SAN Performance on the Cloud

Seperate data from log, not 1 pool as cloud vendors provide

SAP Login Security Flaw SAP Patches Login Security Flaw in ASE Database SAP patches login flaw in ASE database

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave. The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16. TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator. “Combined with such privilege elevation vulnerabilities, this one allows complete takeover of the database server,” TrustWave said in its advisory. Trustwave published proof-of-concept code on GitHub. SAP has also released a security note, but login details are required to view it.

“SAP ASE ships with a login named “probe” used for the two-phase commit probe process, which uses a challenge and response mechanism to access Adaptive Server. There is a flaw in implementation of the challenge and response mechanism that allows anyone to access the server as “probe” login. While the “probe” is not a privileged account, other flaws exist that allow privilege elevation from regular database user to database administrator. Combined with such privilege elevation vulnerabilities this one allows complete takeover of the database server.”—-Probe–login-access-vulnerability-in-SAP-ASE/?page=1&year=0&month=0

Fixed are:

ASE 15.7 SP132
ASE 16.0 SP01

How to ask IT questions on the internet.

How to post a T-SQL question on a public forum

How To Ask Questions The Smart Way

Informix Chat with Lab!/wiki/Informix%20Chat%20With%20the%20Lab

Informix Chat with the Lab

Simple Informix C UDR on Centos 6.6

Simple Informix C UDR on Centos 6.

#include "dmi/mi.h"

mi_integer bigger_int(mi_integer left,mi_integer right)
if ( left > right )

To compile

gcc -I$INFORMIXDIR/incl -I $INFORMIXDIR/incl/esql -c -fPIC -DMI_SERVBUILD -g bigger_int.c
gcc -shared -fPIC -o /home/informix/ bigger_int.o

To load and run

dbaccess sysmaster

create database justdave;

CREATE FUNCTION bigger_int (arg1 integer, arg2 integer) RETURNING integer
EXTERNAL NAME '/home/informix/'

select bigger_int(1,2) from systables where tabid=1;

DROP FUNCTION bigger_int;

Only when you execute the function is the shared library loaded

05:20:41  Loading Module
05:20:41  pid 3217: ELF .eh_frame section missing in /opt/IDS.12.10.FC5/gls/dll/
05:20:41  The C Language Module loaded

Interest SQL Server articles today


T-SQL Join Types

Cumulative Update 7 for SQL Server 2014

Cumulative Update 7 for SQL Server 2014

Interesting fixes include:

FIX: A query that requires nested loops join takes longer to complete in SQL Server 2014
An AlwaysOn secondary replica crashes or raises error 3961 when the AlwaysOn database has CLR UDT in SQL Server 2014
FIX: Access violation and “No exceptions should be raised by this code” error occur when you use SQL Server 2012 or SQL Server 2014
FIX: MDX query returns incorrect results when you run it with subselect after an UPDATE CUBE statement in SSAS 2012 or SSAS 2014
FIX: Performance issue occurs when you use sqlncli11.dll ODBC driver to access SQL Server in an application
FIX: Data-driven subscription with email notification shows “0 errors” when email delivery fails in SSRS 2012 or SQL Server 2014
FIX: “Access Denied” error occurs when you run an XML validation task in SSIS 2012 or SSIS 2012
FIX: Improved memory management for columnstore indexes to deliver better query performance in SQL Server 2014
FIX: SQL Server takes long time to open database after recovery to add or remove a data file in SQL Server 2014
FIX: A query that uses the DECRYPTBYKEY function takes longer to be completed in SQL Server 2014
FIX: A SELECT query run as a parallel batch-mode scan may cause a deadlock situation in SQL Server 2014
FIX: “Cannot bulk load” error when you run a query that contains INSERT statements when trace flags 4199 and 610 are enabled on a server that is running SQL Server 2014
FIX: You cannot use the Transport Layer Security protocol version 1.2 to connect to a server that is running SQL Server 2014
FIX: Incorrect result when the “must be unique” action is evaluated for an attribute by using SQL Server 2014 Master Data Services
FIX: Table values change after dividing and partitioning the table in SQL Server Analysis Services
FIX: “8156: A database error has occurred” when you run a business rule in SQL Server 2014 Master Data Services
FIX: Error 3624 occurs when you execute a query that contains multiple bulk insert statements in SQL Server 2014

Windows 10 Device Guard, ACS and IOMMU groups

Windows 10 Device Guard

Device Guard needs IOMMU protection – Intel VT-d or AMD-VI

We also need true IOMMU isolation and to stop a device on 1 VM executing an io request to another device which is in another VM.

IOMMU Groups, inside and out

PCIe is needed

– “conventional PCI does not tag transactions with an ID of the requesting device (requester ID)”

– “PCI-X included some degree of a requester ID, but rules for interconnecting devices taking ownership of the transaction made the support incomplete for isolation.”

“An IOMMU does in a system, it allows mapping of an I/O virtual address (IOVA) to a physical memory address.”

” With PCIe, each device tags transactions with a requester ID unique to the device (the PCI bus/device/function number, BDF), which is used to reference a unique IOVA table for that device.”

“IOMMU groups try to describe the smallest sets of devices which can be considered isolated from the perspective of the IOMMU”

“The PCIe specification allows for transactions to be re-routed within the interconnect fabric.  A PCIe downstream port can re-route a transaction from one downstream device to another.  The downstream ports of a PCIe switch may be interconnected to allow re-routing from one port to another.  Even within a multifunction endpoint device, a transaction from one function may be delivered directly to another function.  These transactions from one device to another are called peer-to-peer transactions and can be bad news for devices operating in separate IOVA spaces.”

ACS (PCIe Access Control Services) “provides us with the ability to determine whether these redirects are possible as well as the ability to disable them.”

“Without ACS support at every step from the device to the IOMMU, we must assume that redirection is possible at the highest upstream device lacking ACS, thereby breaking isolation of all devices below that point in the topology.  IOMMU groups in a PCI environment take this isolation into account, grouping together devices which are capable of untranslated peer-to-peer DMA.”

” With the exception of bridges, root ports, and switches (ie. interconnect fabric), all devices within an IOMMU group must be bound to a VFIO device driver or known safe stub driver.  For PCI, these drivers are vfio-pci and pci-stub. ”

For true IOMMU isolation we need

– PCIe


– “each device must associate to a unique IOVA space.”

–  ACS Support at every step from the device to the IOMMU

– IOMMU Groups set us correctly

“IOMMU groups are visible to the user through sysfs” (/sys/kernel/iommu_groups)

MSDN Performance Monitoring and Tuning Tools

From Stacey Gray:

Performance Monitoring and Tuning Tools

Raspberry Pi 2 connections

Raspberry pi 2 connections added to

The keyboard and mouse are under one another next to the red ethernet cable.

SD card is on the left, this is the default 8GB SD card which comes with the kit


I have also used 64GB SD card:

Kingston Technology 64GB microSDXC Class 10 Flash Card with SD card adapter

This allowed me to format it on the laptop and install NOOBS.