the life and times of endenizen » 2006 » September

Today I wrote my first stored procedure. It was pretty exciting. I grew up with MySQL and it has finally grown up too. Joining the ranks of IBM’s DB2 and MS SQL, MySQL now allows the usage of pure fanciness (that’s the one-word summary of everything you can do with stored procedures). Now, don’t be mistaken, my stored procedure was anything but fancy. In fact, it was a “Hello World!” of sorts (and if you’re not familiar with that and you’re still reading, well you must really like me because this is probably going way over your head…).

Stored procedures are most popular with admins who need extra speed and security, and less network traffic. A bank, for instance, may use a stored procedure rather than exposing the database code used to execute a query to prevent anyone from modifying that query before it is sent to the server. Using a stored procedure, the query would be stored on the server and referenced with a procedure name. The only code the end-user (the web-developer, or an evil hacker) would be allowed to change is the parameters they pass to the procedure. Here’s a real example:

Moving money from one account (frank) to another (bob) may look like this:

INSERT $5 INTO bob SELECT $5 FROM frank

If I was a developer, I might perform evil magic by changing this to:

INSERT $4.99 INTO bob INSERT $0.01 INTO brian SELECT $5 FROM frank

Clearly this is a bad idea, because a penny is large enough to notice, but say I were selecting much smaller amounts from a much larger pool of transactions… it would be like taking pennies from the tray. Not the jar, that’s for the crippled children. The tray is for everyone.

Using a stored procedure the code (which is stored on the database, never to be changed) might be:

PROCEDURE transfer (to, from, amount)
INSERT INTO to SELECT amount FROM from

Now, the developer has to run a procedure and the procedure may only be passed two accounts and an amount. Presuming the bank went so far as to log each transaction, this would mean any malicious activity would show up because it would have to be a performed in a separate transaction. For the evil hacker, the most they could do is a SQL injection to modify or add parameters which, in this case, would be much less of a problem than if they could add on their own queries.

Security is only one of the many benefits of stored procedures, and most DBMSs have had them for years. Before version 5.0, MySQL didn’t have any stored procedures and therefore didn’t occupy much of the financial, or otherwise important, sectors of the IT market. That’s not to say MySQL’s use in these areas will now increase dramatically, but certainly more database administrators will weigh MySQL’s benefits as a clear competitor with costly alternatives like MS SQL.

Disclaimer: Don’t try this example code at home, it probably won’t work and was only used for very simple illustration. There isn’t actually a way to move money in a bank by referencing $5, that’s just dumb. Also, I don’t really have a ton of stored procedure experience (hence the “Hello World!” comment above) so as always, do your own research and see what works best in your situation.

There was no rebellion. There was no boycott. All that’s left is settling dust and fading energy towards a virtual cause in a dark corner of the internet. Mark Zuckerberg (creator of Facebook) has responded in an open letter to the community saying they were sorry to have rushed the changes without much explanation or control. Today, new changes were implemented which allow users to remove some of the actions that are recorded on the News Feed. I’m happy about these changes. In part because I didn’t want to see the News Feed go, and in part because I did want to see the anti-Feed groups go. At least, I hope that all the groups disband but some of their demands are a little more serious…

FACEBOOK EITHER CHANGE YOUR STALKERISH WAYS OR WE (ALL STUDENTS) LEAVE

If News Feed is still on my Facebook in October, I’m gone!

I’m deleting my account in 30 days if facebook still has the feed feature

Sept. 12 The Day Without Facebook

Of course, to believe anything you read on Facebook is kinda silly, except personal information. That’s usually true. Facebook harnesses the mob mentality that works so well for protests and spits it out in a one-click fashion that requires less effort than, say, marching on Washington. You don’t even have to lift a finger to show how dedicated you are to your cause. Well, I guess you have to lift one finger, but it’s probably on it’s way down from your nose anyway so that’s almost zero extra effort. Some new groups have formed on Facebook to harness this pure people-saving energy for such causes as AIDS research, cancer research, donating to starving children in Africa. Actually… I don’t suppose there’s a way to tell if people are doing anything after joining the groups, but at least they’ve put part of their precious profile space aside for a new group with a noble cause. Or noble intentions, anyway. Or noble idle thoughts, perhaps… Or boredom.

It’s true, I may be prejudiced towards college and high school students now that I’ve graduated but, can you really blame me? I mean, do you believe that fighting for modifications to a website is really worthy of being called Generation Y’s way to stick it to the man? Is this our big moment? The war protests, strikes, sit-ins, women’s rights, all rolled up into an internet phenomenon at the click of a button? Is our cause so great? Were their causes so trivial?

This is all very strange. Especially after reading that last paragraph. People actually do believe these things. News stories are popping up everywhere claiming this is the mobilizing force for the youth of America, the kick in the pants to get students hungry for change. That just boggles my mind. My mind… is terribly boggled.

I hope this is my last post about Facebook for a long time. I’d be plenty happy using the service in silence without hearing about 20 new groups that my friends are joining because they “hate the new Facebook.” I’d also be plenty happy not using the service at all. Well, if it wasn’t for all the people…

This is worse than I thought. The group I mentioned earlier with 10,000 users is now beyond 300,000. The message on the group page would have you believe that the privacy of users is at stake. I assure you, this is not the case! As Mark himself has posted:

We didn’t take away any privacy options. [Your privacy options remain the same.] The privacy rules haven’t changed. None of your information is visible to anyone who couldn’t see it before the changes. If you turned off your wall to non-friends, no one who is not your friend will be able to see a post on your wall. Your friends can still see it; it hasn’t changed. Secret groups and secret events remain secret from other people. Pokes and messages remain as private interactions. Nothing you do is being broadcast; rather, it is being shared with people who care about what you do—your friends.

In other words, the only change is that you don’t have to click through everyone’s profile to see changes. I feel like I’m repeating myself but I’m just in awe at the level of ignorance these changes are promoting. Here are some of the things many users thought were true after the new changes:

1. You are told when someone removes a friend or turns down a friend request.

2. You are told when someone messages someone else.

3. You cannot hide or remove this information.

In regards to 1, you are never told when someone turns down a friend request or removes someone from their friends list. 2, messages are private and are shared only between the sender, and the receiver. No one will ever know when you send a message to someone else. And finally, in regards to number 3, you can delete any notification easily from your profile page. What you see on your profile page is exactly the information which is put into the news feeds of other users. If you prefer to not see what’s going on with your friends, you can choose to hide the news feed, and it will never show up.

The main impression I get from most of the anti-Facebook groups (which is, in itself, quite ironic… especially the ones hoping to start a boycott) is that they don’t understand what Facebook is for.

Facebook is not like MySpace. The information in Facebook is shared, at the most, with your friends and everyone in your school and at the least with absolutely nobody. That’s right, you can have a Facebook profile and no one in the world will ever know. This wouldn’t be very fun, but if you’re really concerned about internet stalkers, you should play it safe. So, above all, we have a basic level of privacy. Let’s not forget that. Anonymous internet stalkers may be on Facebook, sure, but hopefully you don’t “friend” everyone in sight just to raise the number of friends on your list. This is sort of a philosophical difference between Facebook and MySpace. Though I don’t think it has caught on too well.

On MySpace, you friend everyone. Your friends, everyone from your high school class, all the bands you like, all your friends-friends, all the hot chicks who try to make even more friends… everyone. Some don’t follow this rule but friending is even beside the point. You don’t need to friend people to see most of the information in their profile. Unless they choose otherwise, everyone on the internet can see everything right away.

On Facebook, we see something a little different. The default privacy settings allow anyone from your school to see your profile. This is fine for most people. After all, plenty of that information would be available from the school’s website anyway (though that’s not a reason to have it available elsewhere). Outside of the school, people can only see that you exist. Many users take advantage of more restrictive privacy settings and don’t let anyone but friends see their profile. I think this is awesome.

Social networks that have strict standards of privacy and keep information secret between the users of the network are the ones that will last. If the news feed on Facebook shares anything about life on social networks, it’s that users trust too many other users with personal details about their lives. If you find yourself reading details about how so-and-so is now single again and you’ve never even met the person… it might be time to go through and clean out your friend list because you probably wouldn’t want them to read about your online life either. Keep in mind, no one, I repeat no one, will see that you unfriended anyone on Facebook.

If you can’t deal with the new changes, I encourage you to boycott Facebook. I hope they don’t remove the new features though. This “increased stalker potential” that many are talking about is completely inane. If you’re friends with stalkers, they already have access to this information! Solution: Don’t be friends with stalkers! If you don’t trust someone enough to let them see this information, you shouldn’t be friends with them. Simple. No need to complain that “stalkers are having their jobs made easier” just use a different service that doesn’t reveal so much to your “friends.” Either that, or actually think about who are your friends before letting them into your Facebook circle.

Kudos to everyone who’s creating and joining meaningful groups to discuss the new Facebook changes. The anti-Facebook groups are just kind of silly and I hope those people end up leaving. They never would, of course, but it would make the place a lot nicer to visit without all the complaining.

Facebook recently unveiled new features which fundamentally change the whole purpose of the website. Or do they? Many users were upset with some of the changes, namely a “News Feed” on every user’s profile page which gives them a run-down of recent activity throughout their friend network. Why should this cause an uproar? Well, it totally throws away the idea of privacy and lets anyone see anything! Well this isn’t true either, though some would have you believe it is. However, it is much “easier” to get this information now so those who already had little else to do are probably upset that their favorite pastime can now be completed in a few clicks.

In getting “more web2.0″ (as I like to claim) 90% of the users (I just made that number up) can now retrieve all the information they need with a simple visit to their homepage. No clicking through and looking at everyone’s profile to see who put new pictures up, who joined a new group, and of course, who is dating who… Online petitions have been sighted and groups within Facebook itself are rising up against the new changes. One group has over 10,000 members already. It’s hard to breathe when I try to consider how out-of-their-mind bored ten-thousand people must have been to protest new enhancements to their favorite website. Of course… I can also recognize the fact that 10,000 people is only a fraction of the notorius Facebook-stalkers who had their favorite game ruined. I can imagine it’s like being told the cheat codes to a new game or the ending to a movie when no one asked if you wanted to know. They just can’t handle how easy it is to know what all of their friends are doing, what music they listen to, what their political views are even… what they are thinking. (If I were in a movie, this would be the part where the overly dramatic DUN-DUN-DUN blasts you back in your seat).

Seriously. Stop whining. Facebook is not trying to be like MySpace. They haven’t lowered the privacy level of anyone. If anything, these changes will make people realize that other people see what they do on social networks. Imagine that, thinking before you post those pictures from your party last night. Speaking of which…

Ah for crying out loud! No one has done anything since the last time I hit refresh… now what the hell am I gonna do with my time.