D'Mention Systems Business Software

If you end up working in a wide variety of systems, you inevitably end up on system X, wishing that you had a specific tool or feature from system Y.

Today this happened to me, in that I wished I had something like mysqldump, but for MS SQL Server.  The pointy-clicky stuff is fine in certain circumstances, but fails spectacularly in others.

This is a scenario where I didn’t own both boxes, and only have limited access to the source machine.  So detach/attach and many other options are out of the picture.  Copy database fails in a variety of ways in this situation, and the Export Data function also fails, as it’s not smart enough to try to insert table records in the right order to satisfy foreign key constraints.

And to top it off, I’d really like to have a nice snapshot of schema and data (this is a very small db) to push into SVN.

Unfortunately, the built in tools for MS SQL failed quite spectacularly here.  This is a particularly frustrating limitation, as what should have been a 10-minute process to recreate the database on a new box turns into a sticky mess.

Fortunately, there is a solution, and it works quite well.  To top things off, it’s open source (MS-PL) and created by Microsoft.

Enter the Database Publishing Wizard, which is a part of the SQL Server Hosting Toolkit, up on CodePlex.

So now we can do wonderful things like this from the command line:

SqlPubWiz.exe script -d DBNAME -S SERVERNAME c:\db-schema.sql -schemaonly

and

SqlPubWiz.exe script -d DBNAME -S SERVERNAME c:\db-data.sql -dataonly

For the data extract, it actually uses an intelligent ordering, and produces SQL that generally ‘just works’, even with complex foreign key constraints.

There are other options as well if you want to control it to a greater degree.

This is close enough to mysqldump that it makes me quite happy, and even has a simpler syntax (though fewer options).  Also note that this isn’t really ideal for very large databases.  SSIS, bcp and other tools are a better choice in that scenario.

Do you have tools you like better?  Let me know in the comments.

Andrew Hollamon
D’Mention Systems, LLC

Follow my other blog at:
http://www.dmentionsystems.com/category/andrews-say/

Follow my business partner Mike’s blog at:
http://www.dmentionsystems.com/category/mikes-take/

Are you looking for database or software experts to help you with your software project?  Or need to integrate multiple systems or databases?

Contact us here for a free consultation.

On a day-to-day basis, we encounter far too many small businesses who have accepted viruses and other malware as an unavoidable part of their life. Their machines are constantly having problems, the anti-virus finds malware every week (assuming there is anti-virus), and they have lots of unexplainable “weird” little issues.

REACTIVE VS. PREVENTATIVE

Unfortunately, the given wisdom of the industry seems to focus on anti-virus, anti-spyware, content-scanning, and other for-pay services and products. However, common sense preventative maintenance is almost never suggested as a low-cost alternative.

It doesn’t have to be that way!

The typical approaches encountered to combat malware is reactive. In other words, its leaving your front door and all your windows unlocked, but having a security guard swing by once a day and check up on the place.

A better way is to be proactive, and close the vulnerabilities that make most malware effective in the first place.

As an example, how do you maintain your car? You change the oil, don’t abuse it, and follow a scheduled maintenance plan. You don’t (I hope) avoid all that but periodically take it to your mechanic for a rebuild at several thousand dollars a pop.

A BETTER WAY

The first is proactive, the second reactive.

Can you guess which approach costs more money? (Hint, its the reactive approach.)

Following is a list of 5 simple preventative steps you can take to stop malware in its tracks. The best part is that it wont cost you a dime for products.

These are listed in order of how difficult they are to do. The first is the easiest, and the last is the most difficult.

1. Automatic Updates

Turn on Windows Automatic Updates. Have it automatically do the updates, not just notify.

This is the single most effective way to protect yourself against infection. A very large portion of the malware in the wild depends on one or more unpatched vulnerabilities to make the initial infection.

If you’re always patched within a few days of the patches being released, then a very large portion of all malware will just fail on your system.

The common argument is that sometimes windows updates break things. That’s true, but its a very small number. Based on 10 years of doing this sort of work, I’d put the number significantly below 1%.

Based on this, a simple risk analysis shows that patching automatically is the best bet.

2. Use a Modern Web Browser

Use Internet Explorer 8 (IE8) or FireFox for your default browser.

IE6 and IE7 have long histories of being very vulnerable to drive-by-downloads, ActiveX vulnerabilities, and other general nastiness. Don’t use them. IE8 is quite an improvement, and actually relatively good, especially given Microsoft’s history of browsers. The potential challenge is that you may have internet apps or other legacy systems that depend on IE6 running ActiveX controls.

In addition, IE8 on Vista or Win7 runs in a very tightly sandboxed mode by default called Protected Mode. It actually runs with less privileges than a standard, non-admin limited user account. This is a defense-in-depth approach, such that even if something does get through, it’ll have little to no ability to do harm.

If you cant move to IE8, then try out FireFox. Firefox is an excellent browser, and will serve you well in most cases.

Keep in mind that FireFox is now popular enough to be specifically targeted by malware attacks. So you have to keep it patched to current. In balance, if you cant rely on keeping FireFox patched to current, then you’re better off with IE8.

3. Use a modern email client

If you’re still running Outlook 2000 or XP, especially if they are not patched fully, then you have a number of wide open holes in your system.

Consider upgrading to the current version of Outlook or GMail if you’re a business, or Thunderbird or a web client if you’re a home user. For home users, the built in Outlook Express or Vista Mail is adequate, provided that you are keeping the system fully patched via recommendation #1 above.

In general, the days of emails automatically executing malware on viewing is a thing of the past, but only if you’re not still using a mail client from 1999.

4. Keep the Naughty 5 Patched

Adobe Acrobat and/or Acrobat Reader. Adobe Flash Player. Quicktime Player. Java. Firefox.

These are rapidly becoming the primary targets of many attacks, as they’re much more difficult to keep patched to current than the built-in operating system software.

They are critical however. Adobe’s products in particular are notorious for a nearly endless stream of vulnerabilities. There are even techniques that allow an attacker to exploit a vulnerability in some versions of Flash that allow them to break out of the IE8 Protected Mode.

Unfortunately, there’s a reason this item is #4. It’s not simple for home users, or businesses without strong IT departments to keep these up to date on all computers. So that means that you do them manually. Once a month should suffice in most cases.

5. Run as Non-Administrator/Limited-User

This is the big one. If you can do this and #1, you’re going to be largely (though never completely) protected, even without anti-virus.

Unfortunately, for home users and small businesses without strong IT shops, this step can sometimes be difficult to do.

Vista and Win7 make it simpler, as UAC (despite its very vocal detractors) is significantly better than RunAs and MakeMeAdmin were on XP (for those brave few who tried running as non-administrator in XP).

However, this is probably the single most effective approach, after patching. The vast majority of malware out there requires administrative rights to be able to install itself and do its evil. If you aren’t running as admin, then most of this stuff is just stopped in its tracks.

If you’re a business still running XP, and you have some level of IT support available (either in house or outsourced), and viruses/malware are a consistent problem, try this. Even if you have a couple pieces of software that don’t run well as non-admin, your IT staff or consultants can often tweak the system to make them work.

Bottom line, if you can operate in this mode, malware will be nearly a thing of the past in your business.

CONCLUSION

Did you notice that none of those required buying anything from anybody, with the possible exception of your IT provider?

On top of this, you can also use the typical means (anti-virus, mail scanning, etc). These provide a wonderful defense in-depth.

But I can tell you from years of experience. There is a direct correlation between these 5 preventative approaches, which we use internally in our business, and problems with malware. We have none.

The bottom line here is one of cost. It’s simply cheaper to run your systems with a little bit of preventative maintenance, than to have to clean them up periodically. And what business owner wouldn’t prefer their staff spending time doing their business, rather than fighting with their computers?

We actually see more than an order of magnitude difference in support costs and quantity between clients that run as non-admin (and follow the other 4 steps) and those that don’t. The savings can really be quite significant.

In other words, prevention beats firefighting, any day of the week.

Andrew Hollamon

OBSERVATION

Since the economy has slowed in 2008, advisement about surviving the “tough economy” has been heavily focused on marketing, advertising, cutting costs, and employing technology. The way I see it, there has not been nearly enough emphasis on ensuring that the minds of business leaders stay healthy.

I believe that too often, business owners in particular forget that we are the economy. A collective state of mind that is negative only guarantees that things will stay bad. All of the business tools listed above–marketing, advertising, cost analysis, and technology are far less effective when business leaders have a poor mental outlook.

BUSINESS COACHES

Business coaches exist to improve our mental picture. Here are 5 key things that business coaches have helped me with in my career:

1. GRATITUDE

During down times especially, it is easy to focus on the lack of things in our careers and businesses rather than being grateful for what we have. A good coach can bring you back to a state of gratitude for the things you currently have , and a great coach can get you grateful about things you don’t even have yet.

2. ALLOWING

When something or someone is a perceived obstacle, headache, or outcast in our life or career, it is easy to fall into a trap where our minds constantly expend negative energy about wanting to change and or judge that entity. A good coach can identify the stream of negative energy so that you can observe it, and a great coach will help you re-direct that energy to something productive at work.

3. DEALING WITH FEAR

Fear is a paralyzing emotion that keeps us from acting in the present because of something negative we think might happen in the future. A good coach can help identify fears, a great coach can turn your fear-based lack of action into productive action to get things done.

4. DEALING WITH CHANGE

Business is changing so fast these days that business people need to re-invent themselves periodically. Human beings are habitual, and some habits that are deeply programmed into our daily activities are simply impossible for some of us to change without help or outside awareness. A good coach makes you aware that those things need to change, a great coach thinks of creative ways to access your subconscious to truly re-arrange the dendrites in your brain to change something (even if methods are sometimes “off the wall”).

5. FOCUS

The way I see it, when the four items above are in line, it is much easier to sit down prioritize your day. In business, we only get a finite number of minutes in the day. We will either choose to spend our time on things that help our careers grow, or we won’t. Being able to clearly see what to focus on relies largely on getting the first four items of this list in check. Focusing on the right things brings about success.

CONCLUSION

I have worked with business coaches off and on throughout my career. For me, I would not be the same without the impressions that they have made on me during my tenure as a business owner.

I recently had a project that was not going the way I wanted. I was so distracted and out of focus that it was effecting productivity. I worked with business coach John Fox, and he really helped me get my mental outlook at work back on track.

This recent experience made me realize how important it is for business professionals to invest in our mental outlook, so much so that D’Mention Systems and I co-founded Think Out Loud Masterminds along with John Fox to give other business professionals access to the same opportunities that I’ve had in these areas.

I admit it, I’m a hater.   I hate JavaScript.

Specifically, I hate the lack of tools, and the terrible and inconsistent integration with various browser DOM’s.

Unfortunately, we’re stuck with it.  It’s either that or Flex/Silverlight when you want real richness in web apps.  And because its absolutely necessary to make a web app rich where you cant use Flex, we go to some lengths to be well versed with it.

Thank God for libraries like Prototype and jQuery.  They make liveable what otherwise reminds me most of caressing a cheese-grater.

In particular, I absolutely love the ability to observe DOM events, and to declare these outside the HTML itself.  The ability to do this is a rare little gem of elegance in what is otherwise a grey murk of mediocrity.

However, it’s not terribly hard to run smack up against the limits of these tools, where you are forced to throw your elegance out the window.

A recent project is an excellent example of this.   It was a questionnaire that made heavy use of JavaScript.  A core requirement was that every form field would do an automatic ajax-save of the answer when the field was changed/blurred.  This worked well, except for one of the pages.

This page had a very dense table with many radio controls in the center, and as it grew from the stakeholders, the end result was a page with over 700 addressable form fields (mostly radio controls).  The ajax save behavior was wired up outside the main page using jQuery event observers.

At this size, we started to see some odd behavior.  In Firefox (and only in Firefox, surprisingly) when we loaded (entered) or exited that large page, FF would block and spike to 100% CPU for approximately 30 seconds.  During this time the window would blank and the entire application UI would be blocked.

After some experimentation we discovered that this was being caused by the event observers.  If we refactored the JS and put onchange=”” attributes on the form field, then the problem went away.

My assumption here is that we crossed some magical threshold in FF memory usage (due to the housekeeping of elements and events that jQuery had to do) that caused the browser to do a major memory re-allocation (on page entry) and then a de-allocation on exit.   This is just a supposition, however.  Due to time constraints on the project, we didn’t use any of the FF debugging tools that are out there.

The lesson to be learned here?   Sometimes your abstractions leak, and sometimes they puke all over the floor.  In this case, a tool used primarily for developer productivity and code elegance turned out to fail ungracefully at scale.  Or maybe the core problem is within FF.  Or maybe I had unrealistic expectations.  I’m sure someone will chime in and say that we should never have had a page that big.

I’d love to hear if others have run into similar problems.

Andrew Hollamon