A recent study of hacker forums shows SQL injection is gaining favor as an attack vector. The company Imperva conducted a study of hacker forum discussions and concluded "SQL injection is now tied with DDoS as the most discussed topic."
Last year, the company said, DDoS was the most discussed attack vector, at 22 percent of discussion volume, while SQL injection followed at 19 percent. This year, both came in at 19 percent, indicating a relative rise in the popularity of SQL injection. More
Posted by David Ramel on 11/16/2012 at 1:15 PM0 comments
It's no accident that staid, proprietary software giant Microsoft has opened itself up and embraced open source (and even competing) technologies, a trend perfectly exemplified by the adoption of "big data" and its flagship Apache Hadoop platform.
It comes down to people like Dave Campbell, with the interesting title of "technical fellow" at Microsoft. It results in products like HDInsight, described last week by Campbell as Hadoop on the cloud (Windows Azure), laptop and server. More
Posted by David Ramel on 11/07/2012 at 1:15 PM1 comments
Less than three months after Entity Framework 5 was released, Microsoft this week announced the availability of EF6 Alpha 1, targeting a release to manufacturing date around mid-2013 for the database object relational mapping tool.
New features in the upcoming update include task-based asynchronous programming patterns, custom conventions for Code First development, multi-tenant migrations and many more.
The EF code base is now open source, hosted on CodePlex, program manager Rowan Miller reminded attendees at Microsoft's Build 2012 conference at company headquarters in Redmond, Wash., on Tuesday.
"We're accepting contributions to the code base as well," Miller said in a presentation, which is available on video. "If you want to work out some of how EF works, go grab the code. If you want to help us fix some bugs, we'd love you to."
However, Miller noted, when it comes time for release, the Microsoft licensing, branding and support will remain the same--along with code quality, he emphasized. "If you do want to submit bug fixes for us, you're going to have to write unit tests in the same quality code that people on our team write today."
And it might not be that easy to get contributions accepted, Miller suggested. "So far we've been open source for a few months now. We've taken four contributions, most of them still quite small at this stage, but we've got a few bigger ones brewing in the community, too."
At the EF CodePlex site, you can explore in detail the planned improvements for EF6, such as "Task-based Asynchronous Pattern support in EF."
Other improvements for EF6 listed on the CodePlex site include:
- Tooling Consolidation
- Multi-tenant Migrations
- EF Dependency Resolution
- Code-based Configuration
- Migrations History Table Customization
- Custom Code First Conventions
Rowan noted in his demonstration that developers had vociferously requested enum support, which was added in EF5, but only as integer types. He said Microsoft was working to add support for more types. He also noted that the DbGeography class, which he used in his demonstration, was targeted for improvement. Right now, he said, "it isn't such a great type," requiring some "strange" mapping to class structures.
Yet another improvement might well be "Stored Procedures & Functions in Code First," which was listed in the product roadmap for possible inclusion in EF 6, as noted by a reader in the comments section of the blog post announcing EF6. Microsoft's Arthur Vickers replied: "It's still planned to be done in EF6. Some of the metadata prerequisites are already being worked on and when they are done we should have someone start on it."
What do you think of the planned improvements to EF6? Please share your thoughts by commenting here or dropping me a line.
Posted by David Ramel on 11/01/2012 at 1:15 PM3 comments
Microsoft recently updated its All-In-One Script Framework, which features SQL Server (and other) scripts designed to address common problems reported by users in forums, support incidents and online communities.
Though primarily targeted at IT pros, the scripts are helpful for developers, too, as pointed out recently by Jialiang Ge, who works at a sister project called the All-In-One Code Framework. "Considering that many developers are writing T-SQL scripts too, we hope that the scripts could be useful to you," he wrote in a MSDN blog post. More
Posted by David Ramel on 10/24/2012 at 1:15 PM0 comments
Microsoft yesterday announced enhancements to its cloud-based backend for mobile apps, including new data storage options.
Windows Azure Mobile Services (WAMS), a preview announced in late August, provides data storage and other services to developers without the time, talent or inclination to wire up the server-side code themselves. More
Posted by David Ramel on 10/17/2012 at 9:03 AM1 comments
Further evidence that NoSQL database technology has triumphed over its relational counterpart in Web development was illustrated earlier this week in the unveiling of a new site aiming to provide a one-stop resource for Web developers using open technologies.
The World Wide Web Consortium's (W3C) Web Platform Docs features IndexedDB as the database technology of choice for client-side storage of substantial amounts of structured data. More
Posted by David Ramel on 10/10/2012 at 1:15 PM2 comments
But that's just me. More important, what about you, the professional developer making a living in the Microsoft ecosystem?
Well, the company is trying to smooth the transition. Take, for example, the new Windows Azure Mobile Services (WAMS) preview, which I've been playing around with. To recap, this is a Microsoft effort to simplify back-end development for your mobile cloud apps, targeting developers who want to focus on the client side of things and not worry about the nitty-gritty details of interacting with a database and such. More
Posted by David Ramel on 10/03/2012 at 9:03 AM0 comments
Microsoft recently updated SQL Server Data Tools (SSDT) with support for Visual Studio 2012, improved LocalDB functionality and new SSDT Power Tools.
SSDT, if you're unfamiliar with it, is a hodgepodge of functionalities targeted at easier database project development from within Visual Studio. For example, one main feature is that data devs no longer have to switch back and forth between SQL Server Management Studio and Visual Studio, working entirely in the latter.
The September 2012 update comes in versions for Visual Studio 2012 and Visual Studio 2010. The big news, of course, is that SSDT now plays nicely with Visual Studio 2012. I wrote earlier about the problems users (including me) were having getting the two to work together. "This release of SSDT supports the Visual Studio 2012 shell," wrote Janet Yeilding in the team blog post announcing the update. "SSDT September 2012 contains several bug fixes to the SSDT version that shipped in Visual Studio 2012 and this release can be applied as an update on top of Visual Studio 2012 Professional, Premium, and Ultimate Editions. More
Posted by David Ramel on 09/26/2012 at 9:03 AM5 comments
Microsoft today released a new Community Technology Preview for SQL Server 2012, Service Pack 1. The CTP4 includes improved AlwaysOn Availability Group migration, better query capabilities over XML data and a better SQL Server Management Studio (SSMS) for Express users.
The AlwaysOn Availability Group cross-cluster migration lets users move to a higher-level version of Windows Server cluster, which keeps intact service-level agreements when upgrading to the higher-level version, such as Windows Server 2012 cluster.
The new Selective XML index can boost query performance over XML data, resulting in faster indexing of big XML data workloads, along with improving scalability by lowering storage costs of an index, the company said.
Finally, users of Express editions now get a full-featured edition of SSMS, matching the functionalities in the SSMS included with full editions of SQL Server. The Express editions include SQL Server Management Studio Express, SQL Server Express With Tools, SQL Server With Advanced Services and SQL Server Express COMP.
The last update, CTP3 was released in July, including support for self-service business intelligence functionality in Office and SharePoint 2013 Preview.
Posted by David Ramel on 09/20/2012 at 1:15 PM0 comments
Microsoft has long been trying to get developers to store their data in the Windows Azure cloud, and the effort seems to be paying off. More cloud developers use Windows Azure than any other platform, according to a new Evans Data survey.
The survey costs money to actually view, of course, so all we can report to you are the highlights from a news release (and even it requires registration). It states that 36 percent of developers actively targeting a cloud used Windows Azure. The next most popular platform was Google Storage, with 29 percent, and Amazon Web Services closely followed at 29 percent.
"Microsoft was very aggressive with its introduction of Azure to the development community a few years ago and that has paid off," said Evans Data CEO Janel Garvin. "Additionally, the large established MSDN community and the fact that Visual Studio is still the most used development environment are huge assets to Microsoft in getting developers to adopt the Azure platform," she said. "However, cloud platform use is still very much fragmented with lots of players laying claim to small slivers of share. It will take more time before a clear landscape of major cloud vendors shakes out."
For those willing to pony up the money, the survey's table of contents indicates a section of the survey is devoted to "big data and database technology," including types of databases being used, best tool suite for big data and more.
One strange thing I found in the news release was that 27 percent of cloud coders who develop in a cloud service end up deploying their apps to another service. Slightly more than 50 percent deployed their apps to that same service in which they developed. I would've expected that percentage to be higher.
Evans Data said the Cloud Development Survey is conducted twice per year, and more than 400 developers responded.
Why do you think Windows Azure is the most popular platform? Why on earth would 27 percent of developers use one service for their actual development and then deploy their apps to a different service? Share your thoughts by commenting here or dropping me a line.
Posted by David Ramel on 09/13/2012 at 1:15 PM1 comments
Stop me if you've heard this one: Microsoft introduces a new technology and developers complain about lack of local database access.
Yes, it happened last year with Windows Phone. And Microsoft responded with SQL Server Compact Edition in its "Mango" update.
Now it's happening with Windows 8. "We should at least have the ability to connect to an embedded database like the one they added to the WP7 Mango update," said one developer on the customer feedback site for Visual Studio. This comment was under a heading of "Make System.Data available to Metro style apps," with 163 votes as of this writing. But there are plenty more likewise sentiments around the Web:
- "I personally would have liked to have seen a desktop Metro app that could connect to a SQL Express Database for instance but it's not currently in the cards without jumping through hoops," said a reader on stackoverflow.com.
- "I'm stunned to find out that there is no way [to communicate with *any* SQL Server instance]--how are people meant to build LoB apps if they can't communicate with their databases?" asked a reader on a Microsoft forum site.
- "WinRT is moving in the *wrong* direction by *removing* the System.Data namespace," said a reader on itwriting.com.
Well, you get the idea.
Basically, in your Windows Store (formerly called Metro) apps, you get your database access via the cloud/network/service. But some developers complained about that model, citing intermittent connectivity problems and the like.
Those options certainly aren't on par with SQL Server, of course. As Microsoft's Rob Caplan explained on a forum posting, "There aren't any SQL-like databases provided in-box, but you can use a 3rd party database such as SQLite."
Indeed, SQLite seems to be the most popular option. Tim Heuer has written extensively on how to use it for Windows Store apps. Some developers worried about passing Windows Store muster with apps built with SQLite, but Heuer reported in June that, "Yes, SQLite will pass store certification as long as compiled correctly. The current binaries on the SQLite site aren't the ones built for WinRT, but you can build it yourself and use it." And that same month, the SQLite site reported "SQLite version 3.7.13 adds support for WinRT and metro style applications for Microsoft Windows 8."
So that's probably your best workaround for right now. But stay tuned. As one stackoverflow.com reader said: "an embedded Microsoft SQL CE is not supported. There has been no announcement yet as to its support--but like Windows Phone, we can only assume this support is in the pipeline."
What do you think? Is this a big problem? Do you know of other workarounds? Should data developers just be patient and wait for a "Mango"-like update to Windows 8? Comment here or drop me a line.
Posted by David Ramel on 09/05/2012 at 1:15 PM10 comments
The recent announcement of Windows Azure Mobile Services included some interesting stuff for you data developers.
As explained by Scott Guthrie, when Windows Azure subscribers create a new mobile service, it automatically is associated with a Windows Azure SQL Database. That provides ready-made support for secure database access. It uses the OData protocol, JSON and RESTful endpoints. The Windows Azure management portal can be used for common tasks such as handling tables, access control and more.
Guthrie provided a C# code snippet to illustrate how developers can write LINQ queries--using strongly typed POCO objects--that get translated into REST queries over HTTP.
The key point about all this is that it enables data access to the cloud from mobile or Windows Store (or desktop) apps without having to create your own server-side code, a somewhat difficult task for many developers. Instead, developers can concentrate on the client and user UI experience. That greatly appeals to me.
In response to a reader query about what exactly is "mobile" about Mobile Services, Guthrie explained:
The reason we are introducing Windows Azure Mobile Services is because a lot of developers don't have the time/skillset/inclination to have to build a custom mobile backend themselves. Instead they'd like to be able to leverage an existing solution to get started and then customize/extend further only as needed when their business grows.
Looks to me like another step forward in the continuing process to ease app development so just about anybody can do it. I'm all for it!
When asked by another reader why this new service only targets SQL Azure (the old name), instead of also supporting BLOBs or table storage, Guthrie replied that it was in response to developers who wanted "richer querying capabilities and indexing over large amounts of data--which SQL is very good at." However, he noted that support for unstructured storage will be added later for those developers who don't require such rich query capabilities.
This initial Preview Release only supports Windows 8 apps to begin with, but support is expected to be added for iOS, Android and Windows Phone apps, according to this announcement. Guthrie explains more about the new product in a Channel9 video, and more information, including tutorials and other resources, can be found at the Windows Azure Mobile Services Dev Center.
What do you think of this new Microsoft offering for mobile data developers? Comment here or drop me a line.
Posted by David Ramel on 08/29/2012 at 1:15 PM1 comments