The SQL Sentry forum for SQL Statement Tuning
Have you ever looked at our community site specifically dedicated to helping users tune their SQL queries, http://answers.SQLPerformance.com?
You can easily upload an execution plan directly from our free Plan Explorer tool or from good ol' SQL Server Management Studio. Once uploaded, our internal team and forum members will provide plenty of tips and input on how to improve the plan and/or explain what the plan is actually doing. The renown SQL execution plan expert, Paul White (b|t), is the moderator of the site. But there are many other experts like our CEO, Greg Gonzalez (b | t), and Aaron Bertrand (b|t) on hand to provide additional insight. I pipe up from time to time as well.
Call to action – start posting your own execution plans, reading about the issues in other plans, and take part in the conversation!
You might not think of a discussion-based website as part of a product. But in this case, it truly is an integrated part of our Plan Explorer tools. You can upload an execution plan directly from our free Plan Explorer tool with a single click or you can use good ol' SQL Server Management Studio to save and then manually upload your execution plan.
Fancy yourself as a SQL expert? Then help tune this monster query!
Take a look at this most recent posting that was our 2015 SQL Cruise Hairy Execution Plan winner at https://answers.sqlperformance.com/questions/2595/sqlcruise-carribean-2015-hairy-execution-plan-winn.html. I'm not sure if you can read the small print in the plan steps below, but those are TRILLIONS of records moving between plan operator steps!
Now, we don't usually take pride in a really bad SQL query, but the entries in the Hairy Execution Plan contest are an exception to the rule. These are queries that are so horrific, they're like a car wreck on the highway - you have to slow down to examine them in greater detail, and then breath a sigh of relief that it's not your job to fix them. :-)
Here are a couple early examples of what you can expect at Answers.SQLPerformance.com:
Optimize this Sort operation
Paul White (b| t) gives a questioner a comprehensive analysis of a difficult execution plan. It’s well worth a read if for no other reason than to see in action Paul’s mastery of these difficult problems. It’s literally free consulting of the highest caliber!
How to tune a slow query using spatial indexes
Aaron and Bob Beauchemin (b|t) of SQLSkills.com give pointers on how to improve this long-running query which uses spatial indexes and data types.
Why the Lazy Spool operation?
Paul White (b| t) gives a highly-detailed exposition on how SQL Server uses the lazy spool operation in this query to achieve better performance. (Image above is from this entry).
Plan Explorer is so Free, We don't even ask for an email address!
If you’re a user of Plan Explorer but are not familiar with http://answers.sqlperformance.com, be sure to read Aaron Bertrand’s post about these new features at http://www.sqlperformance.com/2013/02/t-sql-queries/plan-explorer-upload-feature.
And, if you haven’t already, download a copy of the free or PRO version of Plan Explorer at https://www.sqlsentry.com/products/plan-explorer/sql-server-query-view.
Do you have a Plan Explorer story to share? I'd love to hear it.
-Follow me on Twitter!
Want to learn more about SQL Server? Now's a good time to get a full day of inexpensive high-quality training on the coast in March and the west coast in April.
I hope you'll join me for a full-day troubleshooting and performance tuning workshop on the Friday preceding the Richmond, VA SQL Saturday in March. And in April, I'll be on the west coast presenting a full-day high-performance configuration tuning workshop preceding the Huntington Beach, CA SQL Saturday.
As you probably know, I speak at a lot of conferences and events. Here are other upcoming events where I'll be speaking:
- Mar 04, 2015 - Mar 07, 2015, SQLBits XIV - London, United Kingdom: SQLBits is one of our favorite conference events among the many around the world that we attend. Both Aaron Bertrand (b | t) and I will be delivering sessions. Come join us at the biggest and best SQL Server event in Europe!
- Mar 21, 2015, SQLSaturday #381 - Richmond, VA: I’ll be delivering a full-day, pre-conference seminar and sessions at this SQLSaturday at the SouthSide ECPI Campus located at 800 Moorefield Park Drive, Richmond, VA 23236.
- Apr 11, 2015, SQLSaturday #389 - Huntington Beach, CA: I look forward to visiting friends and family on this trip, plus deliver a full-day, pre-conference seminar and sessions at Goldenwest College, 15744 Goldenwest Street, Huntington Beach, CA 92647.
- Apr 27, 2015 - Apr 29, 2015, Microsoft Ignite - Chicago, IL: It used to be called Microsoft TechEd, now it is called Ignite. This is where the best and brightest minds in the Microsoft world get together at one event. Come see the whole team as we hang out in the Exhibit Hall!
- May 16, 2015, SQLSaturday #392 - Atlanta, GA: SQLSaturday is a free training event for SQL Server professionals and those wanting to learn about SQL Server. And we’ll be in Atlanta, for the biggest SQLSaturday of them all. This event is at Georgia State University, 3775 Brookside Parkway, Alpharetta, GA 30022.
- May 18, 2015 - May 21, 2015, SQLintersection - Scottsdale, AZ: Aaron and I will be delivering sessions at this SQLintersection, an event for developers and IT professionals alike.
Let me know what you think. Thanks!
Follow me on Twitter at http://twitter.com/kekline.
Have you read any of the great articles on SQLPerformance.com? The deep-dive technical info comes from the SQL Server industry’s top experts. Here are a few great articles from the early days of the website, January 2013:
Generate a set or sequence without loops
Aaron Bertrand (b|t) provides detailed performance information about a variety of methods used to generate sets and sequences in this first in a three part series.
Selecting a Processor for SQL Server 2012
Glenn Berry (b|t) of SQLskills.com sheds light on the best CPU to select for your new SQL Server 2012 installation, an especially important insight considering Microsoft’s move to core-based licensing. The wrong choice could cost you a fortune. A lively discussion also made this article even more enjoyable.
Trimming More Transaction Log Fat
In a follow-up to his December 2012 article, Paul Randal (b|t) of SQLskills.com dives into subtle performance problems that can cause bloat in the transaction log and slow its performance.
Let me know what you think!
-Follow me on Twitter!
When I walked into the welcome reception at the 2014 PASS Summit in Seattle last year, I have to tell you that I was a little verklempt. I had a moment of "My baby has all grown up!" The event was so packed with people, so well executed, and so flashy. Thomas LaRock (b | t), the current president, and the rest of the board of directors have simply done a fantastic job growing and leading the organization. Comparing the 2014 Summit to the original 1999 Summit in the conference space of the Chicago Sheraton that cold September was quite a bit like seeing your little daughter coming down the stairs in her prom dress to when she was in pig-tails on the backyard swing set. You just have to take a deep breath and rejoice, with a hint of sentimentality and nostalgia.
And just like with my teenage daughters, I'm not above giving the PASS board of directors a piece o'my mind. So here are a few suggestions that I think could further improve the organization and offer a lot of value back to the community. And rest assured, none of these will include "Get back up there and put on something decent!"
PASS Summit 2014 By The Numbers
1. Salary & Workplace Survey: I speak at a lot of SQL Saturdays around the world every year. A common question I get, usually in private after delivering a professional development session, is "Am I being paid fairly?" A similar question I get is "I was offered a job at the rate of 123. Is that good?" Usually, just in asking the question, I know the answer is "Probably not". After all, if you don't know what you're worth, you're not likely to get it. Sometimes, you might work for an unusually fair-minded organization which pays at or above market rate. But that's a rarity and not the norm. The best advice I can offer for most people is to point them to the Information Week yearly salary survey, which is the best survey of salary and pay rates in our industry that I'm presently aware of. (If you know of other good salary surveys, let me know in the comments). However, it is a broad but not deep IT industry survey with as many responses from devs and admins as from data professionals, let alone Microsoft SQL Server professionals. One of my words of advice to IT pros in leadership trying to find a way to establish their "cred" is focus on the thing(s) that only YOU can do. If, for example, you're the only person on the dev team who is a really competent presenter, then do more presentations - to other teams, to management, to new hires - since lots of other people on the team are competent developers. It makes you memorable and invaluable. To continue the analogy, a well-executed salary survey is something that PASS can do in a way that nobody else can. And in our community, who wouldn't want to know how we're doing as a profession - by industry, geography, company size, and a bunch of other dimensions? Ideally, PASS would conduct a yearly salary survey, also collecting valuable information about workplace attitudes, parameters for productivity, and employer relations. This could also be a new opportunity for PASS to flex some data analysis and visualization muscle, and to give a team of volunteers some cool opportunities.
2. Third-Party Software Assessments a la Consumer Reports: The buy-or-build decision is more important than ever as executive management puts increasing pressure on IT organizations for greater responsiveness and speed of execution. And one of our best ways to be responsive and fast is to buy a good product that meets our requirements rather than build it ourselves. (By third-party software, I mean products designed to satisfy a specific line of business need, such as an inventory management system, a resource scheduling system, etc). And yet, we're encountering third-party products of startlingly poor quality and/or oafishly bad security every single day. I was in a SQL Server security session delivered by the esteemed Brian Kelley (b | t) in Charleston late last year where he described a third-party employee badge management system (y'know, the kind that controls who gets in which doors of the building) that required a blank SA password... ON. A. SECURITY. SYSTEM! Outrageous. I recall thinking to myself "I call 'shenanigans'. A company selling products like that needs a flogging". It's so outrageous an example among multitudes (how many times have I seen third-party apps without any indexes?!?) that the public should know about it. And PASS has the industry-wide gravitas to do something like this without being capricious or arbitrary. Again, this could be a volunteer-driven effort in which various third-party and vertical applications are assessed on a handful of topics, such as security, database design, and code design. It could be a grade score, up/down score, or merely "passed". I don't care which, as long as I'm informed of which loser products to stay away from.
3. Advocacy: For the first couple years of PASS' existence, there was a board portfolio dedicated to advocacy. This portfolio was dedicated to collecting and pushing community sentiment back to Microsoft for things like new features, user experience, and product satisfaction. (If you've been a SQL Server person for a long time, you might remember the now defunct firstname.lastname@example.org mailbox where you could request a feature). The advocacy portfolio was dissolved when Microsoft implemented the Connect program, since you can use that site suggest bug fixes, comment on features, and otherwise seek engagement with Microsoft. So why would I suggest that PASS invest time and energy in advocating for specific and material action when Connect already exists? Basically because Microsoft doesn't seem to be paying more than perfunctory attention to Connect. The most common complaint among my MVP brethren is that everything gets marked as "Will not fix". With a PASS advocacy stakeholder, it becomes possible to come back and say "No, really, this is very important to us!" In addition, Connect doesn't provide a means for dialog. Here's an example, what if you wanted to have a discussion around which features are in Enterprise Edition compared to those in Standard Edition. That's a little too broad for a Connect entry. At present, the only way you can make your feelings known is passing them along to an MVP or to someone who works on the team at Microsoft. After that, you're out of options. So I think the time has returned for PASS to provide a community-based method for advocacy of features and product priorities.
And an honorable mention - Technical Fellows: A surprising fact I learned back when I was still a board director for PASS wrangling with Microsoft Learning about the creation of a high-level certification, which later became the MCM, was that the experts who contributed to the creation of the certifications could never receive the certification itself. Of course, that makes sense in hindsight, since the certification creators have unparalleled insight into the success factors of the certification. Yet, it seemed somehow unfair. I will allow that the Microsoft MVP program is probably an acceptable substitute for the merit in many cases. Except that Microsoft employees cannot get the MVP nod either and, in some cases, there are Microsoft employees who go way above and beyond their job requirements in the services of the wider SQL Server and data professional community. And so this discussion might dead-end right there. When I began to mull over this certain cadre of people who deserve an added bit of recognition, my mind went back to the IEEE Fellows program. Putting 'Technical Fellow' on your resume is a big deal. If you're not familiar with exactly the degree of prestige associated with that credential, then definitely read the IEEE program description. But, again, it somehow seems not quite right that some of our greatest independent luminaries, such as Adam Machanic (b | t) and Greg Low (b | t), or some of the great former Microsofties, like Donald Farmer (b | t) and Paul Randal (b |t), are omitted from the highest honors.
So what do you think? Do these suggestions have merit? Or are they good, but not as good as another idea you have? Care to share?
I'm looking forward to your comments! Best regards,
-Follow me on Twitter!
-More content at KevinEKline.com
Have you ever tried to hit a golf ball toward the pin, toss a dart at the bull's-eye, or chuck a fly at a trout? If you're like most people, your first attempt didn't come anywhere close to hitting the mark. Your golf ball may have found the woods, your dart may have sunk into the wall, and your fly may have slapped the back of your head.
These activities are skills that must be acquired through practice and discipline. You can read a book about all of them and you can study the mechanics of motion, but until you put it into practice it is all theoretical. And most times, theories don’t translate into success.
Becoming a strategic leader in your IT organization is very much the same.
Read the rest of the article at http://us7.campaign-archive1.com/?u=51432094668aa342ee652dd19&id=9534e29eb4
P.S. Let’s connect on social
media! I’m active on: Twitter | Facebook | YouTube | LinkedIn | Blog | SlideShare.
Haven't upgraded late? Well, SQL Server 2014 is a great place to start!
Perhaps this is your first time reading my column on DBTA.com or you don’t know much about SQL Server. If either of those are true, then it might be a surprise to you that Microsoft has accelerated the release cadence for SQL Server to around one new release every 18 to 24 months. Add in the fact that Microsoft goes to market with their beta releases, better known as Community Technology Preview (CTPs), several months before the official release of the product. That means we could be in for a rush of new features and upgrades every year or so. Wow.
Read the rest of my article at http://www.dbta.com/Columns/SQL-Server-Drill-Down/Whats-Coming-in-SQL-Server-2014-91858.aspx
P.S. Let’s connect on
social media! I’m active on: Twitter | Facebook | YouTube | LinkedIn
| Blog | SlideShare.
This month's edition of T-SQL Tuesday is being hosted by Tracy McKibben (T|B). I was challenged by Aaron Bertrand (T|B) to participate in this T-SQL Tuesday. I instantly knew what and who I wanted to write about, but my schedule being what it is prevented me from writing the blog entry until straight up at midnight. (Originally published at http://wp.me/p3rOiF-1CY).
Since this installment of T-SQL Tuesday happens to fall on Ada Lovelace Day, Tracy tells us that our mission – should we choose to accept it – is as follows:
Ada Lovelace has been an inspiration to many. In keeping with my blog theme, let’s call her a hero. We all have our heroes, those people who we admire, who inspire us, who we strive to be like. Who is your hero?
When I think about the contribution to the modern world given us by Ada Lovelace, I see the sort of hero which I love the best. Y'see, I'm most inspired not by the blood-n-guts heroics of an action film hero or the testosterone-laden conquests of a sports hero. I'm most inspired by the quiet hero who makes the world significantly better without the least bit of concern for praise or glory or fortune. I get dewy eyed from those quiet Medal of Honor heroes who say, even as the President himself pins a medal to their chest, "I was just doing what is right, sir. And that is reward enough". That is what inspires me. That is what I want to emulate.
But I didn't always know that.
I was 19 years old in 1987, when I happened upon a film playing on PBS. Back in those days, kids, you pretty much had to watch what was playing on the dozen channels or so that were available. Take it or leave it. I took it. Now for some context, I was penniless and from a family that was also very short on pennies at that time. I'd earned a few scholarships to my local university covering much of my tuition and although I wasn't flunking out, I wasn't quite thriving either. It was a struggle. I worked three jobs simultaneously, each one a part-time affair, that gave me just enough in aggregate to squeak by and keep my rusting, derelict car on the road - barely - and gas in the tank. I was short on more than just simple dollars. I was struggling with hope itself. It is fricken hard to be poor, the kind of poor where you skip meals because you simply have no money to buy food kind of poor. (Keep in mind that a single hamburger was less than $0.50 at the time). It's demeaning. It's depressing. And it's a dozen times worse, emotionally speaking, when you live in the midst of affluence and wealth. So my 19-year old self dealing was with all of these difficult emotions swirling around in my head, wrestling with the very concept of what it means to be a MAN in Cold Ware era USA, when this quiet animated feature begins to play.
[Sidebar: I'd missed the very beginning of the film, so I didn't know that it was that year's winner of the Acadamy Award for Best Animated Short Film or that it'd also won the Short Film Palme d'Or. I didn't know those things, in fact, until just now when I finally dredged up the video on YouTube. I found this video within 3 minutes of my first Google search. 3 minutes! On a video I hadn't seen in almost 30 years. Good grief, people! We live in an era in which we no longer have to wonder the answer to ANY question and yet we spend all our time looking at funny cat pictures? WTH?!?]
The film was called The Man Who Planted Trees, and you can see it at the embedded link below. I ask you to watch it. It's almost 30-minutes on the dot. That's a big investment of your time. I know you have a thousand other things begging your time, but maybe you could carve out a few for this small thing? Pretty please?
I think the most important lesson I learned from The Man Who Planted Trees is that to make something really, truly good and strongly enduring takes a lot of time, perhaps decades, and hard effort. A corollary of that lesson is that even small changes today, like compound interest, can deliver amazing payoffs in the future to everyone's benefit. That's the hero I wanted to be like when I grew up. And I had it on my mind, years later, when I was asked to take a seat as a founding board member of SQLPASS in 1999.
There are many so real-life heroes who, when you consider it, could've deviated from the same path walked by the Man who planted trees. What if Alexander Fleming had patented penicillin so that he could "maximize his investment" and "restrict competition"? What if Marie Curie had hidden all of her radium studies behind trademark and trade secrets barriers? What if Jonas Salk had said to himself "I can make a lot of money off of this smallpox vaccine!" And Ada Lovelace herself, she established the early dictums of computer programming simply because she thoroughly enjoyed the intellectual exercise offered by Babbage's difference engine. I shudder to think what our world would be like today without heroes like Ada.
-Follow me on Twitter!
One of my favorite events is just around the corner! It's just a few days until SQL Saturday Dublin, Ireland’s largest SQL Server conference on the 19th/20th September, run as a community event by the SQL Ireland User Group.
Have You Seen the Schedule?
The schedule is complete with an amazing line up of speakers from around the world and you can download a copy HERE. Closer to the event we will be launching a mobile guidebook so you can plan your schedule on a mobile device. I'll be doing my very popular session Convince Me - Persuasion Techniques for IT Pros that Get Things Done.
Step Up to the Challenge as a Speaker!
If you want to present a five minute lightning talk then email sqlSat310@sqlsaturday.com with your title, or just turn up at the day and register at the registration desk. Free event T-Shirt and prizes awarded for best new speaker, most entertaining and a special "call my SQL bluff category".
Can't Attend the Event?
We are nearing capacity for the Saturday event so if you registered but are now certain that you can't make it, please free up your place for someone else to register on the link below
Post Event Raffle, Fun, Food and Social
SQLSatDublin equals FUN and LEARNING. One major bit of fun planned for the event is the 2:00 PM expert panel discussion. Think of it as an opportunity to ask questions of the panel of experts in interactive, lighthearted, and ad-hoc style. Come join in the fun! (Not that the subtitles are NOT my own).
SQLSatDublin has a great track record for the after event-party and this year is no exception! The event finishes at 17:30 with a raffle of prizes to event attendees, some excellent food and a party into the evening. We have some very exciting entertainment planned so please do stay for the food and party if you can make it and tell us if you can make the social event by clicking the link HERE. Last year prizes includes Microsoft Surfaces, Digital Cameras, iPads, free licenses to software suites, vouchers and books. Visit the sponsors at the event for details of this years prizes.
Have you booked your Pre-con Seminar for Friday 19th Sept ?
Don't forget to book a whole day deep dive on Friday if you can make it. We have SIX whole day workshops to choose from with some of the best Industry experts available. Available at 299 euro for a few more days. All proceeds go towards the SQL Saturday event. Of course, I'd prefer for you to come to my workshop, but frankly I'd really like to attend all of the other workshops myself! Get more details by clicking the link(s) below:
Microsoft Azure Bootcamp - Conor Cunningham and Ewan Fairweather
Real World Database Configuration and Tuning for SQL 2012 - Kevin Kline <<== ME!
SQL Server for Developers - Mladen Prajdic
Storage and Virtualisation for the DBA - Denny Cherry
Building the Modern Data Warehouse Architecture - Karen Lopez
Thanks very much! Enjoy,
-Kevin-More content, slides, and information at KevinEKline.com
-Follow me on Twitter!
I always enjoy presenting at the DevLink conference, presented each summer in middle Tennessee. This year, I'm trying to be a better social media person and actually post my slides (in their most recent forms) on my SlideShare account for everyone to see and share. If you attended my session(s) and enjoyed them, feel free to download the content here. But it'd be even better if you also left a few words in the Comment section. Skip below to grab the slide decks.
Thanks very much! Enjoy,
-Follow me on Twitter!
-More content at KevinEKline.com
Microsoft SQL Server Internals & Architecture
Let’s face it. You can effectively do many IT jobs related to Microsoft SQL Server without knowing the internals of how SQL Server works. Many great developers, DBAs, and designers get their day-to-day work completed on time and with reasonable quality while never really knowing what’s happening behind the scenes. But if you want to take your skills to the next level, it’s critical to know SQL Server’s internal processes and architecture. This session will answer questions like:
- What are the various areas of memory inside of SQL Server?
- How are queries handled behind the scenes?
- What does SQL Server do with procedural code, like functions, procedures, and triggers?
- What happens during checkpoints? Lazywrites?
- How are IOs handled with regards to transaction logs and database?
- What happens when transaction logs and databases grow or shrinks?
This fast paced session will take you through many aspects of the internal operations of SQL Server and, for those topics we don’t cover, will point you to resources where you can get more information.
Convince Me - Persuasion Techniques that Get Things Done for IT Pros
Ever wanted to convince the boss try something new, but didn't know where to start? Ever tried to lead your peers only to fail to achieve your goals? This session teaches you the eight techniques of influencing IT professionals, so that you can innovate and achieve change in your organization.
1. Learn about the fundamental difference between influence and authority and how you can achieve a high degree of influence without explicit authority.
2. Learn the eight techniques of influencing IT professionals, when to apply them, and how to best use them.
3. Discover the communication and procedural techniques that ensure your ideas get a hearing by bosses and peers, and how to best win support for them.
Ten Query Tuning Techniques Every SQL Developer Should Know
SELECT statements have a reputation for being very easy to write, but hard to write very well. This session will take you through ten of the most problematic patterns and anti-patterns when writing queries and how to deal with them all. Loaded with live demonstrations and useful techniques, this session will teach you how to take your Microsoft SQL Server queries mundane to masterful.
Top 10 DBA Mistakes on Microsoft SQL Server
Microsoft SQL Server is easier to administrate than any other mainstream relational database on the market. But “easier than everyone else” doesn’t mean it’s easy. And it doesn’t mean that database administration on SQL Server is problem free. Since SQL Server frequently grows up from small, home-grown applications, many IT professionals end up encountering issues that others have tackled and solved years ago. Why not learn from those who first blazed the trails of database administration, so that we don’t make the same mistakes over and over again. In fact, wouldn’t you like to learn about those mistakes before they ever happen?
There is a short list of mistakes that, if you know of them in advance, will make your life much easier. These mistakes are the “low hanging fruit” of application design, development, and administration. Once you apply the lessons learned from this session, you’ll find yourself performing at a higher level of efficiency and effectiveness than before.
I just got finished reading a great blog post from my buddy, Thomas LaRock (t | b), in which he describes a useful personal policy he used to track changes made to his SQL Servers when installing third-party products. Note that I'm talking about line-of-business applications here - your inventory management systems and help desk ticketing apps. I'm not talking about monitoring and tuning applications since they, by their very nature, need a different sort of access to your back-end server resources. (Full disclosure: both Tom and I currently work for different tools vendors. But we're both wearing our former enterprise DBA hats for this discussion).
You can read Tom's blog post, as well as download the T-SQL script which checks for the most common vendor red flags, HERE. I strongly recommend that you read this post and utilize his script, or some similar technology such as Policy-Based Management, to accomplish the same ends. I penciled in a quick comment on Tom's post. But as my comment began to lengthen, I realized it might make a nice supplement to his insights as a blog post of my own.
So here's my addition to Tom's post:
Third-Party Applications Also Raise a Red Flag for Things They DO NOT CHANGE in Your SQL Server, BUT SHOULD.
One area where I frequently regretted the need for vendor apps, when I worked as an enterprise DBA, was in security. Nothing sends quite as strong a message of "We don't really care enough to work hard on this application" like an app which uses only the SA account for user access.
This practice of using SA for a line-of-business application is so bad on so many levels. My experiences showed that most apps that used only SA to access the database had many other problems. First of all, you could be certain that security was the least of their concerns and that there'd be other flagrant breaches of database security best practices. But often, upon deeper inspection, I would discover that use of SA as the only account for an application has the harbinger of database design issues, lurking performance problems, and lousy code. That one red flag foretold of very bad things to come with that vendor's product.
Now in case you were hiding in a cave and/or refused to ever read the news, I want to remind you that SQL injection hacker attacks are one of the most damaging of all hacks on the Internet. And much of the time, those SQL injection attack happen because of sloppy coding practices such as using SA for standard transaction processing. Surely you mean "sloppy security practices", Kevin? Nope. I mean CODING. The main reason these applications rely on SA is because the development team did not want to code a more robust authorization system. "Hey, let's give it ALL to the end-user. They know what they're doing, right?" Well, sometimes. But you can't count on that assumption. And you can also assume that bad people who are not users will want to break in to the application. Again, there's that word 'harbinger' again. It just sounds so fricken ominous, doesn't it? But I digress...
The next time you are face with the buy versus build decision and the executives choose to buy, make sure that the application DOES NOT USE SA for standard transactional data processing. For example, if your company installs a new help desk ticketing application, make sure the application comes with at least a distinct account for data readers, a data writer, and for super-users, FOR THAT ONE DATABASE.
If you don't know whether an application and its backend database use SA or not, be sure to check. (Tom's script helps you do that). And if you're able to influence future buy vs build decisions, be sure to make this a sticking point. Nothing helps an application vendor clean up their act, technologically speaking, like telling them WHY they are losing your business. You'll make the world a better place.
So what do you think? Are there other things about installing a vendor database that raise a red flag when they do not change? What are they? I'd love to hear your comments.
-Follow me on Twitter!
-More content at KevinEKline.com
Join Me at SQLSaturday #288 in Beautiful Ft. Lauderdale, FL
SQLSaturday is a training event for SQL Server professionals and those wanting to learn about SQL Server. This event will be held Jun 14 2014 at 3301 College Avenue, Davie, FL 33314. Admittance to this event is free, all costs are covered by donations and sponsorships. Please register soon as seating is limited, and let friends and colleagues know about the event.
Where Is It?
This event will be held on Jun 14, 2014 at Nova Southeastern University 3301 College Ave, Davie, FL 33314. You need to go to the Carl DeSantis building. Please note that the entrance to the building is located about 400 yards to the east of University Drive, on College Avenue. Click here for more information and see the map: Location
At What Time Does It Start?
The event will start at 8:30am sharp with a Keynote and WIT panel (auditorium), doors open at 7:30am. Please come early to get a free breakfast and your bag. A limited number of bags will be available.
Get In On My Pre-Con While There are Still Seats!
Title: 50 Things All SQL Server Developers Need to Know
The early bird discount of $99 closed on May 15th. The class fee is now $125 for all registrations made thereafter, so be sure to reserve your spot. Class size is limited and registration will be based on a first come first served basis. Read the registration page for more details about the class. But here's a quick overview:
In this session, you’ll learn:
1. Internal operations of the SQL Server query optimizer and caching mechanisms and their impact on T-SQL code performance, including ways to shortcut default behavior using trace flags.
2. Tricks, techniques, and metadata analysis needed to make T-SQL code, including queries and stored procedures, achieve top performance and maximum reliability.
3. A variety of patterns and anti-patterns in T-SQL coding that are common challenges for all but the most advanced database developers.
With these 50 tricks and techniques in your coding toolkit, you’ll be able to write T-SQL code that consumes less system CPU, memory, and IO, while being easier to maintain and offering faster performance.
I hope to see you there!
-Follow me on Twitter!
I was recently chatting with the current President of PASS, Thomas LaRock (Twitter | Blog), and Pieter Vanhove (Twitter | Blog), a prominent SQL Server consultant and expert in Belgium, about how I go about building and presenting a full-day technical seminar. In the SQL Server world, we tend to call these "pre-cons", as in pre-conference seminar, because they're typically offered as paid add-ons occurring prior to a full technical conference. We call them that even when they come at the end of the conference and, heck, when there's no conference at all.
Kevin and Kendal Van Dyke preparing to kick off a session at the PASS Summit 2013
Personally, I have developed and delivered six different pre-cons over the years. Four are purely technical and two are professional development oriented. I keep them up to date and deliver around six per year these days, though I've done as many as ten in a single year. (But that was because I had a daughter's wedding to pay for. Shameless plug - HIRE ME to deliver one of these in house.)
The Foundation of a Good Pre-Con Seminar is a Good Topic
There are a ton of perennially favorite topics which, once you write the session, you’ll be able to present over and over again. One interesting technique to choose a good topic, if you're not sure what you want to present, is to use Google Insight to see what are the most popular variations of a topic you feel strongly about. Here are some additional thoughts on choosing a topic:
1. The most popular topics are always focused on ‘help me do my current work better/faster/stronger’. Broad, but fundamental topics tend to draw bigger audiences than niche topics. However, some events have a large enough attendance that even niche topics will pack a room. And always remember that your event organizer's goal is to pack the room, no matter how much they like you.
a. The biggest winners in my market are server troubleshooting & performance tuning (for DBAs) and various topics on better SQL coding (for devs). That’s why a session on performance tuning or coding best practices will bring in more attendees than, say, a session on features in the newest release or professional development. That’s sad for me, since I love leadership and career training and have a really good full day pre-con on the topic, but they never bring in more than 1/3 of what the biggest tech session brings in. And don't forget - people love to hear about mistakes to avoid just as much as how to do things better. So "gotcha" topics can bring in just as many attendees as a best practices session.
b. Sessions that drill into a hot and hyped new technology tend to do really well too. So something like ‘Implementing Big Data with SQL Server’ can bring in a big crowd. But technologies that are too broad and ill-defined have the opposite effect on attendance. For example, many people still don't "get" Azure or cloud computing in general. So, while it's definitely a worthwhile topic, don't be disappointed if you don't put a butt in every seat.
c. Some pre-cons are feature-oriented, like Replication or Disaster Recovery. Many of these features are very cool, but are only available in SQL Server Enterprise Edition. For example, some of the Always On Availability Group features are EE only. Less people have Enterprise Edition than Standard Edition, so less people will come to an Enterprise Edition-oriented session. The features you plan to discuss will directly correlate to your attendance numbers. I'm telling you to avoid these topics, rather just expect it to have an impact in the size of your audience.
2. You will absolutely spend way too much time researching and developing your slide deck. So it’s also always good to choose a topic you want to learn more about. This’ll not only improve the attendees skills, but yours as well. Want to learn more about Hekaton? Then include it in your pre-con. Want to learn more about SQL Server query tuning? Write and deliver a session on it. You'll learn it better than you ever would, independently, because you know you'll get tough questions and you want to be prepared for those.
You Can Attract and 'Manage' Your Audience Through Your Abstract
This is the second most important step. You can’t control what your audience is like once they get into the room. But you can strongly influence who decides to come into the room in the first place with your session title and abstract.
Personally, I believe your title should immediately inform the reader of the topic and who is intended to reach, such as "Cutting Edge Debugging Techniques for the .NET Developer" or "Top 10 Mistakes New Tech Managers Make". The title is alone constitutes 60-75% (by my careful, non-scientific assessment) of what will drive an attendee to your session. In fact, many attendees never even read the session abstract, unless there are two sessions at the same time that seem equally worth attending. In that case, the abstract is often the tie-breaker.
Be sure that your abstract explains not only what the session is about, but what the topic is and why people should care about it. I can't tell you how many times I've seen a session abstract that names a specific, niche feature in the title but doesn't tell what that feature is in the abstract. I once saw a session whose title was, and I paraphrase, "Introduction to the Flux Capacitor". The abstract said I'd learn three cool was to use the flux capacitor and would see live demos of the flux capacitor in action. But it didn't say what tool the flux capacitor was used in (.NET? BI? Java? SQL Server? SharePoint?), who would use it, what it did, or why it matter. And I always like to include at least three high-level topics the attendee will leave having learned.
Having said all of that, I feel like there's no better write-up of how to write a top quality session abstracts that in the blog post by Adam Machanic (b | t) entitled "Capturing Attention: Writing Great Session Descriptions". This is such a good overview of doing abstract writing the right way that I wish technical conferences would make this required reading for their speaker submissions. (Are you listening SQL Saturday?)
Planning and Building Your Presentation
A lot of accomplished speakers who've done one-hour sessions become both excited and terrified about doing a full 7- to 8-hour session. And one of the first fears that people share with me is that they won't have enough to say or that they'll be able to fill the time. Believe me - this will not be your problem. In fact, if you properly research your presentation and read what other writers and bloggers have to say, you will have difficulty fitting everything you want to talk about within your allotted time.
Here are some planning tips I use for planning and building my sessions:
1. I estimate that I’ll speak 3 minutes per slide. Then I do the math for how many slides I can fit into the amount time I have in the given session slot. For example, a 75 minute session should not have more than 20’ish slides, taking into account some time for the introductory and closing slides, questions, and demos.
2. Attendees are idiots AND geniuses simultaneously. One surprising thing I’ve learned after averaging about 6 pre-cons per year for the last few years is that no one reads the session-level advice (i.e. whether it’s a 200, 300, or 400 level session). They always read the titles, and possibly skim the abstract, and then make their decision based on that.
a. Here’s an important part tip for your presentation: you will definitely have plenty, maybe even a surprising number, of attendees who don’t know the basics of your topic. For example, in a recent pre-con called "50 Things Every SQL Developer Should Know" that my buddy, Aaron Bertrand (b | t) and I presented at SQL Intersection, I now include a whole section discussing how the plan cache works and how to read execution plans. I clearly told attendees that they needed to know those things as prerequisites, but I’d say about 40-50% of the attendees in fact did not know the fundamentals.
b. At the same time: You will have attendees who are quite advanced. I try to identify those kinds of attendees early on (often by explicitly asking who has a lot of experience), then I try to include them as allies in the presentation. I ask their feedback a lot and give them a lot of eye contact. If there’s a question that seems tough, I might turn towards them and say “Have you ever seen that in your shop? How did you deal with it?” Usually, if they’re experienced and knowledgeable, then they love to share. It’s often as enjoyable for them to be recognized as smart as it would be to learn some big, new skill or technique. That helps keeps both ends of the talent spectrum equally happy.
3. Demos are the most stressful part of even one-hour sessions. It’s an order of magnitude worse in a day-long session. In my case, I strive for a high degree of deliberately assessed order and standardization:
a. Never install new software or change your configuration within 48 hours of your presentation. If some enterprise policy forces a change, assume the worst and retest all of your demos.
b. Include in the PPT notes panel the exact path and filename for a demo file that a particular slide relates to. It's not as important if you recently wrote the slide deck. But it becomes very important if you wrote the session a while ago and no longer know all of the facts cold about your demos. For that matter, I’m now putting a number prefix on all of my SQL scripts so I can see which to load into SSMS in what order. Also, SSMS orders open tabs automatically. So numbering them works much better than giving only an alphabetic name.
c. If you’re running short on time, explain the concepts and tell where attendees can find the demo scripts, but skip the demos themselves.
d. One thing I’ve started to do, especially for really complex or annoying demos (e.g. a demo involving multiple servers such as a big Availability Group), is to either screenshot the whole demo process or make a video of the demo using Camtasia. Then I show the slides or the video instead of the real work environment. That way I can illustrate the principles involved without ever risking something going wrong. Attendees don’t seem to mind at all.
e. This is so axiomatic that I shouldn't have to mention it, but just in case, create your demos in such a way that they require very little new typing. If you have to do more than change a parameter or two, then you need to work on your demos a bit more.
4. For goodness' sake, get to the room as early as is practical and get comfortable with the learning environment. Expect problems with setup. Many laptops have issues with certain types of projects and require a lot of tinkering to get working properly. And carry spare equipment for crazy and unexpected issues. Batteries for your wireless mouse is practical, of course, but other mind-boggling things can happen. For example, I've spoken at many facilities which did not have an electrical outlet anywhere near the podium. My lesson learned? I always carry a 3m extension chord.
Making the Session Memorable
There are several small tips and tricks you can use to make sure your session is memorable and well-regarded. (And when you have well-regarded sessions, you get invited to do more session. It's a positive feedback loop, engineers!) Here are some of my favorite techniques:
1. Work with a co-presenter. Personally, I love working with co-presenters. This might not be your cup of tea, since you have to split revenue, and I can respect that. But hear me out. On the one hand, the shared workload for both writing and presenting the pre-con is much easier. And don't forget that most of us aren't used to standing or speaking for 8-hrs straight. So being able to tag-team with another presenter off and on through the day can be like mana from heaven at times when you're flagging. On the other hand, audiences find dialogue much more entertaining than monologue. Have you ever noticed that the morning radio show on your drive to work is no longer a single, lonely DJ? There is almost always at least two and sometimes as many as a half-dozen people on the "!!WKRP Morning Team!! Caffeinate your day!!" show, and sometimes even skits and almost-comedy bits. People just enjoy that format more and it translates into measurably ratings for the radio stations. It will for you too.
2. Quiz the attendees as you go along. You want people to remember your session and, even better, recommend it to others. One trick that I learned when I was trying to master recall of names is to repeat a person's name back a time or two before the introduction concludes. You can use this tip, as a presenter, to help your attendees remember aspects of your session. After you've advanced the slide, find a reason to ask a question relevant to an earlier slide. In some cases, I've started to substitute old fashioned slide notes pages (i.e. a list of standard bullet points) for a quiz sheet, which is essential the same list of bullet points with a single key word as a fill-in-the-blank. The attendees will really get into making sure those blanks are filled it. If you miss one, they'll make you go back and tell them what goes in the blank. (Hooray! They were paying attention!) Make it fun. Tease them jokingly if they forgot something you just talked about. But keep the attendees engaged and mindful of the major lessons.
3. Provide useful takeaways. Attendees love to be able to reference a list of takeaways. Just think about all the great sessions you have ever been to before. They usually have some level of detail for you to consume easily and walk away with or reference later. They have clean demo scripts with lots of comments that would stand on their own without slides or someone speaking. They offer the attendee the ability to be immersed in the "here and now" and the ability to come back for a summary to jog their memory. In my case, I actually have a password protected area of my website where attendees can download the slide decks and demo scripts to all of my pre-cons. My theory being that the attendee has paid for this training, so I want to provide an incentive for them to view me as one of the Go-To references going forward, to encourage them to attend other pre-cons of mine, and to nudge them to promote me to others.
Well, that’s my BULK INSERT for pulling off a successful and repeatable pre-con. Have you done a full day training session yourself? What sort of techniques have you learned to make your session more effective and memorable? Share your thoughts and questions here.
-Follow me on Twitter!
I don’t know if you’re planning to attend the PASS Business Analytics Conference. But you'll be missing a ton of great content especially for data, analytics, and business intelligence professionals. There's still plenty of time to register and, if you use my discount code – BABS2B – you'll get $150 off the conference registration fee. There will be more than 60 sessions at the event by BA/BI experts from Intuit, Microsoft, SurveyMonkey, Wells Fargo, and more.
Last year’s inaugural event was quite the shindig, bringing in around 900 business analysts, data scientists, architects, and BI and IT professionals to connect, share, and learn how to get the most out of their data. This year’s conference promises even more real-world insights and best practices, how-to guidance, and strategic vision from some of the most knowledgeable and top-rated speakers in the industry.
Still don't know what kind of content I'm talking about. Then check out the recorded content, which is more or less a preview of the full PASS BAC from the February 5th webinar phenom known as the 24 Hours of PASS: Business Analytics Edition.
BEWARE: Not All Sessions Are Easy To Find
Those 60+ session abstracts of the PASS BAC I mentioned earlier are all on-line. That way you can easily plan in advance which sessions will be most useful to you. However, not all sessions are listed there. How so? Well, it turns out the sessions sponsored by vendors don't show up on the regular session lists. You have to jump to the PASS BAC Sponsors page and drill down on the upper-right side of the page from there to get the details.
I want to draw special attention to our Friday morning breakfast panel session, which is always very popular with attendees. (Srsly - I have plenty of people tell me that our panel discussions are one of, if not the most favorite and practical of the event). Here's what we're doing this year:
Title: Lessons Learned in Self-Service BI; Friday, May 9, 6:45am - 7:45am, Room 230A
Abstract: For years, when it comes to self-service BI the automatic assumption was the Microsoft Excel was the tool of first and last resort. Now, after many years of enriching the features of the data stack, Microsoft offers many different ways and tools to perform business analytics. Some approaches require heavy involvement from DBAs, SharePoint administrators, and other data and business specialists. Other approaches enable end-users to process their own analytics much more quickly and with less interaction from the IT organization. Which is most effective? Which is the easiest to rollout and maintain? There are pros and cons to each possible approach, as well as hidden and repeating patterns, that are hard to foresee unless you’ve actually been through multiple implementations.
Panel: SQL Sentry’s panel of renowned data analytics and business intelligence experts will discuss a variety of real-world obstacles and accelerators to a strong self-service implementation of business intelligence and analytics that is both useful, effective, maintainable, and inexpensive. This year's panel includes: Chris Webb (b | t ), Jen Stirrup (b | t ), Paul Turley (b), and Stacia Misner ( b |t ).
Come Join Us!
You can see the registration page at https://sqlsentrypassbaconference.eventbrite.com or by clicking on the image below. Two quick reminders. One, I know it's ridiculously early. But the content is always great and you get a high-quality hot breakfast. Two, I strongly encourage you to register since seating is limited and it always fills up.
Have any questions of your own, then feel free to plug them in here. I've got plenty of questions queued up already. But I'm always open to more. I hope to see you there!
-Follow me on Twitter!