The Recording
The Panelists
- Kevin Feasel
- Tracy Boggiano
- Mala Mahadevan
- Special Guest Star Jared Poche
For show canon purposes, Tom was captured in a multi-state illegal fireworks ring, smuggling the good stuff.
Notes: Questions and Topics
Last night was the “Let’s get a copyright strike from the TV” edition of Shop Talk.
I Remember Halloween
Mala started us off with a question about Halloween protection. What is Halloween protection? How can we identify this? What are possible solutions?
Answer: Jared gave us a description of Halloween protection, and I followed up with a quick demo. If you want more thorough answers on Halloween protection and solutions to the performance issues it can provide, I recommend Paul White’s series on the topic, Jared’s blog post, and Mala passed along an article from Itzik Ben-Gan.
Upgrading SQL Server via Distributed Availability Groups
Tracy then told us about a project she had undertaken to upgrade SQL Server using Distributed Availability Groups, a feature introduced in SQL Server 2016 and enhanced with direct seeding in 2017. Tracy has used this technique to perform near-instant upgrades from 2016 to 2017, and points out that it can work for upgrading any instance from 2012 and on. Tracy shares a few important tips, such as changing the listener rather than upgrading connection strings, as that obviates the risk of missing some connection string somewhere.
Tracy should have a blog post forthcoming on the topic as well.
The Silliness of Security Compliance
In last night’s Rant of the Evening, I channeled Sean McCown in pointing out that there is nothing inherently wrong with enabling xp_cmdshell
. If you’re not a sysadmin, you can’t use xp_cmdshell
by default; if you are a sysadmin, you can enable xp_cmdshell
whenever you want. So any security check telling you to disable xp_cmdshell
is wrong—the correct answer is not to hand out xp_cmdshell
rights willy-nilly.
All of this comes in the context of security compliance audits. It was Tracy’s topic and she did a good job airing out some of the sillier ones when I wasn’t cutting her off.
As a point of order, the concept of security is by no means silly. Having people who understand the behaviors (including unintended!) of first- and third-party applications and systems is critical, and I support those people how I can.
Mala’s Book Corner
Mala recommended two books for us this week:
- NoSQL and SQL Data Modeling by Ted Hills
- Managing Geeks — A Journey of Leading by Doing by Andy Leonard
Getting a Job
I wrapped things up with a question: how do you get a new job in adverse conditions? I also tried to tie it into the dot-com collapse, as that was the best analog I had for today’s environment.