“What do you think made him so good?”

“He was very quick, and he was also very generous.”

That line. That sentence fragment. It hit me. Hard. Right in the brain.

And it came from an unlikely source. Season four, episode three of Comedians in Cars Getting Coffee, with Robert Klein. Go to 1:57 in and watch for yourself:

If you watch the series you will hear that same phrase used over and over again. Jerry and his guests use it to describe other comedians…no, other humans that were influential to others. They just happened to work in comedy. But the key ingredient for success is their generosity. It’s what made Johnny Carson so great, and it’s why Jimmy Fallon is so good as well. And it *may* explain why Conan O’Brien struggled in his first attempt at hosting, too. But I digress.

I don’t see enough of this generosity inside of IT departments. I see more of a “what’s in it for me” attitude. And, since I work in marketing, I see many examples of where people treat others as prospects, and not as friends or colleagues.

For me, being generous means you don’t expect anything in return. If you are expecting kindness in return then you are doing business, not kindness.

But there are exceptions in the world of data professionals. Robert Davis was one of them. He passed away early this week. And with him, our #sqlfamily lost a very generous soul.

Robert showed us all that generosity need not be of a monetary value. Sometimes a person’s time and/or skill is the most precious thing they can give. And Robert did just that. Here are a few examples:

– Robert’s contributions to the #sqlhelp hashtag
– His efforts on Spiceworks forums
– All his MSDN forum activity
– His SQL Server Mirroring book
– The private Microsoft MVP and MCM email distribution lists

I’m certain that I’ve missed many more examples of his reach. The point I want to make is that he was generous with his time and it influenced thousands of other data professionals.

And he did that without ever expecting anything in return.

That’s being generous. And that’s why there is an outpouring of admiration and respect for Robert.

If you are so motivated to do so, you can make a donation to his wife, Chrissy, at their GoFundMe page.

The world needs more people like Robert.

Thank you, Robert, for all your generosity, to me and everyone else, for so many years.

RIP, my friend.

The post The Generous DBA appeared first on Thomas LaRock.

In the first preliminary round I found myself on stage when the first presenter finished. I thought it was weird for me to just stand there while the judges took turns being judgy and/or coachy. So I did what any other host would do: I sat down. On the table was pen and paper. I decided to take notes on the judge’s feedback. I had no idea what I would do with it, other than using it against the judges at some point in time. By the end of the first preliminary round, I had decided that I would use the notes to write a blog post. This blog post. You’re welcome.

The following is a list of items that were discussed the most during the entire event last week. These are the items that stood out the most, sometimes good, sometimes bad. I want this post to help future contestants. I also want this post to help future speakers, anywhere, on any topic. Think of this as a follow-up to my post last week, On Speaking.

Here is the list, mostly in order from most important to not-as-important-but-still-very-important.

Have Readable Text

This was mentioned time and again by all the judges. If you put words on a slide and the audience can’t read them then you are doing it wrong. The words aren’t helping. They are only serving as a distraction. If people need to focus on trying to read then they are not listening to the words you are speaking. And, if they aren’t listening, and they can’t read, then all you’ve done is waste their time.

Readable text isn’t just about font size (for a decent guide on font sizes, go here, and leave comments below if you have other methods to suggest). It also has to do with color choice and backgrounds. Years ago there was a template where the designer choice(!) was blue text on a blue background (I won’t say what company, but here’s a hint of who loves blue-on-blue). The latest craze today is light-grey text on a white background, and smaller fonts. It’s unreadable to anyone over the age of 30.

If you put a word on a slide, make sure the audience can read it.

Connect with the Audience

Connecting with the audience was mentioned often by all judges. There were several ways to make a good connection (besides having readable text): tell a story, hand movements, speak to the entire room, have good energy, ask questions, and even the use of some humor. When I reviewed the feedback I matched all of those terms together as ways to connect with the audience.

I believe that all presentations need to start with a narrative. That’s the story you are going to tell, even if the story is “Hi, today we are going to talk about SQL Server Audit”. You start by writing a narrative, which could be a simple outline, a blog post, or a book chapter. It’s up to you. For help on writing a narrative, I point you to this book: The Jelly Effect: How to Make Your Communication Stick.

I cannot recommend that book enough. It is a must-read for anyone that has ever stood in front of a room.

The other things, the hand movements, speaking to the whole room, etc. are things that come with practice. I find it easiest to get this done by wandering the front of the room, but it really depends on the space. One way I relax everyone (including myself) is to ask a simple question before I get started. I will ask “how much time before we get started?” There is always someone that will have the answer. I then reply “Great, now you’re in charge of the clock, let me know when I have ten minutes left, thanks”. Anything that helps connect you with even one person in the audience is a good thing and can help you with your energy levels.

One word about humor: don’t try to be a comedian. Unless it’s open mic night and you are at the Comedy Cellar. Otherwise, keep the funny to a minimum. I find that observational humor works best for nearly every speaking venue (including church sermons). It is also something most people are comfortable trying and can help to calm your nerves. Just stay within yourself, and don’t try to be like someone else (especially not like Don Rickles).

Show, Don’t Tell

There were a handful of feedback items that I placed into this category. They include mentions of having a good demo, clear screenshots, minimizing whitespace, and good transitions. Oh, and a couple of mentions for Zoomit as needed.

There is a common piece of advice given to every speaker: “Tell them what you are going to tell them, tell them, then tell them what you told them.” I change the middle “tell them” to “show them”. One way to show the audience something is through the use of images and screenshots. Therefore, it is important that your image be clear, at the correct aspect ratio, and proper attribution is given when needed. (BTW, you can’t just take an image from a Google search and attach a URL and think you are free from paying for the use of the image).

Another way to “show them” is to perform a demonstration. If you decide to perform a demo, you need to make certain your demo works and that it is readable. If you decide to remote to a VM to show some code and we can’t see your screen, you have failed in your preparation for the session.

Tech Checks

Technical issues happen all the time, to everyone. An audience will give leeway to a speaker if there is a tech fail outside their control. For things in your control such as getting slides to show on the screen, microphone checks, being able to see a demo or a video, all of those fails will be seen as your fails. Because they are.

When you get to the podium, keep your phone away from any of the AV equipment in the room. You don’t want to be responsible for interference with the sound quality of the presentation. Some speakers like to put their phone right next to their laptop and that is usually an OK thing, but be aware that it could cause issues. That’s why it is important to do a mic check. I like to wander around the room, so I know to check if there are areas where the microphone will produce feedback.

Another item mention here is the ability to recover from issues. When demos go wrong, move along. If you are having tech issues, ask for help, and then work around the issue. Don’t let it interrupt your energy and interaction with the audience.

Repeat the Question

This is a common gaffe by many speakers, including experienced ones. Repeating the question is important and serves two purposes. First, it allows everyone in the room to hear the question that was asked. Second, it gives you the opportunity to make certain you have understood the question.

Tangent to repeating the question is saying the number of raised hands. If you ask for a show of hands, you need to repeat the number of hands raised. You do this for anyone that can’t see the entire room (and if the session is recorded, this is an absolute must). Speaker Idol doesn’t have Q&A at the end of the talk, as it is more of a lightning talk. Saying the number of raised hands is a good way to let the judges know that you are likely to be a speaker that knows to repeat the question.

Everything else

The judges provided a lot of feedback. I have nine pages of notes from them. The above four categories are primary areas of focus for any future Speaker Idol contestant. But there are other things you will want to consider as well. Additional items mentioned more than once during the week included:

• Good Pacing
• Calm Voice
• Stay on time

A five-minute talk is not a lot of time, so there is a tendency to rush your words when speaking. Resist that urge. Have good pace with your words, but also adjust the pace as needed. Keep your voice calm, especially when you are having issues with things like demos. And stay on time. It’s OK to go over by a few seconds, but a few minutes is not acceptable.

Other items mentioned during the week that I want to include would be the use of acronyms (avoid TLAs in titles, and make sure you define them the first time you use them), don’t sway when on stage, and focus on your one message (and repeat your message often), and use short links whenever possible.

I would also add here that when you are on stage, you own the room. No one else. You give control to others, but it is always yours to take back. Many speakers get anxious when thinking about things like difficult questions, or general rudeness. Keep in mind that the room is yours. There is a general social structure in play here, and the majority of the crowd is there to help see that it remain intact.

Summary

I’m not saying that if you do these things you will win Speaker Idol in 2018. But if you are able to incorporate this feedback into your presentations then you are going to become known as a capable speaker. I’ve often talked about how hard skills have a cap, and soft skills don’t. Being able to communicate effectively is going to help set your career apart from others.

Pay attention to the list above. Notice how the overall emphasis is on the audience and not the speaker. Every item listed above are items that the speaker should be doing for the audience. You are there to serve them, not the other way around. As I mentioned in my post On Speaking, you should look to help others before you help yourself.

Lastly, I want to thank Denny for the opportunity to participate in this wonderful event. I enjoyed my time on stage and I look forward to seeing Denny resume his duties next year.

The post Hacking Speaker Idol appeared first on Thomas LaRock.

Not every DBA is willing to put in the time and effort it takes to become an expert.

The #hardtruth here is that to become an expert in anything you need a combination of two factors: experience and knowledge. You don’t become an expert overnight, or by going to any one conference, or by attending any particular class.

Today I’m here to share some knowledge to help get you started on the path to expert query performance troubleshooting. The first step is to watch this video from the PASS Summit in 2010. Yes, that’s right, it’s from seven years ago. The video is 77 minutes long, make certain to set aside enough time:

One of the main takeaways from this video I want you to have is the fact that troubleshooting performance is not always rocket surgery. I’m a huge fan of using “buckets” to help troubleshoot issues. It’s one of the reasons I fell in love with wait events about 2006.

In the video, these are the first buckets discussed: Are all queries affected, or just a subset of queries affected?

If all queries are having performance issues then you will want to examine settings that affect the entire instance, such as memory settings, or perhaps issues with NUMA nodes. You will want to do this first before trying to tune any one particular query.

In comparison, if a subset of queries (or users, or a particular application) then you will want to focus your efforts on those queries first. Otherwise, you are wasting time trying to fix one query without addressing the root cause of the performance issue affecting all queries.

The ability to diagnose “all versus some” in the first five minutes of triage during a production down situation will get you to a root cause faster. Thinking in buckets will allow for you to build an action plan to bring performance back to acceptable limits.

Summary

We all start out with zero knowledge.

Sure, the video is old. And yes, the tools available now are better. But the methods have not changed much. Have a baseline. Know what is good. Use buckets.

Also, this video has less than 3,000 views. Let’s get this video in front of the people gravitating to SQL Server and want to become an expert.

The post Becoming a Query Performance Troubleshooting Expert appeared first on Thomas LaRock.

Lynda Rab was on the other end of the phone, offering me a free registration to the 2006 PASS European Summit in Barcelona. Lynda was on the PASS Board of Directors and could not attend the event. She was offering it to me in exchange for my efforts as part of the PASS Website Special Interest Group. I was fortunate to make arrangements to attend and bring my wife, Suzanne. I remember thinking “things won’t get better than this.”

And then they did.

As part of the comp I was allowed to attend a precon session. I decided to attend a session being delivered by members of the Microsoft Product Support Services (PSS). I didn’t recognize any of the names on the list that day: Bart Duncan, Bob Ward, and Ken Henderson.

It was, without a doubt, the greatest session in the history of PASS.

It’s been eleven years and I still haven’t been in a session as good as that one, on that day.

Ken started his part of the session by reviewing definitions. For 45 minutes he went through a list of terms that we needed to know for the rest of his talk.

Stable media. Hardware read cache. Hardware write cache. Write ordering. FUA. WAL. Log parity. Read retry. Torn I/O. Checksum. Time of last access. Copy on write. Latch. Read ahead. Page read completion. Scatter/gather I/O data pages.

He went through each term. His voice remained the same, very matter-of-fact. It was like sitting in a college lecture.

It was glorious.

Also, it made me realize that I could be up there, too. I spent years teaching mathematics at places like Northeastern and Washington State University. Putting together a full day session was a subset of putting together a 15-week course. I knew I could deliver sessions at SQL Server events, all I needed was the technical experience. Which, of course, is why I was attending the conference.

The night before we left Barcelona, Suzanne and I were sitting in the lobby piano bar. This bar, to be exact:

The place was empty except for a handful of airline pilots and flight attendants.

In walks Ken.

He was with Bob and Bart. I watched as they walked in. To me, they owned the room at that moment. They sat down. I just watched them. I wanted to go over and say hello, but couldn’t. Suzanne told me to go over and introduce myself, but I didn’t.

Instead, I turned to her and said:

“See those three? They are the very best in the world at SQL Server. They are rockstars. And I want to be sitting at that table someday.”

It was then, right then, at that moment in a hotel lobby piano bar in Barcelona, that I decided I would focus on SQL Server as a career.

We flew home and I dove deep into the world of SQL Server. I read everything I could, starting with the SQL Server Unleashed books. I joined forums, blogged, wrote a book, and did tech reviews for other books. At some point I decided to earn some certifications, eventually earning my MCM.

And all because I wanted to sit at a table with Ken, Bob, and Bart.

I saw Ken speak one more time. It was in Denver in 2007, at the PASS Summit. A speaker canceled, leaving an empty room. Someone decided that they could pull together a quick Q&A with Ken, hosted by Kevin Kline. As the room filled up and there were people waiting outside, the event staff decided to take down the partition wall divider, turning a large room into a much larger room. To this day it remains the only PASS session where staff had to remove a wall to allow more people to attend a session.

I sat there next to my friends TJay and Kathi while people streamed into the room. I swear there were 7000 people there by the time it was over. Ken was brilliant, too. I will never forget how, when asked about writing the Guru’s Guide to T-SQL, Ken told the room “you don’t write a book to make money”.

Years later I found a blog post that Ken wrote about PSS being at the PASS Summit in 2006:

I think PSS’ ongoing involvement in the Summit is a wonderful success story for the user community and especially for PASS.  None of this would have been possible had the PASS folks not enthusiastically welcomed fresh ideas and worked hard to make the whole thing happen.  None of it would have survived had the user community not embraced it, and PASS was a big part of that.  I always considered the PASS folks my partner in helping connect PSS and the user community, and much of the credit for all of it coming together rightfully belongs to them.

Read that paragraph again. Now read the whole article again. Throughout the article, Ken gives credit to others, not to himself. To me, that’s the mark of a true leader, someone that understands to lead is to serve.

So I guess it is natural that’s why I gravitated towards SQL Server. It wasn’t just the technology, it was the people. And Ken was nudging me forward through his words and actions. Everything I needed to know about being a good data professional was there, in front of me, 11 years ago:

• Do what you love
• Help others before you help yourself
• Praise publicly, criticize privately
• Connect, share, and learn
• Have empathy for others
• Lead by example
• You don’t need fancy slides, or gimmicks, to attract an audience

Summary

So here I am, writing a post about how I got started on my SQL path. In the past 11 years I’ve been speaking at events around the world. I now get paid to write about data, databases, and related topics. I even get paid to tweet (seriously).

Tomorrow I will deliver a session at PASS. Many presenters will tell you that they spent days, weeks, or months prepping for their sessions. I am here to tell you that my session tomorrow was 11 years in the making. Because every presentation I deliver, every time I am speaking in front of a room, is built upon the lessons from all my previous sessions.

And I can trace them all back to the one moment, in a hotel lobby piano bar in Barcelona.

The post On Speaking appeared first on Thomas LaRock.

The sqlmap tool is quite versatile. Here’s just a brief list of capabilities listed on the homepage that caught my attention immediately:

– Support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems.
– Support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band.
– Ability to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
– Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
– Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
– Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass.

You can read the full list of features here: https://github.com/sqlmapproject/sqlmap/wiki/Features. Also, you can download sqlmap from the homepage, or you can clone sqlmap from Git.

But before you can get started with sqlmap you need to have Python installed. You do that by going here. Note that sqlmap requires Python versions later than 2.6 and before 3.0, so be mindful which version you choose on the downloads page.

Once you have both python and sqlmap installed you are ready to run sqlmap from the command line. Oh, I guess I should have warned you first abut that part. If you are the type of person that doesn’t like to work with a command line, then sqlmap isn’t the tool for you.

I’ve created a demo website at https://azure-sql-security-sample4e2b.azurewebsites.net/, this is the website I will be using next week for my demos during my SQL Server Audit session at the PASS Summit. Feel free to poke around there while it is still available and try your hand at some SQL injection. Or, if you prefer, use sqlmap instead. (Seriously, go to the website and try your hand at SQL injection, that’s what it’s for. You can build your own following the directions here: https://github.com/Microsoft/azure-sql-security-sample)

For this blog post I will open a PowerShell window from the sqlmap install directory and run the following command:

C:\Python27\python.exe .\sqlmap.py –batch –flush-session -u https://azure-sql-security-sample4e2b.azurewebsites.net/Patients –forms –os=windows –dbms=mssql –exclude-sysdbs -T creditcards –dump –technique=UE

You can see in the command I used a handful of the options that sqlmap has to offer. However, if you want to do the shotgun approach you can let sqlmap test against all possible attack vectors by simply pointing it at a website like this

C:\Python27\python.exe .\sqlmap.py –batch –flush-session -u https://azure-sql-security-sample4e2b.azurewebsites.net/Patients –forms –dump

It goes without saying that by hitting the entire website in this manner, sqlmap will take longer to complete. Here’s a quick look at how the results come back to the screen for the first example where we focused on just one table:

Here’s a look at the output files obtained from scanning the entire website:

Summary

The sqlmap tool makes testing websites easy. It’s also a great example of a community project. It’s good to see someone helping to make the internet a little more secure, one scan at a time.

I would suggest you try using sqlmap against your own websites and blogs. Don’t use sqlmap against websites you don’t own. And don’t use sqlmap against the websites you find on shodan.io, either. You’re just asking for trouble if you do.

The post Using sqlmap to Test For SQL Injection Vulnerabilities appeared first on Thomas LaRock.

This year I have two sessions. Together with Karen López (blog | @datachick) we will be offering a full training day session on February 14th titled “Advanced Accidental Database Design for SQL Server“. We will cover enhancements in SQL Server 2016 for building databases in an enterprise environment on modern project teams. As we have done in the past we will have demonstrations and several exercises, along with group labs to cover advanced database design skills. But this isn’t your average “Here’s how to create a table, now go build a database” course. Our goal is to cover new features in SQL Server 2016 that are relevant to modern enterprise development practices. We’ll talk about some of the pain points designers feel as well as the costs, benefits, and risks associated with design choices. And we will hand out space-themed prizes because did I mention the ESA is located in Darmstadt?

The other session I have in on February 16th and is titled “Upgrading to SQL Server 2016“. Having been involved with databases for over 20 years now, I know that upgrading to the latest version of SQL Server is often seen as a comprehensive and difficult project. Management often fails to see the benefit for migrating to the latest version and your end users aren’t interested in all of the extra testing. You need to come up with a plan that earns both management and end-user support. I will cover the information you need to collect and consider before, during, and after upgrading to SQL Server 2016. If you feel stuck on an older version of SQL Server, attend this session to understand the features and benefits of SQL Server 2016 that will justify your upgrade project. Come and learn about the tools and methods that will make your upgrade project be successful.

If you are in, or near, Darmstadt in February I hope you take the time to join us at SQL Konferenz!

The post Join Me at SQL Konferenz 2017 appeared first on Thomas LaRock.

So, I decided that the #sqlfamily needed a way to share a #datahug all year long, not just at Summit. That’s why I made this:

Just print, cut out, and present to any #sqlfamily member at any PASS event.

You’re welcome.

#datahugs,

Tom

The post #datahug appeared first on Thomas LaRock.