tag:blogger.com,1999:blog-2607884204445547877.post4802343842326693921..comments2024-02-21T09:00:29.950+00:00Comments on Sprezzatura :: Making Databases Happen: Y2K Redux - Indexing Issues With Dates OR 20100 - A Search OddityMat O'Marahhttp://www.blogger.com/profile/13399126449062272733noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-2607884204445547877.post-57170356302798506462023-01-18T10:09:36.598+00:002023-01-18T10:09:36.598+00:00I don't think anyone is advocating for passing...I don't think anyone is advocating for passing un-verified criteria to Rlist from an untrusted source. The point here is that Rlist is a human-readable sentence parser, so it stands to reason that the data it's intended to work on is also human-readable. That fact that someone made it support internal formats as well as the human-readable ones is the problem, because now we have added a dose of ambiguity into the mix.<br /><br />Allowing humans to enter "raw" Rlist statements is perfectly acceptable in the correct context - allowing users access to TCL for example is a valid feature of many systems, but those are from trusted sources such as a user's workstation and not a web-browser. Captain Chttps://www.blogger.com/profile/11670880508839547673noreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-12631611968193603032023-01-17T22:41:20.912+00:002023-01-17T22:41:20.912+00:00"I think people look at this from the wrong w..."I think people look at this from the wrong way around, as if it's all designed for code. It's not. It's really designed for RLIST. The code is just there to make the sentence processing easier. That's why it's RTP18.ENGLISH. It's meant to happen in English."<br /><br />I disagree. If you allow humans to enter text into an rlist, and you don't check that text in your code, then you become vulnerable to rlist injection (like sql injection). So, you should never allow a human to enter anything into an rlsit without checking it in your code. T he simplest way to check the date is safe is to convert it to internal format to see if the conversion fails. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-91803456468956669152023-01-17T15:34:57.836+00:002023-01-17T15:34:57.836+00:00I'm going to assume these were all written by ...I'm going to assume these were all written by the same author.<br /><br />"Because keywords and dates are 99% of what people search for in rlist/btree extract. I've never searched on a monetary value except 0."<br /><br />We must work in very different industries.<br /><br /><br />"It's an arbitrary decision. But what's important is that what is allowed is well understood and that the system enforces it. "<br />"Probably what should have happened here is that rev should have added a patch that retained the current behaviour but created a log whenever an rlist failed to convert a date. Then people could have found out about it ages ago and fixed it ages ago. But where would rlist log the data to. OI doesn't really have a standardised place where it puts logs. It probably should though."<br /><br />I can't promise that it's well understood, but Revelation did release a technical bulletin about this in 1995, so around 27 years. This issue has been my bugbear for quite some time. There was a message thread on Rev's forum about this around a year ago, and I gave a pretty detailed explanation. Trust me, I've not been at all shy on talking about this. Not shy at all.<br /><br />Basically, the system works like this:<br /><br />The selection (or reduction, as it's called inside the system) criteria are parsed and broken down field by field. When the reduction values and dictionary fields are linked up, the system reads the dictionary and checks if there's an OCONV value. If there is, the system performs an ICONV using the OCONV setting and uses that value. If the ICONV value is null or failed, then the system uses the passed in value.<br /><br />The system always performs the check. If I remember correctly, the system stores off the passed value, does the iconv on the original, and then resets if it's a failure. So, if anything, the system is actually slower because of the additional assignment.<br /><br />I think people look at this from the wrong way around, as if it's all designed for code. It's not. It's really designed for RLIST. The code is just there to make the sentence processing easier. That's why it's RTP18.ENGLISH. It's meant to happen in English. It's all meant to be<br /><br />SELECT SOMEFILE WITH DATE_FIELD = "12-25-2020"<br /><br />and not<br /><br />SELECT SOMEFILE WITH DATE_FIELD = 20093<br /><br />or whatever the date is, because I'm not bothering to look it up because it doesn't mean anything to anything other than a simple way to track dates numerically to make it easier to do date math.<br /><br />The point is, they have this down at a low level of the system, so they don't have to do anything to the data until it gets all the way down to the reduction engine. At that point, it does the conversion. Otherwise, there would need to be separate code for the three basic selection syntax engines in Rev; RLIST (or ENGLISH, the internal name), the REDUCE routine and BTREE.EXTRACT. Even then, all index selects go into the various BTREE routines, which are all called through BTREE.EXTRACT, where the conversion occurs. (It's actually a bit more complicated than that, but this is a comment, not a tech article, and it's not really my place to give out the recipe for the secret sauce). It should be obvious that it's an unintended feature of the system that it ever works at all. I thought it was anyway, and that's before I looked through the code when I was at Rev.<br /><br />I don't know. You can code your systems as you want as you feel best. All I can tell you is how the system works and you can decide how efficient or inefficient you want your system to be.<br /><br />APKhttps://www.blogger.com/profile/00254978081937423680noreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-17257674900628902522023-01-16T22:59:53.511+00:002023-01-16T22:59:53.511+00:00Probably what should have happened here is that re...Probably what should have happened here is that rev should have added a patch that retained the current behaviour but created a log whenever an rlist failed to convert a date. Then people could have found out about it ages ago and fixed it ages ago. But where would rlist log the data to. OI doesn't really have a standardised place where it puts logs. It probably should though. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-14017685582139278662023-01-16T13:08:15.767+00:002023-01-16T13:08:15.767+00:00"What's so special about dates?"
Be..."What's so special about dates?"<br /><br />Because keywords and dates are 99% of what people search for in rlist/btree extract. I've never searched on a monetary value except 0.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-45235599778983442982023-01-16T13:02:18.556+00:002023-01-16T13:02:18.556+00:00"I'm of the very strong opinion that you ..."I'm of the very strong opinion that you should never use ICONV values in selects.<br />There's no reason for it."<br /><br />It's an arbitrary decision. But what's important is that what is allowed is well understood and that the system enforces it. <br /><br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-59726385530077164012023-01-12T23:11:09.589+00:002023-01-12T23:11:09.589+00:00I started out doing it as oconv. But then I had th...I started out doing it as oconv. But then I had the thought that I was wasting my time oconving it all the time, when I could just send in the raw, internal date. So, I tried that and it worked, so since then I have kept on not oconving it. So my instinct was to oconv it, but then I thought it was a waste of time, and because iconv worked, I went with it. joshnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-59403553744734335092023-01-12T21:29:26.123+00:002023-01-12T21:29:26.123+00:00Is this the same bug that grounded all aircraft an...Is this the same bug that grounded all aircraft and affected the NOTAM system this week perhaps?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-83941222305740196142023-01-12T20:05:57.011+00:002023-01-12T20:05:57.011+00:00Revelation will net be writing a patch for this. W...Revelation will net be writing a patch for this. We do not have a solution that works 100% of the time. <br />Thanks-<br />Mike Ruane, Revelation SoftwareMike Ruanehttps://www.blogger.com/profile/18282903252042532796noreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-69110384672862189752023-01-12T16:23:16.544+00:002023-01-12T16:23:16.544+00:00I'm of the very strong opinion that you should...I'm of the very strong opinion that you should never use ICONV values in selects.<br />There's no reason for it.<br />The conversion code is only executed once so any perceived speed hit is inconsequential.<br />Creating shadow dictionaries on indexed fields is just asking for trouble, or duplicating the index. There's just no reason for it, other simply being able to pass internal values inside your code.<br /><br />I've posted about this many times in the past, and always ask this same question. Why should the system jump through hoops to allow you to pass an internal date, when no one would ever think of passing an internal value for an MD2 field or other conversion. It's only dates people want to pass internal. What's so special about dates?<br /><br />It's just a bad idea all around, but I've love to hear the reasons for doing it this way.Aaron K (Sprezz)noreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-84087730290101939932023-01-12T15:29:44.496+00:002023-01-12T15:29:44.496+00:00It's a tough call. A fix was made to AREV when...It's a tough call. A fix was made to AREV when the code base split to OI and AREV (as alluded to in the KB article) but you'd be altering 30 years of behaviour and who knows what that might break down the line? Rock and a hard place I'd say. I just wrote a quick program to scan our client's code, identify all btree.extract calls, parse out the variable and scan backwards to its assignation. Put all of that info into a spread sheet and quickly identified that I only had a few programs to manually check.Sprezzhttps://www.blogger.com/profile/08866141305592910267noreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-6054594637504940132023-01-12T15:27:15.201+00:002023-01-12T15:27:15.201+00:00Very helpful blog posting. Please note as well th...Very helpful blog posting. Please note as well that the same issue applies to r/list statements - if you are used to using internal dates for search/selection criteria, you will have the same problem with incorrect results being returned. You MUST use externally formatted dates for date field comparisons in r/list as well - if you want to use internal date values instead, you should create a dictionary field that does not have a D conversion code and use that for your selection/search criteria...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2607884204445547877.post-65196750727809158812023-01-12T15:06:10.157+00:002023-01-12T15:06:10.157+00:00We ran into this problem yesterday. Could Revela...We ran into this problem yesterday. Could Revelation write a patch to BTREE.EXTRACT to account for 01/11/2023 issues?Anonymousnoreply@blogger.com