grown to become the world leader in the software industry by supplying software to the world’s largest computer base (IBM-compatibles). A large portion of Microsoft’s success is due to its popular Windows operating environment.
define:Test Driven Development
Testing methodology associated with Agile Programming in which every chunk of code is covered by unit tests, which must all pass all the time, in an effort to eliminate unit-level and regression bugs during development. Practitioners of TDD write a lot of tests, ie an equal number of lines of test code to the size of the production code.
as you can see you can enter more than a single word to find the definition
now, it gets interesting, you can also enter things like file formats, ZIP, PDF, EXE and get a definition for those as well
define:pdf
Portable Document Format. An electronic document that must be read with the Adobe Acrobat computer program.
define:js
An external JavaScript file. One of the methods of implementing JavaScript on to a page is to write an independent file containing all methods and variables and store it as a .js file. This file is then imported into an HTML or other type of web page as and when required.
how cool is that!
you can also use it as an encyclopedia
define:Salt Lake City
# Salt Lake City is the state capital and most populous city in the U.S. state of Utah. Its population as of the 2000 Census was 181,743. The Salt Lake City-Ogden metropolitan area, defined as Salt Lake, Davis, and Weber counties, had a population of 1,333,914 as of 2000.
define:George Bush
# Bush: 43rd President of the United States; son of George Herbert Walker Bush (born in 1946)
# Bush: vice president under Reagan and 41st President of the United States (born in 1924)
nice!, you can also use it to find acronyms (HTML, WEB, CSS, etc), jeez, how easy is for kids to do homework these days
you might not always get the definition on the first result, but I've seen good results usually in the top 3 definitions
you also get a list of related phrases which may give you a more detailed result on whatever it is you are looking for
Thursday, April 06, 2006
how to get database connection using a Delphi personal version?
This question comes up very often in the Delphi forums
the bad news is that the personal versions of Delphi don't come bundled with database components, you have to use a third party solution, the good news is that there are a few free ones, here's one of them
http://www.deer-soft.com/
and here's a tutotial from delphi.about about working around this limitation using text files, typed files, etc, in a few cases, these methods might be enough for your application
Creating flat (non-relational) databases with no (Delphi) database components
the bad news is that the personal versions of Delphi don't come bundled with database components, you have to use a third party solution, the good news is that there are a few free ones, here's one of them
http://www.deer-soft.com/
and here's a tutotial from delphi.about about working around this limitation using text files, typed files, etc, in a few cases, these methods might be enough for your application
Creating flat (non-relational) databases with no (Delphi) database components
loading another copy of an assembly on Reflector might cause little headaches
First of all, if you haven't used Reflector, go download it now and start looking around in the BCL assemblies to see how things are really done behind the scenes, it can decompile code to IL, C#, VB.NET, Delphi, Chrome and MC++, I can't really say much about the quality of the Delphi and Chrome versions of the code it generates, but the C# is pretty good
anyway...
one thing to be aware when using reflector is, if you have an assembly loaded, and you try to load a different copy of the assembly in a different directory, it won't load it, it will keep the previous assembly loaded, and if you were loading it to see if there was a mismatch you'll think they're equal
what you have to do is just to right click on the assembly you're trying to reload, select close, then open the other copy and you're good to go
anyway...
one thing to be aware when using reflector is, if you have an assembly loaded, and you try to load a different copy of the assembly in a different directory, it won't load it, it will keep the previous assembly loaded, and if you were loading it to see if there was a mismatch you'll think they're equal
what you have to do is just to right click on the assembly you're trying to reload, select close, then open the other copy and you're good to go
Vendor's voices on Delphi's future
check out what the vendors have to say about the future of Delphi, a lot more optimistic than I expected in the sense that they will support their products throughout whatever Delphi versions come out, which is good for the Delphi community
check out what the vendors have to say about the future of Delphi, a lot more optimistic than I expected in the sense that they will support their products throughout whatever Delphi versions come out, which is good for the Delphi community
Wednesday, April 05, 2006
Windows Live Mail rocks
full blown (AJAX, web 2.0 or whatever you want to call it) email client, very, very nice
you can have email views like the ones in outlook 2003, you can do multiple selection with the mouse, drag and drop, it has spelling built in... definitely worth it giving it a try
full blown (AJAX, web 2.0 or whatever you want to call it) email client, very, very nice
you can have email views like the ones in outlook 2003, you can do multiple selection with the mouse, drag and drop, it has spelling built in... definitely worth it giving it a try
To use stored procedures or not to use stored procedures
I thought this battle was settled down, and we had all agreed that stored procedures (from now on called SPs) are (for the most part) the way to go when accessing your SQL data
turns out Ayende is not quite convinced yet, in fact it seems he prefers to use no stored procedures at all, I told him SPs can give you scalability, flexibility, security, etctirity, and here's his response
"I completely disagree with this, if you didn't catch on so far. Here is my refutal:
Scalability:
There is no performance advantages to using SP over Parameterized SQL.
Scaling the database is much harder than scaling an application.
Note: I implemented a caching web service once that simply cache data for certain period of time, saving quite a bit from the poor database. Deploy a bunch of those, and you're seriously reduced the amount of work the database has to do.
Flexibility:
Stored Procedures are... Well, procedures. This means that you've all the advantages and disadvantages of procedural programming. On general, I wouldn't call it very flexible. Changing the procedure's internal can be done without breaking clients is possible within a certain set of changes, but major stuff is hard.
A search procedure should be flexible, you should be able to search by any combination of parameters, how easy it is to write this procedure?
Security:
Not applicable in situations where you don't give users direct access to the database, in my opinion. There are things to be said about defense in depth, but I don't think that they should be curried to the point where you are forced to give up significant advantages while keeping the security of the system (using views / triggers instead of procedures, for instance, can result in a situation just as safe, and far easier for the programmers to work with effectively)."
let's see
"Scalability:
There is no performance advantages to using SP over Parameterized SQL. "
...you probably posted that in the incorrect section, Scalability and performance are different things
"Scaling the database is much harder than scaling an application. "
that's just another reason to separate the data rules (SPs) from your application
"Note: I implemented a caching web service once that simply cache data for certain period of time, saving quite a bit from the poor database. Deploy a bunch of those, and you're seriously reduced the amount of work the database has to do. "
you can still cache the result of the stored procedures, I don't see how that's an advantage of not-using-stored-procedures
"Flexibility:
Stored Procedures are... Well, procedures. This means that you've all the advantages and disadvantages of procedural programming. On general, I wouldn't call it very flexible. Changing the procedure's internal can be done without breaking clients is possible within a certain set of changes, but major stuff is hard. "
even if they are just a few, I still didn't have to recompile (and potentially distribute the application) just to make those little changes
"A search procedure should be flexible, you should be able to search by any combination of parameters, how easy it is to write this procedure? "
just as easy as it is to write a query on the app, besides that, I can make important changes to the stored procedures, perhaps look in other tables (history, cache, etc), take other parameters to use the same SP in another application, etc; again, without having to recompile my app
"Security:
Not applicable in situations where you don't give users direct access to the database, in my opinion. There are things to be said about defense in depth, but I don't think that they should be curried to the point where you are forced to give up significant advantages while keeping the security of the system (using views / triggers instead of procedures, for instance, can result in a situation just as safe, and far easier for the programmers to work with effectively). "
secure programming is all about good practices, the stupid SQL injection is because people just do
"select * from users where userName = "+UserID
if they would've used a stored procedure, that would've been ok, the same thing would've been accomplished by using a parameterized query as you point out
but is much more than that, security is not only who can get access to your data, is who can mess up with your data, and changes to that are far easier accomplished using SPs; is the exact same concept you use when you break up your code in files and classes, you give each class a responsability (I hope), is the same thing with the database, you give the database it's responsability and let your application do it's responsability. it's about using the right tool to get the job done
I thought this battle was settled down, and we had all agreed that stored procedures (from now on called SPs) are (for the most part) the way to go when accessing your SQL data
turns out Ayende is not quite convinced yet, in fact it seems he prefers to use no stored procedures at all, I told him SPs can give you scalability, flexibility, security, etctirity, and here's his response
"I completely disagree with this, if you didn't catch on so far. Here is my refutal:
Scalability:
There is no performance advantages to using SP over Parameterized SQL.
Scaling the database is much harder than scaling an application.
Note: I implemented a caching web service once that simply cache data for certain period of time, saving quite a bit from the poor database. Deploy a bunch of those, and you're seriously reduced the amount of work the database has to do.
Flexibility:
Stored Procedures are... Well, procedures. This means that you've all the advantages and disadvantages of procedural programming. On general, I wouldn't call it very flexible. Changing the procedure's internal can be done without breaking clients is possible within a certain set of changes, but major stuff is hard.
A search procedure should be flexible, you should be able to search by any combination of parameters, how easy it is to write this procedure?
Security:
Not applicable in situations where you don't give users direct access to the database, in my opinion. There are things to be said about defense in depth, but I don't think that they should be curried to the point where you are forced to give up significant advantages while keeping the security of the system (using views / triggers instead of procedures, for instance, can result in a situation just as safe, and far easier for the programmers to work with effectively)."
let's see
"Scalability:
There is no performance advantages to using SP over Parameterized SQL. "
...you probably posted that in the incorrect section, Scalability and performance are different things
"Scaling the database is much harder than scaling an application. "
that's just another reason to separate the data rules (SPs) from your application
"Note: I implemented a caching web service once that simply cache data for certain period of time, saving quite a bit from the poor database. Deploy a bunch of those, and you're seriously reduced the amount of work the database has to do. "
you can still cache the result of the stored procedures, I don't see how that's an advantage of not-using-stored-procedures
"Flexibility:
Stored Procedures are... Well, procedures. This means that you've all the advantages and disadvantages of procedural programming. On general, I wouldn't call it very flexible. Changing the procedure's internal can be done without breaking clients is possible within a certain set of changes, but major stuff is hard. "
even if they are just a few, I still didn't have to recompile (and potentially distribute the application) just to make those little changes
"A search procedure should be flexible, you should be able to search by any combination of parameters, how easy it is to write this procedure? "
just as easy as it is to write a query on the app, besides that, I can make important changes to the stored procedures, perhaps look in other tables (history, cache, etc), take other parameters to use the same SP in another application, etc; again, without having to recompile my app
"Security:
Not applicable in situations where you don't give users direct access to the database, in my opinion. There are things to be said about defense in depth, but I don't think that they should be curried to the point where you are forced to give up significant advantages while keeping the security of the system (using views / triggers instead of procedures, for instance, can result in a situation just as safe, and far easier for the programmers to work with effectively). "
secure programming is all about good practices, the stupid SQL injection is because people just do
"select * from users where userName = "+UserID
if they would've used a stored procedure, that would've been ok, the same thing would've been accomplished by using a parameterized query as you point out
but is much more than that, security is not only who can get access to your data, is who can mess up with your data, and changes to that are far easier accomplished using SPs; is the exact same concept you use when you break up your code in files and classes, you give each class a responsability (I hope), is the same thing with the database, you give the database it's responsability and let your application do it's responsability. it's about using the right tool to get the job done
Tuesday, April 04, 2006
010203040506
as a way of *celebration* for this peculiar event I created a big clock, a version in Delphi and a version in C#
you can get the code here and here, not much really but you could re-use it in 04/05/2106
the picture was actually taken at 01:02:03 04/05/06
...I'm such a geek
update: I made a change to the code to "freeze time" at whatever time configured, that's a nice touch, now I can use that for other count downs, I'll put up the new versions
Monday, April 03, 2006
don't miss the 01:02:03 04/05/06
On Wednesday of this week, two minutes and three seconds after 1:00 in the morning, the time and date will be
01:02:03 04/05/06
this event happens every 100 years, since we use two digits for the year
for most other countries the date will be on May 4, since they use DD/MM/YYYY
On Wednesday of this week, two minutes and three seconds after 1:00 in the morning, the time and date will be
01:02:03 04/05/06
this event happens every 100 years, since we use two digits for the year
for most other countries the date will be on May 4, since they use DD/MM/YYYY
Saturday, April 01, 2006
April fools summary
check it out right here
http://en.wikipedia.org/wiki/April_1,_2006
one of the first ones that came out is this one from Microsoft
http://www.msnsearchspoof.com/
where you can setup a page that will simulate MSN search site, go play a good prank on your co-workers
check it out right here
http://en.wikipedia.org/wiki/April_1,_2006
one of the first ones that came out is this one from Microsoft
http://www.msnsearchspoof.com/
where you can setup a page that will simulate MSN search site, go play a good prank on your co-workers
Subscribe to:
Posts (Atom)
