Thursday, August 9, 2007

Questions to ask a SQL Server database developer applicant

Takeaway: Tim Chapman presents his standard set of baseline technical questions he asks SQL Server database developers during an interview. These questions will help you weed out less-qualified candidates.

It is very difficult in today's job market to find well-qualified database developers. As a colleague of mine once said, "SQL development is a language that is easy to learn, but very difficult to master."

When I interview SQL Server database developer candidates, I use a standard set of baseline technical questions. The following questions are ones that I find can really help weed out less-qualified candidates. They are listed in order from easiest to more difficult. When you get to the question about primary and foreign keys, it starts to get challenging because the answers can be more difficult to explain and articulate, especially in an interview setting.

Can you give me an overview of some of the database objects available for use in SQL Server 2000?

You are looking for objects such as: tables, views, user-defined functions, and stored procedures; it's even better if they mention additional objects such as triggers. It's not a good sign if an applicant cannot answer this basic question.

What is an index? What types of indexes are available in SQL Server 2000?

Any experienced database developer should be able to answer this question with ease. Some of the less-experienced developers will be able to answer it, but with a little less clarity.

In its most simple terms, an index is a data structure used to provide quick access to data in a database table or view. In SQL Server, they come in two flavors: clustered and non-clustered. Clustered indexes store the data at the leaf level of the index. This means that whichever field(s) in your table are included in the clustered index, they will be stored in an orderly fashion in the table. Because of this sorting, you can only have one clustered index per table. Non-clustered indexes contain a row identifier at the leaf level of the index. This row identifier is a pointer to a location of the data on the disk. This allows you to have more than one non-clustered index per table.

What does NULL mean?

The value NULL is a very tricky subject in the database world, so don't be surprised if several applicants trip up on this question.

The value NULL means UNKNOWN; it does not mean '' (empty string). Assuming ANSI_NULLS are on in your SQL Server database, which they are by default, any comparison to the value NULL will yield the value NULL. You cannot compare any value with an UNKNOWN value and logically expect to get an answer. You must use the IS NULL operator instead.

What is a primary key? What is a foreign key?

A primary key is the field(s) in a table that uniquely defines the row in the table; the values in the primary key are always unique. A foreign key is a constraint that establishes a relationship between two tables. This relationship typically involves the primary key field(s) from one table with an adjoining set of field(s) in another table (although it could be the same table). The adjoining field(s) is the foreign key.

What are triggers? What are the different types of triggers in SQL Server 2000?

It's very beneficial for a potential database developer to know the types of triggers available, and how to implement them.

A trigger is a specialized type of stored procedure that is bound to a table or view in SQL Server 2000. In SQL Server 2000, there are INSTEAD-OF triggers and AFTER triggers. INSTEAD-OF triggers are procedures that execute in place of a Data Manipulation Language (DML) statement on a table. For example, if I have an INSTEAD-OF-UPDATE trigger on TableA, and I execute an update statement on that table, the code in the INSTEAD-OF-UPDATE trigger will execute instead of the update statement that I executed.

An AFTER trigger executes after a DML statement has taken place in the database. These types of triggers are very handy for auditing data changes that have occurred in your database tables.

How can you ensure that a table named TableB with a field named Fld1 will only have those values in the Fld1 field that are also in the table named TableA with a field named Fld1?

This relationship related question has two potential answers. The first answer (and the one that you want to hear) is the use of foreign key constraints. A foreign key constraint is used to maintain referential integrity. It is used to ensure that a field in a table will only hold values that are already defined in another field in a different (or the same) table. That field is the candidate key (usually a primary key of the other table).

The other option is the use of triggers. Triggers can be used to ensure the same effect of constraints in a roundabout way, but it is much more difficult to set up and maintain, and the performance is typically worse. Because of this, Microsoft recommends that developers use foreign key constraints instead of triggers for maintaining referential integrity.

What is a performance consideration of having too many indexes on a production online transaction processing (OLTP) table?

You are looking for the applicant to make some reference regarding data manipulations. The more indexes on a table, the more time it takes for the database engine to update, insert, or delete data, as the indexes all have to be maintained as the data manipulation occurs.

What can be used to ensure that a field in a table only accepts a certain range of values?

This question can be answered a couple of different ways, but only one answer is a "good" one. The answer you want to hear is a Check constraint, which is defined on a database table that limits the values entered into that column. These constraints are relatively easy to create, and they are the recommended type for enforcing domain integrity in SQL Server.

Triggers can also be used to restrict the values accepted in a field in a database table, but this solution requires the trigger to be defined on the table, which can hinder performance in certain situations. For this reason, Microsoft recommends Check constraints over all other methods for restricting domain integrity.

What is the difference between a return parameter and an OUTPUT parameter?

If the applicant is able to answer this question correctly, the odds are good that they have some experience working with stored procedures.

A return parameter is always returned by a stored procedure, and it is meant to indicate the success or failure of the stored procedure. The return parameter is always an INT data type.

An OUTPUT parameter is designated specifically by the developer, and it can return other types of data, such as characters and numeric values. (There are some limitations on the data types that can be used as output parameters.) You can use multiple OUTPUT parameters in a stored procedure, whereas you can only use one return parameter.

What is a correlated sub-query? How can these queries be useful?

The more seasoned developer will be able to accurately describe this type of query.

A correlated sub-query is a special type of query containing a sub-query. The sub-query contained in the query actually requests values from the outside query, creating a situation similar to a loop.

Questions to ask a SQL Server database developer applicant

Takeaway: Tim Chapman presents his standard set of baseline technical questions he asks SQL Server database developers during an interview. These questions will help you weed out less-qualified candidates.

It is very difficult in today's job market to find well-qualified database developers. As a colleague of mine once said, "SQL development is a language that is easy to learn, but very difficult to master."

When I interview SQL Server database developer candidates, I use a standard set of baseline technical questions. The following questions are ones that I find can really help weed out less-qualified candidates. They are listed in order from easiest to more difficult. When you get to the question about primary and foreign keys, it starts to get challenging because the answers can be more difficult to explain and articulate, especially in an interview setting.

Can you give me an overview of some of the database objects available for use in SQL Server 2000?

You are looking for objects such as: tables, views, user-defined functions, and stored procedures; it's even better if they mention additional objects such as triggers. It's not a good sign if an applicant cannot answer this basic question.

What is an index? What types of indexes are available in SQL Server 2000?

Any experienced database developer should be able to answer this question with ease. Some of the less-experienced developers will be able to answer it, but with a little less clarity.

In its most simple terms, an index is a data structure used to provide quick access to data in a database table or view. In SQL Server, they come in two flavors: clustered and non-clustered. Clustered indexes store the data at the leaf level of the index. This means that whichever field(s) in your table are included in the clustered index, they will be stored in an orderly fashion in the table. Because of this sorting, you can only have one clustered index per table. Non-clustered indexes contain a row identifier at the leaf level of the index. This row identifier is a pointer to a location of the data on the disk. This allows you to have more than one non-clustered index per table.

What does NULL mean?

The value NULL is a very tricky subject in the database world, so don't be surprised if several applicants trip up on this question.

The value NULL means UNKNOWN; it does not mean '' (empty string). Assuming ANSI_NULLS are on in your SQL Server database, which they are by default, any comparison to the value NULL will yield the value NULL. You cannot compare any value with an UNKNOWN value and logically expect to get an answer. You must use the IS NULL operator instead.

What is a primary key? What is a foreign key?

A primary key is the field(s) in a table that uniquely defines the row in the table; the values in the primary key are always unique. A foreign key is a constraint that establishes a relationship between two tables. This relationship typically involves the primary key field(s) from one table with an adjoining set of field(s) in another table (although it could be the same table). The adjoining field(s) is the foreign key.

What are triggers? What are the different types of triggers in SQL Server 2000?

It's very beneficial for a potential database developer to know the types of triggers available, and how to implement them.

A trigger is a specialized type of stored procedure that is bound to a table or view in SQL Server 2000. In SQL Server 2000, there are INSTEAD-OF triggers and AFTER triggers. INSTEAD-OF triggers are procedures that execute in place of a Data Manipulation Language (DML) statement on a table. For example, if I have an INSTEAD-OF-UPDATE trigger on TableA, and I execute an update statement on that table, the code in the INSTEAD-OF-UPDATE trigger will execute instead of the update statement that I executed.

An AFTER trigger executes after a DML statement has taken place in the database. These types of triggers are very handy for auditing data changes that have occurred in your database tables.

How can you ensure that a table named TableB with a field named Fld1 will only have those values in the Fld1 field that are also in the table named TableA with a field named Fld1?

This relationship related question has two potential answers. The first answer (and the one that you want to hear) is the use of foreign key constraints. A foreign key constraint is used to maintain referential integrity. It is used to ensure that a field in a table will only hold values that are already defined in another field in a different (or the same) table. That field is the candidate key (usually a primary key of the other table).

The other option is the use of triggers. Triggers can be used to ensure the same effect of constraints in a roundabout way, but it is much more difficult to set up and maintain, and the performance is typically worse. Because of this, Microsoft recommends that developers use foreign key constraints instead of triggers for maintaining referential integrity.

What is a performance consideration of having too many indexes on a production online transaction processing (OLTP) table?

You are looking for the applicant to make some reference regarding data manipulations. The more indexes on a table, the more time it takes for the database engine to update, insert, or delete data, as the indexes all have to be maintained as the data manipulation occurs.

What can be used to ensure that a field in a table only accepts a certain range of values?

This question can be answered a couple of different ways, but only one answer is a "good" one. The answer you want to hear is a Check constraint, which is defined on a database table that limits the values entered into that column. These constraints are relatively easy to create, and they are the recommended type for enforcing domain integrity in SQL Server.

Triggers can also be used to restrict the values accepted in a field in a database table, but this solution requires the trigger to be defined on the table, which can hinder performance in certain situations. For this reason, Microsoft recommends Check constraints over all other methods for restricting domain integrity.

What is the difference between a return parameter and an OUTPUT parameter?

If the applicant is able to answer this question correctly, the odds are good that they have some experience working with stored procedures.

A return parameter is always returned by a stored procedure, and it is meant to indicate the success or failure of the stored procedure. The return parameter is always an INT data type.

An OUTPUT parameter is designated specifically by the developer, and it can return other types of data, such as characters and numeric values. (There are some limitations on the data types that can be used as output parameters.) You can use multiple OUTPUT parameters in a stored procedure, whereas you can only use one return parameter.

What is a correlated sub-query? How can these queries be useful?

The more seasoned developer will be able to accurately describe this type of query.

A correlated sub-query is a special type of query containing a sub-query. The sub-query contained in the query actually requests values from the outside query, creating a situation similar to a loop.

The best software developers are built not bought

Overview: When you get right down to it, the best way to acquire the most talented developers for your project may be to build them, not buy them.

An experienced talented software developer is not likely to walk into your organization off the street. In fact, all the recruiting and searching in the world may not be enough to get you a solid team of "best available developers." Perhaps the best option for your organization is to develop the best software developers in house. This download discusses the pros and cons of building versus buying software development talent and asks you to consider the possibility that the best developers may be the recruits with the most potential and not necessarily the ones with the most experience.Does your organization take the time and make the effort required to develop talent in house, or do they prefer to purchase software application development talent on the open market?

the pdf goes here

Get good results by hiring experience

Takeaway: The job market has never been more competitive, so management now has a pool of viable candidates. The pool is often divided among experienced developers with no exposure to the necessary tools and those with little experience but who know the buzzwords.


The tables have turned and tech employers now enjoy the upper hand in the battle for job candidates. Gone are large salary demands, perks, hiring bonuses, and the need to offer stock options. The economic downturn and resulting layoffs in the IT industry has flooded the job market with experienced job seekers, so management has become more stringent in the interview process. Each job opening demands a certain level of competence, so the manager must decide what type of person they want before beginning the interview process.

As a project manager, I recently served as the interviewer for an application developer position with a focus on .NET. Throughout the process, I recognized a trend in the candidates. First, there were a number of individuals with plenty of development experience but no experience with .NET. On the other hand, there were plenty of candidates with little experience but who were familiar with .NET. The buzzwords (e.g., ASP.NET, C#, etc.) are easy to drop, with no real working knowledge of the technology. .NET is such a hot technology that even somewhat experienced candidates are hard to find. So, which candidate is the better choice when you’re in a hiring crunch: The experienced developer with no exposure to .NET or the relatively inexperienced developer who knows all the right buzzwords?

The value of diverse experience in programming languages
As a developer, I believe developers need to learn more than one language. In fact, one article I recently read suggested that a developer should learn a new language every one to two years. You may find this idea ludicrous, but it has merit.

Application development is more than the core language or syntax; it is a way of thinking. And this thought process is improved over time as more and more development projects are tackled. In addition, using a new programming language often introduces new concepts that may or may not be useful in other languages. In fact, a whole area of study, called patterns, concentrates on common programming problems.

With that said, an experienced developer, fluent in more than one programming environment, displays the ability to learn. Also, having a general idea of application development makes it easier to tackle problems. Saying “I am a self-starter” is a standard response in the interview process, but the experienced individual actually demonstrates this ability.

A real-world example
As a project manager, it is my job to ensure that projects are on the right course and all team members are productive. On a recent project, one junior, relatively inexperienced developer worked furiously on a piece of code that worked with text values. His patience was exhausted after many hours, so he turned to the more experienced developer for possible help. The experienced developer suggested the use of regular expressions to solve the problem. Regular expressions are a relatively new concept for Windows developers, but they have lived in the UNIX world and other languages for years. At that point, the problem was quickly solved and the younger programmer gained a piece of valuable knowledge to be reused over and over again. Though the inexperience of the junior developer could have been detrimental to the team, this type of mentoring is beneficial for both senior and junior developers—it's beneficial for the junior member to learn, and it's good for the project if a problem is quickly resolved with the aid of an experienced team member. It’s therefore vital for managers to emphasize this type of communication within the team.

Test the candidate
A final point to consider is verifying individuals' credentials to ensure that you don’t have novice candidates trying to pass themselves off as more experienced than they actually are. I have already discussed my preference for experience, but do you take a person’s word that they have developed with Java, C++, and Ada? I say no, but you may disagree (and regret it—e.g., when the new hire ultimately can’t do the job). Developers usually enjoy quizzing prospective candidates, so tap your present staff if possible for a kind of team interview. In addition, there are a variety of online services that can help with candidate testing—Brainbench is the most prevalent. You could also accept certifications in place of an actual test. Whether or not a test or certification is accepted, it does provide a measurement of a person’s proficiency in the given technology.

How does a newbie get a break?
At this point, you may be wondering why a person with relatively little experience would ever be hired. There are opportunities for greenhorns on development teams. Ideally, a project would have a mixture of new and experienced developers with the more experienced individuals assuming roles of leadership. This is often achieved by using a more experienced person as the Technical Lead on a project. Less experienced developers get direction (including technical specification or design) from this person. This allows the new developers to lean on the experienced individuals for help.

Making the decision
Assembling a project team or adding a new employee (or consultant) to the team is a time-consuming process that is unique to each organization. A mixture of both experienced and inexperienced persons can yield good results, but a time-sensitive project requires the know-how to get the job done—when you can’t afford to lose time to on-the-job training. In the end, an experienced individual is much more valuable to the team when compared with the alternative, which can be detrimental to the project.

Hiring good programmers: The high cost of scrimping

Came across this very interesting and enlightening piece by Frank Wiles, in which he discusses various topics that we are all too familiar with pertaining to software projects.

He made a few salient points drawn from his experiences that I have summarized as follows:

  • A good programmer can be as effective as 5-10 average ones
  • Finding good programmers is hard in any language
  • Average pay rates for equivalent programmers are out of sync and are more based on language than skill
  • Seriously consider allowing telecommuting to get access to the best talents
  • It might make more sense to hire expert programmers who can learn a particular language than an expert in that language

Why is it so hard to find good programmers? An offered explanation is that when companies find good programmers, they do their utmost to keep them for as long as possible. Essentially, demand and supply takes care of a possibly limited pool of talent.

However, what caught my interest was Frank’s assertion that simply hiring more junior programmers is often not the answer. Instead, the result often culminates in nothing more than “keeping the seat” warm in most situations.

Excerpt from: A Guide to Hiring Programmers: The High Cost of Low Quality:

Companies need to stop thinking about their developers as cogs in the machine. They are more akin to artists, authors, designers, architects, scientists, or CEOs. Would your HR department rush to find the first person who would willing to take on the role of Chief Scientist, Art Director, or CEO in your company? Of course not…

They realize that having the wrong person in that seat is much worse than having the seat empty. It is absolutely the same with programming.

What about you? What are your experiences with hiring or working with programmers?

Wage discrepancies between women and men may surprise you

By that title, I’m not talking about the fact that, historically and on average, women make lower salaries than men performing the same job do. I’m talking about what appears to be a new trend, if you can believe a recent analysis completed by the Department of Sociology at Queens College in New York.The report, released August 3, indicates that salaries of full-time female employees in their 20s have surpassed the same-aged males in urban areas like Chicago, Boston, Minneapolis, Dallas and New York. However, women’s salaries lagged behind in areas like Arkansas, Louisiana and West Virginia. According to a piece in eWeek, women in their ’20s earned 17 percent more than their male counterparts, and in Dallas, they earned 20 percent more.

But what about IT workers?

Dice, the IT staffing firm, released a report in January that indicated women in IT earned on average 9.7 percent less than men in 2006.

“This narrowed slightly from the year prior when the difference was 10.9 percent. The IT gender gap was largest among database administrators, at 15 percent.”

But when the report delved into specific job titles, the news was a little different. Women with job titles such as help desk professionals earned an average 4.8 percent more than their male counterparts, and technical writers 2.5 percent more. Female CEOs, CIOs, chief technology officers, vice presidents, and directors earned 1.4 percent more than male IT executives.

While in the sources I saw, this latter piece of news was considered promising, I have to wonder, though. I think wage discrepancies between the sexes are bad, no matter who comes out ahead. A man and a woman doing the same job should be paid the same.

It’s 9:00am: Do you know where your people are?

Today’s workforce is located everywhere. This geographic dispersion of workers presents some interesting management challenges-especially for the IT manager. You may work in a high rise office building where your team sits across the isle from you. Of course, you could also be working on a project where your teammates are actually in another building; or they could be in a different city; they could be in a different state; they may even be in a different country that is positioned across one of the oceans from where you are. It is also possible your top performer works in their pajamas in a room in their own home. There is a high likelihood that your company uses a combination of these scenarios in that you may have team members that reside in another state as well as another country. I personally managed a large product development organization that spanned three countries. Regardless of the working model your organization uses, as the leader, you must manage your team as though they are all located across the isle.

How did things get like this? How did we venture so far from the days where in order to find a co-worker that didn’t work nearby you merely had to walk to another floor in the same building? The answer is actually very simple. Over the past couple of decades we have experienced mergers, acquisitions, various outsourcing scenarios, decentralization strategies, telecommuting, pressure from global competition, as well as companies chasing skill sets that may not reside in the same state as the home office. In some cases it is as simple as companies trying develop a highly skilled workforce at a lower cost. The company may be experiencing physical space problems as a result of an increase in the cost of real estate. Each of these circumstances has left us with a workforce that may be located in many different time zones. What does all of this mean to you, the manager?

We are taught early in our management careers that physical proximity of teammates is conducive to a productive work environment. It fosters improved communications and relationships both at the group and individual levels. It promotes creativity development-sometimes simply from chance encounters. Intuitively we feel that productivity and communications will decline as physical separation increases. However, the current dispersed organization model seems to be counter to those teachings. Regardless of the current model, your job is to direct, energize and motivate your organization into working as a cohesive team in order to accomplish your mission-regardless of where they are on the planet. You must ensure that all assignments get completed with “ready for prime time” quality. You have to make each team member “feel’ apart of the larger team. You must deal with the technology and process issues that will develop in spite of of the structure. Tasks such as measuring performance and completing performance appraisals are also a challenge. In addition, you will more than likely be limited to the amount of travel you will be allowed based on budgets restrictions. Therefore, you must perform these tasks from the office in which you are physically located which will distance you from the very team you are required to manage.

So the question becomes, “How do you effectively manage people who are located everywhere?”

The obvious answer is to use technology. There are collaboration tools, email, telephone and videoconferencing just to name a few. Technology will help the communications aspect of working in this environment. However, my research suggests that technology is a less than perfect substitute for personal interaction and collaboration.

There are numerous techniques that have been developed for managing a geographically dispersed organization. Unfortunately, there are too many to cover here. However, from a leadership perspective, my advice is to “Manage the remote people like they are local, and manage the local people like they are remote.”

What?

The biggest complaint that I have always heard from the people who are remote is that they feel forgotten-Out of sight, out of mind (to use a rather trite, but accurate statement). They also complain that they don’t have the same level of access to the management team as the local people. They don’t get the opportunity to run into you in the hallway on their way to a meeting. They don’t get the chance to poke their heads in your office and ask questions or give updates on an important project. They can’t just decide to join you when they see you sitting alone in the company cafeteria or at a local restaurant.

Your local people can.

There are two things you must do. First, you must make it easy for your remote people to have access to you the way the local people do. Then you must restrict the access that your local people have to you. The latter is obviously very difficult to do. In any case, let’s examine the approach.

Your remote people could have a number of challenges in addition to their restricted access to you. For example, I had an IT manager in my organization in London, England, who had to double as the landlord in the building in which the team was housed. We were the primary tenants, so that role fell on us. Since my organization was the only one in the building, my senior person there was burdened with the landlord responsibility. There may also be time zone issues, technology maturity issues, phone system issues, language issues, and a whole host of other challenges. These are things that your local people may never encounter. Add these challenges on top of the fact that they cannot access you as often as they would like, and you can see how they could feel a little left out.

I found that the most successful approach was to have a scheduled time for everybody to have access to me. I made it a point to schedule a little more time with the remote people than the local people. For example, my London team was six hours ahead of my time zone. I would come in very early in the morning each day and spend time talking with them on the phone. I also scheduled time with my local team. They knew that regardless of where I was on the planet, on Wednesdays at 10:00 am we had a meeting. Sometimes the meeting was a video conference, sometimes it was a phone call, and sometimes, if I was in town, it was face-to-face.

Managing a geographically dispersed organization is difficult and challenging, by not impossible. However, it will require that you examine your management style so that your remote people feel that their access to you is as easy at the local team. Remember, it’s 9:00am and your people are everywhere.

Organize your Web Tools platform (WTP) development project

Overview:
Java Web application developers with a working knowledge of Java programming and some experience using Eclipse will benefit from the discussion of the architecture of Java Web applications and how to build them using the Web Tools Platform (WTP) in Eclipse Web Tools Platform: Developing Java Web Applications. This chapter download from the book describes how to set up your development project, including the use of Maven for automated builds, then discusses architecture in some detail. The chapter starts with a basic description of the basic types of applications and projects that are supported in WTP, then shows how to create different kinds of projects to build applications. The second part of the chapter describes some of the advanced project features that are available with WTP, discussing how to use advanced WTP features to create project templates and apply best practices that are helpful in organizing development work.

the pdf is here

Design your Java applications to be more accessible with JAAPI

Takeaway: Did you know that you can use a rich palette of accessibility tools to make your Java application more accessible to users with disabilities? Learn how to incorporate the Java Accessibility API (JAAPI) in your application development work.

The Java platform is becoming increasingly popular for developing desktop applications. In order to comply with standard Windows applications ergonomics, it is essential that accessibility barriers do not exist during application development.

Early releases of the Java API did not have native support for accessibility and assistive devices, thus potentially rendering Java products unusable to many visually impaired users. In an attempt to resolve the situation, Sun Microsystems released the Java Accessibility API (JAAPI). The JAAPI makes GUI component information available to assistive technologies, giving users alternative presentation and control of Java applications.

Accessibility on the Java platform consists of four basic elements:

  • JAAPI: Provides some kind of a contract between a Java application and the assistive technology (such as a screen reader or Braille display device).
  • Java Accessibility Utilities: Provides the ability to get the information from the application and process it for further displaying with special devices. They help assistive technologies monitor component-related events and get additional information about the GUI, such as the current position of the mouse, or the window that currently has focus.
  • Java Access Bridge (JAB): This is the most important element in providing accessibility to the Java platform under the Windows operating system. It was introduced in J2SE 1.3.
  • Java Foundation Classes (JFC): This is a library of GUI components, which fully implement the JAAPI.

JAAPI

The Accessibility API comprises a set of interfaces and classes. The main interface is the Accessible interface; all components that support accessibility must implement this interface. The Accessible interface defines one method, getAccessibleContext. When called on an accessible component, getAccessibleContext returns an AccessibleContext object. This object contains a basic set of accessibility information about the component, such as the component's accessible name, description, role, parent, and children, as well as the component's state. For example, if the component is a window, AccessibleContext indicates whether the window is active.

Most Swing (JFC) components, such as JButton and JTextArea, implement the Accessible interface. You can use the setAccessibleName and setAccessibleDescription methods of AccessibleContext to set an accessible name and description for the button. Listing A offers an example of a simple application that displays a button and makes it accessible.

In addition to methods for setting and getting basic accessibility information, AccessibleContext has methods for retrieving information about components that have special types of characteristics. For example, a component that displays text can make the text accessible to an assistive technology by implementing the AccessibleText interface; the getAccessibleText method of AccessibleContext returns the accessible text for a component that implements the AccessibleText interface. An assistive technology could then use AccessibleText interface methods to perform actions on the text, such as retrieve selected text.

Java Accessibility Utilities

Java Accessibility Utilities consist of a set of interfaces and classes. EventQueueMonitor provides core functions needed by assistive technologies.

The AccessibleIcon interface, for example, extends accessibility to icons. In particular, it gives you a way to specify an accessible description for an icon. It also allows you to retrieve the description and information about the icon's height and width. Listing B shows how to turn an ordinary icon into accessible one.

A new method in getAcessibleContext, called getAccessibleIcon, returns an array of type AccessibleIcon. Each element of the array represents an accessible icon that is associated with the object of interest. In this case, the button has one accessible icon, the house icon.

The AccessibleTable interface extends accessibility information to tables. For example, it provides methods for setting and retrieving an accessible caption for a table, and for getting the number of rows and columns in a table. The Swing class JTable.AccessibleJTable implements the AccessibleTable interface. The getAccessibleTable method in the AccessibleContext returns an object of type AccessibleTable. This object contains a variety of methods for setting and retrieving accessible information about the table. For example, this includes the getAccessibleColumnCount and getAccessibleRowCount methods.

Make JAB interact with Windows, UNIX, and Linux

There are initiatives for JAAPI interaction at the native level for Windows and for GNOME desktop on UNIX and Linux platforms.

For Windows, the Access Bridge spans both the Windows and Java environments. Part of it is a Java class, and the other part is a set of Windows Dynamic Link Libraries (DLLs). When a Windows-based assistive technology runs, it interacts with the DLL portion of the Access Bridge. The Bridge's class then communicates with the Accessibility API and Java Accessibility Utilities through the Java Virtual Machine. (In order to use the JAB, you need to have the Java Accessibility Utilities installed.)

The GNOME desktop on UNIX and Linux platforms is highly customizable and provides APIs and libraries to allow developers to quickly create accessible applications and assistive technologies. GNOME Accessibility Architecture is contributed by Sun Microsystems to the GNOME open source project.

Java Accessibility Helper

The Java Accessibility Helper examines an Abstract Window Toolkit (AWT) or Swing-based application for accessibility and is capable of running various tests against an application. This important tool helps to identify problems with lack of accessibility support in a Java application.

Further reading

For more information about the JAAPI, check out the following resources:

Look inside the Java Reflection class

Java Reflection is a technology that looks inside a Java object at runtime and sees what variables it contains, what methods it supports, what interfaces it implements, what classes it extends—basically everything about the object that you would know at compile time.

The Reflection API is located in the java.lang.reflect package and is included in any J2SE installation. Primarily it is intended for very generic programs such as database browsers or visual code editors, but it can be used in any other applications. Reflection is for dealing with class files you know very little about ahead of time. Reflection has a very high overhead, so before using it, you should make sure that you can't solve your problem with a simple interface, Class.forName(), and a delegate object instead.

Example

Listing A contains an example of code that uses Reflection. The code in Listing A is equivalent to the following code:

newTestClass().setName("TestName");

The code in the first example dynamically calls a method of a newly created object using reflection. It is quite convenient, but it is also relatively slow.

Basic techniques

There are two basic techniques involved in Reflection: discovery and use by name. Here are descriptions of both:

  • Discovery involves taking an object or class and discovering the members, superclasses, implemented interfaces, and then possibly using the discovered elements.
  • Use by name involves starting with the symbolic name of an element and using the named element.

Discovery typically starts with an object and then calls the Object.getClass() method to get the object's Class. The Class object has a number of methods for discovering the contents of the class. Here are some of those methods:

  • getMethods(): returns an array of Method objects representing all of the public methods of the class or interface.
  • getConstructors(): returns an array of Constructor objects representing all of the public constructors of the class.
  • getFields(): returns an array of Field objects representing all of the public fields of the class or interface.
  • getClasses(): returns an array of Class objects representing all of the public classes and interfaces that are members (e.g., inner classes) of the class or interface.
  • getSuperclass(): returns the Class object representing the superclass of the class or interface (null is returned for interfaces).
  • getInterfaces(): returns an array of Class objects representing all of the interfaces that are implemented by the class or interface.

You can obtain the Class object either through discovery, by using the class literal (e.g., MyClass.class), or by using the name of the class (e.g., Class.forName("mypackage.MyClass")). With a Class object, member objects Method, Constructor, or Field can be obtained using the symbolic name of the member. These are the most important techniques:

  • getMethod("methodName", Class...): returns the Method object representing the public method with the name "methodName" of the class or interface that accepts the parameters specified by the Class... parameters.
  • getConstructor(Class...): returns the Constructor object representing the public constructor of the class that accepts the parameters specified by the Class... parameters.
  • getField("fieldName"): returns the Field object representing the public field with the name "fieldName" of the class or interface.

You can use Method, Constructor, and Field objects to dynamically access the represented member of the class. For example:

  • Field.get(Object): returns an Object containing the value of the field from the instance of the object passed to get(). (If the Field object represents a static field, the Object parameter is ignored and may be null.)
  • Method.invoke(Object, Object...): returns an Object containing the result of invoking the method for the instance of the first Object parameter passed to invoke(). The remaining Object... parameters are passed to the method. (If the Method object represents a static method, the first Object parameter is ignored and may be null.)
  • Constructor.newInstance(Object...): returns the new Object instance from invoking the constructor. The Object... parameters are passed to the constructor. (Note that the parameterless constructor for a class can also be invoked by calling newInstance().)

Creating arrays and proxy classes

The java.lang.reflect package provides an Array class that contains static methods for creating and manipulating array objects. Since J2SE 1.3, the java.lang.reflect package also provides a Proxy class that supports dynamic creation of proxy classes, which implement specified interfaces.

The implementation of a Proxy class is provided by a supplied object that implements the InvocationHandler interface. The InvocationHandler's method invoke (Object, Method, Object[]) is called for each method invoked on the proxy object—the first parameter is the proxy object, the second parameter is the Method object representing the method from the interface implemented by the proxy, and the third parameter is the array of parameters passed to the interface method. The invoke() method returns an Object result that contains the result returned to the code that called the proxy interface method.

Further reading

How do I… Turn off overtype with the Insert key in Word permanently?

The first method for turning off the Insert key overtype function comes from the Web site annoyances.org. The method uses the Word macro language to circumvent the normal operation of the Insert key, which is a little heavy-handed, but it definitely works. Navigate the Word menus to start a macro recording by clicking Tools | Macros | Record New Macro. You should see the screen shown in Figure A.

Figure A

Record new macro

Change the name of the new macro to something like “DoesNothing” and then click the Keyboard button. Click the cursor in the Press New Shortcut Key box and press the Insert key (Figure B). Click the Assign button and then click the Stop Recording button to stop and save the macro.

Figure B

DoesNothing

Now when you press the Insert key, it does nothing.

Another way

You don’t have to record a new macro to turn off the Insert key overtype functionality in Word; you can merely change the keyboard shortcut associated with the Insert key. Right-click on an empty part of a Word toolbar and then click the Customize menu item to reach the screen shown in Figure C.

Figure C

Customize

Click on the Commands tab and then click the Keyboard button to reach the screen shown in Figure D.

Figure D

Keyboard shortcuts

In the Categories list box, choose All Commands. Then, in the Commands list box, choose Overtype. Note that the current keyboard shortcut is the Insert key. Click Insert in the Current Keys box and then click the Remove button. There you go — no more inadvertent toggle of the overtype mode is possible because there is no keyboard shortcut anymore.

A compromise

There is, of course, another option to consider. There may come a time when you want to toggle on overtype mode in Word. With the previous two methods, you will have to reverse the process to retrieve the functionality. A better idea might be to change the associated keyboard shortcut to something that is much less likely for you to inadvertently type. So instead of removing the keyboard shortcut, you change it to something like Ctrl+Shift+Insert, as shown in Figure E. Just click the Assign button and now you can avoid the inadvertent overtype but still have access to that feature when you want it. Thus, you are removing one annoyance without creating a new annoyance later.

Figure E

A new keyboard shortcut

You may be wondering about Word 2007. Apparently, Microsoft got the message that the Insert key toggle for overtype was annoying and changed the default in 2007. The Insert mode is off.

Configure Windows XP’s MS-DOS Editor

Windows XP comes with another text editor besides Notepad — it’s called the MS-DOS Editor, and it’s commonly referred to simply as Edit. It has features similar to Notepad, as well as additional features such as the ability to work with multiple text files and change the background and text colors. Since Edit is a DOS-based application, you can easily configure it to work just like a Windows application. Here’s how:

1. Use Windows Explorer to locate the Edit.com file in the \Windows\System32 folder.

2. Right-click the file, drag it to your desktop, and select the Create Shortcut(s) Here command from the Shortcut menu.

3. Right-click the Shortcut icon and select the Properties command from the Shortcut menu.

4. Choose the Program tab and select the Close On Exit check box.

5. Click OK to finish.

Now you can double-click the Shortcut icon to launch Edit. When you’re done using it, you can close it by clicking the Close button in the upper-right corner or by using the Exit command on the File menu.

Note: This tip applies to both Windows XP Home and Windows XP Professional.

Wednesday, August 8, 2007

12 skills that employers can't say no to

The technology skills shortage is real, and so are the opportunities that come with it


Have you spoken with a high-tech recruiter or professor of computer science lately? According to observers across the country, the technology skills shortage that pundits were talking about a year ago is real.

"Everything I see in Silicon Valley is completely contrary to the assumption that programmers are a dying breed and being offshored," says Kevin Scott, senior engineering manager at Google and a founding member of the professions and education boards at the Association for Computing Machinery. "From big companies to start-ups, companies are hiring as aggressively as possible."

Many recruiters say there are more open positions than they can fill, and according to Kate Kaiser, associate professor of IT at Marquette University in Milwaukee, students are getting snapped up before they graduate. In January, Kaiser asked the 34 students in the systems analysis and design class she was teaching how many had already accepted offers to begin work after graduating in May. Twenty-four students raised their hands. "I feel sure the other 10 who didn't have offers at that time have all been given an offer by now," she says.

Suffice it to say, the market for IT talent is hot, but only if you have the right skills. If you want to be part of the wave, take a look at what eight experts -- including recruiters, curriculum developers, computer science professors and other industry observers -- say are the hottest skills of the near future.

1) Machine learning

As companies work to build software such as collaborative filtering, spam filtering and fraud-detection applications that seek patterns in jumbo-size data sets, some observers are seeing a rapid increase in the need for people with machine-learning knowledge, or the ability to design and develop algorithms and techniques to improve computers' performance, Scott says.

"It's not just the case for Google," he says. "There are lots of applications that have big, big, big data sizes, which creates a fundamental problem of how you organize the data and present it to users."

Demand for these applications is expanding the need for data mining, statistical modeling and data structure skills, among others, Scott says. "You can't just wave your hand at some of these problems -- there are subtle differences in how the data structures or algorithms you choose impacts whether you get a reasonable solution or not," he explains.

You can acquire machine-learning knowledge either through job experience or advanced undergraduate or graduate coursework, Scott says. But no matter how you do it, "companies are snapping up these skills as fast as they can grab them," he says.

2) Mobilizing applications

The race to deliver content over mobile devices is akin to the wild days of the Internet during the '90s, says Sean Ebner, vice president of professional services at Spherion Pacific Enterprises, a recruiter in Fort Lauderdale, Fla. And with devices like BlackBerries and Treos becoming more important as business tools, he says, companies will need people who are adept at extending applications such as ERP, procurement and expense approval to these devices. "They need people who can push applications onto mobile devices," he says.

3) Wireless networking

With the proliferation of de facto wireless standards such as Wi-Fi, WiMax and Bluetooth, securing wireless transmissions is top-of-mind for employers seeking technology talent, says Neill Hopkins, vice president of skills development for the Computing Technology Industry Association (CompTIA). "There's lots of wireless technologies taking hold, and companies are concerned about how do these all fit together, and what are the security risks, which are much bigger than on wired networks," he says.

"If I were to hire a wireless specialist, I'd also want them to understand the security implications of that and build in controls from the front end," agrees Howard Schmidt, president of the Information Systems Security Association and former chief information security officer and chief security strategist at eBay Inc.

But don't venture into the marketplace with only a wireless certification, Hopkins warns. "No one gets hired as a wireless technician -- you have to be a network administrator with a specialization in wireless so you know how wireless plays with the network," he says.

4) Human-computer interface

Another area that will see growing demand is human-computer interaction or user interface design, Scott says, which is the design of user interfaces for the Web or desktop applications. "There's been more recognition over time that it's not OK for an engineer to throw together a crappy interface," he says. Thanks to companies like Apple Inc., he continues, "consumers are increasingly seeing well-designed products, so why shouldn't they demand that in every piece of software they use?"

5) Project management

Project managers have always been in high demand, but with growing intolerance for over-budget or failed projects, the ones who can prove that they know what they're doing are very much in demand, says Grant Gordon, managing director at Kansas City-based staffing firm Intronic Solutions Group. "Job reqs are coming in for 'true project managers,' not just people who have that denotation on their title," Gordon says. "Employers want people who can ride herd, make sense of the project life cycle and truly project-manage."

That's a big change from a year ago, he says, when it was easy to fill project management slots. But now, with employers demanding in-the-trenches experience, "the interview process has become much tougher," Gordon says. "The right candidates are fewer and farther between, and those that are there can be more picky on salaries and perks."

The way Gordon screens candidates is by having on-staff subject-matter experts conduct interviews that glean how the candidate has handled various situations in the past, such as conflicting team responsibilities or problem resolution. "It's easy to regurgitate what you heard from PMBOK [the Project Management Institute's Project Management Body of Knowledge], but when it comes to things like conflict management, you start seeing whether they know what they're doing."

In one case, Gordon asked a candidate to describe how he'd go about designing a golf ball that goes farther by changing the dimples on the ball. "No one has the answer to questions like that, but it shows how they think on their feet and how they can break down a problem that's pretty ambiguous into smaller segments," he says.

6) General networking skills

No matter where you work in IT, you can no longer escape the network, and that has made it crucial for non-networking professionals, such as software engineers, to have some basic understanding of networking concepts, Scott says. At the very least, they should brush up on networking basics, such as TCP/IP, Ethernet and fiber optics, he says, and have a working knowledge of distributed and networked computing.

"There's an acute need for people writing applications deployed in data centers to be aware of how their applications are using the network," Scott says. "They need to understand how to take advantage of the network in their application design." For instance, to split three-tier applications among multiple machines, developers need to know how to build and coordinate that network. "People who understand basic distributed systems principles are very valuable," Scott says.

7) Network convergence technicians

With more companies implementing voice over IP, there's a growing demand for network administrators who understand all sorts of networks -- LANs, WANs, voice, the Internet -- and how they all converge together, according to Hopkins.

"When something needs to be fixed, companies don't want the network administrator to say, 'Oh, that's a phone problem,' and the phone guy to say, 'Call the networking guy,' " Hopkins says. "Our research has validated that there's a huge demand for people who've been in the phone world and understand what the IT network is, or someone managing the IT network who understands the voice network and how it converges."

8) Open-source programming

There's been an uptick in employers interested in hiring open- source talent, Ebner says. "Some people thought the sun was setting on open source, but it's coming back in a big way, both at the operating system level and in application development," he says. People with experience in Linux, Apache, MySQL and PHP, collectively referred to as LAMP, will find themselves in high demand, he says.

Scott Saunders, dean of career services at DeVry University in Southern California, is seeing the same trend. "Customer dissatisfaction and security concerns are driving this phenomenon, especially in the operating system and database markets," he says.

9) Business intelligence systems

Momentum is also building around business intelligence, Ebner says, creating demand for people who are skilled in BI technologies such as Cognos, Business Objects and Hyperion, and who can apply those to the business.

"Clients are making significant investments in business intelligence," Ebner says. "But they don't need pure technicians creating scripts and queries. To be a skilled data miner, you need hard-core functional knowledge of the business you're trying to dissect." People who can do both "are some of the hottest talent in the country right now," he says.

10) Embedded security

Security professionals have been in high demand in recent years, but today, according to Schmidt, there's a surge in employers looking for security skills and certifications in all their job applicants, not just the ones for security positions.

"In virtually every job description I've seen in the last six months, there's been some use of the word security in there," he says. "Employers are asking for the ability to create a secure environment, whether the person is running the e-mail server or doing software development. It's becoming part of the job description."

This, Schmidt says, mirrors the trend toward integrating security into companies' day-to-day operations rather than considering it an add-on role performed by a specialist. Companies will still need security specialists and subject-matter experts, Schmidt says, but more and more, every IT person a company hires will have to have an understanding of the security ramifications of his area.

Hopkins echoes that sentiment. "Every single certification we do now has an element of security built in," he says. "We keep getting feedback from the market researchers that security touches everything and everyone. Even an entry-level technician better understand security."

Saunders says DeVry University has responded to this demand by adding a security curriculum to some of its campuses throughout the U.S. "Companies are increasingly interested in protecting their assets against cyberterrorism and internal threats," he says.

11) Digital home technology integration

Homes are increasingly becoming high-tech havens, and there has been enormous growth in the home video and audio markets, and in home security and automated lighting systems. But who installs these systems, and who fixes them when something goes wrong?

To answer that question, CompTIA developed a certification in cooperation with the Consumer Electronics Association, called Digital Home Technology Integrator. "It's the hottest and most vibrant market we've seen in a long time," Hopkins says.

12) .Net, C #, C ++, Java -- with an edge

Recruiters and curriculum developers are seeing job orders come in for a range of application frameworks and languages, including ASP.Net, VB.net, XML, PHP, Java, C#, and C++, but according to Gordon, employers want more than just a coder. "Rarely do they want people buried behind the computer who aren't part of a team," he says. "They want someone with Java who can also be a team lead or a project coordinator."

Tuesday, August 7, 2007

Handling NULL values in SQL Server 2005

In the simplest terms, a NULL value represents an unknown value. It’s unknown in the sense that the value is: missing from the system, may not be applicable in the current situation, or might be added later. NULL values are different than any other value and are sometimes hard to compare and handle.

I think there will always be a debate as to whether NULL values should exist in a normalized OLTP environment. (Read a previous article for database normalization tips.) Academics typically argue that you should always normalize your schema to 3rd normal form, and this should take care of your data redundancies and missing values. However, it is typically impractical to normalize your SQL Server database all the way to 3rd normal form. It looks good on paper and would work great in an ideal world, but it usually doesn’t perform well because of the extra joins involved in accessing data you need.

So it begins to make sense to have a little bit of data redundancy and placeholders for missing data in the SQL Server database. (Using data redundancy to increase database performance is outside the scope of this article.) The issues with using these NULL values are: You have to handle them a little bit differently than other values; and there are some small performance implications.

A closer look at handling NULLs

Here’s a run-through of different scenarios that you will likely encounter in a production environment where NULL values are allowed.

Note: All NULL comparisons in this article are done under the context of the ANSI_NULLS ON setting, which is a database option that determines how NULL comparisons are handled. Under ANSI_NULLS ON, two NULL values will never be equal to each other because the two separate values are unknown. With ANSI_NULLS OFF, two separate NULL values will evaluate to equal values.

The following script loads the SalesHistory table that I will use for the examples. Take special notice of the CASE statement in the WHILE loop. The CASE statement assigns the value NULL for every other record inserted into the SalesHistory table where the product to be inserted is Computer. This is allowed because the Product column in the SalesHistory table allows NULL values. Also notice that NULL values are assigned to variables using the assignment (=) operator. While NULL values are assigned this way, NULL values are not interrogated in such a way.

IF OBJECT_ID('SalesHistory')>0    
DROP TABLE SalesHistory;
GO
CREATE TABLE [dbo].[SalesHistory]
(
[SaleID] [int] IDENTITY(1,1) NOT NULL PRIMARY KEY,
[Product] [varchar](10) NULL,
[SaleDate] [datetime] NULL,
[SalePrice] [money] NULL
)
GO

DECLARE @i SMALLINT, @Product VARCHAR(10)
SET @i = 1

WHILE (@i <=100)
BEGIN
SET @Product = CASE WHEN @i%2 = 0 THEN 'Computer' ELSE NULL END

INSERT INTO SalesHistory(Product, SaleDate, SalePrice)
VALUES (@Product, DATEADD(mm, @i, '3/11/1919'), DATEPART(ms, GETDATE()) + (@i + 57))

INSERT INTO SalesHistory(Product, SaleDate, SalePrice)
VALUES('BigScreen', DATEADD(mm, @i, '3/11/1927'), DATEPART(ms, GETDATE()) + (@i + 13))

INSERT INTO SalesHistory(Product, SaleDate, SalePrice)
VALUES('PoolTable', DATEADD(mm, @i, '3/11/1908'), DATEPART(ms, GETDATE()) + (@i + 29))

SET @i = @i + 1
END
GO

Now that I have data in my SalesHistory table, I can run queries to look at how NULL values are handled.

This query will return all rows from the SalesHistory table, where the Product column contains the value NULL by use of the IS NULL statement.

SELECT *
FROM SalesHistory
WHERE Product IS NULL

This query will not return any rows. This is due to the handling of NULL values in SQL Server. A NULL value is not equal to any other value, so I cannot use the equality operator here. This can be a bit confusing until you get used to it. Remember to use IS NULL when you are testing to see if a column or variable contains the value NULL.

SELECT *
FROM SalesHistory
WHERE Product = NULL

This query returns all rows from the SalesHistory table where the Product column does not contain the value NULL by using the IS NOT NULL statement. This is the direct inverse of the IS NULL statement.

SELECT *
FROM SalesHistory
WHERE Product IS NOT NULL

This query returns all records from the SalesHistory table. The query uses the ISNULL function on the Product column. For every NULL value in the Product column, the ISNULL function replaces that value with the literal string ‘Missing’. I use this function a lot when I need to compare columns with possible NULL values to other values. The value that you are substituting must be of the same data type as the field that may contain the NULL value.

SELECT ISNULL(Product, 'Missing')
FROM SalesHistory

In this query, I am aggregating the number of products sold and the sale price of the products by the Product column. NULL values are distinct values but are grouped together when aggregations occur on them, which can be a bit confusing. Notice the single record in the resultset for the NULL product.

SELECT Product, COUNT(*) AS ProductCount, SUM(SalePrice) AS ProductSales
FROM SalesHistory
GROUP BY Product

Any time a NULL value is present in a column that an aggregation is performed on, such as a COUNT, AVG, or SUM function, those values will be ignored and therefore not included in the functions result.

The following query will not compile because the fields that are referenced are missing from the SalesHistory table; however, it will work fine for showing the functionality of the COALESCE function. The COALESCE function returns the first non-NULL value in the field list that it accepts. The COALESCE function is very useful in a join operation or in queries where you are comparing a single value from a list of possible fields to a single value.

SELECT COALESCE(Product, ProductDescription, Product, 'Missing Info')
FROM SalesHistory

This query uses the NULLIF function, which returns the value NULL if the two values passed into the function are the same value.

SELECT *, NULLIF(Product, NULL)
FROM SalesHistory

Operations on NULL values

Since NULL values are unknown, operations on them typically require some extra processing. The following query returns a unique list of Products from the SalesHistory table, including the NULL record. As the list of values are returned, I am concatenating the literal string ‘Sold’ to the end of the Product value. On the record that returns the NULL value, this concatenation will not work correctly.

SELECT Product + ' Sold'
FROM SalesHistory
GROUP BY Product

I can use the ISNULL function from above to replace the NULL value with an empty string so that I can concatenate the ‘Sold’ value to the end. This example probably wouldn’t be that useful in a production situation, but it does illustrate that you need to take special care when you encounter NULLs in string operations. You should also take care of calculations on numeric fields that allow NULL values.

SELECT ProductType = ISNULL(Product,'Unknown') + ' Sold:' , COUNT(*) AS ProductCount
FROM SalesHistory
GROUP BY Product

Consider this when defining table structure and constraints

In SQL Server, if a UNIQUE constraint is defined upon a NULLABLE column, only one NULL value will be allowed in that column. It makes sense to me that the column should allow more than one NULL value because NULL values are distinct values. This is something to consider when you are defining your table structure and constraints. Perhaps Microsoft will fix this in a future version of SQL Server.

Did The Wall Street Journal sabotage businesses by publishing tips on how to circumvent IT?

In the Monday, July 30 edition of The Wall Street Journal, there was a special section on technology that led with the article “Ten Things Your IT Department Won’t Tell You” by Vauhini Vara. If you haven’t read the article, you should take a look because some of your users may have have already seen it, and as a result they may be engaging in activities that put themselves and your IT department at risk.

The Journal Report front page for Monday, July 30, 2007

Here is the list of the 10 items in Vara’s article:

  1. How to send giant files
  2. How to use software that your company won’t let you download
  3. How to visit the Web sites your company blocks
  4. How to clear your tracks on your work laptop
  5. How to search for your work documents from home
  6. How to store work files online
  7. How to keep your privacy when using Web email
  8. How to access your work email remotely when your company won’t spring for a BlackBerry
  9. How to access your personal email on your BlackBerry
  10. How to look like you’re working

Vara breaks down each item into four sections — The Problem, The Trick, The Risk, and How to Stay Safe.

Make no mistake, this article was extremely popular. The Wall Street Journal publishes its list of the Most Viewed and Most Emailed articles on WSJ.com for each day, and for July 30, “Ten Things Your IT Department Won’t Tell You” was one of only two articles that made the top five on both lists. It was No. 1 on both.

Sanity check

The problem is that the information in this article is unequivocally damaging for businesses and their IT departments, as well as for the users that The Wall Street Journal is supposedly trying to serve.

While I am generally a fan of The Wall Street Journal — and their tech coverage is typically rock solid — I was very disappointed by this piece. Although it did not reveal any information that couldn’t be found elsewhere, I don’t like the fact that the Journal spoon fed a bunch of dangerous tips to users and all but encouraged a quiet revolt against the IT department.

A few of Vara’s tips are fairly inocuous, such as “How to send giant files” and “How to clear your tracks on your work laptop.” In fact, many IT pros could pass those items to users along with some tips of when and how to use them. The large file issue can ease the burden on e-mail attachments and storage and the “clear your tracks” tip can be turned into a good privacy and security practice.

However, several of the other tips are dangerous to the point of idiocy, especially “How to use software that your company blocks,” “How to visit Web sites your company blocks,” “How to search your work documents from home,” and “How to access your work email remotely when your company won’t spring for a BlackBerry.”

The issue of showing users how to access software and sites that the company has filtered is a recipe for disaster. Often the stuff that is banned is banned because it can introduce spyware and malware to the system or it can bog down the computer and/or the network. When users find ways around that, they introduce significant security and privacy risks to the company and they can potentially decrease their own productivity by clogging up their machine with spyware and adware.

In terms of “How to search your work documents from home,” Vara recommends using Google Desktop to sync documents between a work PC and a home PC. That might be okay for a few consultants and small businesses, but it’s a terrifically bad idea for anyone in the corporate world (The Wall Street Journal’s core audience). The implications for privacy, confidentiality, and compliance are severe and very serious, especially if any of the files involved contain customer or finanacial data. Plus, there are easier ways to handle the issue that preserve security, such as a VPN connection and Remote Desktop from a home PC to a work PC.

And then there’s the issue of “How to access your work email remotely when your company won’t spring for a BlackBerry.” Forwarding work e-mails to personal e-mail accounts and devices — as the Journal article advises — is another potential disaster waiting to happen. It raises the same issues of confidentialy and compliance because when you forward all mail, it is very likely that you’ll end up sending customer data and corporate financial information to your personal accounts.

While the Journal article ostensibly shows some responsibility and restraint by including sections on “The Risks” and “How to Stay Safe” for each of the ten items, the author either does not fully understand all of the security and compliance risks involved or simply chose to make light of many of them. Either scenario is a strong indictment against the article.

The compliance issues, while mentioned in the article, are much more serious than Vara seems to realize because they can expose a company to major financial risk (in the form of fines, lawsuits, and legal fees). Likewise, the security issues are much more serious thatn the Journal article presents them. Hackers have gone professional (and in some cases joined forces with organized crime) and are out there looking for employees and companies to steal data from and use for blackmail or money laundering. The TJX security scandal could serve as a sober warning to that effect, once all of the details come to light.

While users often get frustrated with the IT department and the restrictions that it puts in place, the answer is not to train people how to make an end run around IT. In many companies, there’s already too much of a disconnect between IT and the rest of the organization because of the fact that IT often plays the role of a policeman — to serve and to protect.

The root problem that The Wall Street Journal was trying to address is that many users want and need to do some personal computing on their work machines and/or access work apps and data from their home machines or devices. That’s a reality that businesses and IT must face and must come up with some workable solutions.

Since many of today’s users access their e-mail and work during “off hours,” it’s certainly reasonable that they should also be able to do a little bit of personal computing during company time. There simply needs to be a safe and relatively easy way for them to do it. Some companies have solved this with separate virtual machines, using VMware or Virtual PC or a Web-based solution like G.ho.st. Other solutions need to be explored and big players such as Apple and Microsoft, as well as small vendors with creative solutions, need to all be involved. This will be an important part of the next generation of operating systems, devices, and a borderless information security strategy.

For The Wall Street Journal, which depicted itself as a “public trust” during its recent acquisition tug-o-war with News Corp, fueling a turf war between IT and its users is not the kind of journalism that meets the high mandate that it has set for itself.

For IT departments, the genie is out of the bottle on many of these tips and tricks that allow users to circumvent IT procedures. As a result, IT departments need to aggressively partner with employees, educate them on the severity of security and compliance risks, and find ways to meet the needs of users whose computing experience now overlaps between work and home.