• C-Derb (unregistered) in reply to Coyne
    Coyne:
    chubertdev:
    nimis:
    [...] I know, I know comparing the outputs of two very similar queries (like one on QA and one on production) is something that no one would ever think of doing.

    Because Ctrl+S, Ctrl+C, Ctrl+V, etc...are too hard. :facepalm:

    Seriously? Copy a 1-billion row output from production and paste it into another file so it can be compared to the test output?

    Man, I want to see the price tag on the system that has enough memory to have a clipboard that will handle that cut and paste...

    I think you missed the part about Ctrl+S. He was suggesting that it isn't much work to save the query, then copy the .sql file and paste it (thus making a copy) and then opening the copy into a new query editor window in the developer studio. He wasn't suggesting to copy/paste the results, just the query.

    Anyway, the better sequence would simply be Ctrl-A, Ctrl-C, Ctrl-N, Ctrl-V.

  • (cs)

    The best sequence is to use something like Redgate's tools.

  • JJ (unregistered) in reply to nimis
    nimis:
    And my favoritest feature of all has to be the inability of Management Studio to open the same file twice.
    Open new query window, then Edit | Insert File As Text...
  • SQLer (unregistered) in reply to jay

    The creators of these tools assume they're for "smart" people who don't arbitrarily run queries on live data without testing them first.

  • (cs) in reply to TheEgg
    TheEgg:
    Swedish tard:
    ammoQ:
    Quango:
    So, Maurice let someone who does not know how to open a command prompt loose on a live database. He is the WTF, not Ben.

    What could possibly go wrong?

    Considering that the tool didnt even know what a CLI was, nevermind how to start it, I'd say the risk of him breaking something was next to none... Although, he COULD of course, by random chance, have typed in "DROP DATABASE"... But I'd say there is a greater chance of that happening by bit flips because of background radiation. ...

    I've seen it happen.

    Had a situation where every single time a particular java program I was maintaining / troubleshooting invoked a procedure which performed a particular operation on a db (something like "SELECT user_id FROM user_table WHERE user_name=<whatever>") it would always return e.g. "546". I spent longer than I needed to do debugging my code till I actually investigated the database by hand, and found that every single instance of user_id in the table had magically been converted into "546". After shitting several bricks wondering what I'd done, I eventually alerted the DB management team who also shit several bricks and had histrionics. When did it happen? 11:24 this morning, came the message. Then one of the production support guys, after intensive questioning, said something like, "Oh yeah, I typed "UPDATE user_table SET user_id='546'" but I musta forgotten the "where" clause."

    The real WTF here is that before that morning we did not have rigid controls and procedures in place to ensure that the above occurrence (or any similar variant) could not be allowed to happen.

  • (cs) in reply to Bruce W
    Bruce W:
    no laughing matter:
    * Who-the-fuck names a server RHODODENDRON?
    That was one of my first questions when reading the story. And, being a terrible speller, I would have smacked the person who named it since it would be easier for me to remember the server's IP address than how to spell "Rhododendron".

    Worked at a place where the machines were named "Grieg", "Holst", "Elgar", "Mozart" etc. I pointed out that "Grieg" is not that easy to remember how to spell (is it "Greig"?) and perhaps they should have used Tchaikovsky, Rachmaninov, Messiaen and Khachaturian.

  • (cs) in reply to jay
    jay:
    If we had given him a quiz during the interview where he actually had to write some code, we would have seen the problem. But we didn't do that.

    I've been writing code for almost 30 years now and had ONE interview where they asked me to write some code.

  • (cs) in reply to DrPepper
    DrPepper:
    jay:
    If we had given him a quiz during the interview where he actually had to write some code, we would have seen the problem. But we didn't do that.

    I've been writing code for almost 30 years now and had ONE interview where they asked me to write some code.

    You've been working for Coca-Cola for 30 years? j/k

  • Norman Diamond (unregistered) in reply to DCRoss
    DCRoss:
    cellocgw:
    TRWTF is "HR sent ...." So nobody technical interviewed this guy? Who approved hiring him? and so on.
    Sean approved him, but they only spoke Elbonian in the interview.
    No, HR approved him because he spoke English in the interview. He spoke English perfectly. No other skill was required.
  • Norman Diamond (unregistered) in reply to Matt Westwood
    Matt Westwood:
    Worked at a place where the machines were named "Grieg", "Holst", "Elgar", "Mozart" etc. I pointed out that "Grieg" is not that easy to remember how to spell (is it "Greig"?) and perhaps they should have used Tchaikovsky, Rachmaninov, Messiaen and Khachaturian.
    Correct spelling of three of those names requires the Cyrillic character set. It can be done though Windows will get confused. Transliterations are not a good idea because when using Italian characters the substring "ff" doesn't match the substring "v", "tsch" doesn't match "tch" or "ch", etc.

    (I thought you misspelled Messiaen, but then, just in time, Google saved me from obeying Muphry's law.)

  • Bill C. (unregistered) in reply to Geoff
    Geoff:
    I have had interns who were super exited to work on datacenter infrastructure servers and such. You also make them show you that have some basic trouble shooting skills and common sense around scope an impact first.
    Sounds good to me. Who needs spelling or grammar when super exited interns?
  • Darth Paul (unregistered) in reply to jay
    jay:
    Bruce W:
    no laughing matter:
    * Who-the-fuck names a server RHODODENDRON?
    That was one of my first questions when reading the story. And, being a terrible speller, I would have smacked the person who named it since it would be easier for me to remember the server's IP address than how to spell "Rhododendron".

    Hey, this gives me some ideas about security. Give objects names that are hard to spell. That should at least slow people down.

    If the attack can be scripted, it only has to be spelled correctly once. Even if you name things from a password generator.

    Of course, I meet lots of people who don't realise their tasks can be scripted - and always should be where possible, for repeatability, avoiding errors and troubleshooting the history of past mistakes.

  • Matt (unregistered) in reply to Oleg Bonobo

    I hope to God they didnt "payed" you.

  • (cs) in reply to Quango

    Oh no! You see there are three servers: The Production Server, The Development Server, and The Moron Server. Maurice gave him full access to the third.

  • (cs) in reply to Norman Diamond
    Norman Diamond:
    Matt Westwood:
    Worked at a place where the machines were named "Grieg", "Holst", "Elgar", "Mozart" etc. I pointed out that "Grieg" is not that easy to remember how to spell (is it "Greig"?) and perhaps they should have used Tchaikovsky, Rachmaninov, Messiaen and Khachaturian.
    Correct spelling of three of those names requires the Cyrillic character set. It can be done though Windows will get confused. Transliterations are not a good idea because when using Italian characters the substring "ff" doesn't match the substring "v", "tsch" doesn't match "tch" or "ch", etc.

    (I thought you misspelled Messiaen, but then, just in time, Google saved me from obeying Muphry's law.)

    Good call - such a concern was at the back of my mind when I suggested it.

    I have a friend whose surname is Czajkowski who writes under the pseudonym Tchaikovsky because it was generally considered easier all round.

  • (cs) in reply to Darth Paul
    Darth Paul:
    jay:
    Bruce W:
    no laughing matter:
    * Who-the-fuck names a server RHODODENDRON?
    That was one of my first questions when reading the story. And, being a terrible speller, I would have smacked the person who named it since it would be easier for me to remember the server's IP address than how to spell "Rhododendron".

    Hey, this gives me some ideas about security. Give objects names that are hard to spell. That should at least slow people down.

    If the attack can be scripted, it only has to be spelled correctly once. Even if you name things from a password generator.

    Of course, I meet lots of people who don't realise their tasks can be scripted - and always should be where possible, for repeatability, avoiding errors and troubleshooting the history of past mistakes.

    The trouble is with a lot of tasks is that writing the script can be a major arse-pain in itself. Had a situation yesterday when on site at a customer, where I needed to get a war file from my machine to the customer's, and there was a proxy issue with the ftp process that nobody had the wit to sort out. So I used 7z to split the file into emailable-sized chunks (10 of them) and sent 10 emails one after another to the customer-side guy each with a separate chunk of that war file. Needed to do it twice more that day. Now a script would have helped me there, but determining the most appropriate scripting tool to use (I only know ant) and working out how to use it to do that task were more effort than I had to spend.

    Anyone care to write a script to do something like the above?

  • Yazeran (unregistered) in reply to Matt Westwood
    Matt Westwood:

    The trouble is with a lot of tasks is that writing the script can be a major arse-pain in itself. Had a situation yesterday when on site at a customer, where I needed to get a war file from my machine to the customer's, and there was a proxy issue with the ftp process that nobody had the wit to sort out. So I used 7z to split the file into emailable-sized chunks (10 of them) and sent 10 emails one after another to the customer-side guy each with a separate chunk of that war file. Needed to do it twice more that day. Now a script would have helped me there, but determining the most appropriate scripting tool to use (I only know ant) and working out how to use it to do that task were more effort than I had to spend.

    Anyone care to write a script to do something like the above?

    #!/bin/bash split --bytes=SIZE $1 mail_file_name_ for f in mail_file_name_*; do mutt -s "Part of file" -a $f [email protected]; done

    Yazeran

    Plan: To go to Mars one day with a hammer.

  • chris (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    Database master, Master database, same thing, right?
    Surely one of the above is the Hungarian notation?

    We get the same sort of thing in variable and function names thanks to the language barriers around a few individuals...

  • (cs) in reply to Rodrigo
    Rodrigo:
    PedanticCurmudgeon:
    Smug Unix User:
    Look at it this way. He has no skills so you don't have to untrain him from his bad ways.
    The problem with that is Ben doesn't know he has no skills, and will most likely furiously resist any efforts to get that piece of information into his head.
    This is quite true. Indeed, helping junior devs or interns is a pleasant task; but when the JUNIOR has 5 years of experience and is hired as SENIOR the situation becomes complicated.
    Depends. If you have only six years of experience, he's pretty much guaranteed to ignore you. If you have a bit more, ten years say, you may well get away with it. By the time you get to my level, at almost 25 years, you have made the transition in his eyes to a crumbly old fart who doesn't know from rocks about modern programming shit.
  • (cs) in reply to jay
    jay:
    Hey, this gives me some ideas about security. Give objects names that are hard to spell. That should at least slow people down.

    Or deliberate subtle misspellings. I had a problem yesterday why my file wasn't being included in a page, turned out it was named something.tempate.html. Took me a while to see the missing letter! (TRWTF is this system silently ignoring missing files...)

  • OneDayWhen (unregistered) in reply to Pista

    What do you think is dangerous about DELETE * FROM DatabaseNameHere on a SQL Server?

  • ER (unregistered) in reply to Pista
    Pista:
    Actually, I think that the moron is rather dangerous. He might have some scattered memories of SQL commands (like DELETE * FROM <dbName>)

    You occasionally come across stealth morons.

    Had a database bloke start (old bloke) who didn't like using all this new-fangled pointy-clicky stuff, he did his queries the old-fashioned way with lots of keyboard bashing. Each to their own, I guess.

    After seeing him cheerfully typing away I assumed he was competent (sigh) until the day I got called in to fix a DB where he managed to delete a few of everything - not sure how he managed that. Yes, on the production DB.

    While enquiring exactly how he managed to do that, it transpired he knew about the SELECT statement, the others not so much.

    He also casually asked about how you do queries when the text has quotes in it - "WHERE Name='O'Reilly'" stuff.

    In hindsight while his SQL query typing skills were impressive, I don't recall actually seeing them run.

  • (cs) in reply to Matt Westwood
    Matt Westwood:
    Had a situation where every single time a particular java program I was maintaining / troubleshooting invoked a procedure which performed a particular operation on a db (something like "SELECT user_id FROM user_table WHERE user_name=<whatever>") it would *always* return e.g. "546". I spent longer than I needed to do debugging my code till I actually investigated the database by hand, and found that *every single instance* of user_id in the table had magically been converted into "546". After shitting several bricks wondering what I'd done, I eventually alerted the DB management team who also shit several bricks and had histrionics. When did it happen? 11:24 this morning, came the message. Then one of the production support guys, after intensive questioning, said something like, "Oh yeah, I typed "UPDATE user_table SET user_id='546'" but I musta forgotten the "where" clause."

    The real WTF here is that before that morning we did not have rigid controls and procedures in place to ensure that the above occurrence (or any similar variant) could not be allowed to happen.

    Well that's not all:

    WhyTF don't you have a PK constraint or unique index on your user_id column?

  • OneDayWhen (unregistered) in reply to Matt Westwood
    Matt Westwood:
    *every single instance* of user_id in the table had magically been converted into "546".... "Oh yeah, I typed "UPDATE user_table SET user_id='546'" but I musta forgotten the "where" clause."

    The real WTF here is that before that morning we did not have rigid controls and procedures in place to ensure that the above occurrence (or any similar variant) could not be allowed to happen.

    The real WTF is having an IDENTITY column as the primary and sole key on the table.

  • (cs) in reply to Coyne
    Coyne:
    chubertdev:
    nimis:
    [...] I know, I know comparing the outputs of two very similar queries (like one on QA and one on production) is something that no one would ever think of doing.

    Because Ctrl+S, Ctrl+C, Ctrl+V, etc...are too hard. :facepalm:

    Seriously? Copy a 1-billion row output from production and paste it into another file so it can be compared to the test output?

    Man, I want to see the price tag on the system that has enough memory to have a clipboard that will handle that cut and paste...

    __________

    "Cut and paste is not the solution you are looking for!" -Obi-Wan Kenobi

    Seriously? Cut and paste the QUERY into a new panel and execute that, you tool.
  • jay (unregistered) in reply to Nexzus
    Nexzus:
    jay:
    In my humble opinion, any interactive query tool should at least have a warning if you attempt to execute a delete or update without a where clause. I wish they were required by the syntax. I'd rather have to type "delete from mytable where 1=1" for the rare case where I really do want to delete all the records, then to have it accept "delete from mytable" without question. I've had times where I've gotten distracted and forgot to type in the where clause.

    I understand where you're coming from, but I gotta say transactions are your best friends if you need to work with a DB but aren't a full time DBA.

    I was talking about interactive query tools, i.e. things you use for quick ad hoc queries, not db interaction from within a program. None that I've used automatically wrap ad hoc queries in a transaction, and few people typing in an ad hoc query are going to wrap it in a transaction and check the results before committing, even if the tool provides for that.

  • Barf 4Eva (unregistered) in reply to OneDayWhen

    lol... a+

  • Barf 4Eva (unregistered) in reply to OneDayWhen
    OneDayWhen:
    Matt Westwood:
    *every single instance* of user_id in the table had magically been converted into "546".... "Oh yeah, I typed "UPDATE user_table SET user_id='546'" but I musta forgotten the "where" clause."

    The real WTF here is that before that morning we did not have rigid controls and procedures in place to ensure that the above occurrence (or any similar variant) could not be allowed to happen.

    The real WTF is having an IDENTITY column as the primary and sole key on the table.

    I agree with this sentiment, for the most part. Define a PK as the unique business key contraint, and use a unique clustered key for the identity if table is massive, which can then be FK'd off of for relations.

  • (cs) in reply to OneDayWhen
    OneDayWhen:
    Matt Westwood:
    *every single instance* of user_id in the table had magically been converted into "546".... "Oh yeah, I typed "UPDATE user_table SET user_id='546'" but I musta forgotten the "where" clause."

    The real WTF here is that before that morning we did not have rigid controls and procedures in place to ensure that the above occurrence (or any similar variant) could not be allowed to happen.

    The real WTF is having an IDENTITY column as the primary and sole key on the table.

    I'm fucked if I can work out what this comment has to do with anything I posted.

  • (cs) in reply to Yazeran
    Yazeran:
    Matt Westwood:

    The trouble is with a lot of tasks is that writing the script can be a major arse-pain in itself. Had a situation yesterday when on site at a customer, where I needed to get a war file from my machine to the customer's, and there was a proxy issue with the ftp process that nobody had the wit to sort out. So I used 7z to split the file into emailable-sized chunks (10 of them) and sent 10 emails one after another to the customer-side guy each with a separate chunk of that war file. Needed to do it twice more that day. Now a script would have helped me there, but determining the most appropriate scripting tool to use (I only know ant) and working out how to use it to do that task were more effort than I had to spend.

    Anyone care to write a script to do something like the above?

    #!/bin/bash split --bytes=SIZE $1 mail_file_name_ for f in mail_file_name_*; do mutt -s "Part of file" -a $f [email protected]; done

    Yazeran

    Plan: To go to Mars one day with a hammer.

    Much obliged.

  • (cs) in reply to no laughing matter
    no laughing matter:
    Matt Westwood:
    Had a situation where every single time a particular java program I was maintaining / troubleshooting invoked a procedure which performed a particular operation on a db (something like "SELECT user_id FROM user_table WHERE user_name=<whatever>") it would *always* return e.g. "546". I spent longer than I needed to do debugging my code till I actually investigated the database by hand, and found that *every single instance* of user_id in the table had magically been converted into "546". After shitting several bricks wondering what I'd done, I eventually alerted the DB management team who also shit several bricks and had histrionics. When did it happen? 11:24 this morning, came the message. Then one of the production support guys, after intensive questioning, said something like, "Oh yeah, I typed "UPDATE user_table SET user_id='546'" but I musta forgotten the "where" clause."

    The real WTF here is that before that morning we did not have rigid controls and procedures in place to ensure that the above occurrence (or any similar variant) could not be allowed to happen.

    Well that's not all:

    WhyTF don't you have a PK constraint or unique index on your user_id column?

    Aha yes, that was the other thing: "Why isn't there a PK constraint or unique index on the user_id column?" I asked. "Er, because that breaks the app because there's some places where there is more than one user with the same ID."

  • Herbit (unregistered) in reply to Smug Unix User

    Maurice completely missed the point. He was supposed to fully train Ben so that Ben could take over his job at a reduced rate of pay and Maurice would be fired.

  • Varg (unregistered)

    Seriously, on the day a new colleague started he didn't know how to launch the command prompt. Over one year later he's still making my work a misery.

    Opening a command prompt is such a vital barometer of computing skill, it should be a standard part of any interview process.

  • Ray (unregistered)

    ...but I bet he interviewed well.

  • IN-HOUSE-CHAMP (unregistered)

    How did that code compile?

Leave a comment on “The Database Master”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article