Technical: Counter Hack Reloaded by Ed Skoudis with Tom Liston

It's a security book and I'm rather late getting a review of it written for PASS. Ed Skoudis is also a well known instructor in the security field and considered an expert by many. Therefore, anything that makes me sharper on security in today's uncertain world is a must.

Personal Growth: The Exemplary Husband by Stuart Scott (not the ESPN analyst)

This book presents a Biblical based account on how to be a better husband. Servant leadership, sacrificial love for one's wife, and setting the example in humility, gentleness, tenderness, but also strength and courage are the marks of a husband who strives to follow Christ's example. This is very different than how some present the role of the husband, but it's very much in line with Scripture. Anything I can do to be a better husband to my wife is something I need to do.

For Fun: Complete Defense to King Pawn Openings by Eric Schiller

I despise the Caro-Kann when facing it over the chessboard. It's a solid opening and it has always given me fits. Since I'm primarily a 1. e4 player as White, I must be prepared to face it. So I'm looking at it from Black's perspective to understand where the problem points are so I can both teach it to my oldest son (it matches his style of play) and attack it in over the board play.

 

It's been a while since I've written a blog post that wasn't a user group announcement. Here's what I've been up to:

•  Working on a security chapter for a forthcoming in-print book on SQL Server 2008.
•  Playing a lot of Heroscape with my boys.
•  Helping develop the junior high youth ministry at Spears Creek Baptist Church.
• Getting my Be Encouraged devotionals back on track. Although I need to get the web site up to date again.
•  Working a ton of projects at work.
•  Putting SQL Response through its paces.
•  Listening to one of my best friends rant about having to depend on Julius Jones to score points for his fantasy football team in this upside down year in the NFL.

In the next week or so I hope to get back to posting regularly again.

 

SQL Server MVP Frank Kalis has posted a short review on How to Cheat at Securing SQL Server 2005, a book I was able to contribute two chapters to last year. The chapters I focused on were related to Authentication and DDL Triggers. It was a great experience and I am humbled by the positive review from Frank. I first met Frank on the forums at SQLServerCentral.com and he is one of the most knowledgeable and helpful people I have had the pleasure to interact with. You can find his review at SQL-Server-Performance.com:

  Review: How to Cheat at Securing SQL Server 2005

For those who understand German, Frank's original review in German can be found here:

  InsideSQL.org: How to Cheat at Securing SQL Server 2005

 

Back in 2000 I began writing for swynk.com in hopes of learning more about SQL Server and beginning to make a name for myself in the SQL Server community. That was a little over seven years ago. As SQLServerCentral.com came online, I transitioned to it, writing articles and contributing heavily in the forums. Opportunities abounded from this effort, with the chance to write an eBook, the chance to become a regular columnist for SQL Server Standard Magazine, and later a chance to become a co-author of an in-print book, How to Cheat at Securing SQL Server 2005. In this past year, along with the help of some awesome folks, I've worked to start a Professional Association of SQL Server official chapter here in Columbia, SC. Certainly some of my goals in leaping in to swynk.com way back when have been accomplished: I've learned a lot more about SQL Server and I've gotten my name out a bit in the SQL Server community.

But I don't believe those reasons are the most important ones for participating in a community. Over these last seven years here is what I've concluded upon as the most important reasons to participate in a community:

• You can make a lot of great friends that you wouldn't have made any other way.
• You get the opportunity to help people with your knowledge.
• Other people can help you with your problems because of their knowledge and connections and concern. 

Friendship:

Because of my participation in the community, I've gotten to meet some awesome folks in person that are as passionate about SQL Server as I am. I've also developed friendships across the wire with other awesome folks who, if it were not for the community, I would never have crossed paths with. These folks are geographically dispersed around the globe. And from them I gain differing perspectives not only on SQL Server, but about the world in general. 

As I have started to learn more about MySQL, I have found an awesome community there, too. In this community I'm still very much a newbie. I'm not at a point where I can contribute much like I can on the SQL Server side, but through reading articles, forum posts, blogs, and the like, I'm building up my MySQL knowledge. In addition, I've had the opportunity to trade posts and emails with a few folks and that's usually the start of relationships which lead to lasting friendships.

Helping Others:

There is a selfish side to helping others, and that's the feeling we get when we know our efforts have benefitted another. It's a great feeling. Anyone and everyone can contribute to a community and help others. One doesn't have to be an expert or "guru" in the technology to get someone going in the right direction. Most of us with thousands of posts in a particular community started out new and green and we learned more as we attacked the problems others were having. That enabled us to be able to more quickly help others with similar issues as well as giving us insight as to where to start for a newer problem. And as we help others, our own skills just happen to improve as well. That's probably why SQL Server expert, MVP, and Microsoft Regional Director Kimberly Tripp titles her blog, Improving *my* SQL skills through your questions! 

Getting Help:

When you're stuck in a ditch, the documentation doesn't help, and you don't know where else to turn with a problem, there's always the community. Likely someone in the community has seen the issue you're experiencing and either has come across a solution or can explain why there isn't one. Quite often this can save you and your organization money as it precludes the need to have to contact support. Or it confirms such a decision to make that support call. I cannot count the times when I've come across an issue and either posted in the forums or contacted someone in the SQL Server community I thought my have the answer and then received the details I have needed.

Through the SQL Server community I've also found support on a personal level unrelated to the technology. It wasn't too long ago when my baby daughter wasn't growing and the doctors were trying to figure out why. Steve Jones (recently awarded a SQL Server MVP) offered me an opportunity to do some writing to make some additional money to offset expenses. This is just one of several times someone in the community has stepped in and made a difference in my life.

Just Do It:

Back when I was going through Air Force Field Training, Nike had a slogan, "Just Do It!" Needless to say, that became the slogan at my field training (1993, Sheppard I). When it comes to getting involved in a community, that's the attitude to take. Lack of experience is never a reason not to participate. The rewards, in my own experience, have greatly outweighed the effort I've put in to a community and I've found similar sentiment with those who I've talked to about it. Communities can easily become greater than the sum of their parts. There's never a bad time to get started in a community. The sooner, the better!

 

Real life events continue to interfere with my regular posting. However, I would rather deal with them and neglect posting than the other way around. My mother-in-law had full knee replacement surgery last week and we've been helping her out. I've been tending to the children and cooking while my wife tends to her mother, assists her with her physical thereapy, keeps track of her medication, etc. It hasn't been pretty.

This is a very vivid reminder (along with Steve's editorial, Open Enrollment) that I need to get back into shape especially considering previous injuries due to sports (knees from baseball, ankles and hip from soccer) and military training (shoulder). After graduating from The Citadel in 1995 I've put on about 100 pounds. When I left El Cid I was at my optimum weight. However, sedentary jobs with the USAF (project manager and tech branch lead) and afterwards mean I do far less each day than I did when I was a cadet and I never adjusted accordingly. Bad move.

I began changing my diet and walking at least 10,000 steps a day a few weeks ago (10,000 steps equates to about 30-60 minutes of walking). I've lost some weight, but I know I have a long way to go. I didn't put this weight on overnight so it's not going to go away overnight (at least, not in a healthy manner).  Towards the end of last week I was able to mix in a bit of running, and my goal is to get back to distance running again. I started running with my mom when I was 3 and I ran competitively in junior high and high school. During my Air Force days I went in cycles where I ran a lot and then, as work picked up, dropped back to hardly running at all. After the Air Force, I pretty much became less and less active. Therefore, I know the catch is not only to get in the habit of eating properly and exercising regularly again but also to not get out of the habit like I have in the past.

With all that said, hopefully things will settle down and I'll get back to posting regularly again in the next few days.


Technorati Tags: Life | Work

I'll post Part III of Becoming a DBA tomorrow (meaning there will be two posts). Veterans' Day is typically celebrated on the 11th, but when it comes on a weekend, we tend to formally observe it on the following Monday. Today is a day in the United States where we honor those who have served in our armed forces, of which I had the privilege of doing. The date itself has significance, for it is the date when the Armistice to end World War I was signed, thereby ending the "War to End All Wars." Unfortunately, that war didn't end all wars and military personnel are needed to this day.

I'm intentionally refraining from any sort of political statement, for that would do a disservice to those men and women who have worn the uniform. Regardless of one's stance, in today's climate there certainly is a vehement opinion against. Instead, I'm taking the day to reflect on my time in service, offer my prayers for my friends and family who still serve as well as countless more in uniform who I have never met, and consider how I may continue to serve others in my civilian life with my talents, abilities, and time.

I close with the US Air Force core values. They are fitting for any individual, not just an airman:

• Integrity First
• Service Before Self
• Excellence in all we do

Secretary of the Air Force, Michael W. Wynne, eloquently explained what is meant by these concepts in a letter to the force in 2006. It is well worth reading.

Technorati Tags: Life | Work | Writing

Work responsibilities took up my time on Thursday and Friday, so I never got around to posting. Here's the resources I planned on covering on Friday: online sources for SQL Server security.

Website: Center for Internet Security - SQL Server Benchmarks

CIS is well known for producing quality benchmarks for securing products. Among the benchmarks pulished are those for SQL Server 2000 and 2005. These are recommendations on how to make your SQL Server installations more secure.

Blog: Laurentiu Cristofor's blog

Mr. Cristofor covers a lot of SQL Server security topics in his blog posts. He is a Microsoft employee who has worked on the SQL Server database engine. If you're looking for information about encryption within SQL Server 2005, this is the place to go.

Website: SQLSecurity.com

Chip Andrews' site which features tools such as SQLPing. Also, it has the most comprehensive SQL Server version database out there.

Whitepaper: SQL Server 2005 Security Overview for Database Administrators by Don Kiely

A quick down-and-dirty introduction to the security features found in SQL Server 2005. If you're just getting your feet wet in this version of SQL Server, this is the whitepaper to read first when it comes to getting a feel for SQL Server security.

Whitepaper: SQL Server 2005 Security Best practices - Operational and Administrative Tasks by Bob Beachemin

This whitepaper goes a bit deeper than the overview with respect to a few topics. Again, if you're concerned about security with SQL Server 2005, you should read this whitepaper.

Blog: Microsoft Security Response Center

While not focused on SQL Server, this is the blog where Microsoft's security response folks will post as vulnerabilities are discovered and announced. This is one of those sites you keep up with if you have any sort of security responsibility on a Windows-based platform.

Blog: Microsoft Switzerland Security Blog

Yes, this blog is in English. And while there is often similar material on this blog as there is on the MSRC blog, sometimes the Switzerland blog covers things not on the MSRC site or just beats those guys to the punch. I've got them in my blogroll to read because of this.


Technorati Tags: DATABASE | SQL | T-SQL | SQL Server | Microsoft SQL Server | SQL Server 2005 | Security | Database Security

I've used Safari (the O'Reilly version) for a number of years now and it is a resource I often recommend to coworkers. Basically, it's an on-line library of technical books (since expanded to include video) from a group of publishers. O'Reilly, Microsoft Press, Cisco Press, Syngress, and many others have books and resources on-line at Safari. It came into being in 2001 but I remember a predecessor version back in the late 90s from Que Publishing/Macmillan Computer Publishing called Personal Bookshelf, which I also used. Back in those days I was in the Air Force and that provided some of the technical books I couldn't afford on an Air Force salary.

Subscribing to Safari gives one the ability to put a certain number of books onto a "bookshelf" and the books have to remain there for one month. The exception is the library subscription, which has no limit to how many books you can have on your bookshelf (favorites). Another advantage of the Library subscription level is it gives access to Rough Cuts (books in pre-release stages), Short Cuts (excerpts from books and other material on a focused topic), and Video. Library also gives one five download tokens a month (and up to 3 months can be accumulated). You can pay for some of these features separately if you don't get Library level, but the Library level, at least for me, is the best value package deal. For those interested in getting their organization's on Safari, yes, there are apparently corporate plans, too.

I initially subscribed to Safari because it was cheaper than the equivalent price of one technical book a month. Even at the Library level, it's still at the lower end of the technical book range. The number of books which I have access to far exceeds that novel price. I say novel because when I considered how much I was spending on technical books, it was well worth the price to me. I have a friend who doesn't use Safari because he indicates he can find everything on-line. To some extent this is true. However, when I was leading my organization's Active Directory migration, Safari became my Active Directory library. Having those resources readily at hand without having to lug 4 or 5 Active Directory books around was priceless.

Others have written about the value they find in Safari, such as Sean McCown (Database Underground on InfoWorld). He specifically mentions some of the books/authors he found on there as a reason to recommend Safari. The catalog is quite large and it's not unusual for a book to appear in Safari shortly after publication, say within a few months. Safari also does a good job of putting older books on-line that may be of interest to some, such as the older O'Reilly published Perl books. Here is a list of some of the books that are on-line right now which are relatively recent (within the last year or two) and relevant to this blog:

MySQL

• Learning MySQL
• MySQL 5.0 Certification Study Guide
• MySQL Administrator's Guide and Language Reference

SQL Server

• Inside Microsoft SQL Server 2005: The Storage Engine
• Inside Microsoft SQL Server 2005: T-SQL Querying
• Inside Microsoft SQL Server 2005: T-SQL Programming
• SQL Server 2005 Practical TroubleShooting: The Database Engine

Windows

• Introducing Windows Server 2008
• Microsoft Windows Server 2003 Performance Guide
• Microsoft Windows Server 2003 Troubleshooting Guide

Technorati Tags: DATABASE | SQL Server | Microsoft SQL Server | SQL Server 2005 | MySQL | Windows 2003 | Windows Server 2008 | Active Directory | Work | Books

For a variety reasons, including personal/family concerns and workload, I've not been able to write as often as I'd like. That doesn't just include the blog, but also writing articles. It's been a long while since I've written an article for SSC. I want to get back to writing at least monthly, if not more often. One of the keys to writing well is to write every day. Therefore, I'm going to provide some structure to the blog in order to make it easier to post every weekday with something that will hopefully be useful. Here's the types of posts that should be present based on the day of the week:

• Monday - Career Development
• Tuesday - Tips, Tricks, and SQL Scripts
• Wednesday - Tools, Tools, and More Tools
• Thursday - Tips, Tricks, and SQL Scripts
• Friday - Notable Resources (Blogs, Articles, Books, Podcasts)

I won't limit to one post a day, but hopefully that becomes the minimum. While I primarily focus on Microsoft SQL Server in this blog, the reality is I deal with Active Directory, security, and MySQL on a daily basis as well, meaning I'll include posts in those technology areas as well.


Technorati Tags: DATABASE | SQL | SQL Server | Microsoft SQL Server | SQL Server 2000 | SQL Server 2005 | MySQL | Active Directory | Security | Life | Work | Writing

How to Cheat at Securing SQL Server 2005

I recently had the opportunity to contribute a couple of chapters to this new SQL Server security book from Syngress. The concept of the book is to provide a fundamental understanding for harried IT workers on how to use SQL Server 2005's security features to tighten down their SQL Servers. The book is intentionally broad but each author tried to put in best practices and Microsoft recommendations where possible.

I believe this is the first SQL Server 2005 security book on the market. There are a great deal of additions in SQL Server 2005 with respect to security which can prove to be a steep learning curve from SQL Server 2000. Hopefully this book serves to speed along the learning process.


Technorati Tags: | T-SQL | SQL Server | Microsoft SQL Server | SQL Server 2005 | Security | Database Security | SQL Server Security | Writing

One thing is always certain about information technology: there is always change. This past week I was pitching in on a Citrix upgrade for my organization and I went to tweak the web interface. Though I'm not primarily a "server guy" and directory services administrator, I do have a web developer skillset (in fact, that's how I got my start where I work now). However, it's been a few years since I've done anything but touch up work with regards to web development and initially I got that blank feeling... the one where you know how to do things but it's like your mind is cycling through the archives to pull back that information and bring it to the forefront. After a thankfully brief period of "brain thrashing," I went to it.

This experience reminded me of a .NET Rocks! episode with noted Windows programming guru, Dan Appleman. In the episode Mr. Appleman talked about the concept of discoverability. Quite frankly, IT has grown so big that no one can know it all. The key then is to know where to find the information you need to solve the problem. Facing this issue, he ran across Google custom search and used it to build SearchDotNet.com, a "search engine" which hits the sites Mr. Appleman, in his expert opinion, are the ones he'd want to search against for .NET questions. Rather than getting all the dross out there from everyone and his brother who might want to throw up a snippet of .NET information on a blog or web page, the search domain is intentionally narrowed to produce more usable results, thereby hopefully reducing the time to find a solution to a .NET related problem.

Sticking just to SQL Server, there is so much to it now that one person knowing it all seems less and less likely. SQL Server MVP, Kalen Delaney, has noted that there is a plethorea of topics for SQL Server 2005 in her introduction to Inside Microsoft SQL Server 2005: The Storage Engine, where she writes, "As I mentioned, even in four volumes, certain features and aspects of the product cannot be covered." MySQL is becoming much the same way. With each new version comes new features that eventually it's going to be like SQL Server, if it isn't already. You just won't be able to know it all. Finding the answer to a problem in either space then comes down to a discoverability issue.

The experience has reminded me I need to brush up on my CSS (Cascading Style Sheets) skills and I'll do that over the next week or so. However, I realize I won't be able to become an expert in CSS. However, I don't have to. As long as I know what I'm looking for and how best to find it, I should be fine. Web development isn't my core skillset any longer. Therefore, I can't spare the time to gain expert knowledge of it any longer. There's too much to keep with in Windows servers, SQL Server, and security to try and spread myself any thinner. Good thing I don't have to, as there are many, many experts who have given back by posting information that's only a targeted web search away.


Technorati Tags: Citrix | .NET | .NET Rocks | Dan Appleman | Kalen Delaney | SQL Server | Microsoft SQL Server | SQL Server 2005 | Books | Work | Skills

I just finished the book Brute Force: Cracking the Data Encryption Standard by Matt Curtin. It covers the work of the DESCHALL project, the first ones to crack a message encrypted with the Data Encryption Standard (link goes to .PDF Format of FIPS 46-3). This was in response to a contest challenge by RSA Data Security (now owned by EMC). The first person to crack the DES encrypted message would win a cool US$10,000. What followed were several groups using distributed computing to divy up the possible keys and then brute force until a key was found. The DESCHALL group got it first. I remember the DES message being cracked in 1997 and this book piqued my interest.

The book is an interesting look at how a loosely organization coalition of folks all focused on the same goal can accomplish a significant achievement. It's also a great demonstration of how powerful distributed computing is, even on desktop machines. From a raw computing power perspective, some problems are easier to solve in a distributed architecture than on a supercomputer. Cracking the DES-encrypted message was just such a problem. This is why projects like SETI @ Home offer us hope to accomplish things that otherwise might be impossible in today's age.

The book is light on the technical side. For instance, Mr. Curtin points out that the DESCHALL clients used UDP, which was a far more efficient protocol for what they are trying to do than TCP. But rather than delve into the minutiae and spewing techno-speak, he gave a high level explanation as to what made UDP better than TCP for their implementation at a level where non-technical folks can go, "Okay, that makes sense," without technical folks going, "You oversimplified it to where it's wrong!" Therefore, this is a book that's accessible to non-techies as well. If you are interested in encryption, especially with all the goings-on in the late 90s (remember low and high encryption versions of IE and Netscape?), this book is a good one for that.


Technorati Tags: Security | Network Security | Encryption | DES | Data Encryption Standard | DESCHALL

Watching a Chefograpy on Giada De Laurentiis, I learned that she was considered very much an introvert and had a hard time in front of the camera. However, over time she has overcome all of this and has become more comfortable around people and being on film. I've always been shy around people I don't know, and that makes meeting people hard. Whether it's due to my upbringing or what, the show made me think about the fact that this is one area of my life I need to improve on. I had heard good things about Never Eat Alone by Keith Ferrazzi, and checked it out from the library. The gist of the book is about how to become better at networking through the building of relationships.

It was a very good read and I took notes on every chapter. A lot of is common sense, but while the points are common sense, they aren't necessarily easy to do. For instance, chapter one points out it is foolish to not ask for help. In our "pull yourself up by your bootstraps" culture, asking for help is akin to admitting weakness. However, Ferrazzi gives examples from his own life where his father wasn't afraid to ask for help for his son and because of his father's willingness, Ferrazzi was able to get into doors for his education he wouldn't have been able to otherwise. Some of the key points I pulled out:

• We need others to succeed.
• Be willing to ask, even if others would consider it embarrassing.
• True networking isn't about using people to get what you want, it's about caring and concern for others regardless of status.
  
• Work hard to reach out to others.
• Be sincere in your efforts to make connections with people.
• Remain humble.
• Make something of the time and effort a mentor is willing to impart.
• Measure success by love and friendships, not by income, position, or hype.

As I said, these aren't stunning revelations. However, the fact that a "master networker" is pointing them out as the keys to his success is a reminder that candor, openness, sincerity, and compassion still work in this world. That's a nice, refreshing message and its solid encouragement for me to work on being able to meet and share with others.

If you're interested in reading some excerpts of the book, Mr. Ferrazi has a few chapters available on-line. Mr. Ferrazi also has a blog which he posts to semi-regularly.


Technorati Tags: Life | Work | Personal Development | Relationships | Networking

The Cuckoo's Egg by Clifford Stoll has been around for a while, having been published in 1989. It details how a system administrator (a trained astronomer who had to find something else to do) tracked a malicious hacker through his system and numerous others including defense contractors and unclassified DoD systems. It's one of those books a lot of folks who work security say should be read if you're in the field. When I was a cadet at The Citadel, one of the other guys in my company was reading it and said it was a good thriller of a book. I meant to borrow it from him and never did. Then I meant to read it for some time but every time I thought about it, I would subsequently forget to go look for it or check it out from the library. Well, I finally did read it and found that my friend's assessment was a good one. I think my wife would agree as she swiped it away from me before I was done and finished it first.

As I went through the book I watched for security principles in play and what was true in 1989 in large part holds true today. Some of the things that were revealed as Mr. Stoll went through his meticulous process of tracking the intruder who was working for the KGB:

• Honeypots are effective to attract an attacker and learn about his or her methods. In the book Stoll's roommate comes up with an idea to place what look to be classified documents on a military defense system on one of the servers and to keep it updated so as to look like a regular project that is progressing. This is ultimately how they get the attacker to stay connected long enough to trace him. Honeypots are used today to attract attacks, especially automated ones, so we can analyze them and learn to defend against them.
• Dictionary based passwords don't work. The attacker in the tale kept grabbing the password file from the servers he was attacking. Stoll at first couldn't figure out why because the passwords were encrypted with a one way function which meant if you had the actual password it was easy to get the encrypted hash, but the opposite, where you have the hash and want to get the actual password wasn't true. However, the algorithm used to encrypt the passwords was well know. So if you calculate all the hashes for a set of words, you can compare the hashes and figure out what the passwords are. BTW, this is an issue with Windows passwords. Do a search for rainbow tables and you'll find several sites that have rainbow tables for Windows-based passwords.
• Just because you can't see the monitoring devices doesn't mean you aren't being watched. Stoll put a line printer before the server itself, meaning he got an output of everything that was going back and forth on the line. this allowed him to watch the attacker as he came and went. Nothing was running on the server itself. This is analogous to two things in today's world: sniffers and rootkits. Sniffers watch the wire and from the server you can't tell you're being watched. This is why encrypting sensitive data across untrusted lines is important. Rootkits are running at a level where they can intercept any calls you make to try and detect them. That's why there was so much concern over rootkits (and still is).
• When doing forensics work, keep a log. This is a no-brainer. Log everything you do, who you speak to, every step. Time and time again Stoll went back to his log. Because he had it, he was able to connect a lot about the attacker's behavior, prove he had informed the right people of what happened, etc. This is actually a good rule for troubleshooting. Log everything you do because you (a) want to be able to undo anything that didn't work and (b) you want to know how exactly you fixed a problem.
• Don't assume your system has no value. Stoll's system didn't have classfied secrets on it. But it did represent a jumping off point to attack other systems. Frequently I have conversations with folks about securing development servers. To the attacker, a development server may be just as valuable as a production server. If a system is on your production network, it needs to be secured.
• Don't assume you are secure. Stoll found several folks who assumed their systems were secured. The evidence showed otherwise. Paranoia is good in the security field. Let me rephrase that... controlled and focused paranoia is good.
• Check your logs frequently and investigate inconsistencies. Stoll stumbled onto the hacker because of a 75 cent accounting error. That's what started the whole trace. The better an attacker is, the less likely he or she is to leave clues. Therefore, even the smallest details are important.
• Change default accounts and passwords. The attacker kept breaking into systems because administrators had left default accounts and passwords active. Blank passwords, passwords of password (or some derivative), and default passwords are all bad. If an attacker is knowledgeable of the defaults and we leave them active, we've opened the door. It was amazing how many systems the attacker got into using this simple method.
  

Technorati Tags: Security | Database Security | Network Security | Windows Security | SQL Server Security

I've taken some time to update my website. In particular I have updated:

• Articles
• Reading List
• Chess Reading List
  

Nothing fancy or special, but just some needed updates.

Technorati Tags: Chess | SQL Server | Microsoft SQL Server | Reading | Writing