Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase «««23456»»»

Inconsistency Expand / Collapse
Author
Message
Posted Friday, March 15, 2013 1:51 PM


SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Friday, October 24, 2014 1:51 PM
Points: 28, Visits: 311
TravisDBA (3/15/2013)
True story, but the rub with that is you got to treat and pay "good people" well, or they leave sooner or later and you are then left with "not so good people" running your business into the ground. i have seen this so many times in the industry it is not even funny anymore. You really do get what you pay for, good or bad.


Not always true - Last couple of rounds with some purchased software has proven that even though you may pay top dollar for something and it may look like a good fit, it ends up being a Lemon with no sugar around to make lemonade.


-- Optimist with experience and still learning
Post #1431726
Posted Friday, March 15, 2013 2:38 PM
Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Monday, November 17, 2014 12:57 PM
Points: 784, Visits: 1,185
I think we got off track in an area Steve said to avoid. He specifically said to

"Please avoid political or socials issues and stick to something in technology that's you have altered your standing on. And if you haven't changed your mind on anything, perhaps that's something to think about as well."

Post #1431760
Posted Friday, March 15, 2013 4:43 PM


SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Tuesday, September 23, 2014 7:42 PM
Points: 635, Visits: 2,215
My belief:


The more secure you try to make systems and software makes them either less secure or become unused and useless.

Some examples locking down Windows that a regular user has problems even changing the the background image on the desktop. They will then find every possible way to bypass that rule, or if it is a privately owned system they will turn off all security.




----------------
Jim P.

A little bit of this and a little byte of that can cause bloatware.
Post #1431838
Posted Friday, March 15, 2013 5:14 PM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Yesterday @ 10:18 PM
Points: 17,964, Visits: 15,968

I am very open to the idea that I don't know what I don't know about many subjects, especially databases.


A few things come to mind real quick.
The use of cursors
The use of table variables
Parallelism is bad

I used to be strongly opposed to the use of cursors. But that is just silly. There are many good uses - if used properly.

Table variables are a good tool. But they are not necessarily the absolute to replace temp tables as was a huge push for a while. Table variables can be a good tool or a really bad tool.

Parallelism can be a wonderful thing. In a well tuned query, parallelism can be that turbo button . In a poorly tuned query parallelism can be, well - a pain. But the fact that parallelism exists doesn't imply that something is wrong or bad.

Those are a few things I have had to change my mind about over the years. And that is a good thing because that means I have hopefully learned something.




Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Post #1431843
Posted Friday, March 15, 2013 5:15 PM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Friday, November 21, 2014 10:15 AM
Points: 2,464, Visits: 1,551
Say goodnight Gracie!

Not all gray hairs are Dinosaurs!
Post #1431844
Posted Friday, March 15, 2013 5:17 PM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Yesterday @ 10:18 PM
Points: 17,964, Visits: 15,968
Miles Neale (3/15/2013)
Say goodnight Gracie!


Goodnight Gracie





Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Post #1431845
Posted Friday, March 15, 2013 5:31 PM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Friday, November 21, 2014 10:15 AM
Points: 2,464, Visits: 1,551
Bless You!

Not all gray hairs are Dinosaurs!
Post #1431849
Posted Friday, March 15, 2013 5:42 PM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, November 17, 2014 12:19 PM
Points: 181, Visits: 422
The opinion of mine that I've changed, is an older one, and developer related, so perhaps not everyone on this list can relate. Years ago, when I first came to where I now work (I've been there for a long time), we wrote a couple of apps which are still in use today. They started life as VB4 apps, but are now VB6 apps. The opinion I had (in fact, the opinion we all had), back in the day, was the data binding was unreliable. We devoted a lot of time writing our own code to bind data from our SQL Server databases, to the apps that we wrote. Most of those apps are still in use today.

But now, years later, I've changed to use C# instead of VB (I only use VB if I have to, such as if I absolutely have to do maintenance on that old stuff), but along the way I've had a chance to learn data binding. Man, what a difference that makes!! Much faster to code in, than writing your own stuff, and a lot less error prone.



Rod
Post #1431852
Posted Friday, March 15, 2013 7:47 PM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Sunday, March 17, 2013 10:06 PM
Points: 28, Visits: 86
Jim P. - I also thought that more secure meant less useable, until I realised that we are looking at securing the wrong way. Instead of the Accept\Reject model (ie. user name\password great for computer to break, bad for human to remember) why not be more human like and security via reference and familiarity. You do totally lose privacy and the system "knows" you but you do get a much more secure and useable environment.

Reference and familiarity = resource sensitivity dependency on required user access or Authent-a-Key as I like to call it.
eg. How about having low secure read only activities like running a report only require a user name, but it's how you enter the user name that the system can decide on if you are you or not. It's the speed of each letter press, the time of gap between letters, and the prior stats determine and if the system can't know for sure, the fail over to getting another human to vouch for you.

What about other access methods that cannot be forged? Like pass-sound, pass-click, pass-highlight, pass-drag, etc.

They all promote a model where an intruder can only get so far unless they actually are you.

The bottom line is only require enough security for the sensitivity of the task; instead of all or nothing.
Post #1431856
Posted Friday, March 15, 2013 11:26 PM


SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Tuesday, September 23, 2014 7:42 PM
Points: 635, Visits: 2,215
Scott Anderson #2 (3/15/2013)
Jim P. - I also thought that more secure meant less useable, until I realised that we are looking at securing the wrong way. Instead of the Accept\Reject model (ie. user name\password great for computer to break, bad for human to remember) why not be more human like and security via reference and familiarity. You do totally lose privacy and the system "knows" you but you do get a much more secure and useable environment.
They all promote a model where an intruder can only get so far unless they actually are you.


Have you ever seen nthe XKCD view?

Setting the screensaver to 10 minutes (which can be a conversation time with a coworker) by group policy and a lockout policy is about ridiculous. The other side I had an Access DB that processed many GB of data overnight. I forgot to lock my desktop before I left for the night. I just had to move the mouse to bring the desktop up.

I had near admin level access.

But if you had to enter four words to get to your desktop each time -- the user will find a way to subvert it. But making the password so odious, the user will find a way to subvert it.




----------------
Jim P.

A little bit of this and a little byte of that can cause bloatware.
Post #1431863
« Prev Topic | Next Topic »

Add to briefcase «««23456»»»

Permissions Expand / Collapse