A Broken Copilot Query

Posted on October 16, 2025 by way0utwest

I was testing the new SSMS (v22 Preview 3) with Copilot and ran into an interesting issue.

This is part of a series of experiments with AI systems.

My Query

I was working on something unrelated and tried this prompt, which should have saved me a few minutes from looking on MSLearn.

2025-10_0168

As you can see, I get a nice list of things. However, then this happened.

 

This kept going. I gave it a minute, then opened my screen recorder (which is close to a minute) and started recording.

After capturing this, I stopped the query. Things seem to work OK, but this is definitely something that concerns me about agents and letting them go. I don’t know if this was a stuck process, if this was consuming compute or tokens, but it was certainly an issue.

Posted in Blog | Tagged , , | 2 Comments

We Should Demand Better

Posted on October 15, 2025 by way0utwest

I ran across an interesting open letter. Most of these are from individuals, often complaining or lamenting on the way something in the world works, or maybe doesn’t work.

This latest letter was from the Chief InfoSec Officer at JPMorganChase, a large worldwide bank. This open letter was written to the software suppliers looking to do business with JPMorganChase, especially those in the SaaS area (Software as a Service). The letter opens by noting that SaaS is enabling cyber attackers and asks for three things: prioritize security over features, modernize security architecture, and work with security collaboratively to prevent abuse of connected systems.

It’s a good letter. It talks about the problems at a high level, but is specific enough to recognize problems. Software is often delivered as a SaaS type application, even when there might be local components. For example, I lament Postman working this way, as it now seems to now require me to be connected in order to work. That’s something I learned while trying to get work done on an airplane, and I couldn’t get to any of my queries as I didn’t have wi-fi, despite the application running locally on my laptop.

The threat of more attackers is amplified by the connectedness of new systems, new agents, and new protocols that allow a breach to escalate deeply inside systems. This is something we’ve faced in the past, but not at the scale that we face it today. Automation has become embedded in the computing world, not just inside organizations, but also inside hacking organizations. Malicious actors can and do use scripted attacks at a rate that we haven’t experienced in the past.

I wish that most people purchasing software would prioritize security when making a decision, but often price and expediency outweigh anything else. While I do see many companies asking for security information, too often the requests are at high levels, and vendors can word their answers in a way to satisfy the screen without actually improving their own security coding and architecture.

I do think the authorization and authentication of users is improving, so I have hope that more patterns and frameworks are published and widely used, and we’ll see more consistent security throughout software. Now, if we can just ensure the authors of those platforms do a good job of security, we might see the request from JPMorganChase come true.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 2 Comments

Prompt AI helping with Auditing

Posted on October 15, 2025 by way0utwest

I had a conversation with a customer asking this question: how can I tell who called a stored procedure so I can audit the action?

I decided to see if Prompt could help me here.

This is part of a series of experiments with AI systems. This is also part of a series of posts on SQL Prompt. You can see all my posts on SQL Prompt under that tag.

The Setup

I had this code, which is a simple stored procedure. I sketched this out, but I’m looking for a function to add to my code that helps me audit the caller.

2025-09_0128

I opened the Prompt AI (ALT+Z) and asked the question you see in the image. I also asked to assign it to the variable, but didn’t exactly specify everything.

2025-09_0129

In the image below, you can see the code that changed. Prompt AI added the System_User function, which is exactly what I wanted.

2025-09_0130

I accepted this and then asked to change this to the user instead of the login.

2025-09_0131

Again, the function I wanted was added: CURRENT_USER.

2025-09_0132

I know what I needed, or I had an idea. However, if I wasn’t sure what function to use or if there was one, this is handy. I’m working inline, rather than going to a browser and hitting Books Online or Googling for the answer. I can keep coding or looking at my code as the AI runs.

If I ask for an explanation, I get one, which helps me judge if this is actually the code I want.

2025-09_0133

If you have SQL Prompt, get Prompt AI a try by opening it with ALT+Z.

If you haven’t tried SQL Prompt, download the eval and give it a try. I think you’ll find this is one of the best tools to increase your productivity writing SQL.

Video Walkthrough

I show this live in the video below.

Posted in Blog | Tagged , , , | Comments Off on Prompt AI helping with Auditing

The Improvement Limit

Posted on October 13, 2025 by way0utwest

I caught a short post from Gary Bargsley on LinkedIn that had this quote: “Many people do not believe this is true. If there isn’t a fire to put out, then you are not doing a good job.” He included a repost from Shaik Ashraf with that quote and an image that explains better what things a DBA is doing because they aren’t always busy.

I would say that by busy we think of a DBA as rushed and always trying to fix something that isn’t working well. I’ve certainly walked into operational positions where this was the case. Things weren’t working smoothly or breaking regularly. My phone was always ringing, as I moved from crisis to crisis. For some systems, rebooting them regularly was the fix, not because I didn’t want to determine a root cause and fix them, but because I had too many other priorities. A reboot at least recompiled plans, cleared caches, and got the system working for a few days.

In those environments, it often took me about 6 months to make changes, implement some standards, find root causes and fix them, and change the way others worked. My approach was to find a problem, consider a solution, and present it to others in a rational way with evidence. I could almost always get approval to start making changes. Or I could convince a manager/director to get others to make changes to stabilize the environment.

Almost always.

Not always. And I’ve had a few jobs where things were broken, but everyone else wanted to keep their existing process and keep adding new features/apps/database/etc. and let the DBAs deal with the instability. After all, if I’m working for a salary, does my boss care how much I work? If he/she doesn’t, then I have learned I need to find a new job.

After 6 or so months, I often find that I’ve reached an improvement limit of some sort. There isn’t a lot I can continue to change and fix, usually because of dependencies and a lack of desire by someone else to change. New work can often be built better, but I’ve often found that I have to live with anything else I haven’t been able to change. Even something as simple as adjusting a query can be a problem when the app developers don’t have an incentive to help.

Have you reached an improvement limit in your job? Or maybe you have reached a limit to what you are willing to improve, given the environment in which you work.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 2 Comments