poor Question of the day 7_13_2003

  • quote:


    * In fact, such questions are a test by themself, not for knowledge, but for how one reacts under stress. In these test questions I've made the experience the in most cases the first thought is also the best. I like keeping it simple and stupid. Especially for me, when I think too long about the wording. Anyway, is just a question, not the end of the world

    [To a point, A true enough sentiment, likely a useful approach, and a good attitude. πŸ˜‰ However, would you prefer tests in which all questions are ambigous in a similar manner? - their presence rather muddles and serves to invalidate what is being measured.]


    I have taken many tests.

    What I hate most about them is besides the wording when there are question like 'What is MOST likely..?' , 'LEAST likely..? and stuff like this.

    Mainly while studying macro and micro economics. What about those question style? You may give a correct answer, and this sounds pretty logical to everyone, but there is an even correct(er) answer. Who decides on this? And is this fair, when there are good arguments for both answers?

    I don't care about the logical behind tests anymore. For me QOD is fun and nothing else. If I'm wrong, so be it.

    Hey, FUN is the keyword and here's another challenge to Crappy . Sorry Dale,haven't tried it your way

    Look at this!

    http://195.92.224.73/j20/content/host.asp

    My highscore was somewhat ~35,000

    Have fun!

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • quote:


    * "I think a lot is being read into what these questions are supposed to represent. "

    [This is occurring because the question lacks sufficient details to be answered logically.]


    I think my point was missed somehow so let me restate it because it's probably my fault on the confusion. When Andy, Brian, and Steve put these questions together and introduced Question of the Day, it wasn't to be another CramChallenge (as Brian's own post indicates). Instead, it was supposed to be a fun thing to do, as Frank has seen it as, which is also good for debate and education. Like we're having here.

    As a result, the questions may not have undergone the scrutiny one would give a certification exam question, per se, but that's not the intent. Keep in mind that QoD is now the way to garner points as opposed to the SQLServerCentral.com contests that we used to have. The original contests were there for fun and to spur on contributions from the community at large. QoD seems to be having the same effect through the debating I've seen several of the questions get.

    This, in and of itself, is great because I've seen a lot of new people posting and getting involved who I haven't seen in the past. From my perspective, the more peer interaction we have, the better. The more people who may potentially look at a head scratcher results in a more varied perspective, and one of those just might be the one to solve a problem. And on the fun side, if you enjoy debating, the more folks to jump in, the merrier.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • quote:


    "I have taken many tests.

    What I hate most about them is besides the wording when there are question like 'What is MOST likely..?' , 'LEAST likely..? and stuff like this.

    Mainly while studying macro and micro economics. What about those question style? You may give a correct answer, and this sounds pretty logical to everyone, but there is an even correct(er) answer. Who decides on this? And is this fair, when there are good arguments for both answers?"


    Q1 What about those question style? You may give a correct answer, and this sounds pretty logical to everyone, but there is an even correct(er) answer.

    A1 Such questions often may not actually be measuring knowledge of facts, logic, observable phenomena, or logical problem solving; but rather, they may be measuring an test subject's adherence to: one viewpoint or another, an established dogma, or to the views of the examining authority.

    Q2 Who decides on this? And is this fair, when there are good arguments for both answers?

    A2 Typically, the examining authority decides on what constitutes "an even correct(er) answer". And when there are good arguments for different answers, the rationale may involve the context of the course, department, or institutional focus. For example, examination questions in the context of a "School of Free markets and Capitalism" may generally weight answers in favor of capitalism more highly, whilst those in a "School of Marxist Theory" may generally weight answers in favor of communism more highly.

  • Hi sql_dba,

    quote:


    Q1 What about those question style? You may give a correct answer, and this sounds pretty logical to everyone, but there is an even correct(er) answer.

    A1 Such questions often may not actually be measuring knowledge of facts, logic, observable phenomena, or logical problem solving; but rather, they may be measuring an test subject's adherence to: one viewpoint or another, an established dogma, or to the views of the examining authority.


    these were rather rhetorical questions, I know the answers.

    But thanks for pointing this explicitely out!

    quote:


    Q2 Who decides on this? And is this fair, when there are good arguments for both answers?

    A2 Typically, the examining authority decides on what constitutes "an even correct(er) answer". And when there are good arguments for different answers, the rationale may involve the context of the course, department, or institutional focus. For example, examination questions in the context of a "School of Free markets and Capitalism" may generally weight answers in favor of capitalism more highly, whilst those in a "School of Marxist Theory" may generally weight answers in favor of communism more highly.


    Yes, I know!

    Learn it the way they (whoever they are) want it to and don't spent too much time thinking about the rationale behind. Especially if you have passed

    BTW, maybe I've missed this. Did you score these 2 point?

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • Mist, I hit the button too early.

    What I want to add is a translated german idiom. I guess you have an english pendant for this.

    There is nothing as old as yesterday's newspaper!

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • Frank:

    quote:


    Learn it the way they (whoever they are) want it to and don't spent too much time thinking about the rationale behind.


    But in this case, as Sql_DBA pointed out, we have no idea of knowing the intent of the author, or the way 'they' want it. You are right, life is easiest if you solve it the way others want you to, but since you can't know what the 'others' want, the topic of the discussion still remains; 'Why is this question not Top Of The Range'.

    In a School of Marxist Theory you could atleast put everything into a context. Beeing best friends with the author probably would yield the same understanding.

    And to kick the dead dog again, I believe the question could be better formulated πŸ™‚

    Regards, Hans!

    P.S I did not get these two points due to my answer 'You need to have permissions to any database on the server.' But probably that was quite clear from the start πŸ˜‰

    Create an account, put Guest into DB_Role db_denydatareader in master and see how easy it is to login πŸ™‚ You still have your 'login' but you are actually denied access to 'login'. Hence making it impossible to do your SELECT @@VERSION. Don't we all then feel that you have to have access to ATLEAST one DB? Anyways, the point of QOD is to have fun and to cause respons. On my behalf I am happy the question was abit murky. Otherwise we wouldn't have this nice conversation now, would we?

  • Hi Hans,

    quote:


    But in this case, as Sql_DBA pointed out, we have no idea of knowing the intent of the author, or the way 'they' want it. You are right, life is easiest if you solve it the way others want you to, but since you can't know what the 'others' want, the topic of the discussion still remains; 'Why is this question not Top Of The Range'.


    yes to a certain degree you are right, but I think the wording in this case was simply too much overweighted. To me this happens when thinking too long about a question and the meaning.

    quote:


    And to kick the dead dog again, I believe the question could be better formulated πŸ™‚

    P.S I did not get these two points due to my answer 'You need to have permissions to any database on the server.' But probably that was quite clear from the start πŸ˜‰

    Create an account, put Guest into DB_Role db_denydatareader in master and see how easy it is to login πŸ™‚ You still have your 'login' but you are actually denied access to 'login'. Hence making it impossible to do your SELECT @@VERSION. Don't we all then feel that you have to have access to ATLEAST one DB? Anyways, the point of QOD is to have fun and to cause respons. On my behalf I am happy the question was abit murky. Otherwise we wouldn't have this nice conversation now, would we?


    it's a good discussion, though!

    I scored those two points. Here's my explanation.

    Q: What permission do you need to execute SELECT @@VERSION?

    A: Obviously public

    Q: Who is in public?

    A: Anyone who has a valid login

    So, answer was quite clear to me. But maybe in this case it help, that I am not a native english speaker. Most of the thoughts and arguments discussed here, haven't come to my mind when answering

    And basically I was wondering about Sql DBA's

    quote:


    ...hence the answer "You don’t even need a login into SQL Server." is as valid as "You just need a login into SQL Server."


    argument, which still isn't clear to me.

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • Hello Frank!

    Well, wording is everything πŸ˜‰ You have to know all relevant prerequists before you can answer in a correct way.

    Maybe we should start with the topic name 'poor Question of the day 7_13_2003'. It's not really good wording either since the NewsLetter actually was send the 14'th.

    quote:


    Q: What permission do you need to execute SELECT @@VERSION?

    A: Obviously public

    Q: Who is in public?

    A: Anyone who has a valid login


    Think what you wrote and think of the closest match:

    'You just need a login into SQL Server'

    Where did you read Valid login? That would have been a better formulated question though. But not a good one. It still raises the question: What is a Valid login? Do they mean an account with the ability to login to SQL server? Because that implies that you are either Explicitly added as a user in 'master' or that Guest has permissions to a Database (master). Is a valid login just a login that has no permissions at all but not deleted? With that definition, denying Guest in 'master' yields as result that you can't login even if you have your 'valid' login.

    Actually answer 'You need to have permissions to any database on the server.' is not good either. Because as Brian wrote, it implies

    quote:


    as having permissions to at least one.


    which does NOT imply permissions to DB master (which still would make it impossible to login). Hence that neither constitues as a good answer.

    Which makes us consider nr 4: You need db_datareader rights to the master database.

    Now, this is what you need. Or at least this is the closest right answer (when thinking about this some more). You DO need db_datareader rights to the master database or equivalent permissions. If they are Explicit or Implicit is contained in the word 'equivalent'. Without those, you NEVER can execute SELECT @@VERSION.

    Answer nr 5 just raises a bigger question, what is a Login? Is NT group membership with permissions in SQL a login (Exactly like Sql_DBA pointed out in his (it's?) first QOD posting).

    I think that last part from Sql_DBA just wanted to state that we do not know how the author defines a Login.

    Regards, Hans.

    P.S Why not reformulate the question as 'What is sure to make you able to execute (...)'. Answer: You must have SysAdmin rights. There. Perfect. No question about it.

  • Hello Hans,

    quote:


    Well, wording is everything πŸ˜‰ You have to know all relevant prerequists before you can answer in a correct way.


    I like to compare this one to buying a stock. You can read all relevant analysis, you can discuss with your broker, you can calculate till your head explodes, have a strong educational background in finance...So you can do everything possible, to make a good decision. You have all prerequisits. Agreed?

    Now you buy the stock, and guess what, it performs poor.

    What happened?

    After all, your decision was right and plausible and at the same moment it was not.

    I started with doing technical analysis, calculating ratios and all that stuff. Did I outperform? NO!

    Meanwhile I've changed my behaviour. In my opinion the key to success in my example is psychology, say behavioural finance. It doesn't matter what you think about the stock, it only matters what you think the broad mass of investors is thinking about this investment. The single is irrelevant, just the public reaction on it. A big part in such a decision comes from the stomach (hope you know what I mean).

    To return to the question. What I am clumsy ?!? trying to express, it that to be able to do anything in SQL Server you need a login. however this may look like. This is the least common denominator! My stomach was telling me this, so I chose it.

    Simple as that!

    quote:


    Think what you wrote and think of the closest match:

    'You just need a login into SQL Server'

    Where did you read Valid login?


    oops, sorry my mistake, I guessed this . It wasn't mentioned in the question.

    quote:


    Actually answer 'You need to have permissions to any database on the server.' is not good either. Because as Brian wrote, it implies

    quote:


    as having permissions to at least one.


    which does NOT imply permissions to DB master (which still would make it impossible to login). Hence that neither constitues as a good answer.

    Which makes us consider nr 4: You need db_datareader rights to the master database.

    Now, this is what you need. Or at least this is the closest right answer (when thinking about this some more). You DO need db_datareader rights to the master database or equivalent permissions. If they are Explicit or Implicit is contained in the word 'equivalent'. Without those, you NEVER can execute SELECT @@VERSION.

    Answer nr 5 just raises a bigger question, what is a Login? Is NT group membership with permissions in SQL a login (Exactly like Sql_DBA pointed out in his (it's?) first QOD posting).

    I think that last part from Sql_DBA just wanted to state that we do not know how the author defines a Login.


    I think now you're exaggerating a little bit. I'm not firm in discussions in english about whether the glass is half-full or half-empty.

    Define Login -> Put 3 dba's in one room and get 4 opinions

    BTW, the ultimate answer to the whole discussion can only be given by the author of the question.

    I really like those discussions! They help me getting somewhat business fluent in written english

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • quote:


    put Guest into DB_Role db_denydatareader


    But this means the login still has access to master. You've also not disabled any access to the system stored procedures, BTW, many of which public (and therefore guest) has access to.

    quote:


    You DO need db_datareader rights to the master database or equivalent permissions.


    This is not completely correct. I'll have to dig in my notes, but really you only need access to two objects. I'll cover this in a later security article (it's in the queue), and it comes from the OpenHack 4 configuration by Microsoft.

    Keep in mind that the guest user is enabled (and required) in tempdb as well. So even if you block it in master, the login still has valid access to at least one database.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    Edited by - bkelley on 07/16/2003 07:44:38 AM

    K. Brian Kelley
    @kbriankelley

  • Hello Frank and Brian!

    quote:


    'put Guest into DB_Role db_denydatareader'

    And => this login still has access to master.


    Right πŸ™‚ But I was doing it as a counter-example. You have a 'valid' login but you cannot login. Hence you cannot execute your SELECT. So there, Answer nr 1 does not work.

    quote:


    Hans:

    quote:


    You DO need db_datareader rights to the master database or equivalent permissions.


    Brian:

    you really only need access to two objects


    I agree. Though my point was, mostly, that after some considerations:

    quote:


    (...) Or at least this is the closest right answer


    The postings (by me) has so far just been to prove that Answer nr 1 should not be the right one.

    Regards, Hans!

    P.S

    quote:


    the guest user is enabled (and required) in tempdb as well. So even if you block it in master, the login still has valid access to at least one database.


    Which only proves that if you have an account that enables you to log in to SS, you have access (permissions through Guest) to atleast 'master'. Therefore Answer 1 implies Answer 2.

    Edited by - hanslindgren on 07/16/2003 08:07:57 AM

  • quote:


    This is not completely correct. I'll have to dig in my notes, but really you only need access to two objects. I'll cover this in a later security article (it's in the queue), and it comes from the OpenHack 4 configuration by Microsoft.


    SQL Server configuration can be downloaded, among other useful stuff from

    http://www.eweek.com/article2/0,3959,743002,00.asp

    There is also the absolute minimum on permissions described.

    BTW, Brian, have you ever been on http://www.openhack.com ? It seems to be no longer valid (just to close to ring to this topic )

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • Hello Hans,

    quote:


    The postings (by me) has so far just been to prove that Answer nr 1 should not be the right one.


    just to show the result-oriented approach in thinking good management should show :

    So, how do we get out of this situation?

    What is your suggestion?

    Cheers,

    Frank

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • quote:


    There is also the absolute minimum on permissions described.

    BTW, Brian, have you ever been on http://www.openhack.com ? It seems to be no longer valid (just to close to ring to this topic )


    I visited there when it was up. I have all the files stored locally. The article will write up what I know breaks when you lock it down this tight. Things like MS Access, ODBC Administrator, etc.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • quote:


    Right πŸ™‚ But I was doing it as a counter-example. You have a 'valid' login but you cannot login. Hence you cannot execute your SELECT. So there, Answer nr 1 does not work.


    I'm assuming you tested this. Out of curiousity, did you add your login to master as a user before blocking guest in this manner?

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

Viewing 15 posts - 16 through 30 (of 44 total)

You must be logged in to reply to this topic. Login to reply