April CASSUG Monthly Meeting #Networking @CASSUG_Albany

Our April meeting will again be online. NOTE: you MUST RSVP to this Meetup at https://www.meetup.com/Capital-Area-SQL-Server-User-Group/events/277383641/ to view the Zoom URL!

Our April guest speaker is Andy Yun!

Topic: How Intelligent Query Processing improves T-SQL performance

Do you write T-SQL for a living and want to improve its performance? Do you wish your 3rd party vendor code would magically go faster? Then you need to learn about Intelligent Query Processing in SQL Server 2019.

While IQP has benefits for both operational and development DBAs, this presentation will focus on T-SQL capabilities. We will explore how IQP impacts Table Variables, Scalar User Defined Functions, and Batch Mode for Rowstore.

When you leave, you’ll have a solid understanding of how SQL Server 2019 can improve your T-SQL code performance, potentially without a single code change!

Our online meeting schedule is as follows:

  • 6:00: General chat, discussion, and announcements
  • 6:30: Presentation

We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup using the above link, then use the online event URL to join (note: you MUST RSVP for the URL to be visible). We will send out a meeting password as we get closer to the event.

Thanks to our sponsor, Datto, for making this event possible!

#SQL101: Raising awareness of SQL injection

(Image credit: XKCD.com)

I don’t think there’s an experienced web developer or DBA who isn’t familiar with the classic “Bobby Tables” XKCD cartoon above. Just about any time you mention “Bobby Tables” to most experienced IT people, (s)he will immediately know to whom you are referring. Most experienced web developers and DBAs are aware of SQL injection and will take steps to ensure that it’s addressed. Grant Fritchey has a presentation about SQL injection (you can view and download his slide deck here) in which he’s not shy about his desire to “kill Bobby Tables.” I’ve seen him present it at SQL Saturday, and I highly recommend it.

Of course, the keyword here is “experienced.” For people who don’t have that experience, and who build websites that connect to databases, I think it should be lesson #1. Today, I had an experience that reminded me of that.

Earlier today, my sister texted me, asking for help with editing SQL code. She asked me what I use to edit SQL. I told her I generally use SSMS, although you can edit SQL code with a straight-up text editor, if necessary (she is not a DBA, so I felt somewhat comfortable telling her this). She told me she had to clean up spam comments in her data.

That last comment immediately grabbed my attention. I then asked her, how are your security settings, and do you have data backups.

She told me: that IS her data backup.

If her earlier comment had gotten my attention, this one immediately set off alarm klaxons in my head.

I started thinking about what could have corrupted her data to this extent. I started asking questions about her admin setup (I should’ve asked her to make sure she wasn’t using “sa” or “admin” as her admin login — Sis, if you’re reading this, make sure you check this!), including her passwords. Her admin password was pretty secure (thankfully).

She then mentioned her website. I asked if her website was accessing her data. She said yes.

I asked her about Bobby Tables (admittedly, in my advancing age, the term “SQL injection” didn’t immediately come to my mind). Her response: “who?”

At this point, I was convinced that I had my answer. Her database had been corrupted through SQL injection attacks. I told her to make sure you address your SQL injection issue before you even think about your data backups. Worrying about your data backups before addressing your SQL injection issue is like trying to rebuild your house before you’ve put out the fire.

I’ve been talking about SQL injection all throughout this article. For a brand-new web or database developer who has no idea what SQL injection is, here’s a quick primer: it’s a data security attack in which a hacker breaches your database by sending SQL commands through your web interface. I won’t get too much into how it works; instead, here are a few links that explain what it is.

And make no mistake: SQL injection attacks can cause major damage.

So consider this a warning to any fledgling developers who are interested in web or data development: data security issues, such as SQL injection (and there are many others) are a big deal and need to be considered when building your setup; it’s not as simple as just setting up your website and connecting it to a database. By not considering this when you first assemble your system, you might be setting yourself up for major issues down the road.

March CASSUG Monthly Meeting

Our March meeting will again be online. NOTE: you MUST RSVP to this Meetup at https://www.meetup.com/Capital-Area-SQL…/events/276698548/ to view the Zoom URL!

Our March guest speaker is David Klee!

Topic: Modern CPU Architecture and SQL Server Performance

Modern CPU architectures are complex and misunderstood, especially as they relate to SQL Server instance configuration and database usage patterns. Default values in virtualization and the SQL Server instance can cause misalignments and improper balance in the way the SQL Server lines up with the CPUs and memory, which results in an immediate (and silent) performance penalty. Come learn as we discuss topics such as physical and virtual NUMA, hyperthreading, query parallelism, and instance settings, and show you how to validate your SQL Server architecture and improve the performance of your critical SQL Servers for both on-prem and cloud-based SQL Servers.

Our online meeting schedule is as follows:
6:00: General chat, discussion, and announcements
6:30: Presentation
We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup, then use the online event URL to join (note: you MUST RSVP for the URL to be visible). We will send out a meeting password as we get closer to the event.

Thanks to our sponsor, Datto, for making this event possible!

February CASSUG Monthly Meeting

Our February meeting will again be online. NOTE: you MUST RSVP to this Meetup at https://www.meetup.com/Capital-Area-SQL-Server-User-Group/events/275968506/ to view the Zoom URL!

Our February guest speaker is Elizabeth Noble!

Topic: Streamline Database Deployments

Our online meeting schedule is as follows:
6:00: General chat, discussion, and announcements
6:30: Presentation
We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup, then use the online event URL to join (note: you MUST RSVP for the URL to be visible). We will send out a meeting password as we get closer to the event.

Thanks to our sponsor, Datto, for making this event possible!

January CASSUG Monthly Meeting

Our January meeting will again be online. NOTE: you MUST RSVP to this Meetup (https://www.meetup.com/Capital-Area-SQL…/events/275432320/) to view the Zoom URL!

Our January guest speaker is Bob Ward!

Topic: SQL Server Edge to Cloud

SQL Server is everywhere you need it from the IOT Edge to your cloud to public clouds. With all of these options it can be difficult to know which to choose and why each options may be right for your data needs. In this presentation, I’ll review with you all the current released and preview versions of SQL Server from the edge to the cloud. I’ll compare each of them and discuss why you want to get ahead of the curve by understand what is possible with the modern SQL Server. I’ll discuss technical details of some of these options so you can understand what SQL Server flavor fits your company needs. This session will include some demos to highlight key innovations with SQL Server.

About Bob:

Bob Ward is a Principal Architect for the Microsoft Azure Data SQL Server team, which owns the development for all SQL Server versions. Bob has worked for Microsoft for 26+ years on every version of SQL Server shipped from OS/2 1.1 to SQL Server 2019 including Azure SQL. Bob is a well-known speaker on SQL Server, often presenting talks on new releases, internals, and performance at events such as PASS Summit, Red Hat Summit, Microsoft Ready, SQLBits, SQLIntersection, Microsoft Inspire, and Microsoft Ignite. You can follow him at @bobwardms or linkedin.com/in/bobwardms. Bob is the author of the books Pro SQL Server on Linux and SQL Server 2019 Revealed available from Apress Media.

Our online meeting schedule is as follows:
6:00: General chat, discussion, and announcements
6:30: Presentation
We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup (use the link above), then use the online event URL to join (note: you MUST RSVP for the URL to be visible). We will send out a meeting password as we get closer to the event.

Thanks to our sponsor, Datto, for making this event possible!

#SQLSaturday Minnesota — the debrief #SQLSat1017 #SQLSatMN

I don’t think I have to tell anyone what a crazy year 2020 has been (and I won’t belabor the point). As such, many of us have had their fill of Zoom meetings and virtual conferences. I’ve heard a lot from people, myself included, about their dealings with pandemic fatigue and how burned out they are by virtual conferences.

And then, along came Minnesota SQL Saturday.

Before today, I’d spoken at or attended four virtual PASS events: SQL Saturdays in Albany, Memphis, and Montreal, and PASS Summit. In spite of the challenges faced with putting on virtual events — uncharted territory for all of us — the events went about as well as they could. There were glitches and lessons learned, but for the most part, they went about as well as virtual conferences — being put on for the first time — could go.

Minnesota, however, raised the bar. The event went through a great deal of thought and planning, and it showed. This is not a slight against other events, as we were all breaking new ground in putting together virtual events; rather, Minnesota demonstrated a better way to do it.

I’ll start with Friday night. At many of the in-person SQL Saturday events where I’ve spoken, organizers put together a speaker’s dinner on Friday night. In lieu of that, Minnesota organized a Zoom session allowing speakers to get to know the organizers and other speakers (Memphis did the same thing). In addition, however, Minnesota also organized a test run using GoToMeeting sessions (the virtual meeting application of choice by PASS) to make sure that speakers could test their sessions and get comfortable with presenting online. Although I’d previously presented via GoToMeeting before, I found that this went a long way with helping me to get comfortable with the technology, the session, and knowing what to expect.

Additionally, throughout the day for SQL Saturday, the Minnesota crew set up a separate chat application using Discord (an application that I understand is popular with gamers). Through this application, speakers and attendees had an avenue through which they could mingle and chat using different channels. They had channels set up for each meeting room, as well as a “lunch room” (where people could converse during lunch) and a speaker’s channel (roughly the equivalent of a speaker room). I don’t remember all the channels they had set up — I do remember channels called #jobs and #hallway — but I thought using this application was a great move.

One of the things that is sorely missing from virtual SQL Saturdays is the ability to randomly converse and chat. At in-person events, one of the best parts is to randomly bump into #SQLFamily and chat about a variety of subjects, or randomly start chatting about session topics in the hallway, or whatever. Networking is a huge part of SQL Saturday. By nature, that dynamic is nearly impossible to duplicate at a virtual event. Of course, no virtual event can ever duplicate the things you’d experience at an in-person event. But by employing a technology such as Discord, they managed to fill that gap quite nicely.

I also liked that room moderators introduced speakers and topics. They all included slides to start each session, which also included reminders to solicit the sponsors, their local user group, and various other standard announcements. The format was similar to PASS virtual groups, where the group moderator would start with the intro before the speaker went into his or her presentation.

Overall, Minnesota did a great job with their virtual SQL Saturday. Bravo! They demonstrated that a virtual event could still be exciting and fun, and not the same old virtual event that everyone else does. Granted, I’m looking forward to when we can start attending in-person events again. But by employing out-of-the-box ideas like these, virtual events don’t have to be the same old, same old log-into-a-virtual-room events that we’ve become accustomed to experiencing.

October CASSUG Monthly Meeting

Our October meeting will again be online. NOTE: you MUST RSVP on Meetup at https://www.meetup.com/Capital-Area-SQL-Server-User-Group/events/273734124/ to view the Zoom URL!

Our October guest speaker is Elizabeth Noble!

Topic: Streamline Database Deployments

Our online meeting schedule is as follows:

  • 6:00: General chat, discussion, and announcements
  • 6:30: Presentation

We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup, then use the online event URL to join (note: you MUST RSVP for the URL to be visible). We will send out a meeting password as we get closer to the event.

September CASSUG Monthly Meeting @CASSUG_Albany #SQLUserGroup #SQLFamily

Our September meeting will again be online. NOTE: you MUST RSVP to this Meetup (https://www.meetup.com/Capital-Area-SQL-Server-User-Group/events/272490472/) to view the Zoom URL!

Our September guest speaker is Mindy Curnutt!

Topic: An Introduction to using the Spatial Data features within SQL Server

Over a decade ago Microsoft added the capability to store and work with geometry and geography data types. (Wait…what’s this you say?!?) Well, yes…it’s been there for quite some time now. You can actually store spatial data in SQL tables (in the form of points, lines and polygons). There are also many powerful, built-in functions that allow the manipulation and calculation of results around this data. This is a powerful, but sadly underused feature of the product given that IoT tends to be so focused around the location of things.

Come to this session to learn about:

  • The two elusive data types (geography and geometry)
  • How to load spatial data
  • Where you can get lots and lots of free spatial data to supplement your existing systems
  • See an example of real-world Spatial data in use (aggregating truck positions for tax calcs)
  • Write a SQL query from a bitmap picture (pure amusement)

You will learn:

About two special data types, geography and geometry

  • Understand the different spatial routines and functions, what they do, what type of result they return, and how you would use each
  • Watch a real world business case where using spatial data made things so much easier

About Mindy:

Mindy Curnutt is 7X Microsoft Data Platform MVP, Friend of Redgate and Idera ACE Alumni. She has been actively involved in the SQL Server Community for nearly two decades, presenting at various User Group Meetings, SQLPASS Summits, as well as Conferences & SQLSaturdays across North America. For two years, she was a Team Lead for the SQLPASS Summit Abstract Review Process and for years served as one of the 3 SQLPASS Summit Program Managers. She was a SME for SQL 2012 & 2014 MS SQL Server Cert Exams and helped to author the MS Press Book “SQL Server 2014 – Step by Step”, co-authored “Voices from the Data Platform” and “SQL Server 2017 Administration Inside-Out” and in 2018 was featured in the book “Data Professionals at Work”. In 2018 Mindy was the VP of Strategic Partnerships for the Non-Profit Girls+Data (www.girlsanddata.org) which strived to bring awareness about careers in Data Science and Analytics to young women in Junior High School (ages 10-14). She was the President of the N Texas SQL Server User’s Group from 2017-2020. In 2020 she was elected to serve on the Board of Directors for PASS.

Mindy serves as a mentor to others, (particularly the Transportation & Logistics industry), helping to educate and promote scalable and sustainable SQL Server architecture and design. She is passionate about Data Security, Accessibility, Usability, Scalability, and Performance. Mindy Curnutt is an Independent Consultant. You can follow Mindy at her blog, curnuttdatasolutions.com and on Twitter where she’s known as @sqlgirl

Our online meeting schedule is as follows:
6:00: General chat, discussion, and announcements
6:30: Presentation

We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup, then use the online event URL to join (note: you MUST RSVP for the URL to be visible). We will send out a meeting password as we get closer to the event.

August CASSUG Monthly Meeting @CASSUG_Albany #SQLUserGroup #SQLFamily

Our August meeting (Monday, August 10, 6 pm) will again be online. Use the Meetup URL (https://www.meetup.com/Capital-Area-SQL-Server-User-Group/events/271750998/) to RSVP. NOTE: you MUST RSVP to the Meetup to view the Zoom URL!

Our August guest speaker is Deborah Melkin!

Topic: Single Statement, Many Changes: How One Statement Can Modify Multiple Tables

You can only insert, update, or delete from one table at a time. At least that’s what they tell us when we first learn to write SQL statements. However, that one statement could modify multiple tables, and we may or may not even realize it is happening.In this session, we will examine how a single data manipulation (DML) statement could change data for many tables. We will approach these from two different angles: implicit database design & explicit SQL code and objects. Syntax, performance gains, and gotchas of these different methodologies will be discussed. Finally, we will explore often overlooked changes that occur further downstream as a result of our DML statement.When you leave, you will understand and appreciate how a DML statement against one table affects not only that table but how it can have a ripple effect of changes throughout your entire database.

About Deborah: Deborah Melkin has been working as a database professional with SQL Server for almost 20 years. She spends her days helping programmers with all aspects of database design, queries, performance, and deployment. In 2016, she began her blog, Deb the DBA. Soon after that, she began speaking at SQL Saturdays and user groups. Deborah is a board member of the New England SQL Server User group (NESQL) and was recently named as an IDERA ACE Class of 2020. She also won Speaker Idol at PASS Summit 2019. In her spare time, Deborah can usually be found doing something musical.

Our online meeting schedule is as follows:
6:00: General chat, discussion, and announcements
6:30: Presentation

We usually wrap up between 7:30 PM and 8:00 PM.

Please RSVP to this Meetup (https://www.meetup.com/Capital-Area-SQL-Server-User-Group/events/271750998/), then use the online event URL to join (note: you MUST RSVP for the Zoom URL to be visible). We will send out a meeting password as we get closer to the event.

See you there!

#PASSSummit 2020 #SQLFamily

It’s that time of year, when aspiring PASS speakers find out whether or not they’re speaking at PASS Summit. I was fortunate to be selected to speak last year, and I had the time of my life! If you want to read more about it, check out my synopsis of it from last year!

I got the official email notification yesterday (and now that the list is up, I can say it publicly). Alas, I was not selected this year. Oh well. C’est la vie.

That said, I was (and still am) excited about being selected last year. To be selected to speak at PASS Summit just once is a great honor and a nice feather in my cap. To be selected again would be a bonus. And although I wasn’t selected this year, it won’t preclude me from applying again for next year… and the next… and the next.

Unfortunately, given my current employment — and subsequently, my financial — situation, it is highly unlikely that I will be able to attend this year’s Summit, even if COVID-19 has forced it to a virtual event. Although the fact that the event is virtual means prices are reduced, they are still too high for me to attend (unless, between now and then, I land a job and my new employer would be willing to pay my registration fee — note to any future employer who might be reading this: here is a letter that makes the case as to why it would be good to send me to PASS Summit! Note that this link downloads an MS Word document). “Virtual” does not mean “free;” there are a number of expenses that still need to be paid, even for an online event. My friend Monica Rathbun wrote a nice article about what it financially takes to put on a PASS Summit, even a virtual one.

I went through the speakers list, and I was happy to see that a number of my #SQLFamily friends were selected to speak! Congrats to all of you who were chosen!

And although I might not be able to attend this year, if you’re able to get to a PASS Summit, I highly suggest you do so! You’ll learn a lot, and it’s a great time!