Voice of the DBA Steve Jones

The last 10-15 years in software development have seen a widespread embracing of unit testing. Before the popularity of mobile phones and their apps, most of the organizations I'd worked in gave lip service to automated unit testing, and often even more complex integration/system tests.
These days, it seems more and more people embrace unit testing, and I hear about that often from customers and attendees at events. I don't often hear about more comprehensive integration and system testing, I found an interesting article from the Pragmatic Engineer that looked at how the Bluesky social network was built. The article is partially paywalled, but I  have subscribed because of the interesting thoughts they publish. In this article, there was a really interesting part of the article on testing. This is a section titled "Integration tests over unit tests".
Read the rest of Where to Test Your Code

There are lots of resources for learning: articles at SQL Server Central, blogs, user groups, SQL Saturday and other events, conferences, and more. In most of those cases, the editor, author, or speaker is deciding what they want to write about. If you want to learn something different, you need to go search out that information. You can certainly request topics from others, but they may or may not listen to you.
At least not as an individual.
Read the rest of What Do You Want to Learn?

In the last few months, I've been traveling around at a few of the Redgate Summits (one more in NYC coming) running panels on cloud journeys. I've had industry experts, both technical and managerial, discussing their approaches and journeys with advice and caveats for others. It can often be more than just migrating systems, so a lot of people have started to talk about cloud transformation.
However, in some cases, this is just a migration. A lot of companies just lift-and-shift their databases into the cloud, along with various other services. While this is a quick way to get into the cloud, it isn't much of a transformation. If you review and right-size the resources you've provisioned, maybe there is a bit of a transformation, but not a lot.
Read the rest of Cloud Transformation

SQL Injection has been a problem for my entire career. Thirty years ago I could have easily just blamed this on ignorance, as most of our developers didn't think about the nefarious ways that hackers enter data in our applications. These days, there isn't a good reason for this to keep happening, and the problem is us. I think that we don't provide good examples or training on secure coding or secure architecture as a normal part of teaching programming. In many organizations, we don't check for issues and prevent their release. Some do, but many don't. On top of this, the existing code is usually a poor template for writing future code. I do think Microsoft aims for secure coding in SQL Server but in Windows, there is work to be done there.
A few months ago, I saw an article that noted the US CISA organization and the FBI issued a secure-by-design alert (PDF) that noted there is no excuse for SQL Injection vulnerabilities (SQLi) in modern software. This alert notes that SQLi has been an "unforgivable vulnerability" since at least 2007. Inside the document on vulnerabilities, it notes that a single quote can't be used in certain fields: username, password, ID field, or numeric field. They also note that co-mingling user data and query data, like constructing queries on demand, is a poor practice.
Read the rest of SQL Injection Is Not Acceptable

I almost called this "chasing a new laptop" since that's what I'm doing, but I decided to add the date because the current laptop I've using was built in March 2019 and got to me in May 2019. I've had an HP Spectre x360, my second HP Spectre, and I've really enjoyed it. I'm also amazed it still runs. On the last few trips, the two rubber strips that run along the bottom (acting as feet) started to peel away. I've never seen that before and I tried to re-attach them a few times, but that didn't work well.
Not a big deal, and I can live with that, but then during my Australian tour, the laptop started pausing and freezing a few times. It might be that there is too much software on there and needs a pave-and-reinstall, but I decided to check the age on the machine. That was when I realized it was five years old. It's been a great machine, but I don't think I've ever had a work laptop last that long with daily use. Of course, there was about a year during the pandemic when it was rarely used, so maybe its life lengthened during COVID.
Read the rest of Five Years and Counting

One of the interesting things that I see at Redgate Software is how idealistic our developers and engineers can be. They often build our database DevOps products with the idea that customers will use well-designed databases. The systems will have primary keys, foreign keys, defaults, constraints, indexes, and more. Developers will use coding standards, and naming conventions, and will understand what data is stored in tables. Not in every case, but often.
After all, that's how we build software, as teams, sharing information, publishing documentation for others, and following best practices.
Read the rest of Poor Database Design Realities