Detail of a building in Ottawa, Canada

SQL Server 2019 is here

With the release of SQL Server 2019, I wanted to highlight in a single place some things that I’m excited about. Drawing on sessions I presented this year at SQLBits and SQL Saturday Edmonton respectively, these are features in SQL Server 2019 for the busy DBA: UTF-8 in-engine support Intelligent query processing features Replacing sqlcmd
-> Continue reading SQL Server 2019 is here

A steel padlock

When security and news collide

Behold! There’s a scary monster called skip‑2.0, announced by ESET: This backdoor targets MSSQL Server 11 and 12, allowing the attacker to connect stealthily to any MSSQL account by using a magic password – while automatically hiding these connections from the logs. Such a backdoor could allow an attacker to stealthily copy, modify or delete
-> Continue reading When security and news collide

Convert legacy password storage without aggravating your users

In a previous post I wrote about storing password hashes in a database, which raises the question of how to convert an existing legacy password storage system to use hashes (or even no passwords!) without annoying the people who use your system. Dial ‘S’ for Secret Let’s assume that you have inherited a database which stores passwords
-> Continue reading Convert legacy password storage without aggravating your users

How to really store a password in a database

Recently I wrote: Don’t store passwords in a database. I stand by this statement. I expected a lot of flak because I didn’t explain myself. This post goes into a bit of an explanation of my position, as well as how to go about storing something in a database that can be used for authenticating
-> Continue reading How to really store a password in a database

My IT department installed an antivirus with SQL Server

Time for another short blog post, and this one combines two topics I am very passionate about: security, and SQL Server performance. Let’s start by talking about “antivirus” and what that means in today’s world. The term antivirus (AV) itself is outdated; traditionally, AV products detected malicious activity through fixed patterns of code or patterns
-> Continue reading My IT department installed an antivirus with SQL Server

Do you even PowerShell, bro? An ode to dbatools and dbachecks.

Shall I compare thee to Management Studio? Thou art more scriptable and consistent. Those out-of-memory errors do tend to lose hours of work. And I mean, SSMS doesn’t run from the command line. Sometimes I get those line-endings errors, Not to mention IntelliSense bombing out; And figuring out which tab I was in can be
-> Continue reading Do you even PowerShell, bro? An ode to dbatools and dbachecks.

the world is on fire

Secure or fast? Secure, obviously …

By now you have probably seen the news about a major flaw in the design of CPUs from all major vendors (Intel, AMD, and ARM) resulting in a series of vulnerabilities in operating systems and … web browsers? One of my favourite things to do is to make queries run faster. What the Meltdown and
-> Continue reading Secure or fast? Secure, obviously …

All Mac users should do this immediately

This post is a public service announcement for all users of macOS High Sierra (10.13). (Note: Apple has already released a fix, but if you do not have automatic updates enabled, this may still affect you.) If you didn’t hear about it already, a major security flaw was discovered last week in how the root
-> Continue reading All Mac users should do this immediately

SQL Server 2017 Administration Inside Out

For the last five months or so, I have been helping some really smart people put words on paper, both the physical and electronic kind, which is hopefully going to culminate in an actual technical book that I can point to and say “Yes, that’s the name I invented for myself when we moved to
-> Continue reading SQL Server 2017 Administration Inside Out