Make no mistake, this is going to be something that happens again. The former CEO of Equifax blames their massive data breach on a bad scanner and a person. I'm not talking about a data breach, of course those are going to happen, and when they do, assume that every piece of data in the system is compromised. I know some digital forensic scientists are really talented, but is a company that didn't necessarily pay attention to security in the first place going to ensure the analysis is done right? Not likely. Assume every record is compromised.
In this case, the former CEO calls out a person that made a mistake, and then says technology failed. I don't think that's true, and I'd agree with Patrick McKenzie, who has a good thread on Twitter. A bad engineering decision, or even a process, is the result of multiple people making mistakes. Certainly there are people that must back up the Apache Struts patch person when they're on vacation. Or there should be. If there isn't, then that's a management failure at multiple levels.
The thing that concerns me is that we, as tech workers, are going to be blamed going forward. The individual isn't named here, but I bet at some point they will be. And some, or many, tech workers will get sacrificed for a company that wants to show contrition and action for security mistakes. It's common for someone to take the blame, but I haven't seen a specific person be identified (or their inaction be called out) in the past. I'm sure some tech people were probably fired after previous incidents at large companies, but not publicly.
While the person wasn't named, there was a report that this individual was no longer employed. Fired? Quit? Who knows. Certainly it's likely that once this breach became public, anyone who might have been responsible for watching CERT lists, applying patches, or anything to do with Apache Struts might be blamed. In fact, I don't know I'd want to continue working at a company that might publicly blame my role for a massive breach. My career might be dead with that management, so I might as well move on. Much easier for everyone to blame me than accept responsibility.
This is the first time I've seen an IT employee blamed. BA said an IT systems failure with their major issues. Yahoo and Target were hacked, but no one in IT was blamed. Sony didn't blame their IT staff after their emails and films were released. Yet Equifax did. I hope this isn't a sign of things to come.
The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music.
Using SQL Census to audit SQL Server permissions
Redgate have just released SQL Census, a prototype tool that makes auditing SQL Server user access permissions much easier. In this post, Ally Parker shows how it works, tells us what's up next in the tool's development, and explains how you can download it for free. Try the free prototype
Do a lot more with Redgate tools
You probably have a favored Redgate tool but if you’ve been using it for a while, you may not be making the most of the latest features. Keep track of features and releases on the new Redgate Hub. Discover the Redgate Hub
When SQL Server 2017 launched, Microsoft proudly announced that it was the first relational database engine to ship with built-in artificial intelligence (AI) capabilities. But why Python and SQL Server? What is Python? And how does this compare to the R integration in SQL Server 2016? More »
Many undergraduates have misunderstood the name 'Students' in the t-test to imply that it was designed as a simple test suitable for students. In fact it was William Sealy Gosset, an Englishman publishing under the pseudonym Student, who developed the t-test and t distribution in 1908, as a way of making confident predictions from small sample sizes of normally-distributed variables. As Gosset's employer was Guinness, the brewer, Phil Factor takes a sober view of calculating it in SQL. More »
Extended Events is a powerful feature that was introduced into SQL Server 2008 and onwards. It keeps historical system health... More »
Question of the Day
Today's Question (by Steve Jones):
I want to convert datetime values to datetimeoffsets to ensure all my time values are consistent and comparable. I decide to use TODATETIMEOFFSET() to do this. What do I need to pass in as a parameter(s)?
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth
1 point in this category: Datetime Functions.
We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the
Master the fundamentals of Transact-SQL—and develop your own code for querying and modifying data in Microsoft SQL Server 2016. Led by a SQL Server expert, you’ll learn the concepts behind T-SQL querying and programming, and then apply your knowledge with exercises in each chapter. Get your copy from Amazon today.
Yesterday's Question of the Day
(by Steve Jones):
I've got this dataframe:
characters movies releaseyear
1 Iron Man Iron Man 2008
2 Spider-Man Spider-Man Homecoming 2017
3 Thor Thor: The Dark World 2013
4 Hulk Hulk 2003
5 Doctor Strange Doctor Strange 2016
6 Captain America Captain America: Civil War 2011
7 Black Widow The Avengers 2012
8 Hawkeye Avengers: Age of Ultron 2015
9 Ant-Man Ant-Man 2015
I want to just return the row of data for Spider-Man. How can I do this?
To get a row, you can use an index with the brackets. In this case, the second row has "Spider-Man", so we use that as an index.
Having trouble displaying a date in a certain format...
- Select Invoice_Exceptions.Invoice_Number, Invoice_Exceptions.ItemNum, Inventory.ItemName, Invoice_Exceptions.Amount, Invoice_Exceptions.Quantity,
Invoice_Exceptions.Reason_Code, Invoice_Exceptions.LineNum, Invoice_Exceptions.EmpName, Invoice_Exceptions.DateTime AS Day_Voided, Invoice_Totals.Payment_Method
Columnstore index question
- I have some large ETL tables that i've created to snapshot production OLTP data that is sourced from more than...
- CREATE TABLE .( NULL,
INSERT INTO .(,)
INSERT INTO .(,)
INSERT INTO .(,)
Order of Indexed columns - does it matter
- CREATE TABLE dbo.blah (
CustomID INT IDENTITY(1,1) NOT NULL,
CustomName NVARCHAR(50) NOT NULL,
GID INT NOT NULL,
PID INT NOT NULL,
IsActive BIT NOT NULL,
This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.