Ayende @ Rahien

My name is Oren Eini
Founder of Hibernating Rhinos LTD and RavenDB.
You can reach me by email or phone:


+972 52-548-6969

, @ Q j

Posts: 6,630 | Comments: 48,356

filter by tags archive

Paul Wilson On OR/M vs. SP

time to read 1 min | 122 words

In an exceptionally written post, Paul Wilson drives at least a couple of wedges into the OR/M vs. SP arguments. Perhaps it is good that we are having the same conversation every four months or so, so far there have been at least a couple of new points brought up that I haven’t seen before.

The most interesting part in Paul’s post was when he talks about SP for security in the face of connection pooling. Since most application will use a single connection string to access the database, in order to utilize connection pooling, the security provided by stored procedures is meaningless. All the users of the applications map to the same user in the database. All with the same permissions.

How to enable posting from Word 2007 to dasBlog

time to read 1 min | 100 words

Apparently, there is a compatibility issue between Word 2007 and dasBlog 1.8.5223.0 (my version). I fixed it by getting the source from their (http://www.xml-rpc.net/), recompiling it, and then uploading it to the server.

For some reason dasBlog uses an unsigned version of the xml-rpc library, which meant that a mere binding redirect would not work (can’t change public keys this way). Since I was already compiling it, I also changed the version number to match the one that dasBlog is expecting, this saved the need to do a binding redirect.

If anyone else is interested with the file, ping me.

How to build an mission critical system

time to read 2 min | 239 words

The most mission critical system that I built was one to handle sentences calculations for my prison. The result of a failure in the system would mean that either a terrorist would walk away, or that an innocent guy will be in jail for no reason.

In both scenario, yours truly would have found himself taking a trip to the other side of the bars.

That is pretty mission critical, I say. Any software that can land me in jail is mission critical in my book, anyway.

The problem that I was never a developer in the army, so I had a really locked down computer, with no way to do anything to it (no USB, Floppy, CD, etc), the network was heavily monitored, etc.

That left me with a basic windows + office setup, to create my system. I put some thought into, and then wrote the whole thing in Excel and VBScript. It does reporting, calculations, warning, and whatnot. A scheduled task or two later, and I had scheduled report to HQ as well.

I has been two years since I had written this “system”, and it is still in use today. In fact, it got passed around to other prisons who are using it as well.

It is Excel, and the code there stinks (17 types of different warrants, and no OO for inheritance, welcome to the big CASE statement), but it actually never had a bug. Scary.

Outlook 12 RSS Support

time to read 3 min | 433 words

I wonder if I’m unique in my syndication needs. At the moment, I can’t really think of any one site that I regularly visit unless it has an RSS Feed and I want to see the comments.

I decided to import my 300 feeds list into outlook 12, and see how it handles it. There doesn’t seem to be problem with the size of the feed list, but I have several problems with the way the UI is handled compared to my favorite RSS Reader, RSS Bandit.

1.       It ignores categories. I’ll be the first to admit that my category list sucks (I got Australian bloggers in the Israel category, for instance), but it makes sense to me, and I have grown fond of it.

2.       There is no easy way to get a number of how many unread posts I have.

3.       There is no easy way to go through all the feeds from one feed to the other using the keyboard.

4.       It shows an image holder with some icon in it, which is bad since many aggregators are using 1x1 gifs to track readership. It is annoying to see the image and then have it disappear.

5.       No way to click on a feed and select Update.

6.       For some reason is show all the posts in my feed twice. It may be just the first time, but I’ll have to see


When I am reading blogs, I usually have to read about 80 – 120 posts, about 85% of them are full of technical content that can be hard to follow. About half the time I would think that the material is interesting but not relevant to what I do at the moment, make a note of it (in my head, not on paper or computer) and move to the next item.

This mean that such thing as clicking on a feed, scanning all the posts, and moving on is very important to me (newspaper style). I don’t see support for this in Outlook, which is a shame.

At the moment, I defined a search filter that bring me all the unread items from the RSS Feeds folder. With some custom grouping, I can get a very good sense of what is going on, and I can move between posts by pressing space. I guess that I can also do full screen viewing of posts and move between them (which would be cool).

Impressed by Outlook 12 Setup

time to read 1 min | 106 words

Okay, so I got around to setup Outlook 12 with my pop3 mail, and I give it my name and email, and click next. It spent some time thinking, and then it configured itself on its own. As someone who has gone through countless of those setups, this is very cool.

Since the server configuration is mostly standardized, it is easy to see how they do it, I even read somewhere that they give the server a way to hint to Outlook what the settings are.

It is easy of the surface (I'm sure that there are many pitfalls under the cover) and it is very sweet.


A Cool Aspect Of Integration

time to read 1 min | 62 words

While it looks like the MS products integration has hurt their agility, I like the results of this.

This mean that I can copy & paste class diagrams from VS to any Office product, this is very cool, and I had a thrill of excitement realizing that this works. I didn't consider that it might work, so previously I did using PrtScrn and Paint.

Making The Wheel Round

time to read 2 min | 221 words

Two days ago I posted about a nasty piece of code that I had to decipher.  The code was very simple to look at, just take the information in the transaction table and update the customers with the current transactions summary.

What everyone who commented (and me as well) missed is that this method is doing a bit more than just update the customers table with the transactions. It also zeros the transaction count / sum if the customer has no transactions!!!

I played with the code for hours before it came up to me.

I am pretty sure that this is an unintended side affect, but I had to duplicate it as well (not hard once I knew what the difference was).

The problem? The SP (the code I gave is in C#, because I refuse to write cursors on my spare time) run in Oracle, which has such a fabulous support for debugging, and a fantastic error reporting capabilities ("Procedure saved with errors." What errors? Oracle knows, but he wants me to pay before he will tell me. ARGH!)


The procedure run for three hours under  oracle using the cursor based logic, when I finally got the SQL version to work, it run for 22 seconds, and I know that I'm being inefficient there.

Advanced Uses For OR/M

time to read 5 min | 998 words

There is another holy war converging about the SP vs. Parameterized SQL  topic. I got into one not long ago, and I wouldn't get into this one if there wasn't some new stuff brewing in it.

Eric Wise started this with a The Pragmatic Adhoc SQL vs Stored Procedures Discussion, Jeremy D. Miller responded with Why I do not use Stored Procedures and then Eric posted a new post, this time with In Response To No Stored Procedures which has some new questions that I have not seen before.

1.       About the security, naturally, security is a multi layered approach. In the database, I would grant permissions to views or tables according to the user's need. Granting a SELECT permissions does not equals to letting the user SA access to the database, after all. I also tend to add another layer in the application level, which is completely transparent to my code and my business objects, you can see a high level overview here. Then there is the application logic itself.

2.  Transactional  Database Structures : A good coverage of the topic can be found in Roy 's What payroll system are a pain to design – Temporal data  and in Eric's "Transactional" Database Structures.  I am currently working on a big payroll system which is using NHibernate, and this issue is a major PITA. The problem is that both the relations between objects and the objects themselves are changed as time goes by.  We solved this issue by deciding that each object is the system is composed of Id, which cannot be changed, and a history, which contains immutable version of the data for a specific date. A highly simplified version of this will look like this:

This way, I can ask any object for a view of how it was in a point in time. The views also handle the associations, so if I ask an employee to see its view in 2000-12-31, I can easily get any data that I need without dealing with the complex timed model. For instance, if I want to check if the employee had a  car in a certain date, I can use this code:

EmployeeView employeeView = emp.For(new DateTime(2000,12,31));


    Console.WriteLine("The employee {0} had a car in {1}",
                    employeeView.Name, employeeView.Date);

This model translate very well into something NHibernate can handle. It reduce a lot of the problem that you have when you deal with such system, since  the infrastructure code remove a lot of the  problems that you get in such models. To set a new property, I ask the employee to give me its current status, change whatever I want, and then I give it back and saves. A new record is inserted to the database, and the employee's current state moves to the newest piece of data.

3.       OR/M in complex databases structures. The system above gets its schema from a main frame 30 years old or more, written by a bunch of guys that thought that transliteration Hebrew in English is fun (with spelling mistakes!). Enough said, I think.

4.       Stored Procedures makes TDD slower. The problem with SP and  TDD is that you don't get any seam to verify the expected behavior. I may have  a procedure that takes a long time to run, and I need to call it from another procedure that eventually calls that procedure, I'm in more than a bit of a bind. I can replace the long running procedure on the fly, and spend the rest of my life running from angry DBAs, but that about all I can do. There is no way to put mocks in the database. And database access takes time. Often a lot of time.




Note about security: If an attacker is in the position where he can run arbitrary code in your system, you are screwed no matter what. OR/M, ADO.Net or SP, he can make the appropriate calls to do whatever he wants.


Oh, and unrelated tidbit, in the last six months I wrote over 600 stored procedures (data warehousing project), so I feel confident that I know my stored procedures.


  1. Distributed compare-exchange operations with RavenDB - 10 hours from now
  2. I WILL have order: How Lucene sorts query results - about one day from now
  3. I WILL have order: How Noise sorts query results - 4 days from now

There are posts all the way to May 28, 2018


  1. RavenDB 4.1 features (4):
    22 May 2018 - Highlighting
  2. Inside RavenDB 4.0 (10):
    22 May 2018 - Book update
  3. RavenDB Security Report (5):
    06 Apr 2018 - Collision in Certificate Serial Numbers
  4. Challenge (52):
    03 Apr 2018 - The invisible concurrency bug–Answer
View all series


Main feed Feed Stats
Comments feed   Comments Feed Stats