Sunday, November 17, 2019

The Cloud is Full

Recently ZDNet's  All About Microsoft reported that Microsoft Azure customers had reported hitting virtual machine limits in U.S. East regions.
This is scary.

There were a small number of comments (7) that related that they had had the same experience. Here is a typical comment.
GetNrDone
Happened to me. I tried to deploy a new SQL database in eastus2 2 weeks ago only to be greeted by an error. Opened a tickets and was basically told there was nothing they could do. Escalated the issue with our TAM which also could not get approval for 1 database to deploy. I was asking for the smallest database they offer (s0) and was told we couldn't have it. No communication before, no warning emails, no blog posts, nothing in the service dashboards, even our account team didn't know anything about it. Completely blindsided me and delayed development on an app for a week while i could move resources to another region. Unacceptable and definitely does not live up to promises made!
There's a reddit thread on this here.
dops0
We've faced this issue in North Europe, East US and West US 2. This has just started happening over the last couple of weeks and what's even more frustrating is, we already have sufficient quota allocated to us, but, our users haven't been able to deploy their machines even when within this quota.
This issue hasn't blown up so either it has been resolved or customers were able to work around it as GetNrDone did.

Regardless this is another consideration for using anyone's cloud services. I'd even suggest trying to putting a clause in your contract that guaranteed x% of available capacity on the vendor's part. I'd bet that none of the vendors would accept that but that would at least make the vendor play their cards.

Sunday, November 10, 2019

Cloud Management Skills

Recently McAfee published a report on cloud adoption and risk. The Register did a review of the McAfee study.

The Register concluded:
The ongoing rash of data leaks caused by misconfigured clouds is the result of companies having virtually no visibility into how their cloud instances are configured, and very little ability to audit and manage them.
That's really scary. But it supports my concerns that moving workload to the cloud doesn't eliminate work/effort, i.e. manpower, but rather changes the skills required.

An organization should thoroughly understand the skills change that moving to the cloud brings.

These changes may be addressed with training but may require changing personnel to acquire the appropriate skills. These changes and the change management time and effort should be incorporated in the project timeline and budget for cloud implementation.

McAfee observed:
It’s possible the speed of cloud adoption is putting some practitioners behind.
The number 1 cause of cloud security issues noted by McAfee was "Lack of staff with the skills to secure cloud infrastructure."


That entire list is a good reference when considering moving workload to the cloud.

Sunday, November 03, 2019

Nebo Professional Note-Taking

I had promised more about my new iPad so here it is.

One of my primary objectives for any tablet is to be able to take handwritten notes on it. I even tried that on my Asus Transformer Mini. I used MyScript's Nebo on it but it's a Windows tablet and you know how that is.

So the new iPad supports the Apple pencil technology. Of course I wouldn't buy an Apple pencil. That'd be too easy and expensive.

I ended up with a Adonit Note stylus for half the price of the Apple pencil..

Then I needed a handwriting app. My search kept coming back to MyScript's Nebo. While I wasn't wild about the $10 price I knew from my own experience that it would work well.

And it does.

The following slide show walks through a couple of the help screens. Then you can see my handwriting and the real-time conversion to text. Then I exported it to OneDrive in .docx format.


It all works really well. There are a lot of formatting tricks that you can do but I just want to capture the text.

Sunday, October 27, 2019

iPad Bluetooth Keyboard

When I posted recently about my new iPad, I said that there would be more posts. This is the first of several.

One of my primary uses of an iPad is typing. Even though I use Google's Gboard keyboard, typing on a touch screen is not to my liking.

On my previous iPad Air I had used a Zagg Bluetooth keyboard. I used it so long and hard that the hinge finally broke.

I couldn't find that Zagg had a similar keyboard for the 6th generation iPad.

After some searching I found a Bluetooth keyboard for this iPad.
It's not a ThinkPad keyboard but it works pretty well. And when closed it protects the iPad's screen.

Sunday, October 20, 2019

Checkm8 - Now Is A Good Time To Start Worrying

Have you heard about the new exploit of many iPhone models' boot ROM?

It works on iPhones from the 4S to the X.

There are articles here, here, and here.

Ars  Technica summarized it as:
  • Checkm8 requires physical access to the phone. It can't be remotely executed, even if combined with other exploits
  • The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
  • Checkm8 doesn't bypass the protections offered by the Secure Enclave and Touch ID.
  • All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don't have the unlock PIN, to access the data stored on it.
  • Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices.
Physical access, only tethered jailbreaks, lacks persistence, doesn't bypass Secure Enclave and Touch ID, etc.

Doesn't seem to be a big deal to most people.

But the last bullet is the really important one. Even this minimizes the BIG point.
Checkm8 is going to benefit ... hackers by providing a way ... to access the lowest levels of iDevices.
What this means is that from now until the iPhone X is no longer supported by Apple, every security release of iOS will be immediately reverse engineered to discover what vulnerabilities have been fixed. Then malicious hackers will rapidly develop exploits that don't require physical access, tethered jailbreaks, are persistent, and bypass Secure Enclave and Touch ID, etc. Further the hackers will be able to examine Apple's security code for further vulnerabilities and then exploit them as zero days.

Steve Gibson explained this is depth on Security Now #736 (YouTubePDF):
That means that the instant an update is released, it can now be fully reverse engineered, analyzed, and compared against the previous version, which will allow both security researchers, but also bad guys, to figure out what Apple has changed, what it is exactly that Apple fixed. And if they're able to get an exploit out into the wild before a targeted device has been updated, they could take advantage of that. 
Apple can no longer lock down their platform. It is going to be open for anyone to reverse engineer any changes Apple makes to devices which are necessarily still being supported and are receiving updates.
Now is a good time to start worrying.

Sunday, October 13, 2019

Undesign

There was a recent article in Quartz about Elon Musk’s quest for “undesign.”
When Elon Musk leads engineering meetings at SpaceX, he says, “the thing I am most impressed with is, what did you undesign?”

Which is to say, what complications did engineers remove? How did they simplify the vehicle?
Without getting sidetracked on Elon Musk, I really like his concept of “undesign.”

For most of my career I have striven for 2 sometimes conflicting objectives: scale and availability.

My experience is that complexity, particularly the associated boundaries, contribute to un-availability.


At first it would seem that even with the compounding of high availability, e.g. 99.999% and 99.999% you would still get 99.998% availability. But that's not the real world. Cobbling together the interconnects (boundaries) you will be lucky to get them to 99.9%. Then do the math. 99.999% x 99.999% x 99.9% gives 99.898%. You've gone from 5 9s to less than 3 9s.

Explain that to your boss.

When I was with a large Memphis-based logistics company, I would always choose simplicity.

That caused us to struggle with scale but that was easier to buy than availability. And the struggle with scale was easier to explain to management.

Take Elon’s advice to heart.

Sunday, October 06, 2019

iPadOS

When Apple announced iOS 13 they also announced iPadOS.


But iOS 13 wouldn't run on my 1st generation iPad Air. And I'd been struggling with only 16GB of storage.

That was enough of an excuse to sell it on swappa.com and buy a 6th generation iPad.

As soon as I got it I installed iPadOS 13 Beta 4. I followed this all the way through iPadOS 13.1 Beta 4.

And iPadOS promised something that I had always wanted: The ability to easily import files into the iPad without iTunes.

Boy, was I going to be disappointed.

In this Forbes article entitled "Early Thoughts: iPadOS Will Change The Way You Work" said:
#2: A full embrace of external storage devices:
By allowing the iPad's Lightning or USB-C port (depending on what model you have) to be used with adapters to connect to external USB storage devices, consumers can now easily share files utilizing the Files app in iOS and iPadOS. This is not a trivial new feature - it really brings the iPad (and iPhone by extension) significantly closer to the same type of file sharing functionality that has been available in MacOS and Windows for over 20 years.
No, not really. But back to the story.

I even went out and bought a 128GB Lightning/USB-A drive. At least I got a good price on it.

The new feature in iPadOS that is supposed to be "A full embrace of external storage devices" is the Files app.

The Apple fanboys fawned all over this new app. Unfortunately they were victims of Apple's Reality Distortion Field.

ZDNet finally slipped up and admitted what is real on slide 9 of 9:
The Wrap Up
Developers have yet to take full advantage of the new capabilities in the Files app and add-on storage. In particular, including add-on storage as a location apps can import data from. But I'm sure they're working on it.
Does iPadOS make file management as flexible as MacOS or Windows? No..
"But I'm sure they're working on it." GIVE ME A BREAK!

So what does the Files app do?

Not really very much. Basically it provides a separate file store on an iPad or iPadOS device. For the external storage devices that will connect you can move files into and out of this file store.

What you can't do is move these files into and out of native apps' file store. For example, you can't copy a video file from an external drive and have it show up in the TV app. You can't copy an audio file from an external drive and use it as a ringtone. Oh, the Files app may play the video file from the external drive but try to hand that to a 3 year old and have her play it.

While I'm on a roll, the Lightning/USB-A drive I have can't been seen by the Files app. Suggestions from a fanboy were to use an Apple camera dongle. Oh, that doesn't support Lightning input. Further suggestion was to use an external power supply to power the Apple camera dongle. And you need an USB hub for that.

Here's a picture of the recommended configuration:


They fudged by cropping out the external power supplies for the camera adapter and the USB hub.

Here's an excerpt from a RedmondPie article:
Tested & recommended USB flash drive and hubs for iPhone and Lightning-based iPads:
  • Apple Lightning to USB3 Camera Adapter: $32 (required for Lightning-based iPhones and iPads for connecting USB-A flash drives to them as well as providing external power as most drives won't work on Lightning based devices until and unless external power is provided to them)
  • SanDisk Ultra CZ48 256GB USB 3.0 Flash Drive: $34
  • Samsung Duo Plus 256GB – 300MB/s USB 3.1 Flash Drive: $54
  • Samsung Duo Plus 128GB USB 3.1 Flash Drive: $30
  • SanDisk 128GB Ultra Dual Drive USB Type-C: $22.99
  • SanDisk 256GB Ultra Dual Drive USB Type-C: $39
Notice the first item in the list: Apple Lightning to USB3 Camera Adapter!

Also, the Files app won't support my Windows 10 SMB share. It will support my Drobo if I connect to it as smb://drobo.local.

In spite of that I love my new iPad. More later.