SQL: Make sure to use ORIGINAL_LOGIN when auditing

I regularly see code where SQL Server DBAs and developers are trying to log which user/login took a particular action within the database. There are many functions which appear to return the information needed, but there's only one that should normally be used: ORIGINAL_LOGIN().

A login is the way that a connection is authenticated to the server ie: it's the "who are you?" at the server level.

Most times, a user is a mapping of that login to a particular database.  The login and user will often have the same name (and I'd recommend that you do that to avoid confusion) but they do not have to be. A login Terry could be a user Mary in one database and a user Nga in another database.

A user can also represent the role that a login plays in the database. This is commonly see with administrators who will appear as dbo (ie: database owner) within each database, rather than their actual names.

So, using a user name within a database for auditing is normally not appropriate. 

A further complication is that a security context can be changed by impersonation. For example, a user might execute a procedure that has a WITH EXECUTE AS clause. Functions like USER_NAME() will return the impersonated context, not the actual context.

What you normally really want is the actual person who has logged in. ORIGINAL_LOGIN() goes to the bottom of the security stack, and returns that value. It's typically what I use for any type of auditing.

You can see its action in the main image above. Note what happens in the second (impersonated) context.

 

 

 

Learning Mandarin: Should I use Pin Yin while learning?

When anyone starts learning to read or write Chinese, there are two basic barriers:

  • Understanding the writing and how it's pronounced
  • Understanding the meaning of what's written

Now when people start to learn Chinese, it's tough to tackle both at once, so the usual starting point is to use what's called 拼音 (or Pīnyīn). Pīnyīn is a schema for Romanizing the characters, basically so they are familiar to people who use alphabets based on that, like English.

So instead of writing 我喜欢学中文, I could write Wǒ xǐhuān xué zhōngwén (meaning I like to study Chinese language). Clearly, for someone coming from a language like English, the latter is much easier to work with at first.

However, even though the letters look familiar to us, it's important to note that the pronunciation of them is a bit harder to get used to. For example, the is pronounced more like war than woe, and is pronounced more like she. Also, many of the sounds that are used aren't exactly familiar in English. For example cái (or 才) is pronounced closer to tsai than to kai.

Once you get over that though, it's certainly easier to get started with.

A big challenge though, are tones. I'll write more about them another day, but notice the symbol (umlaut) over the letter o in the word (which means I). This indicates that the word is pronounced with the third tone called 三声 (or Sān shēng). It's critical to learn to get tones correct pretty early on.

In terms of Pīnyīn though, my advice is to try to start reading the Chinese characters as quickly as you can. I remember clearly the day I decided to turn off the Pīnyīn on my learning tools, and just immerse myself with the Chinese characters. My learning accelerated at that point.

The exception to this however, is writing on a phone or computer. Pīnyīn is by far the easiest way to type Chinese into one of these devices. I'll also write about the different input editors for computers another day.

Book Review: Introduction To Personal Branding – Mel Carson

Over the last few months, I've also been reading a number of branding-related books. One that caught my eye was Introduction To Personal Branding: Ten Steps Toward A New Professional You by Mel Carson.

Part of the reason I looked into it was that Mel was an evangelist at Microsoft and as most would know, I spend a lot of time dealing with Microsoft in various ways.

It was also interesting as it's a low cost book that Mel has published using CreateSpace and I'd often wondered about using that so I thought I'd check the outcome of that as well. Finally, it's a short book. Listening to it on Audible would probably only take an hour or two.

Mel defines personal branding as the practice of defining a professional purpose, and then being able to explain that to a target audience through digital media and social channels. He also talks about how having the profile in place is important if you want to get the most out of in-person events like conferences.

I did like the way he focused on defining how you see your role, and then honing right in on making sure that all your touch-points really support that. He's keen to see everything else gone. That one's a touchy subject as I often see people complaining that a well-known figure in one area, is posting comments about another area (eg: politics). The defence to that is normally "that I'm a real person and a whole person".

While much of the content that he covers would be familiar to anyone who's been building a brand already, there are always good solid and timely reminders, many of which I've taken to heart myself.

If you are just starting out with building your personal brand, you could do worse than spending an hour or two hearing what Mel has to offer.

Greg's rating: 7 out of 10

Note: as an Amazon Associate I earn from qualifying purchases but whether or not I recommend a book is unrelated to this. One day it might just help cover some of my site costs. (But given the rate, that's not really likely anyway 🙂

 

 

Shortcut: Viewing client statistics in SQL Server Management Studio

While SQL Server is quite fast at executing queries, when you are connecting from a client application like SQL Server Management Studio (SSMS), you might wonder how much time SQL Server spent executing the query, as opposed to how long the communication with the server took.

This type of information is available in the Client Statistics.

Let's see an example. If I connect to a server in an Azure data center, I'll have higher latency than for one in my own site. That will affect the wait time for a server response.

This server is in the Melbourne (Australia South East) data center.

Let's execute a simple query against it, but before doing so, on the Query menu, choose Include Client Statistics.

I'll just query the SQL Server version:

Notice that an extra tab of data is returned.

From the bottom section of this tab, we can see where the time was spent. In this case, out of a total of 34 milliseconds for the query, 33 milliseconds was spent waiting for the server.

SDU Tools: Extract Trimmed Words from T-SQL Strings

Occasionally I've needed to take a string, and extract all the words out of it. For example a string like 'hello        there     greg' might lead me to want the three words 'hello', 'there', and 'greg'. Note that I usually want them trimmed, not just extracted.

In our free SDU Tools for developers and DBAs, we added a table-valued function ExtractTrimmedWords to help with this. You can pass it a string, and it will pull it apart for you, assuming that you have whitespace separating the words.

We use space, tab, carriage return, and line feed as whitespace characters for separating words.

The main image above shows it in use. As well as returning the words, we decided to return a WordNumber column as well, in case the ordering of the words matter to you.

I wish Microsoft had done that with their STRING_SPLIT function. (And we added that in our SplitDelimitedString function).

You can see ExtractTrimmedWords in action here:

To become an SDU Insider and to get our free tools and eBooks, please just visit here:

http://sdutools.sqldownunder.com

Opinion: Avoid annual subscription surprises for your customers

Yet again, a few days back, I received two invoices that showed I'd just paid (via PayPal fortunately) a pair of annual subscriptions. These are subscriptions that I thought were already cancelled, and we'd stopped using the products many months back.

The problem is that I've now spent quite a bit of my time, and quite a bit of the vendor's time trying to work out how to cancel and reverse them. For days now we've had emails going backwards and forwards between ourselves and the 3rd party that they use for provisioning/charging.

That's a serious waste of time for all three organizations, and it means that I now feel worse towards a product (and the company) that I've already stopped using. That makes it even less likely (not more) that I won't use it or them again.

Annual subscriptions and pre-approved payments are becoming somewhat of a cancer in our industry. I get the point of them when I'm signing up for something ongoing. But I do not get the point of pre-approved future payments when I'm buying something one-off.

Why do so many companies do this? And why do so many set auto-renewals without asking you? On many sites, it's almost (if not) impossible to buy something one off without having to go back into the account after the sale and nuke all the pre-approval and auto-renewal stuff.

Here's a hint: All of these actions come across to the customer as dodgy.

Surely you want your customers to want to deal with you and want to pay you, not to be feeling tricked into ongoing things, many of which are quite hard to reverse. Are the companies simply hoping for customer apathy?

At least if I pay for these things with something like PayPal, I could set myself a monthly reminder to go into my account and nuke anything that I don't want to be pre-authorizing. But I shouldn't need to do this.

Probably the biggest thing that suppliers with annual subscriptions could do is to send you a reminder that you are about to be billed, a few days before you are actually billed.

It's hard to believe that we've become so "pro-consent" about email addresses and haven't done that for payments. And the IT industry is one of the worst offenders.

It's time for this all to become much, much cleaner and simpler for the customer.

 

SQL: The T-SQL SIGN function and what's in a return type?

When you've worked with a product like SQL Server for a long time, and more importantly, are one of the odd people who've read a great amount of the documentation simply for interest, it feels really strange to come across a basic function that you'd never noticed before. That's how I felt when someone mentioned the T-SQL SIGN function.

I thought, "the what function??".

Now it works pretty much as you'd expect. It returns:

  • +1 for positive numbers
  • 0 for zero values
  • -1 for negative numbers
  • NULL for NULL values

No surprises there and you can see that in the main picture above.

What I wasn't expecting (and have to say if I was creating it that I would not have done), was the output data types. Here are the values returned:

I don't get why the return type has been designed to match the input type. It seems to me that a value indicating positive, zero, or negative should really have a fixed data type ie: int.

Regardless, I was also intrigued by the "Other types" going to float. It's not all types, as the value appears to need to be directly castable to float:

I tried other numeric data types to see what happens. I pushed a set of them into a temporary table:

And then checked the column data types that were returned:

It really does try to mostly match the input data type. I was mostly interested to see if decimal values would match the precision and scale, and they do.

There must have been some logic for the varying output data types, and that means there must have been some envisaged functionality beyond just indicating the sign. I'd love to hear from any of you if you have any ideas on how the varying output data types for this could be used in a practical way.

The online documentation also says "from SQL Server 2008" but that's just the oldest supported version anyway. Anyone know what version this was first introduced in?

 

 

Learning Chinese: Who uses Simplified Chinese Characters?

In an earlier post, I discussed the difference between traditional Chinese characters and the simplified versions. What I didn't address in that post, is who uses which, and (importantly) which is best to learn.

The answer to this question is changing over time.

Adherents to traditional characters point out how much richer many of the characters are. Ironically though, there are characters that started more simplified, but which became more complex over time, and the current simplified character is closer to the historical one.

While the note on richness is very true, it's important to keep in mind why the simplified ones were created in the first place.

Many in Western countries will still see a lot of traditional Chinese characters displayed on signs, etc. This is for a number of reasons. One is that the calligraphy involved is a significant art form. But the other is that in the past, most of the Chinese diaspora (overseas Chinese) were from Hong Kong and Taiwan ie: regions where people readily traveled overseas in the past. Both these regions, along with Macau, still mostly use traditional characters.

Researchers in Taiwan point out the irony in simplification being introduced to assist literacy, yet the Taiwan region has a much higher than average literacy despite using traditional characters. Others question the measurement of literacy on the mainland, and many other studies however, have shown how much easier simplified characters are to learn, contrary to cultural biases.

It's interesting that other overseas Chinese communities like those in Singapore, Malaysia, etc. have already switched to using simplified characters. Painful as it might be for some (and it is painful and seen as an assault on cultural identity by many), I see it only as a matter of time before the vast majority use simplified characters. You can find more on the debate here.

My take on this (and I'm sure many will disagree) is that you have to look at what the Chinese government is pushing. One thing they are very big on is standardization.

With such a gigantic population, there is no other option.

And they've said that simplified characters are where they are now, and also where they are heading.

Now that's somewhat painful and confronting for those who grew up using traditional characters, but I see it as simple (no pun intended) reality.

One real challenge for this though, is that while the community might change over time, historical Chinese writing isn't going to. To read older documents, you will need to be able to read traditional characters. History is important, and even more so to the Chinese. It's common to hear:

中国已经有五千多年的历史。 (Zhōngguó yǐjīng yǒu wǔqiān duō nián de lìshǐ.)

This means "China already has more than 5000 years of history". While this is a claim that's often disputed, it is one of the items of pride you will hear Chinese people commenting on. They'll ask "how many years of history does your country have?" and proudly commenting on the comparison.

While the ability to read historical documents is important, most English-speaking people today would struggle to read English that was written more than a few hundred years ago anyway.

Today, I'd suggest learning simplified characters, and over time, picking up traditional characters that you need, as you come across them. Even in the regions that currently use mostly traditional characters, I'm sure that when people need to work or deal with the government, business, etc. that it will be increasingly done using simplified characters. My guess is that within a few generations, the move will be pretty much complete.

 

Book Review: Don't Sweat the Small Stuff – Richard Carlson

I've been going through a number of fairly famous books or ones that have spawned their own industry. One of those was Don't Sweat the Small Stuff and it's all small stuff: Simple Ways to Keep the Little Things From Taking Over Your Life by Richard Carlson.

This one intrigued me as there are now so many follow up versions. There's a "for teens", "for men", "at work", etc. etc. etc. along with ancillary items like workbooks. So I presumed there must have been something to it.

Carlson has some great messages in the book. Clearly it's possible to have your life overcrowded with things that, in the end, don't really matter, and I do like the way he cut through to the essence of things. Althought, I think Greg McKeown's book Essentialism that I reviewed earlier did that better.

His thoughts on listening were nicely put: " Effective listening is more than simply avoiding the bad habit of interrupting others while they are speaking or finishing their sentences. It’s being content to listen to the entire thought of someone rather than waiting impatiently for your chance to respond". That's one that it's really easy to mess up on.

This is another key insight: "We tend to believe that if we were somewhere else, on vacation, with another partner, in a different career, a different home, a different circumstance – somehow we would be happier and more content. We wouldn’t!"

I particularly liked the way he talked about imagining your own funeral. I've heard that from other writers before but he put it all quite well by adding the urgency of a timeframe: "Imagining yourself at your own funeral allows you to look back at your life while you still have the chance to make some important changes".

I can't imagine that I'd want to get the workbook or any of the other books in the series, but I can see why people do seem to like this one.

Greg's rating: 8 out of 10

Note: as an Amazon Associate I earn from qualifying purchases but whether or not I recommend a book is unrelated to this. One day it might just help cover some of my site costs. (But given the rate, that's not really likely anyway 🙂

 

New online on-demand SQL Server courses from SQL Down Under

Hi Folks,

We have a whole series of online and on-demand courses coming. The first two of these are available right now.

The good news? The first one is free and the second one has a big introductory discount.

The first course 4 Steps to Faster SQL Server Applications is a short course for developers, new DBAs, and testers, etc. who don't know anything much about tuning SQL Server applications. It focuses on finding and fixing the most problematic queries, either in terms of index tuning, or removing repetitive queries, all using free tools.

Please pass details of this course onto any developers, new DBAs, or testers that you know who might benefit from it.

The second course is an in-depth look at core SQL Server indexing concepts called Designing Effective Indexes for SQL Server. It's $295 USD (plus VAT if applicable) but coupon code INDEXINTRO will knock 30% off that until September 30th.

And more courses coming online very soon. You'll find them all at:

https://training.sqldownunder.com