Skip to content

If or When?

I saw this post recently about security and preparing for a data breach. The title caught my eye because it implies that we’re all doomed. Do the rest of you think that? Is it a question of when we’ll have a security breach not if?

Given the headlines, the news we find out about companies not disclosing security issues, the back doors and poor code in much software, is it any wonder that people think it’s a “when” and not an “if”? Given the lack of realization from many companies that suffer incidents that they were even attacked, perhaps that’s an assumption worth making.

We’ve been hacked at SQLServerCentral in the past. I don’t think we’ve been hacked in many years, but I also have no way of knowing. That’s the difficult part of dealing with bits. If they get copied, there’s not necessarily a trace of anything amiss. It’s quite possible that many of us have no idea that our bits are being copied. Every read is a copy of data and how long did the NSA read data without most of us being aware? How sure are we that they, or some other organization, hasn’t been reading much more than was disclosed?

I’d hate to think that our systems are so porous that we’re all likely to get hacked at some point. It’s probably technically possible, but hopefully not likely for most of us. However we should consider that it will happen and ensure we have some handle on our data security. It’s hard, and complex for most of us, and I’d like to think that Microsoft will recognize this and build better controls and features into future versions of Windows and SQL Server that enable easier auditing, granular permissions, and separation of duties.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 2.0MB) podcast or subscribe to the feed at iTunes and LibSyn. feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

Vote for me at SQLBits

SQL Bits XII is coming this July to Telford in the UK and voting is underway for sessions. I’ve submitted a few and am hoping to get accepted to go back. You can help.

You can log into the site and vote for the sessions you’d like to see. I’d prefer you vote for me because I’d like to go see friends and meet new people, but feel free to vote for the sessions you’d like to see.

The ones I’ve submitted are:

I’m not sure how long voting lasts, but take a few minutes today and pick your ten favorite sessions.

Problems with Big Data

Big Data is constantly in the news. We’ve been asked at SQLserverCentral to try and develop some articles, perhaps even a stairway to explain what Big Data is and how we might use it. I’m still trying to grasp the concepts myself, and unlike the amorphous cloud, I’m still looking for some good examples of what Big Data really is.

When I ran across this piece warning that Big Data isn’t the final solution to all our questions in the world, I wasn’t surprised. The piece notes that Google Flu hasn’t been very accurate in its predictions of outbreaks. At first glance, this gives lots of credence to the idea that the good, solid data analysis and mining techniques we’ve used for years are just as good as any new Big Data fad.

However as I read more about the piece, it’s not that big data and the analysis of large quantities of information is flawed, it’s that a solid hypothesis matters. Researchers need to be willing to evolve their algorithms as they learn more about a problem. Probably they should also assume their algorithms are not correct until they’ve proven their ability to predict actual trends for some period of time.

We’ll constantly be searching for ways to better interpret information and make better decisions. No new technology or product is going to magically solve our problems. Good solid understanding of the problem domain will continue to matter as much as the data itself.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 1.8MB) podcast or subscribe to the feed at iTunes and Mevio . feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

T-SQL Tuesday #53–Why So Serious?

tsqltuesdayIt’s an interesting topic this month for T-SQL Tuesday #53. When I read Matt Velic’s invitation, I became intrigued. I like jokes. I like messing with people, and I was thinking about the recent April Fool’s jokes I’d written and those in the past that have been fun. I’m going to enjoy this.

You can participate as well on any month. Just write a blog post and publish it on the second Tuesday of the month, linking back to that month’s invitation. Follow the #tsql2sday tag on Twitter or set a reminder and Google on the first Tuesday of the month.

If you hurry, you can participate this month.

Not So Serious

The number one rule is know your audience. I’d be very careful who I might play this joke on. Note that this is also a bit of a abuse of privileged accounts.

There are a few utilities from Sysinternals (owned by Microsoft) that are very useful for administrators. However they have also been very handy for practical jokes as well. Specifically I’ve used the PsExec and PSKill to amuse myself.

I once worked in a group that had four administrators to run our systems. We lost one of our people to a better job and the corporate management decided to "promote" an internal employee to replace him. This new person was a "paper MCSE", who had studied for the exams. He was making an effort to grow his career and that was something to admire.

However he was a jerk.

He had the mistaken impression, as many people that have achieved something they set out to do, that they know more than they do. In this case, much of his "book learning" and boot camp work wasn’t appropriate for the real world. What’s more, when we would work with him to teach him how things worked differently for us, or explain why the book recommendation wouldn’t work, he was arrogant and dismissive of us.

After suffering through a few months of his dismissive attitude and desire to avoid learning more in the real world, we decided to play a few jokes on him. We downloaded the sysinternals tools and also wrote a few scripts to command line launch tools with specific scripts or settings.

One day when he picked up the phone to work on a call, we watched him start to connect to a server. Using PSList and PSKill, we’d kill his connection. Then we’d quickly use PSExec to launch another connection to a different server. At times we could be creative and redirect him to a development server instead of a production server. He’d swear he was fixing something for a user, but since he was on the wrong server, the user didn’t see the item working correctly.

We were sporadic in our efforts, only causing issues a few times a day when we felt the problem wasn’t too critical. Eventually my manager realized what a few of us were doing and had us stop.

It was a bit mean, and not something we should have done maliciously. I was young, and let myself get irritated. In later years, I out grew some of this childishness and limited jokes to people that I genuinely liked, changing settings, altering wall paper, creating aliases that pointed to different systems, and even unplugging people mice and connecting my own in an adjacent cube.

Joking around at work can be fun, but remember that it shouldn’t be malicious and it can’t prevent people from getting work done. We certainly don’t want to get someone fired, as much as we might like to at times.

Lobbying for Change

I ran across a note recently on Twitter from Adam Machanic. He wrote:  Just spent most of the day working through a subtle PK issue – 1 bad row out of 18M. Would have killed for this. The item in question was a Connect item, one with almost 500 votes. It’s a good one, and I’d encourage you to vote for it. I know that it seems many of these items are never worked on, but some changes make it into the product, so I’d ask you to continue to vote for change.

When Connect was first introduced, Andy Warren and I debated the value of the platform. On one hand it made good sense to directly feed information back to developers, but on the other hand, it was likely that those items that got more notoriety or votes might get fixed, even if they weren’t necessarily good ideas. The popularity of an item doesn’t necessarily mean it’s one that should be fixed in the product first. We also worried about one of the big problems of the platform and that is that a tremendous amount of noise of entered and it becomes hard to triage the submissions.

As I watch Connect evolve, I can’t help but think that it’s been mostly a failure from my perspective, with a few notable successes, like Service Pack 3 for SQL Server 2005. There’s too much noise and too many items ignored. However I also do think that those items that get lots of vots do get more consideration from Microsoft. More votes doesn’t mean that the feature will get fixed, but I do believe the item gets talked about. (As an aside, please vote for more, final Service Packs)

Personally, I think that raising awareness of possible suggestions or problems is a good idea. I’d love to see a top 10 list of Connect items from MS for consideration every month. Having them highliht some items they’re considering from the list might help focus attention from customers. I don’t think that’s likely, but I wonder if highly debated suggestions might be worth highlighting at SQLServerCentral. Would you like to see a Connect item of the week? Something you could vote on or even debate as a good idea? I would, and I’d consider adding them as a way to help improve the platform that I enjoy working on the most.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 3.0MB) podcast or subscribe to the feed at iTunes and Mevio . feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

One week to SQL Intersection

You still have time to grab the boss and convince him to invest in you. Show what you’ve learned in the last year. Tell him or her how some training you’ve taken, perhaps at a SQL Saturday, helped you at work. Make a good case to attend, and perhaps I’ll get to see you next week at SQL Intersection.

It should be a good show, with Windows 8.1 changes, the release of SQL Server 2014 and Visual Studio 2013 recently, and lots of amazing speakers. I still can’t believe that I’ve been accepted to go sometimes because there are some great presentations to see.

I’ve got three, Continuous Integration, High Performance Encryption, and Filestream, but I don’t know how many people I’ll actually present to when Paul Randal, Kimberly Tripp, Jonathan Kehayias, Brent Ozar, Bob Ward, Kevin Kline, Aaron Bertrand, Grant Fritchey, Andy Kelly, and more are going to be speaking at the same time. That’s without talking about all the great sessions to see in the other tracks.

It’s spring time, the weather will be great, and I’m looking forward to a few days in Orlando. If you get the chance to come, I’d love to shake your hand.

Data Security Policies

Does your organization have some policy around data security on mobile devices? Do your fellow employees care about data security? A new study says that most organizations don’t, and potentially that’s an issue.

Many of us are data professionals, and we might have no idea how much data a user can access using today’s modern mobile devices. Potentially we can help them understand that the $500 smartphone they use can actually contain and access much more than $500 worth of data. If their device is the cause of a data breach, the cost could easily be much closer to $50,000 than $500.

Security is always a big gamble, and rather than the old models of controlling all devices and limiting access, we need to learn to educate users, work with them to secure their devices and report losses quickly. The survey shows that most employees don’t even know how to report the loss of a device that might cause a data breach. At the very least, we can establish some procedures that will allow an account to be quickly turned off. And to ensure productivity doesn’t suffer, we need a procedure that also engages a new account for a user quickly.

My guess is a lot of security issues could be handled quicker if we ensured that users were aware of issues and penalized for ignoring them, but made sure those penalties were balanced with an understanding that there it is inevitable people will make mistakes and accidents. Forgive mistakes and ask for reports of potential issues quickly.

Steve Jones

The Voice of the DBA Podcast

Listen to the MP3 Audio ( 1.8MB) podcast or subscribe to the feed at iTunes and Mevio . feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

Don’t Be an Arse

In deference to my British employers, I’ll use their word.

It constantly strikes me how rude, stupid, and unfriendly people can be on the Internet. I’ve been trying to avoid even reading comments on many places, including Facebook because I’m struck by how people behave. I haven’t completely succeeded and things still strike me at times.

Like today, I saw this tweet.

phil_a

I read part of the article and then scrolled down to see the comments. This was what I saw:

dbadetect2

I get that you might not like the format. Personally I didn’t love it and didn’t read the entire article. However I also recognize that this was a story and designed to present information in a new style. Even the opening leads one, or at least me, to understand this is a story, not a quick technical article.

dbadetect

I suspect that bad behavior is often because of the anonymous nature of comments. Or maybe it’s because the writers are so far removed from others they feel no social contract to mind their manners. Perhaps it’s the ease with which one can toss off their first thought and condemn the rest of us to suffer through it.

If you don’t like something, that’s fine. You get to pick and choose which pieces you want to read and which ones you like. However it’s also easy to just click away to something else and not leave a comment. I’ll paraphrase a few lyricists here (Jay-Z and Salt n Pepa),

If you don’t like the writing, you can click back, close the tab, or turn away from the computer.

Disclosure: I work for Red Gate, and we do want to sell software. That’s how we pay the bills and keep Simple Talk and SQLServerCentral running. We also are a part of the community. We want to teach you. We want you to get better at your jobs, and yes, we want to entertain you.

Please let us know what you like and don’t like, but there’s no nefarious purpose to trick you. If you like our tools, or those of our competitors, and they are worth the price, we hope you buy them.

Great Companies – Spotify

I don’t know anyone at Spotify, nor have I worked there. However when I see descriptions and explanations like this one of how they organize and build their culture, it makes me think they’re doing it right.

Autonomy is important, and it helps motivate people. I need to do more writing here, but for now, check out this video. About 13 minutes long, but interesting.

The Internet of Things

The Internet of Things is upon us. I’ve heard this term quite a bit recently, and certainly there’s been no shortage of new hardware items that are being onnected to the Internet. The last ten years have seen all sorts of products get IP addresses: mobile phones and cars, along with washing machines and refrigerators. Some have been silly attempts to make a connection to the Internet without a practical problem being solved, but some have been very interesting.

However I think we will truly start to see more and more devices created in the next decade. The advent of cheap hardware (Raspberry Pis and Arduinos as two examples) and the ability to construct new cases and programs (with 3D printing) will lead to many individuals, as well as companies, starting to build their own devices to capture data as sensors, or perform small tasks that we find handy.

Should we care? Yes. Many of these items will produce logs or other status information. Much of this data will be stored in databases. Perhaps in relational platforms like SQL Server, perhaps sampled and queried as a stream with much of the data discarded (using StreamInsight and SQL Server), perhaps stored in some NoSQL type platform (HDInsight/Hadoop, anyone?). For many of us that means more data to manage, new information to develop software against, new patterns to discover with creative queries.

It should also mean more work, probably more employment, and hopefully, more money.

Steve Jones

 

The Voice of the DBA Podcast
Listen to the MP3 Audio ( 1.9MB) podcast or subscribe to the feed at iTunes and Mevio . feed

The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at http://www.everydayjones.com.

Follow

Get every new post delivered to your Inbox.

Join 4,301 other followers