Press "Enter" to skip to content

Day: June 10, 2026

The Vendor-Security Researcher Relationship

Published 2026-06-10 by Kevin Feasel

Andreas Wolter shares some thoughts:

The recent public discussion around YellowKey and Microsoft’s vulnerability disclosure process has put vulnerability research, coordinated disclosure, and Microsoft’s Security Response Center (MSRC) into the spotlight.   While that specific discussion is about Windows and BitLocker, it exposes a broader problem that many researchers recognize: vulnerability disclosure is often framed as a simple responsibility of the researcher.

The idealized workflow is straightforward: find the issue, report it, wait for the vendor, and accept the outcome.

But coordinated disclosure cannot be a one-way obligation.

Andreas shares some perspective from having been a top security person on the SQL Server team. Along the way, he hits one on of my bugbears: the fact that there is no easy way to tell exactly what login X (or user X) can do on a SQL Server instance. The closest I ever got was to impersonate user X and run sys.fn_my_permissions() in the context of that user. But even that isn’t perfect.

Leave a Comment

The Muddy World of Hybrid Environments

Published 2026-06-10 by Kevin Feasel

Deborah Melkin muddies up the waters a bit:

My first reaction to this sentence was: Oh look, he assumes that everyone is in the cloud…

My next reaction was: Oh look, he acknowledged that maybe everyone isn’t in the clouds in his follow-up examples.

Since the cloud was introduced, the assumption was always going to be everyone will moving to the cloud. “You’ll be behind if you don’t learn the cloud,” they said. Then as people either moved or started looking into moving their databases, they realized they just couldn’t – whether it was due to missing features, higher than expected costs, etc. There was always some reason.

Click through for some of the challenges and realities of organizations where certain cloud-first or cloud-only services would be a major challenge, versus other services that are typically easier to deal with.

Leave a Comment

Gotchas for a Move On-Premises

Published 2026-06-10 by Kevin Feasel

Brent Ozar lists three pain points:

For T-SQL Tuesday #199, Koen Verbeeck posed an excellent question: if your company moved up to the cloud, but after migrating, had to come back on-premises, what would be the big problems?

I’ve had clients in this exact situation! Here are some of my favorite gotchas from those experiences.

Click through for those three. I’d say that the first one is a major issue and will probably be one for the next couple of years—unless the bottom drops out sooner than I expect and we suddenly have a rush of used hardware from highly unprofitable organizations hit the market.

Leave a Comment

Thoughts on a Cloudless World

Published 2026-06-10 by Kevin Feasel

Mike Donnelly has some tongue-in-cheek responses:

There are some serious angles to this topic, and I have had conversations with people at conferences who are doing a remigration from the cloud, but it feels like the exception not the rule. It is interesting to think about. I spent most of my career working with on-prem SQL Server, but there was a period of about 10 years (the consulting years) where I didn’t touch anything that wasn’t in the cloud. The past several years have been working in a hybrid environment, but most of the work has been moving things to Azure and Fabric. Koen has some prompts for what our blog posts could be about, but rather than dive deep into any one thing I’m going to go with the blog writer’s best friend – a top 10 list.

The funny thing is, in my time as an on-premises DBA, I never dealt with hardware and didn’t have access to the server room.

Leave a Comment

The Importance of Working with People

Published 2026-06-10 by Kevin Feasel

Mark Wilkinson hits migration from a different angle:

I haven’t written a blog post (here) in over 5 years, so what better time to start things back up than a T-SQL Tuesday? Big shout out to Koen Verbeeck for hosting this month, and picking a great topic: Back to on-prem?

As someone that just ended a 10+ year stint managing a hybrid environment, this topic is very near and dear to me. I went back and fourth on what to write about for this one. There are a lot of great topics. Reliability and observability almost won out but instead I landed on maybe an unexpected topic: soft skills.

Regardless of whether your company is fully on-prem, fully in the cloud, fully hybrid, or fully without a clue, Mark’s advice hits home. And is also one of those things I’ve struggled with.

Leave a Comment

Skills for Cloud-to-On-Prem Migration

Published 2026-06-10 by Kevin Feasel

Reitse Eskens focuses on a set of skills:

This month, Koen Verbeeck invites the blogging community to write about their thoughts on returning to on-premises. What could be struggles, things we have to re-learn, etcetera.

When I read the invite, it immediately sparked inspiration, because there are increasing rumours around cloud exits. People musing about ‘what if’. Some clients reference these questions, but so far no one has directly asked me one with the intent of moving forward with it.

Click through for Reitse’s thoughts.

Leave a Comment