Friday, 12 March 2021

Cryptography is Everywhere

Historically, cryptography was used for secret communication by exclusive sectors only — such as governments, military and spies — since it was crucial and affordable to them. They have long been aware of the consequences of their messages falling into the wrong hands; therefore, this situation has motivated the development of techniques for disguising a message so that only the intended recipient can read it. 
The huge desire for secrecy led nations, kings, and queens to make all-out efforts to ensure the security of communications by inventing the best possible secret codes and ciphers. 
A lover in Victorian times
As the public also became aware of the need to protect personal messages of a highly sensitive nature, they also became comfortable with encipherment. They began to express their cryptographic skills in a variety of ways — for example, young lovers in Victorian England were often forbidden from publicly expressing their affection, and could not even communicate by letter in case their parents intercepted and read the contents. This resulted in lovers sending encrypted messages to each other via the personal columns of newspapers, more specifically, via the classified ads. 


But what exactly is cryptography? Simply put, it is the study of how to send secret messages by codes and ciphers, in other words, cryptography is the art and science of keeping messages secure. Perhaps the most famous encryption machine is the Enigma which was developed by Nazi Germany to protect commercial and military communication during World War II and then cracked by Alan Turing — it is difficult to avoid getting excited when talking about the Enigma machine, isn't it? During that time, he worked for the Government Code and Cypher School (GC&CS) at Bletchley Park, Britain's codebreaking centre. He played a decisive role in cracking intercepted coded messages which enabled the Allies to defeat the Nazis and shorten the war by as many as two to four years. This certainly saved millions of lives as well. 
The Enigma Machine

With the arrival of major advancements in science and technology, this field has played an extremely important role beyond military’s security becoming financially and technologically accessible and increasingly essential for ordinary people and companies. 
Nowadays, cryptography is not only about secret communication but also data security — including confidentiality, integrity, authentication and non-repudiation. 
It is commonly used for e-commerce especially electronic transactions in the banking system, cash withdrawal from an ATM, instant messaging, file storage, email, web browsing, GSM mobile phone, cryptocurrency, etc. We are using cryptography more than ever before.

Notwithstanding the beneficial impact on society, cryptography has also raised some concerns related to human rights, ethical, and legal issues because it can certainly be used for bad purposes as well — such as organising terrorist attacks and abusing people. In this sense, companies have a duty to protect data based on contract, laws, and industry regulations related to Copyright and Digital Rights Management. Also, some governments have the right to request key disclosure either from the accused or from third parties, but it also compromises people's privacy.
Having the forces of law and order lobbying to restrict the use of cryptography gives rise to the heated controversy over which one has more value for us: our privacy or an effective police force? This controversial issue certainly conflicts with both sides' interests. 
Not surprisingly, issues like this are being addressed by the global movement Amnesty International which says Encryption is a matter of Human Rights, which basically means that people everywhere should be able to encrypt their communications and private personal data for the sake of their rights to privacy and free speech.

Code-breaking attacks have also been improved considerably resulting in cryptographers working on new ways to make stronger cryptography which thrives only until its weakness is identified by codebreakers. So, secret codes and ciphers are constantly under attack from codebreakers which continually force them to evolve to survive the onslaught of new attacks. This ongoing battle has resulted in remarkable scientific breakthroughs and accelerating technological developments. Also, this situation has mostly looked like a quest for absolute secrecy — which is not possible for now at a reasonable cost. 
Cryptography is everywhere, and you might have not noticed yet; it is because cryptography is mostly working in silence — in the background — it is invisible; it is always working in the dark to help secure our communication and data. It is always there to protect us.
I must mention that cryptography is a central topic within theoretical computer science, which covers a broad range of key-related topics having maths as the game-changer. It is strongly linked to mathematics, algorithms, etc. Good cryptography needs good mathematics, and it is practised by cryptographers who are trained in theoretical mathematics.

Cryptography is just wonderful — Welcome to the freewheeling world of cryptography... 

Friday, 5 March 2021

Do You Want to Be a Cryptographer?

Alan Turing
Alan Turing
I've always been interested in information security since 2003, but it wasn't until I enrolled on the cryptography module — while studying for a Master in Advanced Computer Science in England in 2018— that I started getting more keen on the mathematical side of cryptography; perhaps it was in part because I cherish mathematics and had the right cryptography teacher. What's more, I admire Alan Turing since he strove to do good work in difficult conditions during World War II; his work saved millions of lives. All of these things together inspired me to immerse myself in the world of cryptography. 

Thursday, 4 March 2021

Don't Place the Blame on SQL Server

I have never worked for Microsoft, but SQL Server has given me a lot in terms of learning, community and opportunities, all these together have helped me do a great job as a Database Administrator (DBA) for many years. Since I started working with SQL Server nearly 15 years ago, I have heard a lot of complaints about SQL Server being nowhere near as good as Oracle. Much as I would have liked to ignore these fruitless discussions, I couldn't see the point of comparing products in such a compulsive way. Is it not true that our skills are more crucial than the technology itself? — Or perhaps some people just try to find something to blame. Whatever the case, I am convinced that we, as database professionals, are compelled to make the most out of any specific database technology. 
No matter what technology we are working with, we are at the wheel — technology is just a tool — so it is not the best to blame technology on the ground of one's inefficiency.

Monday, 30 July 2018

Installing a stand-alone SQL Server 2017 instance step by step

Undoubtedly, many of us have the task of installing a new stand-alone SQL Server instance which includes the database engine service only. For instance, it can primarily be needed for dedicated and consolidated OLTP environments. Consequently, we can be asked to create a formal document for others so that they can easily follow it for future installations and standard configurations.

Today's post is going to outline the process of installing a basic stand-alone SQL Server 2017 instance. This process is just a basic guideline and, surely, not a rule for each installation, because it is fully understood that every environment is different and needs a customised installation to meet very specific requirements. You can read the whole tip about it at mssqltips here https://www.mssqltips.com/sqlservertip/5616/steps-to-install-a-standalone-sql-server-2017-instance. I hope you find it very useful and practical. That's all for now. Please let me know any remarks you may have. Stay tuned!

Tuesday, 20 March 2018

Configuring Read-Only Routing and load-balancing across Read-Only replicas

With the arrival of AlwaysOn Availability Group in SQL Server 2012, implementing HA+DR solutions have been an easier and not expensive task in comparison to legacy architectures such as Database Mirroring for HA and Log Shipping for DR, and FCI for HA and Database Mirroring for DR. Nevertheless, at the beginning not everyone has been fully aware of all the power of this technology so that some might not have made the most out of it. Naturally, this technology has been improved over the years, for instance, load-balancing across readable secondary replicas was added, and today in this post, I am coming with a script to configure it.

Tuesday, 20 February 2018

Looking deeper into the physical & logical architecture - Transaction Log File

Beyond all doubt, it is essential to have a good understanding of the Transaction Log (T-Log) so that we can diagnose unforeseen performance issues related to it and I am sure that almost everyone had at least one. The T-Log is basically a record of all transactions happening to the database. All these transactions are actually first written to the physical T-Log file, and then after a CHECKPOINT, is written to the Data File via the Lazy Writer process. Some of the uses of T-Log are: as a point in time recovery (full recovery model), to record the Start and End of each transaction, every data modification (insert, update, delete) including system SP's, DDL statements to any table including system tables, every extent and page allocation and de-allocation operation, and creation or drop of tables and indexes.

Saturday, 17 February 2018

Checking SQL Server stale statistics

Clearly, it is of paramount importance to monitor the state of statistics because they always play a significant role in the performance of the whole database. When statistics are not up to date the performance will indeed decrease tremendously over time and I am sure nobody wants to have a sluggish system. How many times did you find yourself in a big problem related to unforeseen performance issues even some days after having carried out dutifully the respective database maintenance tasks? did you wonder why rebuilding index and statistics update tasks are not being good enough? if everything was working smoothly, why did the performance start going down unexpectedly? Why are the indexes not being used as usual? do I need to create more indexes? the answer might be found by digging deeper into the stale statistics. It is worth noting that Statistics contain all the information that SQL Optimizer needs to generate the best possible execution plans for your queries. If they are not up to date then the impact might be disastrous. So, having the right indexes are not good enough when the statistics went stale.

Tuesday, 13 February 2018

Avoid changing default ANSI database options

Not having another way of fixing some specific errors, at times some people may consider turning off any ANSI database options as a final solution. To be perfectly honest, I do recommend getting to the bottom of each problem and then fixing it at that level instead of changing default ANSI settings (unless it is just a quick fix or is truly necessary because you verified the benefits are significant). For instance, it is by no means uncommon to turn ANSI_WARRINGS off to fix the following error:

Msg 8152, Level 16, State 14, Line 5
String or binary data would be truncated.