- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Now, why is it that so many morons out there insist on adding a "www." somewhere in their e-mail address when it isn't there? It's something I've observed over and over again in data coming into web forms I've programmed.
Admin
I code primarily in VB and even I want to beat the &%$* out of this 'GURU'.
Sounds like a good case for an idiot proofing SQL server mod, which automatically revokes privileges from user accounts trying to execute obviously-incompetent SQL statements. Call it the 'three strikes and you're out' mod.
Admin
George is my friend.
Admin
That's what you can expect when you hire any kind of technology "guru." A guru is a spiritually attuned Indian who lives in a remote shack. It has nothing to do with technology and anyone who tells you otherwise is going to scam you.
Admin
Stoopid rabbit, George is my friend.
Admin
Admin
Admin
Look at it from the bright side. If they hadn't had constraints, his first attempt of "update x set email = 'y'" would have deleted all emails.
By the time trial and error had taught him how to disable constraints, he had learnt enough sql to write a proper update statement.
Admin
I think your dictionary failed. There is nothing improper about using 'guru' in this context. From m-w.com:
gu·ru
Function: noun 1: a personal religious teacher and spiritual guide in Hinduism 2 a: a teacher and especially intellectual guide in matters of fundamental concern b: one who is an acknowledged leader or chief proponent c: a person with knowledge or expertise : expert
Admin
^^ Bad troll is bad. (TopCod3r where are you...)
Admin
I can imagine SQL Guru becoming more and more agitated, until the end, when the awful realization comes in: 'Oh, shit.'
I've been there, boss behind your back, some client bigwig knob has forgot his password, the UI isn't ready yet, and have to update in production. I think a safety setting to disallow UPDATE and DELETE without WHERE clauses would help.
Admin
Almost unbelievably, some people just regard computing-related tasks as some kind of black-box necessity of their job/something which they're forced to do by current trends/etc*, rather than making a career out of it.
Admin
Either you're trolling, or you've never heard of ROLLBACK.
Admin
Why is it that so many morons think email domains must not consist of three or more levels?
Admin
Seriously, folks. Keys should be nice, safe, machine-generated sequence numbers. Let your users screw up typing their information to their little hearts' contents; as long as your keys are internal-use-only, your data integrity will be much safer.
Oh, and here's an idea before hiring a guru: interview them as if you were hiring them for a permanent position. Include some coding questions. If they fail, boot 'em and take away their credentials.
Admin
Admin
The real WTF is that the users didn't know how to format an email address.
Admin
No, the correct response is "THANKS! IT'S SO MUCH EASIER TO TYPE NOW!"
Admin
This happened to me. They manager and her team told me what they wanted. We mocked up a design and showed them what they told me they wanted. I delivered what she told me she wanted. It didn't do what they needed. She quit. New manager told me what they wanted. I delievered what new manager told me that wanted. It worked.
Admin
http://sql-info.de/mysql/notes/I-am-a-dummy.html
Admin
This is a good argument for a sequence generated primary key and a unique key constraint on the email address field.
Admin
Hi, I'm the comment guru
Admin
Admin
CONTROL, MOTHERFUCKER
Admin
heard != use
Admin
PS the one labeled Caps Lock doesn't do anything. Is that because it's a primary key?
Admin
The scary thing is when they do this and it's actually a valid email address as well.
Admin
That's what happens when developers try to be cute! Is there a setting --so-damn-tired that logs you out if you make three syntax errors in a row?
Admin
That SQL expert's SQL was even worse than Alex Papadimoulis' english.
Admin
No CVS or SVN? Or some version control software? Now that's the WTF.
Admin
Admin
Admin
I'd love to see just ONE system involving database storage that you've written that I couldn't completely destroy by updating a Key/ID field to be any number/text of my choosing. Especially when given direct production access.
Hell the "Guru" even went so far as to remove the constraints that stopped him from doing what he wanted to do that was going to break the database. It wouldn't have mattered what the developers did here, the "Guru" could have demolished any system in the amount of time it takes to Google "SQL HELP HOW TO UPDATE OR MODIFY COLUMN".
The WTF here would be that whoever is running Aderific's IT decided to give the guy direct access to a production database. The lack of backups (and presumably the lack of a dev system altogether) are secondary WTFs.
Admin
I don't mean to pick on The Bruces, but can anyone point out where exactly in the main article it says anything about the Email actually being the key on the field. The email is the username. Unless they did something else stupid that is not mentioned in the article, it is NOT THE KEY. The Unique constraint is so that there are not duplicate usernames. This is the same as you would do for ANY username field. It is also the only contact address information for the user.
Other than the lack of a dev/backup system, the Guru holds the blame for this one. Like I said in a prior comment, I challenge any of you to create a system that uses a database backend and has no backup/dev that I couldn't completely ruin if given direct admin access to the production database.
Admin
Its almost a shame they went back to advertising... it sounds like they didnt do too bad on their first try.
Admin
Yes, "drop database" can be fairly thorough.
Admin
Admin
Now, obviously, he's too brain-damaged to be a "guru." But, really, what is the definition of a "SQL guru?" Don't get me wrong, I love SQL as much as I can love a declarative language; but, "guru?" And what sort of company would hire a "SQL guru" anyway? What's the going rate? A bag of peanuts an hour?
What I liked was the "He also knew that their existing tools – Microsoft Access for simple internal applications and Perl/MySQL for client websites – probably weren’t the best fit," which left me waiting for the Miracle Fraudulene silver bullet -- and I wasn't disappointed.
Java and Oracle? We have both kinds of Miracle Fraudulene here...
Admin
Admin
-- Whether or not access rights are mentioned in the earlier comment.
Admin
Nevertheless, here's the previous comment:
What I get from that is that you're challenging the DBA in question to build a system that you can't hack via SQL injection or the like. Loki help us all the day an admin can't take down a system.Admin
Reminds me of a Guru that I have had the privilege to see at work. Given the job of optimising some code that was accessing a SQL database, he carefully studied the problem for 30 minutes. And then proceeded to rip out the lines of code that were updating the database and slowing the app down. Without replacing them with anything else. Suitably 'optimised', the code went to the QA team for testing and they started discovering over the next few weeks a strange regression in the capabilites of the software. Strangely enough, gaps had started appearing in the functionality where UPDATE statements had been stripped out. It was the programming equivalent of the car mechanic who given a problem rips your car's engine to pieces and then puts it back together with half of the pieces still scattered about the floor. It's a strange feeling seeing a human wrecking ball being wilfully let loose on a company's products by management.
Admin
As in cruise control for cool?
Admin
As in cruise control for cool?
P.s. I had to fix this. :(
Admin
Except, of course, you wouldn't. Not on a production database, be it staffed by all of two developers and their imaginary friend DBA. Basically, as I think we can both agree (and it's not restricted to database systems), you don't let any external consultant onto your production system, at least not without Liquidated Damages, Triple-A Rated Insurance, and I feel an ether rush coming on ... ah ... um, yes, that's better...
On the other hand, there's not much point in letting an external consultant onto your development system without giving them admin privileges; and, of course, the hourly bag-o-peanuts. As usual, it's a Separation of Responsibilities issue -- except that in this case, the responsibility for backing up the production database was apparently so separated that it just plain floated out into space.
(Incidentally, for those wondering what "They could never quite get back to the original system" means, I strongly suspect that this has far less to do with a lack of backups and far more to do with persuading management to accept the status quo ante guru. Monkey see, monkey not undo.)
PS You missed the PL/SQL comment joke at the end. I really must develop a sense of humor one day.
Admin
Yeah well it's very easy to take the piss out of consultants and gurus when you see a story like this. I say, more fool them for
Admin
Nope. By 'tab' he actually meant the delicious non-carcinogenic soft drink available at your local supermarket! A can of it was sitting on his desk next to his keyboard.
Admin
Admin
Admin
Don't worry, you ain't the first and certainly won't be the last. Not sure what the point of the 'reply' button is.
p.s. Let's not get into the "ain't" debate again. Actually, let's pretend I didn't write it.