March 1, 2010 at 8:51 pm
Comments posted to this topic are about the item Be Responsible
March 2, 2010 at 1:08 am
I agree Steve, and for some weird reason, when opening a post with garbled code and lines of results, erm.. it makes one want to look the other way.
Not because we are too lazy to look at it, but because we simply do not have the time.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle
March 2, 2010 at 3:00 am
I agree and am slightly concerned that anyone would ever look at posting the data and think it was a good idea.
But in the UK we have a Data Protection Act that used to (and I have not checked this for a while) put us between a rock and a hard place. We would not be allowed to test on personal data:
{Joe | Bloggs | 13 Anywhere St. | London}
But at the same time creating "Altered" personal data could also break the law, so if the above data became:
{Joe | Bloggs | 25 Here Road | Manchester}
We were then storing incorrect data about Joe Bloggs, an offence under the act. Not sure if we also have a problem with storing incorrect info in general (as Joe does not actually exist putting him into my database would also be an offence).
I only mention it because the data generator is a good idea and should be in anyone's testing toolkit but sometimes we struggle under badly written laws that need reform.
I know this was the case the last time I read an editorial on this in the UK but don't know if the situation has been resolved. Of course the answer is not to tell the police about every testing database you ever create 😀
March 2, 2010 at 6:48 am
Ron Kane (3/2/2010)
Of course the answer is not to tell the police about every testing database you ever create 😀
And hope you don't lose that data. Maybe that's an idea for the spammers: sell them lists of data from Data Generator.
March 2, 2010 at 7:05 am
I've become such a cynic about how people just don't care enough about their customers to protect data properly. As a data architect it's a constant grind for me to get people to understand that protecting our customers from identity fraud, abuse, and other bad things also protects our company. Even if there weren't data privacy laws, it just makes sense not to be posting, e-mailing, or sending data in the open.
I worked with a DBA who took a back up of production data (including CC, ID, and other sensitive info), zipped it up, and sent it via his Hotmail account to a person overseas who had offered to help him solve a DB error he was receiving. How did he know this person? He didn't. It was just some guy on a online forum (like all of us here).
Why did he send it via Hotmail? Because our corporate e-mail size and attachment limits were blocking the transmission of the database backup. Why did he have to send it to some stranger? Because our data protection rules said that he was not allowed to send this sensitive data to our vendor.
He was a DBA and he didn't care enough about the data or our customers to protect their data. He also didn't think that what he did was wrong, even after we explained to him how e-mail works, how backups can be restored anywhere, and how online forums can be helpful, they aren't safe places to send production data.
This, of course, that said that no data should be encrypted because no one would ever be able to break through his great passwords. Bit by bit we had to take away most of his rights in production and QA environments because he just did not get it.
I told my boss several times: If you can't trust your DBA with the data, you shouldn't trust him with anything at all.
March 2, 2010 at 8:08 am
This is good stuff. For an online community to thrive, there needs to be rules of etiquette such as not posting 100 lines of code.
Members also should offer something in return for consideration of the value they get from the community like voting with the stars so we can see good content bubbling up to the top.
There's no orientation video or process that lays all this out - presumably because that would discourage marginal members from joining. But maybe the video could be made anyway - and people can get "points" or some easily-reproduced electronic giveaway for watching it and completing the quiz at the end.
Number of members is important - but quality of member activity is important, too. Otherwise, we can't effectively fight the problems of information glut that are inherent in online collaboration like this.
Bill Nicolich: www.SQLFave.com.
Daily tweet of what's new and interesting: AppendNow
March 2, 2010 at 10:22 am
This is why all companies need to have clear, and enforced, policies about controlling data, including sending data to third parties. The DBA mentioned above ought to be fired, and would be at most places I've worked. If that happened with data from countires with strong data privacy laws, the company would be open to massive penalties.
All data should have an owner in the business, not in IT, who is responsible for approving everything that happens to the data, whether it's making changes outside program control, or transmitting to third parties.
March 2, 2010 at 11:03 am
I think this editorial should be required reading for everyone who posts to the forums.
First, as someone who has technical communication experience, one of my big things is that whatever is posted should be readable, lest it defeats the purpose of the post. Too often, I come across posts that either (1) don't have enough information, (2) has so much information that it should be a book with several chapters, or (3) is written in such a way that trying to understand what the poster is saying becomes a chore. If you don't write something that can be understood in a single pass, chances are that you will be ignored. (And I've ignored my share of them.)
Second, as a longtime IT and data professional, I understand the implications of posting production, corporate, or sensitive data. If I'm posting data examples, I will take great pain to either (1) make sure sensitive data is excluded, or (2) replace sensitive data with "dummy" data (e.g. changing a table name to "GenericTable" or something like that). It's okay (and preferred) to not post real data, so long as the point you're trying to make comes across.
+--------------------------------------------------------------------------------------+
Check out my blog at https://pianorayk.wordpress.com/
March 2, 2010 at 12:00 pm
Ray K (3/2/2010)
I think this editorial should be required reading for everyone who posts to the forums.First, as someone who has technical communication experience, one of my big things is that whatever is posted should be readable, lest it defeats the purpose of the post. Too often, I come across posts that either (1) don't have enough information, (2) has so much information that it should be a book with several chapters, or (3) is written in such a way that trying to understand what the poster is saying becomes a chore. If you don't write something that can be understood in a single pass, chances are that you will be ignored. (And I've ignored my share of them.)
Second, as a longtime IT and data professional, I understand the implications of posting production, corporate, or sensitive data. If I'm posting data examples, I will take great pain to either (1) make sure sensitive data is excluded, or (2) replace sensitive data with "dummy" data (e.g. changing a table name to "GenericTable" or something like that). It's okay (and preferred) to not post real data, so long as the point you're trying to make comes across.
Agreed.
Only thing worse than posting the data in a forum is if the data is freely accessible over the internet. Not securing your data from the web is highly presumptuous and dangerous.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 2, 2010 at 12:59 pm
Great Editorial and Gentle reminder. Too bad common sense isn't so common.
---------------------------------------------------------------------
Use Full Links:
KB Article from Microsoft on how to ask a question on a Forum
March 2, 2010 at 3:10 pm
Karen Lopez - InfoAdvisors (3/2/2010)
I worked with a DBA who took a back up of production data (including CC, ID, and other sensitive info), zipped it up, and sent it via his Hotmail account to a person overseas who had offered to help him solve a DB error he was receiving. How did he know this person? He didn't. It was just some guy on a online forum (like all of us here).
There are 250,000,000+ unemployed people in the world and THIS guy keeps his job? Really?? I mean....REALLY???
James Stover, McDBA
March 2, 2010 at 3:13 pm
Both scary and reassuring. You can make a mistake and keep your job, but why wouldn't this be a terminating offense?
March 2, 2010 at 3:19 pm
Steve Jones - Editor (3/2/2010)
Both scary and reassuring. You can make a mistake and keep your job, but why wouldn't this be a terminating offense?
I would guess that management doesn't know about it. On other sites I've seen user i.d.s and passwords posted. What may be happening is that someone is under the gun and is simply copying and pasting. It still should not be done, though.
March 2, 2010 at 4:44 pm
You would not believe the types of behaviour that management puts up with just because they have such a hard time filling specialized roles:
- A project manager forged a signature on a user acceptance document so that she could end testing and move into pre-production testing. How did I know? Because the signature supposedly came from *my husband*. She really thought that I wouldn't be able to tell the difference. How did I know for certain? Because my husband was away at a conference at the time. So she lied again and said that his boss had signed on his behalf. unfortunately, the boss was away at the same conference. I was dead sure she would be fired. She broke the law AND had tried to work around user acceptance testing. Was she fired? Nope. Even after she confessed and HR was involved. Her boss felt that this was a chick/chick cat fight, not a real problem. In the meeting with HR, he praised her for taking the initiative to just get stuff done. If I were in charge, I would have fired both of them.
- A DBA deleted a table in production because he was certain that it was not needed. He assumed that one could derive the telephone area code from a person's zip code. This isn't possible because, if you think about it, a zip code can be for a an area that supports many area codes, and vice versa. Not to mention the fact that it is perfectly possible for someone to have a cell phone that is from a completely different area than their home address (zipcode). No matter how many times I showed him that it was physically impossible to derive the correct area code from a customer's zip code, he deleted the area code table from production. He didn't do this in Dev or Test first. He just deleted it in production. I thought he would be fired for messing with production data, for ignoring my instructions, and for just being an ***. But the company had been months with out a dev DBA and they really wanted one, even a terrible one.
- A developer who did not get his way with a database change request decided to start using a second structure of data by creating an XML file that he created on his own, then used that data instead of data in the database for his part of the application. QA, meanwhile, was making changes to data in the database and not getting the results they were expecting. So they'd raise a bug and the developer would (instead of fixing the code), go in and change the XML data to get the desired results. So the application would work until QA changed the data and the process would repeat. I was called in to find out why the database wasn't working. I could see the data, which looked fine, but the data on the screen was wrong. I could not figure this out, until it dawned on me that the data had to be someplace else. I found it by searching through the other XML data. When we asked the developer how this was going to work in production where he would not be able to put an XML file, his response "Not my problem". Was he fired? No, because the company already had 5 open dev positions.
- The same dev, irritated again that I would not make a database change that made no sense, started wedging data in a single column by making the values comma-delimited. So he was "hiding" data in a column that had another purpose, parsing it out when he needed it. We found this trick because when we loaded pre-production data into the table, other parts of the application would fail because required data was missing. Devs answer: "not my problem." Was he fired? See above.
- A project manager is supposed to deliver all kinds of documents/deliverables. But instead of doing her own, she takes documents from other project, prints a cover page for her project and turns them over to me for approval. I'm one of those people who actually read stuff I'm supposed to approve. I see right away that the test plans, project plans, and requirements documents are actually for another project. Thinking that there was a screw up at the printer or on her desk, I return them and ask for the right ones. She provides new documentation, but for yet another project. I ask if she understands that the requirement to do test plans and other deliverables means that these must be developed for *her* project. She asks "why?" I explain that the test plans will be used by the QA team to test the application, that the requirements will be used by the developers and DBAs to do design, and that that the other documents will be used by other people to do their jobs as well. She is baffled. She says that in the 2 years she's been a project manager there, no one has ever told her that. She also feels it is unfair for me to ask her to do all that work and that the previous manager never read the documents and always approved them. We continued to struggle with getting her to understand that that being a PM meant she actually had to do work. She was there for 5 more years, not doing much of anything as far as I can tell.
- Same PM is in charge of a software acquisition project. She is supposed to get bids from at least 5 vendors. Some are local and some are out of country. So she tells everyone that she is going to rig the bidding process so that only local vendors can win. I mention to her that she can't do that and if she continues to write and tell people she is doing this that the company could be at risk. She continues to do so. I raise the issue with her boss, assuming that he will want to get her to shut up about all the bid rigging she is claiming to do. He does so, but with more of a wink-wink. Personally I was appalled by her stance, but I was more worried about risk to the company because I caught her telling one of the local vendors that she was going to ensure that the non-local people would not be successful. So I raised this with my boss. He was all over it right away, even bringing in legal to clean up the mess. Yet she still continued to brag about the fact that she was going to award the contract to a local vendor. Legal talked to her several times and she still was not 1) removed from the project nor 2) fired. She ended up awarding the contract to a friend.
I just don't understand why companies keep bad workers around. They always tell me it's because they can't find people to replace them. None of these companies had particularly low salaries or bad benefits, so I just don't understand what the issue was with finding replacements.
March 2, 2010 at 4:55 pm
There's not only the person who's posting such data. There are people around in almost each and every forum who realize that those data seem to be real/production.
So we should take our share to address such posts to the site owners to take appropriate action - like Steve usually does as soon as he knows about it.
The disadvantage of moving on to the next thread if we see a huge sample file or hundreds of lines of code is that this information will still be available to those who specifically look for large amount of data for illegal purposes. It might be a good idea to at least report such posts, so the site owners can decide whether to take action or not.
Viewing 15 posts - 1 through 15 (of 24 total)
You must be logged in to reply to this topic. Login to reply