Archive for April, 2011

How to NOT Run a Contest

April 18, 2011 2 comments

Microsoft has announced anew contest called “Ready for Work”. I happened to come across this while reading a recent article on ComputerWorld about Microsoft broadening Office 365 Beta. The article stated that: “Five winners will receive a $50,000 marketing package, Office 365 and a day’s work from a Microsoft executive.” Intrigued, I decided to click the link provided. And that’s where things go wrong.

Let me just say I don’t blame ComputerWorld for the subterfuge, I think in this case, they were simply passing along the PR feed that came from Microsoft. Not a biggie. But with what Microsoft did is what I’d consider inexcusable and a horrible way to attract attention to the contest. Firstly, the url that was given is a seemingly innocuous one: Seems reasonable. Only it is a redirect to a FaceBook page.

OK, so MS is attempting to use social media for the contest. But when you look at the page you can see… or rather not see… there’s no details about the contest. All you get is that there is a contest, and if you want to continue you have to click “Like.” What?

So, to find out more about this contest that I may or may not participate in, I have to first “like” it. I’m sorry, but that’s not the way to run a contest. I think it is a perfectly good and valid way to PROMOTE it, but leave the details public, let me see what the contest is all about. THEN if I decide I want to participate I will. If I then also want to share it with my other friends, most of whom are not in the IT business, then I will “like” the page and promote it. But liking a FaceBook page should not be a requisite to being able to read the details of a contest.

And then I clicked the “Back” button on my browser. Which went back to the redirect, sending me right back to FaceBook. Yet one more strike. Click, click, click. Nothing. To get out, I had to dropdown the history list, select the ComputerWorld item.

Microsoft, I am not sure whose idea this was but I think they need to be flogged. I shouldn’t be required to like a FaceBook page just to get details of a contest, and when I click that Back button, LET ME OUT! Don’t trap me. Clearly, the redirects and the FB pages did not go through RC or CTP or any kind of Beta review. Next time, consider at least SOME kind of focus group review. Either way, this is an example of how to not run a contest.

Categories: General, Technology

Be careful of what you ask for… sometimes you might get it

April 6, 2011 Leave a comment

This is an example of why sometimes you should be careful of what you ask for when it comes to developers. You will get exactly what you asked for.

While working through a query that had been built by a third-party organization (whose name is being withheld to prevent snickering and embarrassment) when I noticed that some of the columns in the query were returning NULL. Ok, this happens, not a big deal. It just means the data for that piece of data is missing. Not unheard of and fully expected in this case. Usually to combat this, you use the ISNULL function to return a default value if the column contains NULL. So I made the appropriate changes and re-run the query.

What in the world? The NULLS continued to show. Needless to say, it required some investigation. The “problem” was buried in a custom SQL function that was designed to take a string, break it down on a delimiter, then return the specified element. There is was, in a case statement…. the else clause… where it returned ‘NULL’ … the literal. The literal text value ‘NULL’ … and not the NULL value as expected. I’m sure someone told them that if the element isn’t found, to return NULL. So that’s exactly what they did. It’s probably a good thing we didn’t ask them to return a blank value. We’d have gotten ‘A BLANK VALUE’.

Categories: Humor, Technology

“Little Bobby Tables”… (or why SQL injection is serious)

April 6, 2011 4 comments

I’d seen this xkcd strip before, but someone here in the office brought it up again during a discussion of the discovery that some one was building SQL statements by using data right out of a grid. xkcd: Exploits of a Mom. Don’t let the title scare you, it’s safe, even for work, unless audible laughter isn’t allowed. In short it shows what can happen when you don’t properly sanitize your data before just stringing it along into a SQL Statement. In addition, it shows the importance of using parameters for input values when ever possible.

Oh, and it is possible to use parameters with dynamic SQL, in a future post I’ll show how that’s possible.

Categories: Humor, Technology