As many of you may now be aware, on January 4, at approximately 11:15 PM PST the VM that runs the PASS Database, which is hosted in Azure Cloud, unexpectedly went down. The database was down until 11:45 PM. A default DNN installation error message screen revealed a single username of a PASS member. There was no security breach and no personal information or passwords were revealed or accessed.
This default DNN installation screen appeared for any user attempting to access all PASS websites. The confusion surrounding the potentially revealed personal information occurred as a result of the default DNN message. This error page has now been revised with more accurate messaging in the event that there is an outage in the future.
Once notified of the website outage, the IT team had to manually reconnect the database and PASS websites, as this had not occurred automatically, which is why website access was unavailable for a longer period of time than the half-hour Azure downtime window. As part of the existing PASS IT disaster recovery plan, two new mechanisms will be put in place: a more proactive monitoring system that will allow real-time database and application monitoring, ensuring we are instantly aware of website failures; and redundancy protection by provisioning PASS websites over multiple Azure data centers.
On behalf of the entire PASS Board, I want to stress that we take protecting your personal information very seriously and implement every reasonable measure to ensure it is kept safe.
I was delighted to see an unconventional abstract submission for the next SQLSaturday in Cleveland, OH recently. This entry came from Evelyn Maxwell, who submitted a session on PowerPoint skills for the event’s Professional Development track. You may wonder why I’d highlight this presentation from the thousands that have been submitted just this year alone. (After all, we have sessions covering non-SQL topics at our events.)
She represents what is special about the PASS community
Evelyn volunteered at SQLSaturday events as a non-speaker and attended many sessions before deciding to submit an abstract and commit to sharing her knowledge with others. That makes her special because, like so many others in our community, she is giving up her valuable free time on a weekend to connect, share, and learn with (and from) other like-minded community members.
She is a non-traditional PASS member
Evelyn is not your typical PASS volunteer and speaker. She is unemployed, she can’t drive, and she likely has a curfew under the laws of her city. You see, Evelyn Maxwell recently turned 13.
In her own words
After being made aware of Evelyn’s abstract I thought this would be the perfect opportunity to write a post that would highlight an example of what good news exists in our community. I also wanted to bridge the gap between my final days leading the PASS SQLSaturday portfolio and moving on to a new portfolio that will strive to enhance engagement with our members and deliver enriched community events. Evelyn’s story of volunteerism, passion for learning, and drive to share highlight the core of our mission and does so in a very unique way.
I reached out to Evelyn through her father, David Maxwell, to see if perhaps she would be willing to share advice with our PASS members who may be looking to become a community speaker or simply more involved in their local SQL Server communities.
TF: Hi Evelyn, thank you for taking time to speak with me and the PASS community at large. Can you tell us a bit about yourself as we begin?
EM: Well, I’m 13 years old, (I just had a birthday), I play percussion in the 7th grade concert band, I’m the second member in a trio of friends, and I help run a student-run club at my school. Other than that, I’m a pretty typical 7th grade girl.
TF: Your dad is very well known in the SQL Server community and just recently won the PASS Speaker Idol contest at the 2015 PASS Summit. What direction has he given you in speaking publicly?
EM: I’ve learned a lot about public speaking from my dad, mostly though watching him present at SQL Saturdays, and just watching him practice in the basement. Practice is, after all, very important in putting together a good presentation. I’ve also learned that when presenting, most people are going to be supportive and encouraging, which is nice, but also that not everyone is going to be positive, and that's something I’ll just have to accept.
TF: Can you speak to some of the things you've done at SQLSaturdays previously? In addition to speaking in 2016 at the Cleveland SQLSaturday, I've heard you've been a volunteer at events in the past.
EM: Generally at SQLSaturdays, I just like to go and attend sessions on a beginner level, and see if I can learn something. I try to take productive notes, and write down questions later to ask my dad. I also like to give feedback to the presenters. Last year I was a volunteer at SQLSaturday Columbus, and got to help register people, set up for lunch, and wipe down pretty much every flat surface there was. I even got to pull names for the raffle and throw T-shirts at people. Now how fun is that?
TF: Besides being a public speaker and PASS volunteer what are your other interests?
EM: I enjoy reading, percussion, and writing fan fiction. I also help my friend run Special FX club, which is a student-run club that helps teach kids about the art of movie makeup. We do a ton of different stuff, from mild bruises, to zombie skin. It’s a lot of fun. I also was in drama club last year. Unfortunately, there was no club this year, although I would have joined if given the chance.
TF: I know I tend to “nerd-out” about SQL around my house. Does your dad spend a lot of time talking about SQL?
EM: Dad doesn't really talk a lot about SQL at home. If my brother or I have a question, he’ll answer it, and sometimes he’ll give us a heavilysimplified explanation about something at work, but other than that, he saves the SQL talk for SQLSaturdays.
TF: Evelyn, what is your one piece of advice for any new speaker/community member looking to broaden their own experience?
EM: I would say that if you want to try speaking at an event, or do any kind of public speaking for that matter, don’t overthink things. You obviously want to know your topic, and be able to answer questions from the audience, but don't focus on your presentation so much it makes your head hurt. I had this problem when I was first writing my abstract. Instead of just thinking what would be in the presentation and why, I completely overthought it, and ended up having to start over. But once I let all of that go, I was able to come up with a successful abstract, which got my point across.
TF: Christmas is coming. Do you want to share some of your Christmas list with us? Maybe it will improve your chances with Santa Claus, you never know.
EM: To be perfectly honest, I don't have a Christmas list. I have a phone, and a snare drum, what more could I want? Plus, I think there's a lot more to the holidays than just receiving gifts.
My wish for you
Evelyn reminds us all that there is so much more this holiday season (regardless of the holidays your family celebrates) than material things. I want to take this opportunity to wish you, your families, and your communities a happy holiday season and end to 2015. We always have room for improvement though, so my hope is that you will experience greater success, contentment, fulfillment, and peace in the coming year.
Director, PASS SQLSaturday
October 29, 2015 — Yesterday marked the first full day of community sessions at PASS Summit 2015 in Seattle. After opening remarks by PASS President Thomas LaRock, Joseph Sirosh (Corporate Vice President, Data Group) and Shawn Bice (General Manager, Database Systems Group) of Microsoft led the audience through an hour of insight into SQL Server 2016.
Joseph pointed us toward the future of the Microsoft data platform. Starting with more widely adopted Internet use in the 90s, we've seen a massive uptick in the amount of collected data in the cloud and through mobile device outlets; at the same time, analog data is all but gone. According to keynote projections, Microsoft expects that by 2025, cloud-based data will eclipse all other data sources by more than a 2:1 ratio, with almost all data residing on either mobile devices or cloud platform repositories. Microsoft continues to position itself to be the leading solution for this new data-driven culture.
After laying the groundwork for what the future holds, Shawn and Joseph took us on a tour of SQL Server 2016 and its built-in features:
- Always Encrypted technologies will encrypt data at rest, on the fly, and in the buffer pool to help eliminate threats of intrusion at all levels, including the elusive man-in-the-middle threat of polling the buffer pool.
- Inclusion of R language native to the SQL Server product will enable low- or no-impact analytics directly against OLTP environments in what Microsoft is calling "Real Time Operational Analytics." This feature enables you to make decisions rapidly, at your pace rather than waiting for scheduled ETL processes to load to a separate data warehouse—resulting in potential time and storage-cost savings. R is to data science what SQL is to data management, so it’s a natural match for data professions and a welcome addition to the Microsoft data platform.
- A STRETCH DATABASE provides the ability—via a simple wizard—to stretch tables to the cloud, along with all DDL and security structures in place. This way, users can reach all data, regardless of whether it's "earthed" or hosted in Azure. This capability offers the potential for savings in all costs related to storage: hardware, utilities, and operational staffing, just to name a few.
- SQL Server Reporting Services (SSRS) is completely overhauled in SQL Server 2016. (This news elicited a great deal of applause from the crowd.) I'd expect Power BI-like features in the SSRS product suite to be part of this "overhaul."
The Microsoft data platform is leading the way in enhancements and providing a complete solution, as evidenced by the latest Gartner Magic Quadrant Ratings. Furthermore, SQL Server has been the leader in data security stability over the past six years.
2016 is going to be a great year for the Microsoft data platform—and a great time to be positioned as a Microsoft data professional. I am anticipating the continued roll-outs of SQL Server 2016 Community Technology Previews and can only imagine what we’ll have to look forward to in the Microsoft product keynote at next year’s PASS Summit.
Director, PASS SQLSaturday | PASS Headquarters
As per my blog post on April 9 regarding the SQLSaturday website, the good news is that we’re back online. So far, feedback on the site has been overwhelmingly positive.
I first want to thank everyone for their patience last week: the organizers and sponsors who couldn’t access the site during the downtime, as well as the community members who have been waiting to hear what happened. As with any issue like this, our main priority was to rectify the situation. Therefore, we felt it best to wait until the site relaunched and all security vulnerabilities were fixed before sharing more specific details.
But of course, full transparency is important to us and to you. Now that we’re up and running again, here is the timeline of events that occurred over the past week:
- • On Monday, April 6, we were alerted to a potential security vulnerability that exposed the contact information (address, city, region, and twitter handle) of some sponsors. We immediately removed this information and decided to take down the entire sponsor page for further testing. The security of information regarding our community and sponsors is of the utmost importance to us, so we wanted to conduct a thorough review of the entire website, not just that specific issue.
- • By Monday night, we had decided to take the entire SQLSaturday site offline. We chose this option, rather than a rollback, because at the time, we estimated a rollback effort to be more time-consuming than simply taking the site offline and implementing the fix. In addition, we didn’t want to risk losing any new or changed data. We were able to minimize impact as best we could for the upcoming SQLSaturday events over the weekend of the 11th and 12th by providing access to the admin sites for the Huntington Beach and Madison SQLSaturday events.
- • The morning of Tuesday, April 7, we decided to ask community members for testing support. Our community comprises some of the best and brightest minds in the industry and it made sense to involve the users of the site in further testing.
- • The patch was completed by Tuesday night, making the site ready for testing by volunteers on Wednesday.
- • During the testing on Wednesday, April 8, a second potential vulnerability—an HTML injection vulnerability—was identified. Because of the seriousness of this potential issue, we decided Wednesday afternoon to keep the site offline for another day so that we could thoroughly research and correct the issue and complete final testing. As we began delving into the issue, we discovered that it also existed in the old site. So again, a rollback was not an option.
- • The problem was fixed late Wednesday night.
- • On Thursday, April 9, PASS IT and community-member testing was complete.
- • Satisfied with the security and usability of the site, we relaunched Thursday at 9:30pm EST.
PASS apologizes for this outage and for the difficulties it created for the SQLSaturday organizers, sponsors, speakers, and attendees. We thank those who provided feedback on the issues and the volunteers who stepped in to help test the solutions, particularly K. Brian Kelley (blog | @kbriankelley), Denny Cherry (blog | @mrdenny), and Argenis Fernandez (blog | @DBArgenis). To help prevent a similar issue in the future, we are looking at more extensive QA processes with a specific focus on ensuring site security. Although I believe we made the best possible decisions along this timeline, we will certainly take a different approach to future site revisions, including but not limited to earlier and wider security-based and functional testing by our volunteer experts and progressive change schedules.
Again, thank you for your patience. If you have any further feedback or questions, please email us at firstname.lastname@example.org.
PASS Board of Directors
As many of you may be aware, this week PASS launched the new SQLSaturday website.
Shortly after launching the site we were notified of a security vulnerability which meant that sponsor’s contact details (company or individual name, twitter handle, address, and zip/postal code) were all visible. The intention of this information being available was to streamline the process for sponsors to sign up for an event without having to re-enter their details each time. However, given some of our Sponsors use their home address as contact information there were concerns at having this information publicly available on the site. This information was immediately taken down and out of an abundance of caution we also made the decision to conduct a full assessment to ensure no other issues existed.
This afternoon after rigorous testing by PASS IT and volunteers from the community we are pleased to announce the site is live again.
Further detail on the actions and decisions surrounding this event will be made available in the coming days.
We thank you for your continued patience and understanding throughout this time and look forward to providing an enhanced experience for event organizers, attendees, speakers and sponsors of SQLSaturdays with the new site going forward. Again we would like to thank everyone who was involved in the vision, planning, feedback and testing of the site.
- Tim Ford
PASS Director, SQLSaturdays
April 6, 2015--Over the past few weeks, we’ve been alerting people to something exciting: our new SQLSaturday website redesign. It’s now faster and easier than ever to manage, speak at, sponsor, or attend a SQLSaturday event! After a great deal of effort by our staff and community volunteers for months (years, actually) the update is finally here—we hope you’ll stop by and take a look! The redesign will significantly improve the SQLSaturday experience for attendees, speakers, and event and chapter leaders.
For starters, the new site makes it easier than ever to manage your SQLSaturday event or your Speaker Profile. One of the changes we’ve made is to tie in PASS accounts, so that leaders and speakers don’t need to juggle multiple account logins.
Speakers now have a universal Speaker Profile that is associated with their PASS accounts and can be applied across events. This change and others make it easier for speakers to manage and track abstract submissions, upload presentations, and get feedback about their sessions.
If you’re an event leader, you can now use your PASS account to access the Admin site—which has also received a facelift. The site features a cleaner, easier-to-use dashboard that will help to simplify the process of managing an event, including allowing you to associate an event with a chapter.
We’ve also improved the Session Management UI, which now supports a wider variety of session lengths as well as color-coding of tracks and rooms. Plus, you can add keynotes, rest breaks, and raffle draws as non-session items.
SQLSaturday attendees will benefit from the mobile-friendly redesign as well. Use your PASS account to manage your registrations, download SpeedPASS, pay for lunches, and deliver event feedback.
Sponsorship is an even more winning proposition, with a new slider and improved sign-up form that saves sponsors time and effort. (Sponsors will need to complete a one-time upload of new logo graphics to meet our improved display requirements, but beyond that, improvements will be effortless.)
We’re excited to hear what you think about the changes. If you have feedback or questions, we hope you’ll reach out to us at ITSupport@sqlsaturday.com.
Director, PASS SQLSaturday
March 3, 2015 – Hello fellow SQL Community Members! It's been a great year for PASS and a banner year for SQLSaturday in particular! By the time you read this post, we will have announced our 100th SQLSaturday event for this fiscal year. By comparison, it took us 1,480 days to complete our first 100 events. Event 200 came 510 days later, followed by event 300 after another 572 days. Thanks to the global growth of PASS and SQLSaturday and the determination and passion of our community and our organizers, we hit this last benchmark in record time.
Take some time right now to give yourselves a well-deserved pat on the back. I'll wait...
Now that we've reached this milestone and as we look to the future of SQLSaturday, I think it's time to make a small change. This adjustment will help to provide a more environmentally sustainable program while enabling our individual organizers to buy promotional items that won't expire at the end of each year. Here's the plan: We're doing away with the numbering scheme that we've traditionally used for individual events. Instead, we're going to identify individual SQLSaturdays by the name of the city or region in which they are hosted. For example, the next time we produce a SQLSaturday in Kalamazoo, we'll call it just that – SQLSaturday Kalamazoo – rather than SQLSaturday Kalamazoo #501. Behind the scenes, we'll still use the same URL constructs and numbering (for internal purposes), but we'll market each event sans numbers. This means that we can re-use undistributed materials from year-to-year, and we can order in larger quantities for lower per-unit prices. This change allows for one of the things I love to preach about when I speak at SQLSaturdays: consistency.
I'm sure that some of you might have different ideas on the matter… perhaps ideas that lay somewhere between what I'm proposing and the status quo. The PASS Board of Directors really wants your input in the matter. We're planning on making this change mid-year, so if you want to make your voice heard, whether to let us know that you agree with the plan or to propose an alternative, reach out to the SQLSaturday Team at email@example.com, using the Subject line "SQLSaturday Renaming Plan."
I think the time has come for this minor marketing change, and I want to offer up full transparency. I have the privilege to help guide the program, but it's our amazing local organizers who continue to push us forward with such a successful program day in and day out! Please let us know here at the Board and PASS HQ what you think – and help shape the future of PASS and SQLSaturday.
– Tim Ford
PASS Director, SQLSaturday
Oct. 14, 2014 – Hello, PASS Community! It seems like it was just a couple months ago that we were meeting up for PASS Summit 2013 – I can’t believe it was actually a year ago. I’m looking forward to seeing you all again in person in Seattle next month.
As part of our Summit agenda, we always dedicate time to meet with our community organizers, including Chapter and Virtual Chapter Leaders, Regional Mentors, and SQLSaturday organizers. As Director of the SQLSaturday portfolio, I wanted to share some of what we’ll be discussing around SQLSaturday on Community Day at Summit, which is Tuesday, Nov. 4, as well as in the Community Zone throughout the week.
Kicking off the annual SQLSaturday Round Table will be a Q&A with the SQLSaturday leadership team, consisting of myself and our passionate Community Evangelists, Karla Landrum and Carmen Buchman. You can review the agenda here, and please bring all your questions and suggestions. We’re following up this year with some activities that go even further in supporting PASS’s mission statement:
Empower data professionals who leverage Microsoft technologies to connect, share, and learn
through networking, knowledge sharing, and peer-based learning.
We'll be hosting a new panel featuring some of our most experienced SQLSaturday organizers from around the world sharing their knowledge and tips and tricks for putting on successful events.
We’ll also be reviewing exciting updates to the SQLSaturday website, coming your way by the end of 2014. Working from your SQLSaturday website wish list – which we’ve cultivated over the past few years – as well as with a Community Focus Group, we’ve taken your feedback and ideas and put a great amount of time and consideration into building a more functional and modern web experience for SQLSaturday organizers and attendees alike. We can’t wait to show off the current version at Summit. You can find a list of all the wish list items that we’re integrating into the next SQLSaturday website here. We’ll also be emailing it along with a full Round Table meeting agenda to all SQLSaturday organizers for review in advance.
In addition, PASS Community Evangelists and SQLSaturday organizers from around the world will be available in the Community Zone Wednesday-Friday to answer all your questions – whether you’re looking for a SQLSaturday to attend or want to learn how to host one yourself. Check out the Community Zone Spotlight schedule to see when to stop by and meet with organizers from your area.
Our team is working hard to make these meetings as informational, transparent, and successful as possible, so we can quickly answer your questions, respond to any issues or concerns, and spend more time discussing how we can improve our future events. As owner of the SQLSaturday portfolio as well as a PASS Director-at-Large, I can’t wait to connect with all our passionate SQLSaturday organizers, volunteers, speakers, and attendees, share what we’re doing today to enhance everyone’s experience, and learn how we can better support SQLSaturday efforts around the world.
Don’t forget to wear your favorite SQLSaturday shirt Wednesday at Summit, and I’ll see you in Seattle!
– Tim Ford
PASS Director of SQLSaturday
March 7, 2014 – I wanted to thank everyone for all the great feedback we received on the PASS SQLSaturday goals. I know many of you are excited about the undertaking of the new SQLSaturday website.
There have been a few questions around open-sourcing the site that I’d like to address. Rebuilding the site – accessed by tens of thousands of SQL Server professionals a year – is a major IT project and needs to be undertaken in a controlled and concentrated environment. In concept, open-sourcing the site is an interesting idea, but in terms of execution, we’re simply not in a position to make that happen. The site will be created in the DNN environment in order to facilitate content management functionality for the 80+ volunteer organizers who put on events on a yearly basis.
We started the community feedback process back in the fall with roundtable discussions at PASS Summit and an open meeting with those who expressed interest in providing feedback. We are currently building out wireframes for the site and will share a prerecorded webinar in the next week or so for anyone interested in reviewing. In an effort to keep the feedback process as manageable as possible, we will set up a feedback site for a select group of representative SQLSaturday community individuals from around the world to help us shape this new and improved SQLSaturday website. If you are interested in putting your name forward to be part of this feedback group, please contact us via email with “SQLSat website feedback” in the subject line.
– Tim Ford
SQLSaturday Director, PASS Board