In this issue:
WServerNews is now weekly again! Ask Our Readers: Which Windows services can I safely disable? Mailbag. Editor’s Corner. BitLocker. DBAN. Eraser. Blancco. Ask your vendor. Are IT pros like rats? Meet the Editors. IT Bookshelf (NEW!) Admin Toolbox. Zooming images on webpages. Factoid: And if you thought typewriters were old-fashioned… Plus lots more. Read it all, read it here on WServerNews!
Are you crazy about WServerNews? We are—and that’s why we’re working on improving it. Photo by Photo Boards on Unsplash
WServerNews is now weekly again!!!
Beginning with this issue you’ll now receive WServerNews each and every Monday in your Inbox! In addition over the next several months we’ll be adding several new sections to our newsletter to bring you more news, guidance, tips and recommendations about the IT industry, platforms, products and best practices. Plus will be making a few other improvements to our newsletter to make it easier to read and more enjoyable. So please help us spread the news by telling all your colleagues and friends about WServerNews and our companion newsletter FitITproNews, and let them know that they can subscribe to these and other TechGenix newsletters for free here. Thanks!
Ask Our Readers: Which Windows services can I safely disable? (new question)
A reader named Howard sent us the following question:
I noticed the reliable Black viper site is no longer tracking services in Windows. The site author says he stopped using Windows and is on Linux now. Can you recommend a good source of process info, saying what’s needed and what can be safely disabled?
I answered Howard myself like this:
Howard my usual advice is not to disable *any* services in Windows due to services dependencies and because of possible unexpected consequences that may arise from doing so. Unless of course you have a specific *reason* for wanting to disable some specific service(s). But trying to “harden” Windows by disabling “unneeded” services can often backfire and is not recommended.
Do any of our readers have any different suggestions for Howard? After all, I’m not always right…though I *usually* am (lol). Email us your comments.
Got questions? Ask our readers!
WServerNews goes out weekly to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!
Mailbag
“How the global chip shortage is affecting businesses” the lead topic of our January 10th newsletter brought in a few comments from our readers. Craig Hollins who runs a small Managed Service Provider (MSP) business in Australia offered us these thoughts:
Supply chain? What supply chain? Q3 last year it was really bad. In fact ever since the pandemic started there has been supply constraints on just about everything. Fortunately we deal exclusively with small customers so we’re usually only looking for a few machines at a time and almost none of our clients are constrained by an SOE that only works on certain hardware.
We have managed to continue to supply our customers by lowering expectations. They all understand there’s a pandemic in full flight, supermarkets are struggling to keep stocks on the shelves due to isolation requirements and normal freight and production is similarly affected.
As I type, however, there seems to be plenty of stock available for specs of computers if you’re prepared to be flexible. Our standard spec for a workstation is i5, 8GB RAM and 256GB SSD. We usually sell HP desktop minis or HP laptops. We might be looking at a wait of months for a particular model eg, HP Probook 650, but the customer isn’t prepared to wait we can usually offer them a 450 or 850 with similar specs.
The really tough bit has been specific accessories. For example I have been asked to source a particular HP USB dock and I can’t guarantee delivery until May.
All up tho, if this is the worst the pandemic can throw at us, I’m happy. (BTW, I know it’s not!)
Martin Urwaleck the IT manager at a public company in Vienna, Austria described how the chip shortage was affecting his own company’s operations:
Hi Mitch, here are my current supply chain problems:
- Canon MFPs – min. 6 months (other vendors just the same)
- Notebooks – only selected models (the expensive ones, of cause..) available, general availability expected with end of 02/22
- Webcams – doubled prices in the last year, generally only chinese stuff with good availability. Major brands have delivery problems
I spoke to some peers, all of them have the same issues. We have to postpone out printer replacement – fortunately we have only this hardware project planned in 2022.
When I asked Martin if he or his colleagues had any tips on how to weather this IT supply chain crisis besides just waiting it out, he responded with this:
Some try to get refurbished hardware, the others extend their hardware lifecycle where possible.
And in fact it’s even affecting us here in Winnipeg, Canada. We recently had to add another workstation to our setup and chose to buy refurbished from a major vendor as the new stock of that particular system had risen in price beyond our budget.
If any other readers would like to share their experiences with how the chip shortage is impacting their IT procurement, feel free to email us.
Editor’s Corner
Having your sensitive business data fall into the wrong hands could spell disaster for your company. The same is also true with your personally identifiable information (PII) which identifies you as an individual for such common activities as online shopping and banking. In our own business we recently had to decommission two business desktop PCs and one personal laptop, and as a result I thought it might be a good time to revisit the kinds of tools and processes one can utilize for sanitizing—thoroughly wiping clean of data—the hard disk drives (HDDs) and solid state drives (SSDs) in these machines.
To bring myself up to date on this subject I reached out to my network of expert colleagues in our IT profession for their suggestions, recommendations and general advice on the subject. The sections that follow outline some of what I heard back from my colleagues, and after you’ve read them I’d appreciate hearing what tools and/or procedures our readers utilize for wiping HDDs/SSDs before recycling their old PCs/laptops? Share your tips with us so other readers can benefit from your expertise and experience—thanks!
BitLocker
“Just use BitLocker” say Joe “and then throw away the recovery key once you’ve encrypted the drive.” BitLocker Drive Encryption is a built-in feature of Microsoft Windows that provides data protection by encrypting the contents of an entire drive. The purpose of this is to safeguard your data in case your computer is lost, stolen or decommissioned. BitLocker is most effective on modern machines that have a Trusted Platform Module (TPM) version 1.2 or later chip on their motherboard for securely storing the decryption key for the drive. But BitLocker can also work on legacy systems by allowing the user to decrypt the operating system volume at startup by inserting a USB flash drive that contains the decryption key. The idea behind Joe’s suggestion is simple: it’s like locking the front door of your house and then throwing your key into the ocean. No one will then be able to unlock your door and enter your house—though of course a battering ram would probably work. So in theory, if there’s no recovery key available to the attacker (since it’s safely stored in the TPM chip) then there’s no way for them to recover data from the drive on the decommissioned PC.
But while this approach is simple and effective, it suffers from two problems. First, you haven’t actually wiped the data off the drive. So if someday, somehow, someone finds a way to break BitLocker encryption, your precious personal or corporate data can potentially fall into the wrong hands. Fortunately given the mathematical underpinnings of modern encryption algorithms, this scenario of course is highly unlikely.
Second and more importantly however, if your business or organization stores or works with classified data, then following this approach for decommissioning your machine could land you in some serious legal jeopardy. For example if you work as a contractor with a U.S. federal government agency then you must abide by the media destruction guidance specified by the National Security Agency (NSA) as detailed in NIST Special Publication 800-88 Revision 1. And a brief perusal of this document indicates that this “throw away your BitLocker key” method isn’t allowed for such situations. But if you’re sure there’s no classified data on your hard drive then in most cases you’re probably OK with this approach to drive sanitization. Unless you believe an Israeli cybersecurity company has secretly found a way of decrypting BitLocker-protected drives—you never know, they’re pretty smart over there!
DBAN
Long the go-to tool used by businesses and individuals to wipe HDDs clean before removal and disposal, DBAN (originally called Darik’s Boot and Nuke) is advertised as a comprehensive certified data erasure solution for companies and organizations. The way it works is that it provides you with a self-contained boot image that wipes all the data off of the hard drive volume you target. I’ve used DBAN many times before in the past myself and many of my colleagues who work in business IT also swear by it because it’s simple to use and proven in its effectiveness. I’ve been told by several colleagues however that it can sometimes fail on newer PC hardware and especially for systems that use SSDs instead of HDDs for storage, in which case you’ll need to use something else.
Eraser
Two of my colleagues in Europe tell me that their preferred method for wiping SSDs is to use Eraser, a tool from Heidi Computers Limited based in Ireland. Eraser is free software that is available together with source code under the GNU General Public License. I haven’t tried Eraser yet but it’s one tool I’ve been seriously looking at for incorporating into the IT pro toolset for our business.
Blancco
Blancco Drive Eraser is another utility that enterprises can use for securely removing all data from SSDs prior to disposing of or decommissioning them or the machines that contain them. Blancco is actually advertised right on the home page of DBAN and is available in various versions including ones that provide you with a digitally signed PDF certifying removal of all data on the drives so you can prove to your employer or insurer or business partner that the drive has been successfully sanitized. But while the older DBAN software can be used for personal purposes, Blancco trials are only available to enterprises and not for personal use.
Ask your vendor
And finally if you need to wipe the SSD on a PC, it’s a good idea first to check with the vendor from which that particular SSD make and model has been sourced. That’s because some SSD vendors also provide utilities that can be used to securely erase all data from the SSD.
And finally: Are IT pros like rats?
LifeHacker recently ran a disturbing article titled How ‘Gamification’ of Everything Is Manipulating You (and How to Recognize It). The article defines gamification as “the practice of adding game-like elements to non-game contexts” and goes on to say:
“There’s nothing necessarily wrong with making consuming a product or doing a job ‘fun,’ but when marketers and employers are hacking our pleasure centers in ways we don’t fully recognize, that’s manipulation, and that’s not really a game.”
And then it adds:
Behaviorists’ studies of rats and humans prove that both species are more motivated by intermittent, unpredictable rewards than anticipated ones.
Uh-oh, sounds like what I’ve experienced recently in my communications with one of our vendors. Does everything have to be “fun” nowadays? Doesn’t my nucleus accumbens get enough stimulation from watching commercials on TV? What do our readers think about this bold new effort by marketers to control our motivation and stimulate our “buy” instinct? Let us know.
Got comments or questions about anything in this issue?
Email us! We love hearing from our readers!
Meet the Editors
MITCH TULLOCH is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.
INGRID TULLOCH is Associate Editor of both WServerNews and FitITproNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.
IT Bookshelf (NEW!)
I rarely read new IT books from cover to cover and instead just browse chapters that interest me. That’s mostly because, like most of us in the IT profession, I just don’t have enough time in my 24×7 week of things I need to do. But there’s one recent title from CRC Press that I couldn’t put down after I began reading it. Stuxnet to Sunburst: 20 Years of Digital Exploitation and Cyber Warfare presents an arresting and thought-provoking view of the global cyberthreat landscape over the last 20 years that is both alarming and starkly illuminating.
At its heart the book is basically a call for organizations to improve how they manage their public key infrastructure (PKI) infrastructures, especially in regard to their public-facing sites on the Internet. Because the security of their IT systems and data can easily be compromised should they allow digital certificates to expire or use them incorrectly.
But the book is also much more than this. It’s also filled with personal stories of the author’s involvement in trying—often in vain—to help government agencies and large enterprises strengthen their cybersecurity posture by identifying orphaned subdomains, expired or suspicious certificates, and other PKI-related weaknesses in their setup.
The author Andrew Jenkins is CEO of Cybersec Innovation Partners a leading company in the field of PKI cybersecurity technology. Jenkins clearly has a lot of experience in this area and in his book he describes in some detail his research into and/or involvement with many of the major cybersecurity initiatives, systems, tools, threats, incidents and breaches over the last two decades. These include chapters on such topics as Stuxnet, Marriot, Equifax, Blackbaud, Sunburst, PRISM, SolarWinds, and so on.
The book is not for beginners as it doesn’t go very deep into how PKI works or the weaknesses of how SSL/TLS certificates are implemented and used. If you have some knowledge however of the technical side of these and other cybersecurity concepts, you should be able to navigate through most of the book without difficulty. The book also has what some reader might feel are several flaws. The tone is conversational and sometimes too informal for a professional book, and occasionally the author sometimes wanders off to tell some personal story to illustrate a concept he’s trying to get across. The author also comes across a bit like a “voice crying in the wilderness” but this is probably exactly what many CEOs and government leaders need to hear to wake them up to the dangers lurking in their IT systems. The author also frequently hypes his own company’s cybersecurity assessment solution called Whitethorn without going into very much detail about what the solution can actually do. Of course one can always go his company’s website to find more info about Whitethorn but surprisingly the author doesn’t include his company’s name or even a link to his company anywhere in his book.
Nevertheless I can definitely recommend this book to readers who have a basic to intermediate understanding of cybersecurity technologies and want to have their eyes opened to the bigger picture of what’s going—and what might lie ahead—in the evolving cyberthreat landscape of our increasingly uncertain world. You can buy this book on Amazon here.
Admin Toolbox
Plain Clipboard Manager (PCM) monitors the Windows clipboard and saves any copied text to plain text files in utf-8 (unicode) format:
https://wizardsoft.nl/products/plainclipboardmanager
Authy lets you enable 2FA for your favorite sites:
Privazer is a free tool that cleans and removes unwanted traces of your past activities on your computer:
Tip of the Week
This week’s tip is on Ewan Dalton’s popular Tip o’ the Week blog:
615 – Zooming images on webpages
https://www.tipoweek.com/2022/01/28/615-zooming-images-on-webpages/
Factoid: And if you thought typewriters were old-fashioned…
Our previous factoid and question was this:
Fact: Typewriters have been making a comeback lately as a result of the pandemic.
Source: https://boston.cbslocal.com/2021/11/23/cambridge-typewriter-arlington-business-covid-pandemic/
Question: Do any of our readers still own a typewriter?
Martin Urwaleck from Vienna, Austria was happy to answer this one for us:
Hi Mitch, I have two of them. One is an old Remington Portable No.1 Typewriter from the 20ies (where I typed most of my high school exam papers) and a Canon S50, which had special transfer tapes (where I wrote my University papers). I don’t think that I can get any more Canon tapes now… Mit freundlichen Grüßen, Martin
Since we’re on the topic of old technologies like typewriters, let’s move on to this week’s factoid:
Fact: Office equipment has changed a lot since the 1940s
Source: https://hackaday.com/2021/11/23/retrotechtacular-office-equipment-from-the-1940s/
Question: What’s the *oldest* piece of office equipment still being used where you work? Why haven’t they upgraded it?
Email us your answer and we’ll include it in our next issue!
Subscribe today to WServerNews!
Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.
Conference Calendar 2022
Big Data & AI World — March 2-3, 2022 in London, UK
https://www.bigdataworld.com/welcome
Mobile World Congress — June 29-July 1, 2022 in Shanghai
Cisco Live Las Vegas – June 12-16, 2022
https://www.ciscolive.com/us.html?zid=cl-global
Def Con 30 — Aug 11-14, 2022 in Las Vegas, USA
Big Data Expo — Sept 14-15, 2022 in Utrecht, The Netherlands
https://www.bigdata-expo.nl/en
Podcast Corner
RunAsRadio: SQL Q&A from SQL Server & Azure SQL Conference Fall 2021
Heavy Networking: eBPF, Cloud-Native Networking, And Other Modern Networking Trends
https://packetpushers.net/series/weekly-show/
Clear To Send: Getting Started with Wi-Fi in 2022
Risky Business: Cyber Partisans take down Belarusian rail systems
https://risky.biz/netcasts/risky-business/
Microsoft Cloud Show: Microsoft’s Blockbuster Blizzard Acquisition & Updates to Azure Kubernetes Service
http://www.microsoftcloudshow.com/podcast
New on Techgenix.com
Creating a New Team using PowerShell
https://techgenix.com/creating-a-new-team-using-powershell/
Creating a New Outlook Profile without User Involvement
https://techgenix.com/creating-a-new-outlook-profile-without-user-involvement/
Everything you need to know about Desktop as a Service
https://techgenix.com/everything-you-need-to-know-about-desktop-as-a-service/
Cloud Cost Management: Purpose, Advantages, and Best Practices
https://techgenix.com/cloud-cost-management-purpose-advantages-and-best-practices/
Fun videos from Flixxy
Breathtaking Boeing 767 landing and take-off at the most isolated place on the planet – Antarctica.
https://www.flixxy.com/boeing-767-landing-and-take-off-in-antarctica-2022.htm
The Phantom Queen – the best optical illusion of the year 2021 – is definitely the most baffling.
https://www.flixxy.com/best-illusion-of-the-year-2021-the-phantom-queen.htm
French restaurant Le Petit Chef (The Little Chef) has come up with an ingenious way to entertain guests waiting for their order with a projector on the ceiling.
https://www.flixxy.com/le-petit-chef-dessert.htm
A compilation of dynamic duos performing incredible feats together.
https://www.flixxy.com/awesome-duos.htm
Please tell others about WServerNews!
We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!