Skip to content

Good Practices for Software Development

Would you post your password on a wall in your office? Of course not, because other employees, the cleaning crew, even guests walking around your office would be able to access your system with your account. When I read Brian Kelly’s post on passwords in files, that’s what I thought of. Sticking credentials in a file, where they’re subject to any kind of search, is a bad idea.

However this happens all the time. Combine this with a few other “common practices” like using sa to connect to a database and building dynamic SQL, and you might as well just set blank passwords and invite someone to have fun with your database. It’s sad that we continue to see these types of software development practices in 2014, and especially poor to see them from companies that sell software.

There is so much information out there on building software that is of higher quality and is much more secure. However all too often I find developers just aren’t implementing these practices. There are probably a myriad of reasons why, and I wish we had more ways to better train people, disseminate the information, and enforce it’s use.

Ultimately we can only do what we can. However I’d encourage those of you that see poor practices taking place to have a word with the developer (internally), or send a note to the vendor. If it’s more important to make a few more dollars than implement better practices, I’d encourage you to publicly call some attention to the matter. Maybe a little exposure to the dark side of software development will pressure managers to require more secure work over time.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 2.0MB) podcast or subscribe to the feed at iTunes and LibSyn. feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at

Open Source the MCM

It’s over. There’s no more MCM program or certification from Microsoft. The last MCM test was given last year and no upgrades are planned for SQL Server 2012 or SQL Server 2014. That’s a little sad, though there are quite a few of our SQL Server professionals that can still proudly wear the MCM title for the rest of their careers.

The MCM tests were designed differently than all the other MCP type tests, requiring more thought and deduction, as well as practical skills. The lab in particular was daunting to many of the MCMs, most of whom would tell you about the difficulties in getting through the scenarios in the limited time alloted. All of the people I’ve talked to found the challenge refreshing and also informative, enabling them to learn a few things about their knowledge, even from the problems they didn’t complete.

Since that chapter in Microsoft Learning is complete, and the tasks likely out of date, I’d ask that Microsoft Learning release the questions and scenarios to the world as an open source project. Unlike the other certifications and exams, these questions aren’t going to be re-used anytime soon and the knowledge could help many people learn to build better solutions.

This would be a great move, allowing many DBAs to challenge themselves with the questions and scenarios in practice labs. The types of scenarios could be used in interviews for new employees, either as they are written or modified for a particular environment. Professionals using the SQL Server platform would get an idea of not only the broad level of knowledge that MCMs have, but they’d also have a way to test themselves and direct their own learning to become better rounded SQL Server developers and administrators.

I doubt it would happen, but I’d think Microsoft could help the community, generate some goodwill, and help improve the overall quality of people working on their platform.

Update: I have opened a Connect item for this. Please vote


The Powershell Challenge Update

I’ve fallen down on my challenge over the last month. It’s been a content time, with me working more towards presentations and writing most of Mar and April to meet deadlines and commitments. I also let my calendar reminder die in Feb and didn’t renew it.

As a result, here I am, 6 months in and only done with 19 chapters. That’s a good way in, but it’s not complete. With some downtime coming, I’m looking to get back into this and using it a bit more.

Due Diligence

I often talk with people about building their brands and finding a way to ensure they are a highly desirable employee. One of the ways that I think people can do this is with a technical blog about their career. Having a technical blog allows someone to show off their skills in a particular area. The blog doesn’t have to be ground breaking work or extremely innovative solutions to complex problems. While employers need those people, they also need people that do solid work every day on regular problems.

An interview isn’t a great way to find good employees. Many of us have had experience with either (or both) sides of the interview table and realize that interviews aren’t necessarily that helpful. If we bothered to track the impressions we make of candidates and compare that to the actual work they accomplish over the first year or two, I suspect we’d find that we have no evidence that were making great decisions. The success of employees seems to be a bit hit and miss.

A blog, however, provides the employer with a bit more confidence that a person can handle the job they are hired for. A blog takes time, and across months (or years), it can show quite a bit about a person’s knowledge and skills. It allows hiring managers, and co-workers that may interview a person, the ability to perform a bit more due diligence and investigation into someone’s skills than an interview provides. It’s much more of a representative look at a person than what they say or write on a resume.

I know that it isn’t a perfect solution. People plagiarize posts and copy from Books Online and more, but the Internet helps here. Search a few of their paragraphs and you might catch plagiarizers easily. After all, someone that wants to copy posts to avoid work, probably has a few other tricks in their bag to avoid doing other work for you.

Think about starting a blog today and giving potential employers a way to learn more about you.


Consolidation Matters

Throughout my career I’ve been looking to consolidate SQL Servers when I find them. The typical employer I’ve had usually grows their IT infrastructure over time and many projects look like this:

  • Build or buy a software package
  • Buy a new server
  • Install SQL Server and one database for the application

Over time this means I find lots of individual servers running at much less than full capacity. That’s something that DBAs like, because it means that we can handle the inevitable spikes in resource usage that our workloads will encounter. However that’s not what the rest of the business, especially the financial management, wants. Underused resources mean money that isn’t spent well.

As a result, I’ve often looked to consolidate instances where possible. Often I let an instance run by its own hardware for a period of months, perhaps even a year, during which I can get a good idea of what level of resources the database and application require. Once I have that, I try to match up the needs with an existing SQL Server that might be underutilized by at least that amount of resources. Typically I’m looking at RAM and CPU since disk resources can often be transferred to a new piece of hardware. It’s not quite as simple as it sounds as I also need to look at workload patterns and potentially match up instances whose workload peaks occur at different times.

I’ve successfully consolidated many instances this way, often reducing the amount of physical hardware in data centers substantially. As hardware cycles turn over and newer machines are purchased, I can usually repeat the process again and again. The advent of virtualization has made this even easier as bad guesses can usually be reversed or corrected by moving the database to a different instance.

I suspect that virtualization will become more important in the future, especially as licensing changes in SQL Server make it much more expensive to add the ad hoc instance on its own hardware. I’d encourage you to plan on consolidating new databases from the beginning to ensure that your organization gets the most performance out of the hardware that it has purchased.

Steve Jones


FileTables–Inserting Directories from T-SQL

Creating a directory in a Filetable share is easy. It looks like this:


It’s hard to see, but this was a right click, New, Folder in the share from Windows Explorer.

However what about creating a directory from T-SQL? That’s almost as easy.

I created that folder above by running this code:

-- create a folder
INSERT  INTO dbo.Explorer
        ( name, is_directory )
VALUES  ( 'Books', 1 );

I provided a name for my folder and then a 1 for the is_directory property. Once I ran this, the folder above appeared in my share.

Note that this works for folders in the root, but not nested folders. I’ll tackle that in another post.

Advice for Newcomers

A friend recently was asked to give a presentation on their career to a group of 12 year olds. It was a challenge to engage the students, and my friend was surprised that very few of the kids were interested in technology. I was disappointed as well since I think this is a great career choice, and worth a little investigation, especially at that age.

It’s hard to convince people to enter this business if they don’t have any interest, but if they do, I’m wondering what you might tell them. Today I’d like you to think about your words of wisdom to someone interested in your job.

What would you tell someone that you wish you knew early on in your career?

You might impart some hints about how to approach technology. You might give them ideas on how to build skills faster or better? However for me, I’d tell them two things.

First, you can’t underestimate the value of networking, no matter what field you enter. Whether that’s technology, medicine, law, or anything else, networking will help you. Learn to make contacts and interact with people.

Second, learn what you don’t like to do. Experiment with the technologies, practice the jobs, and understand what you don’t like. You might not find something you have a passion for, but I’d certainly encourage you not to enter a field that you just don’t enjoy.

Steve Jones

Speaking at SQL Bits XII

I’m heading back to SQL Bits for the third time and I’m excited to be going again. I think that this is my favorite conference, hands down. The large mix of people, the incredibly welcoming hosts and the casual atmosphere make this one of the events I look forward to every year. It also means I get to swing by the Red Gate office without making a special trip.

This year the event is in Telford, near some racetrack that’s supposed to be famous. I’m not sure if they is any tie in with the event, but who cares. Chances are you won’t want to leave SQL Bits because you’ll be alternately excited by the content and charmed by the hosts and other attendees.

I’ll be delivering two talks at the event:

  • Continuous Integration for Databases
  • Branding Yourself for a Dream Job

I’ve done both of these a few times and they are very popular and thought provoking. I’m hoping that the crowd enjoys them as much as I do.

If you can make it to the UK, register today and I’d love to see you there. This is a great event, and I’m sure you’ll learn a ton and enjoy yourself while doing so.

That didn’t last long

Here was my speaking schedule, a page I updated Wed night.


Late yesterday I got emails notifying me of acceptance to a new event. Two whole days without something scheduled.

One Database to Rule Them All

This is what you build to juggle 6,000 tweets a second. That’s the headline that caught my eye and it’s about the challenges of Twitter and the data that they handle. Twitter definitely has a tough problem, one that few of us have, but perhaps they can help us learn to better deal with our own data from their experiences on an edge case.

The story is journalistic, not so technical, but it is interesting. Twitter has struggled with a blend of data that is partially crucial and must be consistent now (usernames) and other data that can be a bit out of date (tweets). They also have lots of unstructured data (photo/video) that is combined with more traditional, structured data. They’ve used a few different database platforms to store this data and assemble it with their application. That’s the same things that most of us also do when we deal with many different types of data.

However Twitter is trying to find away around dealing with disparate systems. They’ve had a number of engineers working on Manhattan, their database designed to handle both structured and unstructured data. And because they work for Twitter, this platform is designed to manage all of this data with very high workload demands at scale.

It will be interesting to see if they come up with any innovative ideas. Certainly SQL Server already has options for managing structured and unstructured data, though perhaps not at the scale Twitter needs.

Steve Jones


Get every new post delivered to your Inbox.

Join 4,323 other followers