Planning 2022

Posted on December 22, 2021 by way0utwest

It is already looking like a more normal year for me in 2022. I was just accepted for DataGrillen 2022, which posted the schedule this week. As I added that to my list of events, I noticed that I already have a few things up there:

  • March 2-4 – Visual Studio Live, Las Vegas
  • March 9-12 – SQL Bits, London
  • May 14 – SQL Saturday Jacksonville, Jacksonville, USA
  • May 23-25 – Technorama, Antwerp
  • Jun 2-3 – DataGrillen, Germany somewhere

I’ve also got trips planned to these places for volleyball as a coach, so it will be a busy H1 for me:

  • Las Vegas
  • Chicago
  • Reno

I know more things will come, and I’m looking to submit to a few new events. There are also a few people planning SQL Saturdays, so I’m hoping that there will be more live events in 2022.

I know the world feels shaky, but I’m confident. I get my booster tomorrow, and many people feel as like as I do. The goal of vaccination is to get back to doing the things we love, and I’m looking forward to doing so.

Posted in Blog | Tagged | Comments Off on Planning 2022

Daily Coping 22 Dec 2021

Posted on December 22, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Today’s tip is to ask for help and let someone else discover the job of giving.

This. Is. Hard.

It’s hard for me to ask people for help. Instead, I tend to tackle and only engage in things I can do myself. Probably some childhood events made me this way, and I understand it’s both good and bad.

I actually decided to do this recently. I needed to drop off a car for service. I could have just dropped it off, walked somewhere to work/eat lunch, and then returned over. It’s inconvenient, and I might be stuck somewhere. I also might have to move if the place is busy.

Instead, I asked my son to follow me down and then bring me back. I had to do the reverse the next day, but needed to go relatively early before some meetings. He was happy to help, and likely it was harder for me than him.

Posted in Blog | Tagged , , | 1 Comment

Daily 21 Dec 2021

Posted on December 21, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Today’s tip is to give thanks, list the kind things others have done for you.

I am very thankful for my life, especially with where I am today. I tend to do many things for myself, but here are a few things people have done for me in the last week:

  • cooked for me
  • brought me something I forgot
  • bought me a drink
  • thanked me for doing my job
  • sent a kind note after I finished something
  • praised a piece of work
  • did a favor I asked
  • thanked me for cooking

There are more, but I am finding myself taking note more often when someone does something kind, rather than dismissing or accepting it as something I’d do.

Instead, I’m learning to feel gratitude for little things.

Posted in Blog | Tagged , , | Comments Off on Daily 21 Dec 2021

The Challenge of Edge Security

Posted on December 20, 2021 by way0utwest

We know that our organizations will adopt and use more devices over time. Given the growth of cheap computing, frameworks for managing devices, and the desire for more data, I expect some of those devices will collect data, or even contain databases. Azure SQL Edge use is growing, and we will see more devices that contain it (or another database platform), which means we have a larger attack surface area for that data.

There was a recent report on a vulnerability in edge devices used by AT&T that was detected as part of an attack. The attack used a known vulnerability based on default credentials. The vulnerability was fixed, but the patch required manual work. From various reports, it is unclear whether devices have been patched. It’s also unclear if customer data was accessed. Here is one such report, but there are others, all with similar information.

When developers build something, whether a device or just software, we often set up easy ways for us to access the system to test features and functionality. Certainly when software is deployed to users, there is often a default credential that is supplied. I don’t know if this is good or bad, and if the management of random credentials for each device might result in better or worse security. Strong passwords might lull customers into feeling that they don’t need to change anything.

I do think that the installation of any software ought to require a strong password. Once one is entered, and defaults ought to be permanently removed or changed. Leaving around defaults for maintenance or ease of updates is a sure way to get hacked. If we’ve learned anything in the age of computing it ought to be that anything you deploy in the wild will be taken apart and analyzed by someone. Hard-coded values or default accounts will become known.

The bigger problem might be that patching is still a problem and even more of a problem when it’s not easy. I know that the SQL Server update system is fairly easy, but not dead simple. Many people still don’t apply patches. Heck, even when updates are built into something like Windows, people try to avoid patching their systems.

For those of us that work with databases, we may or may not control the update process. We can, however, ensure that those that do are aware of when patches are available, how far behind the system is, and where to get the patch. That information, and a little pressure, will become increasingly important as we deploy and work with data on more edge devices.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes.

Posted in Editorial | Tagged | Comments Off on The Challenge of Edge Security