Category Archives: Uncategorized

SQLSaturday Orlando Marketing Plan-Part 45

It’s Saturday a week out and I’m trying to finish up messages for the week. A lot to send this week. Monday messages to the registered and not-registered list, one more lunch reminder, three sponsor email blasts, a big Friday reminder with lots of notes, and a Saturday morning “don’t forget and it’s ok to show up late” message.

I need to write an entire post on the software that runs the event. Lots of small things that would help us, small things I I didn’t know or have time for way back when.

We’ve ended up with relatively few photos of the event from previous years and that has hurt our ability to convey some of the fun/feel of the event. I’ve asked for help from volunteers in getting the photos this year.  The posting plan is still vague. How do we get them all? How do we get them onto Twitter? Appreciate ideas on that. This is where my inner yearn for documentation shows up. We need a Photo Plan! Here’s some of the photos I’ve asked to get done this year:

  • every session (speaker and crowd shot)
  • all  sponsors with people at their table
  • group photo of speakers (what can we do better/different than the last one?)
  • prize winners (and prizes)
  • end of day crowd/raffle
  • Closeups of food and people eating
  • check-in
  • Plus, the student seminar event
  • Facility

Plus some short video interviews with attendees. That gives whoever does marketing next year more stuff to work with. That’s worth a comment. I took marketing this year as a place where I thought I could contribute and make an impact and I think I have. The trick is to convert that to a formula, which means it can’t be me doing it next year. I’ll coach and even write a little, but we need a long term plan. I think I’ll volunteer for volunteer management next year, but that’s a ways out. Where else could I change the game?

Ran across http://addthisevent.com/ recently, I’d like to see more support for adding to calendars in the event tools, something Eventbrite does well.

I’m starting to think about what a marketing team looks like. A team would spread out the work (considerable) and offer training/redundancy. Some roles might be:

  • Marketing lead, someone with the vision and accountability
  • Writer. Someone that can take various bits and put into words in a way that attendees will read
  • Twitter. Maybe. I did a lot of scheduled tweets and while they were canned, not sure it’s worth doing more than that yet (other than event day)
  • Group/List Liason. Someone to make sure we get mentions at other groups, key blogs, etc. Takes effort. Not big returns, but worth doing. Can we just do it better?
  • Corporate marketing. Still untapped market, trying to do “top down” “sales” here in Orlando. Worth doing?

Needs more thought soon.

Out of time today, so I’ll close with the registration update. 536 right now vs 344 last year. Now to see if check-ins hit the goal of 350+ on site!

 

image

More on Password Managers

Last week I posted about reviewing passwords and mentioned using a password manager as part of that effort. DaniSQL noted in a comment a whitepaper about some browser vulnerabilities that can impact password managers – http://isecpartners.github.io/whitepapers/passwords/2013/11/05/Browser-Extension-Password-Managers.html. It’s a quick read and as always when we talk about security it often seems like can nothing be easy? A big point in the paper in that autofill can work against you – hidden fields on the page for example. Independent passwords per site helps reduce the pain if you get hacked and so would two factor authentication, but that isn’t the same as not getting hacked. Autofill is a huge convenience though. The manager I use allows me to set that option per site, so I’ll try to only use it where either the possible pain is almost nothing or I’m trusting the site to get it right every time (my bank?).

Knowing the risks is good. I still think the pros of a password manager used responsibly far outweigh the risks.

Security, Compliance, and SQL Server Webinar on January 29, 2014

My first webinar of the year! I’m joining forces with the GreenSQL and MSSQLTips to present Security, Compliance, and SQL Server on January 29th at 3pm Eastern. I’ll be talking about how to work with/understand the Security and Compliance teams – what drives them, what they hope to accomplish, and why they sometimes ask you to do things that don’t seem to make a lot of sense. I’ll be adding to that my Top 10 list of SQL Security tips, the kinds of things you want to do if you want to be secure and not just pass the test!

Register here: https://www2.gotomeeting.com/register/279348610

Changes to PASS Voting Eligibility

There was a blurb in the Connector today about an eligibility change for voting. The “change” is a requirement to update your profile (or for those of with more than one, all of your profiles).  Here are the fields that are now required on the profile:

 

image

 

I don’t have a problem with those, or even with asking for a yearly update. I worry that there isn’t enough information there to do a good dedupe – one of my two profiles (no, I don’t vote twice) has the state as Alabama (not on purpose, some strange system default). I worry that many voters won’t see this in the Connector and end up not being eligible. The latter is especially troubling.  A change like this shouldn’t be the third bullet in a email, it should be the email. The newsletter talks about a membership drive when I think what we need is an eligibility drive.

I’m hoping it is part of a larger strategy, but if so, where is it? Why not ask the members to help dedupe? I have two accounts, who/how do I tell them to merge those? Are chapters and events going to be pushing eligibility as much as membership?  What if someone went to the Summit (surely an eligible member) and doesn’t update their profile – do we really not want them to vote? I’ve always thought that asking for a LinkedIn URL would be a decent way to uniquely identify someone – do a one time validation and call it done. It also seems like at least making phone number optional would be a good and useful data point to have, and it would be worth a discussion of whether it might become part of voting ala Google Authenticator.

I’m all for making eligibility right. Let us never have an election that is questionable. Put a committee together, come up with some ideas, and vet them publicly. E-voting is tough to get right for anyone, but we should be able to define a system that is fair to the honest member and at least puts decent speed bumps in front of those who decide to not play fair.

Sometimes It IS The Network

Over the years when a performance problem comes up there is always some speculation that it’s a network issue and not the database (can’t be us!). I always ask a few quick questions to see if I can see a reason to pursue the network angle:

  • Is the problem affecting multiple database servers?
  • Is the problem affecting multiple databases and/or multiple applications?
  • Is the problem experienced in a particular geographic location?

I won’t say it’s never the network, but usually when it’s the network everything is slow or down. Check, ask them to check, but assume it’s a database or application issue is my rule of thumb.

But.

I worked with a client where everything was running fine. The server in question had the IP changed to meet some security requirements, it came back up fine and all seemed ok, except that jobs were taking 3x to 5x as long. Nothing changed but the IP. How could that cause a problem? Seems like network doesn’t it?

Network team swore it wasn’t them. No way could changing an IP affect performance. A more likely culprit given the reason for the change was the firewall. Firewall team swore it was not them. Database team goes back to look again, sees nothing wrong on the server. Changes IP back to old IP, performance is fine.

So what do you do now? No one sees a cause, but clearly something is wrong.

They flipped the IP back again, performance drops immediately. I still thought the firewall had to be the problem. I’m not a firewall guy so I’m pushing for details, what kind of rules are running, which rules are getting hit, etc, looking for clues. Finally with some arm twisting I have the firewall taken offline, removing it from the equation. Performance still bad. Firewall team mad. And yes, the database team was still sad.

Now we go back to the network team. We’ve proved that it’s running fine with old IP, miserable with the new IP. After agreeing to look again, reluctantly, because it makes no sense, they find the problem. The new segment had packet inspection enabled, the old segment did not. The high amount of data being transferred was maxing out the switch and that was the bottleneck. Turned it off, presto, all was well again.

So for once it was the network. I’ll probably never see that root cause again, but now I know to ask about it, just in case.

I Learned Something From You

I learned something from you – that was something someone said to me at the end of a recent consulting engagement. I wasn’t teaching, just doing, so that it made it all the more interesting to hear. Part compliment, part acknowledgement, maybe even part surprise, regardless, it was a very nice thing to be told.

It’s easy to forget that we all shape each other in the work place by the things we do and the things we don’t do and how we do (or don’t) do them. I’ve long been a believer in observing and ‘borrowing’ as I see behaviors or ideas that I think are effective. I’m sure that I don’t say “I learned something from you” as often as I should and I want to work on that. Sometimes we know when we do something well, but often we don’t – we’ve figured out a way that works for us as we try to get through the day/week/year and we go with it. It’s often not until someone talks to us about the way we do it that we take a fresh look and maybe re-value ourselves in the process.

Something to think about.

Upscale Bowling

I don’t bowl often, maybe once a year at best. It’s a fun way to spend a couple hours – I imagine many of you have done the same. Regardless of location they all seem about the same. Mostly quiet, not fancy, maybe even utilitarian in most ways. Food. Not great food, but good enough for an afternoon or evening outing. Shoe rental, the faint smell of the oil on the lanes, rack and racks of bowling balls. You’ve been there, right?

This past week we tried Splitsville here in Orlando, a (sort of) re-imagining of bowling. It’s located in what used to be the Virgin Megastore at Downtown Disney. I think you might call it full service bowling. When you enter you have a choice of just dining, or bowling with the option of having food delivered to your lane. Bowling is $15/hour per person and that includes shoes. They enter the bowlers names for you in the scoring system, ask for your shoe size, and then a – host/hostess? – puts the shoes in a basket and walks you to your assigned lane, in our case on the second floor.

Feels a bit nicer than average. Seating area is not typically alley, there is table with a bench and some chairs. Shoes are velcro closures, nice. All automatic scoring system is nice too, fully modern. Put your shoes on and start bowling. They have bumpers so the kids have a decent shot of hitting pins, and here it’s per player, so they go up and down as needed.

We managed two full games in our hour, a group without kids might stretch to three, not sure. The scoreboard shows time remaining and when you’re out of time, the lane goes dark and the pins won’t reset again. Lunch was $48 before tip for the four of us (a hamburger was $12). The burger was ok, but I’d have called it more like a $9 burger. Server takes your order and deliverers the food, does drink refills. Three of us bowled, so another $45 for that. Easily a $100 outing.

There is a full bar upstairs, another outside, and a sushi bar (which seems strange, but that’s just me maybe). They have full dinner items on the menu as well, I think a steak was $22. A few pool tables. I don’t remember seeing the arcade games, may have been on the first floor.

I can’t remember what we spent the last time we did bowling. Usually you pay per game plus one fee for shoes and I try not to eat while bowling, the food isn’t usually that good, so it feels like this was much more expensive – but on just the bowling, maybe not.

So, is this better? From a business perspective I’m intrigued. Per hour charges in advance are nice. People play and then move on, no taking two hours to play three games. Full service food of reasonable quality seems like it will do well, and again, because the bowling is time-boxed, you get to turn the tables like clockwork. Small gift shop at the exit is a nice touch.

Given a choice of this style or the ‘old’ style, we’d probably pick this one – nicer place, better food, full service (and given how rarely I bowl, any price difference for the bowling doesn’t matter much). That’s for the once or twice a year thing, because it’s an extra 30 minutes to get to compared to the one down the street. Bowling every week the extra drive time would rule out Splitsville for me.

Overall I thought their implementation was well done and given the location in Downtown Disney I think it will probably do well. It’s worth trying once and you probably haven’t been bowling lately anyway, right?

Looking forward to comments and thoughts on this one.

Security Cameras in the Neighborhood

I live in a pleasant, calm, middle class neighborhood. Not much crime here, at most the rare break-in or vandalism, not a place where you worry about going out for a walk in the evening. Recently the HOA sent out a letter discussing the install of security cameras to increase security and that provoked some interesting responses. Not everyone – including me – thinks that cameras everywhere are a good thing.

Will they reduce/deter crime? Maybe. Is it worth trading away some amount of privacy? Maybe. Maybe. I don’t have enough information to judge, just a sense that finding the balance between privacy and security isn’t easy. If the cameras would eliminate crime, that’s interesting. If they will, why didn’t we do it last year or ten years ago, is this purely about cost? It cost too much to stop crime then, not so much now? That’s not meant to be sarcastic. As costs decrease options become available that weren’t viable before and therefore maybe not even considered. I don’t have a good case for saying no to cameras – that’s either lack of thought or a bad position, I’m not sure which yet.

Still, I like to participate on issues that matter to me, so I sent the Board some questions, among them the following:

  • How long will the data be retained and how will it be purged?
  • Who will have real time access to the system (to view the camera feeds)?
  • Will administrators be allowed to view the data as a proxy – for example to see if they can find someones lost cat?
  • Will cameras be placed to only monitor public/community common areas and not any residence? (Policy)
  • With regard to public areas, what monitoring will be done at the playground?
  • How will the Board decide if the cameras are a success?
  • What logging will be done to track who views the live or recorded data?
  • How will you guarantee the security of the system so that it cannot be hacked (or such attempt detected and stopped) by a criminal using it to find targets and best times?
  • Will the Board require a subpoena for anyone to get a copy of the data, for example for a  wrongful injury claim?
  • What crimes and how many have occurred by year for the past three years?
  • Is there a time of year when crime spikes?
  • What research has been done to see how other associations address this issue and how effective it has been in similar neighborhoods?

You can see my IT/security centric view shapes the questions. Ultimately the Board will decide and I’ll respect that decision (and at worst try to vote someone else in next time around). They are doing the best they can and there is no one ‘right’ answer (and I said as much in my email to them).

Privacy rights aside (and I don’t say that lightly), this is an attempt to solve a problem. I like to see the problem defined, explore options, see what others have done, and then dig into the cost/benefit part. Maybe they did that, all I got was a ‘installing cameras’ email. I suspect that this was one of those times where a bit of group-think and a bit of insensitivity to the privacy issue generated some mild backlash.

Think about the privacy part though. We could probably do close to 100% coverage of the neighborhood, or we could just monitor the egress roads, or somewhere in between. Is it still about cost? Would you think it was fair (as opposed to legal) if someone across the street pointed a camera at your home 24×7? Where does privacy for the one outweigh the good of the many? Not easy questions, but for certain questions we will have to answer this decade.

I imagine the cameras will go and we’ll see what happens.