Opinion: When comparing cloud costs, are you considering opportunity costs?

As I work at different client sites, I see a lot of discussion about the cost of cloud-based services, in comparison with on-premises or self-hosted equivalents. One aspect that always seems to be forgotten is opportunity cost.

So many times, I see people comparing raw incremental costs of virtual machines in the different environments. Invariably they aren't making an apples vs apples comparison. They aren't considering staff costs, training costs, power, real estate, support costs, etc.

But a really big one for me is the difference in opportunity costs. Let me give you an example.

I was working at a client site where we decided to test an application's interaction with Availability Groups in SQL Server. I asked if I could spin up a few servers in Azure to try it. I was told that that wasn't their policy and that they'd provision me servers to work with locally.

  • It took four weeks to get a quote for the hardware.
  • It then took six weeks for the hardware to arrive.
  • Then I was told it would be another four weeks delay because they couldn't take a power outage to install them in the racks.

I wish I was joking.

This had added over three months delay in the project. So much could have been achieved in the meantime. If we had done that in Azure, I could have had the work complete by the next day.

There's no easy measure for the cost of the lost opportunity but it's significant. Don't ignore it when comparing costs.




Opinion: If you're a DBA and want to retrain, what should you learn?

On our SQL Down Under email list today, someone asked:

My title is DBA but my job is more into SQL Developer, fixing data involved in applications. Do you think if I study Power BI that I can get a better job?

I get asked this sort of question regularly, particularly from traditional DBAs who see their roles disappearing.

The most basic answer is to adapt what you're doing across to roles that are still in need like data modelling, query performance tuning, DB design in general, etc. However, I wanted to make some more broad recommendations for those considering something more radical.

Historical Answer

Over the years, when I've been asked this, I point out that a key advantage of BI is that it tends to appeal to the people who pay the bills.

Awesome image by Sharon McCutcheon

If you work on core business systems like invoicing, order entry, accounting, and so on, you can have a rewarding career. However, you'll be spending your life working in what the organisation sees as a cost of doing business. And that's something that they want to minimise.

Awesome image by Krill Sharkovski

The higher you can move higher up the IT ladder (in terms of value to the business), the better funded your projects usually are, and the more interesting your role is likely to be.

BI Example

A simple example, let's consider a company like Amazon. The people who do all their IT for core order processing, shipping, etc. will have busy and probably interesting jobs. But their life will be full of head count restrictions, budget cuts, and an endless desire to minimise their costs. To get funded, most new projects will need to show that they lead to a reduction in existing costs.

Then consider the people who do the "hey you bought this, I really think you should consider this as well" code.

I can't say for sure, but I'd almost guarantee their projects are funded at an entirely different level, largely because they can directly affect the profitability of the company. New projects in these areas are much more likely to be seen as investments. They will also be likely to attract funding from outside the normal IT chain of command, probably from the Marketing team.

(I've seen predictions years ago that most of IT will eventually report to Marketing).

That advice has worked well for us, and still works now, but it's yesterday's advice, and now I see things differently.

Today's Answer

Tomorrow's corporate battles, and even potentially the survival of the companies will be largely based around their ability to implement AI.

The first generation of AI was all about super-specialists, deep thinking, and looking for breakthroughs.  It was owned by the 7 big corporations working in AI and their association to a handful of universities doing advanced work in the area.

This next phase of AI (following on from the development of deep learning) is all about implementing these current AI concepts, and applying them to so many aspects of business and the community. Even though the biggest wins will come to those who own the big data sets, there are and will continue to be amazing opportunities for commercialising existing AI concepts.

Our most interesting projects today are ones that are based around AI tooling, that's letting us solve business problems that we simply could not have solved any other way, at least not economically.

And if you want an area that's crying out for short to medium term wins, that's security.

Awesome image by Liam Tucker

The problems in this area are now almost already completely out of hand. There are estimates that this year alone, there will be shortages of hundreds of thousands of IT security people, but we're talking about serious security people. And this is going to get much worse.

The only foreseeable way to solve most IT security issues is via AI.

I'm not too worried about retraining now but if I was in my 30's or 40's, aiming directly at the intersection of AI and advanced IT security would seem a really safe bet.

Opinion: Inability to hire is an underestimated aspect of technical debt and old tooling

Most developers and analysts today are fairly aware of the impacts of technical debt. As technical debt grows, it takes longer and longer to get real customer or end-user work done. Worse, more and more time is spent triaging and squashing bugs. And one interesting aspect of technical debt is old tooling.

Old Tooling

I've written before about modern not being a synonym for better, but there comes a point where you need to modernise your tooling, even if it seems to be doing the job.

For me, the most tell-tale sign is when the author of the tools has apparently moved on from being interested in the tool. No matter how good a tool was, it needs to keep moving forward as requirements and operating environments evolve.

I deal a lot with Microsoft applications, and I often see these signs:

  • People from the development team seem to have moved on to new jobs
  • No-one is posting blog posts about what's happening
  • The tool stops turning up on conference sessions, Channel 9 videos, Azure Fridays, etc.
  • The flow of new features slows to a trickle or stops

If you ask the company, the tool is still supported and not going anywhere, but given the interest has moved on, you probably should too. I can only imagine that there's a desire to avoid upsetting anyone who's made a commitment to using the tool.

Many people refer to this type of tool as abandonware.

There are times though, when sudden spurts of life appear. A classic example is the work that was done on SQL Server Reporting Services in the 2016 edition. (I'll write more about SSRS another day)

Finding Staff

What I really wanted to mention today though is another nearly-hidden downside of using old tools, as a form of technical debt. And that's your ability to find staff. You do not want to underestimate the impact of this.

Today, I was reading about a large company in Europe with untold millions of lines of classic ASP code, embedded with VB. They can't work out how to move forward now.

I feel for them. I've done work with customers where their entire code base was in VB.NET and ASP.NET WebForms. At least that was a step up from classic ASP. They had many hundreds of developers. Even if you're a stalwart who loved the tooling, you need to stop and as yourself where you are going to find staff who'll share that love.

Developers who desperately need an income (and thus a job), and are living from pay to pay, might work for you. But developers who have any options at all, aren't likely to do that.

You'll find it harder and harder to locate good people who want to work for you. You'll end up paying them much, much more than would otherwise be appropriate, and you'll end up lowering your standards for whom you're prepared to employ.

From the point of view of a prospective staff member, do you really want to have your resume showing you starting with that code today?

Awesome image by Pepi Stojanovsky

And if you really are willing to do any coding for the pay, why not learn COBOL and cash in? It won't take that long to learn, and there's still plenty of work around for those wanting to write it.



Opinion: Why no special characters in passwords? Are you a target?

I regularly enter passwords into websites, and am told after I've entered a new password, that I can't use any special characters.

Why exactly?

If I see a site that won't deal with special characters properly, it immediately makes me think there's some pretty poor coding going on under the covers. Very likely, the developers haven't thought through how the parsing of requests, etc. should be handled.

It's not just special characters either. Requiring short passwords is another red flag.

And if you're still using complexity rules (like at least one upper, one lower, one numeric, etc.), read the NIST recommendations on this:

NIST's new password rules – what you need to know

Attack target?

If your website won't allow special characters in passwords, or reasonably long passwords (like a passphrase), it's an indication of poor coding, and it also makes you look like a potentially good target for attacks.

It certainly doesn't make your company look good.

Don't do this!

Happy new year 2020 and goals not resolutions

Wow, it's been a really big year in many ways. I had a list of goals for the year, and overall I'm pretty happy with where it's ended up. One area that remains a challenge for me is personal health. But there are things I have in place that make me confident that one will be addressed better in 2020.

I liked the way that a few of my friends this year posted that they aren't making New Year resolutions, they're just stating goals for the next year. That's a great way to look at things.

If you make resolutions, you might start all enthusiastically but when life intervenes (as it invariably does), you can feel like you've failed.

By comparison, if you have goals, you are always just working towards them until you reach them. And your progress might not go in a straight line. You might have setbacks, but you can just keep redirecting yourself towards your goals. (I've heard it described as being like a plane heading to a destination. They're rarely pointing directly at the destination).

From SQL Down Under, you should see many new things. We've got a whole range of new online courses (including some new free ones), a whole lot of new material on SQL Server, Power BI, and Snowflake, new podcasts, eBooks, and much more.

Thanks for being here. I hope this finds you and your families well.


Happy Christmas 2019 to all my readers

Hi folks,

2019 has been another really big year. The number of readers of this blog has really increased in the last year and I'm pleased you're here as one of them.  You make it all worthwhile.

Thanks to so many who reached out during the year, with wonderful insights and ideas.

Just wanted to wish you all the best for the holiday and Christmas season, from here down under.

Christmas time is often a period where we think back about those we've lost. The older you get, the more there are to remember. They live on in your hearts but life is all too brief. I hope you all stay safe and cherish your loved ones.

Not everyone finds Christmas a happy time. Keep an eye out for people that need extra help during this season.



Opinion: When did "sqls" become a thing?

Given that SQL is an acronym for Structured Query Language, a reference to "a SQL" is then a reference to a language. Or the term SQL just refers to the language.

So something that I find really odd now is the number of people using the word SQL as a synonym for a SQL statement. I keep hearing references like this:

We need to execute several SQLs against the server.

I need to run a few SQLs.

and so on.

I live in Australia where we're well known for mangling parts of the English language and, importantly, abbreviating almost everything. "McDonald" becomes "Macca", etc.

We don't do that with other languages. We don't write "I wrote four Spanishs" instead of saying "I wrote four Spanish sentences".

But I can't be the only one who finds the reference to SQLs as pretty jarring.

Would love to hear your thoughts.

Opinion: If you don't like answering questions, leave the forums

Over the years, I have long periods where I avoid Q&A forums. Lately, I've been spending a bit of time back in some forums. And once again, I've seen the sorts of behavior that make me think about leaving again.

Here's a simple message: If you don't like answering questions in Q&A forums, then don't. Leave. You might think it's all about you and your attempts to gain reputation in the forums. It's not.

It's about the people who need help.

There are a few personality types that I really want to call out:

The "you didn't search well enough before asking the question" type.

These people will berate others for asking questions that have been asked before. Get over it. People will ask the same questions again and again. Not every one of them is a search whiz. And who cares anyway? Just answer their question and let them get on with their lives. If you don't want to do that, just stop doing it.

Worse, I've seen examples lately where questions are closed as duplicates, and the person who jumped into to close it quickly, has totally misunderstood that it's really not actually a duplicate.

The "you're doing a dumb thing; I'm really clever but you should go back to school" type.

These people are more intent on trying to make themselves look clever, belittling the questioner, and basically telling them they're stupid for what they're trying to do. Yet in 99% of cases, they don't give them an answer to their question, or point them in the right direction. Just give the questioner a break; do a bit extra work in showing them what they should be doing.

The "I'm so bored with answering questions that I really can't be bothered" type.

These people will often have compiled a massive FAQ, and the answer to every question is that people will find the answer (somewhere) in the FAQ. If you have the answers so easily at hand, just copy and paste it in, to help the questioner. Don't make them play Where's Wally to find the answer.

Look, if you aren't spending time in the forums with a genuine desire to help people, thank you for your previous efforts but might be time for you to just take a break.

And one for the forum people too: Is it really necessary to remove human interaction and warmth from the responses? When I finish a response with something like "Hope this helps" as I normally would when talking to a human, invariably one of the rules enforcers edits my post and removes that comment. Really? I can see why many people find the forums pretty toxic.



Opinion: Non-responsive contact forms are worse than none at all

Marketing folk have a few common truisms. One is that it costs way less to keep a customer than it is to find a new one. I have no doubt that's true. It's important to keep existing customers. And it costs a lot to get new ones.

For many people now, your website will be the first point of contact. By the time that someone visits your website though, a lot of things often have already had to go right. So it's really important to keep them once they get there. Why waste all that?

One of the real challenges though is that although most websites have contact forms, very, very few of them actually lead to a response.

Worse, many company sites are now intentionally pretty much hiding all their phone numbers, email addresses, etc. and require you to fill in contact forms. Yet I've lost count of how many times I've filled in a contact form at a website, and never heard another thing from that company.

That's ridiculous. 

Turns out, I'm not alone. I recently read a review that talked about a survey they did where they completed sales response forms on 100 websites, and ended up with contact back from less than 20.

That means that either:

  • The request form doesn't actually work i.e. it doesn't actually send a message to anyone who cares
  • The request is going to someone who is either overwhelmed or unable to respond for some reason
  • The request is going to the person who manages the website and who is uninvolved in the actual business.

So a quick check for today:

Do the contact methods on your website actually work?

Do they work on mobile devices?

If someone completes a contact form, are they likely to end up with a response?

Opinion: Are tools like Grammarly really safe to use?

When I first saw Grammarly appear, I thought "what a great idea".

I signed up for an account and started using it, and really liked what it did for my writing. It seemed to work well, although it got seriously messed up sometimes. It really didn't like it when I had a bunch of code on the screen. Overall though, I liked it.

But then one of my security-focused friends asked me:

Do you really want a browser extension that takes everything that you type and sends it to their servers for review? 

And when I stopped and thought about it, that's really the last thing that makes sense to me from a security point of view. The problem is that the browser has no idea about what's OK to send to the extension and what it shouldn't.

Who knows what they do with all the data that's sent to them?

I read their privacy policy and there are a lot of gray areas in there. But the bigger problem is that there's a bunch of data that I just don't want sent in the first place.

Now I could use the icon in the browser toolbar and keep turning it on and off but that's not going to happen because I'll forget to do it when I should.

I think what I'd like to see is just an option where I could highlight a chunk of text, right-click it, and say "Analyze at Grammarly". I could be OK with that.

Would love to hear what you all think. Comment here or ping me offline.