The Complete Weekly Roundup of SQL Server News

Hand-picked content to sharpen your professional edge

The age of the password is over; at least that's the conclusion reached by Mat Honan (the now-famous @mat on Twitter), after his well-publicized experience at the hands of hackers. In brief, they gained access to his Apple iCloud account, and used it to wipe his iPhone, iPad and MacBook devices. They then gained access to his linked Gmail and Twitter accounts. They even wrote to him on Twitter, and explained how the hack worked.

Of course, it doesn't help that many of us are lax in our choice of passwords, and share the same password across several accounts. According to results recently published by Gizmodo, based on an analysis of millions of stolen passwords posted online by hackers, "password" is still one of the most popular passwords. On the bright side, some are clearly starting to heed advice, with more complex variations such as "password1" gaining in popularity....

The problem is that while strong passwords – long, alphanumeric, with improbable character substitutions, and so on – are obviously safer, they are still not necessarily "safe". In the Honan case, the hackers got his details not by hacking his strong password, but by persuading Apple to reset the password over the phone (a practice they've now suspended), armed with his address and the last four digits of his credit card.

Likewise, there are countless examples of substandard security practices on the various websites with which we entrust our personal details. Over recent months, Troy Hunt has done an excellent job highlighting security issues he found with the Tesco's website, including passwords not hashed and encrypted in storage, passwords emailed in plain text, and lack of HTTPS. These failings afflict many websites. I'd particularly recommended you catch Troy's video demonstration of how easy it is on many sites to exploit Cross Site Scripting (XSS) vulnerabilities. This is where a hacker is able to inject JavaScript into a URL, on a legitimate website, to "sniff" information that the site stores in the cookies, or pop up an illegitimate logon form and capture username and password details.

So what's the answer? OWASP has provided excellent guidelines for making a site or service too difficult to hack to make it worthwhile, in the vast majority of cases. The Standards and best practices exist to avoid being hacked, but implementing them requires time and investment and often there simply doesn't seem to be the will to do it. We don't want to bother too hard with security and we wait for a "silver bullet" (such as biometric data, as suggested by Mat Honan) to rescue us from a tedious routine. Maybe a silver bullet isn't going to save us this time.

Cheers,

Tony.

Tony Davis from SQLServerCentral.com

» Join the debate, and respond to today's editorial on the forums

All the headlines and interesting SQL Server information that we've collected over the past week, and sometimes even a few repeats if we think they fit. These headlines are gathered throughout the week and are posted in real time at the website. Check there for information throughout the week or enjoy this weekly summary of the SQL Server world.

Tech News : Data Mining/Warehousing

Use Big Data to gain insight about small business customers - Business Intelligence generated from Big Data is no longer just a concern for large enterprises. Small businesses need to understand and manipulate Big Data to succeed....(more)

Tech News : Disaster Recovery

How to set up CrashPlan Cloud Backup headless on a Synology NAS - Backup Strategies - Scott Hanselman describes his current Backup Strategy....(more)

Tech News : General Interest

Amazon floats Windows Server 2012 into AWS cloud - WS takes on Azure with free tier instances, Elastic Beanstalk support....(more)

Stallman on software patents, 20 years in - Free software guru makes a still-unpopular plea with new urgency—just ban them....(more)

HP-Autonomy fraud allegations fallout: The winners and losers - The repercussions of the $8.8 billion bombshell will be widespread and varied...(more)

Q&A With Autonomy Founder Mike Lynch on H-P Allegations - Mike Lynch, the founder of software company Autonomy, spoke with The Wall Street Journal on Tuesday after Hewlett-Packard alleged that Autonomy “used accounting improprieties” to inflate its underlying financial statements before H-P’s $11.1 billion acquisition in October 2011....(more)

Tech News : Security

Oh, Microsoft, where art thou? - Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS....(more)

Attackers Had Access for Months in South Carolina Data Breach - Attackers had two months of unfettered access to South Carolina’s Department of Revenue systems in a classic targeted attack that began with a phishing email and ended with the loss of electronic tax return data, and payment card and personal information on 3.8 million filers, possibly dating back to 1998...(more)

Symantec spots odd malware designed to corrupt databases - The malware, concentrated in Iran, is specifically programmed to look for certain works written in Persian...(more)

South Carolina faults weak IRS standard in massive data breach - Gov. Nikki Haley has written to the IRS, emphasizing the importance of encrypting Social Security numbers...(more)

Kill the Password: Why a String of Characters Can’t Protect Us Anymore - You have a secret that can ruin your life. It’s not a well-kept secret, either. Just a simple string of characters—maybe six of them if you’re careless, 16 if you’re cautious—that can reveal everything about you....(more)

Tech News : The Lighter Side

Windows 95 Tips, Tricks, and Tweaks - One of these actually made my palms sweat...you'll know which one when you read it.......(more)

Product Upgrades and Releases

SQL Server 2012 Service Pack 1 Cumulative Update #1 is available! - Waited to deploy SQL Server 2012 until Service Pack 1 was released? Then held off because Service Pack 1 did not include important updates from Cumulative Update #3 and Cumulative Update #4? You're running out of reasons to procrastinate! The SQL Server team has released CU #1 for Service Pack 1, which should include all of the fixes from CU #3 & CU #4, as well as some others....(more)

Cumulative Update #8 for SQL Server 2008 SP3 is available - Microsoft has released a new cumulative update for SQL Server 2008 SP3. It seems clear that Service Pack 2 servicing has been discontinued. So there is even less reason to hold onto those old builds, and every reason to upgrade to Service Pack 3....(more)

Hardware News

Intel Explains 20nm NAND Endurance Concerns on the SSD 335 - It's common knowledge by now that as NAND cells shrink in size (thanks to smaller process nodes), their endurance and program/erase latencies both suffer. Consumers wouldn't really be happy with newer drives dying sooner and performing worse than their predecessors, so controller and NAND makers have to work extra hard to compensate for losses due to the physics of NAND....(more)

Blogs : Administration

Last Known Good CheckDB - Diligent DBAs like to check their databases for a little thing called corruption. Some of those DBAs are masterful at keeping records and logging that the database was checked and came up with a clean bill of health....(more)

Registered Servers and Central Management Server: Setup - Whether you manage one SQL Server instance or hundreds, you need to have a way to keep track of them all. Just like best-practices when it comes to security, it would be nice to create logical groups of instances and manage them based on their group membership....(more)

SQL Server: Database Page Basics - The basics of what constitute a database page and what are the various functions of each of the page types....(more)

Coping with infrastructure upgrades - A common topic for questions on SQL Server forums is how to plan and implement upgrades to SQL Server. Moving from old to new hardware or moving from one version of SQL Server to another. There are other circumstances where upgrades of other systems affect SQL Server DBAs....(more)

Database Deployment: The Bits - Copying Data Out - Occasionally, when deploying a database, you need to copy data out to file from all the tables in a database. Phil Factor shows how to do it, and illustrates its use by copying an entire database from one server to another. ...(more)

Blogs : Analysis Services / BI

Analysis Services - Errors when trying to add a User as a Server Admin - A solution to the error "The following system error occurred: The trust relationship between the primary domain and the trusted domain failed (Microsoft.AnalysisServices)", when trying to add a user as a Server Admin to Analysis Services....(more)

Blogs : Backup and Recovery

Long Term Backup Storage With Amazon Glacier - In addition to requiring that tapes need to be added and remove from a tape robot, magnetic tape also has the distinct disadvantage of requiring careful storage and handling to prevent damage to the storage media. There has to be a better way....(more)

Should I Be Using SAN Snapshots as a Backup Solution? - Is it a good or bad idea to rely on SAN Snapshots as a way to backup the databases on a SQL Server? Bad idea, and Denny Cherry explains why....(more)

Backup Databases on Creation - Denny Cherry provides a DDL trigger that backs up any new database as it is created. ...(more)

Handling Backups for Rapid Resilience - The backup and restore system in SQL Server hasn't changed a great deal over the years despite a huge growth in the typical size of databases. When disaster strikes, and an important service is taken offline while a restore is performed, there is often time to reflect on whether it might be possible to design databases for a more rapid recovery of the most critical parts of a database application...(more)

Blogs : Database Design, Theory and Development

Fixing a table that has overflowed its primary key - Denny Cherry on a short and long term fix for a problem where a very large table was throwing errors that the value being inserted into the primary key column was overflowing the data type that makes up that column. ...(more)

Blogs : Developer Tools

SSAS Compare version 1.0 released - Red Gate release a free tool, SSAS Compare version 1.0, for comparisons of live databases and XMLA or Analysis Services Project files, MDX syntax diffs and highlighting Server comparisons....(more)

Blogs : DMO/SMO/Powershell

Backwards Compatibility of SQL Server Management Objects (SMO) - Possible changes required to SMO references in your code during a SQL Server migration....(more)

The Basics of Windows PowerShell Workflow: When to Use It and Why - Jeff Wouters describes workflow in PowerShell 3, and why it might be useful for deployment scripts and basic maintenance/configuration scripts....(more)

Help Beta-Test a New Free eBook on PowerShell Reporting - After much frustration with reporting in PowerShell – seeing admins struggle with ugly, low-level COM code to manipulate Excel spreadsheets, just so they can get nice-looking reports with a degree of automation – Don Jones has started writing a book about it....(more)

Blogs : Events

2012 SQL Server Pro Editors' Best and Community Choice Awards - Gold, Silver, and Bronze Editors' Best winners in each category directly adjacent to your Community Choice winners for tools ranging from commercial tools for backup and recovery, security and performance monitoring, to free community tools....(more)

Blogs : Integration Services/ETL

Getting TaskUnzip to work with SQL Server Integration Services (SSIS) 2012 - It is a very common requirement in SSIS packages to extract contents of a compressed ZIP file, and TaskUnzip is quite a popular way to achieve this....(more)

Blogs : NOSQL

Two cons against NoSQL. Part II. - A panel of experts discuss two cons of NoSQL, how hard it is to move data out from one NoSQL to some other system, and the lack of a standard way to access a NoSQL data store....(more)

Rise and Fall of the Third Normal Form - Relational databases are still dominant, but all the cool kids are using NoSQL databases. A few years ago the implicit assumption was that nearly all data lived in a relational database, now you hear statements such as “Relational databases are still the best approach for some kinds of projects,” implying that such projects are a small minority....(more)

10 things never to do with a relational database - The data explosion demands new solutions, yet the hoary old RDBMS still rules. Here's where you really shouldn't use it...(more)

Blogs : Performance and Tuning

Did some performance counters like Free Pages disappear in SQL 2012? - Answer: Yes. The Memory Manager component of SQLOS was redesigned in SQL Server 2012 and hence some perfmon counters have been changed accordingly. ...(more)

Introducing the SQL Server Plan Cache (and a Better sp_Blitz™) - Brent Ozar on the importance of understanding plan caching and a new set of queries in sp_blitz to slice and dice your way through the plan cache....(more)

Blogs : Professional Development

SQLBeat Podcast – Episode 7 – Niko Neugebauer, Linguist, SQL MVP and Hekaton Lover - In this episode of the SQLBeat Podcast, Rodney Landrum talks to Niko Neugebaur about Hekaton and in memory databases, languages of all sorts, Microsoft’s direction, Reporting Services and more....(more)

Blogs : Software Development

A Fatal Impedance Mismatch for Continuous Delivery - Agility and continuous delivery go hand in hand but there are unfortunately ill-conceived approaches to implementing agility that can prove fatal to a continuous delivery program. In this post we’re going to take a look at one that occurs in larger organizations. We’ll see one reason why it can be challenging to implement continuous delivery in such environments....(more)

Blogs : T-SQL

Case Sensitive collation sort order - Investigating how case sensitive collations decide the sort order, via a simple question: how should the values 'a 1', 'a 2', 'A 1' and 'A 2' sort?...(more)

Demystifying T-SQL Subqueries–Part II - Continuing adventures with T-SQL subqueries....(more)