DDoS and SQL Injections

by Leonardo S
The article I chose for this week is titled “Hackers Trade Tips On DDoS, SQL Injection” by Mathew J. Schwartz. The main focus of the article is on the activity of certain underground hacker forums. The data security firm Imperva monitored 18 forums and released a report saying that the two hottest topics were DDoS attacks and SQL injection attacks. A distributed denial of service attack involves flooding a network with fake packets in order to make it inaccessible. The other attack, an SQL injection, involves a hacker sending their own commands into a database. If it doesn’t have the right security, the hacker can easily use commands to access the information stored in the database. Imperva also announced that SQL injection attacks are the most used type of attack against website. This announcement was backed by the fact that many security experts believe that SQL injection attacks are what caused the breach in South Carolina state databases in which thousands of credit card and social security numbers were taken. read more...

Read more

SQL Change Data Capture

by Ming X
The article I read for this week is called Implementing SQL Server’s Change Data Capture by Gregory Larsen. He talks about a new feature called “Change Data Capture (CDC)” came with SQL Server 2008. CDC provides the ability to set up and manage database data auditing without requiring custom auditing procedures and triggers; it captures DML operations (Insert, Update, Delete statements) and makes the altered database available for later reporting. Users can use CDC to track the changes that in a table or tables. CDC is a process that is implemented within a database and allows users to identify the SQL tables, all changes will be tracked. Users can track changes to a single table, or multiple tables, and each change to a table is tracked in separate tables. These tables are stored directly in the database where change data capture is enabled. When users implement change data capture a process is automatically generated and scheduled to collect and manage the change data capture information. By default change data capture information is only kept for 3 days. Users can read the change data tracking tables directly to see what has changed, or use built-in functions to read the data. But, change data capture is available only on the Enterprise, Developer, and Evaluation editions of SQL Server. read more...

Read more

From Big Data to Big Impact

by Claudia J
I picked the article called Business Intelligence and analytics: from big data to big impact that talks about how these areas of study was created due to the urge to manage the excessive amount of data being created and the need to classify and analyze this data to use it as efficient as possible. According to the MIS Quartely after conducting a survey with over 4,000 IT professionals from about 93 counties in different industries the IBM tech reported in 2011 that business analytics is one of the four major technology trends in 2010. It also mentions that McKinsey Global Institute predicted that the United States will have a shortage of people with well-developed analytical skills by 2018. read more...

Read more

Use Same Account Name and Password on Every Service?

by Tseng H. K.
The article I read this week is “One Of The 32 Million With A RockYou Account? You May Want To Change All Your Passwords. Like Now.” by MG Siegler. Title of this article caught my attention immediately. The author has raised up issue that people using same ID and Password on most of the service they signed up for. On December 2009, RockYou’s (the social network app maker) database got attacked. Hackers got around 32 million accounts’ full list of unprotected plain text passwords on their hand. Hackers used SQL injection method to attack RockYou database, it is one of the popular methods to attack databases. Hackers even posted sample of what they found. read more...

Read more

Designers Must Do the Modeling

by Asim K

In his article Designers Must Do the Modeling, which was published in IEEE Software , Volume 15 Issue 2, Brian Lawrence enunciates on the fact that designers for database, or any other project, must do the modeling. Lawrence defines the stepping stone as figuring out the customer’s problem rather than figuring out requirements for the project. In his logical breakdown, Lawrence cites ERD models as only an output of the requirements process which will dictate database  design later on in the process. He pursues this opinion with another, saying that producing the ERD diagram (or whichever type of diagram you may be working with) has the benefit of allowing ourselves to understand the customer’s problem better so we can design better solutions. Because the designers have to produce the requirements model, Lawrence embraces the not-so-popular opinion that the designers themselves are the owners of the model.  Citing a quote by Dwight Eisenhower, the author embraces the planning process over the actual plan. To further reinforce this statement, Lawrence says that managers must help persuade designers to understand that they must model requirements – no matter if the designers see it as their duty or not. Similar to the statement of “Learning by Doing”, Brian Lawrence embraces a brilliant model in saying that it is during the planning phase that we learn the most, not in the implementation of the plan. Personally, I agree with this worldview because I have experienced the  same euphoria myself. When I was younger, around 11 or 12, years old I would sit down to learn HTML as a hobby (yes, HTML was my hobby). Although my websites churned out to look like absolute trash and functioned on a pretty depressing level, in the process of research, working with clients, figuring out bells and whistles, I was able to generate a more holistic understanding  of what I was learning and still retain that knowledge today. On these terms, I agree that the designers – the individuals who actually work with the client to figure out their problems and solve them – are the people who should create the requirements needed for their projects; in our case: a databaase. Lawrence, B. (1998). Designers must do the modeling. Software, IEEE, 15(2). Retrieved from http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/stamp/stamp.jsp?tp=&arnumber=663782.
Read more

When Will NoSQL be the Giant in the Database World?

by Katheryn T
In the article I read about, there seemed to be a generally negative feeling about Oracle. Oracle has been around for years now and is used by many businesses for their database management. The article spoke about how time consuming and expensive Oracle is for most companies. It was described as “software for the upper one percent”.  When implementing an Oracle system, you have to pay for several fees and line items that seem useless. Not only is it expensive but has fundamental flaws for such a mature product. This was explained in a separate article. So the Oracle DBMS is a widely used product while still having some problems and while being very very expensive. NoSQL has been a competing software that was developed in 2009. This system is cheaper and has several benefits. But this article was talking about how even though there is a better alternative to Oracle, NoSQL will not be replacing it very quickly. read more...

Read more

‘Drill’, A New Project From Apache

by Leonardo S
The article I chose for this week is titled “New Apache Project ‘Drill’ Aims to Speed Up Hadoop Queries” by Todd R. Weiss. The topic of this article is the new project taken up by the Apache Software Foundation called ‘Drill’. For those that don’t know, Apache is a community of users that develops open-source software, including the popular OpenOffice. The purpose of its new project is to have a tool that will speed up the use of Hadoop data analysis tools. By letting users do quicker queries of large data sets, Drill promises to be a reliable replacement to similar paid programs such as Google’s Dremel. The article continues by saying that the need for Drill was brought about by increasing user requirements, which basically means that people are tired of waiting more than a few seconds for query search results. read more...

Read more

Using GPUs for Database Processing

by Eric C
When designing a physical database, there are many variables to take into consideration that will impact the overall success of a database. Perhaps one of the most important is optimal performance. In the peer-reviewed journal written by Chang, Sheu, Yuan, and Hsu, they discuss how GPUs are used to increase the performance of a database. Since modern GPUs typically have more computing power than regular CPUs, it is beneficial to harness the power of GPUs. Using GPUs in conjunction with regular CPUs require the use of a different programming architecture, called CUDA (Computer Unified Device Architecture). Developed by NVIDIA, CUDA is a parallel computing platform that results in faster rendering and computation of complex and intensive tasks. The benefits of using CUDA include faster scattered reads from memory, higher bandwidth using fast shared memory, and bitwise operations. However, in order to incorporate the parallel computing of GPUs with databases, the database has to be specifically designed to work with it. Using a database structure called in memory database (IMDB), which runs the database on the main memory of the server, instead of a disk-drive, allows the computing of GPUs. In this case, the database will be run in the GPU’s memory with the help of CUDA. The database itself must use 2D column-major arrays instead of the typical tree structure (B-Tree) to manage the index. The performance gain, as noted by the authors, is faster by two times when running SQL operations on the GPU. read more...

Read more

Databases Affect Many Aspects of our Lives

by Brian B
The article I picked this week is titled “Ohio Audit Says Diebold Vote Database May Have Been Corrupted” by Kim Zetter. The article is talking about a company called Diebold who makes the electronic voting machines for the State of Ohio. It focuses on the November 2006 election in Ohio because there are questions to whether the database that these machines used was corrupted. The report cited by this article states that there were “Vote totals in two separate databases that should have been identical had different totals.  (Zetter, 2007)” The company essentially responded by saying that the system was working as intended. It was also found that “Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date.  (Zetter, 2007)” The article goes on to say that the database software that was being used was built by Microsoft’s Jet Database engine. It states that “The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night. (Zetter, 2007)” The system was reported to be experiencing many problems during election night. It would reboot, crash, some ballots were not scanned, and some ballots were counted twice. Because of this several workers were convicted of tampering with election results. read more...

Read more

Logical and Physical Database comparison

by Garcello D
This week’s article I decided to blog about is called “Logical Versus Physical Database Modeling,” It was written by the staff of developer.com but the information was originally derived from a book called “Database Design” which was written by Ryan K. Stephens and Ronald R. Plew. The article basically explains the logical and physical data modeling and then compares them in a very simple and easy to learn method. The article starts off explaining how models are required and visually represent a proposed database, and then it talks about the different types of diagrams that are used which are the entity relationship diagram, the process flow diagram and the server model diagrams. Then the article introduces the logical and physical data modeling and explains the importance of knowing the difference between the two when it comes to databases. The logical Modeling section then explains that it uses the business requirements and converts those requirements into a model. Creating this model requires the gathering of business entities, business processes, and organizational units. After this information is gathered diagrams and reports are produced that show the processes, that data that exists and the relationships between the data. It should show a physical representation of the activities and data relevant to a particular business. The physical database is the actual design of the database based on what was acquired from the logical database. It deals with the conversion of the logical model into a relational database model. But this is just a small summary which is covered more in depth inside the article. read more...

Read more