voiceofthedba's podcast

Categories

Editorial
general

Archives

2017
January

2016
December
November
October
August
July
May
March

2015
November
September
March
January

2014
December
September
July
May
April

January 2017
S M T W T F S
     
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

Syndication

We are seeing changes to the SQL Server platform every month in Azure. Since that's the same codebase used to product SQL Server on premise, that means the enhancements are not only being tested in the cloud, but they are available for release on a regular basis. SQL Server has been on a two year release cycle for major versions, but things are speeding up and I expect a new version (SQL Server 2017?) around a year after the last version (SQL Server 2016) was released.

My thoughts are that this cadence will mean that many of us with more than a dozen servers will end up supporting more versions of SQL Server in the future. New applications will want newer versions, as do the employees, but there isn't always a business case to upgrade all the older instances. If we were to see new versions every 18 months, given a 5-7 year life cycle (the standard support time frame) for database servers, I would expect that many of us would be always supporting the last 4-5 versions of SQL Server. If we go to a ten year life cycle (may be more realistic to me), then we would be looking at 6-8 versions.

Read the rest of "Legacy Limits"

Direct download: legacylimits_11_v1440.mp3
Category:Editorial -- posted at: 9:00pm EST

When I first looked at PowerShell, it was v1.0, and I was in a TechEd presentation. The language seemed a mile past the VBScript I was using when T-SQL didn't function well. The ability to access the .NET namespace, work with objects, and program with error handling was exciting. I played with the language a little, but didn't find that many places to use it at the time. Certainly file operations were much easier with PowerShell, and I built scripts to copy backup files around the network. AD operations were easy in PoSh. However, when I tried accessing SQL Server, I thought the code was complex. In fact, whether I was running a stored procedure, or performing a restore, the PowerShell code required was cumbersome. A good example is shown at the beginning of Aaron Nelson's recently updated post on querying with PoSh. The complexity shown to just make a connection to PoSh made me think I should just write that kind of code in C#, with all the debugging and other software support available in Visual Studio. Building quick utilities with PoSh was something I'd like to avoid.

Read the rest of The (Former) Complexity of PowerShell

Direct download: complexposh_13_v1442.mp3
Category:Editorial -- posted at: 9:00pm EST

I was listening to a DevOps podcast from Josh Corman, of Rugged Software. Rugged Software aims to improve security by asking developers and sysadmins to adhere to their manifesto, which recognizes both the importance of software in the modern world, as well as the problems associated by not properly securing and patching software. These are duties that both developers and administrators should perform in their respective roles.

The goal of the Rugged Software is to promote best practices and constant vigilence to create and deploy secure code, and ensure that software installations remain that way. This isn't a security state, but rather a process. A way to approach software development, deployment, administration, and maintenance to improve the security of our computer systems. This maps nicely to a DevOps approach to software development, with a focus on security. The ideas here include not just patching, but fixing underlying issues, learning from mistakes and from other organizations, improving the skills of their developers and administrators. This is a holistic approach to ensuring security.

Read the rest 0f "Delaying Patches is Problematic"

Direct download: Delayingpatches_10_v1439.mp3
Category:Editorial -- posted at: 9:00pm EST

There's a saying in the data world: garbage in, garbage out. We use that when we can't get good information from our database because the data we've stored isn't as useful as we would like. That's a problem, and it's one reason why data professionals want to spend time thinking about the data we need to collect and how to store it. We want to be sure that we've at least made an effort to collect useful data that someone will use.

We sometimes have the data we need, but still struggle to use it effectively. I think this is an area where machine learning and similar technologies may help in the future, but there is a lot of work to be done to allow most of us to take advantage of those tools. In the meantime, many of us make do with basic T-SQL to perform data analysis, generate reports, and provide the answers to questions. When we do so, it's important that our queries actually work correctly to answer the questions we need.

Read the rest of "Writing the Correct Query is Important"

Direct download: correctquery_9_v1438.mp3
Category:Editorial -- posted at: 9:00pm EST

I wrote a post about finding the port number of a SQL instance using PowerShell. Almost immediately I was taken to task by someone that noted port scanners can easily find SQL ports, so it's silly to move off 1433. Just use it because applications expect it. I can see that, and changing ports doesn't provide much security, but it does provide some obscurity, which may or may not be helpful. Certainly this also creates administrative and support burdens for a system. If you want other opinions, there's a Q&A on Stack Exchange for this topic as well.

Tom LaRock wote a post that this can be a way to obfuscate your database, prevent simple default connections, and potentially detect security issues before they become a problem. I tend to learn towards this approach as well, because these small changes can potentially provide a little protection. A port scan is quick, but firewalls are getting better at detecting these. Certainly criminals get smarter, but changing a port number isn't intended to stop everyone. If it stops a few, then that's fine.

Read the rest of "Securing Your Instances"

Direct download: secureinstance_8_v1437.mp3
Category:Editorial -- posted at: 9:00pm EST

It seems there is no end to the insecure ways in which people manage data. I haven't seen this one before, but I'm sure it's happened. In fact, I bet it's happening right now in more than one company. A company was using rsync to keep data files copied between two insecure servers. Insecure because of a lack of username and password on the systems. In this case, the problem was a subcontractor that dealt with confidential US military personnel data.

I appreciate that many of you are talented scripters that solve problems and build great solutions. I wonder how many of you actually think about security and the potential implications of small mistakes in configuration that others might make. When you build that PoSh script to copy backup files, are you ensuring the transfer takes place in a secure manner? Do you assume that because you use an IP address or server with no DNS entries to receive data that no one else can find it?

Read the rest of "Backup Data Security"

Direct download: backupsecurity_7_v1436.mp3
Category:Editorial -- posted at: 9:00pm EST

You're not excited by Linux. At least most of you in this community aren't excited. A recent poll we ran showed that nearly two thirds of the people answering aren't interested in even evaluating SQL Server on Linux. That's an interesting result because in some groups I've spoken with, quite a few people are excited by the prospect of using a different host platform for their database.

When Microsoft first announced they were going to run SQL Server on Linux, I was excited, mostly because I think this means more applications and organizations would consider using SQL Server, which I think is a fantastic platform. It's been the platform of choice for my entire career. However, from a business perspective, I wasn't sure if this was a great idea. After all, Microsoft may reduce their revenue from Windows licenses if a large number of people moved to Linux for their underlying OS.

Read the rest of "Not Excited by Linux"

Direct download: excitedlinux_6_v1435.mp3
Category:Editorial -- posted at: 9:00pm EST

At the db-engines.com site, SQL Server was named the DMBS of the year. This was the site's choice based on a measure of how popularity changed from Jan 2016 -Jan 2017. Apparently SQL Server grew in popularity in a number of ways, including job offers and LinkedIn profiles, but also with various search engine metrics and forum discussions. A few people have noted that SQL Server isn't the most popular DBMS, as Oracle and MySQL are above it in January 2017. However, the change in score was dramatic for SQL Server, with MySQL a close second.

Perhaps Microsoft's embracing of open source is a reason why SQL Server is growing in popularity. That's what some people think. With the announcement of SQL Server on Linux, as well as the regular commitments they make to Github, where Microsoft is the largest contributor. Microsoft has had a place for open source projects, CodePlex, for years, but now they have an open source site as well where they have numerous announcements and resources about how one might integrate some of the open source products with their closed source products.

Read the rest of "SQL Server is Getting More Popular"

Direct download: sqlserverpopular_5_v1434.mp3
Category:Editorial -- posted at: 9:00pm EST

What do you think will happen in the database world in 2017?

That's a question I want to ask you today, the last work day of 2016. When most of us come back to work next week, a new year starts, though it won't really mean much to most of us. We'll continue on with the projects we've been working on, managing the same systems and dealing with similar issues to those we face today. Budgets may reset, which could be a good thing if you can find a way to divert some of that money for your own training or pet project use. In general, next week will just be a continuation of the work many of us have been doing.

If I look forward and try to imagine where 2017 will take us, I envision focus in a few areas, and perhaps a few things that won't change. As much as I find the progress our industry has made in the last ten years amazing, I also think that year to year we tend to make small changes. It's rare that a huge advance in computing drives us forward. Usually we can see the technology emerge, gain momentum, and then grow very quickly. That happened with SSDs. The first models were exciting, and expensive, but also prone to failure and burnout. Across a few years, quality improved, prices dropped, and all of a sudden most new machines now use SSDs. In fact, it seems most people working with databases wouldn't consider purchasing hardware without at least some SSD storage.

Read the rest of "What Will 2017 Bring?"

Direct download: lookingto2017_160_v1429.mp3
Category:Editorial -- posted at: 9:00pm EST

We're coming to the end of a crazy year. 2016 has seemed to be one of the craziest of my life with world events like Brexit and the US election as well as an astounding number of data breaches. More people who impacted my life passed in 2016 than in any other year I can remember, and I traveled far, far too much this year. Quite a change from the beginning of the year when the Denver Broncos won SuperBowl 50. 2016 has also been a very interesting year in the data world.

Certainly the release of SQL Server 2016 was exciting for many of us. For the first time since 2012, or really since 2008, I thought this was a true, major release of the platform. I was surprised and pleased by the amount of features added and improvements made to this version. I very much liked to see the inclusion of a number of security features. While some of these need some maturity and work, they do bring us some additional capabilities that I think start to help us implement better data protection for our database systems.

Read the rest of "Looking Back at 2016"

Direct download: lookingback_159_v1428.mp3
Category:Editorial -- posted at: 9:00pm EST

1 2 3 4 5 6 7 Next » 7