An Upgrade Slog

Posted on July 8, 2024 by way0utwest

I saw a blog post from Randolph West recently that asked How do you restore a SQL Server 2000 database in the year 2024? It’s a bit of a process, involving an intermediate version and two restores. Randolph also points out the need to run DBCC after the first restore, which is a good idea. I wonder how many people would take the time to do this, or even think about it as an upgrade step?

This was interesting to read as I had a customer ask me about doing this a few months back. They were trying to clean up their database estate and modernize some of their older systems. This was becoming a big project for them, as they had several pre-2017 systems, none of which were in support. Auditors, regulatory authorities, and even business partners see this as a large security risk and get concerned if you’re running older software.

I’ve felt that in most cases, I ought to be able to run a database server for close to a decade. I certainly need to patch it with CUs in that time, but the support lifecycle says that you get mainstream support for 5 years and then extended support (paid) for 5 more. That extended cycle also includes security patches, so ten years seems reasonable.

As a side note, the final support lifecycle for 2014 ends on 9 Jul 2024. That’s a decade if you upgraded in the first year of release.

However, many of us have multiple instances, and upgrading those can be a chore. Perhaps you trust that nothing breaks, but I would say for many larger organizations, upgrades are a constant fact of life, and it is important to probably start testing upgrades at five years, knowing it might take 1-2 years to upgrade all instances of a given version. That’s if you don’t find issues in testing. If you test a 2017->2022 upgrade now and find issues, you might spend time mitigating these, or maybe wait for SQL Server 2025 (my guess) and hope you don’t have the same issues. There are also the challenges of in-place vs. side-by-side upgrades, and you might choose one in testing, but decide to change for the final upgrade for various reasons. All those things can cause delays.

I still find myself a little nervous about the “evergreen” versions of SQL Server, where Microsoft patches them as needed. I know they try hard not to break any backward compatibility, but if they do, then you’re stuck. I prefer to schedule my upgrades and make them a normal part of the DBA job. That being said, don’t drag them out for years and years. If you still have SQL Server 2012 or older versions, you’re doing something wrong.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | Comments Off on An Upgrade Slog

Protecting Schools

Posted on July 5, 2024 by way0utwest

One very common targets for hackers are schools and universities. The latter may have plenty of resources for staff, but often school systems don’t have that same type of budget. In many ways, it’s sad that hackers would target schools that struggle to educate and help others. The staff often deals with low pay and high stress already, and losing access to computer systems adds to an already tough job.

There was an interview this week with the director of technology at one district. Johnathan Kim works for the Woodland Hills school district and is a former staffer at the Navy Cyber Defense Operations Command. That’s the type of training that I think few school district employees have. I’ve known a few people who manage technology inside schools, and while they are often smart, capable people, they aren’t security professionals.

The interview talks about a few of the changes that Mr. Kim has made, such as enabling two-factor authentication (2FA) and removing local admin rights for many teachers. I know these are the types of rules that frustrate many workers who use computers. In fact, I ran into someone who rarely upgrades software on their development machine because so many applications require administrative rights and they don’t want to bother opening tickets more than a few times a year.

Two-factor authentication can be a pain, and I know I get confused sometimes as I have both 2FA and MFA with different processes for different systems. It’s good in that a few times in the last year I’ve caught a hacking attempt, but it’s also a pain to deal with when I’m doing something simple. I can see why people don’t like it when they don’t understand the challenges of securing systems. Every time I find myself frustrated, I stop and remember the problems others have had, especially those that have dealt with ransomware in their organizations.

A good point in the interview is that education can help smooth the way for security practices that feel unnecessary or disruptive. It’s good to remind ourselves why we want the least privileges needed assigned to others, and why those of us with privileged access need a second account for that access. We also ought to come up with a good story to educate others when they complain, perhaps using a story of a breach or loss to help remind others that our systems are constantly under attack.

Steve Jones

Posted in Editorial | Tagged , | Comments Off on Protecting Schools

Set a Runtime Variable in an Azure DevOps Pipeline

Posted on July 5, 2024 by way0utwest

Note: I DO NOT recommend this. Any changes to a pipeline should be in code and through a PR.

That being said, I know this information is out there and some people need it. The question from a friend was how can they set a variable in an Azure DevOps Pipeline at runtime. This was for testing, and they wanted to change the pipeline behavior to test things when they ran them.

This post will show how to do this in classic and YAML pipelines. As a scenario, I’m just going to get a directory listing of a folder, and change that at runtime.

Classic Pipelines

I know the trend is everything in code. For experimenting and learning, I find this slightly annoying, so I like classic pipelines. I know others do.

In a classic pipeline, I can set variables. I’ll add a new one and call it myLocation. Over on the far right, there is a checkbox for “settable at runtime”. Check that.

2024-06-27 14_42_03-Dir Project-CI - Azure DevOps Services

Now, I’ll add a task to this pipeline that runs a dir, using this variable.

2024-06-27 14_54_13-Dir Project-CI - Azure DevOps Services

I can save and run this, and I see the results of c:\Users from a hosted agent.

2024-06-27 14_50_22-Pipelines - Run 1346 logs

That’s the default behavior.

Now, let’s alter this at runtime. When I click “run pipeline, I see this on the right side as a blade. Note the “variables” section below.

2024-06-27 14_50_50-Pipelines - Runs for Dir Project-CI

I can click this and see my variables. System.debug is set at runtime by default, but I see my other one.

2024-06-27 14_53_35-Media Player

If I click this, I can change the location. I’ll set this to c:\.

2024-06-27 14_50_40-

When I let this run, note I get different results.

2024-06-27 14_53_10-Pipelines - Run 1347 logs

I’ve changed behavior at runtime.

YAML Pipelines

In a YAML pipeline, I don’t have tabs or variables. Instead, I just get a script of sections, like this.

2024-06-27 14_58_28-Dir Project - Pipelines

I can alter this to add a variable by looking in the upper right, where I see a “variables” button. Click this.

2024-06-27 14_59_05-Dir Project - Pipelines

I get a list of variables, which is none in this case. I’ll click “New variable”.

2024-06-27 14_59_08-Media Player

This gives me a dialog where I can enter the information. Note I can set a default as well as let users override this with a checkbox.

2024-06-27 14_59_19-Dir Project - Pipelines

When I save this, I see my variable.

2024-06-27 14_59_24-Dir Project - Pipelines

Now, I can alter my script. I’ll add this as $(myLocation), where I surround the variable name with a $ and ().

2024-06-27 14_59_53-Dir Project - Pipelines

I can validate and save this, which I do.

2024-06-27 14_59_57-GPT-5 delayed , TikTok kill switch , inside Netflix's video encoding ‍ -

It’s valid, because I typed well, but this really should go through a PR. Since I’m testing, and I’d approve the PR, I’m doing it in main. I shouldn’t do this in any org.

2024-06-27 15_00_02-Dir Project - Pipelines

Now when I run the pipeline, I have the variables item where I can change the variable.

2024-06-27 15_00_17-Dir Project - Pipelines

I can also set this variable in YAML, like this:

2024-06-27 15_06_50-azure-pipelines.yml - Repos

However, if I set that value, I can’t change this at runtime. Here’s the runtime screen.

2024-06-27 15_07_56-Window

I can use a parameter instead. I’ll use this structure:

2024-06-27 15_23_21-Dir Project - Pipelines

When I run this, I see a new box:

2024-06-27 15_18_50-Dir Project - Pipelines

I can override this “Dir location”. When I set this to c:\, I see these results:

2024-06-27 15_25_19-Pipelines - Run 20240627.17 logs

Summary

I’ve shown how to configure a variable to be set at runtime, both in classic and YAML pipelines.

Note, this a place an administrator can make a mistake, or run rogue, without review. This is not recommended. Put all pipeline changes through a PR.

Posted in Blog | Tagged , , | Comments Off on Set a Runtime Variable in an Azure DevOps Pipeline

Midsummer Fun

Posted on July 5, 2024 by way0utwest

Yesterday was Independence Day in the US and a day off for me. Today, I’m back to work. Same for my rocket engineer son, one day off. My wife remembers a few of her companies giving a 4-day weekend when a holiday falls on a Tuesday or Thursday, but that hasn’t been my experience and isn’t this week.

I know we’re barely into summer, which technically started Jun 21, but most of my life has measured summer between the end of one school year and the beginning of another. That’s usually late May (Memorial Day) to early September (Labor Day). I think that’s a very American thing, as I know lots of my friends in Europe are just starting their break between two grade years. For those of you in the Southern Hemisphere, I’m sure this time of year is even more different.

In any case, since it feels like midsummer to me, I wanted to take a break from technology and write about interesting fun things I’ve seen lately in the world of books and tv/movies. Even as I write that it seems strange since I think TV isn’t a concept for me anymore. I’ve gone completely to digital streaming, with episodic shows that aren’t ever broadcasted. They just drop, individually or as a whole season at once.

In any case, I’m starting with Presumed Innocent. I read this book a long time ago, probably in 1987 or 1988. I couldn’t remember the story, but a friend recommended the series on Apple+. The first episode started slow, and I wasn’t sure I’d watch more, but the end caught both my wife’s and my own eyes. We had to watch the second episode right away. It’s dropping episodes week by week, which feels very old-fashioned and unsatisfying.

I’ve also been working through Lost in Space on Netflix. I’ve watched the various versions of this since the old black-and-white TV version. I went through Season 1 of this a few years ago and really enjoyed it. I just realized there were more seasons and have been enjoying them. It’s a bit silly, far-fetched, and inconsistent in places, but still entertaining as a sci-fi view of colonists traveling through strange places in the galaxy.

My wife and I completed season 1 of Resident Alien on Netflix as well. The casting is great and it was very entertaining. A fun watch for us. I haven’t found a lot of funny series lately, and fall back on old episodes of Scrubs, Community (first 2 seasons), Brooklyn Nine-Nine, the US Office, and Mom. Even though I’ve seen most of these series, they’re still good for a laugh. Once in awhile I even see an episode I haven’t seen (or don’t remember). In any case, Resident Alien was good.

I like to read a lot. This summer, I’ve caught up on the latest in a few series I’ve enjoyed over the years. I’m working on Spinward Fringe 17, along with Observability Engineering. That latter isn’t entertainment, but it is interesting. I’ve also enjoyed these books lately: Toxic Prey, I Will Find You, Murder One, The Last Detective, and The Unincorporated Future. I’ve read a bunch more, but those were the highlights.

I haven’t see many movies this year, but I have watched a few documentaries. The Thriller 40th Anniversary, the We Are the World documentary, and the George Michael one were great. I did see One Love (on Bob Marley), but it wasn’t that good. The music and actor are good, but the story isn’t. If you want a fun, unusual watch, try the Donut King.

If you’ve got some fun escapes from work, either written or video, let me know. I enjoy watching a Slack channel at work that is dedicated to movies and tv, getting some recommendations there. I’m sure I’ll see something from one of you that’s worth checking out.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | Comments Off on Midsummer Fun