DevOps and Exhibits

Posted on October 6, 2020 by way0utwest

Last month I did a webinar with the ATARC group on DevOps and databases. I was on a panel with a few government employees talking about the COVID-19 pandemic and how this may have changed work inside the US government.

One of the panelists is a full stack developer for the Smithsonian. Ravyn Manuel talked a bit about her work in trying to build new exhibits for the African American History and Culture Museum, which will look to open up soon. Many of the exhibits in the museum were built to be interactive and touch capable. With the COVID-19 pandemic, they need to revisit their approach, finding ways to avoid having visitors touch shared surfaces.

There was an article after the webinar that included a bit more information. The idea for the immediate future was to use a visitor’s mobile device with QR codes or Augmented Reality apps that engage and excite people. It’s a great challenge, and as Ravyn notes, it’s an exciting time for DevOps and developers.

I think that’s one of the things that DevOps is supposed to produce. Some experimentation, and along with it, the excitement that comes from meeting and conquering challenges. Rather than big projects, we try smaller things, and adapt as they work, or don’t.

DevOps is helping many organizations reinvent how they perform software development. Many of the techniques are the ones some of us have been using for years, but the focus on the term has helped lots of managers rethink their processes. I’d urge you to look at DevOps ideas, but be sure you include the database. It’s an important part of the DevOps process.

Steve Jones

Listen to the podcast at Libsyn, Stitcher or iTunes.

Posted in Editorial | Tagged | Comments Off on DevOps and Exhibits

Daily Coping 6 Oct 2020

Posted on October 6, 2020 by way0utwest

I started to add a daily coping tip to the SQLServerCentral newsletter and to the Community Circle, which is helping me deal with the issues in the world. I’m adding my responses for each day here.

Today’s tip is to write down three things you appreciate about yourself today.

  • I am have learned to be a good partner, and continue to do so
  • I work hard to get things done in my life
  • I have been able to make positive impacts to others’ lives

My wife has taught me a lot about being a good partner, and with some fits and starts, I think I’ve learned to be better. That’s critical to me because she’s really the only person in my life that I get to choose and stay with.

I am effective in life, in taking care of my health, in being successful at work, in helping run this ranch, and in coaching kids. I appreciate that I can get those things done.

I also really value the kind notes from people that have been helped by SQLServerCentral, or SQL Saturday, or one of my talks, or because I coached or mentored them.

Posted in Blog | Tagged , , | Comments Off on Daily Coping 6 Oct 2020

A Database Playlist for Your Mom

Posted on October 5, 2020 by way0utwest

Recently someone asked me if I had a video explaining what a database was. I didn’t, but was curious. Apparently, this person wanted to learn a bit about databases as a layman, someone that isn’t technical and doesn’t want to be. They just wanted to understand the terminology.

I was about to record one, but then decided to see what was out there. Turns out, there are lots of them. Here’s a few I sent over:

Beginner Videos:

If you know a bit, then maybe this one would help you differentiate: SQL vs NoSQL or MySQL vs MongoDB

A course on databases, maybe too much for most non technical people, but seemed not to bad of the couple I watched: Database Lesson #1 of 8 – Introduction to Databases

Posted in Blog | Tagged , | 1 Comment

Detecting Logins

Posted on October 5, 2020 by way0utwest

Do you have a login on any of your SQL Server instances that is named “default”? If you do, you might have an issue with the MrbMiner malware that has infected a number of SQL Server instances. This adds a login with the name of default and the password of “@fg125kjnhn987.”.

Stop and double check your instances now. If you use SQL Monitor, you can also add this custom metric to your alerts to look for this on an ongoing basis.

I don’t know this is a SQL Server problem. It’s really a user/administrator issue. This works by looking for weak passwords, which is always a problem. It’s also an issue if you have an exposed SQL Server connected directly to the Internet. Shodan shows lots of SQL Servers on the Internet, and if you own any, you might be sure you have *very* strong passwords.

Or remove them from public Internet access.

While this is easy to detect, what if the login were stevejones? Can you detect if logins are added to your SQL Server. Sure you can, but would you really notice something strange? On my instances, where I add all logins, I would. In many organizations where I’ve worked, more than one person added logins, and logins could be added on a regular basis. Often these are associated with tickets in some system, like Jira, but even if they are, would you know an extra one got added?
I bet most people wouldn’t notice, especially across their estate and with a team of administrators.

That’s a problem, and it’s one where we ought to perhaps have good controls in place. There are a few places I know where every change is submitted to a pipeline of sorts, meaning that everything is logged, and given the integration with release management tools and ticketing systems, things could be audited. Maybe more importantly, approved logins could be added to a list that might be compared with the actual list on a server.

Possible, but not necessarily simple to implement or get right. Maybe the low tech solution I’d use is a daily report that included changes from the previous day. All administrators could check it to be sure any new logins were added by one of them.

You should know how to secure your SQL Server. Implement strong controls, and be sure that you periodically audit for anything unusual. At the very least, ensure you have monitoring so that any unusual or strange activity might be detected.

Steve Jones

Listen to the podcast at Libsyn, Stitcher or iTunes.

Posted in Editorial | Tagged | Comments Off on Detecting Logins