Personal Goal Accomplished: Speaking at the PASS Summit

I mentioned on twitter that a family tragedy about a decade ago had resulted in a false start with respect to this goal:

Ten years ago, we were expecting a baby, our fourth. Then an ultrasound revealed that we were having twins. Because we had “MoMo” twins, we immediately moved into the high risk category and that meant an appointment with specialists. Sadly, at that appointment we received devastating news: our twins had passed. If you’ve lost a child to miscarriage, you understand how painful and shattering that is. As the father, it tore my heart in two. The reality, though, is that it’s always worse for the mother. As the father, it took a long time before it was something I could fully come to terms with. I stand by the statement that it’s always worse for the mother. Anything can spark a grief reaction again, even many years afterwards. I’ve seen it with my wife and others I’ve talked to have shared the same thing.

Needless to say, this has always been in the background with me attempting to get back to PASS. There have been other, more prominent reasons. But the loss of the twins so close to going to a PASS Summit always held me in its grasp. A decade is a long time. Though I had faced my grief, our loss still affected me. As a result, when I applied again to speak at PASS, my wife and I talked. It was important for me to try and move forward here. So with much trepidation I made the journey, spoke today, and am glad for it.

So why do I share this? Kevin Kline gave a talk about how much of a family the SQL Server community is. It truly is. Members of the community helped me face my grief. Folks who had been through it, too. And they’ve been supportive over the years. If you’re dealing with something non-technical, chances are someone else in the community has dealt with it or is dealing with it, too. And you might be surprised how quickly they are to walk alongside of you if they just knew. We aren’t just here to help each other technically. We’re here to help each other, no predicate applied.

Should I Be Worried About skip-2.0?

A new piece of malware which hooks into SQL Server, skip-2.0, has been making the tech media rounds. If you’ve not read about it yet or you’re looking for more details, I’ve written a quick article discussing the finer details:

Skip-2.0 Malware Impacts SQL Server – Should I Be Worried?

The big takeaway I’ve been telling folks who have asked about it: skip-2.0 can only be deployed successfully *AFTER* the adversary has administrative rights to the OS. Therefore, it’s not a new way of getting in. It’s a way to maintain access and cover tracks. The real concern is how the adversary can get in. That’s not a SQL Server problem. That’s an OS and account management one.


July 2019 – New Microsoft security update for Spectre variant

If you remember the flurry of news from the beginning of 2018 about side channel attacks called Spectre and Meltdown, Microsoft has included in its July update a patch for a newly discovered Spectre variant 1 attack method. According to Microsoft’s revision announcement, this one does not require a microcode update. Definitely check the security bulletin for the OSes you handle, because there are some known issues.

New Security Update for SQL Server in July 2019 Patches

It doesn’t look like this would affect SQL Server 2008 or SQL Server 2008 R2 since the earliest reported platform is SQL Server 2014, but in Microsoft’s release of patches today, SQL Server is included. Here’s the vulnerability:

CVE-2019-1068 | Microsoft SQL Server Remote Code Execution Vulnerability

It’s a remote code exploit, but the attacker has to be connected to SQL Server because the vulnerability can only be exploited using a specially crafted query. The code would execute in the context of the database engine service account (hopefully not configured to run with administrative rights on the server or elevated rights in Active Directory).

The Microsoft security announcement is here (this is the 2014 GDR link as there other links for other configurations):

Description of the security update for SQL Server 2014 SP3 GDR: July 9, 2019

Why do I mention SQL Server 2008 / 2008 R2? That’s because those versions are no longer under Extended Support and will not receive security updates. If you haven’t migrated, I’ve written an article at Simple Talk talking about your options.

Guidance on Moving Off of SQL Server 2008 and 2008 R2

July 9, 2019 will be here soon. With it comes the end of support, including security updates for SQL Server 2008 and SQL Server 2008 R2 unless you either migrate to Azure or enter into an agreement program with Microsoft. I know quite a few folks are facing this situation, so I wrote a guide covering why to migrate (other than regulatory) as well as what to do if you can’t, over at Simple Talk: The End of SQL Server 2008 and 2008 R2 Extended Support.

Amazon’s Concept of Ownership and Technical Debt

I’m reading Think Like Amazon: 50 1/2 Ideas to Become a Digital LeaderIn talking about Amazon’s pursuit of a second headquarters, John Rossman wrote the following regarding ownership:

Amazon’s second leadership principle is “Ownership,” by which leaders at Amazon strive to never sacrifice long-term value for short-term results.

Where I think this is appropriate is the issue of technical debt. Technical debt is when we choose a less efficient approach for expediency or where we have a situation where some aspect of our system needs an update. This can occur, for instance, as a particular software product we depend on is about to move into Extended Support or move out of support altogether.

Too often I’ve heard there is too much focus on features and new functionality. However, when this selection is done at the expense of paying down technical debt, we are sacrificing long-term value for short-term results. Technical debt carries with it the same concept as monetary debt. There’s an interest rate for technical debt. It may be in how long it takes folks to do some task. It could be in the additional cost to support a product. It could be that the organization is less responsive to change because the technical debt becomes a roadblock for moving forward. As a result, teams start using workarounds just to move forward, which incurs more technical debt. At some point, we have to address that technical debt to reduce what we’re paying in interest.

As an architect, I’m always going to push for this concept of ownership. We can look at the success of organizations like Amazon, Toyota, etc. which take ownership seriously. That track record is my justification for focusing on long-term value.

#tsql2sday – A Letter to My 20 Year-Old Self

T-SQL Tuesday LogoSelf,

I am writing this to you in my mid 40s. I know when I was 20, I wasn’t thinking about 30, much less 40. Here’s some advice I’d give you to learn from.

You’re going to have some doors close that you think should be open. That’s okay. When those doors close, others will open. You will be in ministry, but not full time. Again, this is okay. You will still be in IT. This is how you will be able to do what you do in ministry. Remember, we don’t live to work. We work to live.

Keep being eager to learn. At 45 you are not focused in any one technology area. You often joke that you haven’t been able to figure out what you want to be when you grow up. However, your myriad of skill sets is what allows you to do what you do. As an architect, being well-rounded is key. That’s true of IT in general.

Make peace with leaving the military. It’s not your path. Yes, you will always have a longing to be back. It’s one of those doors that will close. Take what you have learned from your time on Active Duty and apply them in the civilian world. It’s not good to live in the past. Rather, move forward into the challenges of the present for a more exciting future.

Work on your soft skills. You can’t fall back on the excuse of being an extreme introvert. You’re also going to find plenty of validation supporting you being the way you are. However, that doesn’t mean the people you need to influence are going to see your viewpoint unless you can have empathy enough to understand theirs.

Learn to balance your time between work and life outside of work. Work will always ask for more and more and more. You are going to be forced into the position where you will be Choosing to Cheat either work or family. Choose to be faithful to your family first.

That’s a good enough set of action items. Carry them out. Enjoy the journey as you do. And don’t forget to celebrate the wins, especially the wins of people around you.

Previous Older Entries