Press "Enter" to skip to content

Author: Kevin Feasel

Don’t Enable TRUSTWORTHY on SQL Server

Published 2024-06-21 by Kevin Feasel

Jeff Iannucci shares good advice:

If you have ever used our free tool to check SQL Server security, you may have seen the check for the “TRUSTWORTHY database owned by sysadmin” show up as one of the highest of priority items, requiring action. When we started reviewing the security permissions and configurations for our clients’ instances, we didn’t expect to find it very often since TRUSTWORTHY database setting is off by default.

Unfortunately, this has been discovered with some frequency, and when combined with a few other common practices, it presents a tremendous vulnerability to escalate privileges for both authorized users and hackers.

Read on to learn more about this. And to supplement, I will once again link Solomon Rutzky’s outstanding guide on the topic.

Comments closed

An Overview of Spark in Microsoft Fabric

Published 2024-06-20 by Kevin Feasel

Reza Rad gives people a primer on Apache Spark:

Microsoft Fabric runs some workloads under the Spark engine, but what is it really? In this article, I’ll take you through the question of what Spark is, What benefits it has, how it is associated with Fabric, what configurations you have, and other things you need to know about it.

Reza talks a bit about history, interaction with languages, etc. As a quick addition to the languages list, you can use .NET languages like F# and C# with Spark, though it does involve setting up dotnet/spark and there are some open questions about its future. And I’m not even sure you could get it to work with Microsoft Fabric.

Comments closed

Restoring a SQL Server 2000 Backup in 2024

Published 2024-06-20 by Kevin Feasel

Randolph West turns back the clock:

Problem statement: I have a SQL Server 2000 database backup that I need to restore to a supported version of SQL Server (preferably SQL Server 2022). How do I do that?

Read on for Randolph’s answer on how to do this. Pre-2008, things may get a little shaky, as that’s back when Microsoft really deprecated functionality. So even if you do restore a backup using this technique, I do wonder what happens if you were using a deprecated datatype like NTEXT or TIMESTAMP. As of SQL Server 2022, those are still in the product, so I don’t have a good example so much as a bit of niggling paranoia.

Comments closed

Security Tips for Backups in SQL Server

Published 2024-06-20 by Kevin Feasel

Mike Walsh shares a few tips:

There are obviously many things to check when it comes to SQL Server security. We’re talking about a lot of those elements of security this month. Today I want to talk a little more about backups as it relates to their role in securing your SQL Servers.

When it comes to your backups and security in SQL Server –>

Read on for five tips to help ensure your backup strategy is doing what you intend it to do, but is also not a real attack vector at the same time.

Comments closed

Advance Notifications for Azure SQL MI

Published 2024-06-20 by Kevin Feasel

Uros Milanovic gives us a heads up:

Advance notifications allow you to prepare for planned maintenance events on your SQL Managed Instance resources. They alert you 24 hours before a planned maintenance event. Advance notifications work hand-in-hand with SQL Maintenance Windows – with the two combined, you gain control over when your managed instances receive updates and receive a notification ahead of time.

Read on to learn more about how this works. There is a bit of setup involved to subscribe to these, though Uros provides a link to a guide on how to do it.

Comments closed

Postgres Vacuuming and Transaction ID Wraparound

Published 2024-06-20 by Kevin Feasel

Andreas Scherbaum explains what Transaction ID Wraparound is and how you can avoid it:

PostgreSQL uses Multi-Version Concurrency Control (MVCC) to manage concurrent access to the database, and store each version of a tuple in a table. To keep the database efficient, PostgreSQL employs a cleanup process called VACUUM, which removes unnecessary tuples. This not only saves disk space and keeps the database size under control, it also prevents the dreaded “Transaction ID Wraparound” issue. Regularly running VACUUM is crucial, including on the template0 database, which is normally handled by the Autovacuum daemon. However, sometimes manual intervention is necessary.

Read on to learn more.

Comments closed

An Overview of gganimate

Published 2024-06-19 by Kevin Feasel

Dario Radecic shows off a neat library:

The main criticism people have when it comes to ggplot2 is the static nature of the charts it has to offer. Truth be told, it will never be an interactive visualization king like Highcharts, but it doesn’t mean animation is out of the picture.

Meet R gganimate – a natural extension of ggplot2 that allows you to visualize your data change through time or some other variable, and then render and export the chart as a set of PNGs, or a single GIF/MP4.

Click through to learn more about it. I remembered the original gganimate and was going to say, “Wow, I hadn’t heard of that library in forever.” But it turns out that Thomas Lin Pedersen built a newer version of the library and has added in quite a bit of functionality since the last time I looked. H/T R-Bloggers.

Comments closed

New Video: Online Passive-Aggressive Algorithms

Published 2024-06-19 by Kevin Feasel

I have a new video:

In this video, I cover the series of classification algorithms with the best possible name: online passive-aggressive algorithms.

I remember, when reading up on this, being incredulous that the idea even worked. But it turns out that it’s actually pretty good in practice, especially on constrained hardware. Still, this is definitely an algorithm you’d want to test in comparison to others before jumping right in, as there’s a risk you can end up with terrible results.

Comments closed

Automating SQL Server Installation via Powershell

Published 2024-06-19 by Kevin Feasel

Vlad Drumea performs an installation:

In this post I cover a script I’ve been using to automate SQL Server installation with PowerShell in my home lab.

As opposed to my previous blog post that demos the creation of a SQL Server Developer edition container, this installs a full-fledged SQL Server instance.

Read on for an overview of the script, from where you can download it, and how it works.

Comments closed