Recently my spouse and I travelled to South Africa (yes, I know there’s a pandemic on) to deal with a gloomy family matter that required in-person interaction. Being an adult means dealing with things that other people can’t do or don’t want to do.
Literally hours after we arrived, hot on the tail of South African scientists announcing the discovery of a new COVID-19 variant, the world decided to impose a travel ban on … South Africa.
I originally started writing this from a hotel prison when we eventually got back to Canada1We had to pay out of pocket for a flight to Nairobi (in Kenya) where we also had to get another PCR test, before flying on to Amsterdam and then back to Calgary., and back then the so-called variant of concern had been discovered in Alberta in at least eleven people, including one child who went to school with it. As of today, the numbers in 89 countries look bleak. In other words, the travel ban was pointless and ineffective.
It’s good to be back in Canada, but the experience was not enjoyable, and the way things were handled at the airport and hotel were poorly executed. Our forced quarantine is now over, and each of our four PCR tests for us both in the last month came back negative.
In other news, there have been at least three exploits in a very commonly used library called
log4j. There are some estimates that over 60% of all Java-based applications use this library and are therefore likely affected. It reminds me of when Dan Kaminski discovered the cache poisoning vulnerability in DNS in 2008, and it took six months for all major vendors to patch their systems before announcing it. Apparently, that was the plan in this case too, i.e., have a patch ready before announcing, but a proof of concept was released early and that opened the floodgates.
Neither of these has anything to do with the Microsoft Data Platform, but in both cases external threats had a major effect on everyone, even those seemingly unaffected.
So, my first question is, have you checked your backups recently? Then, have you reviewed your business continuity plan? No longer do we speak of being hit by a bus or winning the lottery. Now risks are as bizarre as people getting stuck in a different country with no way to access their corporate networks, or colleagues in hospital because someone else coughed near them at a shopping mall.
We will never go back to the way things were. The SARS-CoV-2 coronavirus (the virus) that causes COVID-19 (the illness) will not go away until at least 90% or more of the entire world’s population is vaccinated against it. We are kidding ourselves if we don’t wear masks in public even when fully vaccinated and boosted. This is literally the same thing as defence-in-depth in information security: multiple layers of protection.
I wrote on Twitter a few months ago about how the virus uses spike proteins to latch on to the cells in our body and infect us, in a similar way to how Velcro works. A vaccine is kind of like scraping off the Velcro hooks so that it can’t link up to our cells. As more variants mutate (because people aren’t getting vaccinated for myriad reasons including flat-out racism) these hooks change shape, and the vaccines can’t really keep up unless we remind our bodies what to look out for. In a Transact-SQL sense, we have to think of the virus as being detected with a
WHERE clause, and the protein is becoming increasingly different so we no longer can say
WHERE virus = 'Protein1', now we have to say
WHERE virus LIKE '%Protein%' and hope it catches them in time before they crack open our cells and start to spread.
I’m tired. You’re tired. We need to figure out ways to get more people to vaccinate, and at the same time we need to face the reality that everything we imagined before December 2019 has changed. If you haven’t already, start updating your run books and continuity plans.
P.S. Today is my 45th birthday. I never imagined I’d make it this far, so every day I wake up is a blessing. I would like each of you reading this to think about what you’re grateful for.
Photo by Mufid Majnun on Unsplash.
First – HAPPY BIRTHDAY!!!
Second, that was a really good article and I liked how you tied SQL into a post about Covid.
I realized recently that where I work, we have some people who have no real backup. We have people who can do the same work, but it is not part of their job description and the “backup people” also don’t have the same skills and tribal knowledge for things. When you work with a system day in and day out, you can come across an odd scenario and think “I should look at XYZ” whereas someone who doesn’t work with the system every day may start looking at A then B then C and so on and it could take hours before they decide to look at XYZ. For example, if you run into an error in an application, if you don’t know what logs to look at OR where the logs are stored, you may start by looking at the windows logs and find something like a failed logon that happened around the same time and start chasing that trail only to find out that it was a windows job that no longer needs to run that was triggering that failed login and it didn’t resolve the application error. An experienced person may see the error, jump into the source code and know what line of code (or at least which function or class to look at) and fix the problem pretty quickly.
From talking to people and reading stuff online (a lot of it twitter, but from people I know and trust), Covid-19 can be a mild cold or it can be hospitalization for weeks or months or anything in between! Even if you are vaccinated, the effectiveness of the vaccine isn’t 100% AND effectiveness goes down over time. Using your SQL example, it is like you have a table and your WHERE clause is ” WHERE virus LIKE ‘%Protein%'”. When you first get the vaccine, that table only has a few rows in it so it is fairly quick, but over time that table grows and the more rows it has, the slower that query takes to complete. Getting the vaccine and boosters get you back to (or at least closer to) the “WHERE virus = ‘Protein1′” state or a smaller table.
Here’s a video explaining the more serious of the log4j 2 exploits. https://www.youtube.com/watch?v=Opqgwn8TdlM