Blogging Interesting Stuff

The World Has Changed

In the last month the world has changed and it’s not going back to what it was in the near future. People will behave differently. Work will be done differently. We will all interact differently.

Three months ago asking for multi-gigabit VPN capacity that can handle all your staff would have been at the bottom of the priority list in your business. But here we are and that’s probably what most people have wanted most in their work lives in the last couple of weeks. For the next few years this will be what is expected.

Should this be the new status quo? I think it should and any company that has previously frowned upon a work from home (WfH) option for their staff needs to take note. Many people will be more productive, the company doesn’t need to provide office space for everyone and we now have the tools (if not the etiquette yet) to really be part of a virtual meeting or standup. Teams, Slack, Zoom and others are doing a good job in this craziness.

Equally if you’re working from home, you need to accept that adjustments need to be made to how you work. The boss wants you productive so minimise the slack time watching YouTube videos and don’t be tempted to jump on the Xbox/PS until after work. You have some good benefits here too. No more hour long commute each way to work, nervously looking at the person who just coughed or sneezed. No more excuses about not making your lunch and spending another $70 or more a week on food. You can be as productive and you can use your time better while saving money.

There are of course some downsides and the new approach to work won’t fit for all. If you work in manufacturing, or are active in a role in logistics or transport, it’s just not going to work sorry. Those that can make changes to schedules and make virtual meetings work will benefit and the technology needs to work.

I personally hope that working from home becomes a 50/50 option for almost any office worker. You choose a couple of days a week to be in the office and the rest you work from home. More time, more money and with many less people moving about, less impact of all of us on the environment.

Interesting Stuff Security Sys Admin Web Apps

Chrome 70 vs Symantec Certificates

Chrome 70 is about to dis-trust a whole lot of certificates

So you paid lots of money for a “proper” certificate for your HTTPS website after Google gave non-HTTPS sites a hard time? Well, hopefully you aren’t still using an older Symantec issued certificate as Google (and others) is about to stop trusting those certificates.

Chrome version 70 is due for release in September for beta users and will NOT trust certificates issued before December 1 2017 from Symantec, Thawte, GeoTrust and RapidSSL.

This is obviously a big deal and as the Chrome browser release happens before your 12 month (or longer) cert will expire, means there’s work to do. While you’re revisiting the process of procuring another certificate, perhaps also have a think about why you might not be using the free service from Let’s Encrypt. That’s good enough for most websites unless you’re after one of the more fancy looking icons to show up in the browser for things like shopping carts.

Why is this happening?

The Certificate Authorities (aka CAs like Symantec) that are used to issue certificates that secure our web browser traffic MUST be absolutely trusted. Without that trust, the process fails and we might as well just create our own certificates. The reason why we don’t do that is that the browser vendors effectively have a list of those highly trusted CAs and each site’s cert must have a mathematical relationship to one of those.

In 2017 a number of issues were raised about how Symantec had been running one of their CAs (they have a few). Inconsistencies and bad-practice were highlighted such that both Mozilla (who have a list of the issues) and Google decided to implement a change in trust of certs issued by that CA.

Interesting Stuff

Pressing Pause on Work

The French legislation that was signed off in May 2016 and is in effect as of Jan 1st 2017 will be something studied closely by most other countries in the next few years. Part of the law changes (which included other changes to allow employers to more easily dismiss staff) was to have companies define a time when their staff can effectively disconnect from work email.

Almost all companies have been trying to rapidly adopt a “mobile first” approach to their business, mostly to catch up with their customers who are now using mobiles more than any other device. The flow-on effect of this has been to then try the same with their own work force and for good reason. Give your staff the right information at the right time in order to better serve your customers and improve their experience.

But email, the bane of many people’s lives, was always the first and simplest product to get people to use. Away from your desk, in a meeting, on the train, and of course at home long after work hours finished. This has been a growing expectation at many companies that emails are almost like TXT messages; something that needs a prompt, if not immediate response. But email just isn’t that medium, and that expectation is misguided if a company respects and cares about their staff. Some of this is definitely a cultural shift, perhaps with younger employees moving away from email and not having that old mental connection of email to “snail mail” – something that takes time.

In the research done on the subject of stress levels vs email (a topic I’m sure you’re familiar with), it was found that the more you check your email, the higher your stress levels become. If you can’t disconnect and separate your work time from home/play time then your mental health will likely suffer, to the detriment of one or both.

I work a lot with mobile technology and trying to ensure people have the right tools for what they need to do, but I definitely see the advantage of changing expectations of working after hours. I hope the French law changes provide a measurable improvment in the health of those they affect and that more companies choose to do the same and combine them with similar work environment updates for the “modern age” (whatever that means these days). Work from home if you can, interact with those groups you need to for face-to-face time, but when you’re done for the day, press pause on the work side of your life.

Interesting Stuff

Geo-blocked Content and Business Models

The internet has changed the world we live in dramatically in the last 10 years. This is a fact that no one would dispute. But many businesses are continuing to ignore some of the associated changes that this global connectivity has bought. No longer do the borders of countries matter to data, in that those of us with connectivity can share anything we like.

A business who started on the internet should know what this new world looks like and so should the older content businesses – they’ve had their chance to evolve. Newspapers are very different in many countries now, no longer are they part of the morning ritual and no longer do advertisers queue at their door ready to put up with what was typically a poor experience (ever tried to place a classified ad?).

TV broadcasters are now where newspapers were five or more years ago, and most are acting to embrace rather than fight, the new technology. “On demand” web sites from broadcasters in NZ now often show new content before it is delivered over the air to TV sets. They realise that people can and will get the same content from other sources if they don’t do this and that people want to watch on their own schedules.

The power has shifted away from the broadcasters to the content owners. If people are happy to stream content when they want they often care little for who is providing it. Why are we tied to a broadcaster who simply takes the video, inserts their own ads and then pushes play? As they face this issue they stick to their business model and protect it by forcing their consumers to jump through ever smaller and more restrictive hoops. Want to view this video or listen to this song – sorry, not in your country.

Because of the internet the technology to work around these restrictions is fairly easy to employ for many people. VPNs and DNS configurations allow ways to subvert the geo-blocking restrictions, and are being “consumerised” as apps that Mum and Dad can download and use. Technical changes and smart people will work around what the other tech and smart people create, until we get where we are now; legal threats.

Digital property needs to be recognised as being different from physical property. Theft does not harm the owner in the same way that stealing money or your car does. Yes, consumers should recognise someone’s work and effort and reward them, but consumers also shouldn’t be punished with huge fines due to the loss of a $5 movie rental.

We can’t undo the internet, it’s here to stay and we have to work out a way for quality products to fit into this new world. The new broadcasters (Netflix, Neo, Lightbox, etc) should accept they will all have very similar content and they need to provide the service on top of that to keep customers – not threaten them and split them up by location.

If we can’t work it out, then we might look back on this period and think the internet put a severe dent in human culture because everyone was chasing the money.

Interesting Stuff Security

Personal Data at Work

Computer SecurityThere’s plenty of information and talk around about the issues of allowing company data onto a personal device, but what about personal data on a work device? More and more of our personal data is stored in “cloud” services like Gmail and Evernote that we access from work computers and company controlled accounts.

In the time of buzzwords like “BYOD” business is rightly concerned about their data being on that tablet of yours that you managed to connect to the company wireless. They want to make sure that the correct level of security protects their data – especially things like email that almost everyone accesses from their smart phone, tablet or even web kiosk. Personal devices have proliferated the work place since they became cheaper, smarter and cooler to have than the company provided devices. Right now business is just starting to catch on and recognise that things are changing and that not everything can be restricted or dictated like they used to be.

But for much longer than the iPad has been around, we’ve all been accessing web sites and apps at work with personal login information. Some of the time we also click the “Remember Me” option when logging in without a second thought. All this information about our own email, blogs, password managers, Amazon account and other browsing habits are all sitting on that company device, protected by that one password for your company login.

So think about all the people in your company who have the ability to reset your work account’s password. In an enterprise environment that might be fifty or more people. In an environment that’s been poorly managed that might be in the hundreds. So all any of them has to do is reset your password and login to your machine and start up a browser. Whatever sites you jump onto on a Monday morning without logging into, are theirs for the viewing. You may not even know after a long holiday – “Woops, I must have forgotten my password”. None of your personal sites are being “hacked” or even having their passwords changed, you’re already logged into them on your work PC.

What can you do about this? Don’t save your passwords at work and don’t stay logged in to any service you value. If you’re thinking that you don’t care about access to your email, just think what information is in there – personally identifiable information, and it probably receives password resets for most other sites you’ve signed up to. What about bank account info, insurance updates?

Just to take this one step further combine the person with access to reset your password at work with the person who manages your work cell phones, and the fact your bank uses SMS as a two-factor authentication option. They’re a password reset and SIM transfer away from your bank account.

Infrastructure Design Interesting Stuff

Published Desktop vs Virtual Desktop

I’ve recently been involved in a deeper look at the world of virtual desktops (aka VDI) and what options suit different users groups. There are a few different ways to look at the whole desktop virtualisation and most of them depend on what software your business uses and how your users access it.

With the different types of virtualisation around these days it can be a little confusing about what fits where and how they interact. I’ll run through a quick overview of them here and the products that I’ve been testing with. (Be warned this is a bit of a ramble.)

Interesting Stuff

Dashboards and Displaying Business Data

From Monolith Software blog, “even the best dashboards are somewhat myopic, and badly designed dashboards can lead to complacency, poor communication and eventually overlooked issues, degradations or outages.”

This is something that comes up repeatedly when displaying data from one area to those from the wider business. Data in any form needs to come with the required info or education to provide clarity. The most basic chart can be mis-interpreted by those who make assumptions on the colours, format, numbers, etc before them. Admittedly, providing clear, functional, beautiful dashboards of a business’s data is difficult – and that’s one of the key reasons I enjoy doing it.

Interesting Stuff

Ignore Network Latency at Your Peril

We all know developers need to consider a few things outside their own backyard. Things like hardware and the network affect software even if there’s not much that can be done to control them (even if you’re Apple). This is especially true for the network if you develop software for mobile devices.

So to help us all understand why the nuances of any network are important to all of us, Nic Wise has a good little blog post about what to keep in mind. It’s written in people language and not TCP layers, so we can all benefit from this one.

Interesting Stuff Sys Admin

Using 7zip in Cron Jobs Fails

For those people tearing their hair out trying to use the 7z util in a cron job, have a look in the Ubuntu forums for the solution. Strangely as soon as you start sending the output to a log file, the 7z part of your script will work.

I struck the problem in the Hardy version of Ubuntu Server.

Interesting Stuff Sys Admin

MS Exchange Local vs Hosted vs Google for 10,000 Users

After looking at some comments around Exchange Hosted Services, I thought I might do a quick (and very dirty) comparison between that and Google for 10,000 users. (This is no way reflects on the three options and may not resemble your reality).

MS Exchange Hosted Services would cost US$90k/month for company with 10k email users and selecting roughly half the options available (Communicator and Hosted Archive being two). That sounds really pricey vs local in-house servers and admins? I have no specific Exchange knowledge but say 20 servers across 5 virtual hosts, plus storage and backups is roughly NZ$350-400k as a one-off cost. Plus a team of seven admins to run it @ NZ$80k pa each is a five year cost of around $2.8 million, but lets say $3.2M to round it up to include a few software licenses and some power,cooling and floor space.

Google’s offering that I compared MS against is their Premier Edition of Apps. It’s US$50 per user per year and offers the usual email, calendar, resource booking, etc much like Exchange. I was expecting a few missing features but was surprised to see BlackBerry Enterprise Server (BES) synching and user and group provisioning APIs. It integrates with LDAP and offers Single Sign-On (SSO) so most of your users won’t see too much of a change – especially if they keep on using the Outlook client. The main issue for some businesses may be the 99.9% uptime guarantee – that’s 8h 45m down time per year. I’m sure there are a few features that Exchange holds over Apps but in many situations the cost may outweigh the benefit or it’s just not needed. Using Google Apps also unties you from MS Outlook and possibly MS Office, so this option may open the door to other savings.

So over 5 years for the 10k user company we have the following options:

In-house MS Exchange with 20 VMs, storage and 7 admins = NZ$3.2M

MS Exchange Hosted Services with a mid-tier option seclection @ US$90k/month = NZ$7.4M (at today’s exch rate of 0.72)

Google Apps Premier Edition @ US$50 per user per year = NZ$3.5M

Now one stands out there and not for a particularly good reason. The MS EHS option does include Communicator and Hosted Archiving as an option but I don’t see the extra value over staying with what you have or sending it all to Google. Add to both the off-site options, the project costs of actually implementing this and your own Exchange would have to be in a bad way or have some serious pain to go either way.

What are your thoughts on this one? Are my locally run Exchange costs way off for 10k users and are there any NZ based companies of a similar size (NZ Post’s 2100 users are on the way to Google Apps) that have taken either remote option? Is Google half the service or twice the value of the MS offering?

My last thought would be – just how reliable is that internet connection of yours?