Archive for September, 2009

« Older Entries

Datawarehousing news and nice approach for partitioned data

Wednesday, September 30th, 2009
  • [Kickfire Offers Data Warehouse Appliance for the Masses]
    • Kickfire supports a MySQL based data-warehouse appliance targeting 500Gb -5Tb range, starting at $32K.
    • Will have to start monitoring this one. They appear to use similar concept to Netezza by utilizing SQL in hardware for speed, not exactly the same – but interesting to see the appliance trend.
  • [Building the Data Warehouse for bandwidth tracking]
    • This is a worthy read if you need to load and handle lots of naturally partitioned data
    • For those not willing to read, I’ll pose a question – how would you handle 683,460 tables :-)

Posted in Data Warehousing | No Comments »

How security is very much like MMA

Sunday, September 20th, 2009

It occurred to me after following the most recent UFC MMA (via the web blogs rather than PPV as I’m still too cheap!) that security and MMA have a lot in common. More precisely the fighters in a stable as very similar to security algorithms or process.

Once a fighters weakness has been exposed there is really nothing you can do to unhide that weakness. You could have the best fighter in the world one day, then the weakness is exposed… You are in trouble!

Security is very much the same. You can perform all the scans, probes, fuzzes, code reviews and feel confident (well as confident anyone does in the security world!) that you are pretty well covered. One revelation a day later can completely invalidate your expectations, and you have to completely start over. Sometimes it is a slow build up, other times it is the equivalent of a bomb.

Bottom line is once a weakness has been exposed you need to:

  • See if it can be simply covered
    • Fighter can learn to defend against take downs (or not get hit in the head :-) )
    • Algorithm can be enhanced to extend its life DES==>3DES
  • Relegate
    • Fighter acts as the ‘gatekeeper’ to the higher competition levels
    • Algorithms security clearance has been lowered, it cant be used in the more secure areas. Examples of this are theoretical discoveries that are likely to result in the actual weakness discover some time later.
  • Retire
    • Fighter retires, becomes a commentator!
    • Algorithm depreciated as it is shown to be fundamentally insecure, now studied in university to show the weakness that designers need to be aware of. Think WEP!

If the weakness is known it is natural the opponent will attempt to get a competitive advantage using it. The longer the weakness is known the more adept the opposition will be at exploiting it.  This is true for both MMA & security!

Companies running a SDL are the equivalent to the fighters stable. It is their job to recognize the weaknesses and manage the processes and algorithms so any weaknesses are covered or retired before they become a major problem.

Gareth

Posted in CodeProject, Security | No Comments »

Interesting stuff 2009-09-20

Sunday, September 20th, 2009

8 topics that I’ve been tracking, and now have the time to do the ‘cliff notes’ for:

  • [MSSQL - The Query Optimizer and Parameter Sniffing]
    • If you dont know about query sniffing, or came across it a couple of years ago and have forgotten. Give this a (re)read.
    • The key here is the “Optimize” for a typical parameter, I dont recall this existing in 2000. So if you are stuck with 2000 (you know who you are!), this obviously wont work!
  • [Need to protect your C# code? Have a look at nCloak]
    • Article covering how nCloak does naming.
    • This isnt production ready, but if you have spare time it would be interesting to see how far this project can go.
    • This shows the benefit that Mono is bringing to the C# world!
  • [Just got onto TFS? Ready to try GIT/Mercurial? Read more about branch strategies in DVCS]
    • Seems like only yesterday everyone was moving from VSS to TFS. Now GIT and Mercurial are on the scenes.
    • This article covers various strategies for CI or even “Promiscuous Integration”
    • Interestingly the DVCS (Distributed Version Control Systems) appear better suited to OSS projects than internal corporate ones.
  • [Microsoft SDL Developer Starter Kit]
    • The Microsoft SDL Developer Starter Kit provides a compliation of baseline developer security training materials on core Microsoft Security Development Lifecycle (SDL) topics.
  • [OSSEC - open source Host-based Intrusion Detection System (HIDS)]
    • Its free! 2.2 came out September 8, 2009
    • It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.
  • [Microsoft releases mini-Fuzzer & Binary analyzer]
    • Finally :-) , MS have released some simple fuzzers to help developers understand what they are facing from the black hats!
  • [IT executive going to China? If you follow the guidance it will be expensive!]
    • Paraphrasing this short article wont do it justice.  Among the measures it recommends to IT executives regarding the protection of their computer equipment when traveling to that country are (wow is about all I can say!):
      • Leave your standard IT equipment at home – buy separate gear to use in China
      • Weigh the machine before you go and when you get back
      • “Clean” thoroughly the equipment (re-image the laptop you used)
      • Throw away the mobile phone you used during your stay.
  • [A Shortage of Technical Managers]
    • This just made me smile!

Posted in General | No Comments »

SQLite for C# – Part 8 – Loading CSV/Pipe into SQLite via command line

Saturday, September 19th, 2009

Ever wondered how hard it would be to load a CSV file into a SQLite database. I know how I would do it in code, no rocket science needed there! However in this case I wanted to really know the speed of doing this natively and really didn’t want to code anything!

So looking at what SQLite3.exe has too offer it pretty much supports it out of the box. Very nice :-)

Requirements:

  • Loading speed
  • Making the data to consuming applications available asap

While I love C# and frankly its hard to go back to C or C++, sometimes performance trumps the creature comforts we have become accustomed to.

Note: I did this without circling back to a C# implementation as I know the data and performance requirements  are tight and in this case I wanted max performance with no code! The biggest factor to a successful implementation is to ensure you use the tools best for the job, not just the ones you favor in that specific year.

So first things first – create a table to take the input

DROP TABLE IF EXISTS BookSales;
CREATE TABLE IF NOT EXISTS BookSales
(
   Store    int
  ,Date     varchar
  ,OrderReference varchar
  ,Line     int
  ,BookISBN varchar(14)
  ,Quantity int
  ,Price    int
, Primary Key (OrderReference,Line)
);

Next is the magic. We need to load the CSV into the table:

.separator "|"
.import BookSales.txt BookSales

Wow that was easy :-) . You can see we set the separator to be a pipe rather than comma in this case, then the import.

.IMPORT [FileName] [Table]

Now the database is ready to be queried! But if we want to take it just one stage further:

.output SummaryBookSales.csv
SELECT Store, Date, BookISBN, SUM(Quantity), SUM(Price)
FROM BookSales
GROUP BY Store, Date, BookISBN;

Now we output the results of our simple aggregation into a pipe separated output file.

Tying this all together in a single configuration file, which we will call “BookAnalysisLoader.sql”, gives us:

DROP TABLE IF EXISTS BookSales;
CREATE TABLE IF NOT EXISTS BookSales
(
   Store    int
  ,Date     varchar
  ,OrderReference varchar
  ,Line     int
  ,BookISBN varchar(14)
  ,Quantity int
  ,Price    int
, Primary Key (OrderReference,Line)
);

.separator "|"
.import BookSales.txt BookSales

.output SummaryBookSales.csv
SELECT Store, Date, BookISBN, SUM(Quantity), SUM(Price)
FROM BookSales
GROUP BY Store, Date, BookISBN;
.exit

The last piece of the puzzle is the final execution:

sqlite3.exe BookSalesAnalysis.db3 < BookAnalysisLoader.sql

Now we have a newly created database with our analysis data in it, and we have a summary CSV file generated from the output. So we can load the CSV into Excel or another DB, or directly interrogate the DB for more analytical information – and all without coding!

Related Links:

Posted in CodeProject, SQLite | 10 Comments »

« Older Entries