Press "Enter" to skip to content

Author: Kevin Feasel

Data Correlation Optimization and Cross-Database Data Leaks

Published 2026-01-08 by Kevin Feasel

Fabiano Amorim shows off a vulnerability:

This vulnerability involves restoring a database into a DBaaS and uses a “corrupted” internal view, effectively turning the engine’s own intelligence against itself.

The exploit is elegant in a disturbing way, since there’s no need for xp_cmdshell, CLR, or any of the usual suspects – just a carefully crafted .bak file and SQL Server’s unwavering belief in its own metadata integrity.

The payload hides where no DBA would look – system tables that are supposed to be immutable – and executes under a context that was never meant to be controllable by the user.

This is not a misconfiguration or a permission trick – it’s a design flaw rooted in how the SQL Server engine trusts its persisted metadata, and how that trust persists across the boundary between a user-managed instance and a cloud-managed environment.

This kind of fits in the “Neat, but not incredibly practical” bucket for me, so I can understand Microsoft marking this as a low-risk security issue.

Leave a Comment

Notes on Axis Scale in Visuals

Published 2026-01-08 by Kevin Feasel

Amy Esselman keeps track of axis:

One of the most common pitfalls in data visualization is manipulating axis scales in ways that distort the story. A frequent example is the use of logarithmic scales where they are not appropriate.

Let’s walk through a case where this choice can mislead, even if unintentionally.

Amy has some good guidance on when you should use log scale, as well as a good example of a case where applying it incorrectly can lead to distorted results.

Leave a Comment

Configuring a Point-to-Site VPN in Azure

Published 2026-01-08 by Kevin Feasel

Aleksey Vitsko wants access to private endpoints:

You have resources in Azure (including, but not limited to, Azure SQL), and you have a task at hand to eradicate usage of public endpoints. Security requirements are to start communicating with resources, such as database servers through encrypted VPN channels.

This is the “people in my office will use this” VPN, whereas Azure also has a Point-to-Point VPN for individuals and remote workers.

Leave a Comment

Parameter Sensitivity Training

Published 2026-01-08 by Kevin Feasel

Erik Darling finally gets HR involved. The sad and/or clever part is that I wrote that line before Erik made the joke.

This is Part 1 in a set of videos covering Erik’s talk for PASS Data Community Summit in 2025. As is usual, Erik’s videos are worth watching even though he doesn’t give me even one paragraph that I can copy and include as a graf here, meaning that I need to type in more in order to make it so that any RSS feed reader connected to Curated SQL doesn’t panic and force you to open the post because it’s too short, and thus causing me to write even longer run-on sentences than I normally would write, though I typically indulge myself in run-on sentences so the blame isn’t 100% on Erik; in short, Erik allows me to use semi-colons more often, and I appreciate it.

Leave a Comment

Windows Server 2025 and NVMe Support

Published 2026-01-08 by Kevin Feasel

Anthony Nocentino brings good tidings:

If you’re like me, you’ve probably been following Microsoft’s announcement about native NVMe support in Windows Server 2025 with great interest. While it’s limited to local drives, how about we break that rule and leverage our virtualization layer extend NVMe benefits throughout the entire storage stack, even to remote storage like a FlashArray? I decided to test that scenario, and the results are awesome. In this post, you will learn how to make your SQL Server workload about 25% faster without changing any code in your application. Let’s go.

I like when things are faster without me having to do anything.

Leave a Comment

Using Fabric Cost Analysis

Published 2026-01-08 by Kevin Feasel

James Serra tries out a tool:

Enter Fabric Cost Analysis (FCA) – a free, open-source solution available to everyone on a Microsoft GitHub repository, designed to shine a light on all your Microsoft Fabric costs. FCA was developed by a multidisciplinary team (Cedric DupuiManel OmaniAntoine Richet, and led by Romain Casteres) with expertise spanning FinOps, Data, and Go-To-Market, with a clear goal: turn a major adoption barrier into a strategic lever for growth.

Conceived directly from customer questions, FCA answers the things people actually want to know: What are we really paying for? What’s included? Where are the optimization opportunities? It doesn’t just track costs—it builds trust, helps organizations explain spend internally, and ultimately accelerates Fabric adoption.

Read on to see what it includes and how it works.

Leave a Comment

Thoughts on AI-Driven Database Development in 2026

Published 2026-01-07 by Kevin Feasel

Brent Ozar shares some thoughts:

In the PollGab question queue for Office Hours, MyRobotOverlordAsks asked a question that merited a full blog post answer:

My company announced during some AI training that within the next 12 months we won’t be writing any of our own code. Instead, we’ll be babysitting agents. What’s your opinion on this from a DB dev / DBA POV? MSSQL Dev tends to lag, so I’d personally be surprised.

If this sounds completely alien to you, check out this blog post by developer Armin Ronacher. In it, he discusses how 2025 was the year when he reluctantly shifted his development process to the point where now he spends most of his time doing exactly what MyRobotOverlordAsks’ company is proposing: rather than writing the code directly, he now asks AI tools to build and debug things for him, and he spends his time tweaking what they produce. (Update 2025/01/07: for another example, check out Eugene Meidinger’s post on his uses of AI.)

Brent is generally bullish on the idea. I agree that a lot of companies will move in this direction, but am not at all bullish that it’ll work well. I think this is mostly the latest iteration of Stack Overflow-driven development, except with less copy and paste of bad code and more generation of bad code.

If you want the really spicy version of this take, you’ll have to talk to me in person.

Leave a Comment

Randomly Moving the Mouse Cursor in R

Published 2026-01-07 by Kevin Feasel

Tomaz Kastrun has been so busy, his screensaver never comes on, even when he’s out at lunch:\

New R Package called LazyMouse with single function for randomly moving mouse cursor in your favorite R IDE.

For every R developer, R data scientists and all those everyday R users, that also need a break and do not want the computer to go into sleep mode.

Read on to see how it works. And jokes aside, there have been times in which I’ve wanted something like this to keep the screen from locking up or drives going to sleep when running heavy work overnight on a device I can physically control (i.e., not a workstation I’m leaving on at the office).

Leave a Comment

Creating a Variable Library in Microsoft Fabric

Published 2026-01-07 by Kevin Feasel

Laura Graham-Brown opens a library:

This post to help you get started creating a variable library. When multiple dataflows, notebooks and pipelines are using the same details to perform tasks it helps if those values are stored in one place. When you move to use deployment pipelines and those values change from your development workspace to your test workspace to your prod, it helps if that is easy. The solution in Microsoft Fabric is a Variable Library to store those common values.

Click through for step-by-step instructions on the process.

Leave a Comment