Romer Out

Paul Romer is no longer involved with the charter city process in Honduras.  Steve Sailer’s take is fair, but a bit snide.  Government (and the oligarchs who prop it up) are the problem, and so there’s little incentive for them to introduce competition and institutions which may end up ruining their control of national power.

Next time, Romer &c should get a pre-nup before getting in bed with a government, I suppose…  But it doesn’t mean that they shouldn’t keep trying.  I don’t want seasteading to be the only potentially reasonable solution.

Using nmap To Scan For SQL Servers

Brian Kelley has a good post on how to use nmap to find SQL Server instances on a network.

If you can focus on a particular subnet, you can also use other techniques like sqlcmd -L,but using nmap allows for a lot more flexibility.

Bonus:  Brian also rants about common sense (or the lack thereof).  I would argue that people who try to explain things should, in fact, tread carefully and throw out warnings like they’re candy.  In the first instance, you don’t know who your actual audience will be:  yeah, the guys with 15 years of experience and outstanding processes may hit the link because they forgot the exact syntax for getting that nmap scan running, but you’ll also get accidental DBAs looking for a way to document server sprawl, networking people who talk about “the database,” app developers who know how to write select statements and thus get pushed into DBA roles, or somebody whose CIO is standing in his cube waiting for results.  In all of those cases—including the guy with outstanding processes, experience, and an abundance of common sense—it’s good to give that warning because either the person does not already know the potential dangers, or perhaps is not thinking of the dangers at that time.  Taking that extra minute to say “Hey, don’t run this unless you do A, B, and C first; CYA is your friend” is definitely worth it, even if it’s just as a nagging reminder.  After all, even those guys with 15 years of experience and loads of common sense can make a typo or forget that this code has a side effect (or main effect) that they should prepare themselves for.

Is Stack Overflow Secure?

Troy Hunt has a great post on whether or not Stack Overflow is secure.  The answer is, “it depends.”  Security isn’t just about buying equipment and configuring systems; it’s about figuring out what you need to protect and which scenarios you need to cover.  SO doesn’t encrypt data on the site and you could steal somebody’s Stack Overflow cookie, but you’d have to be in a particular scenario (open wi-fi, for example) for this really to work.

I’d much rather that Stack Overflow (and other sites) went to HTTPS by default, but those are the types of sites that I wouldn’t worry too much about—I don’t have any money tied up in it, after all.