K. Brian Kelley - Databases, Infrastructure, and Security

Always Striving to Improve

K. Brian Kelley — Sat, 07 Nov 2009 14:51:00 GMT

I'm enjoying a relaxing Saturday morning and I'm doing a bit of reading on ESPN. I see the article about Kobe reaching another scoring milestone and decide to give it a read. I'm admittedly a Lakers fan; I have been since I first watched Byron Scott knocking down outside shots. So naturally, I enjoy reading up on the Lakers and what their players are doing. It's a normal sports article talking about Kobe's scoring, and I begin to yawn, and then I see this:

Bryant visited Olajuwon over the summer to learn more about low-post play, and the Houston Rockets' famed center provided Kobe with even more skills to keep knocking down scoring marks.

Now that caught my attention. Here is a guy who just won the NBA championship... again. He's won a scoring title. He's considered the greatest closer in the game. Yes, even over Bron Bron. Don't believe me? go back and watch the end of the gold medal game against China. We were going to lose. And Kobe took over. Everybody, including Lebron, deferred to Kobe. And USA won. USA won because when Kobe gets that glint in his eye, nobody can stop him. He has too many offensive options. And if he happens to get hot as he's taking over a game? It's over and over in a hurry. He can beat you inside. He can beat you outside. He can beat in the low post or driving the paint. He can beat you when you're sleeping in your bed and he's two zones away watching Lionel Messi light it up on the pitch. So if anyone doesn't need to worry about his offensive game, it's Kobe. But Kobe obviously didn't rest on his laurels. He went and visited Hakeen "The Dream" Olajuwon to work on low-post play. Olajuwon had that post-up fade away jump shot no one could stop. He could up and under on a spin move that was equally unstoppable. It was all part of his "Dream Shake" package. And that's who Kobe went to learn from.

And that reminded me that I can never stop learning. There's always more to do. There's always more to understand. If Kobe can go to Olajuwon, I can go to the top folks in whatever field or endeavor I'm working on, whether it be SQL Server, the Bible, flute, cooking, chess, or something else. Speaking of chess, I'll end on another guy who hasn't stopped, Victor Korchnoi. At the age of 78 he won the Swiss Chess Championship. He continues to play well at grandmaster levels, despite his advanced age. That's an inspiration to keep pushing hard to grow and do better if there ever was one.

OFF-TOPIC: Surviving, Missing Folks, Glad I'm Home

K. Brian Kelley — Fri, 06 Nov 2009 07:16:00 GMT

I certainly wish circumstances were different and I would have been able to attend the PASS Summit this week. I miss being part of the active community and seeing old friends and meeting new ones, but I'm glad I was here at home. Being home means I've been able to tend to my wife. That's my job, more so than any regular employment or professional commitment. She's recovering, still in pain, requiring the Motrin that was prescribed. She's also still very tired as her body heals up from the pregnancy. Once we found out the twins had passed, they went through a process to induce similar to a normal pregnancy and birth, so her body is recovering just as it would from a regular pregnancy. And that means she gets tired more easily. I've seen her regain more of her strength each day, but she still gets more tired than she does normally. Being here means I can take on kid wrangling, fix the meals (although this has been made easier since our church family has, with grace and generosity, provided all of her dinners and some of our lunches since Sunday night), and take care of other things that she might not feel up to do. So we're surviving, we're not over the physical part yet, and I know it'll be a while for us to recover emotionally and mentally.

Speaking of which, I went back to some advice my dad gave me after we found out the news. He made a point of telling me to ensure that our four year-old wasn't neglected. He had been through this when his mother lost her twins, and as the baby of the family, he felt like he was kind of shoved to the side. This is something he still remembers in a very raw and painful way. While he knows that it wasn't intentional, that doesn't erase the memory of the pain he felt. Now my father is a retired Marine Gunnery Sergeant (like fellow Kelley/Kelly, Andy Kelly) and he's an old-school Marine among old-school Marines. So he typically keeps his emotions close to his vest. I know for him to share that meant it was a pretty significant memory and a time of great pain in his life. As a result, we've purposely have looked to ensure all three kids have received a good deal of attention. This includes my oldest, who will soon be turning 12, because of his age and his tenderness I think he took the hit almost as hard as Kimberly and I did. He has always had a tender and loving heart. It's one of the things about him I can't take any credit for but I'm extremely proud of him over. But it also means in times like this he hurts and hurts a lot.

In order to cope I've turned more to reading and to music, both playing and listening. Hymns and jazz music are certainly a salve for my soul. I've also delved back into poetry, specifically poems of faith. Thankfully, I've got a great library here in Columbia, SC, and it had a book entitled The Poetry of Piety. I don't see it available for order anywhere any longer, or I would link to it, but it's been a good read thus far. I'm barely into chapter two, and I've enjoyed what I've read.

(Editorial Warning: If you're not interested in hearing about matters of faith because that's not why you follow this blog, then what follows is exactly that. Just wanted to give you fair warning.)

For instance, chapter one covered Sir Walter Raleigh's epitaph, which was:

Even such is Time, which takes in trust
Our youth, our joys, and all we have,
And pays us but with age and dust;
Who in the dark and silent grave,
When we have wandered all our ways,
Shuts up the story of our days.
But from which earth and grave and dust
The Lord shall raise me up, I trust.

The message of this epitaph is that time will eventually get us. The joys and energy we have in our youth will succumb to old age and then eventually death. It's an inevitable marching in that direction. However, Sir Walter Raleigh was putting his trust in the promise that God would raise Him up again in the future. This is a central message of Christianity, and it was one he was holding tight to. The book points out that this epitaph was reportedly written the night before his execution, and if that's the case, is a reflection of the final thoughts of a man who had done and seen much in life. He didn't reflect upon his accomplishments or his family or anything else except a promise from his faith. This was a welcome reminder that I believe in something more than this present life. And that I believe that there is hope beyond what I can touch and see. I know some would think I'm naive, silly, foolish, an idiot, or even a bit unstable because I cling to such faith. But in a time such as the present, that faith has steered me through. It has always steered me through, both in rough times and in good ones. And I hope to end life with a similar sentiment and conviction as Sir Walter Raleigh did.

Not Attending/Presenting at SQL Connections

K. Brian Kelley — Sun, 01 Nov 2009 04:19:00 GMT

Given everything that has happened in the last couple of weeks, this is not surprising to those who have kept up with my family's most recent struggle. I had one more big decision to make from a professional side of things and that was whether or not to still attend and present at SQL Connections. With Kimberly's physical recovery time being at least two weeks, that was an easy decision to make. I will be staying at home, tending to my beloved bride, as she heals physically. The emotional healing for both of us is going to take much longer, but the warmth and love from our family, friends, church, and the wonderful SQL Server community has helped that process tremendously. Many of your comments have brought tears to our eyes as we have read them. Thank you.

One of the reasons I love our SQL Server community is because of the caring I've seen within it. It transcends a common love for a particular technology to manifest itself in compassion and caring for one another. And that makes me very glad and very humble to be a part of it. We have a truly great and wonderful community.

OFF-TOPIC: God is Still Good, Even as We Mourn

K. Brian Kelley — Fri, 30 Oct 2009 15:53:00 GMT

Kimberly and I went to the high risk doctor's office this morning for the ultrasound. Unfortunately, they realized very quickly that both children had passed away. There was no heartbeat. They suspect Twin-to-Twin Transfusion syndrome. We are in mourning and have begun the procedures to ensure Kimberly's health. Support from friends, family, our church, and the SQL community has been awesome. Thank you all. I'll close on this:

A Path of Sorrow

In memoriam of our twins.

We've walked this path before, You and I,
Where my heart was shredded and in despair.
But I will proclaim to all who will hear,
"God is good, even in these times of pain."

I remember the past. I remember the agony.
I remember facing an ended future.
There was nothing I could do but suffer,
Except trust and lean on You by faith.

I had tried it my way and I had failed.
There was nothing I could do to overcome.
And then You held me up and soothed me.
You spoke loving words of grace and mercy.

You delivered a miracle and You healed me.
You did what the doctors could not explain.
You restored my future I knew was lost.
And You gave me a hope I'll never lose.

Nothing happens outside of Your control.
And I know that even as I mourn deeply,
You stand beside me with Your arms around me.
You are here in the midst of my pain.

So I will praise You with every breath.
I will proclaim Your greatness to all.
For I've walked this path with You before.
And I see You're beside me yet again.

SQL University: Multiple Paths and Ownership Chaining

K. Brian Kelley — Fri, 30 Oct 2009 05:44:00 GMT

Welcome back to our last class this term on security in SQL Server here at SQL University. According to the syllabus, you should be picking up history next week with Jorge Segarra. SQL Server has a rich history. I know you'll enjoy the coming week. However, before we move on, let's close on some intermediate security topics. First let's talk about something I call "multiple paths."

"Hi, my name Is... What? My name is..."

Within Windows, a Windows user can be a member of numerous security groups. And the way permissions work, permissions can be assigned to any, all, or none of those security groups. For instance, when I was an infrastructure and security architect, I wore several hats. Each of those hats was mapped to a security group. So if you looked at my membership, here's what you would have seen:

Domain Admins
Server Admins
DBAs
Perimeter Security Admins
Incident Response Team Members

It's entirely possible to allow multiple security groups to connect to SQL Server. For instance, on a particular SQL Server, Server Admins could be allowed in as well as DBAs. DBAs would have full rights over the SQL Server. Server Admins would have rights to use a couple of databases, but not all the databases on the SQL Server. So when I come into SQL Server, who am I? It looks like a complicated mess, but really it's not. I'm both a member of DBAs and a member of Server Admins. So as far as SQL Server is concerned, I come in as both. That's right, both. So that raises the next question: What are my permissions?

If you remember back to last class, I talked about how you could have multiple permission sets. We used the example of three sets, which I called sets A, B, and C. And we talked about how the permissions added up, unless there was a DENY involved. Well, what we were discussing then is possible based on the situation I'm presenting now. I'm authenticated by SQL Server against the login for Server Admins and against the login for DBAs. And since the DBAs have complete control over the SQL Server, I have complete control over the SQL Server.

Let's take another example. Assume I'm not longer in the DBAs security group. Let's say the Server Admins have access to a database called ServerInventory. The Incident Response Team Members have access to a database called IncidentResponse. And there's another database called DBAsOnly that only the DBAs can get into. Since I'm a member of Server Admins, I have access to ServerInventory. Since I'm a member of the Incident Response Team Members I also have access to IncidentResponse. But since I'm no longer a member of DBAs, I do not have access to DBAsOnly. Make sense?

Another way to think of it is imagine a row of lockers, like back in high school. Being a member of Server Admins gives me a key to one locker (database). Being a member of Incident Response Team Members gives me a key to a different locker. The school (SQL Server) looks and sees I'm a member of both groups. Because of this, it hands me both keys. But since I'm not a member of DBAs, I'm not handed the key to the locker for DBAsOnly. Hopefully that gives you a visual picture of how SQL Server handles who you are. This is done both at the server level as well as at the individual database level. And because I can hold multiple keys (logins), those can map to multiple permission sets, like what we covered on Wednesday. Really, this is no different than file and folder permissions at the operating system level. It works the same way in SQL Server as it does in Windows.

"Know your role!"

The Rock had many sayings when he was in World Wrestling Entertainment (formerly the World Wrestling Federation), but among them was, "Know your role!" When it comes to SQL Server, this saying is important. At the server level, it is possible to put a login into several pre-defined roles which we call fixed server roles. These give a blanket set of permissions. Take, for instance, the sysadmin fixed server role. That role allows you to have complete control over the SQL Server. If a login is a member of that role, it can do anything within that SQL Server. And just like at the server level, there are roles at the database level, too. There are fixed database roles which have preset permissions, just like server roles. There are also user-defined database roles. These are role you can create. They are just like Windows security groups in that they are designed to group together database users. Also, you can assign permissions against the role, just like with security groups. Therefore, at the database level, the best practice recommendation is straight-forward:

Create roles with logical names that correspond to the different levels of permissions in your database.
Assign database users to those roles.
Grant permissions directly to the roles, not individual database users.

Ownership Chaining

Ownership chaining is a feature of SQL Server. Basically if you have two objects, and they have the same owner, they can form an ownership chain. For instance, let's say I have a table and a view. The view refers to the table. If both objects have the same owner, then I can have an ownership chain. Let's say I have the ability to issue a SELECT against the view. But I have no permissions against the table. If I try to issue a SELECT directly against the table, I'll get an Access Denied error. But if I issue a SELECT against the view, it works. It works even though the view hits the table. Why? Because SQL Server allows an ownership chain to form.

Basically, SQL Server sees that the same user owns both objects. So it assumes that if the owner has built one object to refer to another, like our view referring to our table, the owner meant for the reference to work. And as a result, when you go from the view to the table, SQL Server won't check permissions on the table. It will assume the owner knew what he or she was doing when the reference was created. We can use this to control access to the base tables in our databases. By controlling access through functions, stored procedures, and views, we can control how the data is displayed and how the data is manipulated. With ownership chaining, access to the base tables happens, but only through the methods we've explicitly built. So, for instance, this won't work:

DELETE FROM dbo.SomeVeryBigTable;
GO

If an end user tries to execute this, that person will receive an Access Denied type of error. This is good because imagine if they were able to execute it. Then we're stuck in recovery mode and that's bad. Now imagine we built a stored procedure like the following:

CREATE PROC dbo.ControlledDelete
  @SomeID INT
AS
BEGIN
  DELETE FROM dbo.SomeVeryBigTable
  WHERE SomeID = @SomeID;
END;
GO

In this case the end user can still delete rows. But our stored procedure only allows the deletion of one row at a time, and you need to know the right ID. We now only have to grant EXECUTE rights against this stored procedure and everything will work as we'd like. We don't have to grant any sort of permissions against the table itself. All right, enough on the theory. Let's round out the week with a few demonstrations. Afterwards, look to our coach for some drills to help you get stronger in SQL Server security.

Practical Demonstrations:

OFF-TOPIC: More about the pregnancy

K. Brian Kelley — Thu, 29 Oct 2009 15:57:00 GMT

Quite a few folks have commented about my previous post about missing the PASS Summit, whether publicly or in private. It's hard to keep track of everybody who has, so this is a blanket blog post that explains what the doctors are concerned about.

The condition that raised the red flag is this one: Monoamniotic-Monochrionic twins (MoMo twins).

During the 20 week ultrasound, the fact that there were twins caught everyone by surprise. But as they investigated, they could not see a membrane between the two. And that raises the question of whether or not they are MoMo twins or not. As a result, we've gotten a referral to specialist doctors at the University of South Carolina School of Medicine. It'll be a three-hour ultrasound, with better equipment, mind you. We went through the same thing with our now four year-old daughter, so we at least know what to expect. It's entirely possible that the membrane is there, then the risks go down quite a bit. There are still risks because there's one placenta, but it's less than with MoMo twins.

Because we didn't know when the referral would come, I ended up cancelling out of all the PASS Summit. We figured it would be next week and on Tuesday we were notified that it would be for next Tuesday. However, my wife has been in a lot of pain and her feet and ankles have been swelling badly, so she asked if they could work her in sooner. Yesterday they called back and we've got an appointment for Friday. The good news is that at least by the end of it we'll be more certain as to what's going on and what the path is. The bad news is that last weekend was rough on her and I don't see it getting much better any time soon. So I'm really concerned about her and me and the boys (11 and 10) are doing what all we can to take on additional responsibilities and let her rest more.

Last night was a struggle for me. I was up again because of my sleep habits (or lack thereof) and I spent a lot of time thinking about the situation, the possibilities, how to prepare for them, etc. And while I was able to walk through things logically, I was and still am worried. That's reality and I know that's normal. I ended up penning a poem to kind of get out how I feel. I'll include it here in case it might be a help to others. It is intentionally written like a psalm. The reference to the father and son in the second stanza is from Mark 9.

I Call Out to You, Lord

Lord, I can't hide from You my heart.
I'm worried and I'm scared.
I don't know what is to come.
I know the tighter I try to hold on,
The more I fool myself with a lie.

I know the answer is to trust.
I'm to lean on my faith in You.
But knowing and doing are not the same.
So I call out to You like that father
Who sought healing for his son.

Father, help me to be strong.
Guide my thinking and my focus.
Let me look to You and You alone.
For I need to gaze upon You now
So I will not falter and fall.

Let me be filled with compassion
And be a Spirit-led father and husband.
Allow me to act with Your wisdom,
Touch with Your love and understanding,
And be a source of peace to my family.

I offer my troubles to You, O God.
Bear them away from me with haste.
Let me see Your goodness and mercy.
Show me Your beloved face
So I may forge on with faith and hope.

I yield to You now, my Strength and my Shield.
I put my heart before You.
Lift me up and comfort me today.
For I cannot attain peace without You.
Nor give it to the ones I love so much.

SQL University: Diving into Authorization

K. Brian Kelley — Wed, 28 Oct 2009 03:45:00 GMT

It's good to see all your bright and chipper faces here at SQL University. Hopefully you've digest Monday's lesson on Authentication. Today we're going to discuss Authorization. Now Authorization can only take place after Authentication has been accomplished. If SQL Server doesn't know who you are, it can't determine what you have access to. Therefore, if you've not gotten the class notes and looked at the videos, it may help you to review before proceeding further. If you're caught up, let's continue. Authorization is simply the permissions a particular person has. With respect to SQL Server, SQL Server is basically saying, "Once I know who you are, I can tell you what you are allowed to do."

Permissions - A Game of "Simon Says"

If you've ever played the game of "Simon Says," you know that you only react to the instruction given when Simon says to do so. If you react to any other instruction, you're out of the game. If Simon says to do something and you don't, you're out, too. SQL Server works kind of like Simon says. If you tell SQL Server that a certain permission is to be given to a user, then it's like you played Simon says, only you are Simon. SQL Server will carry out that permission exactly as you said. So if you tell SQL Server that Jimbo has the ability to read data from a particular table (granting SELECT permissions on that table), then SQL Server will allow Jimbo to read data from that table whenever he asks for it. Likewise, SQL Server will not allow access if you do not give explicit permission. SQL Server is the ultimate Simon Says player. So if you don't tell SQL Server that Jimbo can read data from that table, SQL Server won't let him (with the exception of ownership chaining, which we'll look at on Friday).

Securables - A Whole Lot of Tupperware

When I was growing up, Tupperware was expensive. It's not like today when I can run down to the Dollar General and pick up disposable containers for a couple of bucks. In SQL Server, starting with SQL Server 2005, there is a new concept called securables. Securables, in a nutshell, are anything you can assign permissions against. There are also special types of securables called scopes, which are nothing more than securables that can contain other securables. Within SQL Server there are three scopes:

Server
Database
Schema

Servers have securables like logins and endpoints as well as the securables/scopes databases. Databases have securables like users and symmetric keys as well as the securables/scopes schemas. And schemas have the securables we normally think of like tables, views, and stored procedures. That's the hierarchy. Now, normally we grant permissions directly against tables, views, and stored procedures. So if I grant SELECT on a table, then the person can execute a SELECT query against the data in that table. If I think of Tupperware, my wife has given me permission to open up the Tupperware containing the salad. But the Tupperware containing the lasagna, well, that's off limits. So I have SELECT rights against the Salad Tupperware but I have no rights against the Lasagna Tupperware. SQL Server is my wife, but SQL Server is always on duty. So if I try and open up that lasagna, I'm going to immediately get an Access Denied!

Now let's take this a step further. If you do it right, you can put smaller Tupperware containers inside larger Tupperware containers. This is the concept of using scopes in SQL Server. Imagine that the lasagna container fits inside the salad container. My wife has given me permission to open up the salad container. Lapsing back to my past as an 8 year-old boy, I interpret her permission as saying, "You can eat anything in the salad container. So I take the lasagna container and put it inside the salad container, dumping any salad that prevents the true prize from fitting. I close up the salad container and then say to myself, "Well, time to eat what's in the salad container." And then I proceed to open both containers, first the salad one, then the lasagna one, and eat the lasagna. Sure, my adult self knows I'm in trouble as soon as my wife catches on, but we're talking lasagna! SQL Server operates as our eight year-old selves do. If you give the permission on the larger container, or scope, it applies to the securables contained within. For instance, if I give SELECT permission against a schema, all the tables and views contained in the schema that permission applies to as well. So we need to think about that when it comes to giving out permissions. We can either give it directly to the object (securable) in question or to the scope that contains it.

GRANT, DENY, and REVOKE - Understand the Interaction

GRANT gives the permission. So if I GRANT SELECT on a table, the person can read from the table. DENY blocks the permission. So if I DENY SELECT on a table, the person cannot read from the table. Also, DENY is a trump. If you've played the game of Spades, all spades cards trump cards of any other suit, regardless of numeric value (so a two of spades will trump a 10 of diamonds or an ace of clubs). When you've got spade against spade, it's all about numeric value. As a result, unless you're playing with house rules which include jokers, nothing trumps the Ace of spades. The DENY is like the Ace of spades. It doesn't matter what the other permissions are, if a particular person has a DENY, it will trump any GRANTs that the person may already have. And that bears explanation.

It is possible for multiple sets of permissions to apply to a particular person. We'll get into the how on Friday, but assume that three different sets of permissions apply to a particular person. Set A grants SELECT against a table. Set B grants INSERT and UPDATE against the same table. SQL Server will aggregate the permissions and give you the sum of all of them. So if we're just considering sets A and B, the person has SELECT, INSERT, and UPDATE on the table. If you've worked with permissions at the file and folder level on the operating system, you should be familiar with this type of behavior. Now let's look at set C. Set C has a DENY on UPDATE. Remember, DENY trumps everything. So the DENY on UPDATE in set C is going to trump the granted UPDATE in set B. So once we consider all 3 permission sets, the person really only has SELECT and INSERT.

By the way, you can replace one for the other. So, for instance, assume set C should have been a granted UPDATE instead of DENY. If you decide to replace DENY with the GRANT, you can do so simply by executing the GRANT permission. So when applied in the same manner (again, covered on Friday), they will replace each other. So if that's the case, why do we need REVOKE? REVOKE is a giant eraser. If the person has a particular permission, REVOKE removes it. It doesn't matter if it's GRANT or DENY. Instead of overwriting the permission, it simply gets rid of it. So if we go back to set C, and we didn't want to grant UPDATE permissions, but we wanted to get rid of the DENY, we could use REVOKE. If set C had permissions for other tables, we might not want to get rid of set C altogether. But we do need to correct the mistake without granting any additional permissions. In this case, REVOKE is ideal. It gets rids of the permission altogether. If the person doesn't have permission via another mechanism, we're back to that game of Simon Says again. Since Simon (or John or Marie or whoever you are) didn't say the person should have access, then the person doesn't gets access. If, however, the person had access through another means, such as set B, then the DENY is no longer there to block them.

Practical Application:

Okay, enough theory. Like last class, let's see some of this in action. Again, the videos are around 5 minutes or shorter.

SQL University: Authentication and Authorization

K. Brian Kelley — Mon, 26 Oct 2009 04:05:00 GMT

Welcome back to class, folks, here at SQL University. This week we're going to take a look at the basics of security for SQL Server. Since this is an introductory class, we're going to focus primarily on SQL Server itself, only delving into the operating system when we have to do so. So let's start with first steps. In security there are usually three As we're concerned with:

Authentication - Can you prove you are who you say you are?
Authorization - Okay, so you've proven it. Now, what do you have access to?
Auditing - Can we track what you and others are doing?

While auditing is important, that's a more advanced topic, so we'll stick to the first two As: authentication and authorization. If you remember back to your first week of class, we briefly talked about authentication. That's what we're gong to focus on today. Authorization will be for Wednesday's class. And for Friday we'll look at both in a bit more detail. Now, onto today's material. One of the things we discussed is that either SQL Server can handle the authentication or it can pass it off to Windows. Windows authentication can also be called integrated security. Since Microsoft recommends using Windows authentication, let's talk about why.

Windows Authentication - Ease of Use for the End User:

Imagine for a second that you're the manager of an apartment complex and let's say you've got 250 different apartments. Now, you've got two choices on how to handle your access to these apartments you're responsible for. Either you can have 250 different keys or you can have one master key. Which would you choose? If it were me, I'd want one master key for me. Sure, the system needs to be able to handle issuing 250 different keys so one apartment dweller can't get into the apartment of another, but for me and my maintenance staff, I need the master key. Otherwise I could sit there forever trying to figure out how to get into the one apartment where the toilet is overflowing and flooding the apartment below. Not a good situation if I have to sort through 250 different keys, right?

Well, imagine your internal network is like a huge apartment complex. And let's say you have 250 different systems. If your end users have to enter a username/password combination for every system, your users would quickly grow upset. Even if we're talking 5 to 10 systems, you're going to hear grumbling. If you make it worse and they have to have different passwords for every system, you've really got trouble. Sooner or later they're going to do things like keep a sticky note on their monitor with all of their combinations recorded. But if you can give them one key to access all of the systems, they'll be very happy with you. And that's one reason to use Windows authentication. Your users already have to use a username/password combination to log onto your Windows domain. If we can take those credentials and re-use them, they'll be very happy. It also means they are less likely to do something like that sticky note trick. I did say less likely. Get used to it, because no matter how easy you make it on your users (unless you take passwords away altogether), someone is going to do it. In times like those, take the time to show 'em right. Help them understand why it's dangerous. And if you don't get through the first time or the hundred and first time, keep at it. It's important.

Windows Authentication - "One Stop Shop" Lockdown:

But you know, it's not just about ease of use for our end users. Imagine you went the 250 key method. Now you were trying to be smart and you got keys marked Do Not Duplicate. While this isn't an effective way to ensure they keys aren't duplicated, let's say, for example's sake that it is. And one of your maintenance folks was caught doing something they ought not be doing (like stealing from one of the apartments). You now need to get all the keys back from that maintenance person. And he hands you 250 keys which look right. The question is, "How do you know?" The only way you're going to be able to tell is to go through and try each key in the locks until you're sure you have them all. After all, there's nothing stopping the maintenance person for substituting several keys that look authentic but aren't. And then your maintenance guy still has access to some of the apartments in the building. So unless you take the time to immediately verify all the keys, you have a problem. The same thing is true if you have folks with different username/password combination all over the place. You might be able to turn them off in one place, but unless you go system by system, you've got the same problem if someone's access needs to be turned off.

Now let's go back to that master key idea. If you only issued them master keys, and you have some way of verifying they weren't able to duplicate the master keys, once you get it back from the maintenance person you're letting go, it's a simple matter to try it in a handful of apartment locks to verify it's real. And then you can kick the guy to the curb. Well, if Windows user accounts are being used, specifically domain user accounts, you have the same idea. You've got an employee who has been doing something they ought not do, and it's time to take away their access as HR processes them out the door. If all access is through the domain, then as soon as I lock down that person's domain user account, I have confiscated the master key. They aren't going to get in anywhere. And that's what we want.

Windows Authentication - Security Forces at the Gate:

As a member of the United States Air Force, one of the job types I came into contact with every day were what are known as Security Forces (like the guy to our left). These are people whose job it is to provide base and flightline protection. Because they did this job, I could focus on my job: computers. Now, they weren't just base and flightline defense, either. They also were law enforcement personnel. If you were speeding on base, it would be these guys who would pull you over in a heartbeat. And while I know that some civilian law enforcement personnel have the discretion to give a warning instead of a ticket, I never met one of these guys who did. They took their job seriously, whether it was pulling people over for speeding, preventing looting of a base devastated by a hurricane (Keesler Air Force base after Hurricane Katrina), or trying to ensure no one is trying to get on base that shouldn't be there. Well trained and well motivated, they will always do a better job than someone like me, because they are trained for it, constantly do it, and constantly retrain on it.

And that describes Windows authentication. The Windows operating system already has authentication functionality built-in. It has to do so. And if you're in a domain environment, there are special computers, called Domain Controllers, where authentication actually takes place. Those systems tend to be treated more security than regular servers, even SQL Servers. And therefore, if the username/password combinations are going to be stored on the most secure systems in the domain, that would be on the domain controllers (as a side note, a hash is what is actually stored there, not the password itself). If you let Windows do the authentication, then SQL Server doesn't have to store anything related to a username/password combination. And it's up to Windows to check the security. In other words, SQL Server is handing off this sort of authentication to processes which do it constantly. That's good, because it also means that if you're a DBA and your organization is large enough to have someone else managing the domain security, then you can leave the authentication to them, which is something they're doing constantly. And you have the option of focusing on what you do best: SQL Server.

So Why SQL Server Authentication?

Because you have to. Yup, I said it. The classic example is a third-party application that only supports SQL Server based authentication. You can pull out your hair and gnash your teeth all you want, but if the vendor isn't going to change the product and you need their product, you're stuck. And you'll have to allow SQL Server to manage the authentication. That's not as bad as some may make it seem. SQL Server does a secure job of things. However, you lose the advantages I've mentioned above.

Another classic example is when you have a system that isn't on the domain that needs to talk to the SQL Server. For instance, you have linux servers that you want to connect back with and in that case, SQL Server authentication is the most straight-forward way to go. Another classic example along these lines is a web server that sits in the DMZ. Not the one between North and South Korea, mind you, but where you have your Internet facing systems located. These systems are partially protected from an Internet attack and your internal network is protected from most attacks that could originate from these DMZ servers, should those servers be compromised. So it's a buffer zone between your internal environment and the Internet. In this case, it can be considered too risky to put said web server in the DMZ on the internal Windows domain. If that's the case, you can't use Windows authentication to connect. So you've got to use SQL Server authentication.

Some Practical Instruction

Okay, let's depart from the theory and look at some of this stuff in your SQL Server environment. Here are some videos which explore the topic of authentication a bit further. They're all short, five minutes or less, and should give you a basic foundation on how folks come into your SQL Server:

Another Year, Another Missed PASS Summit

K. Brian Kelley — Fri, 23 Oct 2009 16:50:00 GMT

This year I was really looking forward to going to the PASS Summit. It's worth every penny in the knowledge you'll gain and the networking opportunities you'll encounter. You know, a lot hasn't been said on the later, but let me throw my two cents worth in here (since we're talking about pennies). The friends I have made and the relationships I have expanded on through the one PASS Summit I was able to attend have been extremely rewarding to me personally. I tweeted about how I consider a few folks my unofficial mentors in Steve Jones and Andy Warren. Being able to meet them and really get to know them at the PASS Summit was the main highlight of that conference for me. It's where I learned a lot more about them personally, where they come from, what their backgrounds are, and that time spent, along with other opportunities over the years, has been the reason I so value their wisdom and advice. But I've met and built relationships with other folks, too, through that conference and you know, if you were to sum up the hours I've spent talking, trading emails, getting technical advice, bouncing ideas, etc. off at a regular consultant's bill rate, I've come out way ahead. It's not about bill rates for me, don't get me wrong. But a lot of folks are not going to be able sell their manager on "relationships" in a lot of cases. So we need to take something that business uses. So if we're talking about something business can use to understand the benefits of sending its people, that's money. If I added up the bill rate for all those "consulting" hours that no one paid for versus what it costs to go to one conference, travel and accomodations included, business comes out incredibly ahead. Maybe that's another way to approach asking to go to the Summit or any other major conference like TechEd.

So back to what I was saying, I was looking forward to going to the Summit. There are a lot of folks I want to meet in person. There's a lot of stuff I want to learn about. This year was the first year I had a topic selected. And I'm a SQL Server MVP this year, and while I hope I'll be renewed come January, I know that's not a given. Plus, the recent PASS elections and some comments made by folks I respect (Andy Kelly, Adam Machanic, to name two) have made me realize that there PASS is a community and it's a professional organization, but it needs cash flow, too. So I wanted to talk to folks and see how I might help in that regard. Being a gopher and making phone calls and sending emails is something I can do, even if I don't have the business background of some folks. It's a way I can contribute to help PASS get better. And I figured the Summit was a good way to talk face-to-face with the right folks. So there were a lot of things saying, "Go west, young man!" But ultimately, it's about choices and priorities. I blogged about how I was impressed with a statement Brian Moran made. Here's his statement again:

"I’ve learned over the years that there are a lot of things that I can delegate to other people. I can’t delegate being a good husband or father. I prioritize those jobs on a daily basis even when I’m super busy with other professional responsibilities."

I'm of the same mindset. I can't delegate being a proper husband and father. I also won't abdicate or shirk those roles. Yesterday, when my wife and I went for our 20 week ultrasound, they noticed twins. Yeah, we were shocked. So were the nurse and doctor. Nothing previously had indicated twins, including the initial ultrasound and some of the screenings that have been done. As they examined using ultrasound, they could only see one placenta (which likely means identical twins). So that kicked us into "high risk" and we've got a referral working to doctors at the University of South Carolina School of Medicine. I make fun of USC all the time due to their repeated futility in college sports, but their high risk pregnancy docs are great. I know, because the previous pregnancy we had to see them for a different matter (which has repeated itself in this pregnancy). The referral appointment may reveal that there are two placentas. And we drop back out of high risk. But it may also mean additional tests and checks, because they weren't able to get all the things they wanted to get on baby B (who was starting a trend of being uncooperative with the doctors... repeating the behavior of our 4 year-old daughter) even though what they were able to get on both, everything looks good. At this point we just don't know. The referral appointment should come in the next week or so, but most likely during the week of the Summit.

So as disappointed as I am, it wasn't a very hard decision as to what to do. I had already thought of this back in June because of a question Brad McGehee asked with regards to SQL Connections, when they were no emotions and no concerns and I could think through it in a coldly logical fashion (like Lori Edwards does). But even without that prior question, we're talking family. We're talking my wife. And that makes it a no-brainer of a choice. I've talked about my faith and that will always be first. But she's next on the pecking list. In fact, my faith says that had better be the way it is in my life. So while I will lament the fact that I can't be at the Summit this year, I won't lose any sleep over making this decision. For those who were looking to meet me, the couple of you out there, I hope we'll meet at other venues soon.

Habits and Activities for De-Stressing

K. Brian Kelley — Thu, 22 Oct 2009 06:38:00 GMT

I was chatting on FaceBook today with a guy from my church who is learning to be a network engineer. He's a smart guy and his dad is in IT, too. John is his name and he has helped me in the past with IT-related work that we needed to do around the church. He's not afraid or too above doing the stuff that's just got to be done, like doing cable runs in the ceiling. As you might guess, I love working with and talking with John. We were chatting about a project he had for class where they had to figure out a plan and cost it out for wiring a four-story building. A very practical exercise. As we wrapped up the conversation, he made a point that I always have a lot going on. Another friend of mine, the wife of one of my former pastors and a man I still consider a mentor in minstry, remarked that I'm very much like her husband, with "too many irons in the fire." She's right that I'm like him. I don't know that I could be satisfied not being constantly engaged in stuff. It drives my wife crazy sometimes, but that's the way I'm wired. Even with that said, I still need to take time to destress and unwind.

One of the activities that I used to do a lot for that was play flute. I blogged about getting back to doing that every day. It's been slow going getting back into the habit, but my tone is coming back, and I'm enjoying it. I played for about an hour before I went to to bed and it did serve to relax me greatly. The great thing about playing music like this is I can play out my stress and my emotions, especially by choosing music that expresses how I feel or just doing a bit of improv. It's an activity I've needed to get back into and I am glad that I have.

Another thing I do to destress is walk. I sometimes do this at work for lunch. I'll wolf down my meal and then head out for a couple of miles. Since I work downtown in Columbia, SC, there's good sidewalks and there are some streets which don't have a whole lot of traffic. They are out the back of my building, so it's really easy to get out, spend about 45 minutes trudging around, and just thinking and letting go of whatever has gotten me worked up. Or, if there's something that's really pressing hard on me, I'll take a 15 minute break and walk a couple of times around the block, then head back in refreshed. It's amazing how stepping away from 15 minutes and disconnecting from a computer can really help clear the mind and release the anxiety and stress that so often accompanies our profession.

In any case, I think anyone who works in IT should have activities and habits that help them relax. A friend of mine, who shall remain unnamed, has seemed stressed out a lot lately. He doesn't get up and do anything at lunch time, continuing to plug away at his desk. He doesn't really take breaks. And I've watched him get spun up as the day grows long. I can tell it's taking a toll on his health and his sanity, but that's how he's choosing to handle things. I've tried to encourage him to at least step away for a few minutes, and he does from time-to-time, but far less than he needs to. I hope that aspect changes in the near future. He's been a friend for years and I don't like seeing him suffer when he has the ability to do something to alleviate some of the pressure and stress.

Review: ASUS Eee PC 1005HA Netbook

K. Brian Kelley — Tue, 20 Oct 2009 02:14:00 GMT

Our home desktop was several years old and due for replacement. I still have my Dell laptop, and it's still more than powerful enough to do everything I need it to do. Plus, I have a work laptop that's more than sufficient as well. We moved my wife to a MacBook Pro, because of the ease of use. And for those that have a thing against Macs because of the price, it has been worth it for me. When you consider how much time I spent assisting with what were really basic things on the PC, things she's able to handle just fine on the Mac by herself, so I've made up the difference in cost in the hours I've not had to spend being "support." But given that the Mac is as expensive as it is, we were looking for something for the kids. We homeschool, so it had to be powerful enough to do basic word processing, spreadsheets, etc. while also being able to access the Internet so they can do research, play games online, and the like. I wasn't looking for a gaming platform or even a more robust laptop to do development and SQL Server related work. So that put us in the netbook category. After doing some research, I decided upon the ASUS Eee PC 1005HA.

Online Ratings:

Online ratings can be misleading. You could have what looks to be a highly rated item, only to see that it has just a handful of reviews. So I was looking for a high rating along with a decent number of folks chiming in. I originally began my search on Newegg.com figuring I would look for what the best deals were. I didn't like the best deals so I started looking at highly rated netbooks. The Eee PC 1005HA had over 100 ratings, with over 80% being 5 eggs. Wanting to see what the ratings were on Amazon.com, I went over there and saw around 100 reviews, with over half giving 5 stars. So there were enough folks having offered an opinion with that opinon being a good one that it looked like the one I wanted.

Price Tag:

Newegg has it for around $350 and that was within the price range for what I wanted to spend. However, when I popped over to Amazon, I realized it was even cheaper. Cheaper than manufacturer's suggested retail price, in fact. It had what I needed. Decent sized hard drive (solid state was on the wish list, but not in the budget), decent screen size for a netbook, full ergonomic keyboard, and decent memory. It came with Windows XP and that was fine. It had everything I needed and was at a great price. Kick in the fact that Amazon was willing to ship with 1 day shipping at an unreal price, and it was a done deal.

Living Up to Expectations:

It took me a little bit of time to setup, as I wanted to make sure each kid had their own limited user account (that's right, no administrator rights). So I needed to set the icons for sign-in, find the right backgrounds to allow them to see at a glance who was currently logged in, etc. But clean-up wise there wasn't too much to do. There's just not a lot of junk on it. I removed the trial installation of Microsoft Office, removed Microsoft Works, deleted the installer for one of the big name AV providers, then proceeded to patch it, set up the firewall, set up when Automatic Updates would grab patches and install, upgraded to IE 8, installed Microsoft Security Essentials for AV, installed OpenOffice, and configured the defaults in OpenOffice on each user account to save in Microsoft Office format. That only took a couple of hours. Most of that time was in the customization. During this time I spent a lot of time staring at the screen and using the touchpad.

A word about the touchpad. The netbook is light and it's got a plastic shell. However, the area for the touchpad has raised bumps so that you know you're on it. It's really easy to use and stay on for most of it. My four year-old had a bit of trouble with it, but I found it very usable. So if you don't want to use a mouse, you really don't need to. The touchpad is more than sufficient. I actually like it better than the ones I have on my Dell laptop (personal) and my HP laptop (work).

Now about that screen. The one issue I did have with the netbook is an issue with all netbooks. There is a limited screen space. Because there is a limited screen space, the resolution was only 1024 x 600. That's a problem, because some websites like Webkinz (yes, I went there) require 1024 x 768. I tried using Webkinz in 1024 x 600 and it's just not very usable. The bottom dock is lost, and that's how you get easy access to your pets, their items, and the like. Okay! I admit it. I have a Webkinz account. Originally it was for me to keep an eye on what my kids were doing, but some of the games are rather fun. But in any case, I needed to do something about that screen size, because I really didn't want to hook up the flatscreen monitor to the netbook. I'd rather package it all up, wipe the hard drive, and donate it to a worthy cause. Thankfully, I didn't have to cart over the monitor. The Asus Eee PC has a screen compression mode that will display 1024x768 on that 1024x600 resolution screen. I was hesitant to activate it because I figured there would be a nasty loss in overall resolution. But desperate times call for desperate measures so turn it on I did. And I was pleasantly surprised that you couldn't really notice the difference. About the only thing you do see is the screen flicker twice when you originally log on as it activates the screen compression, but then it works fine. Having solved the Webkinz issue, it was time to turn it over to the kids.

Kid Tested, Kid Approved:

My kids got on the system and have used it quite heavily. As would be expected for pre-teen and younger audience, they make heavy use of flash-based games and YouTube / Tangle.com videos. And they tend to play back-to-back-to-back for several hours at a time. The netbook has held up well and it's performed just fine. I see a bit of a pause when loading flash heavy websites as compared to my personal laptop, but I've got a Core 2 Duo with 4 GB of RAM. The speed is more than sufficient for what they do. The only issue we've had is with the 4 year-old and adjusting to the touchpad. She doesn't have the dexterity yet to be consistent with it. So we ended up getting a travel-sized mouse (perfect for smaller hands) and she's good to go. Playhouse Disney, here she comes! So it's definitely held up in the couple of weeks we've had it.

Would I Use It?

"It depends." For general Internet use, for word processing and basic documents, it's great. For watching videos or listening to music, it's fine. Would I install SQL Server or a dev environment on it? No. It's not built for that. If I had nothing else, then I might consider it as it has a decent hard drive and enough memory to make that kind of setup usable, though just barely. If you use it for what it was intended for, it's fine. Anything more is pushing it. But that's to be expected with a netbook.

Would I Recommend It?

Based on my experience and the cost, yes. It's been a good buy thus far. It fills the needs for the kids and I can use it in a pinch for basic type of productivity. Especially given Amazon's price, I think it's a great deal for what you get. So I would recommend it if you're looking for a netbook and you're sure you just need a netbook.

Vetting the PASS Board of Directors candidates

K. Brian Kelley — Fri, 16 Oct 2009 16:01:00 GMT

I've had a pretty heavy involvement in Brent Ozar's interview of Matt Morollo. The reason for my intense activity is he was an unknown factor to me. I interact with Thomas LaRock and Jeremiah Peschka on almost a daily basis through Twitter. I follow their blogs. I exchange emails with them. There are some things we agree on, others we don't, and still others we've never discussed. As a result, you didn't see me "laying the wood" to them on their interviews because I have a good sense of what they'd bring to the board, of what they think of PASS and its constituency, and what they see as pain points in our community. Brian Moran has been around a while. I've seen his track record. So while we've never talked in any way, I believe I have a good sense of what I believe he brings. But I needed to know about Matt Morollo. So I stepped in and participated heavily in the conversation.

Stuart Ainsworth made a good point that the other candidates should be similarly vetted by voters as has been done with Mr. Morollo. I explained to him why i didn't (and you see my explanation here). Jorge Segarra made another good point about Thomas LaRock having done that well through the UStream presentations he did. The bottom line is to know who you're voting for. Your vote makes a difference. If you don't know the candidates, ask them the questions you want answered. Do the research on them. Determine for yourself whether or not that person is the right person for the board or not, as Joe Webb put so eloquently:

"But I will tell you that you should give careful consideration and follow up on the questions I’ve outlined in this post. Email the candidates. Ask them questions until you’re satisfied with your knowledge and you can confidently make your decision."

So where do you start? Before you do anything else, start here: PASS Board of Directors Slate of Candidates.

Then look at what the candidates have to say for themselves (these were the two who have put more out specifically about their candidacy):

Check the interviews with Brent Ozar (and these are in alphabetical order by last name, so no one can say I'm showing Tom favoritism due to his love of bacon... because if that were true, I think Jeremiah would be 2nd on the list):

And engage with them, such as through Twitter:

In other words, take the time to understand where each candidate stands and cast your vote accordingly.

Are you sticking to your goals? Do you know what they are?

K. Brian Kelley — Thu, 15 Oct 2009 19:42:00 GMT

I've engaged a little in the discussion on Matt Morollo's interview on Brent Ozar's blog. It made me go back and re-read the other candidates, and when re-reading Brian Moran's, I was struck with this comment:

I'm reading (finally) The 7 Habits of Highly Effective People. Covey's second point is to begin with the end in mind. Know what you want. Then use that to help you make your decisions. The example he used at the beginning of the discussion on this point is, "What will people say at your funeral?" It all goes back to goals. Have you thought about what it is you really want? Have you considered what is truly important to you? And are your current actions supporting those things?

I blogged on my Goal Keeping DBA blog about beginning seminary. It's a goal I've had for a long time and I'm finally beginning that journey. Steve Jones commented and gave me a very needed reminder that if I need to step back in other areas, like in the professional space, to make sure I do that if this is more important. It is. I have a great deal of respect for Steve, as most of us do. Time and time again he has offered invaluable advice, not only about the profession, but about life in general. I need to make sure what I do stays in the proper perspective. Brian's comment hit deep because it is something I believe, too. I can't delegate being a good husband and a proper father. I can't let my job or my ministry to take me away from those responsibilities.

And that gets to the point of this post. If you don't know what your long term goals are, and what their priorities are to you, you may reach the end of that long term period and realize you aren't happy with the road you chose. I don't want to be in that position. I've set goals. I want to reach them. Reminders like Steve's and Brian's help me stay on track. If you've not set goals for yourself, this isn't something to procrastinate on. Once you do, rack and stack them. And then let them help you choose your actions in your future decisions. You'll stand a better chance of looking back down the road you've traveled and being able to say, "Yes, I'm glad I'm where I ended up." Being a graduate of The Citadel, one of the things they reminded us is that we took the road less traveled. That comes from Robert Frost's poem, The Road Not Taken. I'll leave you with the last stanza (and yes, there are two interpretations... we choose to look at the positive one):

I shall be telling this with a sigh
Somewhere ages and ages hence:
Two roads diverged in a wood, and I --
I took the one less travelled by,
and that has made all the difference

Afraid of Presenting? Try Toastmasters

K. Brian Kelley — Tue, 13 Oct 2009 03:41:00 GMT

I should be writing a technical post in the next day or so. I've been focusing more on the community and professional development side because that's what is foremost in my mind right now. And that brings me to public speaking. I will admit that I've had a lot of experience being in front of a group of folks. You can go back to my days at The Citadel as a reason for that. My sophomore year, I participated in a group called C.A.D.R.E., which was a take-off of the cadre, the upper-classmen responsible for training the incoming freshmen each year (I did that, too, as a junior). C.A.D.R.E. stood for Citadel Alcohol Drug and Resource Educators and our primary responsibility was to provide education on alcohol and drug prevention. The Citadel had been smacked around with some public incidents where cadets had imbibed and then done something that made the newspaper. Hence the formation of C.A.D.R.E. But we quickly evolved into a drug/alcohol prevention group for the schools around Charleston than so much for The Citadel. I gave one presentation at The Citadel and one more at College of Charleston, but the bulk of my work was out in the public and private schools from 1st grade through 12th. And some of those were hostile crowds, for obvious reasons. But I really learned that speaking in front of a crowd was a learned skill. And because of some personal background having seen alcohol abuse first hand, I wanted to do everything I could to ensure these kids didn't follow down that same destructive path, even if I had only 30 minutes with them. So I forced myself to stay in there, to practice, to understand what it took to reach the various age groups, and to communicate clearly that I cared. As a result, I got better and got better in a hurry.

Since then I've taught Sunday School, led youth group, preached, and a lot of that on at least a several times a week basis. So I'm constantly in practice, if you want to look at it that way. I've got to be. The ministry I feel I've been called to is just as important to me as C.A.D.R.E. was back in my Citadel days. But you know what? I knew I could do better. Enter Toastmasters. Toastmasters has been around for a while (since 1924). And its purpose is to help people overcome their fear of public speaking and to become better at it. My organization has a private Toastmasters club, so I decided one day to join up. I realized quite quickly that there is an organized plan of development both as a speaker (through the Competent Communicator track) and as a meeting facilitator (through the Competent Leader track). To become a Compentent Communicator, you must give ten introductory speeches. Each speech is critiqued by an evaluator. That evaluator's job is to tell you what you did well and give you a suggestion or two (in a gentle, affirming way) for further improvement. For those new to Toastmasters, you should be assigned a mentor who is supposed to help you prep for your first few speeches, assist you in the first several meetings you attend, and get you ready for any roles you may take on at a given meeting. In other words, it's built around training everyone to be better at speaking and interacting in public.

In the SQL Server community there are a lot of smart folks out there. I've run across a few who, in one-on-one interactions, you learn quite a bit about how much they know about a given subject. But they are afraid to get in front of a user group or submit an abstract for something like the PASS Summit to present. If you are one of those people, I would urge you to take a look at Toastmasters. We need your experience in the community. We would love to interact with you and exchange ideas, tips, tricks, and knowledge. You are a valuable resource to others around you. Just as valuable as any of us you see doing presentations all the time. And truth be told, I get nervous before a presentation, too. That's natural. But I believe in what I'm doing, I care about the folks I'm speaking to, and that helps me overcome my fears. The community has been awesome to me, giving me opportunities I would never have dreamed of when I started to get involved with SQL Server a little over ten years ago. And so I feel compelled to give back in any way I can. It's the least I can do for so many folks who have taken the time to help me learn, grow, and gain experience. Hopefully, you feel the same way and you just need a little push in the right direction. Toastmasters can give that push, in a very positive way. So if you've not checked out Toastmasters, hit the site, look for a few clubs near you that fit your schedule and give them a try. At least one (I know several Toastmasters who are members of multiple clubs) should be the right place for you:

Toastmasters International

Carolina Code Camp - The Good and the Bad

K. Brian Kelley — Mon, 12 Oct 2009 16:15:00 GMT

This past Saturday I was able to participate in the Carolina Code Camp, help just outside Charlotte, NC. I was there for the morning part, spending time with family in Charlotte for the afternoon. So let me go over both the good and the bad, starting with the bad first. There are lessons to be learned in the bad.

The Bad

Let me start by saying that the bad with CarCC had nothing to do with the Code Camp itself. They are just reminders for me as an individual. Hopefully, if they aren't things you've thought of, you can learn vicariously through my mistakes.

The first bad was not taking the time to email some folks beforehand to see if they were going and to try and connect with them before I got there. While code camps, SQL Saturdays, and conferences should be about learning, to a certan extent they should be about networking, too. For instance, ASP.NET MVP Chris Love (who I only know through Twitter) and SQL Server MVP Paul Nielsen were both at Carolina Code Camp. But I missed out on meeting them in person because I didn't get my ducks in a row ahead of time. I'll not make that mistake again. I also missed out on seeing Boyd Evert from the Charleston PASS Chapter and a couple of local developers I used to work with but who have moved on from AgFirst. Next time, I'll do better.

The second bad was not going through my checklist when I was done speaking. I was looking forward to hearing SQL Server MVP Alejandro Mesa present, and since we were in the same room (him right after me), I wanted to clear out the space to give him time to setup so he wouldn't be rushed. As a result, when I was packing my equipment back in my laptop bag, I left my power adapter on one of the tables there. I didn't realize it was missing until after I had gotten back home, almost 2 hours away from the venue, and long after the event had finished up. I ended up ordering a replacement from Dell Saturday night, but for the second order in a row, it looks like it has gotten lost in their system. I've filed a customer support ticket with them, haven't gotten anything back but the automated email, and I don't expect anything different than, "We're sorry, it's us, not you. Can you place the order again and cross your fingers it will actually go through this time?" So I'll probably be running down to an office supply store looking for a universal one because I'm quite fed up with Dell. I used to be a big fan, but the experiences I've had with them over the last two years means I'm likely done with them as a customer until I hear from peers that things have substantially improved.

The Good

The first was finally being able to hear Alejandro present. He's done some other venues, but I've always had a conflict. When you hear him talk and go through the topic, you understand why his presentations have been highly regarded. I enjoyed the talk immensely, learned a few new things, and enjoyed talking with him. If you haven't met Alejandro, you should. He's a humble guy that knows a ton, is very helpful, and cares about his craft and the community.

The second I was able to meet Jeff Schroeder, another active SQL Server type in the area. His presentation was at the same time as mine, but he came to Alejandro's, and we were able to talk a bit afterwards as a group. Jeff's another knowledgeable guy who has seen some interesting vendor packages and had to come up with creative solutions to attack the issues they cause. So I'm going to follow back up with Jeff, because he's a nice guy, knows his stuff, and brings a different perspective because of his experience that I could learn from.

The third was the venue, the Levine Campus at Central Piedmont Community College. They have a very nice setup that was very conducive to a code camp. I was very impressed with the facilities. I think Alejandro indicated they may be trying to do a SQL Server centric activity there, and the college has agreed to lend the space. Apparently there are some very good, community minded folks there in addition to the awesome setup. We would love to have similar access to facilities half that nice here in Columbia, SC.

The fourth good were some of the ideas that were bounced around in a very short time. Alejandro was making a comment about how hard it is to present on query tuning and optimization on an hour, because to understand what you're seeing, you've got to understand the theory. But to make any sort of headway is hard, because there's more than an hour of material in there. Alejandro was only focusing on plan caching and re-use. He said up front that he wasn't touching recompiles because there was simply no time. One of the things I thought about is having a deep dive track or two during the SQL Saturdays. Where you'd get a topic like query tuning and optimization for the morning and another deep dive in the afternoon, maybe on peformance tuning. I think it's something worth approaching Andy Warren about, so I probably will, especially when both Alejandro and Jeff seemed to think it was a good idea. Some topics just need more time.

So that wraps up my experience for Carolina Code Camp 2009. It was a great code camp and I'm looking forward to going back again next year. Hopefully, Midlands PASS will be able to help out in the organization of it in 2010. We'd certainly like to be included along with the .NET user groups.