Daily Coping 20 Jan 2021

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag. 

Today’s tip is to switch off your tech 2 hours before bedtime.

I try to get away from my computer after work. I am lucky in that I have a separate office and PC. I typically don’t use a computer after hours, and I try not to use my phone too much at night. I do read on it, which I don’t count as “tech”, and have gotten better at not switching to check other things.

I decided recently to skip reading and instead, just put my phone on the charger and ignore it. My wife and I do watch some TV at night, but I took time to instead hang out, play some cards, play some guitar, and relax without any digital anything.

It was a nice break. Something I should do more often.

Posted in Blog | Tagged , , | Leave a comment

Daily Coping 19 Jan 2021

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag. 

Today’s tip is to get moving. Do something physically active (ideally outdoors).

I am going to get active today. I’m taking a couple days off with my wife and heading to the mountains to ski. I went for the first time last week with a friend, and this will be my first time with my wife. We’re driving up early and will spend a couple days enjoying the outdoors, getting some exercise, and taking a break from life.

I hope you find a way to do something similar soon.

Posted in Blog | Tagged , , | Leave a comment

Renaming Files by Padding Numbers with PowerShell

Some time ago I had downloaded all the SQL Saturday XML files. I’ve been meaning to flatten those into a database, but that project keeps getting away from me. And now it’s become an archive task.

In any case, I’ve been looking to work with Jekyll and get a list of events. There is one at SQLSatHistory.com, but I’m going to try and do a bit more than a simple list. In any case, I have found a small issue: my files were named SQLSat1,xml, SQLSat2.xml, etc.

That’s not a big problem, but it results in my archive looking like:

  • SQL Saturday #1 – Orlando
  • SQL Saturday #100 – Brazil
  • SQL Saturday #101 – Kansas City
  • etc.

The file names are strings, and in alpha sorting, 100 comes before 2. That’s not critical, but it’s not what I want, and I would like something that’s a bit better and easier to follow.

The easiest way to do this is to rename the files. I have some data in the files, and I have those being parsed, so if I can rename the files, I can get the events generated in an orderly fashion.

PowerShell has a Rename-Item cmdlet, which will work, but what new name? I need to parse out the filename and then come up with a new one. Likely there are better methods, but this worked quickly for me to rename some files.

The Process

My thought in doing this was first to extract out the number and then check the length. From there, I can assemble a new string. Instead, as I was starting, I thought of a better way. I decided to remove everything but the number.

There is a replace method for strings. As In, I can do this:

$EventNumber = $XmlFile.Name -replace 'SQLSat', ''

This will take away the string before the number, and results in file names going from:

  • SQLSat1.xml
  • SQLSat2.xml
  • SQLSat3.xml

to

  • 1.xml
  • 2.xml
  • 3.xml

I repeated that and removed the .xml as well, which gave me each event’s number. From here, I found a cool trick on Stack Overflow to do this. The PadLeft method is used

 % PadLeft 4 '0'

I use 4 as a padding factor. This results in giving me what I want, and when I concatenate this, I get the file names I want.

$NewFile = "SQLSat" + $EventNumber + ".xml"

From there, a simple call to Rename-Item with each file resulted in an orderly list of events.

2021-01-07 13_21_43-xml

Posted in Blog | Tagged , | 2 Comments

Default Credentials

Years ago I got a call to help someone with a database. I walked over to their desk (when this was possible) and sat down. They asked me how they could get into a database they had been told about. I quickly realized this was an Oracle database and asked for credentials for SQL*Plus. This person didn’t have any, but I was able to log in with SYSTEM and MANAGER. This was a small department system of some sort, but it always struck me that the default credentials were available. Since then, every time I’ve encountered an Oracle database, I’ve tried those credentials. I’ve been amazed how often they worked, even for production systems.

Recently there was a report that the Nissan corporation had some of their source code leaked. While I would prefer that the code running inside cars was open and widely examined, I was more dismayed that the leak was from an internal Git server with default credentials. Maybe even worse is the defaults are admin and admin, something that might not be hard to guess.

I understand people make mistakes, and I do get that there are pressures people feel to get work done, but there isn’t a good excuse to stand up any server in production with default credentials, and I’d argue a VCS server is production. Even if you didn’t install the server and were just moving it to a new role, or you take over administration, you can’t leave default credentials around. You certainly can’t accept “admin” as a password in 2021.

To me, this is grounds for termination. If nothing else, it’s certainly a reason to remove someone from a privileged position. Being this lax with security would worry me, and I don’t know that I could trust that you’d been careful with other parts of your job. If I encountered this, I would request that every other system under management be audited for improper admin accounts.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes.

Posted in Editorial | Tagged | Leave a comment