Author Archive

« Older Entries
Newer Entries »

Raoul Illyés, Microsoft MVP

Tuesday, October 5th, 2010

A friend and former colleague of mine Raoul Illyés has been awarded Microsoft MVP for SQL Server.

I am delighted and lucky to continue working with Raoul and his new company Guide-line.

Congratulations – It’s about time :-)

Tags:
Posted in Announcement, SQL Server | No Comments »

ASP.Net Security Vulnerability

Monday, September 20th, 2010

Friday the September 17th a serious security exploit was demonstrated at security conference by Juliano Rizzo and Thai Duong. A tool called POET (Padding Oracle Exploit Tool) was used to show the exploit in both .Net and Java.

POET exploits a well-known vulnerability in the way many websites encrypt text stored in ViewState, form authentication tickets, cookies, hidden HTML fields and request parameters.

It a deficiency in the encryption libraries in both Java and the .Net framework utilizing the fact that encrypted strings are padded in blocks of e.g. 8 bytes or 16 bytes or …. I will not go into details, as it is explained well in details here.

The exploit works on any block-cipher encryption mechanism, such as AES, DES and Triple DES.

The exploit is quite severe, as it can be used to download the web.config file.

The attack that was shown in the public relies on a feature in ASP.NET that allows files (typically javascript and css) to be downloaded, and which is secured with a key that is sent as part of the request. Unfortunately if you are able to forge a key you can use this feature to download the web.config file of an application (but not files outside of the application). We will obviously release a patch for this… Scott Gu

There are lots of systems affected, such as ASP.Net 1.0-4.0 (WebForms and MVC), SharePoint, Microsoft CRM, JavaServer Faces etc.

HTTPS with SSL/TLS does not protect your site.

Below is a video showing how to use the POET tool with DotNetNuke.

Scott Gu has workaround details until Microsoft releases a patch.

Update September 29th, 2010: A security update is released by Microsoft. More details about the patch on Scott Gu’s blog.

Tags: ,
Posted in .Net, Announcement, Security | No Comments »

Configuring Windows 7 network priority

Friday, September 10th, 2010

Windows 7 apparently always prioritizes the wireless network connection (Wi-Fi) – no matter if a faster wired network connection is available. This is default behavior – go figure!

Luckily you can change it, but it isn’t easy to find. Do the following:

  1. Go to “Network and Sharing Center” (e.g. through the “Control Panel”)
  2. Click “Change Adapter Settings”
  3. In the “Network Connections” window, press the ALT key on your keyboard to being up the menu bar.
  4. Click the “Advanced” menu and then “Advanced Settings”
  5. In the “Advanced Settings” windows on the “Adapters and Bindings” tab under “Connections”, you can change the network connection priority with the arrows on the right.

It will still connect to all available network connections (wireless and wired), unless they are disabled.

Tags: , , , ,
Posted in Ilities, Stuff | No Comments »

Enabling Danish for SQL Server FullText

Monday, August 9th, 2010

SQL Server FullText enables you to search large amount of strings fast, and it is easy to use. It hasn’t changed much since SQL Server 2000.
A simple getting started tutorial can be found on Code Project.

SQL Server FullText is easy to use in applications requiring string searching.

The Danish, Polish and Turkish wordbreaker and stemmer implementations for SQL Server FullText is not developed by Microsoft and therefore not enabled by default. The libraries are however part of the installation process and are therefore present on disk.

To make use of the Danish language capabilities in SQL Server 2008, register the libraries in registry and reload the FullText languages:

  1. Download & run the DanishFulltext.reg file on the server. It will register wordbreaker, stemmer and default location of the thesaurus xml file.
  2. Run the exec sp_fulltext_service ‘update_languages’ in a Management Studio.

Now verify that Danish is enabled with this query: SELECT name FROM sys.fulltext_languages

Note: The DanishFullText.reg assumes that SQL Server is a default instance (not a named instance). If not, modify the file by changing the MSSQL10.MSSQLSERVER to the instance name.

It is the same case with Polish and Turkish – they are not registered by default. See more in the MSDN article How to: Load Licensed Third-Party Word Breakers.

List of out of the box SQL Server 2008 FullText supported languages: Arabic, Bengali (India), Brazilian, British English, Bulgarian, Catalan, Chinese (Hong Kong SAR, PRC), Chinese (Macau SAR), Chinese (Singapore), Croatian, Danish, Dutch, English, French, German, Gujarati, Hebrew, Hindi, Icelandic, Indonesian ,Italian, Japanese, Kannada, Korean, Latvian, Lithuanian, Malay – Malaysia, Malayalam, Marathi, Neutral, Norwegian (Bokmål), Polish, Portuguese, Punjabi, Romanian, Russian, Serbian (Cyrillic), Serbian (Latin), Simplified Chinese, Slovak, Slovenian, Spanish, Swedish, Tamil, Telugu, Thai, Traditional Chinese, Turkish, Ukrainian, Urdu, Vietnamese.

Tags: , , , , ,
Posted in Full Text Search, MS FullText, SQL Server | No Comments »

Java 4-ever

Sunday, July 4th, 2010

I find this video hilarious…

You should use the best tools at hand to solve the problem. That said; choosing between Java or .Net doesn’t really matter in most cases. There are however some areas where Java is a better choice and vice versa.

I can’t wait to see it in the cinema :-)

PS. I do develop with Java even though I do not blog much about it.

Update: YouTube removed the video due to copyright claims. You can still see it JavaZone.

Tags: , ,
Posted in .Net, Code fun, Stuff | 3 Comments »

Meeting the SQL Azure Development Team

Wednesday, June 30th, 2010

Last week I was at Microsoft HQ in Redmond, WA, USA. I was invited by the SQL Azure Development Team to look at some of the new unreleased features and comment on features in their roadmap.

Unfortunately most of the content was confidential, meaning that I was under NDA, so I may not disclose any details. Sorry :-/

During the week with the SQL Azure Development Team I was fortunate to be engaged in technical detailed discussion about some of the upcoming feature releases – mainly discussing the SQL Server features not currently available in SQL Azure. It was interesting and enlightening at the same time to discuss their technical challenges and why they have build SQL Azure the way they have.

All in all, my conclusion after this event is that Microsoft takes SQL Azure seriously and it will become a major player in the RDBMS world. It will not just be a SQL Server in the cloud, but a separate product with different market segments and different features. I am looking forward to a bright future with SQL Azure :-)

Tags: , , , ,
Posted in Announcement, SQL Azure, SQL Server | No Comments »

Check for breaking changes in APIs

Tuesday, June 8th, 2010

Have you ever had the need to compare interfaces of two versions of the same framework?

If you have, then ApiChange is a tool for you. It’s open source, powerful and easy to use :-)

I gave it a spin comparing current trunk version 2.9.2 of Lucene.Net with the latest official release version 2.4.0.

I downloaded ApiChange and ran the following command in a command prompt:

ApiChange.exe -Diff -old C:\Lucene.Net_2_4_0\Lucene.Net.dll -new C:\trunk\Lucene.Net.dll

The output lists all the differences, but here is a summary:

  • 23 public types where removed
  • 96 public types where added
  • 158 public types where changed

Cool little tool with other features such as:

  • Diff public types for breaking changes.
  • Who uses a method?
  • Who uses a type?
  • Who uses implements an interface?
  • Who references me?
  • What format has the binary (32/64, Managed C++, Pure IL, Unmanaged)?
  • Search for all event subscribers and unsubscribers.

It’s based on Mono Cecil – a free IL parser, and not reflection as I initial thought. Go check it out…

Tags: , , ,
Posted in .Net, Full Text Search, Lucene, Useful tools | No Comments »

Levels of reuse in Software Development

Tuesday, June 1st, 2010

One of the promises of object-orientation is reuse. Developing new software systems is expensive, and maintaining them is even more expensive. Reuse is therefore sensible in both business and technology perspectives.

With assistance of Erich Gamma, I have identified four levels of reuse.

First level of reuse: Copy/paste

Duplicating code or functionality makes it easy to reuse it. It’s a real timesaver at first, but keeping all the duplicates up-to-date and maintaining them is horrifying task. Not to mention the problems when forgetting to update one or more duplicates…

“Copy and paste programming is a pejorative term to describe highly repetitive computer programming code apparently produced by copy and paste operations. It is frequently symptomatic of a lack of programming competence, or an insufficiently expressive development environment, as subroutines or libraries would normally be used instead. In certain contexts it has legitimate value, if used with care.” Wikipedia

Second level of reuse: Class libraries

Reuse at class level or a set of classes in a software library is common and also fairly easy with object-oriented languages.

“Libraries contain code and data that provide services to independent programs. This allows the sharing and changing of code and data in a modular fashion. Some executables are both standalone programs and libraries, but most libraries are not executables …” Wikipedia

Third level of reuse: Design Patterns

Patterns allow you to reuse design ideas and concepts independent of concrete code.

“In software engineering, a design pattern is a general reusable solution to a commonly occurring problem in software design. A design pattern is not a finished design that can be transformed directly into code. It is a description or template for how to solve a problem that can be used in many different situations. Object-oriented design patterns typically show relationships and interactions between classes or objects, without specifying the final application classes or objects that are involved.” Wikipedia

Fourth level of reuse: Frameworks

An object-oriented abstract design to solve a specific problem – often very specialized, like Unit Testing frameworks and Object-Relational Mapping frameworks, but can be large, complex or domain specific.

“A software framework … is an abstraction in which common code providing generic functionality can be selectively overridden or specialized by user code providing specific functionality. Frameworks are a special case of software libraries in that they are reusable abstractions of code wrapped in a well-defined API, yet they contain some key distinguishing features that separate them from normal libraries.” Wikipedia

It’s all about being pragmatic – not all software will reach fourth level of reuse and will be structured as frameworks – frankly it shouldn’t. That said; copy/past style development is unquestionably a wrong path.

What level is your company at?

Tags: , , ,
Posted in Everyday coding, Ilities, Stuff | 2 Comments »

Ageing pictogram

Wednesday, May 19th, 2010

I’m in Prague, Czech for the Apache Lucene EuroCon 2010; wandered around, where I saw this drawing on a house wall.

I find it hilarious – especially the natural shadow over the coffins. It’s just by pure coincidence that I was there, at the time of day where the doorway cast its shadow over the coffins :-)

Tags: , ,
Posted in Conference, Full Text Search, Lucene, Stuff | No Comments »

Finding Missing Indexes with SQL Server DMVs

Monday, May 10th, 2010

Finding Missing Indexes with DMVsSome time ago I wrote written about easy index wins for SQL Server 2005.

SQL server maintains statistics about indexes you should consider creating. This time I’ll show you a DMV (Dynamic Management View) that lists index candidates. This method works for SQL Server 2005 SP2 and later versions.

The query is based on three DMVs and returns index candidates where the calculated improvement is more than 10%:

SELECT
  migs.avg_total_user_cost * (migs.avg_user_impact / 100.0) * (migs.user_seeks + migs.user_scans) AS improvement_measure_pct,
  QUOTENAME(db_name(mid.database_id)) AS [database],
  QUOTENAME(OBJECT_SCHEMA_NAME(mid.object_id, mid.database_id)) AS [schema],
  QUOTENAME(OBJECT_NAME(mid.object_id, mid.database_id)) AS [table],
  'CREATE INDEX [missing_index_' + CONVERT(varchar(64), NEWID()) + ']'
  + ' ON ' + mid.statement
  + ' (' + ISNULL (mid.equality_columns, '')
  + CASE
      WHEN mid.equality_columns IS NOT NULL
	    AND mid.inequality_columns IS NOT NULL THEN ','
      ELSE ''
    END
  + ISNULL(mid.inequality_columns, '')
  + ')'
  + ISNULL(' INCLUDE (' + mid.included_columns + ')', '')
	  AS create_index_statement,
  migs.*,
  mid.database_id,
  mid.[object_id]
FROM sys.dm_db_missing_index_groups mig
  INNER JOIN sys.dm_db_missing_index_group_stats migs
	ON migs.group_handle = mig.index_group_handle
  INNER JOIN sys.dm_db_missing_index_details mid
	ON mig.index_handle = mid.index_handle
WHERE
	migs.avg_total_user_cost * (migs.avg_user_impact / 100.0) *
		(migs.user_seeks + migs.user_scans) > 10
ORDER BY
	migs.avg_total_user_cost * migs.avg_user_impact *
		(migs.user_seeks + migs.user_scans) DESC

It is important to note, that these are index candidates are only candidates and the improvements are based on estimates. The estimated improvement does not take extra disk space requirements and the maintenance of the indexes during updates, inserts and deletes. Furthermore it does not make recommendation about usage of clustered or non-clustered indexes.

This blog post is inspired by Bart Duncan’s Are you using SQL’s missing index DMVs?

Tags: , , ,
Posted in SQL Server, Useful tools | No Comments »

« Older Entries
Newer Entries »