| A community of more than 1,600,000 database professionals and growing |
| | | It's Time to Patch and Upgrade I don't want to be chicken little here, but the Meltdown/Spectre bugs have me concerned. I don't know the scope of the vulnerabilities, as far as exploits go, but I do know the lax ways in which humans interact with machines, including running code, opening untrusted documents, and just making silly mistakes. No matter how careful you think you are, can you be sure everyone else in your organization is just as careful? Are you sure they won't do something silly from a database server? Or do something from a server (or workstation) that has access to a database server? Or use a browser (yes, there's an exploit) PATCH your system, soon. Vulernabilities in hardware are no joke, and even if you think you're fairly safe, it's silly to let this one go by and assume you won't get hit. The advent of widely deployed scripting tools, botnets, and more mean that you never know what crazy mechanism might end up getting to your database server. Is it really worth allowing this when you can patch a system? This is a no brainer, a simple decision. Just schedule the patches. With all the news and media, I'm sure you can get some downtime approved in the next few weeks. After all, your management wouldn't want to explain to their customers any data loss from this any more than you'd want to explain it to your boss. We've got a page at SQLServerCentral that summarizes the links I've found for information, patches, etc. I'm sure things will change rapidly, and I'll update the article as I get more information. The important things to note are that not all OSes have patches yet, and there are situations where you might not need to change anything. That's good, as there are some preliminary reports of patches causing issues with performance (degrading it) for PostgreSQL And MongoDB systems. I did see this tweet about no effects on SQL Server, which is good, but YMMV. Most of us know patching matters, and we need to do it periodically (even if it's a pain), however, many of you are like me in that you rarely upgrade systems. Once they work, and because I have plenty of other tasks, I don't look to necessarily upgrade a database platform for years. One downside to that is that a major vulnerability like the Meltdown/Spectre attacks is that patches likely won't come out for old system and versions of SQL Server. That is the case here. That means that if you're on SQL 2005-, or even on older Windows OSes, you might really consider planning an upgrade. Even if you aren't overly worried about this exploit, you won't want a vulnerability to live for a long time in your environment. You never know when a firewall will change, server will move, or some malware will slip through (did I mention the browser exploit?). Plan on an upgrade. I've started asking about accelerating our upgrade plans, and you might think about that as well. I know management doesn't want to spend money unneceesarily, but this feels necessary, and a good time to refresh your system to a supported version. In general I like to delay my patches slightly from the world and not be on the bleeding edge. That's fine, but don't wait too long with this one. I would hope that most people get systems patched in the next month. If not, don't expect any sympathy if you lose data. Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| | The Voice of the DBA Podcast Listen to the MP3 Audio ( 5.4MB) podcast or subscribe to the feed at iTunes and Libsyn. The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT | | | | The industry standard for comparing and deploying SQL Server database schemas Trusted by 71% of Fortune 100 companies, SQL Compare is the fastest way to compare changes, and create and deploy error-free scripts in minutes. Plus you can easily find and fix errors caused by database differences. Download your free trial |
| |
|
|
| | | | | Steve Jones from SQLServerCentral.com Everyone needs to learn about these hardware bugs and apply patches as soon as possible. More » |
| | Alan Burstein from SQLServerCentral.com Alan Burstein discusses a better performning alternative to PERCENT_RANK that works on SQL Server versions 2005+ More » |
| | Additional Articles from SimpleTalk The General Data Protection Regulation (GDPR) will be in effect in May of 2018. Data masking is one technique that can help your organization comply with this and other regulations. William Brewer answers those questions about data masking that you were too shy to ask. More » |
| | Matthew McGiffen from SQLServerCentral Blogs Quite a few of you have read or attempted the previous puzzle SQL Puzzle 1: Magic Squares As a quick reminder, when... More » |
|
|
| | | Today's Question (by Steve Jones): I have a database that is shows it has used only about 50% of the space in the MDF file. I want to release all the space at the end of the file to the operating system, but don't want to move any pages around inside the file and potentially create locks. Which option should I use with DBCC SHRINKFILE? |
Think you know the answer? Click here, and find out if you are right. We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: DBCC Shrinkfile. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| Yesterday's Question of the Day |
| | |
| | | | Yusuf Kahveci from SQLServerCentral.com Run the script to find the CPU queries on SQL Server and find the first 200 queries. Once you have made the necessary corrections to the inquiries, observe the load on the CPU. Good luck More » |
|
|
| Database Pros Who Need Your Help |
| | Here's a few of the new posts today on the forums. To see more, visit the forums. Multiple Files in a FileGroup but still space issue error. - Hi All, I have a database ( Backing up multiple SQL instance and databases using 3rd party software - Any recommendations - Hello, We are looking to have a centralized software management tool for backing up SQL Server databases that can also provide... When someone comes to you wanting to learn T-SQL? - I'm not sure where to put this thread, so apologies if it's in the wrong place. I'm wondering what other people... Tempdb growth - Hi, I have a huge insert/update operation performing in set of tables. The process tooks almost 1-2 hours to complete. Meanwhile... Combine 3 SQL queries - Hello, I want the combine the following queries Select Complains. as NewComplains,Complains.ID AS ComplainID from Complains where Complains.ReadStatus = 'false' Select Suggestions. as... Splitting TempDB across multiple files - I have a question regarding the splitting of TempDB in SQL Server, I know its a must in production environments... Ola's maintenance solution taking too long on VLDB's - All, I am looking into optimizing Ola's maintenance solution by tweaking around some parameters that is part of the stored proc.... How do you store and retrieve useful scripts? - Hello, During my time as a DBA I find that I collect useful scripts to help me identify data, deadlocks, security,... Problem with Tuning of Delete Statement - Hi all, This is my query. Delete FROM AliTest2.DBO.SDE_GEOMETRY9 WHERE NOT EXISTS (SELECT objectid,0 FROM AliTest2.DBO.NETWORK_V3 WHERE AliTest2.DBO.NETWORK_V3.OBJECTID = AliTest2.DBO.SDE_GEOMETRY Row inserts for groups of rows (Totals for groups of like data). - I want to group data like all invoices from a supplier which is easy enough but when selecting multiple suppliers,... Replayable Extended Events? - Before, when we needed to collect workload from production, we used to run replayable trace. But in new versions, since... delete records from table which are not active. - I have a table, where it has status like active, terminated. I have checked the duplicate records in the table... issue joining on Temp Table - crashes at /* Joining on Prod_Class */ section. Issue has something to do with joining on a created temp table. thoughts? SELECT * INTO #TEMP1 From (Select L.PART_NUM ,Like_PD_ID ,PD_ID from ADHOC.ATS_ESH... Trigger to avoid drop online database - Hey guys, I need to create a trigger which can prevent to drop an online database. Trigger is working with normal... How to get up to 5 hierarchy levels of data from original (parent) to derived (children) product table. - I have a table with 3 columns: Id (identity),Sku_Parent (varchar(10)),Sku_Child (varchar(10)) I would like to get help to write a recursive... Insert Into Where NOT Exists - Background, I have imported dirty data with duplicate rows and bad field names into a Table called ImpTbl_ComputerInventory. To clean the... Reduce records in a slowly changing dimension table - I have a table that tracks groups over time using a start and end date columns. Some of the groups... How to sum values based on HSN codes in mssql2000 - Hi Friends, I have a created one sample table and inserted some sample rows here create table ram ( invoiceno varchar(20), cust_name varchar(20), invoice_docvalu... OPENROWSET when Excel worksheet name is unknown - I've created a stored procedure that accepts two arguments: the name of an Excel workbook (@workbookBillRun), and the name of... Which is better and Why.? - Dear All, I have a question. Long back when I started learning SQL Server-2000, somewhere I had read that "SQL SERVER lies... |
|
| This email has been sent to [email protected]. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the [email protected]. | This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here. | This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: [email protected] |
|
|
