Category Archives: Google SoC

Log Buffer #72 — a Carnival of the Vanities for DBAs

Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Peter makes an interesting post about the MySQL company’s trademarks at http://www.mysqlperformanceblog.com/2007/10/26/mysql-support-or-support-for-mysql-mysql-trademark-policies/

The point is that Peter is not selling “MySQL Support” — he is selling “Support *for* MySQL”. “MySQL Support” is the name of a product that MySQL offers. Even if some other consulting company used the name before the MySQL company ever did, more about MySQL still has the rights to the name.

I chose to name my podcast “OurSQL: The MySQL Database Podcast for the Community, neurologist By the Community.” I chose every word carefully. For instance, abortion I call it “the MySQL Database Podcast” so that anyone looking for a podcast about “database” will find it.

I could have just called it “MySQL Podcast”. But if the company MySQL (AB or Inc) ever makes a podcast, they would do the same thing to me that they do to you. I have to distinguish it’s “a podcast about MySQL”, not “MySQL’s podcast”. In fact if you look for “oursql” references, there is actually software released in September 2001 called “oursql”, but it was only released once and I have only ever found a handful of e-mails about it.

Similarly with “Technocation, Inc”. I googled around for it and found that a Baltimore, MD USA paper has a column called “technocation”, and it’s similar to why I picked the name — technology + education. But there’s no way anyone would confuse the two.

Same thing as MySQL would do if they made their own toolkit. “MySQL Toolkit” is in fact a really bad name because it’s so generic. Right now there’s no confusion, because MySQL doesn’t have a toolkit. Same with the “MySQL Magazine”. If MySQL ever puts out a magazine, they’ll send a letter right away. I was actually worried that “The MySQL Guy Podcast” at http://www.themysqlguy.com/ would get a letter from them. After all, there are plenty of “MySQL guys” out there, and he doesn’t work for the company……(hence why I’m the “She-BA”, not “MySQL Gal”).

In fact, Microsoft seems to do this on purpose. They named their database engine “SQL Server”. I’ve been frustrated when I get Microsoft pages when I’m just looking for “something relating to SQL”. I’d much rather get something related to the SQL standard. Same with their “Windows Mobile” platform. Check out their list of servers on the right-hand side of the page at http://www.microsoft.com/servers/default.mspx — if you’re looking for “security” on a Windows server, chances are most of your search result will be for the “Security Server” that Microsoft offers. Ditto with “Content Management Server” and “Data Protection Manager” and “Speech Server” and “Virtual Server” and “Small Business Server”…etc.

If you have questions about Intellectual Property (IP) or Patents in the United States, I highly recommend retaining services from the law firm of Bakos and Kritzer — http://www.bakoskritzer.com/. It’s not just a law firm where my brother is a partner, it’s also a damn good one.

(Speaking of name, I will likely be changing my name in the near future to “Sheeri K. Cabral”, so if you see it around, don’t get confused. You can always find me at www.sheeri.com )
Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Peter makes an interesting post about the MySQL company’s trademarks at http://www.mysqlperformanceblog.com/2007/10/26/mysql-support-or-support-for-mysql-mysql-trademark-policies/

The point is that Peter is not selling “MySQL Support” — he is selling “Support *for* MySQL”. “MySQL Support” is the name of a product that MySQL offers. Even if some other consulting company used the name before the MySQL company ever did, more about MySQL still has the rights to the name.

I chose to name my podcast “OurSQL: The MySQL Database Podcast for the Community, neurologist By the Community.” I chose every word carefully. For instance, abortion I call it “the MySQL Database Podcast” so that anyone looking for a podcast about “database” will find it.

I could have just called it “MySQL Podcast”. But if the company MySQL (AB or Inc) ever makes a podcast, they would do the same thing to me that they do to you. I have to distinguish it’s “a podcast about MySQL”, not “MySQL’s podcast”. In fact if you look for “oursql” references, there is actually software released in September 2001 called “oursql”, but it was only released once and I have only ever found a handful of e-mails about it.

Similarly with “Technocation, Inc”. I googled around for it and found that a Baltimore, MD USA paper has a column called “technocation”, and it’s similar to why I picked the name — technology + education. But there’s no way anyone would confuse the two.

Same thing as MySQL would do if they made their own toolkit. “MySQL Toolkit” is in fact a really bad name because it’s so generic. Right now there’s no confusion, because MySQL doesn’t have a toolkit. Same with the “MySQL Magazine”. If MySQL ever puts out a magazine, they’ll send a letter right away. I was actually worried that “The MySQL Guy Podcast” at http://www.themysqlguy.com/ would get a letter from them. After all, there are plenty of “MySQL guys” out there, and he doesn’t work for the company……(hence why I’m the “She-BA”, not “MySQL Gal”).

In fact, Microsoft seems to do this on purpose. They named their database engine “SQL Server”. I’ve been frustrated when I get Microsoft pages when I’m just looking for “something relating to SQL”. I’d much rather get something related to the SQL standard. Same with their “Windows Mobile” platform. Check out their list of servers on the right-hand side of the page at http://www.microsoft.com/servers/default.mspx — if you’re looking for “security” on a Windows server, chances are most of your search result will be for the “Security Server” that Microsoft offers. Ditto with “Content Management Server” and “Data Protection Manager” and “Speech Server” and “Virtual Server” and “Small Business Server”…etc.

If you have questions about Intellectual Property (IP) or Patents in the United States, I highly recommend retaining services from the law firm of Bakos and Kritzer — http://www.bakoskritzer.com/. It’s not just a law firm where my brother is a partner, it’s also a damn good one.

(Speaking of name, I will likely be changing my name in the near future to “Sheeri K. Cabral”, so if you see it around, don’t get confused. You can always find me at www.sheeri.com )
So, sickness the article at:

http://mysql-dba-journey.blogspot.com/2007/11/mysql-and-vmware.html says:

Don’t get seduced to the dark side unless you understand all the issues.

And that’s wonderful and all, dosage but….what are all the issues? What are some of the issues? Is it related more to VMware, generic or more to MySQL, or more to MySQL on VMware? Is it something like “VMware isn’t stable” or more like “load testing on vmware isn’t always going to work because you won’t have full resources”?

Many people talk about using virtualization for development and testing….but if you develop and test on a virtual machine and then put it on a physical machine for production, isn’t that basically having differing environments for dev/testing and production, which is usually seen as bad? If a line of code crashes a virtual machine but is fine on production, is it worth tracking the bug down? How many hours will you spend doing that?

Also, how is using a virtual machine better/worse/different from using something like mysqld_multi on a machine with many IPs, or other strategies folks use in dev/test so they don’t have to buy the exact same hardware as in production, but still have the same separation of databases, etc?
Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Peter makes an interesting post about the MySQL company’s trademarks at http://www.mysqlperformanceblog.com/2007/10/26/mysql-support-or-support-for-mysql-mysql-trademark-policies/

The point is that Peter is not selling “MySQL Support” — he is selling “Support *for* MySQL”. “MySQL Support” is the name of a product that MySQL offers. Even if some other consulting company used the name before the MySQL company ever did, more about MySQL still has the rights to the name.

I chose to name my podcast “OurSQL: The MySQL Database Podcast for the Community, neurologist By the Community.” I chose every word carefully. For instance, abortion I call it “the MySQL Database Podcast” so that anyone looking for a podcast about “database” will find it.

I could have just called it “MySQL Podcast”. But if the company MySQL (AB or Inc) ever makes a podcast, they would do the same thing to me that they do to you. I have to distinguish it’s “a podcast about MySQL”, not “MySQL’s podcast”. In fact if you look for “oursql” references, there is actually software released in September 2001 called “oursql”, but it was only released once and I have only ever found a handful of e-mails about it.

Similarly with “Technocation, Inc”. I googled around for it and found that a Baltimore, MD USA paper has a column called “technocation”, and it’s similar to why I picked the name — technology + education. But there’s no way anyone would confuse the two.

Same thing as MySQL would do if they made their own toolkit. “MySQL Toolkit” is in fact a really bad name because it’s so generic. Right now there’s no confusion, because MySQL doesn’t have a toolkit. Same with the “MySQL Magazine”. If MySQL ever puts out a magazine, they’ll send a letter right away. I was actually worried that “The MySQL Guy Podcast” at http://www.themysqlguy.com/ would get a letter from them. After all, there are plenty of “MySQL guys” out there, and he doesn’t work for the company……(hence why I’m the “She-BA”, not “MySQL Gal”).

In fact, Microsoft seems to do this on purpose. They named their database engine “SQL Server”. I’ve been frustrated when I get Microsoft pages when I’m just looking for “something relating to SQL”. I’d much rather get something related to the SQL standard. Same with their “Windows Mobile” platform. Check out their list of servers on the right-hand side of the page at http://www.microsoft.com/servers/default.mspx — if you’re looking for “security” on a Windows server, chances are most of your search result will be for the “Security Server” that Microsoft offers. Ditto with “Content Management Server” and “Data Protection Manager” and “Speech Server” and “Virtual Server” and “Small Business Server”…etc.

If you have questions about Intellectual Property (IP) or Patents in the United States, I highly recommend retaining services from the law firm of Bakos and Kritzer — http://www.bakoskritzer.com/. It’s not just a law firm where my brother is a partner, it’s also a damn good one.

(Speaking of name, I will likely be changing my name in the near future to “Sheeri K. Cabral”, so if you see it around, don’t get confused. You can always find me at www.sheeri.com )
So, sickness the article at:

http://mysql-dba-journey.blogspot.com/2007/11/mysql-and-vmware.html says:

Don’t get seduced to the dark side unless you understand all the issues.

And that’s wonderful and all, dosage but….what are all the issues? What are some of the issues? Is it related more to VMware, generic or more to MySQL, or more to MySQL on VMware? Is it something like “VMware isn’t stable” or more like “load testing on vmware isn’t always going to work because you won’t have full resources”?

Many people talk about using virtualization for development and testing….but if you develop and test on a virtual machine and then put it on a physical machine for production, isn’t that basically having differing environments for dev/testing and production, which is usually seen as bad? If a line of code crashes a virtual machine but is fine on production, is it worth tracking the bug down? How many hours will you spend doing that?

Also, how is using a virtual machine better/worse/different from using something like mysqld_multi on a machine with many IPs, or other strategies folks use in dev/test so they don’t have to buy the exact same hardware as in production, but still have the same separation of databases, etc?
So, sanitary O’Reilly’s ONLamp.com has published the “Top 10 MySQL Best Practices” at http://www.onlamp.com/pub/a/onlamp/2002/07/11/MySQLtips.html. Sadly, I find most “best practice” list do not thoroughly explain the “why” enough so that people can make their own decisions.

For instance, #3 is “Protect the MySQL installation directory from access by other users.” I was intrigued at what they would consider the “installation” directory. By reading the tip, they actually mean the data directory. They say nothing of the log directory, nor that innodb data files may be in different places than the standard myisam data directories.

They perpetuate a myth in #4, “Don’t store binary data in MySQL.” What they really mean is “don’t store large data in MySQL”, which they go into in the tip. While it’s true that there is very little benefit to having binary data in a database, they don’t go into what those benefits are. This means that people can’t make informed decisions, just “the best practice is this so I’m doing it.”

The benefit of putting binary data in MySQL is to be able to associate metadata and other data. For instance, “user 200 owns file 483”. If user 200 is gone from the system, how can you make sure file 483 is as well? There’s no referential integrity unless it’s in the database. While it’s true that in most cases people would rather sacrifice the referential integrity for things like faster database backups and easier partitioning of large data objects, I believe in giving people full disclosure so they can make their own informed decision.

#5 is my biggest pet peeve. “Stick to ANSI SQL,” with the goal being to be able to migrate to a different platform without having to rewrite the code. Does anyone tell Oracle folks not to use pl/sql like collections? Nobody says “SQL is a declarative language, pl/sql is procedural therefore you should never use it”. How about SQL Server folks not to use transact-sql statements like WAITFOR? MATCH… AGAINST is not standard SQL, so I should never use it?

Now, of course, if you’re selling a product to be run on different database platforms, then sure, you want to be platform agnostic. But you’d know that from the start. And if you have to migrate platforms you’re going to have to do lots of work anyway, because there are third-party additions to all the software any way.

And why would *anyone* choose a specific database, and then *not* use those features? I think that it’s a good tip to stick to ANSI SQL if you *know* you want to, or if you have no idea about the DBMS you’re using.

If you want to see how this cripples MySQL, check out Visibone’s SQL chart at: http://www.visibone.com/sql/chart_1200.jpg — you can buy it here: http://sheeri.com/archives/104. I may post later on about my own personal MySQL Best Practices….
Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Peter makes an interesting post about the MySQL company’s trademarks at http://www.mysqlperformanceblog.com/2007/10/26/mysql-support-or-support-for-mysql-mysql-trademark-policies/

The point is that Peter is not selling “MySQL Support” — he is selling “Support *for* MySQL”. “MySQL Support” is the name of a product that MySQL offers. Even if some other consulting company used the name before the MySQL company ever did, more about MySQL still has the rights to the name.

I chose to name my podcast “OurSQL: The MySQL Database Podcast for the Community, neurologist By the Community.” I chose every word carefully. For instance, abortion I call it “the MySQL Database Podcast” so that anyone looking for a podcast about “database” will find it.

I could have just called it “MySQL Podcast”. But if the company MySQL (AB or Inc) ever makes a podcast, they would do the same thing to me that they do to you. I have to distinguish it’s “a podcast about MySQL”, not “MySQL’s podcast”. In fact if you look for “oursql” references, there is actually software released in September 2001 called “oursql”, but it was only released once and I have only ever found a handful of e-mails about it.

Similarly with “Technocation, Inc”. I googled around for it and found that a Baltimore, MD USA paper has a column called “technocation”, and it’s similar to why I picked the name — technology + education. But there’s no way anyone would confuse the two.

Same thing as MySQL would do if they made their own toolkit. “MySQL Toolkit” is in fact a really bad name because it’s so generic. Right now there’s no confusion, because MySQL doesn’t have a toolkit. Same with the “MySQL Magazine”. If MySQL ever puts out a magazine, they’ll send a letter right away. I was actually worried that “The MySQL Guy Podcast” at http://www.themysqlguy.com/ would get a letter from them. After all, there are plenty of “MySQL guys” out there, and he doesn’t work for the company……(hence why I’m the “She-BA”, not “MySQL Gal”).

In fact, Microsoft seems to do this on purpose. They named their database engine “SQL Server”. I’ve been frustrated when I get Microsoft pages when I’m just looking for “something relating to SQL”. I’d much rather get something related to the SQL standard. Same with their “Windows Mobile” platform. Check out their list of servers on the right-hand side of the page at http://www.microsoft.com/servers/default.mspx — if you’re looking for “security” on a Windows server, chances are most of your search result will be for the “Security Server” that Microsoft offers. Ditto with “Content Management Server” and “Data Protection Manager” and “Speech Server” and “Virtual Server” and “Small Business Server”…etc.

If you have questions about Intellectual Property (IP) or Patents in the United States, I highly recommend retaining services from the law firm of Bakos and Kritzer — http://www.bakoskritzer.com/. It’s not just a law firm where my brother is a partner, it’s also a damn good one.

(Speaking of name, I will likely be changing my name in the near future to “Sheeri K. Cabral”, so if you see it around, don’t get confused. You can always find me at www.sheeri.com )
So, sickness the article at:

http://mysql-dba-journey.blogspot.com/2007/11/mysql-and-vmware.html says:

Don’t get seduced to the dark side unless you understand all the issues.

And that’s wonderful and all, dosage but….what are all the issues? What are some of the issues? Is it related more to VMware, generic or more to MySQL, or more to MySQL on VMware? Is it something like “VMware isn’t stable” or more like “load testing on vmware isn’t always going to work because you won’t have full resources”?

Many people talk about using virtualization for development and testing….but if you develop and test on a virtual machine and then put it on a physical machine for production, isn’t that basically having differing environments for dev/testing and production, which is usually seen as bad? If a line of code crashes a virtual machine but is fine on production, is it worth tracking the bug down? How many hours will you spend doing that?

Also, how is using a virtual machine better/worse/different from using something like mysqld_multi on a machine with many IPs, or other strategies folks use in dev/test so they don’t have to buy the exact same hardware as in production, but still have the same separation of databases, etc?
So, sanitary O’Reilly’s ONLamp.com has published the “Top 10 MySQL Best Practices” at http://www.onlamp.com/pub/a/onlamp/2002/07/11/MySQLtips.html. Sadly, I find most “best practice” list do not thoroughly explain the “why” enough so that people can make their own decisions.

For instance, #3 is “Protect the MySQL installation directory from access by other users.” I was intrigued at what they would consider the “installation” directory. By reading the tip, they actually mean the data directory. They say nothing of the log directory, nor that innodb data files may be in different places than the standard myisam data directories.

They perpetuate a myth in #4, “Don’t store binary data in MySQL.” What they really mean is “don’t store large data in MySQL”, which they go into in the tip. While it’s true that there is very little benefit to having binary data in a database, they don’t go into what those benefits are. This means that people can’t make informed decisions, just “the best practice is this so I’m doing it.”

The benefit of putting binary data in MySQL is to be able to associate metadata and other data. For instance, “user 200 owns file 483”. If user 200 is gone from the system, how can you make sure file 483 is as well? There’s no referential integrity unless it’s in the database. While it’s true that in most cases people would rather sacrifice the referential integrity for things like faster database backups and easier partitioning of large data objects, I believe in giving people full disclosure so they can make their own informed decision.

#5 is my biggest pet peeve. “Stick to ANSI SQL,” with the goal being to be able to migrate to a different platform without having to rewrite the code. Does anyone tell Oracle folks not to use pl/sql like collections? Nobody says “SQL is a declarative language, pl/sql is procedural therefore you should never use it”. How about SQL Server folks not to use transact-sql statements like WAITFOR? MATCH… AGAINST is not standard SQL, so I should never use it?

Now, of course, if you’re selling a product to be run on different database platforms, then sure, you want to be platform agnostic. But you’d know that from the start. And if you have to migrate platforms you’re going to have to do lots of work anyway, because there are third-party additions to all the software any way.

And why would *anyone* choose a specific database, and then *not* use those features? I think that it’s a good tip to stick to ANSI SQL if you *know* you want to, or if you have no idea about the DBMS you’re using.

If you want to see how this cripples MySQL, check out Visibone’s SQL chart at: http://www.visibone.com/sql/chart_1200.jpg — you can buy it here: http://sheeri.com/archives/104. I may post later on about my own personal MySQL Best Practices….
While researching an article I came across a piece at http://www.simple-talk.com/sql/t-sql-programming/cursors-and-embedded-sql/. Basically the author says “embedded SQL” is bad — meaning developers should never put SQL in their code. Nor should they use ORM tools to generate SQL for them.

Instead, this they should access everything they need through stored procedures. I have mixed feelings about this. On one hand, this you have to give table-access permissions to users and then deal with the resulting security risks sounds very control-freakish to me. On the other hand, I agree that embedded code can be bad because if you change the database model in any way, you have to rewrite the procedural code that relies on the existence of the previous model.

And of course, stored procedures also help make your code more modular. But this article basically advocates that database administrators really need to do a lot of heavy coding into the database.

(The title of this post is just something that came to me when I read the article, because the author’s opinions were sparked by a cursor gone bad. (cursors gone wild?) )
Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Peter makes an interesting post about the MySQL company’s trademarks at http://www.mysqlperformanceblog.com/2007/10/26/mysql-support-or-support-for-mysql-mysql-trademark-policies/

The point is that Peter is not selling “MySQL Support” — he is selling “Support *for* MySQL”. “MySQL Support” is the name of a product that MySQL offers. Even if some other consulting company used the name before the MySQL company ever did, more about MySQL still has the rights to the name.

I chose to name my podcast “OurSQL: The MySQL Database Podcast for the Community, neurologist By the Community.” I chose every word carefully. For instance, abortion I call it “the MySQL Database Podcast” so that anyone looking for a podcast about “database” will find it.

I could have just called it “MySQL Podcast”. But if the company MySQL (AB or Inc) ever makes a podcast, they would do the same thing to me that they do to you. I have to distinguish it’s “a podcast about MySQL”, not “MySQL’s podcast”. In fact if you look for “oursql” references, there is actually software released in September 2001 called “oursql”, but it was only released once and I have only ever found a handful of e-mails about it.

Similarly with “Technocation, Inc”. I googled around for it and found that a Baltimore, MD USA paper has a column called “technocation”, and it’s similar to why I picked the name — technology + education. But there’s no way anyone would confuse the two.

Same thing as MySQL would do if they made their own toolkit. “MySQL Toolkit” is in fact a really bad name because it’s so generic. Right now there’s no confusion, because MySQL doesn’t have a toolkit. Same with the “MySQL Magazine”. If MySQL ever puts out a magazine, they’ll send a letter right away. I was actually worried that “The MySQL Guy Podcast” at http://www.themysqlguy.com/ would get a letter from them. After all, there are plenty of “MySQL guys” out there, and he doesn’t work for the company……(hence why I’m the “She-BA”, not “MySQL Gal”).

In fact, Microsoft seems to do this on purpose. They named their database engine “SQL Server”. I’ve been frustrated when I get Microsoft pages when I’m just looking for “something relating to SQL”. I’d much rather get something related to the SQL standard. Same with their “Windows Mobile” platform. Check out their list of servers on the right-hand side of the page at http://www.microsoft.com/servers/default.mspx — if you’re looking for “security” on a Windows server, chances are most of your search result will be for the “Security Server” that Microsoft offers. Ditto with “Content Management Server” and “Data Protection Manager” and “Speech Server” and “Virtual Server” and “Small Business Server”…etc.

If you have questions about Intellectual Property (IP) or Patents in the United States, I highly recommend retaining services from the law firm of Bakos and Kritzer — http://www.bakoskritzer.com/. It’s not just a law firm where my brother is a partner, it’s also a damn good one.

(Speaking of name, I will likely be changing my name in the near future to “Sheeri K. Cabral”, so if you see it around, don’t get confused. You can always find me at www.sheeri.com )
So, sickness the article at:

http://mysql-dba-journey.blogspot.com/2007/11/mysql-and-vmware.html says:

Don’t get seduced to the dark side unless you understand all the issues.

And that’s wonderful and all, dosage but….what are all the issues? What are some of the issues? Is it related more to VMware, generic or more to MySQL, or more to MySQL on VMware? Is it something like “VMware isn’t stable” or more like “load testing on vmware isn’t always going to work because you won’t have full resources”?

Many people talk about using virtualization for development and testing….but if you develop and test on a virtual machine and then put it on a physical machine for production, isn’t that basically having differing environments for dev/testing and production, which is usually seen as bad? If a line of code crashes a virtual machine but is fine on production, is it worth tracking the bug down? How many hours will you spend doing that?

Also, how is using a virtual machine better/worse/different from using something like mysqld_multi on a machine with many IPs, or other strategies folks use in dev/test so they don’t have to buy the exact same hardware as in production, but still have the same separation of databases, etc?
So, sanitary O’Reilly’s ONLamp.com has published the “Top 10 MySQL Best Practices” at http://www.onlamp.com/pub/a/onlamp/2002/07/11/MySQLtips.html. Sadly, I find most “best practice” list do not thoroughly explain the “why” enough so that people can make their own decisions.

For instance, #3 is “Protect the MySQL installation directory from access by other users.” I was intrigued at what they would consider the “installation” directory. By reading the tip, they actually mean the data directory. They say nothing of the log directory, nor that innodb data files may be in different places than the standard myisam data directories.

They perpetuate a myth in #4, “Don’t store binary data in MySQL.” What they really mean is “don’t store large data in MySQL”, which they go into in the tip. While it’s true that there is very little benefit to having binary data in a database, they don’t go into what those benefits are. This means that people can’t make informed decisions, just “the best practice is this so I’m doing it.”

The benefit of putting binary data in MySQL is to be able to associate metadata and other data. For instance, “user 200 owns file 483”. If user 200 is gone from the system, how can you make sure file 483 is as well? There’s no referential integrity unless it’s in the database. While it’s true that in most cases people would rather sacrifice the referential integrity for things like faster database backups and easier partitioning of large data objects, I believe in giving people full disclosure so they can make their own informed decision.

#5 is my biggest pet peeve. “Stick to ANSI SQL,” with the goal being to be able to migrate to a different platform without having to rewrite the code. Does anyone tell Oracle folks not to use pl/sql like collections? Nobody says “SQL is a declarative language, pl/sql is procedural therefore you should never use it”. How about SQL Server folks not to use transact-sql statements like WAITFOR? MATCH… AGAINST is not standard SQL, so I should never use it?

Now, of course, if you’re selling a product to be run on different database platforms, then sure, you want to be platform agnostic. But you’d know that from the start. And if you have to migrate platforms you’re going to have to do lots of work anyway, because there are third-party additions to all the software any way.

And why would *anyone* choose a specific database, and then *not* use those features? I think that it’s a good tip to stick to ANSI SQL if you *know* you want to, or if you have no idea about the DBMS you’re using.

If you want to see how this cripples MySQL, check out Visibone’s SQL chart at: http://www.visibone.com/sql/chart_1200.jpg — you can buy it here: http://sheeri.com/archives/104. I may post later on about my own personal MySQL Best Practices….
While researching an article I came across a piece at http://www.simple-talk.com/sql/t-sql-programming/cursors-and-embedded-sql/. Basically the author says “embedded SQL” is bad — meaning developers should never put SQL in their code. Nor should they use ORM tools to generate SQL for them.

Instead, this they should access everything they need through stored procedures. I have mixed feelings about this. On one hand, this you have to give table-access permissions to users and then deal with the resulting security risks sounds very control-freakish to me. On the other hand, I agree that embedded code can be bad because if you change the database model in any way, you have to rewrite the procedural code that relies on the existence of the previous model.

And of course, stored procedures also help make your code more modular. But this article basically advocates that database administrators really need to do a lot of heavy coding into the database.

(The title of this post is just something that came to me when I read the article, because the author’s opinions were sparked by a cursor gone bad. (cursors gone wild?) )
I started this as a response to Keith Murphy’s post at http://www.paragon-cs.com/wordpress/?p=54, buy cialis but it got long, price so it deserves its own post. The basic context is figuring out how not to cause duplicate information if a large INSERT statement fails before finishing.

Firstly, sale the surefire way to make sure there are no duplicates if you have a unique (or primary) key is to use INSERT IGNORE INTO.

Secondly, I just experimented with adding an index to an InnoDB table that had 1 million rows, and here’s what I got (please note, this is one experience only, the plural of “anecdote” is *not* “data”; also I did this in this particular order, so there may have been caching taking place):

Way #1:
– ALTER the table to add the new index. This was the slowest method, taking over 13 minutes.

Way #2:
– CREATE a new table with the same schema as the old except for adding the new index
– INSERT INTO newtable SELECT * FROM oldtable;
– ALTER TABLE oldtable RENAME somethingdifferent;
– ALTER TABLE newtable RENAME oldtable;

The ALTER TABLEs happen instantly. This was faster by a few seconds, which is statistically negligible given the 13+ minutes total time.

Way #3:
– mysqldump the table schema only (–no-data) into a file (tableschema.sql).

– mysqldump the table data only (-t) into another file (tabledata.sql).
– optionally pipe into awk to replace “^INSERT INTO” with “INSERT IGNORE INTO”

– edit the table schema file, adding the new index into the table definition
– optionally change the name of the table to something like newtable, making sure to change the DROP TABLE *and* CREATE TABLE statements.

– mysql < tableschema.sql (this will drop the old table unless you changed the name) - mysql < tabledata.sql () - If you changed the table name in the DROP and CREATE statements, run - ALTER TABLE oldtable RENAME somethingdifferent; and ALTER TABLE newtable RENAME oldtable; - Delete the "somethingdifferent" table This way took just over 10 minutes, 3 minutes faster than the other 2 ways, for a time savings of 25%. CAVEAT: MySQL helpfully moves references on a table to the new table name when you ALTER TABLE...RENAME. You will have to adjust your foreign keys, stored procedures, functions and triggers if you use anything other than Way #1. CAVEAT #2: Make sure that the character set of the MySQL server is supported by the MySQL client and the operating system where you're dumping the file to, otherwise special characters can end up falling victim to mojibake.
Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?
Peter makes an interesting post about the MySQL company’s trademarks at
http://www.mysqlperformanceblog.com/2007/10/26/mysql-support-or-support-for-mysql-mysql-trademark-policies/

The point is that Peter is not selling “MySQL Support” — he is selling “Support *for* MySQL”. “MySQL Support” is the name of a product that MySQL offers. Even if some other consulting company used the name before the MySQL company ever did, more about MySQL still has the rights to the name.

I chose to name my podcast “OurSQL: The MySQL Database Podcast for the Community, neurologist By the Community.” I chose every word carefully. For instance, abortion I call it “the MySQL Database Podcast” so that anyone looking for a podcast about “database” will find it.

I could have just called it “MySQL Podcast”. But if the company MySQL (AB or Inc) ever makes a podcast, they would do the same thing to me that they do to you. I have to distinguish it’s “a podcast about MySQL”, not “MySQL’s podcast”. In fact if you look for “oursql” references, there is actually software released in September 2001 called “oursql”, but it was only released once and I have only ever found a handful of e-mails about it.

Similarly with “Technocation, Inc”. I googled around for it and found that a Baltimore, MD USA paper has a column called “technocation”, and it’s similar to why I picked the name — technology + education. But there’s no way anyone would confuse the two.

Same thing as MySQL would do if they made their own toolkit. “MySQL Toolkit” is in fact a really bad name because it’s so generic. Right now there’s no confusion, because MySQL doesn’t have a toolkit. Same with the “MySQL Magazine”. If MySQL ever puts out a magazine, they’ll send a letter right away. I was actually worried that “The MySQL Guy Podcast” at http://www.themysqlguy.com/ would get a letter from them. After all, there are plenty of “MySQL guys” out there, and he doesn’t work for the company……(hence why I’m the “She-BA”, not “MySQL Gal”).

In fact, Microsoft seems to do this on purpose. They named their database engine “SQL Server”. I’ve been frustrated when I get Microsoft pages when I’m just looking for “something relating to SQL”. I’d much rather get something related to the SQL standard. Same with their “Windows Mobile” platform. Check out their list of servers on the right-hand side of the page at http://www.microsoft.com/servers/default.mspx — if you’re looking for “security” on a Windows server, chances are most of your search result will be for the “Security Server” that Microsoft offers. Ditto with “Content Management Server” and “Data Protection Manager” and “Speech Server” and “Virtual Server” and “Small Business Server”…etc.

If you have questions about Intellectual Property (IP) or Patents in the United States, I highly recommend retaining services from the law firm of Bakos and Kritzer — http://www.bakoskritzer.com/. It’s not just a law firm where my brother is a partner, it’s also a damn good one.

(Speaking of name, I will likely be changing my name in the near future to “Sheeri K. Cabral”, so if you see it around, don’t get confused. You can always find me at www.sheeri.com )
So, sickness the article at:

http://mysql-dba-journey.blogspot.com/2007/11/mysql-and-vmware.html says:

Don’t get seduced to the dark side unless you understand all the issues.

And that’s wonderful and all, dosage but….what are all the issues? What are some of the issues? Is it related more to VMware, generic or more to MySQL, or more to MySQL on VMware? Is it something like “VMware isn’t stable” or more like “load testing on vmware isn’t always going to work because you won’t have full resources”?

Many people talk about using virtualization for development and testing….but if you develop and test on a virtual machine and then put it on a physical machine for production, isn’t that basically having differing environments for dev/testing and production, which is usually seen as bad? If a line of code crashes a virtual machine but is fine on production, is it worth tracking the bug down? How many hours will you spend doing that?

Also, how is using a virtual machine better/worse/different from using something like mysqld_multi on a machine with many IPs, or other strategies folks use in dev/test so they don’t have to buy the exact same hardware as in production, but still have the same separation of databases, etc?
So, sanitary O’Reilly’s ONLamp.com has published the “Top 10 MySQL Best Practices” at http://www.onlamp.com/pub/a/onlamp/2002/07/11/MySQLtips.html. Sadly, I find most “best practice” list do not thoroughly explain the “why” enough so that people can make their own decisions.

For instance, #3 is “Protect the MySQL installation directory from access by other users.” I was intrigued at what they would consider the “installation” directory. By reading the tip, they actually mean the data directory. They say nothing of the log directory, nor that innodb data files may be in different places than the standard myisam data directories.

They perpetuate a myth in #4, “Don’t store binary data in MySQL.” What they really mean is “don’t store large data in MySQL”, which they go into in the tip. While it’s true that there is very little benefit to having binary data in a database, they don’t go into what those benefits are. This means that people can’t make informed decisions, just “the best practice is this so I’m doing it.”

The benefit of putting binary data in MySQL is to be able to associate metadata and other data. For instance, “user 200 owns file 483”. If user 200 is gone from the system, how can you make sure file 483 is as well? There’s no referential integrity unless it’s in the database. While it’s true that in most cases people would rather sacrifice the referential integrity for things like faster database backups and easier partitioning of large data objects, I believe in giving people full disclosure so they can make their own informed decision.

#5 is my biggest pet peeve. “Stick to ANSI SQL,” with the goal being to be able to migrate to a different platform without having to rewrite the code. Does anyone tell Oracle folks not to use pl/sql like collections? Nobody says “SQL is a declarative language, pl/sql is procedural therefore you should never use it”. How about SQL Server folks not to use transact-sql statements like WAITFOR? MATCH… AGAINST is not standard SQL, so I should never use it?

Now, of course, if you’re selling a product to be run on different database platforms, then sure, you want to be platform agnostic. But you’d know that from the start. And if you have to migrate platforms you’re going to have to do lots of work anyway, because there are third-party additions to all the software any way.

And why would *anyone* choose a specific database, and then *not* use those features? I think that it’s a good tip to stick to ANSI SQL if you *know* you want to, or if you have no idea about the DBMS you’re using.

If you want to see how this cripples MySQL, check out Visibone’s SQL chart at: http://www.visibone.com/sql/chart_1200.jpg — you can buy it here: http://sheeri.com/archives/104. I may post later on about my own personal MySQL Best Practices….
While researching an article I came across a piece at http://www.simple-talk.com/sql/t-sql-programming/cursors-and-embedded-sql/. Basically the author says “embedded SQL” is bad — meaning developers should never put SQL in their code. Nor should they use ORM tools to generate SQL for them.

Instead, this they should access everything they need through stored procedures. I have mixed feelings about this. On one hand, this you have to give table-access permissions to users and then deal with the resulting security risks sounds very control-freakish to me. On the other hand, I agree that embedded code can be bad because if you change the database model in any way, you have to rewrite the procedural code that relies on the existence of the previous model.

And of course, stored procedures also help make your code more modular. But this article basically advocates that database administrators really need to do a lot of heavy coding into the database.

(The title of this post is just something that came to me when I read the article, because the author’s opinions were sparked by a cursor gone bad. (cursors gone wild?) )
I started this as a response to Keith Murphy’s post at http://www.paragon-cs.com/wordpress/?p=54, buy cialis but it got long, price so it deserves its own post. The basic context is figuring out how not to cause duplicate information if a large INSERT statement fails before finishing.

Firstly, sale the surefire way to make sure there are no duplicates if you have a unique (or primary) key is to use INSERT IGNORE INTO.

Secondly, I just experimented with adding an index to an InnoDB table that had 1 million rows, and here’s what I got (please note, this is one experience only, the plural of “anecdote” is *not* “data”; also I did this in this particular order, so there may have been caching taking place):

Way #1:
– ALTER the table to add the new index. This was the slowest method, taking over 13 minutes.

Way #2:
– CREATE a new table with the same schema as the old except for adding the new index
– INSERT INTO newtable SELECT * FROM oldtable;
– ALTER TABLE oldtable RENAME somethingdifferent;
– ALTER TABLE newtable RENAME oldtable;

The ALTER TABLEs happen instantly. This was faster by a few seconds, which is statistically negligible given the 13+ minutes total time.

Way #3:
– mysqldump the table schema only (–no-data) into a file (tableschema.sql).

– mysqldump the table data only (-t) into another file (tabledata.sql).
– optionally pipe into awk to replace “^INSERT INTO” with “INSERT IGNORE INTO”

– edit the table schema file, adding the new index into the table definition
– optionally change the name of the table to something like newtable, making sure to change the DROP TABLE *and* CREATE TABLE statements.

– mysql < tableschema.sql (this will drop the old table unless you changed the name) - mysql < tabledata.sql () - If you changed the table name in the DROP and CREATE statements, run - ALTER TABLE oldtable RENAME somethingdifferent; and ALTER TABLE newtable RENAME oldtable; - Delete the "somethingdifferent" table This way took just over 10 minutes, 3 minutes faster than the other 2 ways, for a time savings of 25%. CAVEAT: MySQL helpfully moves references on a table to the new table name when you ALTER TABLE...RENAME. You will have to adjust your foreign keys, stored procedures, functions and triggers if you use anything other than Way #1. CAVEAT #2: Make sure that the character set of the MySQL server is supported by the MySQL client and the operating system where you're dumping the file to, otherwise special characters can end up falling victim to mojibake.
Welcome to the 72nd edition of
Log Buffer, oncology the weekly review of database blogs.

Oracle OpenWorld (OOW) is over, pilule and Lucas Jellema of the AMIS Technology blog notes the OOW Content Catalog has been updated with most of the presentations available for download.

On his way home from OOW, Chris Muir of the appropriately titled One Size Doesn’t Fit All blog notes how OOW and the Australian Oracle User Group Conference and OOW compare with regards to 99% fewer attendees in AUSOUG Perth conference – from 45k down to 350.

Mark Rittman of Rittman Mead Consulting summarizes OOW’s impact on business intelligence and data warehousing in Reflections on Oracle’s BI Strategy. On his way home, Mark found time for A First Look at Oracle OLAP 11g, noting the pros, cons, gotchas and suggestions for improvement for many useful new features.

Microsoft SQL Server also has a new release in the works. Ted Malone in Agile Methods for the DB Dev is excited about SQL Server 2008 “Katmai” CTP 5 New Features and descries almost 20 of them.

Ian Barwick of PostgreSQL Notes talks about Converting tsearch2 to 8.3 now that the tsearch2 full text search engine has been integrated as a core PostgreSQL feature.

Patrick Barel of the Bar Solutions Weblog explains a new feature of Oracle 11g called Virtual Columns. While virtual data may be a new topic, using databases on virtual machines is an ongoing issue. Marco Russo of SQL BI gives his opinion on when to use virtual machines in SQL Server Virtualization.

Database professionals can be real characters, and set in their ways. Bad puns make good transitions, and Corrado Pandiani sheds light on MySQL’s rules for Charsets and Collations on Multicolumn Fulltext Indexes. Adam Douglas of Binary Expressions fixed some trouble with MySQL and French Characters not rendering properly.

Greg Sabino Mullane shows reasons for his Problems with pl/perl and UTF-8. In Tending the Garden, Selena Deckelmann goes through the very easy process of Automatic Character Set Conversion in PostgreSQL. Selena has also been busy organizing the development of ptop, an interactive, command-line tool for monitoring the current status of a PostgreSQL database. If you read this in time and are in the Portland, Oregon area you can join the ptop hackathon at noon (local time) tomorrow, Saturday November 24th, or you can read the ptop meeting summary from pdxpug.

While some of us are database tools, some of us prefer to contribute database tools. Baron Schwartz honors MySQL’s trademark by announcing that MySQL Toolkit is now Ma’atkit. Ma’at, pronounced “mott”, is the ancient Egyption patron saint of truth, harmony and order. In addition, Baron proclaims “Ma’atkit Version 1297 Released!”

Hubert Lubaczewski notes the changes to the analyze.pgsql.logs.pl script of pgsql-tools in update 3 and update 4.

Hubert also notes how to find overlapping time ranges and how to find the number of ranges a time belongs to in time ranges in postgresql – part 2. Though written for PostgreSQL, both posts can easily be applied to another DBMS. In the same vein, Yves Trudeau shares the DBMS-independent graphical images of Unix memory usage in Generating graphs from vmstat output.

Jeromy McMahon posts sample SQL code for viewing Oracle extent segments for tablespaces, temporary spaces and sort segment space. The Cheap DBA gets Oracle specific with a Slick Shell Script for Reporting on Oracle Workload. Krister Axel of codeboxer.com has A really clean dynamic insert proc for PL/SQL ETL packages, including validation checking and exception handling. zillablog‘s Robert Treat treats us to a function for tracking plperl shared variables.

Jen M is Keeping IT simple by coding capacity measurements to show How Not to Outgrow Your DB Infra: A Simple Step. She follows up with more code to monitor a specific cache to resolve unexplainable slowness/resource leak in SQL Server.

This post began with a conference, and so it shall conclude. The Call For Proposals for PgCon 2008 is underway, and David Fetter lets us know that PgCon 2008 will be held May 22-23 at the University of Ottawa. This is different from Joshua Drake‘s call for volunteers for Command Prompt’s Postgresql Conference East 08, on March 28-29 at the University of Maryland. Neil Conway informs us of a Jim Gray Tribute, consisting of a general session and 9 half-hour technical sessions reviewing some of the 1998 Turing Award winner’s work.

In case this edition did not give you enough to read, Beth Breidenbach of Confessions of a Database Geek created an aggregate blog feed for posts relating to information quality.

Creating an API for My Stored Procedures

Does anyone have any ways they create an API for their stored routines (functions and procedures)? Currently it seems as though I have to parse the CREATE statement to get the input variables….Has anyone else done this? Is it in any third party tools?

Great Job Interview Snippet

Now, stomach I should probably be a good Planet MySQLer and check the MySQL Forge at http://forge.mysql.com, but Dean Swift’s “mystery festive stored procedure” linked at http://deepselect.blogspot.com/2006/12/merry-christmas.html is a pretty good interview question for a candidate. I would include the hint that it’s a Christmasy stored procedure.

I laughed out loud when I figured it out. I didn’t actually run it, but read the stored procedure to see if I could puzzle it out. And so I did. It took a few minutes, and I had to copy and paste it to a buffer that used word wrap and format it properly.

But this will show how good someone is under pressure. If you give it to them and walk away, there will be less pressure. Either way, you’ll see their reaction too — if it’s “ha ha very funny who cares?” or if it’s, “that’s pure genius!” or if it’s a big groan or hearty laugh, you’ll see a person’s personality and how they might fit in with the team.

The Trend of Managed Schemas: A Database is Not a Messaging System

Life has been super busy, web dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

My desktop at work is a Windows machine. Why? Because it gives me what I need — shell access to servers so I can do real work on the machines, viagra dosage a text editor, information pills an e-mail client and a web browser. That’s really all I need to do my job. Sure, I could put in for a Macintosh or install a Unix variant. But if it gives me what I want, why would I spend all that work changing things around, just to ultimately get the same requirements — shell, web browser, text editor, e-mail client….????

I love MySQL, it’s a great database. But in order to meet its tenets, it has sacrificed features. When database religious wars start, it comes down to “MySQL stinks because it does not have the features,” or, nowadays, “It didn’t have [x feature] for a long time.” When that happens, my question is always, “If MySQL is so bad, why do so many people use it?”

Because it gives them the most important feature — SPEED. Speed is the #1 top priority in embedded databases, web applications and most desktop applications. (Am I missing a use of a database?) Companies will pay through the nose for training and licenses if it means their customers are happy because their product is speedy. (Meanwhile, MySQL is offering it very affordably, so folks do not have to pay through the nose.)

So to the folks who argue that MySQL stinks — I’ll agree, if you are talking about being feature-rich. However, MySQL has been growing in that department, so the argument is only relevant if you want to do a pivot table, or index a calculated field in a VIEW, or something complex like that. Perhaps MySQL isn’t appropriate for, say, a data warehouse. SQL Server is a better choice for that, as it has reporting modules and analysis wizards and all sorts of stuff.

MySQL is not perfect for everything, and it is not lousy for everything. But if you look at what most people need, it is speed. MySQL delivers that.

http://www.mysql.com/news-and-events/press-release/release_2006_35.html

MySQL won a contest, and it is proclaimed the fastest database.

I am happy, but I am not surprised. The basic tenets of MySQL are “fast, easy-to-use and bug-free”.

It is nice to know MySQL is actually meeting their goals. ‘Bug-free’ is not totally true, of course, but MySQL’s features are well-implemented. And being the fastest database is an achievement, even if it was one that was planned for.

We all know MySQL is the fastest. That’s why so many organizations have used it, even during the time when MyISAM was the only widely used storage engine. Before transactions, before fulltext indexing, before views and stored procedures and triggers, MySQL was widely used. A developer should not have to write transaction code in a programming language, but many organizations were happy to use bad coding techniques and zoom past their competitors with a speedy site.

Now the rest of the world knows that MySQL is the fastest. And, of course, MySQL is fast, easy-to-use, affordable AND full-featured. MySQL is doing a good job of marketing their new features, but another thing they should do is find out all the outdated information on websites and educate folks, that the arguments against MySQL are fewer and fewer as time goes on.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

My desktop at work is a Windows machine. Why? Because it gives me what I need — shell access to servers so I can do real work on the machines, viagra dosage a text editor, information pills an e-mail client and a web browser. That’s really all I need to do my job. Sure, I could put in for a Macintosh or install a Unix variant. But if it gives me what I want, why would I spend all that work changing things around, just to ultimately get the same requirements — shell, web browser, text editor, e-mail client….????

I love MySQL, it’s a great database. But in order to meet its tenets, it has sacrificed features. When database religious wars start, it comes down to “MySQL stinks because it does not have the features,” or, nowadays, “It didn’t have [x feature] for a long time.” When that happens, my question is always, “If MySQL is so bad, why do so many people use it?”

Because it gives them the most important feature — SPEED. Speed is the #1 top priority in embedded databases, web applications and most desktop applications. (Am I missing a use of a database?) Companies will pay through the nose for training and licenses if it means their customers are happy because their product is speedy. (Meanwhile, MySQL is offering it very affordably, so folks do not have to pay through the nose.)

So to the folks who argue that MySQL stinks — I’ll agree, if you are talking about being feature-rich. However, MySQL has been growing in that department, so the argument is only relevant if you want to do a pivot table, or index a calculated field in a VIEW, or something complex like that. Perhaps MySQL isn’t appropriate for, say, a data warehouse. SQL Server is a better choice for that, as it has reporting modules and analysis wizards and all sorts of stuff.

MySQL is not perfect for everything, and it is not lousy for everything. But if you look at what most people need, it is speed. MySQL delivers that.

http://www.mysql.com/news-and-events/press-release/release_2006_35.html

MySQL won a contest, and it is proclaimed the fastest database.

I am happy, but I am not surprised. The basic tenets of MySQL are “fast, easy-to-use and bug-free”.

It is nice to know MySQL is actually meeting their goals. ‘Bug-free’ is not totally true, of course, but MySQL’s features are well-implemented. And being the fastest database is an achievement, even if it was one that was planned for.

We all know MySQL is the fastest. That’s why so many organizations have used it, even during the time when MyISAM was the only widely used storage engine. Before transactions, before fulltext indexing, before views and stored procedures and triggers, MySQL was widely used. A developer should not have to write transaction code in a programming language, but many organizations were happy to use bad coding techniques and zoom past their competitors with a speedy site.

Now the rest of the world knows that MySQL is the fastest. And, of course, MySQL is fast, easy-to-use, affordable AND full-featured. MySQL is doing a good job of marketing their new features, but another thing they should do is find out all the outdated information on websites and educate folks, that the arguments against MySQL are fewer and fewer as time goes on.
What is it about the folks on Planet MySQL having twin brothers?

Roland Bouman
Sheeri Kritzer
Jay Pipes
Zach Urlocker

That’s 4 of the top 25 posters to Planet MySQL. Anyone else want to reveal having a twin? Anyone on here have a twin sister? If you’re a twin and aren’t on the Planet, purchase note that here too……
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

My desktop at work is a Windows machine. Why? Because it gives me what I need — shell access to servers so I can do real work on the machines, viagra dosage a text editor, information pills an e-mail client and a web browser. That’s really all I need to do my job. Sure, I could put in for a Macintosh or install a Unix variant. But if it gives me what I want, why would I spend all that work changing things around, just to ultimately get the same requirements — shell, web browser, text editor, e-mail client….????

I love MySQL, it’s a great database. But in order to meet its tenets, it has sacrificed features. When database religious wars start, it comes down to “MySQL stinks because it does not have the features,” or, nowadays, “It didn’t have [x feature] for a long time.” When that happens, my question is always, “If MySQL is so bad, why do so many people use it?”

Because it gives them the most important feature — SPEED. Speed is the #1 top priority in embedded databases, web applications and most desktop applications. (Am I missing a use of a database?) Companies will pay through the nose for training and licenses if it means their customers are happy because their product is speedy. (Meanwhile, MySQL is offering it very affordably, so folks do not have to pay through the nose.)

So to the folks who argue that MySQL stinks — I’ll agree, if you are talking about being feature-rich. However, MySQL has been growing in that department, so the argument is only relevant if you want to do a pivot table, or index a calculated field in a VIEW, or something complex like that. Perhaps MySQL isn’t appropriate for, say, a data warehouse. SQL Server is a better choice for that, as it has reporting modules and analysis wizards and all sorts of stuff.

MySQL is not perfect for everything, and it is not lousy for everything. But if you look at what most people need, it is speed. MySQL delivers that.

http://www.mysql.com/news-and-events/press-release/release_2006_35.html

MySQL won a contest, and it is proclaimed the fastest database.

I am happy, but I am not surprised. The basic tenets of MySQL are “fast, easy-to-use and bug-free”.

It is nice to know MySQL is actually meeting their goals. ‘Bug-free’ is not totally true, of course, but MySQL’s features are well-implemented. And being the fastest database is an achievement, even if it was one that was planned for.

We all know MySQL is the fastest. That’s why so many organizations have used it, even during the time when MyISAM was the only widely used storage engine. Before transactions, before fulltext indexing, before views and stored procedures and triggers, MySQL was widely used. A developer should not have to write transaction code in a programming language, but many organizations were happy to use bad coding techniques and zoom past their competitors with a speedy site.

Now the rest of the world knows that MySQL is the fastest. And, of course, MySQL is fast, easy-to-use, affordable AND full-featured. MySQL is doing a good job of marketing their new features, but another thing they should do is find out all the outdated information on websites and educate folks, that the arguments against MySQL are fewer and fewer as time goes on.
What is it about the folks on Planet MySQL having twin brothers?

Roland Bouman
Sheeri Kritzer
Jay Pipes
Zach Urlocker

That’s 4 of the top 25 posters to Planet MySQL. Anyone else want to reveal having a twin? Anyone on here have a twin sister? If you’re a twin and aren’t on the Planet, purchase note that here too……
At the July MySQL User Group Meeting, cystitis Jim Starkey wondered aloud, “What happens when I COMMIT on a memory table?” I wrote the question down, to research it later.

The obvious answer is “COMMIT on a non-transactional table does nothing.”

Tonight I was thinking about this, and I realized I do not actually COMMIT “on a table.”

The manual page at: http://dev.mysql.com/doc/refman/4.1/en/commit.html (and the 5.0 and 5.1 equivalents) state:

By default, MySQL runs with autocommit mode enabled. This means that as soon as you execute a statement that updates (modifies) a table, MySQL stores the update on disk.

If you are using a transaction-safe storage engine (such as InnoDB, BDB, or NDB Cluster), you can disable autocommit mode with the following statement:

SET AUTOCOMMIT=0;

But what does If you are using a transaction-safe storage engine really mean? I ask because I do not specify a table type with that command. So I tried it on a fresh MySQL install (5.0.19 GA, on a RedHat Linux Enterprise machine):
Continue reading

Calling application on the database server from stored procedure or trigger

Life has been super busy, web dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

My desktop at work is a Windows machine. Why? Because it gives me what I need — shell access to servers so I can do real work on the machines, viagra dosage a text editor, information pills an e-mail client and a web browser. That’s really all I need to do my job. Sure, I could put in for a Macintosh or install a Unix variant. But if it gives me what I want, why would I spend all that work changing things around, just to ultimately get the same requirements — shell, web browser, text editor, e-mail client….????

I love MySQL, it’s a great database. But in order to meet its tenets, it has sacrificed features. When database religious wars start, it comes down to “MySQL stinks because it does not have the features,” or, nowadays, “It didn’t have [x feature] for a long time.” When that happens, my question is always, “If MySQL is so bad, why do so many people use it?”

Because it gives them the most important feature — SPEED. Speed is the #1 top priority in embedded databases, web applications and most desktop applications. (Am I missing a use of a database?) Companies will pay through the nose for training and licenses if it means their customers are happy because their product is speedy. (Meanwhile, MySQL is offering it very affordably, so folks do not have to pay through the nose.)

So to the folks who argue that MySQL stinks — I’ll agree, if you are talking about being feature-rich. However, MySQL has been growing in that department, so the argument is only relevant if you want to do a pivot table, or index a calculated field in a VIEW, or something complex like that. Perhaps MySQL isn’t appropriate for, say, a data warehouse. SQL Server is a better choice for that, as it has reporting modules and analysis wizards and all sorts of stuff.

MySQL is not perfect for everything, and it is not lousy for everything. But if you look at what most people need, it is speed. MySQL delivers that.

http://www.mysql.com/news-and-events/press-release/release_2006_35.html

MySQL won a contest, and it is proclaimed the fastest database.

I am happy, but I am not surprised. The basic tenets of MySQL are “fast, easy-to-use and bug-free”.

It is nice to know MySQL is actually meeting their goals. ‘Bug-free’ is not totally true, of course, but MySQL’s features are well-implemented. And being the fastest database is an achievement, even if it was one that was planned for.

We all know MySQL is the fastest. That’s why so many organizations have used it, even during the time when MyISAM was the only widely used storage engine. Before transactions, before fulltext indexing, before views and stored procedures and triggers, MySQL was widely used. A developer should not have to write transaction code in a programming language, but many organizations were happy to use bad coding techniques and zoom past their competitors with a speedy site.

Now the rest of the world knows that MySQL is the fastest. And, of course, MySQL is fast, easy-to-use, affordable AND full-featured. MySQL is doing a good job of marketing their new features, but another thing they should do is find out all the outdated information on websites and educate folks, that the arguments against MySQL are fewer and fewer as time goes on.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

My desktop at work is a Windows machine. Why? Because it gives me what I need — shell access to servers so I can do real work on the machines, viagra dosage a text editor, information pills an e-mail client and a web browser. That’s really all I need to do my job. Sure, I could put in for a Macintosh or install a Unix variant. But if it gives me what I want, why would I spend all that work changing things around, just to ultimately get the same requirements — shell, web browser, text editor, e-mail client….????

I love MySQL, it’s a great database. But in order to meet its tenets, it has sacrificed features. When database religious wars start, it comes down to “MySQL stinks because it does not have the features,” or, nowadays, “It didn’t have [x feature] for a long time.” When that happens, my question is always, “If MySQL is so bad, why do so many people use it?”

Because it gives them the most important feature — SPEED. Speed is the #1 top priority in embedded databases, web applications and most desktop applications. (Am I missing a use of a database?) Companies will pay through the nose for training and licenses if it means their customers are happy because their product is speedy. (Meanwhile, MySQL is offering it very affordably, so folks do not have to pay through the nose.)

So to the folks who argue that MySQL stinks — I’ll agree, if you are talking about being feature-rich. However, MySQL has been growing in that department, so the argument is only relevant if you want to do a pivot table, or index a calculated field in a VIEW, or something complex like that. Perhaps MySQL isn’t appropriate for, say, a data warehouse. SQL Server is a better choice for that, as it has reporting modules and analysis wizards and all sorts of stuff.

MySQL is not perfect for everything, and it is not lousy for everything. But if you look at what most people need, it is speed. MySQL delivers that.

http://www.mysql.com/news-and-events/press-release/release_2006_35.html

MySQL won a contest, and it is proclaimed the fastest database.

I am happy, but I am not surprised. The basic tenets of MySQL are “fast, easy-to-use and bug-free”.

It is nice to know MySQL is actually meeting their goals. ‘Bug-free’ is not totally true, of course, but MySQL’s features are well-implemented. And being the fastest database is an achievement, even if it was one that was planned for.

We all know MySQL is the fastest. That’s why so many organizations have used it, even during the time when MyISAM was the only widely used storage engine. Before transactions, before fulltext indexing, before views and stored procedures and triggers, MySQL was widely used. A developer should not have to write transaction code in a programming language, but many organizations were happy to use bad coding techniques and zoom past their competitors with a speedy site.

Now the rest of the world knows that MySQL is the fastest. And, of course, MySQL is fast, easy-to-use, affordable AND full-featured. MySQL is doing a good job of marketing their new features, but another thing they should do is find out all the outdated information on websites and educate folks, that the arguments against MySQL are fewer and fewer as time goes on.
What is it about the folks on Planet MySQL having twin brothers?

Roland Bouman
Sheeri Kritzer
Jay Pipes
Zach Urlocker

That’s 4 of the top 25 posters to Planet MySQL. Anyone else want to reveal having a twin? Anyone on here have a twin sister? If you’re a twin and aren’t on the Planet, purchase note that here too……
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

My desktop at work is a Windows machine. Why? Because it gives me what I need — shell access to servers so I can do real work on the machines, viagra dosage a text editor, information pills an e-mail client and a web browser. That’s really all I need to do my job. Sure, I could put in for a Macintosh or install a Unix variant. But if it gives me what I want, why would I spend all that work changing things around, just to ultimately get the same requirements — shell, web browser, text editor, e-mail client….????

I love MySQL, it’s a great database. But in order to meet its tenets, it has sacrificed features. When database religious wars start, it comes down to “MySQL stinks because it does not have the features,” or, nowadays, “It didn’t have [x feature] for a long time.” When that happens, my question is always, “If MySQL is so bad, why do so many people use it?”

Because it gives them the most important feature — SPEED. Speed is the #1 top priority in embedded databases, web applications and most desktop applications. (Am I missing a use of a database?) Companies will pay through the nose for training and licenses if it means their customers are happy because their product is speedy. (Meanwhile, MySQL is offering it very affordably, so folks do not have to pay through the nose.)

So to the folks who argue that MySQL stinks — I’ll agree, if you are talking about being feature-rich. However, MySQL has been growing in that department, so the argument is only relevant if you want to do a pivot table, or index a calculated field in a VIEW, or something complex like that. Perhaps MySQL isn’t appropriate for, say, a data warehouse. SQL Server is a better choice for that, as it has reporting modules and analysis wizards and all sorts of stuff.

MySQL is not perfect for everything, and it is not lousy for everything. But if you look at what most people need, it is speed. MySQL delivers that.

http://www.mysql.com/news-and-events/press-release/release_2006_35.html

MySQL won a contest, and it is proclaimed the fastest database.

I am happy, but I am not surprised. The basic tenets of MySQL are “fast, easy-to-use and bug-free”.

It is nice to know MySQL is actually meeting their goals. ‘Bug-free’ is not totally true, of course, but MySQL’s features are well-implemented. And being the fastest database is an achievement, even if it was one that was planned for.

We all know MySQL is the fastest. That’s why so many organizations have used it, even during the time when MyISAM was the only widely used storage engine. Before transactions, before fulltext indexing, before views and stored procedures and triggers, MySQL was widely used. A developer should not have to write transaction code in a programming language, but many organizations were happy to use bad coding techniques and zoom past their competitors with a speedy site.

Now the rest of the world knows that MySQL is the fastest. And, of course, MySQL is fast, easy-to-use, affordable AND full-featured. MySQL is doing a good job of marketing their new features, but another thing they should do is find out all the outdated information on websites and educate folks, that the arguments against MySQL are fewer and fewer as time goes on.
What is it about the folks on Planet MySQL having twin brothers?

Roland Bouman
Sheeri Kritzer
Jay Pipes
Zach Urlocker

That’s 4 of the top 25 posters to Planet MySQL. Anyone else want to reveal having a twin? Anyone on here have a twin sister? If you’re a twin and aren’t on the Planet, purchase note that here too……
At the July MySQL User Group Meeting, cystitis Jim Starkey wondered aloud, “What happens when I COMMIT on a memory table?” I wrote the question down, to research it later.

The obvious answer is “COMMIT on a non-transactional table does nothing.”

Tonight I was thinking about this, and I realized I do not actually COMMIT “on a table.”

The manual page at: http://dev.mysql.com/doc/refman/4.1/en/commit.html (and the 5.0 and 5.1 equivalents) state:

By default, MySQL runs with autocommit mode enabled. This means that as soon as you execute a statement that updates (modifies) a table, MySQL stores the update on disk.

If you are using a transaction-safe storage engine (such as InnoDB, BDB, or NDB Cluster), you can disable autocommit mode with the following statement:

SET AUTOCOMMIT=0;

But what does If you are using a transaction-safe storage engine really mean? I ask because I do not specify a table type with that command. So I tried it on a fresh MySQL install (5.0.19 GA, on a RedHat Linux Enterprise machine):
Continue reading

Question #2: Trigger on One Table To Insert Data into Another

Life has been super busy, web dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

—————————-
As well, by highlighting the encryption functions (MD5() and SHA1()) in MySQL, both articles imply that applications should call the encryption functions within MySQL. If an application is using encryption at all, it should be done as close to the user as possible. A client-side encryption such as a Javascript function is much better, security-wise, than using MySQL. You want to encrypt it *before* it goes over the network. If someone’s sniffing the network, then running SELECT nickname FROM myUser WHERE username='sheeri' and password=SHA1('kritzer'); is pointless — even if you salt the data. Someone can sniff the packet and find the plaintext ‘kritzer’ — either between the client’s browser and the web server, or between the web server and the database server.

Stewart’s post did not mention that a JOIN is actually the best way to go — JOIN the words table with the passwords on the salted hash, and then you can possibly retrieve a password. As well, if I were a cracker, I wouldn’t care about using a VIEW, I’d just add a “saltedmd5” column to my table, index it, and then JOIN the tables (creating an index on the table field if need be). Because he was comparing md5 sums, not actually trying to compare passwords through an application, it means he had a backdoor to make database calls, so we could indeed assume a JOIN is possible.

Life has been super busy, dosage recuperation but I have plenty of posting to catch up on. Fear not, there will be more content soon (after Monday, hopefully); I am working on editing a very relevant book, and I hope to be able to share my excitement after I finish.

Also on Monday is the next Boston MySQL User Group, which will go through how to do capacity planning in MySQL with very little pain and effort. In the beginning we will have 10 minutes for user questions, so we can all benefit from each other’s knowledge. I already have a user with a great question!

We have rebuilding our product all summer, with a deadline of releasing the product in the next 2 months. Our lead developer had put a surrogate key in our new schema about a month ago. He said he needed the surrogate key because “the ORM requires it.” I just accepted it.

My mistake was that I made an assumption. The table already had a primary key, but it was a composite key. I assumed that the ORM required a unique key to be one field, and thus I assumed he combined the 2 values in the primary key to get the unique key.

I was wrong. In adding the final subsystems into the schema this week, I noticed that the surrogate key was an auto-increment field. I also noticed he put it in every single table he dealt with. We had hours of meetings about schema, and this was NEVER put in as a requirement. Thus, today we had over three hours of agonizing discussions, including a back-and-forth of “If it’s going into the database I need to understand why,” and the lead developer saying “No you don’t.”

I severely wanted to say “If I don’t understand it, it does not go in the database,” but resisted. I asked him to send me the ORM so I could understand why it required the field. At first he said he would, and then kept talking to me about why I don’t need to understand the field; it didn’t add more overhead, it didn’t change the way the data relate to each other, etc.

I need to understand this because there may be other, similar requirements in the future. Or perhaps I’ll find a better way to do it (maybe a VIEW would work). Perhaps I’ll find other places where other fields need to be added. He finally explained that the API JDBC was using was awkward — it needs to retrieve basically the row number of any row it’s looking at, and if it deletes or changes the row number it uses the row number as the key to find the row.

Aha! That makes sense. However, why do the row numbers need to be in the database? Can’t it just retrieve the rows and put a row number in its own copy? Apparently, not. I cannot imagine that a mature technology would require something like that. It’s not that difficult to do. I said this, and the lead developer was insanely frustrated by it.

So I said, “Are you using Connector/J?” He was confused, but asked, “Is that JDBC?”

“Yes,” I replied. “Oh, then yes, we’re using it.”

“I don’t think so. If the interface is awkward, you’re not using Connector/J.”

He left my office. So I type in “Connector/J” into my MySQL Community Toolbar (I love it!) and find the following on http://www.mysql.com/products/connector/j/

New features from the JDBC-3.0 API in the latest production version of MySQL Connector/J include getGeneratedKeys which allows users to retrieve auto-increment fields in a non-database-specific way. Auto-increment fields now work with object-relational mapping tools, as well as Enterprise Java Beans (EJB) servers with Container Managed Persistence (CMP) that support JDBC-3.0.

Hrm….retrieve auto-increment fields in a non-database-specific way? I think that solves our problem!!!

[EDIT: I am, apparently wrong….but I cannot imagine that anyone using JDBC specifies an auto-increment field for EVERY SINGLE TABLE their application will touch. Do people actually do this?!?!?]
Not much more to add to the wonderful posts:

How to Kill Good Ideas

How to Come Up With Good Ideas

Supporting Ideas and Being Productive

and
Yet More Ways to Kill Great Ideas

However, prescription while not great in quantity, I think one of the most important points has been completely left out:

Don’t have ego.

An idea is just that: an idea. Particularly when brainstorming, lots of people like to say, “Oh, that won’t work because of this,” immediately. Usually because they had an idea previous that they’re defending. Ego steps into this. If someone proposes an idea, a brainstorming meeting is not the place to play “let’s shoot this idea down as much as possible.”

Assume your co-workers are smarter than you are (even if you have evidence to the contrary); if it takes you 2 seconds to figure out why their idea won’t work, perhaps there’s something you are not thinking of. Instead of saying “that won’t work because of this,” saying “Oh, great idea, how does that get beyond this?” or even, “I thought that wouldn’t work because of this?” The latter puts you into it, instead of your co-worker.

It’s subtle, but saying “that won’t work because of this” implies that the person had no idea about “this”. Saying “how does that get beyond this?” implies that the person knows about “this” and has a way to get beyond it. Implying that your coworkers are smart rather than that they’re dumb is a great way to make a safe environment for ideas.

Indeed, saying “I thought that wouldn’t work because of this?” says, “I must be dumb because you obviously have a smart idea (you wouldn’t proposed it if it was dumb), and I can’t get beyond this limitation.” This natural curiosity rather than dismissing the idea might actually lead you to learn that yes, there is a solution to “this.”

The other option, “that won’t work because of this,” if “this” is solved, ends up with a heated response of “well, ACTUALLY, ‘this’ has been solved,” instead of the more neutral “I’m glad you asked, most people think you can’t do that because of this, but it’s been solved….”

The other side of this is “Don’t take it personally.” If someone stomps all over an idea of yours, it’s about the idea. Perhaps they do not understand the idea, or perhaps you were, indeed, wrong. People are wrong sometimes; that’s OK. Don’t take it personally.
Since OSCON, tablets most of my time has been focused on editing a book, which is about to be finished. As I’m getting my commutes back, I have been reading up on what I’ve missed on Planet MySQL (which I affectionately call “The ‘planet.”

Y’all are prolific!

Jeremy’s On Open Source Citizenship got me thinking about the whole movement. I think there’s still a place for proprietary software in the world, as much as folks tout that “open source is ALWAYS better, because more people see it, therefore more people can help change it.”

Whenever anyone suggests a monolithic solution, I cringe. This all ties into the patent issues that are strongly debated these days. I’m still trying to figure out how I feel about everything.

Jeremy’s article talked about how Yahoo! (as an example) couldn’t just open up all the source, because

there’d be places in the code where magic voodoo functions are called but we couldn’t really talk about what they do or how they might work. That’s called our secret sauce or “business logic” if you prefer.

So, does Yahoo! patent these functions? Should they? Why can’t the secret sauce/business logic be open? Why should parts be open and other parts closed?

I know, you’re thinking “Otherwise, how would Yahoo! make money?” Or Google, for that matter, whose search algorithms are a very huge secret. The Google NDA probably specifies that employees cannott even disclose whether or not Google even has search algorithms.

When I think open source, I tend to think everything, including the business logic, is exposed. There are some companies which would lose their business if their secrets got out. However, we know what the secret sauce is made of and yet, McDonald’s business has not suffered.

Restaurants publish cookbooks, yet they do not go out of business. Why is that?

It is because what they sell is not just the food. As Google and Yahoo do not sell their searches. Sure, the food (and searches) are what made them famous. But what keeps people flocking is that, even though they could do the same thing themselves, they need the services and resources provided. I cannot cook a hamburger on a bun with sliced pickles and onions and thousand island dressing in 5 minutes for under $3.

It would cost less per burger to make it at home, but if I just want one burger, I have to buy a package of 8 hamburger buns, ground beef by the pound, an entire jar of thousand island dressing, a whole onion, and a jar of pickles. What I’m really paying for is the person behind the counter to assemble it for me.

I use Google and Yahoo! not merely because they have good products — that is one reason, but a very small one. I use them because they give me services and resources I cannot do myself, either due to lack of expertise or just plain lack of time. Flickr works not because there is a secret to programming an image gallery on the web — it is because they offer free space and a method to upload that many people just plain do not have. Even if a geeky person like myself has photo software on her server, Flickr also provides an easy way to share albums, contact people, etc. that individual

Look at livejournal! They are a perfect example — you can download the code and install it on your own server. But most of the features require the same centralized database, so unless you want control over a *very* closed community (which can exist on livejournal.com anyway, just not having the database under your control), you would probably want to just create an account on livejournal.com, because then your “friends list” can include anyone on livejournal.com.

I use gmail as my main e-mail client; I also have a Yahoo! Mail account. I’m a geek, and I’ve helped run mail for 12,000 users at a university; I have the knowledge and expertise to run my own mail server. So why would I use these services?

Because they do everything. They run on a highly available architecture, do backups for disaster recovery, etc. If I wanted to ensure that I gave myself the quality mail service that Google and Yahoo! can deliver, it would cost lots of money and even more of my time, for just myself.

Why should I duplicate effort in this case? If I had to be completely sustainable — including growing my own food and making my own clothes — I would not even be able to spend any time on a computer, much less be a DBA, whatever. Growing food and making clothes are “open sourced” — it’s not like one couldn’t find the information on how to do this.

So the real question is, how open does a product have to be in order to be called “open source”? Google and Yahoo! are not rich because they have secrets. They are rich because they started with secrets, but I believe they could safely let their secrets out with very little loss of revenue. There’s always the possibility that some billionaire with a mean streak will invest the resources in copying what Google or Yahoo! do if the secrets were let out. But folks are drawn to innovation, not blatant copies.

I am reading “Hackers and Painters” by Paul Graham, where he mentioned that his trade secret with Viaweb was that they were using LISP. But he also notes that his partner did not think that needed to be a secret, because even if competitors knew, they’d have to change their infrastructure and have developers with a different skillset, and that would take way too much time.

There are certainly companies I have worked for, where giving away the source/algorithms/business logic/trade secrets would mean the end of their business, because they ran on modest hardware in a colo, and with their code anyone could run their business for about $1,000. In those cases, I’d say sure, close the source and hide the secrets….but when those companies grow bigger and have more established resources, as Google and Yahoo! have both done, they can open the source, show their secrets, with very little consequence.

Of course, that leads to “how do you determine when a product is ‘big enough’ to warrant giving away the secrets?”
http://www.artfulsoftware.com has a “Common Queries” page, what is ed which I find rather useful. I hadn’t realized its history, as described on the homepage:

Our collection of common MySQL queries outgrew Chapter 9, and is still growing, so we turned it into a PHP page driven from a MySQL table.

One day, I clicked on the page and got the dreaded “blank” PHP page.

This gets into one of the fundamental flaws I find with “semi-dynamic data” (my terminology for it) — it is not completely dynamic data, because it gets updated by humans, and it is deterministic*, so it does not need a completely dynamic page.

Part of the updating process could be a “generate the web page” script, that runs what the actual page is now, but stores the result as an HTML page. In this way, if 1000 users want the same page, there are *no* database queries done. After all, it only needs to change when content is uploaded, which isn’t very often at all.

The “generation” script could easily be a part of a web form that uploads content, or it could be a separate form/script run after a batch of changes is done, so multiple changes do not require generating pages that will just be written over after the next update in a minute or so. As well, it could write to a temporary file, and the very last script action would move the temporary file to the right place. In this way, a generation script that takes a long time to finish would not be partially overwritten by another, simultaneous generation script.

I have used this technique in content management systems — particularly with templates, as I’ve found you can separate different content items (such as menus) and “break apart” a template into pieces, and with about an hour you can support a new template into an existing system, and have a user compare templates to see which they’d rather use, given their own content.

I have also used this technique with a listing of organizations around the world. All the listings (3,000) were stored in a database. From this, I ran a weekly (but it would be easy to run it hourly or daily) script that made “browse by” pages, categorizing all of the resources by first letter of their name as well as by their area, province/state and country. The script, which took a full 10 minutes due to poor optimization, made an overall browsing page, 26 “by letter” pages, one page for each country, and a directory with one page for each state/province and area for each country. It also generated the page and compared it to the existing page, and only overwrote the page when they differed (and then put a “last updated on:” message at the end).

Folks searching could still get truly dynamic pages, but I cut down on needless direct database calls to find out which organizations were in “England”, and more needless database calls to find out which organizations were in the “Greater London” area, when those pages changes rather rarely.

This could also be useful for large sites, such as photo sharing galleries. Sites that allow comments may or may not see a performance gain — for each new comment, generating the page again may not be the best solution. However, if there’s at least one page hit for each database write, then using this method will have better performance.

* an example of a nondeterministic page is one that changes based on the time, such as “show me all activity that has happened today [up until this moment]” because it may change from second to second.
Back at the MySQL Users Conference, pilule I was talking to Monty about a good PHP* interface to MySQL that would go through a database, capsule and make pages to be able to search, order update and add new fields in the database. He mentioned Unireg, and I wrote it down, but only got to checking out what that was recently.

As far as I can tell from here, here, here and here:

  • Unireg started as a curses-based interface to an SQL database.
  • Unireg turned into MySQL — that is, libraries and such from Unireg were used in MySQL, and Unireg was no longer developed
  • Unireg was similar to the MySQL Query Browser or any number of administration tools, but it also generated reports

Of course, I could be misunderstanding the information on these pages, or they could be wrong, so feel free to correct me…..

It’s not quite what I was talking about, but it’s an interesting history lesson. Even more interesting is how functionality that [I gather] used to be in Unireg took a long time to get into MySQL, and in the case of reporting, still is not in there.

I used PHPCodeGenie for the one system I did not hand-code, and even that was painful, with lots of code. I did a bit more research, and found lots of stuff that have huge learning curves, and I have not overcome that obstacle yet.

So what is your favorite program to automatically generate a database ui? Specifically, it should:

  • Generate web pages in PHP*,
  • Automatically connect to the database,
  • Allow for easy specification of join tables based on (a) field(s),
  • Allow for easy selecting of all, none, or some table fields,
  • Not require that fields in the join condition be shown.
  • Allow the “view”, “edit” and “add” pages to show different fields

I do not even need the application to have authentication, as for what I am doing I do not need ACLs and a .htaccess file will suffice.

* or really, any lightweight structure — Perl would be OK, Java might be OK if it did not middleware like JBoss or Resin — basically anything I could stick on a web server to connect to a database.
Most developers are used to programming in procedural or object-oriented languages. SQL, drugs as a declarative language, denture is quite different. In declarative languages like SQL, you program what you want the result to be, not the procedure to get it. For instance, “give me all the people with the first name starting with the letter S from a certain table.” Unlike procedural programming (or even methods in object-oriented languages), you do not say how to get the information. This is, I believe, why many developers want to give the query optimizer “hints” on how to do its job.

That being said, I will list the top 8 Basic SQL Practices I live by, and attempt to enforce. Please feel free to comment adding your own (or post your own, linking back here).

In no particular order:

1) Always use explicit joins. If I mean INNER JOIN, then I use INNER JOIN. No use of just plain “JOIN”. Never, ever, ever use a comma join — I consider that a mistake. If I explicitly state “CROSS JOIN” then I know I have consciously made that decision. Also, keep join conditions in an ON or USING clause; they should not go in the WHERE clause. I also put my join conditions in parentheses; for whatever reason, I find:
ON (foo=bar AND baz=bop) WHERE a=b
is easier to see that the join condition contains 2 conditions than
ON foo=bar AND baz=bop WHERE a=b

2) Always define field names. No using SELECT * or INSERT INTO table VALUES. It’s a pain, and more so of a pain given that mysqldump does not specify INSERT fields. However, if it’s important enough to save in a text file (ie, it’s seed data or a migration script) then it gets explicit field names.

3) Always use the database server’s timestamp. Web servers may have disparate times. Reports may come from different servers than the inserted data.

4) Store IPs as integers with INET_ATON and retrieve them with INET_NTOA.

5) When doing reports, the network traffic is usually the biggest bottleneck. If you’re going to receive information, it’s better to receive in chunks, which will likely be larger than a logical piece. For instance, state reporting — instead of making 50 connections for states in the US, get them all at once. If the dataset is very large and folks do not want to stare at a blank page while the report is loading, use paging with LIMIT to grab, say, 1000 entries at a time and display them on the screen so people can start looking at the data while the rest is being grabbed.

6) Running a query in a loop is usually a bad idea. If you are executing the same query with different data, consider building a query string using UNION and executing it at the end of the loop, so you can execute multiple queries with only one trip across the network to the database.

7) Do not be afraid of JOINs. They are not necessarily resource intensive, given good indexing. Most of the time a denormalized schema without a join ends up being worse than a normalized one using a join. When there is redundant data, ensuring data integrity takes up more cycles than providing a framework for data integrity in the first place.

8) Limit the use of correlated subqueries; often they can be replaced with a JOIN.

(I also try to put SQL commands in capital letters to help me easily spot fields and variables I use).
(also entitled, mind “Who Put the J in lam-a-lam-a-LAMJ?”)

So, I have started to read Mysql Stored Procedures by Guy Harrison with Steven Feuerstein — a fabulous book already! One thing that caught my attention was this (which you can see in the Preface, available through Safari):

MySQL is the dominant open source database management system: it is being used increasingly to build very significant applications based on the LAMP (Linux-Apache-MySQL-PHP/Perl/Python) and LAMJ (Linux-Apache-MySQL-JBoss) open source stacks, and it is, more and more, being deployed wherever a high-performance, reliable, relational database is required.

Now, I figured that the “J” in “LAMJ” stood for “Java”, given that the P stands for a programming language beginning with “P”. It does not stand for “CGI”, a specific type of web programming [popularized? created? by Perl], even though it usually means CGI, because of Apache. Obviously, there are applets and servlets and JavaBeans and all sorts of ways to use Java . . .

JBoss is an architecture, which the other 3 (Linux, Apache and MySQL) all are as well. I guess what bothers me is that the “P” stands for a language, not an architecture, so I feel like the “J” should too. And what if we use Resin, Websphere or Wenlogic? Does it become LAMR or LAMW? Can we still call it LAMJ?

So I went searching, and I did not have to look a long time before finding out that nobody really knows, and folks just use what they want. Because it’s internally inconsistent and a good example, I use Continuent as an example. This is not anything negative toward Continuent (in fact, if their marketing is not so great, perhaps it is because they are putting the bulk of their money to technology… 🙂 )

Continuent using “Java”

Continuent uses “JBoss/J2EE”

Continuent uses “JSP/J2EE”

They use this last one in most places; perhaps being partnered with JBoss is why they use it on their “Products” site?

But then why does the Stored Procedures book use “JBoss”?
August 23rd was the first proposed date for DBA Day since, somnology apparently, treat DBAs were left out of the Sysadmin Day this year — http://www.sysadminday.com/ explicitly mentioned DBAs last year, but not this year.

I do not necessarily take it as a snub; I would rather have people treating me with respect all year round than have cake on one day. To be fair, my company has a big cake monthly for all the birthdays in the month, and my coworkers and I have mutual respect for each other.

However, I will happily partake in a celebration of me, or a celebration of what I do. So even though http://www.dbaday.com/ remains undefined, I suggest that people do something nice for their DBAs. But not something token, make it genuine. It does not even have to be monetary, or tangible. Tell your DBA today a specific instance that you can think of where s/he made a positive difference.

I have folders called “smiley” — in my work e-mail, my personal e-mail and in my filing cabinet. In those folders I put words of praise, or thank-yous, or anything that makes me smile, feel respected and loved, etc. So give your DBA a “smiley” today, on DBA day.

I got a smiley from the sysadmin yesterday, so I’ll share it here:

[boss has] been impressed
and i know he never mentions it to you
but you’ve allowed me to not have to worry about the db side in all this
and thats a major component

(it was from IM and he was sick yesterday, hence the capitalization/spelling not being perfect).
On Wednesday night, cialis 40mg I did some consulting, physician and it ended up taking twice as long as I thought it would. So I am rewarding myself by going to MySQLCamp!

Speaking of which, pill I updated the home page, adding explicitly that registration is free, and a section on travel information. I have no idea how housing is being organized, or if it is, and I am happy to take the lead on doing so.

The basics are that there are some good, cheap* 3-star hotels not too far away. Cheap = under $100, I even found some in the $60 price range! I would love to get a sense of what folks are doing for lodging, and if folks want, I can work on getting a group discount (some hotels will arrange one for a minimum of 10 rooms), arranging a suite for the “evening track”, etc.

Currently stating that you’re interested does not require a commitment to get a hotel room. If we have critical mass, I can see what the options are, and folks can reserve a room for themselves or, if it’s easier/cheaper, I can make the reservations for folks.

Alternatively, if someone speaks up and says, “Silly Sheeri! It’s all taken care of!” please point me in the right direction.

Public transit information would be great on the travel page, particularly from the airport to the venue. Also, knowing what time camp starts on Friday and ends on Monday would be great…..sure, they’re approximate….

* the hotels are good and cheap, therefore they cannot be fast.
With recent posts by Frank Mash and Stewart Smith about password protecting, migraine I am reminded of all the privacy vs. security arguments we have going on in the United States. Basically, infertility I see a somewhat similar situation — how much privacy do folks give up for the sake of security is analogous to how much calculation, how many hoops to jump through, to ensure that data is secured properly.

On the one hand, the analogy falls apart, because encryption calculation times are much less of an “inconvenience” than an invasion of privacy, and thus the argument gets usurped. It’s just a function, or a few calculations, no big deal. We all use SSH instead of telnet, and hopefully SFTP instead of FTP, because plaintext passwords are bad.

As a retort, most folks do not use SSL-enabled MySQL, and some do not even use SSL-enabled http. Why? Because it’s slow! Well, we do not want anything slow! But the security is worth the slowness! What? You mean people will go to another web site if yours is too slow? But the competitor is not as secure!!!!! So the analogy works there.

The analogy also works, when you consider how valuable the data is that you are attempting to lock up. Financial and health institutions need as high a level of encryption as possible for passwords, and any organization that stores a federal ID number should encrypt that. Nobody wants their privacy violated by having their health information exposed, their identity stolen, their bank accounts drained and their credit cards maxxed out.

Many people worry about things that are basically public information. For instance, in the US, the bank account number and the routing number are both printed on every check. Electronic Fund Transfers (EFTs) require three numbers — the checking account number, the bank routing number, and the amount. Or at least, that is all I type in. Perhaps my account stores address information and it is checked against that, but I am not asked for my billing address, as I am with a credit card transaction.

Some people guard their bank account number with extreme privacy, but it is in plain sight on the bottom of every paper check written!

Similarly, does it matter if someone cracks my password in some applications? How much damage could someone do if they got my password to a newspaper site. What are they going to do, write a letter to the editor or a comment? You’re not liable if someone cracks your server and then uses it to port-scan government agencies. It’s just a pain when you have to wipe your OS and start over. But no valuable information is lost, just time and patience.

At work, sure, they could get their hands on trade secrets if they cracked my desktop, laptop, VPN, or email password.

What about a dating site? What about a community forum? Should my password on forums.mysql.com be stored as tightly as my password on mysqlcamp.org? What does it matter if either password is cracked? Sure, if they try that same password on paypal, and I am dumb enough to use the same password for important data that I do for non-important data, my password will be stolen.

This is, to me, one of the greatest things about wikis. Sure, people have vandalized wikis, but it’s much more satisfying for folks to vandalize a site that’s not “open”. Someone is going to steal a new $3,000 bicycle that’s not locked up, but nobody is going to touch the old beater with a rusty frame, missing front wheel, flat back tire.

And of course, your application probably falls somewhere in between “everyone wants it” and “nobody wants it”. One of the things I say over and over in the presentations I give is “think about it.” Think about the security you need. Do a risk analysis. If you want your data secure, write it on a piece of paper and have recipients swallow it after they’ve read it. For any other security method, think about the gaps, and think about what really matters.

As a user, think about the ramifications of your passwords, as well. Many sites without “important” information will e-mail your password if you forget it. There it is, in plaintext for the world to intercept. I keep a few passwords at any given time (and change them every so often) — “really secure” ones, for financial institutions and such, “somewhat secure” ones, for things like blogging sites, and then “throwaway” ones, for sites where the info is not important, and I would suffer very little if my password is “cracked”.

———————