Daily Coping 17 Dec 2021

Posted on December 17, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Today’s tip is to share a happy memory or inspiring thought with a loved one.

I did two. I was looking for a photo and ran across an old one in the Google Photos spotlight. From 4 or 5 years ago when my wife and I went to Steamboat Springs. I saved and sent the photo to her.

The other was in my daughter’s room. She’s been gone since early August and I am watering her plants. I saw a quote she’d written on a bookcase in her room to inspire her. I snapped a photo and sent it to her.

Posted in Blog | Comments Off on Daily Coping 17 Dec 2021

Daily Coping 16 Dec 2021

Posted on December 16, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Today’s tip is to see how many different people you can smile at today.

I’m writing this a bit before, but I saw this item, so I started to track the list:

  • Guy at the ATV shop
  • Two people at the tire shop, as I walked by and stopped to say hi.
  • Repairman that came to the house
  • Receptionist at the gmy
  • Three random people I saw while working out.
  • Gas station attendant (no gas, just a soda Winking smile )
  • parent and receptionist at the volleyball gym
  • Team and coaches practicing before us (13)
  • My team (10).
  • My son

Not a bad list for one day.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 16 Dec 2021

No-so-smart Contracts

Posted on December 15, 2021 by way0utwest

Perhaps the best quote I’ve seen in a long time: “These kinds of attacks are common in smart contracts because many developers do not put in the legwork to define security properties for their code…” I’m sure that this would apply to many kinds of software, not just smart contracts.

This is from an article on a hacker that stole money by altering a smart contract. In this case, tokens used to replace parts of the contract overwrote other tokens, which allowed a smart hacker to change prices and make more money. Or steal it, with a contract change, I don’t know that theft is actually the correct term.

The wider issue here is poor developer practices, and really, not listening to the results of security audits and making changes in code. Maybe they listened to the audits and hadn’t completed the work. There were some critical issues, and some remediation, but not enough in this case.

Building security into software is hard. The threat landscape changes and hackers are incredibly creative. It is hard for developers to keep up, but it is important, especially where there are finances involved. There are tools to perform security assessments and automated pen-testing. Everyone ought to use these, and more importantly, management should take security more seriously. If they don’t, they deserve some sort of penalty.

The problem for many of us is that we can raise issues, but we are powerless to do anything. We can change jobs, but that’s not practical all the time. We can continue to raise awareness, but that can be detrimental to our careers. After all, management will get tired of us repeating ourselves at some point.

Mostly what we get to do is worry. We worry that the company will get penalized, which can affect our employment. We can worry that management will blame us for an issue they didn’t allow us to fix or give us the tools to detect. We can worry management will blame us for not knowing about an issue as well.

I believe we ought to have more focus on security, but I’m not sure what that means or how to achieve this in a practical sense. I don’t even know how we’re set up regulations and penalties for such a complex situation.

Mostly I’m just sad for the state of software security.

Steve Jones

Listen to the podcast at Libsyn, Stitcher, Spotify, or iTunes.

Posted in Editorial | Tagged , | Comments Off on No-so-smart Contracts

Daily Coping 15 Dec 2021

Posted on December 15, 2021 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here. All my coping tips are under this tag.

Today’s tip is to buy an extra item and donate it to a local food bank.

I used to volunteer and get items for the Elizabeth food bank. These days I’m mostly in Parker as part of my life, so I’m going to start making regular donations there. I went to the site, got their list of items needed, and will be purchasing some of these to drop off.

Lots of these are kid related items, and I hate to think about kids struggling, so I’m focusing my efforts there.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 15 Dec 2021