A new global threat: Meltdown and Spectre

Yes, the post title is singular, but there are two threats. It’s a joke, because both are kinda similar. In this day and age, we all should be familiar with the importance of digital security. Almost every year there are some brand new virus or bad-bad programs being released in the wild. You have to keep vigilant but at the same time don’t panic.

So this is a quick blog post to gather some resources on the newest threats that are so famous today. Take a moment to read throught it if you want more details, but if not just make sure to help us apply the updates as soon as they become available.

Understanding Meltdown & Spectre: What To Know About New Exploits That Affect Virtually All CPUs

Critical SQL Server Patches for Meltdown and Spectre – SQLServerCentral

Quote from Steve Jones, from SQLServerCentral:

It’s Time to Patch and Upgrade

By Steve Jones, 2018/01/05

I don’t want to be chicken little here, but the Meltdown/Spectre bugs have me concerned. I don’t know the scope of the vulnerabilities, as far as exploits go, but I do know the lax ways in which humans interact with machines, including running code, opening untrusted documents, and just making silly mistakes. No matter how careful you think you are, can you be sure everyone else in your organization is just as careful? Are you sure they won’t do something silly from a database server? Or do something from a server (or workstation) that has access to a database server? Or use a browser (yes, there’s an exploit)

PATCH your system, soon.

Vulernabilities in hardware are no joke, and even if you think you’re fairly safe, it’s silly to let this one go by and assume you won’t get hit. The advent of widely deployed scripting tools, botnets, and more mean that you never know what crazy mechanism might end up getting to your database server. Is it really worth allowing this when you can patch a system? This is a no brainer, a simple decision. Just schedule the patches. With all the news and media, I’m sure you can get some downtime approved in the next few weeks. After all, your management wouldn’t want to explain to their customers any data loss from this any more than you’d want to explain it to your boss.

We’ve got a page at SQLServerCentral that summarizes the links I’ve found for information, patches, etc. I’m sure things will change rapidly, and I’ll update the article as I get more information. The important things to note are that not all OSes have patches yet, and there are situations where you might not need to change anything. That’s good, as there are some preliminary reports of patches causing issues with performance (degrading it) for PostgreSQL And MongoDB systems. I did see this tweet about no effects on SQL Server, which is good, but YMMV.

Most of us know patching matters, and we need to do it periodically (even if it’s a pain), however, many of you are like me in that you rarely upgrade systems. Once they work, and because I have plenty of other tasks, I don’t look to necessarily upgrade a database platform for years. One downside to that is that a major vulnerability like the Meltdown/Spectre attacks is that patches likely won’t come out for old system and versions of SQL Server. That is the case here.

That means that if you’re on SQL 2005-, or even on older Windows OSes, you might really consider planning an upgrade. Even if you aren’t overly worried about this exploit, you won’t want a vulnerability to live for a long time in your environment. You never know when a firewall will change, server will move, or some malware will slip through (did I mention the browser exploit?). Plan on an upgrade. I’ve started asking about accelerating our upgrade plans, and you might think about that as well. I know management doesn’t want to spend money unneceesarily, but this feels necessary, and a good time to refresh your system to a supported version.

In general I like to delay my patches slightly from the world and not be on the bleeding edge. That’s fine, but don’t wait too long with this one. I would hope that most people get systems patched in the next month. If not, don’t expect any sympathy if you lose data.

Keep calm, patch your systems and…
dont panic

Advertisements
Posted in Uncategorized | Tagged , | Leave a comment

Kicking off 2018: thoughts on Cloud databases

It has been a while since I posted articles here, with a whopping 2 posts over the entire 2017 year (pun intended). To kick-start 2018, firstly I would like to wish happy new year to all dear readers.

And secondly I would like to ask: do you know what you want from the Cloud for next year? When designing applications or systems considering the newest options on the market, you have to consider lots of new information too. Some might be harsh on you after the implementation. I hope the below article is good to help you make a good decision on the database part of your next projects.

Enjoy the reading!

Why Amazon DynamoDB isn’t for everyone – How to decide when it’s right for you

cya!

 

Posted in AWS, Cloud | Tagged , | Leave a comment

Back to basics: a New browser with a familiar feel.

Over 15 years have passed, and here it goes again: a new browsing experience hits me! It is fun how something that is now so trivial can still surprise you. I am browsing all day, be it to perform work, search things, writing about work (I’m looking at you, e-mail) or even here. Welcome Vivaldi !!!

The deal is that I am a power-user, doing multiple things all day, and running heavy software (like databases, virtualization or server management stuff) at the same time that I need to have a bunch of browser tabs open to see what needs to be done (or send evidences of what I just did).

For my profile, I discovered that 4 CPU threads and a SSD system drive is a hard requirement, as my productivity is heavily impaired in any system missing both. And recently I also discovered that 12GB of RAM is a must. Unfortunately my current working machine has only 8GB of RAM, which will lead to frequent out-of-memory warnings and the eventual freeze of any app or the OS itself.

As the multiple browsing tabs are usually eating most of the RAM, I gave a try to diverse recent browsers to replace Chrome and its infinite hunger for memory – IE, Opera, Firefox and Neon. All had something missing or actually used more memory.

Even my beloved Opera had it’s quirks today, even considering I remember it’s version 5.10 as being revolutionary back in 2001 – yeah, I was one of those very few users who first saw tabbed browsing, and was in love with mouse gestures. You can check the first link on this post to confirm the release date and features of each Opera version to check for yourself. It’s a shame Opera could not keep up to it’s name recently, as they cut a lot of hardcore functionality in favor of simplicity. But just today I discovered Vivaldi browser, and it’s creator was part of that amazing team back in the 90’s!

Anyway, just a few minutes after finding this out, Vivaldi is up and running and I’m writing this post on it. It’s using about 190mb of RAM with 6 tabs open, while I left Chrome open for the same amount of time with just 2 tabs and it climbed from 250mb to 260mb consumed while being in the background (this is for the highest-consuming tab, of course you have to consider all but it’s a great starting point).

And Vivaldi is doing this while feeling faster, reviving my mouse gestures (try it, it’s amazing) and still bringing something new to the table: page tiling. See it for yourself:

This was a really great surprise, let’s find out what other treats this team has in store for us. Seriously, try it now!

Cya!

Posted in Uncategorized, Windows | Tagged , , , | Leave a comment

Some SQL Server performance goodies

Hi folks. It’s been a long time, but Databases Never Die (this could be a movie name, don’t you think?). Below are a few performance articles to think about performance.

First one is SQL on Windows vs. SQL on Linux. Some interesting numbers here: http://www.sqlservercentral.com/articles/vnext/152671/?utm_source=SSC&utm_medium=pubemail

Then some tips about compression, this is really worth checking: https://sqlperformance.com/2017/01/sql-performance/compression-effect-on-performance

And finally some index goodness. Indexes are Always a good thing to learn more about: http://www.sqlservercentral.com/blogs/confessions-of-a-microsoft-addict/2017/02/08/dba-101-what-you-may-be-missing-with-missing-indexes/?utm_source=SSC&utm_medium=pubemail

cya!

 

Posted in Uncategorized | Leave a comment

SQL Server 2016 Management Studio Download

It’s that time of the year. No, I’m not talking about christmas, I’m talking about new product cycles from Microsoft. For SQL Server it usually happens on even years, it’s 2016 so this year we have a new SQL Version. And if you need to manage any new server, you need the most current SQL Server Management Studio too.

This post is about SSMS, not the features of SQL 2016 (wich are awesome, but will be posted separately). This is the first time we get a dedicated product portal for SSMS, take a look at: https://msdn.microsoft.com/en-us/library/mt238290.aspx . This version is really great, and the portal is updated with new versions frequently. It’s the first time I feel comfortable using a newer version to manage all my servers (running several old versions of SQL Server).

Anyway I always give a direct link to the english version (the only one you should ever consider, if you work with IT), so here it goes: http://go.microsoft.com/fwlink/?linkid=832812&clcid=0x409

Also, this is the first time that SQL Server Data Tools (version 2015) are able to create SSIS packages with backwards compatibility (down to 2012 version), so you should download and use this version too: https://msdn.microsoft.com/en-us/library/mt204009.aspx . Again, here is the direct link to the english version: https://go.microsoft.com/fwlink/?LinkID=832313&clcid=0x409

Tip: to create SSIS packages for older versions of Integration Services: create a new project, go to Project, open Properties, select Configuration Properties, then General. Change the TargetServerVersion property for this particular Project, and you’re ready! You can do this for each Project, and develop with no mess for various versions of the SSIS engine.

Cya!

 

Posted in SQLServer | Tagged , , , , , , , , , | Leave a comment

To the cloud: Amazon AWS free access

Ok, so let’s be fair to everyone: AWS also has a “free level” for you to create a few VMs and learn how to manage things there. I highly reccomend that you get to learn both AWS and Azure.

https://aws.amazon.com/free/

Happy clouding!

cya!

 

Posted in AWS, Azure, Cloud | Tagged , , , , | Leave a comment

Get a taste on the cloud: MS Azure Free Trial

Continuing with the inevitable move to the sky, and trying to self-quote myself here (well, self-post actually), I’m back to tell you that you can have one month of free experimentation with all Azure platform for free. You can set-up servers, databases and everything.

https://azure.microsoft.com/en-us/pricing/free-trial/

It’s worth a try. Cya!

Source: Tips for Exam 70-462: make your labs using Azure trial

Posted in Azure, BI, Cloud, SQLServer, Windows | Tagged , , , , , , | Leave a comment

SQL Server: ranking your data

This is the kind of query that kills some servers – ranking.

It’s a bit hard to make programmers understand how important the performance of their code can have a big impact on server speed – they all seems to think that throwing more hardware will solve all world’s problems… unfortunately it does not work that way.

So, after the app is completed and tested and validated by the manager (with a small data-set, of course), it goes live. After a few thousand records are inserted, things start to slow down, and it is exactly the report that the manager will look everyday. If this is familiar to you, take a look at the hints and techniques in this article: Nasty Fast PERCENT_RANK from SQL Server Central folks.

It’s not just the ranking itself, but all types of queries and data manipulation shown there that may help you. And the ideas work in all database engines, of course changing the language to the one you like.

and happy coding!

cya

Posted in BI, MongoDB, MySQL, Oracle, SQLServer | Tagged , , , , , | Leave a comment

Some fancy BI stuff: SSIS training, Data Tools add-ins and BIML academy

A few days ago I posted a link to one BIML introduction webcast. Now I now it will be a series of webcasts this week, it’s a great oportunity to learn more about it! Stay tuned and subscribe to the remaining days of the BIML ACADEMY. Recordings on previous days will be available too.

While we are on BI topic, you can get yourself started on the Stairway to Integration Services articles teaching how to use SSIS. These series of articles are a great idea from the guys at SQL Server Central. SSIS (Integration Services) is a great tool to Extract, Transform, and Load (ETL) data and can be used on various kind of projects and reports.

A final note on the topic is that this tool allows you to expand its capability. BIDS Helper is a great set of add-ins that really expand the SQL Data Tools and makes your life easier. Codeplex.com has some really nice projects shared and is worth a look.

Bonus content: as we are talking about additional stuff for SQL 2012, you might want to take a look at Microsoft® SQL Server® 2012 SP1 Feature Pack (no links for SP2 and SP3, sue MS). Also the SQL Data Tools itself should be installable over this direct download for 2012 (no need to get a full SQL Server ISO). For newer versions check this page (match it to your Visual Studio version just for safety). You can try to apply SQL Server® 2012 Service Pack 3 (SP3) to it, but I’m not sure if it will work. Of course, install your SQL Server Management Studio of choice first (I recomend that you stick to the version your servers currently run at work. At home use the newer to learn it. Previous versions are available here or at the SQL2012 SP3 page). You might have a bit of trouble with 32bit vs 64 bit SSIS issues, but it should be easy to overcome.

PS: sorry for so much links in just one post. Microsoft really makes a confusion with their development tools, but it seems they are trying to consolidate that.

PS2: you might experience some compatibility warnings after installing the Data Tools for VS2012. Please update this KB2781514: (source). Also please install in this order: SSMS, Data Tools, full VS suite (if you are a developer).

cya!

Posted in BI, SQLServer | Tagged , , , , | Leave a comment

How to install DSA.MSC on Windows 7 and Server 2008 / 2012

For Windows 7 you will need to download a package from Microsoft: Remote Server Administration Tools for Windows 7 with Service Pack 1  . Follow the great instructions in this link: http://tweaks.com/windows/40075/install-group-policy-and-ad-tools-on-windows-7/

For Windows Server 2008 and 2012, it’s just a matter of adding the feature via the “Add Roles and Features Wizard”. Also some detailed instructions are here: http://www.peppercrew.nl/index.php/2012/07/good-old-dsa-msc-on-windows-server-2012/

Cya!

Posted in Windows | Tagged , , , | Leave a comment