Saturday, April 29, 2006

Assign permissions early

Last week I decided to restrict the access to one of the drives on my main pc, an 80GB drive with quite a bit of files in it, I took so many hours that I had to go to sleep before it was done

it reminded me that we should always assign permissions as early as possible, in the case of disk drives the bigger and more files you have on them, the longer it will take to complete the operation because it has to adjust permissions to every single file on the drive

the same concept applies when developing, but the problem in this case is that YOU (not an automated tool) will have to adjust the security, this may require a change on the architecture, which then introduces bugs, whichs costs time and resources... it can get quite ugly

assign permissions early wherever it applies, it will save you a lot of resources on the future

Monday, April 24, 2006

manage your SQL connections in one place

where I work at I use about 10 different SQL servers, is hard to keep up with the server names, catalogs, user names and passwords required for each one

wouldn't be nice if I had a central place to access all of them without having to remember all the names/catalogs/user names/passwords, but most importantly, without having to type the same stuff over and over to open my connections in Query Analizer?

even if you use SSPI to access your servers, you'd still have to type the server name and select the database you want to access

that's why I wrote this little utility program, you enter your SQL servers along with the user names, passwords and databases that you want to access and it sits quietly on your tray, where you can access them quickly

you can configure it to open the connections on an existing Query Analizer window, or to open a new one each time you open a connection

when configuring a new connection you can configure which file you want to load, e.g. if you regularly run some queries against certain database, this option would help you

now, if you're worried about security, I added a password to keep all this information encrypted using industry standards

this is a freeware application, it gets the job done for me, suggestions are welcome but I don't guarantee anything

Wednesday, April 19, 2006

bare minimum required comments for your projects

commenting is one of the things that programmers/developers really suck at

but please, do your self a favor

at the VERY LEAST, put comments at the top of the main source file; for example whenever I start a new project I always put something like:

Program: Program Name
Written by: Eber Irigoyen
on: 04/19/2006
Uses (third party components):
- Indy 9.0.14
- XceedZip 4.5.77.0
- MDAC 2.7
Compiled with: Delphi 7

Description:
- blablabla
- more bla
- etc...

include any history updates here...

is just a few lines and it tells me quite a lot, how many times have you spent hours just because you don't know what version of the X components some co-worker used?

adding these headers will take you only a minute or two, and it can save countless hours in the future

the next thing is whenever you make changes to your project, at least include a description at the top of the main file, along with the version number, your name and date when the update was done

simple things like this are part of being a better developer

note: Updated the article to clarify some points just like Ayende mentions in the comments, another thing is that you should include the 3rd party components in the source repository;
the bare minimum comments in the source and the components in the source repository are real life savers!

Friday, April 07, 2006

how to use google as a dictionary/encyclopedia

in this world of acronyms and new terms everyday we can't keep up with all those things, that's where google comes to the rescue

at the search box just type
define:your term here

here are some samples and their results:

define:google
Google, a popular search engine, is a tool for finding resources on the World Wide Web. Google scans web pages to find instances of the keywords you have entered in the search box.

define:Microsoft Corporation
An incredibly successful supplier of computer software founded in 1975 by Bill Gates and his partner Paul Allen. Microsoft has grown to become the world leader in the software industry by supplying software to the world’s largest computer base (IBM-compatibles). A large portion of Microsoft’s success is due to its popular Windows operating environment.

define:Test Driven Development
Testing methodology associated with Agile Programming in which every chunk of code is covered by unit tests, which must all pass all the time, in an effort to eliminate unit-level and regression bugs during development. Practitioners of TDD write a lot of tests, ie an equal number of lines of test code to the size of the production code.

as you can see you can enter more than a single word to find the definition

now, it gets interesting, you can also enter things like file formats, ZIP, PDF, EXE and get a definition for those as well

define:pdf
Portable Document Format. An electronic document that must be read with the Adobe Acrobat computer program.

define:js
An external JavaScript file. One of the methods of implementing JavaScript on to a page is to write an independent file containing all methods and variables and store it as a .js file. This file is then imported into an HTML or other type of web page as and when required.

how cool is that!

you can also use it as an encyclopedia

define:Salt Lake City
# Salt Lake City is the state capital and most populous city in the U.S. state of Utah. Its population as of the 2000 Census was 181,743. The Salt Lake City-Ogden metropolitan area, defined as Salt Lake, Davis, and Weber counties, had a population of 1,333,914 as of 2000.

define:George Bush
# Bush: 43rd President of the United States; son of George Herbert Walker Bush (born in 1946)
# Bush: vice president under Reagan and 41st President of the United States (born in 1924)

nice!, you can also use it to find acronyms (HTML, WEB, CSS, etc), jeez, how easy is for kids to do homework these days

you might not always get the definition on the first result, but I've seen good results usually in the top 3 definitions

you also get a list of related phrases which may give you a more detailed result on whatever it is you are looking for

Thursday, April 06, 2006

how to get database connection using a Delphi personal version?

This question comes up very often in the Delphi forums
the bad news is that the personal versions of Delphi don't come bundled with database components, you have to use a third party solution, the good news is that there are a few free ones, here's one of them

http://www.deer-soft.com/

and here's a tutotial from delphi.about about working around this limitation using text files, typed files, etc, in a few cases, these methods might be enough for your application

Creating flat (non-relational) databases with no (Delphi) database components

loading another copy of an assembly on Reflector might cause little headaches

First of all, if you haven't used Reflector, go download it now and start looking around in the BCL assemblies to see how things are really done behind the scenes, it can decompile code to IL, C#, VB.NET, Delphi, Chrome and MC++, I can't really say much about the quality of the Delphi and Chrome versions of the code it generates, but the C# is pretty good

anyway...
one thing to be aware when using reflector is, if you have an assembly loaded, and you try to load a different copy of the assembly in a different directory, it won't load it, it will keep the previous assembly loaded, and if you were loading it to see if there was a mismatch you'll think they're equal

what you have to do is just to right click on the assembly you're trying to reload, select close, then open the other copy and you're good to go
Vendor's voices on Delphi's future

check out what the vendors have to say about the future of Delphi, a lot more optimistic than I expected in the sense that they will support their products throughout whatever Delphi versions come out, which is good for the Delphi community

Wednesday, April 05, 2006

Windows Live Mail rocks
full blown (AJAX, web 2.0 or whatever you want to call it) email client, very, very nice

you can have email views like the ones in outlook 2003, you can do multiple selection with the mouse, drag and drop, it has spelling built in... definitely worth it giving it a try
To use stored procedures or not to use stored procedures

I thought this battle was settled down, and we had all agreed that stored procedures (from now on called SPs) are (for the most part) the way to go when accessing your SQL data

turns out Ayende is not quite convinced yet, in fact it seems he prefers to use no stored procedures at all, I told him SPs can give you scalability, flexibility, security, etctirity, and here's his response

"I completely disagree with this, if you didn't catch on so far. Here is my refutal:

Scalability:
There is no performance advantages to using SP over Parameterized SQL.
Scaling the database is much harder than scaling an application.
Note: I implemented a caching web service once that simply cache data for certain period of time, saving quite a bit from the poor database. Deploy a bunch of those, and you're seriously reduced the amount of work the database has to do.
Flexibility:
Stored Procedures are... Well, procedures. This means that you've all the advantages and disadvantages of procedural programming. On general, I wouldn't call it very flexible. Changing the procedure's internal can be done without breaking clients is possible within a certain set of changes, but major stuff is hard.
A search procedure should be flexible, you should be able to search by any combination of parameters, how easy it is to write this procedure?
Security:
Not applicable in situations where you don't give users direct access to the database, in my opinion. There are things to be said about defense in depth, but I don't think that they should be curried to the point where you are forced to give up significant advantages while keeping the security of the system (using views / triggers instead of procedures, for instance, can result in a situation just as safe, and far easier for the programmers to work with effectively)."


let's see

"Scalability:
There is no performance advantages to using SP over Parameterized SQL. "


...you probably posted that in the incorrect section, Scalability and performance are different things

"Scaling the database is much harder than scaling an application. "
that's just another reason to separate the data rules (SPs) from your application

"Note: I implemented a caching web service once that simply cache data for certain period of time, saving quite a bit from the poor database. Deploy a bunch of those, and you're seriously reduced the amount of work the database has to do. "
you can still cache the result of the stored procedures, I don't see how that's an advantage of not-using-stored-procedures

"Flexibility:
Stored Procedures are... Well, procedures. This means that you've all the advantages and disadvantages of procedural programming. On general, I wouldn't call it very flexible. Changing the procedure's internal can be done without breaking clients is possible within a certain set of changes, but major stuff is hard. "

even if they are just a few, I still didn't have to recompile (and potentially distribute the application) just to make those little changes

"A search procedure should be flexible, you should be able to search by any combination of parameters, how easy it is to write this procedure? "
just as easy as it is to write a query on the app, besides that, I can make important changes to the stored procedures, perhaps look in other tables (history, cache, etc), take other parameters to use the same SP in another application, etc; again, without having to recompile my app

"Security:
Not applicable in situations where you don't give users direct access to the database, in my opinion. There are things to be said about defense in depth, but I don't think that they should be curried to the point where you are forced to give up significant advantages while keeping the security of the system (using views / triggers instead of procedures, for instance, can result in a situation just as safe, and far easier for the programmers to work with effectively). "

secure programming is all about good practices, the stupid SQL injection is because people just do

"select * from users where userName = "+UserID

if they would've used a stored procedure, that would've been ok, the same thing would've been accomplished by using a parameterized query as you point out

but is much more than that, security is not only who can get access to your data, is who can mess up with your data, and changes to that are far easier accomplished using SPs; is the exact same concept you use when you break up your code in files and classes, you give each class a responsability (I hope), is the same thing with the database, you give the database it's responsability and let your application do it's responsability. it's about using the right tool to get the job done

Tuesday, April 04, 2006

01:02:03 04/05/06
010203040506

as a way of *celebration* for this peculiar event I created a big clock, a version in Delphi and a version in C#

you can get the code here and here, not much really but you could re-use it in 04/05/2106

the picture was actually taken at 01:02:03 04/05/06
...I'm such a geek

update: I made a change to the code to "freeze time" at whatever time configured, that's a nice touch, now I can use that for other count downs, I'll put up the new versions

Monday, April 03, 2006

don't miss the 01:02:03 04/05/06

On Wednesday of this week, two minutes and three seconds after 1:00 in the morning, the time and date will be

01:02:03 04/05/06

this event happens every 100 years, since we use two digits for the year

for most other countries the date will be on May 4, since they use DD/MM/YYYY

Saturday, April 01, 2006

April fools summary

check it out right here

http://en.wikipedia.org/wiki/April_1,_2006

one of the first ones that came out is this one from Microsoft

http://www.msnsearchspoof.com/

where you can setup a page that will simulate MSN search site, go play a good prank on your co-workers