WServerNews: IT supply chain woes

In this issue:

Stopping “reply-to-all” storms in Exchange. Is SMB1 still enabled? 52 weeks lead time on hardware orders. Big birthday coming! Fixing the Microsoft Teams infinite loop. News about Windows, Linux, Microsoft cloud. Fix your supply chain with these tools. Tips for Windows 11 users and admins. Factoid: Is it safe to use Nav software? IT Bookshelf: Cloud Security: Attacks, Techniques, Tools, and Challenges. Plus lots more — read it all, read it here on WServerNews!

Supply chain woes got you down? Join the club—it’s probably going to get a lot worse before it gets better. Photo by Mika Baumeister on Unsplash

Mailbag

If you’re a Microsoft Exchange admin then we have a terrific tip for you that was submitted to us by reader Peter Webster from South Africa:

Good day Team. Love your newsletter.

Been supporting Microsoft Exchange servers for over 2 decades now and one feature that has always been lacking on Exchange Server was the ability for the admin to stop a “REPLY-TO -ALL storm”. I often get asked to try and stop the reply-to-all storm happening, where senders reply to all by the dozens and it creates such a disturbance.

I see Microsoft has made some progress and I can share this with you :

New features available Reply-all storm :

Reply-all storm, Report, UI settings to define how many users in a reply would be considered as a replay-all storm setting are configurable between 2500 and 5000 recipients and alert to admins:

https://techcommunity.microsoft.com/t5/exchange-team-blog/new-reply-all-storm-protection-report-settings-ui-and-alert/ba-p/3292465

MS docs: Reply-all storm, Report, UI settings:

https://docs.microsoft.com/en-us/exchange/monitoring/mail-flow-reports/reply-all-storm-protection-report

Hope this could also help other admins.

Yes we’re certainly sure that this will be a big help for those who administer Exchange in their environments!

Also, last week we mentioned that Ned Pyle had announced on the Storage at Microsoft blog that SMB1 will now be disabled by default on Windows 11 Home Insiders builds and when the next major release of Windows 11 goes out to customers, SMB1 will be disabled by default on it as well. However, if you perform an in-place upgrade of a SMB1-enabled machine to Windows 11, your upgraded machine will still have SMB1 enabled, and if you still really need SMB1 to communicate with your old NAS or other legacy hardware, you can always enable it with admin credentials on your machine. This promoted reader Murat Yildirimoglu to send us the following tip:

Hello Mitch, I understand that SMB1 will continue being a nuisance for us all. I noticed that get-service command could query the state of SMB1 and SMB2 though they are not technically services. Get-service PowerShell command and its classical equivalent sc.exe can detect if these components are currently installed or not. You can read my article about it:

Powershell: An Interesting Property of Get-service command (Muratyildirimoglu’s Blog)

https://muratyildirimoglu.wordpress.com/2020/10/01/powershell-an-interesting-property-of-get-service-command/

Thanks for the tip!

Got comments about anything in this issue?

Email us! We love hearing from our readers!

Got questions? Ask our readers!

WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!

Help spread the news!

Please tell all your colleagues and friends about WServerNews and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!

Editor’s Corner

Are you having difficulty sourcing hardware from your vendors and suppliers? You’re not alone. Despite the fact that analysts are predicting the end is near for global chip shortages (Tom’s Hardware) the word of mouth coming from the trenches of our IT profession paint a very different picture. I’ve talked with a number of colleagues this last week about what the situation is regarding various networking equipment they’ve ordered, and what I’ve heard back doesn’t sound good.

In short, lead times are getting longer—much too long in some cases. A lot of hardware that uses Broadcom is currently listed as 52 weeks out in the catalogs of some vendors, and for those in the know “52 weeks” really means “we don’t know when in hell we’ll get any more of that stuff”. In other words, they have no idea when they’ll be able to fulfill orders and ship them to customers. One colleague told me that he wanted to order some Cisco access points but was told if you do so you won’t see them “until next year sometime”. And another colleague said that a replacement power supply he had ordered for a network appliance was on a 52 week lead time.

Server hardware seems to be not much better. Dell servers seem to average around 6 months for fulfilment while HPE is pushing towards a year. These vary of course depending on the model and configuration, but also upon the kind of NICs needed for the server since Broadcom is a major supplier in that area and they currently say that chip orders require six months’ lead time (BNN Bloomberg).

What’s compounding the problem is the favoritism that hardware vendors typically give towards their larger customers, and especially towards customers in the government sector where late penalties are written into contracts. A friend who works in the industry says that the usual “VP channel” where you get your company’s vice president to call your vendor to put pressure on them to jump your order ahead in their queue just doesn’t seem to work anymore.

Prices for some hardware is skyrocketing as well due to inventory shortages that vendors and resellers are experiencing. One colleague for example said he put in an order for some switches only to have the vendor cancel the order the next day and raise the price by 15%. And some items in vendors’ catalogs are simply listed as Not Available.

If the reality is that this is likely to get even worse before it gets any better, how should IT respond? One thing you may want to do is start planning your next hardware refresh cycle today with the expectation that you’ll be able to implement your plan in about a year. Or maybe it’s time for you to think about migrating more of your networking infrastructure into the cloud, because the hyperscalers (IaaS providers) have the bucks to make lucrative all-cash orders with vendors, so maybe it’s better to bite the bullet and ride on their coattails into the sunset instead of trying to build and maintain your own environment.

Either way, you can expect problems and challenges ahead.

Happy Birthday!

Photo by Imants Kaziļuns on Unsplash

On the lighter side of our IT profession comes a couple of birthday announcements for fans of retro computing plus one pre-planning for a special coming birthday. This year marks the year that the Sinclair ZX Spectrum turns 40 years old. The Spectrum was a budget British microcomputer and was a runaway success—read more on Hackaday. And another giant that was born 40 years ago was the Commodore C64 which is reminisced in another great article on Hackaday. Man, those were fun times, though I’m happy to recall that my first computer was an Amiga not a C64 which enabled me to play Dungeon Master on it into the wee hours of the night. Still the best. Game. Ever.

And looking ahead we’re happy to announce that this September will mark 25 years that WServerNews has been running!! The newsletter was started back in September 1997 by Stu Sjouwerman and was originally called W2Knews (for obvious reasons) and renamed as WServerNews in 2005. Stu built the newsletter up and helmed it for 15 years until TechGenix acquired it from him in 2012 and handed the editorial reins over to Ingrid and myself. We look forward to celebrating the upcoming 25th birthday and also to many more years of informing and entertaining you with WServerNews! And as usual we hope you enjoy this week’s issue of WServerNews, feel free to email us your comments or questions about anything in this newsletter.

Cheers,
Mitch Tulloch
Senior Editor

This Week in IT

A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in.

Last week in Editor’s Corner we mentioned that customers were suddenly left hanging when Insteon, a vendor of “smart-home” devices, abruptly shut down causing their devices to stop working without warning. Ars Technica reports that Insteon has finally come clean about what happened, blaming the pandemic and lack of a buyer for its sudden shutdown. Too little too late, in my opinion.

On the hardware end of things we hear that the recent plunge in the demand for Chromebooks has a bright side: it might help laptop manufacturers source parts needed to keep churning out laptops in the midst of growing component shortages due to China’s “zero-Covid” strategy (Tom’s Hardware). And in other news AMD has made a bid to acquire the networking chip provider newbie Pensando for $1.9 billion with the goal of competing against rival AWS (TechGenix).

Can you spot a phishing lure when one dangles in front of your face? ITPro reports that almost half of UK employees can’t spot email scams. This might be a good time to alert our UK readers about KnowBe4, a company that provides security awareness training combined with simulated phishing attacks. KnowBe4 was founded by Stu Sjouwerman who we mentioned above as the founder of our newsletter, and their training can be very effective in lowering the risk surface of your company against phishing attacks.

Some news items to whisper about in the privacy arena. Brave is rewriting the URLs for users who use its web browser for pages rendered using Google’s Accelerated Mobile Pages (AMP) framework. According to Brave, this is being done to help ensure the privacy of users who use its browser (Brave Blog). Maybe it’s a good thing then that our own business standardized on Brave last year as our browser, though we’ve experienced some hiccups with a few sites that only work properly in Firefox, Chrome and Edge. And TechExplore reports that some video conferencing apps appear to be listening in on your laptop’s microphone even when the mic is supposedly turned off.

And this late breaking news that Zoom will be reducing the length of free 1-on-1 meetings to only 40 minutes starting on May 2nd (BetaNews). That’s nuts! Watch what happens to their NASDAQ index over the next couple of weeks (Yahoo Finance). Serve’s them right!

Windows news

Microsoft is famous for “eating their own dogfood” i.e. deploying new versions of software they’ve developed on their internal network for their own employees to use before they fully release it to the world outside Redmond. So it came as no surprise to me when they announced last week that they had finalized upgrading thousands of devices used by their full-time employees (FTEs) to Windows 11. Redmond Channel Partner has some information about how they performed the mass migration, and Microsoft FTE Lukas Velush has posted some takeaways one can learn from their Win11 upgrade project (Windows IT Pro Blog).

But we’ll resist the temptation to be a party-pooper by revealing that the market share for Win11 is not as hugely successful as Redmond has trumpeted. Because the reality is that Windows 11 is barely as popular as Windows XP (Born’s Tech and Windows World). Depending on how you interpret the statistics of course. Which reminds us of this famous quote from Mark Twain who attributed it to former UK Prime Minister Benjamin Disraeli:

“There are three kinds of lies: lies, damned lies, and statistics.”

Which leads us to recommend to our readers one of our all-time favorite books: How to Lie with Statistics (Amazon.com) which is much more fun in our opinion than than learning How to Win Friends & Influence People (Amazon.com).

And finally, did you know that Microsoft will let you run Windows 11 on an Apple M1 Mac? The only problem is, they won’t support it (Out of Office Hours). Still, it might be something fun to try if you’re bored. Or check out the stuff in the And Finally section at the bottom of our newsletter if you’re *really* bored.

***LAST MINUTE TIP*** Have you been experiencing any problems with Microsoft Teams on devices running Windows 11? Like trying to launch Teams after a reboot or after closing the program and then seeing the Teams icon and a message saying “Loading Microsoft Teams” but nothing happens? Check out this fix from Tobias Zimmergren!

Linux news

Some new software releases to announce for readers using Linux in their environments:

• Pop!_OS 22.04 Has Officially Been Released (Linux Magazine)
• Thunderbird Version 91.8.1 (Born’s Tech and Windows World)
• Wine 7.4 Dev Released! Vkd3d bundle, Defauts to Light Theme (UbuntuHandbook)

Email us if you know of any other useful or important Linux platform release announcements.

Cloud news

And some news about the Microsoft cloud platform that may interest our readers:

• Announcing account switching for Microsoft 365 web apps (Microsoft 365 Blog)
• Windows 365 Cloud PC point-in-time restore (Windows IT Pro Blog)
• Microsoft tests new cloud-based Microsoft Defender for home users (BleepingComputer)
• Intune device configuration for Azure Virtual Desktop multi-session VMs is now generally available (Azure Virtual Desktop Blog)

Upcoming webcasts, events and conferences

Got an event, conference or webcast you want announced in our newsletter? Email us!

CloudSecNext Bonus Session: How 2021’s Cloud threats Have Matured Our Security Strategy – Watch online on May 4th – Register

Microsoft Build – May 24-26 – Registration is now open!

Also be sure to check out Redmond Channel Partner’s calendar of upcoming Microsoft conferences for partners, IT pros and developers!

Got comments about anything in this issue?

Email us! We love hearing from our readers!

Meet the Editors!

MITCH TULLOCH is Senior Editor of WServerNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.

INGRID TULLOCH is Associate Editor of WServerNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.

Subscribe today to WServerNews!

Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.

IT Workshop – tools, whitepapers and more

Got a product or solution or some other resource you’d like to tell our readers about? Email us!

Our TOOL OF THE WEEK is the Microsoft Remote Connectivity Analyzer a free tool for troubleshooting remote connectivity problems with Office 365, Exchange Server and Microsoft Teams. To learn more about this tool and how to use it effectively, see our TechGenix article.

CloudFix is a tool designed to help large organizations drive down their AWS-related costs. Check out our review on TechGenix.

If your supply chain is under stress you should check out these solutions from IgniteTech:

• Endeavour is a Supply Chain Management solution that connects each of your business systems and suppliers in a single location.
• OneSCM’s supply chain orchestration platform directly integrates into the core of your existing IT architecture to unify your many back-office systems.

WHITEPAPER – Email archiving technologies – Email archiving is no longer considered a luxury for organizations. The key to successful implementation is choosing email archiving technology that meets your company’s needs. Read this whitepaper from GFI Software (PDF) to learn about different ways email archiving can be performed and which method is best for your Microsoft Exchange messaging environment.

CASE STUDY – Facing SOC 2 compliance challenges? Clearbit, UserTesting and 2,500 other companies use Vanta to streamline SOC 2 compliance processes. Read this case study for how one customer cut their involvement time from 4 weeks down to only 3 days.

COMPARISON GUIDE – Containerization Comparison Guide (TechGenix) – Find out which platform is better for a DevOps project to save your business time and resources.

Tips and Tutorials

Some tips and tutorials for Windows 11 users from uber-geek Michael Niehaus:

• Customizing the Windows 11 22H2 Start menu layout
• Getting rid of Widgets in Windows 11
• Getting rid of Teams (consumer)

And some how-to articles by Michael that target Windows 11 admins:

• Want to refresh a Windows 11 device? Don’t use USMT.
• Automatically join devices to Azure AD
• Geeking out: Offline domain join

Also check out this article from Born’s Tech and Windows World:

• Security: Best Practice, for updating Windows Domain Controllers

Want to get started using Exchange Web Services? Check out this article on EWS from TechGenix.

Speaking of Exchange, a terrific resource we’ve been using and recommending for many years is the Outlook and Exchange Solutions Center from Slipstick Systems. It’s run by Diane Poremsky who has been a Microsoft Outlook Most Valuable Professional since 1999, and there’s also a forum where you can ask questions about anything to do with any version of Microsoft Outlook. And since a “slipstick” is another name for a slide rule, here’s something special for the nerd-at-heart among our newsletter readership: Illustrated Self-Guided Course On How To Use The Slide Rule (Slide Rule Museum). Enjoy!

Freebies!!

Got a freebie you want to offer our readers? You can reach almost 200,000 IT pros worldwide with our newsletter—email us!

Windows 11 Fixer makes customizing your Windows 11 easy by providing one location where you can customize, change settings, uninstall unwanted software, and install the programs you want. It’s free on GitHub.

Understand and improve your AWS and Azure cloud infrastructure deployments with Alkira Cloud Insights. Try it now for free.

Want to learn more about Linux, Docker, Kubernetes and similar animals? Download these free ebooks from The Linux Journal.

IT Bookshelf: Cloud Security: Attacks, Techniques, Tools, and Challenges

Cloud Security: Attacks, Techniques, Tools, and Challenges (CRC Press, 2022) provides an overview of the security and privacy issues associated with cloud computing, various kinds of attacks against cloud systems, and different ways of detecting, thwarting and mitigating these attacks.

The book is organized in three parts with Part I explaining cloud computing history and models, cloud security concepts and standards, and the security and privacy issues that providers and consumers of cloud services face. Much of the material in this first part of the book will be familiar to our newsletter subscribers, but it’s worth reading regardless to plug any gaps in understanding of these basic concepts.

The second part focuses on threat models and attacks against cloud systems, and here I found it more useful and illuminating. There’s a good description of the different ways malicious actors can interact with different attack surfaces in cloud environments that includes various scenarios to illustrate such attacks. The authors also present a taxonomy of different cloud attacks that covers quite fully the many different ways that cloud environments can be targeted by attackers. Part 2 also describes in depth different approaches to implementing intrusion detection for cloud systems and outlines various research challenges associated with detecting intrusions in cloud environments.

The third and final part of the book gives an overview of the different tools that can be used to both attack cloud systems and secure such systems from attack. This includes coverage of tools for network security, VM security, VMM-layer security, VM and hypervisor introspection, and containers. I found the presentation of the threat model for containerized environments particularly helpful in understanding the various ways in which containerized application environments can be attacked. The authors have also included a couple worked case studies in detail using Ubuntu Linux as target for virtualization-specific and container-specific attacks against example cloud systems.

While some of the sections cover topics quite tersely, the authors have included ample references at the end of the book where readers can dig more deeply into the wide range of subjects covered by the book. Intended mainly for cybersecurity professionals and cloud systems architects, Cloud Security: Attacks, Techniques, Tools, and Challenges is a worthwhile addition to the library of such professionals. You can buy it on Amazon here.

Factoid: Is it safe to use Nav software?

No answers were received to last week’s Factoid so here is the one for this week:

Fact: Navigation tools could be pointing drivers to the shortest route — but not the safest (Science Daily)

Source:https://www.sciencedaily.com/releases/2022/02/220223164554.htm

Question: Do you use and trust nav software? How reliable do you find it to be? For myself, being a Trogdolyte—after all, I still use Windows—I generally prefer to study maps and traffic data ahead of time and then plan my own routes when I need to drive somewhere unfamiliar. How about you? Email us your answer and we’ll include it in our next issue!

And Finally

The odd, the stupid and the remarkable. Good for your mental health.

Researchers discover new form of ice (Phys.org)

https://phys.org/news/2022-03-ice.html

[Sounds like a great plot idea for a new Marvel Universe movie!]

The plain-text internet is coming (Protocol)

https://www.protocol.com/newsletters/sourcecode/plain-text-sports-internet?rebelltitem=1#rebelltitem1

[Guess it’s finally time for me to ditch Netscape Navigator and switch back to Lynx :-P]

The popular electronics chain that scammed America (The Hustle)

https://thehustle.co/the-popular-electronics-chain-that-scammed-america/

[What a great idea for a business plan!]

Check out Killed by Microsoft, a website that lists all of the dead Microsoft products (OnMSFT.com)

https://www.onmsft.com/news/website-dead-microsoft-products

[Just another example of Microsoft competing with Google :-P]

‘RoboBurger’: Robot grills burgers at mall in New Jersey (Fox5 New York)

https://www.fox5ny.com/news/roboburger-robot-grills-burgers-at-mall-in-new-jersey

[That’s interesting, but I’ll know that the world has *really* changed when a robot walks into this restaurant and orders a burger!]

Hey reader! Got an amazing or weird or funny link you’d like to suggest for this section of our newsletter? Email us! But please make sure that it’s G-rated as in “Gee whiz”, “Golly!”, Good grief!”, “Gaaahh!!” and so on. Thanks!

Please tell others about WServerNews!

We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!