About Greg Moore

Founder and owner of Green Mountain Software, a consulting firm based in the Capital District of New York focusing on SQL Server. Lately I've been doing as much programming as I have DBA work so am learning a lot more about C# and VB.Net than I knew a couple of years ago. When I'm not in front of a computer or with my family I'm often out caving or teaching cave rescue skills.

Social Deconstruction II

In a previous post, Social Deconstruction I reflected on a barrier that had been put up on a Thursday, and by Sunday, completely bypassed. I had recent cause to revisit that area again recently and

Barrier bypassed

Barrier bypassed

as you can see, an actual, real gate has been put into the fence. The power of the crowd basically overruled the original intent of the landowner.

Of course, this could have been done from day one.

This is true in the IT world. How often has the security department come and said, “we’re implementing this new security policy” with little input from actual users and are surprised when users get frustrated and try to bypass the new security feature.  I had this happen at a client of mine. In the case of the fence above, people bypassed the security the fence builders wanted (presumably to reduce liability), and by doing so, increased their chance of getting hurt (and ironically, presumably increasing liability).

One of the security features that I think annoys most of us are passwords, or more accurately arcane password requirements. For example, some systems require a certain amount of complexity, but don’t necessarily tell you what the rules for complexity actually are! Yes, I’ve had that happen. Turns out they required special characters, but, only a specific subset of special characters and the ones I tried weren’t on that subset.

Now a minimum password length, makes sense. A one character password can be cracked by anyone. But, what about short maximum password lengths? Yes, perhaps that was a good idea when memory and storage were scarce (ok even then, not a great idea) but not so much these days. Yet, I know at least one system where your password has to be between 8 and 14 characters.

Another annoyance is the “must change every N days” where often N is something like 90 (though I’ve seen even lower). What does this mean? Folks end up with passwords like: Secur3Passwrd$1, Secur3Passwrd$2, Secur3Passwrd$3, etc.

Truth is, many of the so called password rules, actually encourage us to create lousy password, and so we repeat stuff, or write it down or take other steps that make it easier for to use them, but also as a byproduct weaken passwords.

The National Institute of Standards and Technology recently released an updated set of guidelines: NIST 800-63B that discuss good password requirements (note I have NOT read the entire document, just large portions of it).  Spycloud has a decent review here: New NIST Guidelines Acknowledge We’re Only Human. I’m not going to recap the recap here, but I will add what I generally do:

  1. I use a password manager. You can read reviews for finding one that best meets your needs. Personally, I use one that does NOT have storage on the cloud. While in theory they’re encrypted and secure, I get paranoid. (Yes, I do recognize if someone compromises my desktop, they can get access to my local password manager. But on the other hand, if they get access to my desktop, they can probably just install a keyboard logger and I’m hosed anyway.)
  2. I use a different password, automatically created by the above password manager for nearly every site of system I log into.  This ends up meeting most (but not all) of the NIST suggestions (they’re certainly NOT easy to remember, but they don’t have dictionary words, can be as long as I need, most likely are NOT in a previous breech, etc.)

Note, I said most, not all. There’s a few places I used passwords I can remember. These are systems I interact with on a daily or near daily basis, such as my desktop, AND the password manager itself. There would be no point to have a password manager if I couldn’t log into it, or if the password were so simple anyone could guess it.

So, I make sure these passwords are easy to remember, but extremely hard to guess. (For example, they do NOT include the name of my first dog, my mother’s maiden name, etc.)

In conclusion, if you’re in charge of security, make it usable, or else people WILL try to bypass it, simply to get the job done. And, remember, you’re always in charge of your own security, so make it usable, but secure.

 

 

 

Age Impostor Syndrome

This past weekend I was at another successful SQL Saturday. It was, as always, great to see so many of my fellow speakers and friends.

I was perhaps a bit more nervous than usual for this SQL Saturday because I was giving a new technical talk and my demo wasn’t working like I wanted and I hadn’t done as many run-thrus as I like to do.  But it was well received and people seemed to really like it. (For those interested, it was a demo of running SQL Server for under $200, including licensing and hardware!)

During a conversation this weekend I used the expression that I might grow old, but I don’t have to grow up. But I’ve realized it’s more complicated than that.

  • In the past week I’ve completed my 51st orbit of the Sun while still breathing
  • I’m preparing to cook dinner for a bunch of college students this weekend
  • I’ve been working with two recent college graduates on a couple of projects
  • I’m consulting on a new project and using my years of experience to guide it in the right direction
  • My son is completing his first semester at college and coming home this week
  • Apparently received praise (this is second hand) for work I’ve done in a volunteer community

Physically at times I sometimes feel my age, and there certain facts that suggest I really as old as I am; but mentally, I often actually forget I’m as old as I am. I wonder, “why do folks think so highly of me, I’m just a young kid trying to figure my way out in the world.”  Then I realize, I’m not that young kid at his first programming job, trying to figure out how to create a make file.  I’m a middle-aged man who has decades of experience in my various fields of expertise.  People look to me, the way I look to my mentors because they expect me to have the answers! (And fortunately, they’re actually sometimes right.) Sometimes too I’ll be engaging with people my own age and they treat me as equals and I get excited that they’re treating someone half their age with such respect. Then I remember, “but wait I AM their age.”  Or people half my age act as if they’re looking up to me and I want to say, “but I’m no different than you” but then remember, “Oh wait, I do have that many more years of experience.”

So, there’s still a bit of me thinking I’m an impostor. I really don’t know as much as people seem to think I do.  Or that I’m not as old as I really am. Can one even be an age impostor?  Not really, I mean age is a pretty objective fact. But the truth is, I don’t feel my age, and for that I’m grateful.

I’ll continue getting older, but I simply won’t grow up any faster than I have to.

One final request from this wizened old boy, make sure to subscribe if you haven’t!  And speak a little louder so I can hear you.

 

 

Procrastination

“I’d procrastinate, but I keep putting it off.” It’s an old saw but I think there’s some truth to it, at least for me.

Actually the truth is, when I’m not busy, I tend to procrastinate and things don’t get done. But when I’m busy, I get more done. How many of us say “I perform better under pressure”? I know I do.

The other phrase that comes to mind lately is “When it rain, it pours.” The above two adages seem to be the story of my life lately. This is not necessarily a bad thing.

You see, in the life of a consultant it’s often feast or famine. And some times of the year are often more famine than feast. For example, my largest client goes into a code freeze during the last 2 weeks of the year. Taking this into account, I figured I’d have some downtime and be able to work on some projects around the house.

But then, last week, another client emailed me to ask about my availability. They’re a good client and I enjoy working with them, so I responded right away. Unlike my previous project with them that was just a few hours, this one was a top priority project with a firm deadline and lots of work in a short period of time.

Suddenly, my calendar was more full than I expected.

Then my largest client, during our weekly all-hands call, informed me that a project I had completed, they were probably going to take a completely different tact on, and “oh by the way, we’ve got a strict timeline!”

And then of course today, another client calls in with an issue.

Suddenly my calendar was even more full than I expected.

Oh, and did I mention I have a talk to present at SQL Saturday in DC this weekend? And the hardware I was going to use for it is not working?

Suddenly my schedule was completely topsy-turvy and I’ve had to work harder than ever.  But, since I’m already busy, I’ve actually spent a little extra time on other projects that I had been putting off; like finishing the edits on my second article for Red-Gate’s Simple-Talk and then writing a first pass of my third article for Red-Gate’s Simple-Talk. I probably would have procrastinated on that last one a bit longer if I weren’t busy. I know, sounds backwards, but yes, being busy encouraged me to spend time writing.

Of course sometimes even some schedules have to slip, hence this post being 12 hours later than normally scheduled.

When it rain, it pours.  And right now, that’s a good problem to have.

 

Why the submarine wouldn’t work

I was going through my old drafts and found this post I had started to write earlier this year but never finished.  Actually it appears I meant this to be part of White (K)nights but I cut it out to make that post more readable.

During my media interactions I was asked multiple times to comment on Elon Musk and once or twice on his submarine. I tried to keep my comments fairly neutral, but the truth is, I and some of my fellow trained cave rescuers were pretty bothered by Musk’s attempted involvement. I got into at least one online debate about how the people in charge obviously were clueless and that Musk’s solution of a submarine was a brilliant idea.

It wasn’t and I figured I’d address some of my concerns.  Please note as with all situations like this, I was not directly involved, so I’m going on publicly available facts and my training as a cave rescue person and a cave rescue instructor. I am also not in any way speaking on behalf of the National Cave Rescue Commission or the NSS.

Now let’s discuss the device itself:

  • It almost certainly would not have fit. By all accounts, the tightest pinch was 15″ and hard to navigate. Anyone who has moved through a cave knows that even larger passages can be hard to navigate. Locally we have a cave that has a pinch that’s probably close to 15″, but that is at the bottom of a body sized V-shaped passage. Unless you can bend in the middle, you will not fit through it. A cylinder like Musk designed, would not fit. I don’t know the passages in the Thai cave, but odds are there is more than one passage where flexibility is important.
  • It also, in many ways was superbly dangerous. Once sealed into the tube, there would be no easy way to monitor the patient’s vitals. And if the tube had started to leak (cave environments can be extremely destructive, even to metal objects), there appears there would have been no recourse except to keep swimming and hoping to get to an air filled chamber quickly enough and that was large enough to debug the issue.
  • In addition, if the patients were not sedated, I’d have to imagine that being sealed into such a tube, even with lights for 20-40 minutes at a time would have been sheer terror. As it is, the kids were in fact apparently heavily sedated (a fact that some of us still find a bit surprising, even though very understandable), and yet at least one started to come out of sedation while in a water passage. Without being able to directly monitor the vitals of the patient, who knows what would have happened.
  • There’s probably other issues I could come up with. But let me end with this one. Rarely if ever do you want to beta-test or heck even alpha-test, which is what this would have been, a brand new design in a life or death situation when there are alternatives.

Like our White Knights, we want our brilliant tech solutions, but often we’re better off adapting what we’ve done in the past. In cave rescue we try to teach our students a “bag of tricks” that they can adapt to each particular rescue. Foe example, there is no single rigging solution that will work for every rescue.  How I might rig a drop in Fantastic in Ellison’s might be very different from how I’d rig a drop here in New York.  How I  package a patient for movement here may be different than in a Puerto Rican cave.  And honestly I’ve seen a lot of high-tech equipment get suggested for cave rescue that simply doesn’t work well in a cave environment and we often go back to the simple proven stuff.

I will add a tease, to perhaps a future blog post, of a mock rescue rescue where a high-tech approach failed after several hours of trying, and the low-tech solution solved the problem.

 

 

 

Snow Days

“I sometimes hear a moment before sleep, that I can never remember whether it snowed for six days and six nights when I was twelve or whether it snowed for twelve days and twelve nights when I was six.” – A Child’s Christmas in Wales by Dylan Thomas

As I’m writing this there is snow gently falling from the sky and the ground is covered.

I woke up this morning to the sound of a plow scraping the roads clear.  I got up to check the school closings list, expecting at least a 2 hour delay. Somewhat surprisingly there was none.

But it got me thinking about how the same event can be perceived differently by different people.

As a young kid, many of us loved the idea of a snow day.  We hoped we’d wake up to the soft hush a blanket of snow causes, broken only by the occasional scrape of the snow plow. Perhaps we might hear the sound of wheels spinning as a car tried to gain traction to keep on its way. Some even created rituals, such turning their pjs inside out, or sleeping with a spoon under our pillows. (For the record I actually never even heard of any of these until I was an adult). A snow day meant a day of fun in the snow: building a snowman, or better a snow fort and having snow ball fights.  I recall one particularly expansive snow fort friends and I built in a snow bank in the center of Falls Village where we grew up. It had a main chamber from which we could survey our domain and at least two side tunnels we could craw through, leading to smaller “towers” that could fit one of us, to provide flanking fire for anyone foolish enough to try an assault on the main chamber.

Sometimes we’d even play the hero and after one blizzard at least, a friend and I went through town, uncovering buried cars, just in case anyone was trapped. Fortunately no one was. Of course we also then had to at one point dodge a snowplow by scrambling through a 5′ embankment of snow created by previous plows.

As we got older, we may have given up on the rituals and built fewer snowmen, but we still enjoyed our snow days. It meant a break from school, perhaps a chance to catch up on homework. But it also often meant chores, the need to shovel the walk, or worse the driveway.

Then we got older still and now we didn’t get days off. We were told, “the office is still open. Please drive safely.” Now those spinning tires we heard as a child were us, trying to keep straight, and on the road, in order to get to work. Those snowplows we hoped to hear as a child were both a boon and a bane. They helped clear the roads, but also seemed to be in the way.

If our children were young enough, suddenly a day off from school for them, became a burden for us as we struggled to find a sitter or some form of daycare.

We no longer looked forward to forecasts of snow. We dreaded them.  We started our own rituals, some actually more effective than what we practiced as a child. We’d pre-salt the walkway. We’d make sure we had a snowbrush inside the house ready to go so we could clear off the car before opening the door.

It was the same event, but a completely different perspective.  I think I preferred the childhood perspective.

And the irony is not lost on me that my job now actually permits me to sit at home, avoiding the drive, and to write about the snow.

For me, even when I have to drive in it, I actually love the snow and snow days.

For you, I hope you get the day you want, young or old, snow or not.

 

 

“So, why are you sitting here?”

I had been anticipating the question and it was a fair question, after all, I was one of two men sitting at the Women in Technology Birds of a Feather table at PASS Summit.  But let me back up a bit.

Last week was the PASS Summit in Seattle, an annual event that I mentioned two weeks ago that I was headed to. There are several thousand people that attend and in order to promote networking, in the massive lunch hall, they have a number of tables set aside for particular topics, i.e. “birds of a feather”. So if there’s a particular topic or interest group you are associated with you, you can sit at such a table and know you’re among like minded friends. For example on Day One I had set at the “Virtual and Local User Group” table.  But today, I found myself at the Women in Technology table.

So why?

Let’s back up even further. I grew up in a small town in the northwest corner of Connecticut. I can’t say my parents were poor, but we probably lived below what many would consider a middle-class lifestyle. However, I was very fortunate to have hard-working parents and grandparents who helped, and more than a bit of privilege.  What do I mean by this? One example comes to mind. A couple of years after college when I was first consulting, I needed a small business loan to cover a project for a client. I literally walked into the local bank and on my word got the loan I needed. Even then I realized I had a bit of privilege going on there.

As I’ve grown older, I’ve listened to more and more testimonies from women and persons of color and continued to realize how for granted I’ve taken many aspects of my life. As a result, I’ve worked to listen to others and try to increase their access to opportunities and gain the same privilege I was simply born with by being a white male.

So why was I there?

The question was not a surprise, since the table host, Kathi Kellenberger had said she wanted to go around the table and ask folks why they were there. fortunately she hadn’t started with me first! This gave me time to think about my answer.

To listen. To listen to two women of color talk about their struggles and efforts to make it into the world of being SQL DBAs. To listen to other women talk about their experiences and to learn from them.

So I gave that and a bit more as my answer and then shut up and listened. It was a great lunch and a great experience.  As my friend, and WIT Virtual Group co-leader (along Kathi) Rie Irish is wont to say, “if women could solve these problems we’d have done so by now. We need your help”.

So to my fellow men out there, I would say, be an ally. Attend the WIT Luncheon (which was the day before) at Pass Summit.  Encourage women to speak at your User Group and at SQL Saturdays, stop others from interrupting them during meetings, amplify their ideas. And sometimes, just shut up and listen. And if you’re involved with SQL Server and PASS and want more information reach out to Rie and Kathi and contact the Virtual Group the manage, Women in Technology.  Trust me, men are welcome as allies.

 

Family

Over the weekend on my Twitter feed I saw some tweets about #SQLFamily taking the #SQLTrain up to Seattle for the PASS Conference I’m at this week. It made me reflective.  As some of you may know, I grew up in a train station (no trains though) and have always loved trains. And the ride from Portland to Seattle is one I’ve wanted to make because of the scenery.

But I want to write more about family. Family can mean so many things. It can be your blood family, but it can be those you choose to associate with, or that chose you.  Both have their value and place.

In my blood family, my daughter, as a tradition, has started to take me to see the latest Star Wars film when it comes out. This has led to some amazing moments, such as in 2015 when I got to see through her eyes, the excitement I felt at a similar age of “a new Star Wars movie“.

Unlike some, I loved The Last Jedi, for many reasons. Yes, it had some weak moments, but I think it was a great movie. And it makes me think about family. Something I alluded to in the post linked above. Kylo had his blood family. He had parents that loved him, an Uncle that care for him. But, he rejected all that, trying to find more.  Ultimately, at the end of The Last Jedi we realize, before he does, that he’s utterly alone; that he has rejected everyone in the Universe that cared for him or tried to care for him.

Rey on the other hand, learns just the opposite. Many fans were upset to learn she’s not a Skywalker or a Kenobi or anyone famous. Her parents literally are nobody. She is, in the ultimate sense of the word, an orphan, without family. Or so she thinks. At the end of TLJ, it becomes clear, she is part of a family that has chosen HER, not because of blood, but because of who she is. And she has chosen them.

I am fortunate to have many families. I have my blood family, ones that I hold near and dear. I am fortunate to have them and have such great ones.

I have my #SQLFamily, which is a diverse group of people who all share one passion: SQL Server. It’s a bit nuts at times and we’re all different, but it’s a great group of people for that chosen field. I’m not sure they’re my ride or die family, but I’ll take them!

I have certain friends I consider a family. These are my ride or die family, the ones I would drop anything for if called and asked. I’m visiting some now in Seattle while here for the PASS Summit.

While here, I’ll be visiting yet another eclectic family, my ROC Family: folks who I have shared many adventures with as members of the Rensselaer Outing Club.  We all share a common set of experiences and it binds us.

And finally today, election day, I think of a different family: one that I’m perhaps a distaff member of, but that is my friends and associates who are members of the LGBTQTI+ (and if I’ve left off any letters its through oversight not for lack of caring) community.  They’ve invited me into their homes, to their birthday parties, weddings and more. Today I think about them because for many, today is about more than tax reform, or foreign policy, it’s about in some cases, whether or not their government will support and protect them, or possibly even try to define them out of existence.  So I’m going to again break one of my own rules (what are rules for if not to be broken) and say, if you haven’t voted today, do so. And if you do so, think beyond simply your taxes, your religion and your other views and remember, we are all members of various families and elections can and do have consequences.

I love my families, all of them, in different ways and I hope you all are members of families that love and care. Not every family is of blood nor should it be nor does it need to be.