A Fine Slice Of SQL Server
Amy Esselman keeps track of axis:
One of the most common pitfalls in data visualization is manipulating axis scales in ways that distort the story. A frequent example is the use of logarithmic scales where they are not appropriate.
Let’s walk through a case where this choice can mislead, even if unintentionally.
Amy has some good guidance on when you should use log scale, as well as a good example of a case where applying it incorrectly can lead to distorted results.
Leave a CommentFabiano Amorim shows off a vulnerability:
This vulnerability involves restoring a database into a DBaaS and uses a “corrupted” internal view, effectively turning the engine’s own intelligence against itself.
The exploit is elegant in a disturbing way, since there’s no need for
xp_cmdshell, CLR, or any of the usual suspects – just a carefully crafted .bak file and SQL Server’s unwavering belief in its own metadata integrity.The payload hides where no DBA would look – system tables that are supposed to be immutable – and executes under a context that was never meant to be controllable by the user.
This is not a misconfiguration or a permission trick – it’s a design flaw rooted in how the SQL Server engine trusts its persisted metadata, and how that trust persists across the boundary between a user-managed instance and a cloud-managed environment.
This kind of fits in the “Neat, but not incredibly practical” bucket for me, so I can understand Microsoft marking this as a low-risk security issue.
Leave a CommentErik Darling finally gets HR involved. The sad and/or clever part is that I wrote that line before Erik made the joke.
This is Part 1 in a set of videos covering Erik’s talk for PASS Data Community Summit in 2025. As is usual, Erik’s videos are worth watching even though he doesn’t give me even one paragraph that I can copy and include as a graf here, meaning that I need to type in more in order to make it so that any RSS feed reader connected to Curated SQL doesn’t panic and force you to open the post because it’s too short, and thus causing me to write even longer run-on sentences than I normally would write, though I typically indulge myself in run-on sentences so the blame isn’t 100% on Erik; in short, Erik allows me to use semi-colons more often, and I appreciate it.
Leave a CommentAleksey Vitsko wants access to private endpoints:
You have resources in Azure (including, but not limited to, Azure SQL), and you have a task at hand to eradicate usage of public endpoints. Security requirements are to start communicating with resources, such as database servers through encrypted VPN channels.
This is the “people in my office will use this” VPN, whereas Azure also has a Point-to-Point VPN for individuals and remote workers.
Leave a CommentEnter Fabric Cost Analysis (FCA) – a free, open-source solution available to everyone on a Microsoft GitHub repository, designed to shine a light on all your Microsoft Fabric costs. FCA was developed by a multidisciplinary team (Cedric Dupui, Manel Omani, Antoine Richet, and led by Romain Casteres) with expertise spanning FinOps, Data, and Go-To-Market, with a clear goal: turn a major adoption barrier into a strategic lever for growth.
Conceived directly from customer questions, FCA answers the things people actually want to know: What are we really paying for? What’s included? Where are the optimization opportunities? It doesn’t just track costs—it builds trust, helps organizations explain spend internally, and ultimately accelerates Fabric adoption.
Read on to see what it includes and how it works.
Leave a CommentAnthony Nocentino brings good tidings:
If you’re like me, you’ve probably been following Microsoft’s announcement about native NVMe support in Windows Server 2025 with great interest. While it’s limited to local drives, how about we break that rule and leverage our virtualization layer extend NVMe benefits throughout the entire storage stack, even to remote storage like a FlashArray? I decided to test that scenario, and the results are awesome. In this post, you will learn how to make your SQL Server workload about 25% faster without changing any code in your application. Let’s go.
I like when things are faster without me having to do anything.
Leave a Comment