Editorial

Unethical or Just Sneaky

One of the fundamental rules of a stable, controlled production system is that you apply updates singly, after they've been tested, and you document the change. This way you can ensure that if a problem occurs, you can do some backtracking to see what might have caused instability.

So when I saw this piece about stealth updates, and a related opinion piece, I was stunned.

As much as I like many of the people at Microsoft, this is the type of arrogance and "we're smarter than you" attitude that needs to be stopped. And this alone, this one thing, would make me support some regulation of Windows as an OS by the government. Make some bureaucrat sign off on all patches.

I don't care if these are the best, most stable, secure, well written patches ever built anywhere. DO NOT UPDATE MY PC without my knowledge. It's a family show, so I've removed the four letter bombs that originally decorated this editorial.

Now I know most people use automatic updates, and that's ok. For the average user, this might cause some issues, but it's acceptable if they choose to use automatic updates. But if they don't, then don't force anything on them. If anyone's doing the forcing, it should be a government, and I don't even like that.

There's a blog entry from Microsoft PM Nate Clinton that attempts to explain things. It does an ok job of explaining that the "stealth" install doesn't happen if automatic updates aren't installed. It says that it does stealthily install if you download, but ask to be notified. Why?

According to the Mr. Clinton (not the ex-President, but an answer worth of the same), "The answer is simple.".

You can read his explanation, but basically he says that users would think they were being updated, but they wouldn't be able to because the client wasn't updated.

Huh?

You notice they didn't have any trouble telling you that without WGA you wouldn't be patched. What a load. You messed up (substitute your own four letter word here).

I have to think this violates the Sarbanes-Oxley laws for companies and they should be complaining. Every single patch or change to a financial system, which are Windows based in many cases, needs to be tracked and noted. Microsoft can't be making changes to any desktops or servers without an administrator for a company agreeing to the change.

And those days of patches causing problems? They're not gone. Think about the Skype outage recently. I know one of my main SQLServerCentral.com programs, the one that loads articles, has changed behavior twice in the last few months. It's a simple .NET app and it started acting differently a little over a month ago, with dialogs not coming to the front of the screen. That wasn't a big deal, but after the latest patches, it won't even run anymore.

Now that's not something I was looking forward to dealing with.

For an interesting look on this release, read about Microsoft's PR blogging.

Watch Your Clock

Daylight savings time will be late this year, not moving until Nov 4. So if you haven't updated your machines and did the manual switch (twice), then get ready to do it again (twice). Instead of Oct 28, it will be Nov 4 this year.

If you are worried, Microsoft is working on some tools that you have to apply yourself. No stealth changes here.

Steve Jones

If your server went down today, which DBA would you rather be?   A) The PANIC-Button PusherB) The Exceptional DBA Type B, right? And the Exceptional DBA's secret? SQL Backup. Trusted by over 1,000 organizations worldwide for faster, smaller, secure, backups, try SQL Backup to see how you too can make the most of your hours in the office. "We recovered 20 databases (some over 60 GB) in 1.5 hours [with SQL Backup]. What used to take us the entire day is now a pleasure, painless and stress free." Russell Fogg Rennies Bank Ltd.   Download your free trial of SQL Backup PLUS grab a free office cube poster with expert DBA tips If your server went down today, which DBA would you rather be?

Please support us by visiting our sponsors

All the headlines and interesting SQL Server information that we've collected over the past week, and sometimes even a few repeats if we think they fit. These headlines are gathered throughout the week and are posted in real time at the website. Check there for information throughout the week or enjoy this weekly summary of the SQL Server world.

Tech News

Data explosion shakes up IT - In just three years, the bytes of data generated by digital cameras, mobile phones, business IT systems and other tech devices will equal the number of grains of sand on the world's beaches. It's a mind-boggling estimation from market analysis company IDC. But it reflects the proliferation of device...(more)

Security

Hacked GOP site infects visitors with malware - A Republican Party Web site has been hacked, and for some time it has been spreading a variation of the long-running Storm Trojan horse to vulnerable visitors, a security researcher said Friday....(more)

Tech News

The eight secrets that make Apple No. 1 - Last week I wrote about how Apple's growing success will trigger accusations that it is a monopolistic, copycat bully and why the company should be defended against such complaints. This week, I'll discuss the secrets of Apple's growing success and call on PC makers and consumer electronics companie...(more)

Fears of spending slowdown spook the IT sector - Concerns about a spending slowdown continue to make IT investors nervous. The tech-heavy Nasdaq Composite Index closed Thursday at 2601.06, down from the 2700 level two months ago....(more)

General Interest

The One-World Video-Game Challenge - Technologies being developed to make massive multiplayer games handle more people could be beneficial to the financial industry....(more)

Tech News

VMware Gives Microsoft the Touch of Death - Does the new hardware-embedded hypervisor make Viridian obsolete before it ships? The "touch of death" is a martial art that supposedly allows its practitioner to apply a deadly blow without his opponent even feeling it, sometimes succumbing hours or days later. ...(more)

Security

Taking a Risk-Based Approach to SOX Compliance - With the fruits of a risk-based approach being less work, greater levels of compliance, and fewer headaches with regulators, why isn't every company using these methods? Auditor variance is one issue. But Richard Noguera, director of Risk Management-Compliance at McAfee, said a solid controls framew...(more)

Disaster Recovery

Despite 9/11, IT is 'overconfident' about disaster recovery - Six years after the events of 9/11, many corporate IT operations are overconfident about their ability to handle a disaster, according to a Forrester Research, Inc. report released on Tuesday. The survey of 189 data center decision makers found a severe lack of IT preparation for natural and manmade...(more)

Tech News

Dark secrets and ugly truths: When ethics and IT collide - It still weighs heavily on Bryan's mind, what he found on that executive's computer, especially when he thinks of his own daughters. He's particularly troubled that the man he discovered using a company computer to view pornography of Asian women and of children was subsequently promoted and moved t...(more)

Data Mining/Warehousing

Business Intelligence Goes Virtual - Business Objects joins the growing list of software companies offering virtual appliances compatible with the VMware infrastructure....(more)

Tech News

MySQL Upgrades Flagship Database, Services - In its first major refresh in nearly two years, MySQL is set to release a new version of its flagship open source database accompanied by a bevy of new tools and beefed up subscription based services....(more)

Sun to sell Windows Server boxes - In a stunning move, Sun has announced that it is becoming a Microsoft OEM and will begin selling Sun servers bundled with Microsoft Windows Server 2003....(more)

Security

'Virtual' Vulnerabilities About to Become Reality - Hypervisors gone bad. Malware spreading from one virtual machine to another. Virtualization-based rootkits evading detection. Such threats look scary on a PowerPoint slide, but are they worth losing sleep over tonight? Probably not, experts say. Virtualization is still in its early stages of deploym...(more)

Disaster Recovery

Fault-Tolerance Systems Go Virtual - Stratus Technologies and NEC of America are about to bring virtualization to fault-tolerant systems.

At the 2007 VMworld Conference here, the two companies each are demonstrating fault-tolerant systems that use VMware's ESX Server as part of the platform. The new systems will allow all t...(more)

WebCasts

Webcast: Programming SQL Server 2008 - Monday, September 17, 2007
1:00 PM Pacific Time
Microsoft SQL Server 2008, code name "Katmai," introduces a significant amount of new or improved functionality, including new data types, in addition to performance and security enhancements. In this webcast, we discuss how you can...(more)

Microsoft News

Microsoft to push mandatory Messenger upgrade - Microsoft Corp. will force users of its aged MSN Messenger instant messaging software to upgrade to Windows Live Messenger 8.1 in response to a vulnerability in the older program that was made public Tuesday....(more)

Patches, Bugs

Microsoft Visual Studio Two ActiveX Controls Insecure Methods - shinnai has reported some vulnerabilities in Microsoft Visual Studio, which can be exploited by malicious people to overwrite arbitrary files or potentially compromise a vulnerable system....(more)

Microsoft News

Microsoft Preps for Daylight-Saving Time Headaches - Microsoft is taking steps to ease the transition back from daylight-saving time....(more)

What the Hell Is Microsoft Doing with My Computer? - Listen carefully. They're my computers. They're not your computers. I choose to put Windows on some of them. I choose what applications go on them. I choose when, and how, to upgrade them. Is that clear? Well, none of that is clear to Microsoft. We now know? we don't suspect? we know that Microsoft ...(more)

Patches, Bugs

Microsoft Visual Basic VBP File Processing Buffer Overflow - Koshi has reported a vulnerability in Microsoft Visual Basic, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing .VBP files and can be exploited to cause a buffer overflow via a specially crafted .VBP file.(more)

A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system. - A vulnerability has been reported in Microsoft Windows Services for UNIX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error in Windows Services for UNIX and the Subsystem for UNIX-based Applications component when h...(more)

Microsoft Agent URL Handling Memory Corruption Vulnerability - A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Microsoft Agent component when handling URLs and can be exploited to cause memory corruption via a specially craft...(more)

Hardware News

A New Way to Read Hard Disks - Researchers believe that the magneto-electric effect might be key to creating the sensors needed for ultra-high-capacity memory....(more)

Analysis Services / BI

The Unified Dimensional Model (UDM) - It's coming up to London Fashion Week so I thought a post on models for all you dedicated followers would be good. The models in this post are rarely size zero ! So what is one of these? Technorati isn't much help but if you look hard you will find some posts e.g. by one of my predecessors Mat Ste...(more)

Performance and Tuning

SQL Server: The proper and fastest way to check if rows matching a condition exist - You wouldn't believe how many times i've seen this code...(more)

T-SQL

Filtering transactions by month (plus other time periods) - Previously, I wrote about grouping transactions by month. Another common area of difficulty or confusion for SQL beginners is how to efficiently retrieve data just for a single month....(more)

Database Design, Theory and Development

Follow up on compression post: Columns, indices, and sorting - Earlier this week I wrote about the advantages of compression in column-oriented databases (read the post here). A reader had questions about an example I used and the issue of sorting and indexes. I thought the commenter's points and questions were worth exploring in some depth....(more)

SQL Server 2005

SSMS Restore backup error - We had a requirement to allow someone to create and restore databases on a test server today and i thought to myself "Thats easy, i`ll just grant the "Create Any Database" right to the appropriate user, thats when the pain began!...(more)

Career

Consulting: It's a lot like running your own business... - Every once in a while* somebody will ask what it's like to be a consultant @ Microsoft. The successful choose their own gigs carefully, which is easy in the up economy that we have now where demand exceeds supply. Let's pray that continues for a lot longer!...(more)

Database Design, Theory and Development

Do we need a new term? Metametadata? - Malcolm's got a good perspective that doesn't get discussed often enough by practitioners of the black arts (data modeling, database design, database architecture, whatever -- datamancy? dataturgy? gross!)....(more)

Security

Security roles - In a previous post, I talked about the various types of principals in SQL Server. Let's have a further look in this post at permissions and at some of the hardcoded principals that ship with any installation of SQL Server....(more)

Basic SQL Server Security concepts - ownership chaining: good and evil; schemas - At some point during SQL Server's history, its designers must have confronted the following problem: how to give someone permission to see parts of a table without giving him any permission on the table? Slices of a table are easily defined using views, so the problem becomes one of giving SELECT pe...(more)

Database Design, Theory and Development

Geek City: The Resource Database - Long shrouded in mystery, this nebulous hidden database has long been a source of burning curiosity to SQL Server administrators and developers alike. Like a mirage in the deep desert, as soon as you get close, it is no longer there. Like a shimmer seen from the corner of your eye, as soon as you l...(more)

High Availability

How to tell if the IO subsystem is causing corruptions? - If the corruption happens to be related to I/O Erros and there is nothing in the Event log or anywhere that points to I/O related issues, is there any Trace flag that we can enable when performing checkdb or checktable operations that can show us any information related to I/O Problems, Driver issue...(more)

Common bad advice around disaster recovery - Now that I have a little more time on my hands I've been jumping back into some of the online forums. Last summer I posted on a few bits of bad advice I've seen in the forums but yesterday I was stunned by some of the terrible advice I saw being given out. So, I'd like to post a new and longer colle...(more)

Career

On Preparing for the MCITP: BI Developer Certification - Kudos to world-reknowned consultant, trainer and blogger Teo Lachev, founder of Prologika and author of Applied Microsoft Analysis Services 2005, on his latest efforts. A new training guide, MCTS Self-Paced Training Kit (Exam 70-445): Microsoft SQL Server 2005 Business Intelligence?Implementation an...(more)

Where Have the DBA's Gone? - As my children get older I start to play more and more advanced games with them. First, we started with rattles and things that made noise. Then we moved to chasing around the room and the well-known "Tickle Monster". Recently it has been games that involve communication skills and reasoni...(more)

Analysis Services / BI

One Version of the Truth - One of the most over used phrases in Business Intelligence is "one version of the truth" so I thought it would be good to discuss why it's important and what IT professionals can do to achieve it. In an imaginary organisation like adventure works there would be several line of business sy...(more)

Hardware

The Multi-Tier Storage Solution - For many DBAs performance is a huge problem. I know I've currently got systems that have their bottlenecks. One of the bottlenecks in a lot of SQL Server systems is in tempdb. There were a lot of things in SQL2K that relied on tempdb and Yukon increased that dependency by several fold (or made it wo...(more)

Software Development

Sustained Engineering Process - In an earlier post I mentioned how we create the initial ideas for our software features. This may be a different process than you've seen at other software shops. Another big difference in the way the SQL Server organization does things is how we implement those ideas in the coding process. This ha...(more)

T-SQL

Group by Month - When you need to summarize transactional data by Month, there are several ways to do it, some better than others. What to ultimately choose depends on your needs, but remember: Keep it short and simple in T-SQL, and always do all of your formatting at your presentation layer where it belongs...(more)

Database Design, Theory and Development

Good things come in small packages: The advantage of compression in column databases - One of the key performance features of column databases that Mike mentioned in his previous post was the aggressive use of data compression. In this post, we'll discuss how column-oriented databases are able to more effectively exploit compression than a typical row-oriented system. There are two ke...(more)

Reporting Services

SSRS 2008 Variables - As I mentioned in my Under the Hood post, the SSRS 2008 engine has been redesigned to perform on-demand report processing for better scalability. As a result, textbox values are calculated on-demand every time the containing page is rendered. Irrespective of the on-demand behavior, values of dataset...(more)

T-SQL

SQL Gotcha: Do you know what data type is used when running ad-hoc queries? - This is for SQL Server 2000 only, SQL Server 2005 is a lot smarter which is another reason to upgrade....(more)

Analysis Services / BI

Analysis Services - Importing Perfmon Data into Profiler - One of the greatest enhancements in Analysis Services 2005 is the ability to use SQL Server Profiler to troubleshoot performance issues during querying and processing. Even cooler is the ability to import Perfmon data into Profiler so you can analyze system and Analysis Services performance counters...(more)

Influencing Aggregation Candidates - Mention aggregations to any OLAP geek and you will likely hear that aggregations are the cornerstones of OLAP databases. In the new attribute paradigm of Analysis Services 2005, designing effective aggregations can be a somewhat challenging task. In fact there are many components that go into buildi...(more)

Reporting Services

Reporting Services - Getting the Matrix to Display Two Subtotals for the Same Group - This week I am switching gears to talk about a cool design technique for the Reporting Services matrix....(more)

Analysis Services / BI

Data Mining the Dark Web? - Did Dark Web have anything to do with the Neo-Nazi bust in Israel this week? You'd think that it would be a natural outgrowth of their existing work, since terrorist is a pretty generalized term......(more)

Performance Point

PerformancePoint Server 2007 Monitoring and Analytics: KPI Bulk Editing - I have a guest editor today by the name of Kristina McGraw. She just joined us last month and has working hard on a PPS Monitoring and Analytics project and she would like to share one of her favorite features. ...(more)

Analysis Services / BI

SSAS: Adding XMLA templates to SSMS - I use the Templates feature in SSMS a fair bit when I am working with XML/A, but I sometimes wonder how many people are aware that it exists. On my copy of SSMS, it is docked on the right hand side....(more)

Hierarchies avoid arguments - Just when you thought you had heard the last of hierarchies there's another post. This one is a little different - it's about managing confrontation and arguments, not with the code in the SQL server CLR but with other humans! In a hierarchy you navigate upwards to see information at a summary leve...(more)

Below is a list of sources that we use in compiling this newsletter. If you have any ideas on other places to check, please feel free to let us know:

To be removed from this list, send a blank email. Many people have issues with sending plain text emails or their from address is slightly different than their reply to address. If you have any problems leaving the list, please contact the webmaster@databasedaily.com.

Note: This is not the SQLServerCentral.com daily newsletter list. If you want to be removed from that list, you can change your profile or follow the instructions on that list.