THIS ISSUE SPONSORED BY
DB2 vs. SQL Server
SQL Server Security Mini-Series
(below NEWS AND VIEWS)
SPONSOR: FREE INDUSTRIAL-STRENGTH BUSINESS INTELLIGENCE BOOK
Does your BI infrastructure have the backbone to integrate all your BI applications? Only MicroStrategy's Industrial-Strength Business Intelligence Platform is built with a unified backplane to deliver all 5 styles of BI over the Internet, while scaling to thousands of users and analyzing multi-terabyte data warehouses. Find out how:
September 18, 2003—In this issue:
- Talk Back to UPDATE
2. SQL SERVER NEWS AND VIEWS
- Here We Go Again: Microsoft Issues New Security Fix
- Oracle Database Revenue Fell in First Quarter
- Results of Previous Instant Poll: Using SQL Server 2000 Developer Edition
- New Instant Poll: Patching the RPCSS Vulnerability
- Want to Get a Free SQL Server Magazine Portfolio?
- Attend and Win a Harley-Davidson
- What's New in SQL Server Magazine: ADO Connection Strings
- Hot Thread: Improving SQL Server 2000 Cache Hit Ratio
- Tip: Verifying Database Connections
5. HOT RELEASE (ADVERTISEMENT)
- Get High-Speed Access to Article Archives
6. NEW AND IMPROVED
- Perform Data Integration Across Disparate Databases
- Take Inventory of Your Hardware and Software
7. CONTACT US
See this section for a list of ways to contact us.
(contributed by Brian Moran, news editor, [email protected])
We care, we listen, and we want to serve you better! It's been too long since I asked readers for comprehensive feedback about how you think we're doing here at SQL Server Magazine UPDATE. This week, I'd like to gather some basic technical information about you, your SQL Server deployments, and what you like or don't like about SQL Server Magazine UPDATE.
I know you're busy, but we'd appreciate you taking a few minutes to help us better serve your needs. Feel free to answer as few or as many questions as you like or to send me information that I didn't think to ask about. Email your answers directly to me at [email protected]
- Tell me about you and your environment. What is your role? How long have you been working with SQL Server or another relational database management system (RDBMS)? Which versions of SQL Server are you running, and what databases do you work with in addition to SQL Server? If you're running SQL Server 7.0 or earlier, do you plan to upgrade to SQL Server 2000? Are you running SQL Server on Windows Server 2003, Windows 2000, or Windows NT? What level of experience do you have with SQL Server—do you consider yourself a novice, a knowledgeable veteran, or an expert? Do you regularly use Analysis Services, full-text indexing in SQL Server, or SQL Server 2000's integrated support for XML? What are your favorite SQL Server-related third-party products and why do you like them? What technical conferences do you attend regularly? Do you belong to a local SQL Server users group?
- Tell me about SQL Server. What are your five favorite SQL Server features? What are five new features that you'd like to see in the next version? What are your five least favorite SQL Server 2000 behaviors? How big is your largest database (in number of rows or total disk space)? What is the peak number of transactions per second that your database handles?
- Tell me about SQL Server Magazine UPDATE. What do you like best about SQL Server Magazine UPDATE? What do you like least about SQL Server Magazine UPDATE? What type of content do you prefer in SQL Server Magazine UPDATE: how-to, tutorial, opinion, or another kind of information? Can you remember a particular SQL Server Magazine UPDATE commentary that you enjoyed—or one that wasn't quite up to par? Do you prefer that complete articles appear in the text of the newsletter, or would you rather have hyperlinks to online articles?
Let us know if we've forgotten to ask anything that you feel is important so that we can include those questions in our next reader poll. And thank you for your feedback. We'll listen and we'll use your comments. We want to make SQL Server Magazine UPDATE the best newsletter it can be.
P.S. Last week SQL Server Magazine UPDATE included a news item about a free Yukon seminar that Microsoft is offering during the Microsoft Professional Developers Conference in Los Angeles on October 28. Microsoft will provide free pizza and other refreshments. Attendees will get to meet SQL Server Product Unit Manager Euan Garden and other members of the SQL Server Development team and learn about the next SQL Server release, Yukon. The presenters need to estimate how many people will attend this event. Please register for the event online at http://www.sswug.org/eventinterest.asp.
DB2 VS. SQL SERVER
Identify the differences between IBM's DB2 and MS SQL Server during a *FREE* webcast hosted by The Fillmore Group. Go to http://lists.sqlmag.com/cgi-bin3/DM/y/ecoz0FgQMn0BRZ0BCfs0A7 . Choose "Internet classes", then the "Available courses" tab.
2. SQL SERVER NEWS AND VIEWS
(contributed by Paul Thurrott, [email protected])
In July, Microsoft released a critical security fix, warning users that attackers could use the specified vulnerability to take over users' systems and wreak havoc on the Internet. A month later the infamous MSBlaster worm exploited that vulnerability. Yesterday, Microsoft released another critical security fix that fixes a vulnerability that's painfully similar to the one that led to MSBlaster. If you didn't feel sufficiently warned the first time around, take this warning to heart: You need to install this fix immediately.
The fix, one of three detailed in Microsoft Security Bulletin MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution), supersedes and includes the fix for the earlier vulnerability, detailed in Microsoft Security Bulletin MS03-026 (Buffer Overrun In RPC Interface Could Allow Code Execution). As with the original vulnerability, the new vulnerability that MS03-039 fixes involves the remote procedure call (RPC) technology in various Windows NT-based Windows versions, including Windows Server 2003, Windows XP, Windows 2000, NT Workstation 4.0, NT Server 4.0, and NT Server 4.0, Terminal Server Edition (WTS).
If you have a recent Windows version, you can simply download the patch from Windows Update or Auto Update, features that are included with your OS. For more information about the security patch or the other tools Microsoft offers to protect your system, visit the Microsoft Web site.
The New York Times reported last week that Oracle's revenue from licenses for new software fell 6.7 percent in first quarter 2003 from the same period a year ago. The decline appeared to be greatest in Oracle's database business, where it competes with Microsoft and IBM. License revenue for the database unit was down 7 percent from a year ago, to $408 million. Oracle's other software products had new license revenue of $102 million, down 4 percent from the same quarter in 2002.
Oracle attributed the drop to unexpectedly slow sales in August and the disruptions from reorganizing its North American sales force. Oracle had projected growth in revenue from licenses for new software of 2 percent to 12 percent, after reversing a long trend of declines with a gain in the previous quarter. Wall Street traders reacted to the news by selling other technology stocks last week.
The voting has closed in SQL Server Magazine's Instant Poll for the question, "Do you use SQL Server 2000 Developer Edition?" Here are the results (+/- 1 percent) from the 273 votes (deviations from 100 percent are due to a rounding error):
- 51% Yes, we've used it for some time
- 6% Yes, we got it when Microsoft reduced the price
- 11% No, but we plan to now that the price has dropped
- 32% No, and we don't plan to
This week's instant poll sponsored by: EMC
Manage your Microsoft Environment with EMC solutions and better utilize your storage/server assets. Click here.
The next Instant Poll question is "Has your organization patched its systems against the most recent Windows bug—a vulnerability in the RPCSS service?" Go to the SQL Server Magazine Web site and vote for 1) Yes, our IT group applied the patch immediately, 2) No, IT hasn't patched our systems yet but plans to, 3) No, IT probably won't patch our systems, or 4) I haven't heard about the latest vulnerability.
SPONSOR: SQL SERVER SECURITY MINI-SERIES
Learn about the dangers that lurk around SQL Server's perimeter and how server and network resources can be secured to prevent attacks on your data. Register today for this online four-part event, brought to you by SQL Server Magazine and Scalability Experts, that begins on October 1.
(brought to you by SQL Server Magazine and its partners)
Take our quick two-minute survey on backup and disaster recovery and you'll be entered into our drawing to win a free SQL Server Magazine zippered portfolio! It's fast and easy, so click here now!
SQL Server Magazine Connections will run concurrently with Microsoft ASP.NET Connections, Visual Studio Connections, and Microsoft Office System Connections. Maintain your competitive edge on the job. Register today and receive access to all four conferences for the price of one, plus a chance to win a Harley-Davidson motorcycle.
The connection string is essential for connecting your ADO database applications to SQL Server. In his SQL Seven column "ADO Connection Strings," Michael Otey illustrates the seven most common connection scenarios. Read this September SQL Server Magazine article at
Timc has SQL Server 2000 running on a new quad-processor server that has 8GB of RAM and uses Address Windowing Extensions (AWE). The system queue is always less than .2 and the buffer cache is always at 99 percent. However, Timc's cache hit ratio is consistently about 64 percent. Timc wants to improve the cache hit ratio, and his research suggests that he needs to add more memory. However, he's not convinced that more memory is the answer. How can Timc improve his system's cache hit ratio? See what other DBAs have said, and offer your opinion, on SQL Server Magazine's Performance forum.
(contributed by Brian Moran, [email protected])
Q. I have a Visual Basic (VB) application that connects to a SQL Server 2000 database. How can I verify that the client machine has a TCP/IP sockets Net-Library connection to the database?
A. You can easily determine the Net-Library that a particular connection is using by looking at the sysprocesses table's net_library column in the master database. The master..sysprocesses table contains one row for each connection to the server; a server process ID (SPID) identifies each connection. The following query returns the Net-Library that the connection is using:
SELECT net_library FROM master.. sysprocesses WHERE spid = @@spid
Running this T-SQL query from your application lets you determine which Net-Library a connection from your application is using. Of course, you can also manually inspect the sysprocesses table from Query Analyzer to get the information you're looking for. TCP/IP will be the value for the net_library column if you're connected through a TCP/IP sockets connection.
Send technical questions to [email protected].
5. HOT RELEASE (ADVERTISEMENT)
The SQL Server Magazine Master CD provides realtime desktop access to the articles, code, and expertise published in SQL Server Magazine and T-SQL Solutions. Search by keyword, subject, author, or issue. Order your subscription today:
6. NEW AND IMPROVED
(contributed by Carolyn Mader, [email protected])
Vision Solutions announced ORION, a multi-platform information availability solution that supports data replication through server and application failover and data integration to and from SQL Server, Oracle, Sybase, and IBM DB2/400 databases. ORION can perform data integration across disparate databases and manage application and server availability within homogeneous and heterogeneous environments. You can use the Hyper-Clustering feature to ensure that data is available for users no matter where the information is located and what OS it's on. ORION can integrate data in realtime so that employees, customers, and business partners can access data quickly and in the format they need. For pricing, contact Vision Solutions at 949-253-6500 or 800-683-4667.
iInventory announced iInventory 6.0, hardware and software auditing software that lets users create reports and determine hardware and software changes between audits. The software lets you audit through email and send users a message containing a link they can click. The software appends all users' data to one file. You can get full details about Windows audits, including information about BIOS, CPU vendor and speed, device drivers, drives, I/O ports, logical drives, and modems. The software supports SQL Server to provide secure and scalable audit data storage. For pricing, contact iInventory at 866-482-8348 or [email protected]
7. CONTACT US
Here's how to reach us with your comments and questions:
- ABOUT THE COMMENTARY — [email protected]
- ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
- TECHNICAL QUESTIONS — http://www.sqlmag.com/forums
- PRODUCT NEWS — [email protected]
- QUESTIONS ABOUT YOUR SQL SERVER MAGAZINE UPDATE SUBSCRIPTION?
Customer Support — [email protected]
- WANT TO SPONSOR SQL SERVER MAGAZINE UPDATE?
Contact Richard Resnick at [email protected] or 800-949-4007.
SQL Server Magazine UPDATE is brought to you by SQL Server
Magazine, the only magazine completely devoted to helping developers
and DBAs master new and emerging SQL Server technologies and issues.
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.