September 18, 2014 at 6:50 am
Grant Fritchey (9/17/2014)
So this is happening[/url]. If any of the Threadizens are inclined to make a blog post (or three) in support, I'd be appreciative.
Vote for Grant for PASS Board! He'll bring free beer to all PASS functions for all attendees!
(Limit 1 1oz serving per person, per year, attendee must be of legal drinking age in the city / county / state / country, person must be able to correctly answer a query tuning question posed by Grant within 30 seconds, offer not valid in locales / venues which prohibit alcohol)
:hehe:
September 18, 2014 at 7:04 am
GilaMonster (9/18/2014)
Stefan Krzywicki (9/17/2014)
SQLRNNR (9/17/2014)
Roy Ernest (9/17/2014)
I got someone asking if Cursor will work fast on memory based objects.It felt like the OP would upgrade to SQL 2014 so that he/she can make the cursor run faster.
It could. It could also be just as bad. Boils down to what objects are involved and how complex the cursor might be.
In the end, a set based would most likely be better for them. Sell them on the idea that 2014 has a much improved cardinality estimator that can make a lot of queries run faster by itself.:-D
I wrote a cursor this week. I needed to run sp_estimate_data_compression_savings against every table in the database. I probably could have opened the proc & figured out what tables it was querying and used that to write a set based query and I might in the future, but this works well enough for now.
I wouldn't bother to be honest. Firstly because that proc has multiple cursors in it anyway, second because it does stuff like
create table [#sample_tableDBA05385A6FF40F888204D05C7D56D2B]([dummyDBA05385A6FF40F888204D05C7D56D2B] [int]);It works by taking a sample of the table you specify, creating a temp table in, adding indexes, inserting the sample data and then compressing it.
Nothing wrong with cursors/loops where appropriate, and when creating and altering objects is usually such a place
Good to know, thanks. Of course half the reason to go through the exercise is to find out what's in the stored proc you're calling. : -) I may still delve, but without trying to figure out how to make it a set based query.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
September 18, 2014 at 7:17 am
Grant Fritchey (9/18/2014)
Roy Ernest (9/18/2014)
Why would SQL Pass want to list the candidates in the order of committee ranking? The slate has been ratified, so it should be just the names of the candidates in no order.Sorry, dont agree with the wording of that email.
Politics. Ain't it fun!
Roy, your mistake was starting the question with “Why would PASS”, and assuming there was a thought process behind it
---------------------------------------------------------
How best to post your question[/url]
How to post performance problems[/url]
Tally Table:What it is and how it replaces a loop[/url]
"stewsterl 80804 (10/16/2009)I guess when you stop and try to understand the solution provided you not only learn, but save yourself some headaches when you need to make any slight changes."
September 18, 2014 at 7:27 am
Ed Wagner (9/18/2014)
Sean Lange (9/17/2014)
WayneS (9/17/2014)
Sean Lange (9/17/2014)
ROFLMAO!!!! I just got a dev ticket to look into a website that was written and deployed about 3 years before I got here. The ONLY page on the entire site that does anything more than deliver static content is a page with a form that allows the user to upload a file. I was told this is really important because the last submission received was in 2010. Obviously mission critical functionality here. Add to that it is written in classic asp. I opened the thing for the first time ever today and it is wide open the sql injection, javascript injection and probably more. There is only 1 way to fix this, take it out to the pasture and shoot it. 😛Is this a public facing website? Care to send me a link? 😉
Not really. 😛 Not wanting to turn something that I can easily blow off for at least 4 years into something I have to fix immediately. It is public facing and truly horrible. It just takes the text boxes and build a pass through query blindly. Not even an attempt made to protect anything. Add to that the ability to upload files with no checking on file type or anything at all. The URL alone is enough to gain access to the network and I am not handing out that key. YUCK!!!
As long as it doesn't check file type, does it also open the file and do something with it? Or is it boring and just save it to disk and let someone else open it to
do the damageread the data?
Thankfully it just saves it disc until somebody else comes along and opens it. Of course it hasn't worked in 4 years so the threat is rather low.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
September 18, 2014 at 7:31 am
WayneS (9/17/2014)
Sean Lange (9/17/2014)
WayneS (9/17/2014)
Sean Lange (9/17/2014)
ROFLMAO!!!! I just got a dev ticket to look into a website that was written and deployed about 3 years before I got here. The ONLY page on the entire site that does anything more than deliver static content is a page with a form that allows the user to upload a file. I was told this is really important because the last submission received was in 2010. Obviously mission critical functionality here. Add to that it is written in classic asp. I opened the thing for the first time ever today and it is wide open the sql injection, javascript injection and probably more. There is only 1 way to fix this, take it out to the pasture and shoot it. 😛Is this a public facing website? Care to send me a link? 😉
Not really. 😛 Not wanting to turn something that I can easily blow off for at least 4 years into something I have to fix immediately. It is public facing and truly horrible. It just takes the text boxes and build a pass through query blindly. Not even an attempt made to protect anything. Add to that the ability to upload files with no checking on file type or anything at all. The URL alone is enough to gain access to the network and I am not handing out that key. YUCK!!!
Please????? (I have this neat SQL Injection demo that I do... it would be neat to incorporate this into it and show a real world hack!) :cool::w00t:
I would love to see that demo but not with anything I have to support as the target of the attack. Your demo is probably more elaborate in the hack. The code on this is ridiculously stupid. Look up "first year out of college sql injection" and this is pretty much the same stuff. Fortunately whoever built it created a entire database just for this one page and a login that only has access to that database.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
September 18, 2014 at 7:32 am
Sean Lange (9/18/2014)
Ed Wagner (9/18/2014)
Sean Lange (9/17/2014)
WayneS (9/17/2014)
Sean Lange (9/17/2014)
ROFLMAO!!!! I just got a dev ticket to look into a website that was written and deployed about 3 years before I got here. The ONLY page on the entire site that does anything more than deliver static content is a page with a form that allows the user to upload a file. I was told this is really important because the last submission received was in 2010. Obviously mission critical functionality here. Add to that it is written in classic asp. I opened the thing for the first time ever today and it is wide open the sql injection, javascript injection and probably more. There is only 1 way to fix this, take it out to the pasture and shoot it. 😛Is this a public facing website? Care to send me a link? 😉
Not really. 😛 Not wanting to turn something that I can easily blow off for at least 4 years into something I have to fix immediately. It is public facing and truly horrible. It just takes the text boxes and build a pass through query blindly. Not even an attempt made to protect anything. Add to that the ability to upload files with no checking on file type or anything at all. The URL alone is enough to gain access to the network and I am not handing out that key. YUCK!!!
As long as it doesn't check file type, does it also open the file and do something with it? Or is it boring and just save it to disk and let someone else open it to
do the damageread the data?Thankfully it just saves it disc until somebody else comes along and opens it. Of course it hasn't worked in 4 years so the threat is rather low.
Good point. I saw the lack of file type validation and felt a low-level panic starting. If the server accepts a file of any type and then tries to open it, a .exe, .com, .bat or .cmd could cause some major damage to the server itself. Heck, even the old .pif might still be supported. Just another level of danger induced by the lack of validation.
On another front, since the obviously mission-critical process it hasn't worked for 4 years, I would be forced to question whether it was really needed at all.
September 18, 2014 at 7:32 am
Roy Ernest (9/18/2014)
Why would SQL Pass want to list the candidates in the order of committee ranking? The slate has been ratified, so it should be just the names of the candidates in no order.Sorry, dont agree with the wording of that email.
There are reasons for that. This was a recommendation of the ERC which was formed AFTER the fiasco when Steve didn't make it past the NomCom. Essentially all the NomCom is responsible for now is ranking the candidates based on applications and interviews, the only reason an applicant can be rejected by the NomCom is because of breaking the rules or some kind of ethical violation. Thus the candidates are presented by NomCom ranking because the NomCom has spent the most time vetting the candidates and PASS wants you to know, without going into details, who the NomCom thinks are the best prospects for the board, so you can include that in your decision making process.
It isn't perfect, but it is just one more point of information to include in making your decision.
I didn't even think about the ranking. I have my own opinions about the candidates and know who I'm going to vote for. I'll be honest and state that my vote is based on personality and personal interaction with the candidates as it is with ability to get the job done. I think all 4 candidates can do the job and do it well, but I think personality does impact the ability to do the job.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
September 18, 2014 at 7:33 am
jcrawf02 (9/18/2014)
Grant Fritchey (9/18/2014)
Roy Ernest (9/18/2014)
Why would SQL Pass want to list the candidates in the order of committee ranking? The slate has been ratified, so it should be just the names of the candidates in no order.Sorry, dont agree with the wording of that email.
Politics. Ain't it fun!
Roy, your mistake was starting the question with “Why would PASS”, and assuming there was a thought process behind it
You are right... I should not have. Should have known better. 🙂
Grant, Politics sure aint fun... But that politics should have been between you and the other candidates on the slate. PASS should keep their head out of it... Unless you really pissed them off... 😛
-Roy
September 18, 2014 at 7:35 am
Jack, the NomCom should rank them. But PASS should not disclose the ranking when announcing the slate. This is like saying that he/she is worst of the batch so dont vote for them.
-Roy
September 18, 2014 at 7:37 am
Jack Corbett (9/18/2014)
Roy Ernest (9/18/2014)
Why would SQL Pass want to list the candidates in the order of committee ranking? The slate has been ratified, so it should be just the names of the candidates in no order.Sorry, dont agree with the wording of that email.
There are reasons for that. This was a recommendation of the ERC which was formed AFTER the fiasco when Steve didn't make it past the NomCom. Essentially all the NomCom is responsible for now is ranking the candidates based on applications and interviews, the only reason an applicant can be rejected by the NomCom is because of breaking the rules or some kind of ethical violation. Thus the candidates are presented by NomCom ranking because the NomCom has spent the most time vetting the candidates and PASS wants you to know, without going into details, who the NomCom thinks are the best prospects for the board, so you can include that in your decision making process.
It isn't perfect, but it is just one more point of information to include in making your decision.
I didn't even think about the ranking. I have my own opinions about the candidates and know who I'm going to vote for. I'll be honest and state that my vote is based on personality and personal interaction with the candidates as it is with ability to get the job done. I think all 4 candidates can do the job and do it well, but I think personality does impact the ability to do the job.
It'll be interesting to see it the top nominations all win. There've been studies that show being at the top of a ballot garners you extra votes. In something like this, there should be a transparent randomization process.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
September 18, 2014 at 7:38 am
Ed Wagner (9/18/2014)
Sean Lange (9/18/2014)
Ed Wagner (9/18/2014)
Sean Lange (9/17/2014)
WayneS (9/17/2014)
Sean Lange (9/17/2014)
ROFLMAO!!!! I just got a dev ticket to look into a website that was written and deployed about 3 years before I got here. The ONLY page on the entire site that does anything more than deliver static content is a page with a form that allows the user to upload a file. I was told this is really important because the last submission received was in 2010. Obviously mission critical functionality here. Add to that it is written in classic asp. I opened the thing for the first time ever today and it is wide open the sql injection, javascript injection and probably more. There is only 1 way to fix this, take it out to the pasture and shoot it. 😛Is this a public facing website? Care to send me a link? 😉
Not really. 😛 Not wanting to turn something that I can easily blow off for at least 4 years into something I have to fix immediately. It is public facing and truly horrible. It just takes the text boxes and build a pass through query blindly. Not even an attempt made to protect anything. Add to that the ability to upload files with no checking on file type or anything at all. The URL alone is enough to gain access to the network and I am not handing out that key. YUCK!!!
As long as it doesn't check file type, does it also open the file and do something with it? Or is it boring and just save it to disk and let someone else open it to
do the damageread the data?Thankfully it just saves it disc until somebody else comes along and opens it. Of course it hasn't worked in 4 years so the threat is rather low.
Good point. I saw the lack of file type validation and felt a low-level panic starting. If the server accepts a file of any type and then tries to open it, a .exe, .com, .bat or .cmd could cause some major damage to the server itself. Heck, even the old .pif might still be supported. Just another level of danger induced by the lack of validation.
On another front, since the obviously mission-critical process it hasn't worked for 4 years, I would be forced to question whether it was really needed at all.
I told them I would fix it as quickly as they reported the problem. They chuckled until I opened outlook and added a calendar item in 2018 and invited them to it so we can discuss the requirements of a rewrite. 😀
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
September 18, 2014 at 7:41 am
Sean Lange (9/18/2014)
Ed Wagner (9/18/2014)
Sean Lange (9/18/2014)
Ed Wagner (9/18/2014)
Sean Lange (9/17/2014)
WayneS (9/17/2014)
Sean Lange (9/17/2014)
ROFLMAO!!!! I just got a dev ticket to look into a website that was written and deployed about 3 years before I got here. The ONLY page on the entire site that does anything more than deliver static content is a page with a form that allows the user to upload a file. I was told this is really important because the last submission received was in 2010. Obviously mission critical functionality here. Add to that it is written in classic asp. I opened the thing for the first time ever today and it is wide open the sql injection, javascript injection and probably more. There is only 1 way to fix this, take it out to the pasture and shoot it. 😛Is this a public facing website? Care to send me a link? 😉
Not really. 😛 Not wanting to turn something that I can easily blow off for at least 4 years into something I have to fix immediately. It is public facing and truly horrible. It just takes the text boxes and build a pass through query blindly. Not even an attempt made to protect anything. Add to that the ability to upload files with no checking on file type or anything at all. The URL alone is enough to gain access to the network and I am not handing out that key. YUCK!!!
As long as it doesn't check file type, does it also open the file and do something with it? Or is it boring and just save it to disk and let someone else open it to
do the damageread the data?Thankfully it just saves it disc until somebody else comes along and opens it. Of course it hasn't worked in 4 years so the threat is rather low.
Good point. I saw the lack of file type validation and felt a low-level panic starting. If the server accepts a file of any type and then tries to open it, a .exe, .com, .bat or .cmd could cause some major damage to the server itself. Heck, even the old .pif might still be supported. Just another level of danger induced by the lack of validation.
On another front, since the obviously mission-critical process it hasn't worked for 4 years, I would be forced to question whether it was really needed at all.
I told them I would fix it as quickly as they reported the problem. They chuckled until I opened outlook and added a calendar item in 2018 and invited them to it so we can discuss the requirements of a rewrite. 😀
My compliments on planning ahead. 😀 Of course, you know there will be some sort of crisis happening on that exact date that will force the meeting to be delayed.
September 18, 2014 at 7:55 am
Roy Ernest (9/18/2014)
Jack, the NomCom should rank them. But PASS should not disclose the ranking when announcing the slate. This is like saying that he/she is worst of the batch so dont vote for them.
I'm not saying it is right or wrong, I'm just giving the reason for presenting the ranking. Many people in the community ask for more transparency and this is one of the areas PASS has chosen to be a little more transparent by saying, "The NomCom reviewed applications and interviewed the candidates and this is who they think are most qualified". Voters still have access to the candidates information and to the candidates through the chats, so each voter can choose how much information on each candidate they want to consume before deciding.
I think it will be an interesting election and hope we get closer to 2000 voters than we did last year. I think there are specific blocks of voters that will support each candidate based on something other than qualifications to do the job. And this is not an indictment on any of the incumbents, but I hope that Grant gets a seat, just so we get some turnover (this is probably Grant's block). Again, I think all the candidates are qualified, so I'm not knocking any of them. I know each candidate personally and have great respect for each of them and what they have done in their careers and for PASS.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
September 18, 2014 at 8:18 am
Jack Corbett (9/18/2014)
Roy Ernest (9/18/2014)
Jack, the NomCom should rank them. But PASS should not disclose the ranking when announcing the slate. This is like saying that he/she is worst of the batch so dont vote for them.I'm not saying it is right or wrong, I'm just giving the reason for presenting the ranking. Many people in the community ask for more transparency and this is one of the areas PASS has chosen to be a little more transparent by saying, "The NomCom reviewed applications and interviewed the candidates and this is who they think are most qualified". Voters still have access to the candidates information and to the candidates through the chats, so each voter can choose how much information on each candidate they want to consume before deciding.
I think it will be an interesting election and hope we get closer to 2000 voters than we did last year. I think there are specific blocks of voters that will support each candidate based on something other than qualifications to do the job. And this is not an indictment on any of the incumbents, but I hope that Grant gets a seat, just so we get some turnover (this is probably Grant's block). Again, I think all the candidates are qualified, so I'm not knocking any of them. I know each candidate personally and have great respect for each of them and what they have done in their careers and for PASS.
There's an organization in Science Fiction Fandom that just said they would pick an order for something by asking applicants to "submit three random numbers between 1 and 200" and that they'd use a "secret algorithm" known only to the committee to pick the order. Just say you already have your mind made up and be done with it instead of this obtuse, obscuring nonsense.
--------------------------------------
When you encounter a problem, if the solution isn't readily evident go back to the start and check your assumptions.
--------------------------------------
It’s unpleasantly like being drunk.
What’s so unpleasant about being drunk?
You ask a glass of water. -- Douglas Adams
September 18, 2014 at 8:36 am
GilaMonster (9/14/2014)
Sometimes advice on a blog still scares me. Not often, but sometimes. Like todayConsider using a RAMDisk for Index filegroups.
Putting non-clustered indexes on a RAMDisk will greatly improve performance
Be absolutely sure that your RAMDisk either backs itself up to disk, or at least saves and loads itself from a real disk on shutdown and startup.
This can significantly increase shutdown/startup/reboot times.
I also recommend doing regular SQL backups of these filegroups.
If the system crashes, recovering the database becomes a lot harder. Which is why backups are very important.
Why "Like today" in particular? That page of strange :crazy: ideas dates from 317 days before your comment (unless it was copied from something even earlier).
Tom
Viewing 15 posts - 45,766 through 45,780 (of 66,547 total)
You must be logged in to reply to this topic. Login to reply