In Memory of Andrew Clarke, AKA Phil Factor

Posted on September 15, 2025 by way0utwest

One of the parts of getting older that really sucks is I seem to attend more funerals than weddings. It’s a sad fact of file, and this was one of the reasons Andy Warren and I created SQL Memorial, to keep those we’ve known close to our hearts.

In a few internal posts, and a few external ones, I keep seeing this picture:

2025-09_0317

It’s one I took in 2016 with a selfie stick I’d gotten just before my trip to Redgate. There are a lot of familiar faces in here, but this was the content team at that time with myself, Grant, Tony (far right) and Andrew somehow in the center.

This is a memorable picture and likely taken after lunch when Tony, Andrew, and I had visited a pub somewhere in the Cambridge area. I will treasure those memories of us sitting together, chatting about various work or non-work topics and enjoying a break from the office. Those chaps were some of the few that would have a pint at lunch, and I was pleased to be invited along.

My most fond memory of Andrew was on one of the Redgate outings, where we’d taken the entire Marketing department out for a day. I happened to be in Cambridge and we visited a small printing museum in a little town, we had to draw a self portrait, and here’s my incredibly poor effort:

2025-09_0318

The thing that struck me from that day was how Andrew was quite the Renaissance man. He was interested in everything, how technology worked, including the old printing presses. He delved into how books used to be produced and could give me an education of some of the historical aspects of both how to bind a book as well as the history of some famous books from ancient times.

Perhaps one of the more interesting things we discussed was life in the country. Andrew had a small farm where he raised some crops and animals. He had an old water wheel he was refurbishing that would either produce power to grind crops into flour, or it would be retrofitted to produce electricity. He explained to me how this horizontal wheel in the river would be placed to capture energy.

Over the years we had many chances to discuss various topics. He even came to PASS a few times, one of which I captured below. That’s Andrew on the left.

 

2025-09_0315

Of course, there’s never enough time with friends. Andrew lived an amazing and long life, but it sadly ended before any of us who knew him expected it.

I feel lucky that I had the moments and memories with Andrew that I did.

Posted in Blog | Tagged , , | 4 Comments

The Security of Old Tech

Posted on September 12, 2025 by way0utwest

There has been a lot of news about air traffic problems in the US in 2025. I haven’t had any delays due to this, though I’ve gotten a few messages in my travels that I might want to reschedule. There was an article that some of the technology still used in various facilities is old and needs upgrading. Old as in Windows 95 and floppy disks.

That’s old, but obviously it still works. Even with the various accounts of problems, almost every day thousands of flights are managed successfully by the people who run these systems. They’re not alone, as the article also points out that some other transit systems make do with technology that most of us would never think of using for any system.

In early 2024, Microsoft was attacked by Midnight Blizzard, a nation-state threat actor that successfully infiltrated a test system and gained access to many other systems inside the Microsoft network. The initial attack was via a password spray attack (guessing multiple passwords), targeting an admin account on a test system that lacked MFA and robust monitoring.

The trouble with air traffic controllers and the Microsoft attack are two disparate events, but they both highlight that there is a lot of older technology in use, even in places like Microsoft, a supposedly cutting-edge company. I’m sure many of you have some older systems inside your organization, hopefully not running Windows 95 or SQL Server 2000, but I routinely run into SQL Server 2008 inside customers.

There have been a lot of changes since the year 2000 with regards to security inside of computer systems. Many software packages have upgraded their security features and configuration in the last 20-plus years to become more robust. These days it seems that most of the software I use requires some sort of authentication besides a password, with lockouts and limits to prevent hackers from easily accessing systems.

This isn’t to say that newer technology is fool-proof, but it is more difficult for most hackers, especially the script-kiddies who copy exploit code from others, to break in. A lot of attacks can be prevented by simple changes that limit the ability of malicious users from experimenting over and over with your systems, looking for vulnerabilities.

However, quite a few of those security changes require newer versions. Older technology often works and works well. We feel comfortable with it, and if it’s not broken, why fix (or change) it?

I expect a database server to run for 10 years, as it can be hard to find time to constantly upgrade instances. That being said, a ten year old system would be one running SQL Server 2016. Anything older should already be upgraded, with plans to move your 2016 servers to something newer in the next year.

Take advantage of newer technology where you can, and ensure you are patched against known vulnerabilities. If you can’t upgrade, then you should secure those systems as tightly as you can, ensure no accounts on them are privileged on other systems, and monitor them constantly for potential issues. Otherwise, I’m not sure you’re doing a professional job of managing those servers.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 1 Comment

A New Word: Anderance

Posted on September 12, 2025 by way0utwest

anderance – n. the awareness that your partner perceives the relationship from a totally different angle than you – spending years looking at a different face across the table, listening for cues in a different voice = an odd reminder that no matter how much you have in common, you’re still in love with different people.

I often think of anderance since I spend a lot of time with my wife, in daily life, traveling, communicating with phones. I sometimes wonder why she sees things in my differently than I do. Maybe she sees more or less, maybe she has a different view of me than I do.

I realize that who I think I am, and who she thinks I am are a bit different. Not a lot, but a bit.

Probably the same for her.

It’s been 30 years, and it’s still amazing. And I still learn things about her, about me, and about us.

From the Dictionary of Obscure Sorrows

Posted in Blog | Tagged , | Comments Off on A New Word: Anderance

Password Guidance

Posted on September 10, 2025 by way0utwest

I remember working at a large organization with a team of other IT Operations staffers. We rotated this one job every month amongst a few people, each taking turns, where we’d lose a day to update all the privileged passwords for our servers. This was before Managed Service Accounts and the cloud, when we were required to change these every 30 days and then store the new ones in an encrypted store.

What struck me when I got stuck with this wasn’t the requirement to change every 30 days; that seemed normal. The thing that bothered me was how manual this was. As a former developer, I wrote some scripts to automated this, pre-PowerShell, and make the task easier on my fellow sys admins. I had scripts to generate a password, change it in AD, then print the pwd to be copied into our secure storage (no API there). This ran in a loop so I didn’t lose a whole day to changing password.

These days, we have lots of alternatives to managing passwords, and in fact, much of modern guidance isn’t to require password changes so often. For systems, use an automated process such as an MSA or GMSA. For users, we’ve mostly given up on changes and are trying to get people to use decently long passwords and disparate ones across services.

Modern guidance from Microsoft says to avoid using common passwords (asdfasdf, password1, ec.) and don’t use the same password in multiple places. MFA is also recommended, but the anti-patterns for success are requiring long, complex passwords or frequent changes. Studies show these lead to less security because users do stupid things.

These days, I would guess many of you managing database systems use some sort of integrated security with AD, Entra, OAuth, etc. However, I know there are still places where passwords are in use. Do you require changes often? Do you change any of your passwords regularly?

Security is always hard, and it’s even harder when the recommendations and rules aren’t consistent or even enforced. I don’t know what to do, but I try to use disparate, long passwords and MFA wherever I can. So far that’s worked well.

Steve Jones

Listen to the podcast at Libsyn, Spotify, or iTunes.

Note, podcasts are only available for a limited time online.

Posted in Editorial | Tagged | 3 Comments