Archive for the ‘Others’ Category

Meltdown and Spectre vulnerability, all about, and references for patching Windows OS & SQL Server

February 23, 2018 Leave a comment

Meltdown and Spectre are hardware vulnerabilities in modern computers which leak passwords and sensitive data by affecting nearly all modern operating systems (Windows, Linux, etc) and processors (includes Intel, AMD, ARM, etc). These hardware vulnerabilities allow programs to steal data which is currently processed on the computer, data like passwords, personal photos, emails, instant messages and even business-critical documents.

–> On 4th January 2018 three vulnerabilities affecting many modern processors were publicly disclosed by Google’s Project Zero:

1. CVE-2017-5715 (Spectre, branch target injection) – Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

2. CVE-2017-5753 (Spectre, bounds check bypass) – Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

3. CVE-2017-5754 (Meltdown, rogue data cache load) – Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Tech giants such as Apple, Alphabet, and Intel identified these vulnerabilities. Apple kept mum for a while and Intel decided not to inform the US-CERT (United States Computer Emergency Readiness Team), upon learning about Meltdown and Spectre as hackers had not taken advantage of the flaws. It was only Google who disclosed the information to Intel, AMD and ARM Holdings back in June of 2017.


What’s the vulnerability all about?

Most of the chip manufacturers around the world add some flaws to their hardware to help them running faster. The two main techniques used to speed up them are Caching and Speculative Execution. If exploited, these could give hackers and malicious/rouge programs access to the data which was considered totally protected. Both of these techniques are dubbed as Meltdown & Spectre respectively and are explained below.


What is Meltdown?

The vulnerability basically melts security boundaries which are normally enforced by the hardware. Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory or cache.

Meltdown is a novel attack that allows overcoming memory isolation completely by providing a simple way for any user process to read the entire kernel memory of the machine it executes on, including all physical memory mapped in the kernel region. Meltdown does not exploit any software vulnerability, i.e., it works on all major operating systems. Instead, Meltdown exploits side-channel information available on most modern processors, e.g., modern Intel micro architectures since 2010 and potentially on other CPUs of other vendors.

It is a software based side-channel attack exploiting out-of-order execution on modern processors to read arbitrary kernel- and physical-memory locations from an unprivileged user space program. Without requiring any software vulnerability and independent of the operating system, Meltdown enables an adversary to read sensitive data of other processes or virtual machines in the cloud with up to 503 KB/s, affecting millions of devices.

What is Spectre?

This vulnerability is based on the root cause, speculative execution. As it is not easy to fix, it will haunt us for quite some time. Spectre tricks other applications into accessing arbitrary locations in their memory.

Speculative execution is a technique used by high speed processors in order to increase performance by guessing likely future execution paths and prematurely executing the instructions in them. For example when the program’s control flow depends on an uncached value located in the physical memory, it may take several hundred clock cycles before the value becomes known. Rather than wasting these cycles by idling, the processor guesses the direction of control flow, saves a checkpoint of its register state, and proceeds to speculatively execute the program on the guessed path. When the value eventually arrives from memory the processor checks the correctness of its initial guess. If the guess was wrong, the processor discards the (incorrect) speculative execution by reverting the register state back to the stored checkpoint, resulting in performance comparable to idling. In case the guess was correct, however, the speculative execution results are committed, yielding a significant performance gain.


Guidance for Windows OS: [Server link], [Client link]

Guidance for SQL Server: [link]

Guidance for Azure: [link]

Guidance for Oracle: [link]

Guidance for AWS: [link]


–> Meltdown demos (video):


Google Project Zero (Meltdown PDF) (Spectre PDF)
Good read on Meltdown and Spectre (
Google Retpoline (Jump Over ASLR)
Microsoft Cloud blog


An Introduction to Cloud Computing …aligned with Microsoft Azure

February 7, 2018 1 comment

–> What is Cloud Computing?

Cloud Computing is the delivery of computing services like servers, storage, databases, networking, software, analytics and more-over the Internet (“the cloud”). Here the computing resources which contains various servers, applications, data and other resources are integrated and provide a service over the Internet to Individuals and Organizations. Companies offering these computing services are called cloud providers and typically charge for cloud computing services based on usage, similar to how you are billed for water or electricity at home.

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. – NIST

The two prominent Cloud Computing providers in the market currently are:
– Microsoft Azure and
– Amazon’s AWS.

–> Uses of Cloud Computing:

1. On-demand and Self-Service, without any human intervention or manual work.

2. Create as many Virtual Machines (VMs) of your choice of Operating System (OS) quickly without worrying about hardware and office/lab space.

3. Instantaneously Scale up and Scale down the VMs and other services

4. Create new apps and services quickly

5. Resource pooling and Elasticity.

6. Host websites, portals and blogs

7. Store, back up and recover data

8. Stream audio and video

9. Analyse data for patterns and make predictions

–> Benefits of Cloud Computing:

1. Cost: eliminates the capital expense of buying hardware and software and setting up and running on-site datacenters

2. Global Scale: Quickly Scale-Up & Scale-Out as in when you need more resource, and Scale-Down when not in need, and pay as you use.

3. Reliability: Provision of Data backup, Business Continuity and Disaster Recovery (BCDR), by mirrored data at multiple redundant sites on the cloud provider’s network.

4. Speed and Performance: Majority of computing resources can be provisioned in minutes, with state-of-art and latest-gen high-end hardware.

5. Productivity: Rather than involving in IT management chores, the IT teams can spend time on important business goals.

–> Types of Cloud Computing:

As per the NIST (National Institute of Standards and Technology) the Cloud Computing service provider should have following 3 service models for its customers:

1. Infrastructure as a Service (IaaS): The consumer can provision Processing, Storage, Networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include Operating Systems and Applications.

– The consumer does not manage or control the underlying cloud infrastructure.

– But has control over Operating Systems, Storage, deployed Applications, and possibly limited control of select networking components (e.g., host firewalls).

– Example: Windows and Linux VMs, Blob Storage, SQL Server with Windows/Linux VM, Virtual Network, etc.

2. Platform as a Service (PaaS): The consumer can deploy onto the cloud infrastructure consumer-created or acquired applications created using Programming Languages and Tools supported by the provider.

– The consumer does not manage or control the underlying cloud infrastructure including Network, Servers, Operating Systems, or Storage.

– But has control over the deployed Applications and possibly application hosting environment configurations.

– Example: Azure SQL Database, DocumentDB, HDInsight, Data Factory, etc.

3. Software as a Service (SaaS): The consumer can use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email).

– The consumer does not manage or control the underlying cloud infrastructure including Network, Servers, Operating Systems, Storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

– Example: Microsoft Office 365, WordPress, Joomla, Django, etc.

–> Deployment Models:

1. Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

– Example: Microsoft Azure.

2. Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.

– Example: Microsoft Azure Stack.

3. Hybrid cloud: This combines Public and Private clouds, bound together by technology that allows data and applications to be shared between them, providing businesses greater flexibility and more deployment options.

– Example: Cloud Bursting for load-balancing between clouds.


SQL Error – SQL Server Installation fails | Attributes do not match. Present attributes (Directory, Compressed, NotContentIndexed)…

January 9, 2018 1 comment

Few days back I got this query from a developer who was trying to install SQL Server, it was not getting installed and was giving below error:

Microsoft.SqlServer.Configuration.Sco.DirectoryAttributesMissmatch: Attributes do not match. Present attributes (Directory, Compressed, NotContentIndexed) , included attributes (0), excluded attributes (Compressed, Encrypted).


–> RCA: As the above error message mentions that the Directory is Compressed, it gives you an idea that the SQL Server installation is not supported on compressed drives. So, if you are installing SQL Server on a drive which has compression enabled it will give you this error.

–> Fix: You have to check the Drive properties and see if Compression is enabled, like shown below and un-compress it by un-checking the option.


Seeking response on: LDAP Authentication with SQL Server 2017 on Linux

January 8, 2018 1 comment

Few days back I got an email from one of the reader of this blog “Amit Bhatt”. As I haven’t worked much with the AD/LDAP stuff, thus I thought to throw this question to you guys thru this blog post. I also feel this may also help other Developers/DBAs hunting for similar stuff.

Here he goes:

We have installed SQL Server 2017 on Linux server. I am able to connect SQL Server locally as well remotely but with local user access.

I have my AD account created and have AD server information. Can you please help me how can I connect using my AD account to SQL Server 2017 on Linux remotely?

I heard something about LDAP Authentication. Is it possible to use this concept without adding Linux server to AD domain? Our security team does not allow to add Linux server in Active Directory group.

I am stucked here since last many days, requesting assistance on urgent basis.


Please provide your suggestion on the comment section below.

–> Responses:

1. To support AD Authentication, SQL depends on SSSD, SPN and a keytab file which have the required tokens to talk to AD. Without these in place SQL cannot talk to AD which is necessary for AD authentication.

2. If you are looking to login to SQL Server on linux with Windows authentication the linux server should be joined to the domain. If the server cannot be added to domain then SQL authentication is the way to go. The below link has more details to configure windows authentication,


–> Videos on Linux:

1. Create a Linux VM on Azure

2. Install SQL Server on Linux Azure VM

3. Connect SQL Server on Linux VM from SSMS


2017 blogging in review

December 31, 2017 2 comments


Happy New Year 2018 from SQLwithManoj !!!

This time again like previous year (in 2016) stats helper monkeys didn’t prepare annual report for any of their blogs for year 2017. So I prepared my own Annual Report.

–> Here are some Crunchy numbers from 2017

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 741,708 times by 490,460 unique visitors in 2017. If it were an exhibit at the Louvre Museum, it would take about 17 days for that many people to see it.

There were 38 pictures uploaded, taking up a total of 3.1 MB. That’s about 3 pictures every month.

This blog also got its highest ever hits/views per day (i.e. 3295) on Nov 16th this year.


–> All-time posts, views, and visitors


–> Posting Patterns

In 2017, there were 30 new posts, growing the total archive of this blog to 509 posts.

LONGEST STREAK: 8 post each day, in June 2017


–> Attractions in 2017

These are the top 5 posts that got most views in 2017:

1. Download & Install SQL Server Management Studio (SSMS) 2016 (61,566 views)

2. SQL Server 2016 RTM full & final version available – Download now (38,368 views)

3. SQL Basics – Difference b/w TRUNCATE, DELETE and DROP? (15,407 views)

4. SQL Basics – Difference b/w WHERE, GROUP BY and HAVING clause (15,378 views)

5. Passed 70-461 Exam : Querying Microsoft SQL Server 2012 (13,022 views)


–> How did they find me?

The top referring sites and search engines in 2016 were:

–> Where did they come from?

Out of 210 countries, top 5 visitors came from India, United States, United Kingdom, Canada and Australia:

–> Followers: 352 138
Email: 214
Facebook Page: 1,180


–> Alexa Rank (lower the better)

Global Rank: 236,536
India Rank: 44,871
Estimated Monthly Revenue: $172

Alexa history shows how the alexa rank of has varied in the past, which in turn also tells about the site visitors.

That’s all for 2017, see you in year 2018, all the best !!!

Connect me on Facebook, Twitter, LinkedIn, YouTube, Google, Email