Requiring SSL for WordPress

Last week I wrote about adding an SSL cert to this blog. That left me the remaining task of figuring out how to force SSL for all connections. Azure doesn’t have a checkbox for this; the options are to make a change to the WordPress config, try a plug-in (a variation of changing the config), or add a URL rewrite rule. For no great reason I decided to go with the third option. I connected to the web site via FTP (see here for info on the credentials needed – not obvious) using Filezilla. I already had a web.config that looked like this (I saved a copy locally in case I needed to rollback):

 

image

 

Then I added the rule to the local copy, did a quick check that it was well formed XML using Notepad++ with the XML Tools plug-in, and saved locally:

 

image

 

Then I just FTP’d back to the wwwroot folder:

 

image

 

It seemed to pick up the change automatically when I tested a few pages. Fairly painless as things go, or so it seems so far! Next was an external check to see if it working. I used the free SSL test from Qualys:

 

image

 

A grade of B, which doesn’t seem horrible. I couldn’t find anything about how to fix the forward secrecy issue without access to the registry, which I don’t have. I suspect the same is true for the RC4 issue. I’d want a perfect score if I was handling credit cards or real secrets, but for now this seems like a reasonable return on the time invested. Now I just need to monitor to see if anything breaks, and remember to renew the certificate in just less than a year.

Adding SSL to SQLAndy.com

I’ve had this task on the list for a while. I wanted to do a refresh on the basics of SSL and certs, plus I’m in favor of using SSL everywhere, even personal blogs.  I ended up using The complete guide to loading a free SSL certificate into an Azure website by Troy Hunt as a guide, one that worked really well. Less than an hour to get the cert, download OpenSSL, create the the PFX, upload it, and set the bindings. It’s not a hard task, but it does have a non-obvious step about loading the intermediate certificate that made me glad I used the guide.

It’s a really good task to have documented because it’s finicky and one that most of us will do rarely. Microsoft also has an article about SSL on Azure you might find helpful.

I’m not requiring SSL yet. I need to see how/if that works and what it will break, if anything. I’ll add that back to the list and get to it sooner, or later.

WordPress, Project NAMI, and Azure

I’ve been running WordPress for years now and find it to be a solid solution for what I want to do. The only negative in my view is the requirement to use mySQL. There’s nothing wrong with mySQL itself, it more than does the job. I can quibble that it is one more thing to patch and manage, but it’s not something that takes a lot of time. I’m hosting it on Azure right now (so I can get some practical experience, if on a small scale) and there the options are to run a VM so you can host mySQL (which makes sense if you have many blogs) or use the ClearDB solution which costs $10 a month if you have more than 1GB (and that’s per database). I have another small project running in SQL Azure and while I frequently grump about the limitations compared to the ‘real’ version, it works well enough for simple stuff, as clearly my blog is.

Which brings us to Project Nami (Not Another MySQL Interpreter). I ran across this recently and decided to do a test of it. They recommend watching the install video first and they really got it right, it’s a five minute install and then you’re in WordPress and running. It deploys direct from GitHub, very very nice. Good enough for ‘production’ use? From what I’ve seen it is. The very worst case is the project dies, you export the data, do a clean install back on mySQL, and import the data (WordPress makes this just about painless). The next worst is that some plug-in you want to use fails to install/run, leaving you the option of going back to mySQL or finding another plug-in. It’s a reasonable solution right now, and more than that, it’s a “project” you can do in Azure for next to nothing. Even if you set it up, test it, and tear it down, it’s worth an hour or so just for that.

I’m going to set up another one, try some more plug-ins, then decide if I want to move this blog over.

Starbucks Clover

I recently read  Onward: How Starbucks Fought for Its Life without Losing Its Soul  by  Howard Schultz. Not bad reading all in all. Part of it talked about the new Clover machine, the first time I had heard about it, though it’s been around quite a while. I did a quick search and it turned out that there was one (one!) in Orlando at a location near me. Basically the machine takes fresh ground coffee and makes a cup of “real” coffee – not espresso. It’s an expensive machine, about about $10k, and it’s fun to watch. The coffee goes in, a spout pours in water, a cylinder goes up and down, magic happens, coffee is made and a big hockey puck of dry coffee grounds emerges from the top. Think very fancy French press. Here’s an article on how it works, but you’ll probably be more entertained by this video (shot at 7th and Pike in Seattle, how did I never see that?).

Worth $10k? I don’t know about that, but it seems like a smart play. It allows the store to brew one cup at a time, it’s fresh, and it’s mildly entertaining, at least more so than waiting on someone to pour coffee in a cup out of a carafe. I mostly drink decaf and it’s very common for them to stop brewing it after lunch, which means I have to wait, or drink Americano (which just ain’t the same). If they have a Clover I can get a fresh cup any time of day, with not too much of a wait. As far as quality I’m not a gourmet – it’s as good or better than normal brewed coffee and that’s good enough.

Deciding On a Presentation Topic for 2015

I’m spending some time this week and the next few weeks thinking about what I want to talk about next year. 2014 was about learning plans and I will continue using that presentation in 2015, but my focus this year is to pick a topic that will work well for chapters/user groups. That really speaks to the challenge that chapter leaders have – they want speakers/content, but they also want to fill the room. No, attendance isn’t everything and chapters should address different skill levels and different segments throughout the year (as they can, based on what they can get), but attendance does matter. Without good attendance the leader tends to feel they aren’t succeeding or serving the group well. Without good attendance it’s harder to get and keep sponsors. Without good attendance networking at the meeting is less interesting, or perhaps not interesting at all. So even if I pick a niche topic (as I have at times in the past), I want to think about offering a title, abstract, and delivery that is as inclusive as possible.

Here’s what I have so far for goals:

  • Has to be a topic I know or want to know
  • Has to be a topic I will  be excited about delivering
  • The title should be clear and clean, no cuteness
  • It should be approachable to a level 100 user
  • It should contain content that will reinforce/expand the knowledge of a level 200/300 user
  • Must contain demos
  • Must contain practical use cases
  • Framed in a way that I can write a 90 minute presentation, but trim to 50-60 minutes if needed (I think longer/deeper content is a better draw)
  • Write it a way that plays to my strength/style – a teacher, not entertainer, practical/forward looking
  • Write a Summit quality abstract and “what will you learn” bullets
  • Supplement it with a learning plan for someone who wants to go from concept to execution
  • Get critical reviews of the title/abstract before proceeding
  • Think and rethink about what I can do to help the group leader market it effectively (which may include some ‘requests’ about how that marketing is done)
  • Drive 20% over the average attendance for that group

I’m thinking about going a step further into ‘own the space’ territory. Put up a blog that matches the topic, feature the presentation, and supplement it with every resource I can find on the topic, maintaining it for at least the year.

I’m not suggesting that every presentation needs to go through all this, or focus as much on attendance. Chapters are the place where we experiment. New content, new ideas, new jokes, new styles. Chapters need a mix and I think should measure performance based on training hours delivered (THD). If the goal is 15 THD per month and you hit a home run in January and hit 30, that means later in the year a topic can be selected that only nets 5-10 THD. At least that’s how I think about it!

You might notice that the only thing I mentioned here about the PASS Summit has to do with the quality of the abstract.:

  • I will submit it. It will be tested and practiced and evaluated
  • There’s no reason to do less
  • It’s practice, I will probably submit another topic or two and writing good abstracts isn’t easy

I’m not picking a topic that I think is my best shot at landing one of those sought after spots on the 2015 Summit schedule. If I really want to get on the schedule I’d look at the 2014 schedule, find a niche that is untapped or under served, or one where I think I can “out do” whoever did it last year. Market analysis. Instead, I’m picking a topic that will serve the people I’m going to see in Florida next year as I try to to visit (physically or virtually) every Florida chapter and every Florida SQLSaturday. A different market. So while I wouldn’t endeavor to get a DBCC presentation selected for Summit, it might make sense in Florida. I might not do XML because Kendal Van Dyke already does and lives/presents in Florida (and who likes XML anyway?).

Lots of layers to that aren’t there?

Review: Ghost of My Father

I finished reading Ghost of My Father by Scott Berkun over the holiday weekend. It’s an intense read about the authors relationship with his father and the impact his father had on the entire family through behavior ranging from affairs to indifference to put downs. It’s about the part of growing up where you see the flaws in your parents and come to terms with them, at least as best can be done. It’s easy to understand the authors pain, though not pleasant at all to read about it as you see his multiple attempts to bridge the divide. It was interesting to see him tackle the problem as an author, interviewing his family – including his father – and then writing about it, something I don’t know that I’d have the courage to do.

It’s impossible to read it without thinking about where you stand with your own parents and if you’ve done enough to see them as adults and as people. I think I’ve done ok on that part, but I still had a restless night after reading the book, wishing my father was still alive so we could talk again, father to son who is now a father.

More Notes From The PASSWatch Project And Thoughts on Transparency

It’s been just over two months since I wrote the first post for PASSWatch. I’m trying hard to keep PASSWatch a “pure” source so I’m posting my  notes on it here (and will include the link in the weekly summary of course). I can boil the lessons learned down to this:

  • It’s not enough to aggregate links. Even the average 10-20 links per week is overload for most people with limited time. Aggregating is important, but even more important is to highlight the relative few posts focusing on governance, problems, or thought leadership.
  • Summarizing the minutes of the Board of Directors meeting is absolutely worth doing. It’s a way to get people engaged with issues relating to governance quickly and simply. I think the summary is more important than the analysis I provide, but the analysis is important, and I still feel like I don’t do that part justice. For example, recently there was a vote on $45,000 for lead generation and that resulted in a great comment – what is PASS selling and why? To succeed I need to write for the person new to PASS and/or new to paying attention to it’s operations and governance.
  • The time investment is doable so far. It takes about an hour to review the links and format the post once a week. It takes 15 minutes to several hours to write the summaries of the minutes depending on the number of topics discussed, whether I need to email someone with questions, and whether the analysis requires particular care to be balanced and focused. I can support another hour or so a week, so I’m spending time thinking on what I can best do with that hour.

The stuff I’m doing so far is useful, but it’s low hanging fruit. I wrote this in the the first post: I’d like to monitor and foster translucency about the organization (not just the PASS Board). Right now I’m in the fostering stage, attempting to show you and the PASS Board places where more transparency is needed. I believe that is worth doing. The mistake I’ve made in the past is allowing transparency to become code for “show us all the bad stuff so we can then beat you with it”. The challenge of transparency is that it means – at some point – shining a light into the dark corners that have been ignored and need attention. It doesn’t mean only exploring the dark corners! How do you get an organization to overcome the fear of transparency? Or if fear is the wrong word, commit to the extra time and effort that it requires? Convince the organization of the value? An interesting challenge isn’t it?

SQLFamily.Org

Back in March 2013 I wrote We Need A Place For SQLFamily News after the death of the spouse of a local chapter member. In April 2014 we had a former chapter member die and last week I ran across a post from a speaker I know about recovering from a stroke. That reminded me of the we need a place post, so on a whim I did a domain search and found that sqlfamily.org was available, so I acquired it. Now though, what to do with it, if anything? My thought was to do something simple:

  • Once a week post of any news that week. No post if no news. Find news via #sqlfamily tag on Twitter, or that is sent to webmaster, or ?
  • Enable email subscriptions

What counts as news? I don’t see this as high volume, so maybe its:

  • Serious illness
  • Death
  • Marriage
  • Birth of a child
  • Birthday

Worth doing? Worth doing more? What would more look like? More than that, who should do it? I’m up for starting it to see if it works, but long term it should be a family thing, or a PASS thing perhaps. I’d appreciate any thoughts you have on any of that, here, on Twitter, or via email (andy@thisdomain.com).

SQLSaturday Austin

I was pleased to get the email yesterday confirming that I was selected to speak at SQLSaturday #362 on January 31, 2015. I think the last time I was in Austin was 2004 or so when I was at Dell for a week for SAN and cluster training. It was a memorable trip for a few reasons. One was I got a full tour of the PC build facility, impressive to see. Another was it was cold. Cold as in ice on the roads and traffic shut down. We were staying about a mile away and didn’t know if the class would go or not, so we drove – slowly – and got there, narrowly missing sliding into one of the three cars in the parking lost. It was the first time I saw a Keurig style coffee machine and that led to an adventure later on. I also had time for a short visit to the LBJ presidential library. I’m looking forward to returning to Austin and I might go a day early to have time to explore. I might drive up to Fort Hood for a couple hours and think on the path I’ve taken since I left there in 1986 – surely one I couldn’t have projected or expected.

If you’re attending, they have two seminars going this year; Become an Enterprise DBA with Sean and Jen McCown and Murder They Wrote with Wayne Sheffield and Jason Brimhall.

Thoughts On A State of the Chapter Statement (and Doing More)

This is a follow up to a thought I voiced on Twitter last week – the value of a once a year “state of the chapter” message from each chapter (or at least the Orlando ones!). Before we cover that, some background. I’ve never been terribly happy with how PASS measures Chapters. Around 2007-2009 the big emphasis was on the number of chapters and increasing them, very little emphasis on increasing attendance or quality. Since then we’ve seen the SIG’s morph to Virtual Chapters (good) and more of an emphasis on measuring “Training Hours Delivered” (THD) which while not a perfect metric is an interesting one that spans all PASS franchises. What’ve never had (or at least that I’ve seen) is a measure of health of the chapters. For example, here are some metrics I’d want to look at monthly/yearly:

  • Attendance each month and length/number of presentations (for the THD)
  • Virtual or in-person presentation
  • Changes in leadership/date since last change
  • Events held/supported in addition to regular chapter meetings
  • # of members that attended the most recent Summit
  • If the chapter leader attended the most recent Summit

That’s not perfect and surely there could be more, but the point is to see which chapters are growing (and ask why) and which one’s aren’t (and ask why). Lots of lessons to be learned and shared, if we had the information. I’m not clear on what information we gather today, I know we went through a period of none, and then one where we asked the regional mentors (RM)’s to gather it. This is the stuff that dashboards are made of. They can inspire healthy competition, help heal sick chapters, and when needed figure out when a chapter only exists on paper and needs a reboot or a shutdown. Worth doing, and maybe some of that happens now, but we don’t see much beyond the THD number at the Summit each year. That’s not enough detail.

So with all that in my head, I’ve also been thinking “do we do enough in Orlando”? That’s the royal we I guess, since I’m the occasional volunteer and Kendal and Shawn and Karla do the heavy lifting. Two chapters, I think probably averaging 9 or 10 meetings each year, a SQLSaturday for the past 8 years, and this year the Student to IT Pro seminar. Plus tacked on seminars over the years. This year we hosted a joint meeting with Mark Souza, something new. oPASS has been back up and running since mid 2006 or so, a pretty good run, and we’ve been lucky to transition leaders in that time from me to Jack Corbett to Shawn McGehee. Attendance has stayed steady for both chapters and while I would wish for more (because I always want more!), both are doing ok.

Do we do enough? We’ve kicked around running a mid year seminar about 6 months offset from SQLSaturday, a “big event” that wouldn’t be quite as big as SQLSaturday to manage. We’re going to try to build a better partnership with ONETUG (local .Net group) by building a SQL track at the next Code Camp that will be focused on developers. We don’t have a BI (or BAC) chapter here. We’ve talked a little about a “beginner” event that we think would be deeper than Student to IT Pro, basically all 100 level stuff. Kendal has experimented with study groups with (in my view) not great success. What else could we do? Or should do?

That brings me back, finally, to the state of the chapter. I think it would be useful to write a message to the members once a year and say “this is what we did”. Put some numbers in there. Put the things that went well and the things that didn’t. Talk about goals and dreams for the next year, something measurable and hopefully attainable. Come up with a few easy to maintain metrics that we can track year over year. I think it would help the leaders reflect on things done and not done, but it’s also telling the story to the members who rarely appreciate the effort it takes to book a speaker and a sponsor each month, or to find volunteers, or any of the other tasks that get one. I think it would help the members appreciate what a great resource the chapters are, and maybe encourage them to call out topics or areas that need more attention. Wouldn’t it be interesting to be able to include the ranking of where oPASS & MagicPASS stood globally? Compare THD compared to other chapters?

It’s not an easy question – do we do enough? There are things perhaps best done by colleges, by recruiters, by professional trainers, and perhaps things we want to do like study groups that just don’t generate enough good for the effort. Maybe all of that is wrong! We had 700 people register for SQLSaturday Orlando and we served about 450 of them on that Saturday. Of those 700, that may be the only time we see them each year. That’s certainly not the entire DBA/BI/whatever SQL population of Orlando, but it’s a decent chunk. What else could we do for them? My point isn’t to be critical, just to inspire, or perhaps dare, you/us to dream. It’s work to keep a chapter running and doing so is no small thing. Is that all though, or is there a way to do more in a way that serves the local community and doesn’t exhaust the chapter leader? What would make a big impact?

So here’s the challenge. If you lead a chapter, write up 300 or 400 words on what you did in 2014 and what you hope to do in 2015. Share a lesson learned or a pain point or two. Call out your volunteers for applause. Publish that – on your blog, on the PASS blog, send it to me if nothing else and I’ll post it here. Wouldn’t it be interesting to see 5 or 10 or 20 of those and see what can be learned? And then maybe we can see about that PASS level reporting that I mentioned way back in the first paragraph. And then in a year we can look back and see how we did. Doesn’t seem radical does it?

And one more thought. I’m a proponent of leverage. If I’m going to invest an hour, I like to make it count for as much as I can. If I can work smarter and get more attendees, that’s what I want to do. Yet…the beauty of volunteering is that we can do things that aren’t cost efficient in terms of time or money. Doing “more” can be framed a lot of ways, it’s not just about headcount or THD, something I’m reminded of when I think about the effort it took to do the Student to IT Pro seminar this year.

Wait, still one more thought! I’m not on the chapter leader mailing list so maybe I don’t see the ideas, but I wish I saw more ideas published. I know they exist, I’m just not sure they get shared, and even the ones that do – like the ones above – tend to get lost in the storm of posts and tweets. We need more thought leaders and we need more effort to aggregate those. Not sure who or how, but we need it.