There’s plenty of information and talk around about the issues of allowing company data onto a personal device, but what about personal data on a work device? More and more of our personal data is stored in “cloud” services like Gmail and Evernote that we access from work computers and company controlled accounts.
In the time of buzzwords like “BYOD” business is rightly concerned about their data being on that tablet of yours that you managed to connect to the company wireless. They want to make sure that the correct level of security protects their data – especially things like email that almost everyone accesses from their smart phone, tablet or even web kiosk. Personal devices have proliferated the work place since they became cheaper, smarter and cooler to have than the company provided devices. Right now business is just starting to catch on and recognise that things are changing and that not everything can be restricted or dictated like they used to be.
But for much longer than the iPad has been around, we’ve all been accessing web sites and apps at work with personal login information. Some of the time we also click the “Remember Me” option when logging in without a second thought. All this information about our own email, blogs, password managers, Amazon account and other browsing habits are all sitting on that company device, protected by that one password for your company login.
So think about all the people in your company who have the ability to reset your work account’s password. In an enterprise environment that might be 50 or more people. In an environment that’s been poorly managed that might be in the hundreds. So all any of them has to do is reset your password and login to your machine and start up a browser. Whatever sites you jump onto on a Monday morning without logging into, are their’s for the viewing. You may not even know after a long holiday – “Woops, I must have forgotten my password”. None of your personal sites are being “hacked” or even having their passwords changed, you’re already logged into them on your work PC.
What can you do about this? Don’t save your passwords at work and don’t stay logged in to any service you value. If you’re thinking that you don’t care about access to your email, just think what information is in there - personally identifiable information, and it probably receives password resets for most other sites you’ve signed up to. What about bank account info, insurance updates?
Just to take this one step further combine the person with access to reset your password at work with the person who manages your work cell phones, and the fact your bank uses SMS as a two-factor authentication option. They’re a password reset and SIM transfer away from your bank account.
I’ve just started a 90 day trial of the Microsoft Azure cloud service as I’ve got a day session next week with MS on the topic. For those of you thinking about giving it a go I suggest you go and jump in now. It’s very easy to sign up (no cost but it does ask for your credit card details) and the management portal is very easy to use. In 5min I have a web site running, a server being provisioned and a domain namespace configured.
There’s also the suggestion that the websites you add remain free after the trial period, but I’m cynical and thinking that you still need to pay for data transfers and storage at least.
You can provision a whole raft of different infrastructure from within Azure, some of which are shown on the left. There are plenty of Linux images to kick start your server provisioning off and the websites come with templates for common web apps – blogs, CMS’s, etc. While there are some apps in the later category that use non-MS technologies like MySQL, it seems you can’t provision a standalone database other than a SQL instance. Perhaps to be expected.
Once your new virtual machines are up and running you can download an .rdp file to get access to the server and do your normal tasks. But an RDP session from NZ to the Southeast Asia data centre is a bit slow, so I’m, thinking my home connection is either a little busy or connectivity really is that bad out of NZ.
DNS and other management roles such as AD and the associated namespaces are easy enough to add too. The configuration for the namespace includes all the identity provider set up that will also allow your apps and services to plug into your own source of user info.
All things considered after an hour or two of playing, the Azure 90 day trial looks to be very worthwhile, even just for a play. If you’re a business based around some of these core Microsoft technologies there’s a good chance this may be your “gateway drug” to actually stepping into doing this Cloud stuff for real.
For some reason the 64bit download of Windows 8 Enterprise from TechNet does not prompt for a license key but does try and activate – and then fails every time. When it does enter the normal activation process you’re likely to see a DNS error or something along the lines of being unable to connect to the remote activation service.
So credit to the forum at Techplex for the simple solution, albeit unclear why it is needed in the first place.
Solution: Right-click in the lower left screen corner and open a command prompt as admin. Type in the following and hit Enter.
The Windows Activation process will start, you can enter your TechNet license key and then the app will connect to the remote system and you should then have a properly activated Windows 8 device.
I’ve been designing a new secure Windows domain whose users need access to an IIS website in another domain. The obvious question is, “How can we transparently auth users to that site from both domains?” which IIS looks to make pretty easy – as long as there is a domain trust in place.
Looking around for more info I found an excellent article on WindowsITPro that explains all the various IIS authentication types. So I needed to share its goodness.
If you’re a Ubuntu user who finds themselves with an ugly message like this one day when running a apt-get update,
No apport report written because the error message indicates a disk full error
you may have thought you’ve run out of disk space and run the command,
but then found you had plenty of space free. Well maybe you do have plenty of bytes free but what about inodes? They’re effectively a limitation of the number of files you can have in a filesystem. Read more ›
Tagged with: apt-get
Posted in Sys Admin
I’ve been looking about for some free Git hosting and found that most options like Github require you to make the code available to everyone. So I was pleasantly surprised to find Bitbucket from those ingenious Aussies at Atlassian.
There’s some excellent documentation, the system is easy to use and your first push from your local repository can be done with a few minutes after you’ve signed up.
An issue tracker is available for each of your projects and can be made public while your code is still private. So for a small team or individual it’s a valuable tool even just to use as a backup for your local code repos and keeping track of the odd bug.
I’ve recently been involved in a deeper look at the world of virtual desktops and what options suit different users groups. There are a few different ways to look at the whole desktop virtualisation and most of them depend on what software your business uses and how your users access it.
With the different types of virtualisation around these days it can be a little confusing about what fits where and how they interact. I’ll run through a quick overview of them here and the products that I’ve been testing with. (Be warned this is a bit of a ramble.) Read more ›
I have a DRBD setup similar to an old post that’s being used between two Ubuntu servers hosting MySQL. Every few months though the pair goes into a split-brain situation where the secondary can’t see the primary and refuses to reconnect. Users are unaffected as the primary is still working fine, but the HA is lost.
After trying a few different combinations of commands this is what seems to work best for me and cause the quickest recovery. I’m only dealing with a 10GB device so a full sync takes about 10min. If you’re using DRBD for a much larger device, make sure you consider the sync time before doing this.
On the secondary node:
drbdadm secondary all
drbdadm disconnect all (it's status goes to Secondary/Unknown)
drbdadm invalidate all
drbdadm connect all
On the functioning primary node:
drbdadm connect all (a full sync now starts)
Remember, it’s your data you’re dealing with so make sure you’re responsible before you run commands like this.
Update – no sign of the root cause of the issue either. After a system update that included the drbd package, things seem to have settled down.
I’ve been looking for a free, open source chart library for a while and was struggling to find something that was good enough (and handled time series and missing data points well). For a long time I’ve been using Fusion Charts (FC) and Open Flash Chart (OFC) in any in-house work and those products are very good. But they’re Flash, a little slow and not supported by some popular mobile devices. I’ve also used pChart for some testing but it was fairly stale in development and being images, had no interaction.
The Flot JS library was something I’d seen a while back, but before I became comfortable with JS and jQuery. It does almost exactly what I want, is farily light-weight, extensible and easy to use. In a few hours last week I swapped out the FC code I had written for Overview and put in something almost half the size with Flot that created (in my view) a better product.
So I thought I might let others know what a nice, easy option Flot is with a little example. Beware this is not a fully working, copy and paste sort of example, it’s really just a chunk of generic code I pulled out. Read more ›
DisplayPoint is a solution to meet the demands of displaying content as easily as possible on screens around your business or public space. All you need is a device that runs a modern web browser and you can centrally manage your dashboards and big screens from your desk.
Anyone can schedule and show images, movies, messages, websites or RSS feeds to a group of computers. Rather than buy some sort of application that you must install on all your computers or a server, just get a low-powered machine and a web browser.
DisplayPoint is being extended regularly and I’m open to requests for features which fit the general use of the product. Some of the current features are,
- completely browser-based
- centrally managed by anyone with a web browser
- content can be displayed for any duration
- show images like a slide show
- view movies from your own network or stream from YouTube
- post messages to inform others of meetings, news, etc
- import and cache RSS feeds from news sites
- display web pages that automatically scroll down to show all content
- set content to expire at a certain date and time
- add multiple display devices to content groups e.g. marketing sees one content group and the engineering teams see another
Use it to cycle through the photos from the company BBQ with messages about the next team meeting mixed in. You can even use it in public areas to highlight videos and show messages specific to that area.