Pseudonymization and the Inference Attack

It is surprising that so much can be identified by deduction from data. You may assume that you can safely distribute partially masked data for reporting, development or testing when the original data contains personal information. Without this sort of information, much medical or scientific research would be vastly more difficult. However, the more useful the data is, the easier it is to mount an inference attack on it to identify personal information. Phil Factor explains.… Read more

SQL Data Aggregation Aggravation

When we have to deal with and store a lot of data, it makes sense to aggregate it so that we store only the information we actually need. If we get this right, this works well, but the design of the system takes care and thought because the problems can be subtle and various. Joe Celko describes some of the ways that things can go wrong and end up providing incorrect, inaccurate or misleading results.… Read more

Morphing the Monolith

Microservices can certainly be made to work well for particular types of applications, but is it relevant to the mainstream? Can it replace the traditional architectures of database-driven applications? Microservice architecture is a type of service-oriented architecture that was developed from the concept of Domain-Driven design (DDD) and consists of loosely-coupled services that are network-based. … Read more

Fighting Evil in Your Code: Comments on Comments

One of the most glib generalisations you can make about development work is to say that code should be liberally commented, or conversely that it should never be commented. As always, the truth is more complicated. There are many different types of comment and some types are best treated firmly with the delete key, where others are to be cherished and maintained assiduously. Even though it is hard to find two developers who agree on the topic of commenting, Michael Sorens warily sketches out the issues and the battleground.… Read more

Working From Home

The idea that one can do nothing useful as a developer unless you are in an open plan office is rather retro. Although we all get that knowing wink when we announce that we are “Working from Home”, the truth is more complicated, I think. Some people are more productive when they work from home, … Read more

To Fly, To Serve, To Fry Your Servers

So, the story goes that an Ops engineer walked into a data center with the necessary pass, a cheery wave and a ‘good morning’. Shortly afterwards, he made history. At around 8.30AM, British Airway’s entire communications systems went down at the height of the May holiday, forcing them to cancel flights from the UK’s two … Read more

WannaCry Over Spilled Data

The WannaCry ransomware attack has highlighted a serious problem. If there is negligence in your IT strategy, you are increasingly risking the functioning of your organisation, and the privacy of your customers. If you are being careless with data you don’t own, and of which you are legally only the custodian, if you are storing … Read more

Personal Data, Privacy, and the GDPR

Now that there have been well-publicised examples of the awful consequences of data breaches and data misuse, there is increasing public pressure for legislation on privacy and personal data that has enough clout to prosecute serious offenders. In the vanguard has been the EU data protection regulation, soon to be succeeded by the GDPR. It defines IT practices for data that are likely to extend worldwide. William Brewer gives a rundown of what he sees as the implication for IT practice.… Read more

The Need for Database DevTest

The first and overriding thought of the experienced developer given any new development task is, or should be, ‘How the heck am I going to test this?’. I wonder, though, how often developers neglect to ask this question. Nowadays, with Visual Studio, the debugging facilities are so good you can muddle along happily for a … Read more

Python in SQL Server

Anyone using R in SQL Server employs the procedure sp_execute_external_script, the first parameter of this being the language to use. The documentation rather obliquely says that “the script must be written in a supported and registered language“. Until recently, the only language was R, but now a second supported language, Python, has appeared. Yes, at … Read more

The Oxford Comma and Me

Many people in IT, even at Redgate where I work, see the job title “Editor” and think I spend most of my time fixing spelling mistakes, adding Oxford Commas, and thwarting an author’s ambitions to end a sentence with a preposition. They are sometimes bemused, therefore, when they learn how long a proper technical edit … Read more

Avoiding the Slide From DevOps to DevOops

If you roll out DevOps across an organization before it is culturally prepared for it, you will see warning signs that the initiative is failing. These are: Team members complain of unmanageable workloads Requirements, quality management and metrics get neglected; customer complaints increase You promote and reward the ‘firefighters’ rather than the staff who prevent … Read more

Glasnost in IT: Discarding the Old Certainties

Three of Redgate’s tools are now part of the 2017 release of Visual Studio Enterprise (as announced last week), as components of the Data Storage and Processing ‘workload’. Some might be surprised to find third-party tools being included in the Visual Studio installer, but it’s an interesting sign of the times. No longer can any … Read more

Old is the New New: SQL Server 2016 Learns Ancient Auditing Tricks

The new temporal tables in SQL Server 2016 are interesting, in that they seem a much better way of storing any financial information than conventional relational tables. They have been referred to by some as “SQL Server’s time machine”. They are system-versioned tables that allow SQL Server to maintain the different versions each row, using … Read more

The Harsh Reality Behind Big Data Misuse

Big Data has its origin in science, but it is now being used commercially to increase the information that organizations have about people. This information can uniquely identify individuals and reveal their likes, habits, propensities and wealth. The power of this information is so great that legislation on its use is having to become more … Read more

Metaprogramming

Over the history of personal computing, it seems that the best software was written by a team of five or fewer programmers. CP/M, the first PC operating system was built by one guy, Gary Kildall, though he got parts from others such as Gordon Eubanks. MSDOS originated in QDOS, again written by one person, Tim … Read more

Tying Down the Source Code

Database source code analysis can flush out weakly-authenticated database users, over-privileged users and roles, or stored procedure code that concatenates a parameter directly into the dynamic SQL string that is to be executed, and so is vulnerable SQL injection. This is great for the development team, but it is also wonderful for the hacker. Getting … Read more

Bridging the DevOps Divide

What’s the main obstacle to implementing a DevOps approach in your organization? In a recent “State of DevOps” survey conducted by Redgate, the second most popular answer to this question, after “lack of skills”, was “lack of alignment between development and operations teams“. Hmm, so you can’t do DevOps until you have a DevOps culture. … Read more