Curated SQL – Page 402 – A Fine Slice Of SQL Server

The Security of TDE

Published 2023-01-04 by Kevin Feasel

Matthew McGiffen explains one area of limitation with transparent data encryption:

TDE encrypts data stored on the file system, so it should be pretty clear that we are trying to protect ourselves from an attacker who gets access to our files. You would be right in suggesting that shouldn’t be allowed to happen. Access controls should be in place to prevent inappropriate access. The reality though is that sometimes we get hacked and someone is able to work around our access controls. Sometimes backup files are stored offsite with a different organization where we do not control the access. That is why we have encryption – encryption is an extra line of defense. TDE offers no protection however against individuals who have direct access to query the database.

Let’s say someone does get access to our files – does TDE mean we are still sufficiently protected?

My problem with TDE is something Simon McCauliffe wrote about a few years back (Wayback Machine link because the actual site went down in 2020): if you have root-level access to the server, you can ultimately get access to all of the keys to break TDE. I suppose the level of effort involved is high and that will mitigate the risk, but it’s always there.

2 Comments

Testing BIGINT Support in Applications

Published 2023-01-04 by Kevin Feasel

Michael J. Swart reminds us that it’s not just the database which needs to be able to handle large values:

In the past I’ve written about monitoring identity columns to ensure there’s room to grow.

But there’s a related danger that’s a little more subtle. Say you have a table whose identity column is an 8-byte bigint. An application that converts those values to a 4-byte integer will not always fail! Those applications will only fail if the value is larger than 2,147,483,647.

This post specifically pertains to identity columns but don’t forget those non-identity columns when testing.

Comments closed

A Review of Prometheus Changes at PromCon

Published 2023-01-03 by Kevin Feasel

B.C. Gain reports on sessions from PromCon EU 2022:

Prometheus’ installations are now in the hundreds of thousands range with millions of users, Richard (RichiH) Hartmann, director of community at Grafana Labs and a CNCF Technical Advisory Group Observability chair, said during his talk “I don’t have to convince this room that Prometheus is a de facto standard in cloud native metric based monitoring.”

But as Prometheus’ maintainers celebrate its 10-year anniversary, the community’s needs for monitoring Kubernetes are evolving quickly. Users are also becoming smarter about what they want and need. PromCon EU 2022, held in Munich in November, the Prometheus annual user’s conference, served as a forum about how and why Prometheus must evolve and what Prometheus maintainers must do.

Prometheus is a critical part of the modern service monitoring stack; read on to learn more about histogram updates and work at the core which should help Prometheus users along the way.

Comments closed

Purview Year in Review

Published 2023-01-03 by Kevin Feasel

Wolfgang Strasser has been on the Purview beat:

A lot happened in the Microsoft Data Governance area, especially in the area of Microsoft Purview Data Governance.

Let’s go back in history and wrap up the announcements that have been made in Microsoft (Azure) Purview area. My main source for this summary is the Security, Compliance and Identity Blog.

Wolfgang has the set of changes as a bulleted list for easy digestion.

Comments closed

Avoid Unnecessary Indexes: Postgres Edition

Published 2023-01-03 by Kevin Feasel

Laetitia Avrot has some advice:

This is why, when I’m called for a performance problem (or for an audit), my first take is to look at the size of the data compared to the size of the indexes. If you store more indexes than data for a transactional workload, that’s bad. The worst I’ve seen was a database with 12 times more indexes stored on disk than data! Of course, it was a transactional workload… Would you buy a cooking book with 10 pages of recipes and 120 pages of indexes at the end of the book?

The problem with indexes is that each time you write (insert, update, delete), you will have to write to the indexes too! That can become very costly in resources and time.

Click through for some Postgres-specific guidance and links to some useful scripts along the way.

Comments closed

Recovering a Deleted Azure Key Vault Key

Published 2023-01-03 by Kevin Feasel

Hugo Calzada Martin recovers from an oopsie:

If we have a Customer-managed TDE (Transparent Data Encryption) and we delete by mistake the entire “Azure Key Vault” or just the “Key” object, the database will be inaccessible:

Read on for Hugo’s response as well as how to recover from this scenario. There are examples of how to do this in the Portal, in Powershell, and the CLI.

Comments closed

DAX Window Functions and Power BI DirectQuery

Published 2023-01-03 by Kevin Feasel

Chris Webb points out another benefit of DAX window functions:

The new DAX window functions (announced here, more details on Jeffrey Wang’s blog here and here) have generated a lot of excitement already – they are extremely powerful. However one important benefit of using them has not been mentioned so far: they can give you much better performance in DirectQuery mode because they make it more likely that aggregations are used. After all, the fastest DirectQuery datasets are the ones that can use aggregations (ideally Import mode aggregations) as much as possible.

As always, Chris has a demo for us, so check it out.

Comments closed

Calculating Future Value for Power Query

Published 2023-01-03 by Kevin Feasel

Imke Feldmann continues a series on M functions:

Excel’s FV function returns the future value of an investment based on a constant interest rate. Like for the PV-function, I could use the calculation logic from Greg Deckler:

Read on for the script and explanation.

Comments closed

Running SQL Server on an M2 Processor

Published 2023-01-03 by Kevin Feasel

Anthony Nocentino operates a Mac:

Last week I purchased a shiny new MacBook Air with an M2 processor. After I got all the standard stuff up and running, I set out to learn how to run SQL Server containers on this new hardware. This post shows you how to run SQL Server on Apple Silicon using colima.

Colima is a container runtime that runs a Linux VM on your Mac. This Linux VM runs using the Virtualization framework hypervisor native in MacOS. Your containers will run inside this virtual machine.

Read on to see what you’d need for the task.

Comments closed

Using the Softmax Classifier in PyTorch

Published 2023-01-02 by Kevin Feasel

Muhammad Asad Iqbal Khan takes us through one of the classifier options available to PyTorch:

While a logistic regression classifier is used for binary class classification, softmax classifier is a supervised learning algorithm which is mostly used when multiple classes are involved.

Softmax classifier works by assigning a probability distribution to each class. The probability distribution of the class with the highest probability is normalized to 1, and all other probabilities are scaled accordingly.

Read on to learn some of the properties of the Softmax classifier, as well as how you can use this for multi-class classification in PyTorch.

Comments closed

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

Curated SQL Posts