Daily Coping 14 Oct 2022

Posted on October 14, 2022 by way0utwest

Today’s coping tip is to look for the good in people around you today.

I’m working remotely today in New York. I flew up last night to be with my daughter, and it’s my 19th trip of the year. Yes, I spend a lot of time in airports.

Travel has been more of a hassle this year because of staffing and schedules. It has gotten better for me over time, but things still seem to take longer than in 2019.

Many businesses inside airports are busy. Not enough staff and lots of customers. Sometimes not enough supplies. However, I think most people are doing the best they can. I have learned to assume employees are trying to help and think they are making their best effort.

I also find lots of people are understanding and tolerant of delays and supply issues. The process can be annoying, but it seems to me the relatively rare person that isn’t acting “good” overall.

I started to add a daily coping tip to the SQL Server Central newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 14 Oct 2022

Daily Coping 13 Oct 2022

Posted on October 13, 2022 by way0utwest

Today’s coping tip is to remind yourself that things can change for the better.

It can be easy to get upset/sad/depressed/angry/etc. about the way something is in the world. Whether personal to you at home or work, or perhaps with the general state of the world. I know the latter affects a lot of people these days with the crazy way mainstream and social media latch onto certain issues.

I have usually been an optimist, and I believe in the human spirit. I also think I can often influence how things go for me with hard work and effort. I say that because I’ve been able to do that in the past.

It’s a good reminder to me to stop and think about this. I know that my schedule sometimes creates stress and concerns for me, but when I stop and think about the things I’ve learned to do to help cope, the success I’ve had in catching up with work, and the way I have started to more mindfully build a schedule, I know things get better, even when they’re hard.

I started to add a daily coping tip to the SQL Server Central newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 13 Oct 2022

Code Supply Chain Security

Posted on October 12, 2022 by way0utwest

There have been a number of attacks in the last few years on source code. In fact, I saw a new one this week for an e-commerce WordPress plugin. This time hackers got access to the distribution server for the company, Fishpig, and altered the plug-ins that their customers download.

A few years ago this was big news, with the SolarWinds exploit. There was also an attack on PyPy, a popular Python package that many people include in their code.  There have been no shortages of problems in npm packages as well. I’m sure this has happened in other software packages, which is scary. In the days of DevOps where we publish code from a repository, an exploit against your developers might go unnoticed. Then again, maybe not.

Would any of us notice new code in a file share or a folder on our system? We might just compile a large project without realizing it. At least with DevOps, we have the opportunity to include security scans and code analysis checks, some of which could look for known patterns of exploits. I know some companies use these, and often compromised or vulnerable packages are stopped by the automated pipelines.

In the US, various security agencies have released a set of recommendations, as has the Open Source Security Foundation. Both of these are designed to help developers secure their supply chain against attacks. This is likely going to be a continuous problem for software vendors in the future as it’s much easier to attack one vendor whose software many people use than each individual company. I shudder to think about what happens if someone manages to get a ransomware package into a vendor’s codebase.

Ultimately, there will still be problems. Many new projects begin with poor practices precisely because they’re experiments and the authors don’t know if others will find the software valuable.  While we can have good templates and security controls, I’m not hopeful. To me, the best solution for stopping code is to have patterns detectable by security checks in the pipeline. Checks that can be expanded and enhanced as new issues are determined.

Of course, that means the makers of security software need to ensure their supply chain is protected as well.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes.

Posted in Editorial | Tagged , | Comments Off on Code Supply Chain Security

Daily Coping 12 Oct 2022

Posted on October 12, 2022 by way0utwest

Today’s coping tip is to start your day with the most important thing on your to-do list.

I’m writing this on 11 Oct. The most important thing today is the Redgate keynote for PASS, where I have a few sections. We have a prep meeting this morning, so I’m up early, reviewing notes and comments from others so we can discuss this and try to finalize the storyboard.

The rest of the day will be going back over this and then (hopefully) recording my session for the Summit.

I started to add a daily coping tip to the SQL Server Central newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 12 Oct 2022