Bad Culture Bad Security

Posted on October 23, 2023 by way0utwest

I ran across a blog noting that Cisco has a vulnerability in a new product. The blog also lists two (one, two) articles showing that Cisco has had hard-coded credentials in the past. I understand that many times a known process is repeated, essentially copy-pasted between people, and we have similar issues as we have had in the past. However, in 2022 or 2023, it’s unacceptable to hard-code credentials in digital systems that will be used in today’s world.

What’s worse than having this issue is stating that the fix is “an upgrade”. Their verbiage for those without a service contract is: “Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.” Which, to me, is not only bad for the world, but it’s equivalent to the stuff that bulls leave behind in the fields.

I suspect that this product and software were based on something that already exists, and it was rushed out without a good security evaluation. Or perhaps there are developers and managers who don’t think that hard-coding credentials will compromise security.

That’s a cultural problem. Either you’re going too fast, or you don’t take this seriously, either way, you don’t have a good culture that values quality and protection. Certainly, their disclaimer about needing valid contracts or proving you have a device to get a security patch for a flaw they built is also a sign of a poor culture that doesn’t really understand the problems they are creating, nor are they taking responsibility for the issues.

At the very least, fixing their poor security ought to be free and easy. I get that there are likely some software upgrades included in this patch, given the nature of software development and limited branches under support. However, there are other ways to ensure those features aren’t enabled for customers who shouldn’t have them. Making the entire world of computer network infrastructure less secure because you want customers to pay for your mistakes isn’t a model I’d want to adapt.

I know many people don’t want more regulation or guidelines from governments (or even from insurance), but if I were going to accept some universal restriction, this would be the place. If you use hard-coded passwords, your product can’t be sold and no insurance claims apply if you are sued.

Maybe that would change the way Cisco and others build software.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Posted in Editorial | Tagged , , | Comments Off on Bad Culture Bad Security

The Year in Travel

Posted on October 20, 2023 by way0utwest

Here’s my year, which is pre-populated with a couple more trips coming up in November. Those should be all, as I’ve declined to go back to the UK in December and am hoping to lay low a bit. These are the trips I’ve taken, plotted against distance from home.

2023-09-29 14_50_29-TravelReport - Power BI Desktop

A lot of similar trips. I had repeats that were:

  • London – 3 times
  • Las Vegas – 3 times
  • Chicago – 3 times
  • Austin – 3 times
  • Boston – 2 times
  • Syracuse – 2 times
  • Florida – 3 times (JAX, Orlando, Miami)
  • St Louis – 2 times
  • Dallas – 2 times

The big trip was Alaska, which was my wife’s 50th state. I think it was 46 or so for me. I know I’m missing Maine, Arkansas, Iowa, probably one more I can’t think of right now. I’ve spent the night in all other states.

I have (I think) a total of 30 airplane trips away from Denver. The actual flights are more like 70 with some connections. I spent 100 nights away from home, though some of those were in the mountains or camping. Or in airplanes. I probably spent 3 nights on airplanes this year.

That’s a lot. A long year for me, and I’m likely to avoid some travel until March or April, so hopefully I can recharge over the winter and relax at home.

Posted in Blog | Tagged , | 1 Comment

Declining Work for Mental Health

Posted on October 20, 2023 by way0utwest

This year has been a busy one for me. I had 30 trips on airplanes away from home and around 100 nights not in my own bed. It’s been quite a year, and a little overloaded. There have been a few months were I traveled little, but more than a few where I was gone more than I was home. I spent 19 nights away from home in September.

A few weeks back, I realized that I had another long trip coming up in October (9 days) and the PASS Data Community Summit in November. My body is a little worn out, but my mind is also distracted and struggling to focus. I recognized the beginnings of burnout when I realized that I was slightly dreading the Summit trip. While I want to see friends and catch up, I wasn’t looking for a long trip.

On the spur of the moment, actually while sitting in an airport and waiting for a flight, I sent a note to the SQL Saturday Oregon organizers asking them to withdraw my speaking submission and not select me. I felt bad for doing so as I try not to create work for others or submit to events without the intention to go, but the extra 2 days in Seattle would make lift hard, and I thought this was the best choice for my mental health. I also chatted with my boss a bit about some work opportunities that were coming up and decided to decline a few other things, as well as skip conference submissions in Q1 2024.

I’m not burned out, but I do recognize that I’m overloading my body a bit. Physically it’s a bit worn out and I can see that in my frequency and effort at the gym. Mentally I’m slightly dropping the ball on a few things, working slower than I often do because I find myself slightly distracted and looking for more breaks.

One of the big learnings for me over the pandemic was that I need to ensure I take care of myself and treat myself as I’d treat someone else in similar circumstances. I’ve had coworkers and friends struggle at times in life, where I’ve made an effort to work more and help them work less. I need to remember that for myself and ensure I can lean on others where needed. Redgate is an amazing employer and everyone is willing to flex with each other to ensure work gets re-distributed or we move deadlines. My manager and I have discussed this, and we are monitoring my workload moving forward in our regular meetings.

One of the best things I’ve learned over the years is to say no. I say no a lot to various queries on my time. Often when I feel I can’t deliver on time. This year I was looking forward to these opportunities, perhaps a bit too much, and ran myself down a bit with over-excitement. I recognized that and made an effort to take steps to help myself before I burned out or started missing commitments.

The last month (and half of the next one) has been a bit rough, but I’ve mentally prepared myself for the work, and seeing relief coming in a couple of weeks is helpful. I’ve learned a bit more about myself this year, especially in relation to my slightly changing job and hopefully, I’ll do a better job managing myself next year (or my boss will).

Learning to balance work and life is important. Remembering that life, family, friends, hobbies, faith, etc. are more valuable than work, and we need to ensure we don’t overwork ourselves makes us better employees and better people. Any of us can get overloaded in the short term, but don’t let that become an accepted part of your life. Your employer may push, but learn to push back and protect your physical and mental health.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Posted in Editorial | Tagged , | Comments Off on Declining Work for Mental Health

A New Word: Gobo

Posted on October 20, 2023 by way0utwest

gobo – n.  the delerium of having spent all day in an aesthetic frame of mind, taking photos across the city, getting lost in an art museum – which infuses the world with an aura of meaning, until every crack in the wall becomes a commitment to naturalism, and every rainbow swirling in a puddle feels like a choice.

I wish I could get lost in an art museum, but it’s not my thing. I can enjoy them for a bit, and I like having various Van Gogh paintings as a part of my wallpaper, but only for a bit. I do, however, enjoy spending a few hours wandering a city, taking pictures, and enjoying the world for what it is. My wife and I do this more often than hitting tourist attractions when we travel. Instead enjoying life in another place as it exists during a normal day for many others.

I do try to stop and enjoy the world I see, big things and small, as I go through life. I rarely spend all day doing anything, but I do enjoy the moments when I can.

From the Dictionary of Obscure Sorrows

Posted in Blog | Tagged , | Comments Off on A New Word: Gobo