Subscribe: William (Bill) Vaughn's Musings
http://betav.com/blog/billva/atom.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
it’s  i’m  i’ve  microsoft  new  report  reporting services  reporting  server  sql server  sql  system  windows   
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: William (Bill) Vaughn's Musings

William Vaughn's Musings



Sharing opinions, tips, ramblings and industry trends.



Updated: 2016-05-25T17:40:43Z

 



Upgrade or Else?

2016-05-25T17:40:43Z

So my neighbor called in a panic (again). Late last night, her system had begun to talk to her, warning her that the only way to rescue it was to call an 800 number. Yeah, most (but not nearly all)...

So my neighbor called in a panic (again). Late last night, her system had begun to talk to her, warning her that the only way to rescue it was to call an 800 number. Yeah, most (but not nearly all) of us know this is a scam—and a lame one at that.

But what if Windows itself throws up a dialog that says: “Okay, when do want to schedule your upgrade to Windows 10?” It’s like your wife asking “When do you want to visit my mother, today or tomorrow?”

(image)

No, upgrading to Windows 10 isn’t as bad as a visit to Kansas in the summer but many (many) of us are avoiding it. My neighbor heard Windows 10 is “simply awful.”

“Where did you hear that?” I ask.
”You said so.”
”What? When?”
”A couple of years ago. You were having a lot of trouble with it,” she says.
”That was then. That was before they made a dozen fixes and several major updates. It’s fine now.”

I made a mental note to never tell her anything. I went on to assure her that I was running Windows 10 on all of the systems which could support it. My wife’s system won’t—it’s an old Pentium system and she’s thrilled she does not have to upgrade.

“I like it the way it is.” she said. It’s one of her mantras.

But to the point. Notice that this dialog does not have a close button. You either schedule the update (and it won’t let you schedule it after your 89th birthday) or do it now. IMHO, this is arrogant. Again, Microsoft needs an “Opt Out” checkbox for those who know they can’t upgrade. Sometimes it’s in the middle of tax season, or just before finals or some other important task must be completed. Maybe it’s just too intimidating.

Since my neighbor was celebrating a birthday, I promised to upgraded her system for her. I set it up in my office and let it update—it took most of the day. After having clicked “Start the Upgrade Now” the system rebooted—and started nothing. I finally ended up installing from the Media Creation Tool. I’ve had to resort to this on several WinX installs for one reason or another. It just works.

One persistent problem I found during the update was black screens. While the hard disk light was flashing, the screen was black—for a long time (hours). It finally came back to life and started a giant countdown clock. Eventually, the system came back to life. It all worked. Her (precious) pictures were where she expected them to be (in the pictures folder), her icons and programs were all there. Chrome was still installed and still had her shortcuts. The tool bar looked just like it did before. It took me twenty minutes to show her Windows 10 would work pretty much like Windows 7.

“Thanks,” she said.
”You’re welcome. And don’t call me after six.”

 

 

Flickr Tags: ,




Windows 10 Whether You Like it or Not?

2016-05-21T15:56:46Z

For those of you who have known me for any length of time know I’m not a Microsoft “booster.” I’m a consumer advocate. And yes, I have a great deal of experience with PCs. I’ve been building my own computers... For those of you who have known me for any length of time know I’m not a Microsoft “booster.” I’m a consumer advocate. And yes, I have a great deal of experience with PCs. I’ve been building my own computers since the mid-‘70s and in the early days, even written my own operating systems. This article discusses a topic near and dear to my heart—Windows 10 updates. Today, I came across a rather disturbing Facebook thread discussing Microsoft’s new push to get older systems converted to Windows 10. Now, before I get started, understand I’m on your side. I too have systems that simply can’t convert past Windows 7. One has an “old” Pentium 4 processor, the other is running Windows Media Center. All of my other desktops, laptops and notebooks are running Windows 10. And yes, I agree, Microsoft comes off as an arrogant prick when it tries to update your systems over your objections or late at night when you’re not watching. And yes, IMHO, they could have done a much better job with this rollout—but I’ll get to that later. When Windows 8 first came out, it lived on one of my systems from about two days. IMHO, it sucked (that’s a technical term). I simply hated it and restored back to Windows 7 almost immediately. I never upgraded to Windows 8.1. I saw it as lipstick on a pig. As a result, I don’t recommend it. When Windows 10 was released, I did far more research and liked what I saw. I worked slowly and after doing an image backup, converted my system very early in the WinX rollout. Yes, I had considerable trouble—having to revert my first attempt after only a week of trying to iron out “issues” (that’s what Microsoft calls bugs—it sounds better). However, after waiting another nine months, I gave Windows 10 another try and the system came up. Have I had troubles since? Sure. Let me explain why. I first started working with Windows in 1986 when I joined Microsoft (I worked there for fourteen years). My first assignment was to help hardware companies (they call them “OEMs”) write device drivers for Windows version 1.0. These complex chunks of code are used to connect Windows to video cards, printers and peripherals of all kinds from keyboards to mice to scanners. They weren’t easy to write—even in the old days—they required a very highly skilled engineer and lots of testing. Today, given the heightened emphasis on security, device drivers are a lot more difficult to write, certify and be accepted by the new versions of Windows. And this assumes the company which owns the hardware is willing to write them. Why would they? Device drivers are generally “included” with the hardware. They come with the printer or video card and folded into the price you pay. If the company has to write a more complex (and safer) version of the driver (especially for an older model) there’s nothing in it for them but good customer service—perhaps you’ll come back to them for an updated printer or a new video card. Sure, some hardware (systems) manufacturers like Dell, or HP write their own device drivers—but many just use those supplied by their vendors. But companies fail. This is a tough business and many, many hundreds of companies no longer exist—despite having functional hardware still in use all over the world. Therein lies a problem. How to get these old devices to be visible by newer versions of Windows. Well, the Microsoft engineers tried to make it easier by creating “generic” device interfaces which can (usually) interact with older hardware—and it works most of the time, with some notable exceptions as many people in the FB thread mentioned. But, for the most part, if your hardware is old, and the company that sold it is gone, your chance of using it with Windows 10 is slim. One approach you might try[...]



Outlook.Com–Just Say No

2013-06-28T19:48:28Z

I was one of those that was irritated that Google (and the NSA) were snooping through my email and sending me ads based on the fact I was sending mail about camera lenses. But then again, I didn’t use the... I was one of those that was irritated that Google (and the NSA) were snooping through my email and sending me ads based on the fact I was sending mail about camera lenses. But then again, I didn’t use the Gmail email client so I didn’t see the ads; I use Office’s Outlook—I always have and I’ve grown to trust it and understand it. I still do. About 10 days ago, I forgot my basic mantra “If it’s working don’t fix it.” I was lured in by promises of… well, to quote Microsoft Outlook.Com’s own blog: A fast, modern UI that shows you more of your email with less clutter An address book that connects to Facebook, Twitter and LinkedIn, so all your contacts are in one place Pictures from Facebook in messages from your friends, messaging that lets you chat with your friends on Facebook right from your Inbox Great tools to help handle newsletters, deals and more SkyDrive and Office built-in to make it easy to share and collaborate It sounded appealing. And I was actually thinking, wouldn’t it be nice to have my Office Outlook contacts and calendars sync with Facebook and my iPhone and my laptop without having to use gSyncit (a third-party sync tool). Admittedly, I didn’t think that through. My Facebook friends are not the same as my business and personal contacts. And I was thinking the all-Microsoft solution one with Office Outlook on one end and Outlook.com on the other would better integrate with my Windows 8 OS. Perhaps I would give up my iPhone for a Windows 8 phone. Yea, pretty thin reasoning in hindsight. But I assumed that Microsoft would not lead me astray. I was wrong. Converting my Custom Domain So, since I have my own domain and email address, I was lead to a site that walked me through the process of setting up my MX and TXT records to point to the Outlook.com mail host and validating the configuration so Outlook.com ‘trusted’ my site. Totally understandable and while the process was a bit clunky, Peter Blackburn and I got it done in an hour or so. Too bad my site wasn’t really trusted. Consider that Google also provides these custom MX and TXT records but also provides an easy to use step-by-step wizard to set them up. I’ve used it before and as we’ll see, I used it again just recently. Fortunately, I had been using the free version of Google’s custom domain service for years so when they started to charge for it, I was grandfathered in. To the rest of the world, creating a custom domain with Google means a $50/year fee. This conversion went fairly smoothly, despite having to figure out some of the finer details as to priority and timeouts myself (with the help of Peter Blackburn, my IT guru). The one important fact that the blog post left off, there is no way to get your mail out of your Gmail account into Outlook.com but I’m getting ahead of myself. Getting Connected So in Office Outlook 2013 (OO13) I was not able to connect as many of the blogs described because I did NOT need the Office Outlook Connector. This (apparently) has been removed and replaced with a version of ActiveSync (EAS). This means that the server name you provide must be m.hotmail.com and not m.outlook.com. And that’s just the beginning. All-in-all many of the blogs are outdated and don’t apply to Office 2013 where a lot of things have changed. Once connected with OO13, I discovered that three new calendars were born: Birthdays US Holidays INETA (a speaker’s bureau I once belonged to) Swell. Now my calendar (and my iPhone) were filled with birthdays for people I barely know and a litany of religious and national holidays. BUT my own calendar entries were nowhere to be found. Nothing I tried could get my OO13 calendar entries to sync with the Outlook.com calendar. I did no[...]



Windows 8–Not Quite Soup

2012-08-17T17:18:11Z

When my mom was making dinner, my brothers and I would stick our heads in the kitchen and ask if it was time to eat. My mother was what they used to call a “housewife” and she actually “cooked” stuff—not... When my mom was making dinner, my brothers and I would stick our heads in the kitchen and ask if it was time to eat. My mother was what they used to call a “housewife” and she actually “cooked” stuff—not just assemble the parts out of a box. All too often she would tell us “It’s not soup yet,” when the food on the stove had not been sufficiently cooked. It might have smelled delicious and looked edible, but it took time to soften the beans and work the spicy flavors into the meat. She would know when it was ready, even if it took another hour to cook. We never starved. Her cooking was worth waiting for. I’m afraid Windows 8 isn’t soup yet. I was as anxious as a hungry teen when it came to the official launch of Windows 8. I had heard so many stories about its marvels that I wanted to be one of the first to try it. No, I didn’t try the betas or “nearly ready” versions because I didn’t have the time to build up a separate system or a Hyper-V to host it. I’ve been working with pre-released software for too long to install it over a functioning OS. So I guess I must take part of the blame in Windows 8’s shortcomings. As I said, I’ve been working with Windows for a long time—since Version 1 when it was delivered on floppies and ran as an application on top of DOS. That was in ‘86 when I first joined Microsoft and worked with the Windows Developer Liaison team. Windows has come a long way since then. So what happened? Well, there’s a laundry-list of stuff that worked and didn’t work, but I’ll get to that. First consider that I know how complex operating systems can be. I’ve written new OSs, modified other company’s OSs and taught developers how to program to them. I’ve also installed early versions of every version of Windows since the early days—many, many times. Windows 8 is following the same pattern as all of the others. Too bad it seems more like Vista than Windows 3 or Windows 7. If you don’t want to read the list of issues and just want my recommendation, here it is: Wait. Wait until SP1 comes out. By this time, the hardware and software companies that are still alive (they fall by the wayside faster than old runners in the Boston marathon) will have released updated Windows 8 drivers, application updates and patches so their stuff works. By that time Microsoft will have released Media Center and added a “What happened to my XXXX in Windows 7” help topic. The Hardware As a point of reference, my hardware platform is a i7 980x with 12GB of RAM, SSD drive and dual monitors being driven by a NVidia high-performance video card. The system profiles at 7.6 (it’s fast). My references to the “unmetro” user interface address the copyright debacle caused by Microsoft’s inability to find a name that someone else isn’t using (again). Might I suggest “Google” before picking a name? I’ll just call it “UM” for reference sake. Surprises and Disappointments Here’s what I found (or didn’t find). I have an MSDN license (thanks to the Microsoft MVP program) so I tried to access the site on August 15th—the first release date. Unfortunately, the site could not take the traffic and repeatedly crashed. The MSDN staff on the phone had no idea what was going on. Apparently, there were no Clouds in Redmond that day. I decided to get some lunch, and later in the day the site was working again. As I’ve said before, there’s nothing like success to bring a company (even as large as Microsoft) to its knees. While I  waited, I did some research on the new versions. It looked like I wanted the “Enterprise” version. No, it’s not because I’m running a starship here, but it had some worthwhile features, and I hate it when you have invested mo[...]



Who is William Vaughn?

2012-07-17T21:45:51Z

I’m not a new author—far from it. I’ve written over a dozen books and contributed chapters to a handful of others. I’ve written more magazine and Internet articles than Justin Bieber’s hair stylists, and I’m not counting the documentation I... I’m not a new author—far from it. I’ve written over a dozen books and contributed chapters to a handful of others. I’ve written more magazine and Internet articles than Justin Bieber’s hair stylists, and I’m not counting the documentation I pumped out for Microsoft. Except for my two novels, these were all ‘technical fiction’. You know, books written about Microsoft software for developers. One has to be pretty imaginative to write an easy-to-read book on the data access interfaces SQL Server and still keep the reader awake. Apparently, none of this experience helps get one recognized as a competent writer in the young adult world. That’s understandable—very few teens read Hitchhiker’s Guide to Visual Studio and SQL Server (7th Edition), and they wouldn’t get the jokes anyway. That’s fine. I know how to restart my career on a new path. I’ve had to do it many, many times over the last forty years. Anyone who’s worked in the personal computer industry also knows how to file for unemployment. So I had an idea for a novel. I wanted to tell a story about our turbulent times. I saw political corruption, corporations buying their own laws and media spigots to dump their propaganda on the public. I saw many social problems ignored or glossed over by the books impressionable teens were reading. I was convinced that our future leaders needed another 1984, Animal Farm or Alice In Wonderland. Ambitious? Of course. I expect that Don Quixote and I are cut from the same cloth. I spent about three years and a bunch of money on classes, books, editors and illustrators to create The Owl Wrangler. On the surface, it’s a young adult story about tiny forest elves. No taller than a pinecone, they live in the forests around the Northwest. They have parents, teachers and village elders that expect and demand quite a bit from them. They’re faced with many of the same hormonal and social pressures that my own kids faced when they were in their teens. But these elven teens are special. Many of them have fledgling magical powers that they’re just learning to wield. The result? Tepid sales but 99% 5-star reviews—but only 9 of them. I thought it was time to start marketing in earnest. I found a publisher that was “very interested”, but communicating with them is like standing in the back of a busy bar trying to get a drink on a Friday night. I’m still looking for a sincerely interested publisher. Sure, I’ve been racking up rejection letters, but my ego can only take so much rejection. I’m not as frail as George McFly, no experienced author is, but given the state of the publishing industry, does it make sense to keep prodding publishers that only want best sellers? One of the blog articles that clog up my browser like malware pop-ups, suggested that the only key to success for a new author was to write—and keep writing. So I did. The story continued with Guardians of the Sacred Seven. This took another couple of years, more classes, editors, copyeditors, conference fees and thousands of hours on Facebook, Twitter and countless blogs and reading similar fantasies. Two years later, volume two of The Owl Wrangler trilogy is done. I’m happy with it. Taking my own advice, I’m writing the third. Frankly, the characters are calling me now to come back and listen to their stories. Sure, I keep getting the occasional request to consult on SQL Server or Reporting Services projects, but I’m having too much fun. I’ll keep writing and until my arthritis locks up my hands entirely, I’ll keep doing so. Follow me on @vaughnwilliam or on Facebook https://www.facebook.com/OwlWrangler.   [...]



Making MovableType Changes in IE9

2011-12-21T23:16:10Z

Tip: When working with the MovableType (Movable Type) dashboard, be sure to enable the “compatibility” mode in IE9. Otherwise several dialogs won’t work. It’s just another joy of working with IE9. SMTPAuth (Settings panel does not appear)...

Tip: When working with the MovableType (Movable Type) dashboard, be sure to enable the “compatibility” mode in IE9. Otherwise several dialogs won’t work. It’s just another joy of working with IE9.

SMTPAuth (Settings panel does not appear)




Handling ReportViewer Parameters

2011-07-16T00:35:45Z

A developer asked a question on MSDN that was similar to a question a few days earlier so I decided to help folks get over the problems of setting report parameters in ReportViewer projects.... A developer asked a question on MSDN that was similar to a question a few days earlier so I decided to help folks get over the problems of setting report parameters in ReportViewer projects. Consider that in a Reporting Services report processor-generated report, all of the parameters (both query and report) are handled behind the scenes. In ReportViewer applications these tasks are all in your court. To illustrate the process of setting report parameters, I wrote an example application that deals with a number of issues. I tried to keep it simple so I could explain the basics: Setup your data source(s). This might entail almost anything, but you end up with a binable iBindingList object like a DataTable or a TableAdapter (which contains a DataTable). This usually means you've built a parameterized Fill method like the one shown in my example. In my example, the FillByProductLine call passes in a query parameter to the TableAdapter Fill method to populate the DataTable. Setup your report parameters using the Report Data Window in Visual Studio. While RDLC imported from BIDS or Report Builder might have query parameters, we're going to assume that this report does not. If it does, you'll have to include these as you build your LocalReport.Parameters collection. So, in the example I've provided, I have two report parameters defined: ColorWanted and MaxWeight. This means you'll need to know the number of your report parameters and their names (case-sensitive) to proceed. Build an array of type ReportParameter that's large enough for ALL parameters--not just the ones you want to set. It's essential that the size of this array matchs the number of report AND data parameters defined IN THE RDLC. (Again, typically if you're not importing from RDL this will be easy to determine—just check the Report Data Parameters list). For each ReportParameter object in the array, use the New constructor to name the parameter and provide the value. Once all ReportParameter objects are initialized, use the SetParameters method to push the array into the LocalReport Parameters property. So, what can go wrong? Lots. The parameter name you specify does not match the RDLC parameter name You don't specify all of the parameters The value you provide does not match the type of value expected. So... you need to add exception handlers to your code to deal with the stuff that happens. Note that the exception handlers might not return anything meaningful in the top exception--you might have to drill down into the innnerexception (perhaps several times) to see the "real" exception. Here’s the code that deals with all of these issues including some crude exception handlers: Private Sub btnShowReport_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnShowReport.Click Me.ProductsTableAdapter.FillByProductLine(Me.AdventureWorks2008DataSet.Products, tbProductLineWanted.Text) ' Populate ReportViewer1 Report Parameters Try lblStatus.Text = String.Format("Searching for color {0} with weight no more than {1}", lbColorsWanted.SelectedValue.ToString, tbMaxWeight.Text) Dim paParameters(1) As ReportParameter ' (To reference two parameters) paParameters(0) = New ReportParameter("ColorWanted", lbColorsWanted.SelectedValue.ToString) paParameters(1) = New ReportParameter("MaxWeight", tbMaxWeight.Text) Me.ReportViewer1.LocalReport.SetParameters(paParameters) Catch ex As Exception ' MsgBox(ex.Message) MsgBox(ex.InnerException.Message) End Try Me.ReportViewer1.RefreshReport() [...]



Denali’s Unfortunate Dependence on SharePoint

2011-07-15T17:43:26Z

For those of you that don’t use Facebook to follow the Microsoft teams, I commented on a Facebook entry from the Denali team that pointed me to their new Denali blurb.... For those of you that don’t use Facebook to follow the Microsoft teams, I commented on a Facebook entry from the Denali team that pointed me to their new Denali blurb. My initial comment: So, it's hard to tell what's new here besides Crescent. Does this mean that Report Builder 4 is a null set? Did they incorporate cascading style sheets into BIDS? What about shared code modules? What about ReportViewer compatibility? There ...are a dozen questions but the website has few answers. Consider that my last webinar (as small cross-section of IT shops) had no-one using 2008 R2. Half were 2005 the rest 2008. There really has to be a compelling ($$$) reason to invest in a new platform. So their response was to see the SQL Server Reporting Services Team Blog entry that describes the Denali release of SQL Server in more detail. My response was as follows:  It does help. I helps me see that the Visual Studio ReportViewer sync issue might have a long-term fix (that's the good news). The bad news is the dependency on SharePoint as several of the new features require SharePoint integration. Unfortunately, I don't see a "Native to SharePoint" migration tool that can take the years of work invested in Reporting Services native mode to easily port the catalog and its configuration over to SharePoint. Consider that the vast majority of sites do not have SharePoint integration for a variety of reasons--and might not ever have it. Crescent also depends on SharePoint. I also didn't see anything about the other features report developers have been asking for including cascading style sheets, better parameter management, scheduling groups of reports and more. I don't see common solution properties in BIDS or better integration of DLL expressions. I'm afraid you've been working on features that too many of the smaller companies and independent departments within larger companies can't use--not without expensive re-tooling to use SharePoint. After having read the team blog, I find that Report Builder 3 still lives but it’s renamed “Report Builder”. It also seems that there isn’t a new version of RDL—they’re sticking with “2010” but that’s not certain. They don’t say if Report Builder can work with more than one version of RDL—somehow I think that it’s still tied to one generation of RDL. Microsoft also announced that BIDS has been incorporated directly into Visual Studio, so the cross-campus dependency is less severe and they should be able to re-integrate “…within weeks” of Visual Studio’s next release.Thanks—it’s about time. Once Denali is released, ReportViewer applications will no longer have to be second-class citizens—always a generation behind. I wonder if they have added the ReportViewer control to the set of controls available for WPF applications. That would also be nice. But I didn’t see any indication Microsoft added the ability to set properties on a solution-level to make it easier to build a single multi-project solution to map to large (or the entire) Reporting Services catalog. But that would be integrated into the low-level details and probably not mentioned in the blog. I also don’t see mention of better support for external DLLs like inclusion of VB class-projects in BIDS. I’ll look again once I install Denali. The point is, there is so much that needs to be done—things that ordinary report developers and DBAs need. I don’t see mention of the ability to share common-use code block between reports in lieu of creating and deploying DLLs. Where are these features? As with other groups at Microsoft, the Reporting Services team seems to be caught up in the frantic Shar[...]



Reporting Services Webinar

2011-07-11T21:26:50Z

Nine Hours of Fast-Paced Training Tomorrow (July 12th) I’ll be presenting my monthly webinar. It’s been updated to include more information about SQL Server Reporting Services (R2) and Visual Studio 2010. This high-impact series of six 90-minute webinars held over...

Nine Hours of Fast-Paced Training

(image) Tomorrow (July 12th) I’ll be presenting my monthly webinar. It’s been updated to include more information about SQL Server Reporting Services (R2) and Visual Studio 2010. This high-impact series of six 90-minute webinars held over three mornings (Pacific time from 09:00-12:30) is for anyone who wants to leverage Business Intelligence Development Studio (BIDS), SQL Server and Reporting Services best practices—learning what works, what doesn't and why. These sessions are for developers, architects and managers who want to know how and (more importantly) when to leverage the power and benefits of SQL Server and Reporting Services. The fee also includes both of my Reporting Services and Visual Studio books.

Incidentally, Progressive does not care how many people sit in on the sessions so you can fill a meeting room or the local theater if you want to. These are also designed to be interactive—that is, I encourage the attendees to chat in questions anytime or ask over the phone at the end.

Want a front-row seat in my next Webinar? If so, I’m accepting applications for the live studio audience. All you need to do is send me an note saying why you would like to attend. I can comfortably sit about four people so get your application in early. Let me worry about the conference $999 fee, but if you bring doughnuts for everyone... I’ll pick the audience the Friday before the next talk.




SQL Server Quiz–June 2011

2011-07-01T17:48:23Z

I was asked to provide a quiz question for the Beyond Relational folks so I came up with this: What issues are exposed when using SSPI authentication? How does one avoid these issues? There were lots of answers that almost...

I was asked to provide a quiz question for the Beyond Relational folks so I came up with this:

What issues are exposed when using SSPI authentication? How does one avoid these issues?

There were lots of answers that almost universally said that using SSPI authentication was the way to go. A number of folks cataloged many of the problems associated with SSPI including having to implement Kerberos when using multiple hops. I’m no fan of Kerberos as it can make a fairly simple client/server or Reporting Services site unmanageable. But everyone missed the point. Consider this scenario:

Bob is a low-level report developer working for Acme Enterprises. They have a number of competitors that would love to see their client lists. Management has made sure that Bob, and other folks like him have few rights on the production database and have no rights to access the Customers database. While Bob can execute SELECT statements against the Parts database, he has no rights on Customers.

Bob’s manager Betty is really considering demoting him or letting him go due to past performance issues—and that incident with the pig a few weeks ago. Bob knows his situation with the company is probably hopeless, so he decides to try to get at the customer list—he knows he can sell it to Farkle Industries down the street. When Betty tells him to create another report on the parts inventory he sees his opportunity. He creates the report but adds a few lines of SQL to the SELECT query that the report processor executes—something to the effect of “GRANT BOB rights to access everything (especially the customer database)”. He knows that his domain account does not have rights to make permission changes, but he knows that Betty’s does. When Bob runs the report using SSPI authentication, it throws an exception but returns the rowset needed for the report. However, when Betty runs the report, the report processor uses her SSPI authentication credentials and the GRANT statement goes through. Bob is now able to do all the queries he wants to against the customer list. He leaves Acme fat and happy.

This is called a Trojan attack. It’s very easy to implement anywhere that SSPI authentication credentials are used. Because of this very real threat, we recommend that you never use SSPI authentication for reports—at least not against databases that have sensitive information.




SQL Server Quiz June 2011

2011-06-02T16:41:17Z

The question for the month of June seems deceptively easy: What issues are exposed when using SSPI authentication? How does one avoid these issues? When I initially wrote this question, I was thinking about SQL Server Reporting Services reports...

(image)

The question for the month of June seems deceptively easy:

What issues are exposed when using SSPI authentication? How does one avoid these issues?

When I initially wrote this question, I was thinking about SQL Server Reporting Services reports and the data source connections they establish, but the question also applies to applications of all kinds that connect to data sources. As you (should) know, SSPI (or “trusted”) connections use the currently logged in Windows system credentials to pass along to the data source. The trusted approach precludes the need to use hard-coded (or generated) data source-dependent login names and passwords. With SSPI/trusted authentication, if the Windows user has a login account on the target SQL Server (or other data source), the connection is permitted to be (further) authenticated. No, the data source might not authenticate the connection if the user does not have rights on the initial catalog (default database), or if the server is too busy to take on additional connections, but that’s another issue.

  • The question is, do you know what issues are exposed when you use this trusted connection approach?
  • What are the alternatives and why should they be considered?
  • What are the downsides to these alternatives?

Want a hint? Check out Chapter 9 of my 7th Edition.

Note that you are not permitted to post answers to this question until June 1st. 2011.

Bill Vaughn


Postscript:

So, it seems that most responders to this question think that SSPI is the way to go. Here is another hint: Consider that SQL Server permits an application to submit any number of TSQL operations in a single query.

 




Microsoft Customers Abandoned Again: SharedView No Longer Supported

2011-04-04T23:10:42Z

Well, it’s official. Microsoft has abandoned another mainstream product with no replacement. When I installed the new IE9 I discovered that SharedView no longer worked. I quickly uninstalled IE9 and submitted a Connect bug and asked my MVP lead to...

Well, it’s official. Microsoft has abandoned another mainstream product with no replacement. When I installed the new IE9 I discovered that SharedView no longer worked. I quickly uninstalled IE9 and submitted a Connect bug and asked my MVP lead to check out what’s going on. He got back to me today with the grim news: “Microsoft SharedView is no longer supported by Microsoft.”

(image)

http://social.microsoft.com/Forums/en-US/sharedviewbetahelp/threads

This is pretty sad. I leaves me and many other trainers and support professionals in the lurch. Now I have to find a suitable (non-Microsoft) replacement, test it and learn how to use it as well as update my course materials. I expect this is not nearly as expensive as the costs incurred by others that depend on SharedView on a daily basis.

Why is SharedView important? Yes there are other programs that purport to do the same. The SharedView advantage is that it's a MICROSOFT desktop sharing solution. You don't have to convince a customer that this free program is going to do anything but do what it's supposed to do. It's very lightweight, installs in seconds, is virtually pain-free and is brutally simple for each end to use. We have lots of sites where remote desktop is not an option--especially in my webinar classes. Consider that SV lets me view the system while the customer demonstrates a problem. I can take over his mouse and keyboard but only if he lets me and all he needs to do to take control back is move the mouse or press a key. It gave the customers a lot more confidence in their own system's security.

Wonder why the Microsoft stock is flat or falling while other companies continue to grow even in this economy? Now you know.




American Airlines “We know why you fly”?

2011-03-21T20:38:07Z

The Marquis de Sade would have giggled with glee at the thought of paying a month’s wages to be slowly tortured in the way passengers are treated while traveling in today’s airports. American Airlines thinks they know why I fly.... The Marquis de Sade would have giggled with glee at the thought of paying a month’s wages to be slowly tortured in the way passengers are treated while traveling in today’s airports. American Airlines thinks they know why I fly. Perhaps they think they do, but do they understand how to keep a customer? My wife and I just (barely) endured a long trip to London from Seattle and back via American Airlines. They (and the airports) could have done quite a bit more to make the trip more comfortable (or at least more tolerable) but mostly, they could have done so more quietly.  I like to get to the airport early, so I often spend considerable time in the waiting areas. What I don’t understand was why passengers are pelted with loud warnings about liquids in our carry-on luggage—inside security. This is not entirely American Airline’s fault, but they could get TSA to route their messages to the speakers outside security. Ya, know, it’s one of those pesky wiring things—I’ll bet you can figure it out. The airports also insist on playing background music to sooth us or to drown out the noise of the maintenance cart with the worn-out wheel. When you’re trying to catch up on work or a novel, but also need to listen for important announcements like your gate has changed (again) or your flight is delayed (again), why flood the air with more noise in the form of pop music? Folks, no matter what tune you choose to play over the speakers, it will be noise to someone. Those that want to listen to music will have brought their own iPod. I know the burger vendor in New York did. After a dozen dozen announcements about liquids, leaving luggage unattended, taking smoking packages from strangers and unintelligible gate changes, we’re finally herded on the plane. At this point some of us try to make last-minute calls to coordinate with folks at home or back in the office, and now is when American Airlines insists on either playing more music or “get your butt out of the aisle” messages. The latter I understand (to a point), but again, the background music is just more grating noise. Along the way, we get the recorded safety briefing and a brief respite of quiet—but no, the pilot has to come on and prove that he actually knows where he’s programmed the plane to fly. Folks, I could care less what altitude we’re flying at or that we’re going to pass over Picayune Vermont (unless I’m going to Dallas in which case it means I’m on the wrong plane or the pilot has the wrong flight plan loaded.) Pilots, we already know you’re cool, just get us there in one piece (and watch the rate of descent on touchdown). When we finally bounce off the runway, we’re often very, very tired from having been strapped to seats that were worn out 10 years ago, having to deal with airline food (if you can call it that) and worn-out electronics that you might expect to find in a ghetto pawn shop. Flying worn-out planes is American Airline’s fault. And we’re still a long way from home or hotel. At this point, passengers need to coordinate with people on the ground but no, there are more verbose “welcome to (someplace along the way)” messages followed by a (usually unintelligible) announcement of where your bags might (eventually) be dumped. And more music. After an 8+ hour flight across the Atlantic plus an 8+ hour flight across the US after a 5+ hour layover I’m in no mood for calypso music. Trying to be pleasant to the immigration agent ta[...]



Is SQL Server Express Enough for the Job?

2011-02-22T20:40:10Z

I’m working the forums this week and I’ve already seen several questions asking if SQL Server Express Edition is up to the task. Shown below are the Microsoft links to Express’ limitations but I would like to clarify just what...

I’m working the forums this week and I’ve already seen several questions asking if SQL Server Express Edition is up to the task. Shown below are the Microsoft links to Express’ limitations but I would like to clarify just what the mean (and can’t say).

Back in my Microsoft days, I was an (unofficial) PM for MSDE--the predecessor for SQL Express. I'll tell you what I have been telling folks for decades. It's not usually the horse that determines the speed, it's the rider. If your applications are built correctly, you'll have no trouble supporting dozens to hundreds of users on a fairly simple SQL Server Express server. Today’s versions of SQL Server all share the same binaries (except for the Compact Edition) so they all work with the same applications. However, the SQL Express edition limits two important performance-enhancing benefits: RAM cache and parallel processing. Instead of letting you cache a big hunk of the database pages currently being accessed in RAM you’re limited to 1GB. In addition, instead of using several threads (processors) to fetch the data all at the same time, you’re limited to a single thread. But do these limitations really mean you can’t use SQL Server Express to support a small business? IMHO, it does not.

Remember that what makes SQL Server fast is the amount of work it has to do (duhhh).

  • If it has to constantly hit the hard disk for data, it will be slower. The solution: add more RAM to cache the rows. In SQL Express this is going to be limited to 1GB.
  • Make sure that nothing else is running on the server--nothing (not even a print server, reporting services, exchange, IIS or even Castle Wolfenstein screen-saver). This means that the processor is not being distracted by other tasks and can focus on pulling your SQL Server wagon with all of it’s might.
  • Make sure that the client queries are well-written and return just the rows they need at the time. Fetching too many rows flushes the (limited) cache.
  • Don’t put pictures or documents in the database. One big picture can flush the entire RAM cache. Put BLOBs in files and put the paths in the DB.
  • Make sure that the database indexes are well designed and USED. If you fetch too many rows the indexes won't be used at all. Learn how to code and maintain indexes. Too many are just as bad as too few. Indexes can help focused queries but slow down updates.
  • Having a dual or quad-core (or better) processor will help the OS (Windows) stay out of the way. While SQL Express won't use the other processors to parallel process, the rest of the system will.
  • Pre-allocate the database to the size you expect it to be two years (or more) from now. Do the same for Model (which is used to create Temp) to eliminate the need to constantly stretch Temp during the day.

Most of these tips and more are in my book... hth

Come to my next Progressive webinar (“Visual Studio, SQL Server and Reporting Services”) where we discuss these issues at length.


For all the official details see http://www.microsoft.com/sqlserver/en/us/editions/express.aspx and http://www.microsoft.com/express/Database/.




Sharing Managed Code in Report Expressions

2011-02-12T20:08:26Z

My new webinar/lab class launches next week on February 8-10. It’s the premier edition of a series of lectures and lab exercises that walk report developers through the process of learning enough Visual Basic to create serious report expressions...

(image)

My new webinar/lab class launches next week on February 8-10. It’s the premier edition of a series of lectures and lab exercises that walk report developers through the process of learning enough Visual Basic to create serious report expressions for use with Reporting Services reports.

We follow the introduction to Visual Basic with an in-depth discussion of how to add code-based expressions to your reports, but more importantly, how to share the code between reports. The final session shows how to create managed-code DLLs that can be developed in C#, VB.NET or any .NET CLR language and leveraged by the report processor when rendering your report.

The mentored lab exercises walk you through the process of creating a Visual Basic test-harness, coding and debugging complex code expressions and finally, you’ll create your own sharable managed-code DLL that can be used in all kinds of deployed reports.

Here’s the link to the Progressive site.

This is another one of my lab-based courses. Consider how hard it is to absorb new technical material when you don’t have a chance to try it out until you get back to your office. By including mentored labs immediately following each lecture, we’re able to help students dig into the concepts while the instructor is right there waiting to help. This approach has been very well received, as it encourages the maximum amount of learning in the least amount of time. All of the software used for the labs is free—thanks to Microsoft’s generosity. We also include easy-to-understand setup instructions to make installation easy. Several sample projects and reports are also included to illustrate the points discussed in the lectures.


PROGRAM HIGHLIGHTS

  • Visual Basic for Report Developers
    • Understanding Visual Basic
    • Creating Functions and Subroutines
    • Declaring Typed Constants and Variables
    • Managing Conditional Expressions and Looping
    • Testing and Debugging Expressions
    • Building an Expression Test-Harness Application
  • Implementing Report Expressions 
    • Creating Internal Report Expressions
    • Creating External Report Expressions
    • Coding Report Expression
    • Working with the Expression Editor
    • Managing Expressions in Calculated Fields and Data Queries
    • Solving Typical Problems with Expressions
  • Sharing Report Expression Code 
    • Expression Code Reuse and Sharing Issues
    • Creating Managed Assemblies for use in Report Expressions
    • Integrating Business Intelligence and Visual Studio
    • Creating, Testing and Deploying Custom Managed DLLs
    • Deploying Reports Containing Custom DLLs