Daily Tech Digest - March 23, 2020

You Need to Know SQL Temporary Table

We have been warned to NOT write any business logic in databases using triggers, stored procedures, and so on. It doesn’t mean we don’t need to know database systems. Being competent in database systems could save us a lot of work. For example, managers or customers often send us an email or a short notice asking for some one-off reports. Then we need to quickly log into the database servers and generate reports with either a list of parameters or a CSV file from requesters. ... There are two types of temporary tables: local and global temporary tables. Both of them share similar behaviors, except that the global temporary tables are visible across sessions. Moreover, the two types of temporary tables have different naming rules: local temporary tables should have names that start with a hash symbol (#); while the names of global temporary tables should start with two hash symbols (##). All temporary tables are stored in System Databases -> tempdb -> Temporary Tables.

Remote work tests corporate pandemic plans

IT leaders across the country are shifting gears from accommodating short-term remote work strategies for snowstorms, hurricanes and other natural disasters to how to help workers plan for and remain productive in a longer-term remote work environment. Due to the duration of the pandemic, Miami-based ChenMed, an operator of 60 senior health centers in the eastern U.S., intends to offer the small number of 2,500 users who don't have a laptop, such as front desk staff, the opportunity to take home their desktops so they can continue to answer patient calls and conduct other business. "Yes, it creates a lot more complexity in helping users set that up, but we want them to have a great experience versus trying to use an old computer at home," CIO Hernando Celada said. This strategy gives him confidence that the machines will be secure when the time comes for workers to be sent home, which will be at the first sign of community spread of the virus because ChenMed's patient population is the most vulnerable.

Private cloud reimagined as equal partner in multi-cloud world

hybrid cloud
Forrester's Gardner argues that repatriation is not a broad trend. "It's simply not true," he says. There may be some companies moving a specific application back to the private cloud for performance, regulatory or data gravity reasons, but repatriation is a relatively isolated phenomenon. The latest Gartner thinking on repatriation is in agreement with Gardner. "Contrary to market chatter that customers are abandoning the public cloud, consumption continues to grow as organizations leverage new capabilities to drive transformation. Certain workloads with low affinities to public cloud may be repatriated, largely because the migrations were not sufficiently thought through. But few organizations are wholly abandoning the public cloud at any technology layer," reads a 2019 Gartner report from analysts Brandon Medford, Sid Nag and Mike Dorosh. Warrilow says flatly, "Repatriation in net terms is not happening." He adds that there will always be a small number of workloads that go back to the private cloud as part of an organization's ongoing evaluation of the best landing spot for specific workloads.

What’s New in SQL Monitor 10?

SQL Monitor does the best job it can, out of the box, of setting up a useful core set of metrics and alerts, with sensible thresholds. However, the right alerts and the right thresholds are 100% dependent on your systems. A group or class of servers may all need the same alert types with the same thresholds, but these may well be different from those for other classes of server. Also, your group of VMWare-based servers, for example, may need different thresholds than your bare-metal servers for the same set of memory-related alerts. Configuring all this in the GUI, server-by-server, can be time consuming and it’s easy to introduce discrepancies. This alert configuration task, just like any other SQL Server management or maintenance task should be automated. With the PowerShell API, you now write PowerShell scripts to set up the alerts on a machine in a way that is exactly in accordance with your requirements. You then use that as a model to copy all the settings to other machines, or just groups of machines.

Can APIs be copyrighted?

Can APIs be copyrighted?
The law is very clear about copyright. If a programmer writes down some code, the programmer owns the copyright on the work. The programmer may choose to trade that copyright for a paycheck or donate it to an open source project, but the decision is entirely the programmer’s. An API may not be standalone code, but it’s still the hard work of a person. The programmers will make many creative decisions along the way about the best or most graceful way to share their computational bounty. ... APIs are purely functional and the copyright law doesn’t protect the merely functional expressions. If you say “yes” to a flight attendant offering you coffee, you’re not plagiarizing or violating the copyright of the ancient human who coined the word “yes.” You’re just replying in the only way you can. Imagine if some clever car manufacturer copyrighted the steering wheel and the location of the pedals. The car manufacturers have plenty of ways to get creative about fins and paint colors. Do they need to make it impossible to rent or borrow a car without a lesson on how to steer it? The law recognizes that there are good reasons not to allow copyright to control functional expressions.

From Zero to Hero: CISO Edition

With new attacks forming faster than the technologies to fight them, holding CISOs to an entirely unrealistic standard doesn’t actually serve anyone. The truth is that no matter how many technologies are deployed or how good the security posture is, 100% protection from cyberattacks is simply not possible. Perhaps senior leadership and boards of directors are finally starting to acknowledge this fact, or perhaps they're starting to realize that a successful response to an attack, along with actions by other parts of the organization, contribute to the ultimate scale and scope of the event. CISOs are uniquely capable of gauging cyber-risk and how to reduce it. Experienced CISOs understand the threats their companies face and know how to deploy the optimal mix of people, processes, and technologies, weighed against threats, to provide the best possible level of protection. Organizations that understand this are leading the charge in shifting the perception of the CISO from technical manager to strategic risk leader.

Most common cyberattacks we'll see in 2020

By convincingly impersonating legitimate brands, phishing emails can trick unsuspecting users into revealing account credentials, financial information, and other sensitive data. Spear phishing messages are especially crafty, as they target executives, IT staff, and other individuals who may have administrative or high-end privileges. Defending against phishing attacks requires both technology and awareness training. Businesses should adopt email filtering tools such as Proofpoint and the filtering functionality built into Office 365, said Thor Edens, director of Information Security at data analytics firm Babel Street. Business-focused mobile phishing attacks are likely to spread in 2020, according to Jon Oltsik, senior principal analyst for market intelligence firm Enterprise Strategy Group. As such, IT executives should analyze their mobile security as part of their overall strategy. "Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink," said Greg Miller, owner of IT service provider CMIT Solutions of Orange County.

Las Vegas shores up SecOps with multi-factor authentication

Las Vegas initially rolled out Okta in 2018 to improve the efficiency of its IT help desk. Sherwood estimated the access management system cut down on help desk calls relating to forgotten passwords and password resets by 25%. The help desk also no longer had to manually install new applications for users because of an internal web portal connected to Okta that automatically manages authorization and permissions for self-service downloads. That freed up help desk employees for more strategic SecOps work, which now includes the multi-factor authentication rollout. Another SecOps update slated for this year will add city employees' mobile devices to the Okta identity management system, and an Okta single sign-on service for Las Vegas citizens that use the city's web portal. Residents will get one login for all services under this plan, Sherwood said. "If they get a parking citation and they're used to paying their sewer bill, it's the same login, and they can pay them both through a shopping cart."

Coronavirus challenges capacity, but core networks are holding up

A stressed employee works alone in a dimly lit office.
Increased use of conferencing apps may affect their availability for reasons other than network capacity. For example, according to ThousandEyes, users around the globe were unable to connect to their Zoom meetings for approximately 20 minutes on Friday due to failed DNS resolution. Others too are monitoring data traffic looking for warning signs of slowdowns. “Traffic towards video conferencing, streaming services and news, e-commerce websites has surged. We've seen growth in traffic from residential broadband networks, and a slowing of traffic from businesses and universities," wrote Louis Poinsignon a network engineer with CloudFlare in a blog about Internet traffic patterns. He noted that on March 13 when the US announced a state of emergency, CloudFlare’s US data centers served 20% more traffic than usual. Poinsignon noted that Internet Exchange Points, where Internet service providers and content providers can exchange data directly (rather than via a third party) have also seen spikes in traffic. For example, Amsterdam (AMS-IX), London (LINX) and Frankfurt (DE-CIX), a 10-20% increase was seen around March 9.

With a large segment of the population confined to their homes having to consume bandwidth, the internet free-for-all we have enjoyed to date is all but done. Emergency legislation or an executive order needs to be enacted to limit video content streaming to 720p across all content services, such as from Netflix, Hulu, Apple TV, Disney+, YouTube, and other providers. Traffic prioritization and shaping need to be put in place for core business applications during prime hours, which includes video conferencing for business and personal use. This would effectively be the opposite of net neutrality, as an emergency measure. Internet video streaming traffic should be prioritized for essential news providers, and the government should provide incentives for them to broadcast their content (and for home-bound citizens to consume it) over-the-air (OTA) so that additional bandwidth can be freed up. Remember the antenna and devices with built-in tuners? It may be an appropriate time to shift some programming back to the airwaves, and even bring back the DVR, so that programming can be transferred to devices during off-hours when networks aren't saturated.

Quote for the day:

"Individual commitment to a group effort - that is what makes a team work, a company work, a society work, a civilization work." -- Vince Lombardi

No comments:

Post a Comment