Lessons from the last few days
Twice in the past few days I’ve had the opportunity to be reminded that one shouldn’t forget lessons of the past – one of the opportunities was personal and the other was professional.
The personal one happened yesterday on my farm. The family was over for Mother’s day dinner and after dinner, my son wanted to go target shooting with my father. We got out the .22s and shot some cans and some targets. After a bit I decide to get out my 7mm-08 hunting rifle that I bought a few months ago. I had never shot it before and I wanted to see what it was like. I have a pretty fair experience with guns. I grew up around them, have shot them on and off my whole life and have taken a number of safety classes. However as I took up the 7mm-08, I wasn’t thinking very hard 🙁 I was treating it like a .22 and, other than the shape, there aren’t many similarities. I peered through the scope and sqeezed off a round. The recoil shoved the scope into my forehead and made a deep gash. After getting over the initial daze I just started kicking myself. I’ve fired guns with scopes many times. I’ve warned people about not putting your eye too close to it and none-the-less I had a momentary lapse and am paying for it. It’s amazing how you can forget something as simple as that. Fortunately, little harm was done other than a permanently blood stained shirt and a jolt to my pride. I suppose it may leave a scar, but that would be a good reminder of a lesson relearned.
The professional one happened Friday. We are just dotting the Is and crossing the Ts on the 2010 Beta 1 release. We had a big fire drill on Friday over a late bug discovery. The TFS installation/configuration programs log everything they do to a text file so that we can assist customers when they have problems. We discovered that they were logging service account user names and passwords. This is another lesson from long ago. The issue of logging sensitive information first crossed my radar almost 10 years ago when we began our intensive focus on security and privacy issues. We discovered that many of our applications (back then) were doing it. It became one of the handfull of “no-no’s” that when into our security cookbooks and security training. Everyone on our development teams is required to retake security training every year to stay fresh on how to ensure we are writing secure products. Yet somehow we managed to let this get into the code. Of course, the good news is that we caught it even before the first Beta went out, so despite a momentary relapse, the awareness is there and the issue has been fixed.
As I’ve mused over these two incidents today, It has really struck me how similar they are. No matter how many times you’ve been told something, momentary lapses happen. It’s good to know that neither of these are likely to have significant long term consequences. However, I may have a scar and TFS may be known (internally at least) for having to take the last bug fix in all of Developer Division for the Beta 1 release.