Sunday, June 13, 2021

Exchange in the Tank

This article came up in my feed recently:


This noted that the Microsoft Exchange admin portal was down after Microsoft forgot to renew the SSL certificate for the website.


That sounded familiar to me so I went back and searched my blog.

Bingo!


In that case Microsoft tweeted:
As Yogi Berra said:
It's déjà vu all over again.

Apparently Microsoft didn't take my advice:

Maybe they should have put a reminder on their Outlook calendar. 

Sunday, June 06, 2021

Windows.old

I know I'm not your normal user. I try things so you don't have to.

Recently I forced the installation of Windows 10 21H1 on my ThinkPad. To do this, I downloaded the Windows Update Assistant and ran it.

Don't try this at home.

Unlike the upgrade from the Windows Update app, this process does a FULL Windows 10 update.

But it all went well. It took a long time unlike using the Windows Update app but worked fine.

Then a week later, I was poking around in my C: drive. (You do this, don't you?)

I found several folders that I wasn't expecting:

$GetCurrent - 4.23 GB
Windows10Upgrade - 3.62 GB
Windows.old - 25.6 GB (that's not a typo)



Those weren't really a problem on my HD but still that's over 33GB of space.

Surely Windows 10 would clean those up. Some of them are supposed to be cleaned up 30 10 days after the upgrade. That period had not lapsed.

Windows 10 has a Storage Sense feature that has an option to "Delete previous versions of Windows".


I ran that and it reported that it cleaned up 17.4 GB by deleting Windows.old. That's a nice start.

Now you ask why did it only clean up 17.4 GB if Windows File Explorer said that Windows.old was 25.6 GB? Read this until your head hurts.

Windows 10 Forums said that uninstalling the Windows Update Assistant will delete the Windows10Upgrade folder. I uninstalled the Windows Update Assistant and the Windows10Upgrade folder was gone.

How-To Geek said that the $GetCurrent folder can be deleted but should be deleted automatically. After 10 days, its size was only 181 KB.

Sunday, May 30, 2021

Microsoft Aggressive Updates

In several of Microsoft's recent updates, e.g. Windows 10 21H1 update, when the system reboots the user is presented with aggressive fullscreen dialogs.

Here is what I saw on one of my systems and how I recommend that you respond.


"Your device needs to connect to a few more Microsoft services ..."

No, it doesn't "need" to connect. Ignore everything and click on "Continue".


"Use recommended browser settings"

No. Click on "Don't update your browser settings" and then click on "Apply Settings".


"Sign in with Microsoft"

Again, no. Click on "Cancel".

Give it up, Microsoft.

Sunday, May 23, 2021

Saleforce's Circular Dependency

I follow cloud vendors' outages. Broadly, I believe that cloud vendors can deliver higher availability than most SMBs can do themselves. Enterprises are a different discussion.

But I always get a kick of looking at various cloud vendors post mortem reports (archive.is).

Recently Salesforce had a DNS outage. Like other vendors, e.g. Microsoft, the Salesforce outage even took down their status page!
And look at the spin they tried to put on it.
"We're not blaming one employee," said Chief Availability Officer Darryn Dieken.
And then they threw him under the bus.
"For whatever reason that we don't understand, the employee decided to do a global deployment," Dieken went on.
They don't understand?

But wait, there's more...
"In this case," he went on, "we found a circular dependency where the tool that we use to get into production had a dependency on the DNS servers being active."
 
If you're going to run a cloud service, you've GOT to design to avoid these kinds of problems.

Sunday, May 16, 2021

Amazon Photos

Sorry, but this is just a rant. I'm an Amazon Prime user. I have several Amazon Echos. On the Echos, I have the display set to play a slideshow of photos from Amazon Photos.

That has been working fine until 05/11/21. The Echo Show 5 started only displaying the weather, no photos. I poked around in the settings and confirmed that I had the display set to show my photos, the weather, and upcoming calendar events.

Amazon has a tacky habit of silently turning on other features but this time that hadn't happened. So I navigated to re-select the Amazon Photos album to use as a slideshow.

I got a screen that prompted me to sign up for Amazon Photos. But, I already had that capability with Amazon Prime.

I went to my Echo Show 8 HD. It was showing the slideshow. Just for fun, I navigated to re-select the Amazon Photos album to use as a slideshow.

BINGO, I got a screen that prompted me to sign up for Amazon Photos in spite of the slideshow working just fine.

Ok, so I went an logged into the web interface of Amazon Photos. Every time I tried to access an album I got a message that there had been an error and I should try again later.

By then, I was really confused. My next 2 routes were to 1) factory reset my Echo Show 5 or 2) call Amazon for support. Neither seemed particularly likely to resolve the problem.

So I ignored it for a couple of days.

Then on 05/13/21 I got an e-mail from Amazon saying:


Putting that ANYWHERE earlier would have been very valuable to me.

Sunday, May 09, 2021

Reload Windows on Your New PCs

Now, Dell is not my favorite PC vendor. It probably has something to do with the smoke that came out of my coworker's office as her new Dell laptop burned up.

But I'm not going to jump on Dell in this post. You can do whatever you want.

This post is about what you should do as soon as you buy a new PC.

But first, I will mention what cranked me up on this.

Since 2009, Dell has been distributing "nice" utilities on all of its PCs that updated their firmware. These packages were variously called Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags.

The problem is that these packages installed Dell's DBUtil.


In December 2020, SentinelOne notified Dell of five vulnerabilities in this utility.

DARKReading described it:
The bugs give adversaries a way to bypass security products, wipe a hard drive, or install a malicious driver on a domain controller. "The attacker is effectively the system administrator."
What I don't want to do is suggest that this is exclusive to Dell. Lenovo has had similar issues on its products.

So, what should you do?

Format and reload Windows on ANY PC you get before you do ANYTHING with it. Get the bits from Microsoft here. Don't worry. Windows Update will install all the drivers that you need. You'll save significant disk space and won't have any bloat-ware the vendor installed.

You can thank me later.

Sunday, May 02, 2021

iOS 14.5 Fake News

Now that I've got your attention, iOS 14.5 really isn't "Fake News." It's just that the news around it was so over-hyped.

Here are a few headlines from early April:

iOS 14.5 is making the biggest change to apps in years - here's how
Apple Now Rejecting App Updates That Defy iOS 14.5 App Tracking Transparency Rules
Apple reminds developers to prepare for App Tracking Transparency ahead of iOS 14.5 release

Then iOS 14.5 was released on 04/26/21.

I approached it cautiously. First on my iPhone, then my iPad, then my iPad Mini, ...

But I haven't seen any of these predicted pop-ups.

Why?

Business Insider has a good explanation here.
However, some people who've updated to iOS 14.5 haven't seen any permission pop-ups.

Mobile-advertising experts suggested three possible reasons. 

1. The 'allow apps to request to track' privacy setting is toggled off
2. Some users might not have the option to toggle 'allow apps to request to track' on
3. Some apps haven't rolled out the prompt yet
What should YOU do?

Go ahead and install iOS 14.5. Then go to Settings, then Privacy, then Tracking. Make sure the slide for "Allow Apps to Request to Track" is to the left.


That'll turn off all of those pop-ups.


Sunday, April 25, 2021

Building Data Centers

Have you ever built a data center?

In my 40+ year career, I've probably been involved in building around 10 data centers.

Then this article was mentioned in Windows Weekly episode 721.



Wow!

Microsoft currently operates more than 200 data centers. Think of the logistics of building 50-100 data centers each year! I'd guess there would have to be 10-20 people dedicated to each project not to mention the expenditures.

After each data center is up and running, then you've to facilitate the network connectivity, the power, the operations, etc.

In this article was a link to a virtual tour.

PS. The article mentions that few people ever get to tour Microsoft's physical data centers. I was fortunate enough to tour Microsoft's Redmond facility in the mid-2000s. The thing that made the longest lasting impression on me was a single server they had over in a nook in front of a glass window. They described that as a "generic" server. The idea was that any manufacturer could build a server to those specifications and the hardware would be interchangeable. In hindsight, no manufacturer wanted that as it would be too easy to displace them but the idea eventually manifested as virtual machines that aren't tied to a hardware specification.

Sunday, April 18, 2021

Application Layer Gateways - Part II

In Part I, I discussed Network Address Translation (NAT).
That seems like a good idea and it is.

But...

What if the response doesn't come back on the same PORT as it originated on? Then NAT Port Address Translation (PAT) won't let it through.

How does NAT PAT know what to do?

That's when Application Layer Gateways (ALGs) come into play.

[ALG] allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer ... protocols ...

In Security Now Episode 792, Steve Gibson explains:

The problem is that Application Layer Gateways attempt to be completely transparent to the application protocols they’re proxying for. They’re sitting there in our routers, enabled by default, hidden, powerful, and automatic.

So you say that YOU don't have any of these? Think again.

Here's what my router has:


Even deep in the bowels of a really good router, this is described only as "Enable NAT Passthrough to allow a Virtual Private Network (VPN) connection to pass through the router to the network clients."

Fooled you, didn't it?

Look at that list of applications that are allowed to "tweak" the router so that traffic to different incoming ports is allowed.

Back to Security Now Episode 792, Steve Gibson related that he had gone through and judiciously turned these to "Disable." But then his Verizon femtocell wouldn't work. It needed IPSec.

More in Part III.

Sunday, April 11, 2021

Application Layer Gateways - Part I

This is the first in a series of posts about Application Layer Gateways. But first you have to understand Network Address Translation (NAT).

NAT is what makes your router such a good firewall.

Basically it makes all of your Internet requests look as if they originated from the router, hiding your various devices. But more than that, it only allows incoming packets that are responsive to outgoing packets.

Here's how wikipedia explains it:

[T]he port numbers are changed so that the combination of IP address (within the IP header) and port number (within the Transport Layer header) on the returned packet can be unambiguously mapped to the corresponding private network destination.

By Yangliy at English Wikibooks - Transferred from en.wikibooks to Commons., Public Domain, https://commons.wikimedia.org/w/index.php?curid=61795882

In plain English, every time something is sent out from your network, the router keeps a record of it and will only allow incoming traffic that is responsive to that.

This has 2 benefits. First, the Internet can't see your internal network. All traffic looks like it originated from your router. Second, any non-responsive traffic, e.g. from hackers, is simply disregarded.

Part II will dig another layer deeper.

Sunday, April 04, 2021

Risks of Remote Work

I follow KnowBe4's blog. Recently they covered a white paper by Cybersecurity Insiders.


It raised several issues that I've been worried about since the pandemic hit and everybody went home.

KnowBe4 called out the following key findings:
  • Almost three-quarters of organizations are concerned about the security risks introduced by users working from home; despite these challenges, 86% are likely to continue supporting remote work in the future.
  • Key security challenges cited include user awareness and training (57%), home/public WiFi network security (52%), and sensitive data leaving the perimeter (46%).
  • The applications that organizations are most concerned with securing include, file sharing (68%), the web (47%), video conferencing (45%), and messaging (35%).
  • More than half of organizations see remote work environments having an impact on their compliance posture (70%). GDPR tops the list of compliance mandates (51%).
  • Organizations prioritize human-centric visibility into remote employee activity (34%), followed by next-generation anti-virus and endpoint detection and response (23%), improved network analysis and next-gen firewalls (22%), and Zero Trust Network Access (19%).
How is your organization going to mitigate concerns about continuing remote work?

How is your organization going to mitigate WiFi network security and data exfiltration?

How is your organization going to mitigate file sharing, video conferencing, and messaging?

Keep me posted.

Sunday, March 28, 2021

More Internet Speed Tests

Several years ago, I stumbled across Google's Internet speed test. That prompted me to look at several other Internet speed testing tools. The post is here.

This article on CNET prompted me to look again. CNET had a couple of tools I hadn't heard of before so I ran them against my previous set of tools.


At my house I have a 200Mbps Xfinity connection. I was using my ThinkPad X390 with an Intel(R) Wireless-AC 9560 160MHz Wi-Fi adapter. Intel says that adapter can deliver 1.73Gbps so that probably wasn't a limiting factor.
TestDownload
*Ookla196Mbps
*fast.com200Mbps
*Google Fiber205Mbps
*Google181Mbps
speedof.me215Mbps
testmy.net186Mbps
* were in my earlier test

Conclusion: Mox nix!

The results were much more sensitive to other traffic than the accuracy of the various tests. In my initial tests of speedof.me and testmy.net, they were both around 125Mbps. I retested them and they both came in over 155Mbps. A third test gave the above results.

A more extreme demonstration of interference was at my daughter's house who has a 1Gbps Xfinity connection.

TestDownload
Ookla330Mbps
fast.com150Mbps
Google Fiber91Mbps
Google50Mbps
speedof.me54Mbps
testmy.net83Mbps

I didn't have the opportunity to rerun the tests at this location. In hindsight, there were streaming applications running outside of my control during the testing.

Sunday, March 21, 2021

FastStone Image Viewer

My previous post covered how to restore Windows Photo Viewer. While that worked, I kinda got frustrated that I kept having to do that.

I fell back to my trusty Google search and came up with some alternatives to Windows Photo Viewer.

The article that seemed most on point to me was on Skylum.

#4 on their list was FastStone Image Viewer but it was #1 for me.

I always like portable applications and FastStone has one for their Image Viewer.

I put the portable version in my OneDrive/Software folder so it's available on all my PCs.


Oh, it's free.

Sunday, March 14, 2021

Windows Photo Viewer

I've been accused of being a Luddite and maybe I am.

But maybe I just like simple applications that just work.

Windows 7 and 8 had a really nice application, Windows Photo Viewer. It had useful and intuitive keyboard and cursor commands.

Windows 10 displaced (not REplaced) Windows Photo Viewer with Photos. To me, it's not as intuitive as Windows Photo Viewer.

The good news is that Windows Photo Viewer is still there. And if you got to Windows 10 by an upgrade in place from Windows 7 or 8, getting Windows Photo Viewer back is easy.

CNET has a good article on how to do this but it's easy.

[S]imply open up Settings and go to System > Default apps. Under "Photo viewer," you should see your current default photo viewer (probably the new Photos app). Click this to see a list of options for a new default photo viewer. Assuming you upgraded to Windows 10 from a previous version of Windows, you should see Windows Photo Viewer as an option.

Choose Windows Photo Viewer and exit the Settings menu, and you're done -- photos will now open up in Windows Photo Viewer.


If you got to Windows 10 with a clean install, it's a little trickier.

But this article in TenForums will walk you through it.

The tl;dr of this is to download this .reg file. Run it. Follow the procedure above to reset the default app.

Sunday, March 07, 2021

Chillin' With an iPhone - Part 6

So I'm a year into using an iPhone X coming from an Essential PH-1. I've posted several times about my experiences - 1, 2, 3, 4, 5.

I still have a few items to close the loop on.

Battery Life - My iPhone's battery life is really incredible. I tend to check the battery at 10PM. Most days the % of battery remaining is around 60%. If I've taken a lot of video or listened to a lot of podcasts, it will dip down into the 50% range. I checked the battery capacity recently and it is still 86%.


Face ID - I mentioned that the face unlock of my Lenovo Tab M8 inspired me to look at the iPhone X's Face ID. That was before the COVID-19 pandemic drove facemask usage. Now I miss the Touch ID of the iPhone 6.

Gboard - I am a huge user of Google services. Consequently, I tend to use the Gboard keyboard. But Apple has crippled Gboard. I like to use handsfree voice to text while I'm driving. When using Gboard's voice to text, Gboard has to launch what looks like a separate app. The delay is unacceptable. And the Apple keyboard's voice to text is really good.

Wireless Charging - I've had a couple of Android phones that used wireless charging but the Essential PH-1 didn't. It was nice to return to wireless charging. This is the wireless charger I use. I use this for my wife's iPhone SE (2020).

Old Stuff - I still wish iOS would give me more control over sounds, e.g. Google Hangouts ringtone and texttone, the camera shutter sound, the iMessage sent sound, etc. I do really like the intensity of the vibration. The Essential PH-1 struggled with being too subtle.

But I do still have an Essential PH-1 completely up to speed on Lineage OS.