Browsing articles in "Data"

I’m SQLPASSed out – My Trip Report from Seattle

Nov 15, 2010   //   by Karen Lopez   //   Blog, Database, Professional Development, Social Networking, Speaking  //  2 Comments

Whew! 

IMG_0982[1]I spent last week in Seattle attending the Professional Association for SQL Server (PASS) Summit (as if you could not tell from my tweet stream). Like most successful conferences, there was more to it than a bazillion sessions.  There were so many events: vendor events, unofficial events, pre-cons, post-cons, impromptu events and more.  I feel as if I couldn’t stretch myself far enough to take advantage of all them.  Did I mention there were sessions, too?

We arrived in Seattle on Friday so that we could do our obligatory cross-border shopping at our favourite not-available-in-Canada retailers: Fry’s Electronics, Kohl’s, Target and Trader Joes.  It is my goal to shop at every Fry’s in the US; so far I have tackled more than half of them.  We didn’t buy much there, but its like visiting a gadget museum.  Geekiness for the win.  We spent time on Saturday shopping as well.  We were doing our best to help stimulate the US economy.

We also spent time visiting with friends, including Yanni Robel, John Robel, Corey Smith and Eva Smith.  We know Yanni and John from the SQLCruise.  We know Corey and Eva from numerous DAMA events.  But we built these friendships via the conversations we have via Twitter and Facebook. 

On Sunday I participated in Freecon, a special event for bloggers and social media celebrities from the SQL Server world.  This event, hosted by Brent Ozar, covered topics such as developing content, dealing with plagiarism, monetizing writing, and consulting skills.  I’d love to see this event develop into a writers’ guild for those of us putting content out there. 

IMG_1043[1] Monday was the opening session for the PASS Summit.  There was a Quiz Bowl “panel”, where SQL “elites” played a Jeopardy-like trivia game.  I’d love to see Enterprise Data World (EDW) offer a similar opening session event.

I’m not going to list all the sessions I attended, but I wanted to point out that there were several sessions that focused on data architecture topics.  My own session on “Starting with More than a Blank Page” focused on how to best adopt data model patterns/industry standard data models.  A session by Louis Davidson covered Intro to Database Design.  Normalization is a tough topic to cover in just over an hour and I thought he did a great job helping people visualize why the normal forms exist. 

It took me a while, but I managed to meet up with Neil Buchwalter, Product Manager of CA ERwin Data Modeler.  CA is a founding organization of PASS and Neil has a spot on the PASS Board.

IMG_1036[1]Wednesday was SQLKilt day.  What a hoot. There were many attendees dressed in kilts,  mostly just because they could, but also in honour of the Women in IT.  In fact, Jen McCown of MidnightDBA fame produced t-shirts to link the kilts to WIT.  That’s Sean McCown there, sporting a kilt and the t-shirt that asks “What are you doing” for women in IT.

Did I mention that several people found new jobs/gigs right at the conference?  There was a job board in the exhibits area, but most of these “connections” happened ad hoc during the lunches, coffee breaks and informal get-togethers that surrounded the event.  As I tweeted, #Network to #Getwork.

Network to Getwork

As I have blogged before, one of the best things about attending SQLPASS was that Rob and I knew hundreds of the attendees, even though it was my first time attending this event.  The connections we made on Twitter, Facebook and LinkedIn prior to the conference paid off in spades for us during the event.  Sure, I was a first timer, but it wasn’t a bunch of first conversations. For me, this is the real power of tying together virtual and in-person events.

I’m bringing home a DVD of the SQL Server new version codenamed “Denali”.  I’m looking forward to getting it installed, then moving on to all the evaluation licenses I received for third party tools.

I will definitely be back for next year’s PASS Summit, again in Seattle in October 2011 and SQLRally 2011, located in Orlando in May.  I want to continue learning about SQL Server and making connections with industry leaders in this space. 

New Blog Location

Nov 3, 2010   //   by Karen Lopez   //   Blog, Data  //  No Comments

LoveYourDataChickNoAvatarMed While we’ve been using DotNetNuke as both our blog and website content management system for a long time, we are taking the plunge and moving our blog content off DNN and on to a self hosted WordPress platform.

This is going to allow us to take advantage of better posting and reading features, as well as better support multiple bloggers (like letting Rob Drysdale (@projmgr) post under his real name instead of mine.

You’ll also find it easier to comment on and participate in discussions about our blog posts. Remember, responding to and giving feedback to a blogger is one of the greatest gifts you can give to support more blogging.

If you subscribe to our blog via Feedburner, you won’t have to change anything: we’ve updated the feed link for you.  If you manually surf to our blog, the new address is:

www.datamodel.com

Overall this shouldn’t be a huge change, other than making it easier for us to post more relevant content.

If you have any questions or have any issues with this location change, please let us know.

It’s all about the data….

Sep 20, 2010   //   by Karen Lopez   //   Blog, Data, Fun  //  No Comments

image

SQLCruise – The “Social-ism” Factor

Jul 23, 2010   //   by Karen Lopez   //   Blog, Database, Professional Development, Social Networking  //  No Comments

In my previous post, I wrote about my plans to embark on a traincation on SQLCruise.

Like all these events, the sponsors have been fabulous, going well beyond what normally they might do for a regular 15-person event.  Why? Because their "reach" has expanded well beyond those 15 people.  Each person involved with this event has been promoting it.  Everyone who follows us on Twitter and Facebook has been exposed to this event and the sponsor’s products. I’m guessing that’s more than 100,000 people.  The impact the sponsors have had on the success of event is so important that I’m reserving a blog post for them, coming up next. 

I mention this because I think it is a real game-changer for how companies interact with their current and future customers.  It used to be that vendors only wanted to sponsor events with many warm bodies in attendance because other than the printed brochure, that was pretty much the entire marketing reach for sponsors. These days, though, the reach can be much further.  For instance, this blog post is going to be read by more people than just those of you who would normally visit our website.  This post will be automatically posted to my own Facebook and Twitter feeds.  And I’m willing to bet that a number of my followers and social networking friends are going to share it with their followers and friends. They will be re-tweeting it, sharing it on Facebook, and commenting on it on LinkedIn. 

Forward thinking organizations, such as the sponsors of SQLCruise, get that. The power of social networking isn’t just the re-connecting with your high school friends, but in connecting with people who know people you know.  Remember my post about job hunting?  The same principle applies here, too. 

Our tweeting about the event even managed to get to Dave Webb, Editor of ComputerWorld Canada, who wrote about the event as Sea, Sun, and SQL.

It works the same way locally, with in-person events.  In fact, it is easier to have long, in-depth conversations with real life events.  However, that doesn’t scale well when you want to reach hundreds of thousands of people.  So organizations need to leverage both types of marketing – the traditional meet-and-greet events such as your local DAMA or IRMAC meeting and the events that are much more shared and promoted online.  Sponsors for online events can often get more focused marketing, hitting more of their primary market via the communication that happens from follower to follower.

Why am I telling you, Dear Architect, about sponsorship and social networking?  Because you can apply the same principles to your own internal marketing of your deliverables and services.

Does your company have a portal?  An internal blog?  Are you and your colleagues in your group making use of them?  Or are you just relying on quarterly status meetings within the IT group to get the word out for what you are doing?  How many people in your company:

  • Know what a Data Architect does?
  • Know what deliverables a Data Architect delivers?
  • Know what you do, what your struggles are, and understand how they have an important role to play when it comes to getting data right?

What about your project teams? Do they have a wiki, a blog that you could be contributing to? 

It’s time to think about your "reach".  The more people who know who you are, what you do, and why you just might be the only people in IT who are compensated to worry about data quality, data availability and information success, the better.

But just telling people about it via a description of your job title on the corporate portal might not be enough.  You need to interact with others in your company and your team members.  That means embracing the social networking, internally and externally, to grow your network of contacts. And in doing so, you will learn about their struggles, their deliverables, and their needs.

Required Reading: TOP 25 Most Dangerous Programming Errors

Feb 1, 2009   //   by Karen Lopez   //   Blog, Compliance and Regulation, Data, Data Breach  //  No Comments

Error ISS Trainin Module SCAM-CE GHF-CE

The SANS Institute and the Common Weakness Enumeration (CWE) project released last week a list of the top 25 programming errors.  This resource, which lists the error and the project phases/tools/processes to which they apply, should be required reading, on a regular basis, by all team members on a development project. While this page refers to programming errors, I believe this is a great checklist of development errors, as some of them apply to architectural and methodological issues.

SANS Institute – CWE/SANS TOP 25 Most Dangerous Programming Errors

Experts Announce Agreement on the 25 Most Dangerous Programming Errors – And How to Fix Them
Agreement Will Change How Organizations Buy Software.

Project Manager: Bob Martin, MITRE
Questions: top25@sans.org

(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.

The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 – and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

Even in 2009 I am constantly struggling with getting vendors and my own developers to acknowledge the importance of dealing with these issues.  As a project manager, I’m the one ultimately responsible for ensuring that delivered systems will do no harm, but that’s one of the hardest parts of my jobs.  Why?

  • Most of my newer developers have never received any formal education, training, or testing on many of these issues.
  • Many vendors rely on customer requests or customer production testing to identify these errors. 
  • Most packages, with anti-reverse engineering clauses in their terms of use, forbid inspecting code for these vulnerabilities.
  • Business users often don’t understand the short and longer term implications of neglecting these professional issues…nor should they have to.  But since we don’t have a "building code" or standards of practice in IT, we architects and project managers have no external authority to fall back on when users want to cut the security and protection steps of a project.
  • Many people still naively cling to the belief that the tools they use automatically protect them from these weaknesses.

Of particular interest to those of us working in the data and information responsibilities of a project are these development errors:

CWE-20: Improper Input Validation

It’s the number one killer of healthy software, so you’re just asking for trouble if you don’t ensure that your input conforms to expectations…MORE >>

I am constantly asked to allow the programmers to research and implement the validation rules for input data, since this cuts down on the amount of analysis needed and allows coders to get coding faster….and it always leads to less than acceptable validation, as coders don’t have time to go research the data — they need to be coding.  It’s a vicious circle.

CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)

If attackers can influence the SQL that you use to communicate with your database, then they can…MORE >>

This involves using the lowest level of authority required to get the job done, among other things.  Yet developers usually want to develop, test, and deploy while using administrator-level authority.  Code should not be tested while running under administrative authority since it should not be deployed that way, either.  It is amazing to me how many people tell me they *must* have the SA password in order to code.  They may need some administrative-like rights, but no-one needs the SA account to develop code.  Not even DBAs.

I work with a few vendors who tell me that their packaged application must run under the SA account and the Windows Administrator, in production.  No amount of discussion with their "lead developer" will change their minds. It’s pure laziness and cluelessness to design a product that requires these rights. I have convinced many a client to replace software (and therefore vendors) that require this type of authorities.

I find this list to be of sufficient importance that I’m recommending that teams schedule a specific effort to review, discuss, and create an action plan for addressing these items.

So go pour yourself a coffee/tea/cola/water and start reading.  Your customers will thank you.

Subscribe via E-mail

Use the link below to receive posts via e-mail. Unsubscribe at any time. Subscribe to www.datamodel.com by Email


Categories

Archive

UA-52726617-1