In this week’s newsletter
Non-competes in a competitive world; changes in Software Assurance (SA) affect small businesses; changing passwords often is so 80s; and OK Google, please spy on me. Also a TIP on how to find vulnerabilities in your WordPress with WPScan; a new FACTOID concerning the growing popularity (by developers) of Dark Mode; lots of MAILBAG comments from our readers; and lots more.
Also don’t forget to check out our sister newsletter FitITproNews if you haven’t done so recently. Our latest issue has a helpful article by Robin Camp on how to choose a gym, some advice from Rod Trent about the best wearable gadgets for runners, and lots more. Subscribe to FitITproNews today!
Also our apologies on the duplicate text that found its way into last week’s newsletter. One of the wonderful features (lol) of Microsoft Windows is using CTRL+C/V to copy/paste text within documents and unfortunately sticky fingers can sometimes invoke this feature unintentionally.
can invoke this feature unintentionally.
😉
In other words, don’t blame us for the error — blame Microsoft!
Anyways, enjoy this week’s issue of WServerNews and feel free to send us feedback on any of the topics we’ve covered — we love hearing from our readers 🙂
Editor’s Corner
This week’s ruminations from Mitch Tulloch our Senior Editor…
Non-competes in a competitive world
One recent news item that caught my attention was about a bipartisan pair of U.S. senators introducing legislation to curtail the use of non-compete agreements across the American economy. You can read more about it here:
Senators propose near-total ban on worker noncompete agreements (Ars Technica)
Since about a third of our newsletter readers work for companies having 1,000 or more employees, I suspect that many of you presently have employment agreements that include some form of non-compete clause in them.
The last time I experienced this personally was back around 1996 when I worked for an internationally-known technical training company as a Microsoft Certified Trainer (MCT). My employment agreement with that company included a one-year non-compete clause, but after I left the company I chose to ignore it.
There was no fallout from the decision.
And the company itself is now defunct.
So I guess I’m OK.
How many of our readers are presently working under non-compete conditions? Do you feel any restriction concerning them? Are companies justified in including such clauses in their employment contracts? Have you ever experienced any fallout from having signed one previously to your present employment?
Let me know your thoughts on this subject: [email protected]
Changes in Software Assurance (SA) affect small businesses
The Microsoft Licensing site has apparently updated their Software Assurance FAQ by introducing some upcoming changes to their program which may significantly implact smaller businesses by discouraging them from using Volume Licensing (VL) and pushing them instead to purchase Microsoft 365 subscriptions:
Software Assurance FAQ (Microsoft Licensing)
See especially the following topics in the above FAQ:
- What’s changing with the Problem Resolution Support benefit? (found under 24×7 Problem Resolution Support)
- What’s changing with the Planning Services benefit? (found under Planning Services)
- What’s changing with training vouchers? (found under Training Vouchers)
The main takeaway seems to be that if you’re a small business using Microsoft VL and spend less than 250k per year on Microsoft software then you’ll soon be getting less support than previously. What do readers who use VL think about these coming changes? Email me at [email protected]
Changing passwords often is so 80s
For decades one of the basics of proper security hygiene has been recommending that users change their passwords frequently. According to Aaron Margosis, Principal Consultant at Microsoft and one of the key people behind the development of security configuration baseline settings for Windows operating systems, this recommendation is now no longer being emphasized by Microsoft. Here’s a quote from a recent blog post by Aaron about the latest security baseline for Windows 10:
Periodic password expiration is an ancient and obsolete mitigation of very low value, and we don’t believe it’s worthwhile for our baseline to enforce any specific value. By removing it from our baseline rather than recommending a particular value or no expiration, organizations can choose whatever best suits their perceived needs without contradicting our guidance. At the same time, we must reiterate that we strongly recommend additional protections even though they cannot be expressed in our baselines.
You can read his full post here:
Security baseline (DRAFT) for Windows 10 v1903 and Windows Server v1903 (Microsoft Security Guidance Blog)
Interestingly enough, some of you readers may have heard about how Internet registrar Network Solutions recently discovered that a third-party had gained unauthorized access to a limited number of their internal computer systems in late August of this year. Yesterday I received an email notification from Network Solutions concerning a domain name I have registered with them, and hear the bottom of their email is the following text which I’ve added highlighting to:
We have taken additional steps to secure your account, and you will be required to reset your password the next time you log in to your Network Solutions account. As with any online service or platform, it is also good security practice to change your password often and use a unique password for each service.
Oh well…
How many of you as users change your passwords often? How many of you admins have password policies in place at your organization that force users to frequently change their passwords? Why or why not? Email me at [email protected]
OK Google, please spy on me
And finally, a couple of recent news items that confirm my own suspicion that having smart technologies like Amazon Alexa and Google Home in your home is *not* a very good idea.:
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping (Security Research Labs)
https://srlabs.de/bites/smart-spies/
With a Laser, Researchers Say They Can Hack Alexa, Google Home or Siri (New York Times)
https://www.nytimes.com/2019/11/04/technology/digital-assistant-laser-hack.html
If you’re going to use any of these devices in your home, why not just leave your front door open and unlocked?
Got more thoughts about anything in this newsletter?
Email us at [email protected]!
Tell all your friends about WServerNews!
Please let all your friends and colleagues in the IT profession know about our newsletter. Tell them our latest issues can be found at wservernews.com while older issues dating back to 1997 can be found in our archive. And let them know also that they can receive WServerNews each week in their inbox by subscribing to it here. Thank you!
Got questions? Ask our readers!
WServerNews goes out each week to more than 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? Ask Our Readers by emailing your problems and/or questions to us at [email protected]
Subscribe to WServerNews!
Subscribe today to our WServerNews newsletter and join 200,000 other IT professionals around the world who receive our newsletter each week! Just go to this page and select WServerNews to receive our monthly newsletter in your inbox!
Tip of the Week
>> Got any IT pro tips you’d like to share with other readers of our newsletter? Email us at [email protected]
How to find vulnerabilities in your WordPress with WPScan (Admin by accident)
This article by Albert Valbuena explains how to use WPScan to check for vulnerabilities in your WordPress site:
Admin Toolbox
>> Got any admin tools or software you’d like to recommend to our readers? Email us at [email protected]
Watch 5-min demos for multi-cloud data protection. Learn how to send backups and replicas off site to a service provider’s hosted repository using Veeam’s Cloud Connect technology.
http://www.wservernews.com/go/rzqq3trc/
Looking for a professional email archiving solution which is easy to set up, intuitive to use and low-maintenance? Look no further. The solution you need is called MailStore Server. Try it free for 30-days:
http://www.wservernews.com/go/e43fwmfh/
Windows Kernel Explorer is a free but powerful Windows kernel research tool:
https://github.com/AxtMueller/Windows-Kernel-Explorer
Notepads is a modern, lightweight text editor with minimum design:
https://github.com/JasonStein/Notepads
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be run remotely or locally:
https://github.com/Arvanaghi/SessionGopher
Mailbag
Our item concerning the Internet’s 50th birthday in our last issue generated some feedback from our newsletter readers. We’ll start off with these comments from Steve Weisner where he describes what he feels are his bests and worsts about the Internet:
Hi Mitch, It would not be hugely difficult to come up with my top 20 (or 50 or 100) things that I love/hate about the internet but I’ll try to boil it down to one of each.
I think one of my favorite ways that the internet has benefited my life is the ability to research practically anything, looking at feedback and opinions from around the world. In particular, I think back to the days when I would go on vacation and visit the travel agent for help. Many times, they hadn’t even been to the destination before, but they still would recommend a hotel and I would just take them at their word because they were the experts. I’m sure travel agents today still have more expertise in this area than I do but with the internet I can do my own research, read more reviews than I ever wanted to read, try my best to filter out the outliers and unreasonable whiners, and then make my own decisions based on my own judgement. You can book an entire vacation without even leaving your desktop.
One of my least favorite aspects of the internet is the perception of many that “the cloud” is the answer to everything. It surely is a great answer to many questions, but many people tend to ignore the risks and complexities that come with that. Are they adequately protecting my personal data? Do they have proper Disaster Recovery procedures and protocols in place? Do they actually test them? Are they in turn just relying on OTHER cloud vendors to do all of these things on their behalf? What happens to my stuff if they go out of business overnight? The list goes on, practically forever.
I can relate to what Steve says here about researching things on the Internet. For example I love the fact that I can use Google Maps and other tools to locate a new restaurant I heard about and check out the reviews and find their opening hours and so on. On the other hand I’ve been occasionally misled by crowdsourced misinformation on Google Maps and by fake reviews and by business websites that aren’t kept up to date. I also have similar feelings to Steve about cloud vendors and that’s something I plan on exploring sometime soon in my articles on TechGenix.
Another reader named Matt Wright from Atlanta, Georgia seems to have a similar love/hate relationship with the Internet as I do:
Hi Mitch. Like pretty much everyone now, I am ‘all in’ on an Internet lifestyle. I crave information, so it is great having the world at my fingertips. Current sports stats, on-going world events, what distant friends and relatives are doing at this very moment, what is the history of this or that, etc. To have access to that information at all times is awesome (I do practice getting away from my computer or putting my smart phone back into my pocket to get back into the real world on a regular basis).
My biggest fear is how vulnerable we are to an Electromagnetic Pulse (EMP) Attack. An nuclear weapon exploded in the atmosphere would fry all electronics not properly shielded, and most aren’t. It wouldn’t take much to cripple this country, or any country and send us back into the stone age.
“Pry even suggested that a nuclear explosion in the atmosphere above Omaha, Neb., could black out Canada, the U.S., and Mexico. He predicted that an attack would lead to “damage too broad and too deep to repair, requiring years, if the U.S. could survive for years.” See:
That’s another topic — the resiliency of today’s Internet — that I plan on examining in a future article on TechGenix pretty soon…
Next comes Ted Bodfish who expressed some thoughts regarding my comment last issue where I remarked that the Internet — at least in its earlier pre-commercialized incarnation — made us imagine a world where everything was free but it hasn’t exactly turned out that way:
Hi Mitch, I read your comments about the internet’s 50th birthday. The phrase “imagine a world where everything was free” inspired me to write the following rant.
The internet is free. No it isn’t, and it never has been. Back in the early days, various government agencies, educational institutions and companies co-operated to build and maintain what became known as the internet. But those organizations paid for the connections between themselves and their neighbouring organizations. The employees, faculty members and students were given access to that network. Because they didn’t have to pull out their wallets to pay for their use of it, they just assumed it was free. And they told their friends it was free. Soon most people thought it was free.
Richard M. Stallman put forward the argument that software should be free. On the one hand, his position as a tenured university professor allowed him to write free software because his university provided the funds for him to pay his rent and purchase his groceries. On the other hand, his reasoning requires a complete rethinking of the ownership of not only software, but everything — including property, see:
https://www.gnu.org/philosophy/shouldbefree.en.html
Many people think that broadcast TV and radio is free. If the broadcaster is a government or a charity it is being paid for through taxes or donations. If the broadcasts contain advertising the viewers and listeners are paying for it through the increased prices of products advertised on those broadcasts. It may seem that a Google search is free, but you are paying for it indirectly through the fees paid for the advertising which appears on Google. Same thing for all those other platforms like Facebook, Twitter, etc., etc., etc.
So, I guess my point is: just because you don’t have to fork over some cash, or it’s not itemized on the bill you’re paying, doesn’t mean you are not paying for it.
Good point. Everything has to be paid for, somewhere, somehow.
If any other readers would like to express some thoughts on the Internet’s 50th birthday we’re still accepting them for another 51 weeks <grin>. Just email me at [email protected]
Two weeks ago we asked YWVD? i.e. Why Windows Virtual Desktop? We included some reader responses to this question in the Mailbag section of last week’s newsletter, and this week we received one more response from reader Jon Hill that some readers may find illuminating:
With regards to your reader’s question about equipment costs, the short answer is that we are definitely spending more for virtual PCs running on VMWare (server blades, RAM, datacenter-class storage) than we would have if we’d continued pushing out minitowers.
However, we decided to push ahead partly because the operational savings were nontrivial, but mostly because it enabled us to replicate every PC to our disaster site so that if our main office loses power or is otherwise unusable, we can get users up and running from home offices and shared office space.
We use Wyse zero clients to RDP into our virtual desktops. They’re cheap devices and have multiple USB and DisplayPort ports.
Jon has a really good point. Desktop management isn’t only about minimizing CapEX or even OpEx but includes other things like recoverability, reliability and security. So when you’re trying to decide between deploying new PCs or running virtual desktops on existing PCs, you need to consider each of these factors carefully.
And finally we mentioned three weeks ago how magazines like Maximum PC seemed to be getting desperate these days in trying to find useful topics they can feature on their covers to lure readers into buying them. This prompted reader Mark Van Noy last week to mention how he still enjoys reading Maximum PC, which led another reader Roger Foisy who is an IT Manager in Florida to respond with this comment:
I use the Readly app on my iPad, has Maximum pc and several other PC mags. Plus hundreds of others all for $9.99/mo.
My only problem with this is that $9.99 per month equals about $120 per year and I’d rather browse what I can find for free on the Internet and save the money instead for a nice dinner somewhere with my wife. And besides, I prefer reading magazines on paper as I spend way too much time already looking at screens.
But if anyone is interested in Readly you can find out more about it here:
The link above should redirect to a country-specific version for your locale.
Factoid – Dark Mode takes off
Last week’s factoid and question was this:
Fact: Most U.S. Dairy Cows Are Descended From Just 2 Bulls. That’s Not Good (NPR)
Question: We all know about the looming disaster happening in the banana world because of monoculture. Is something similar going to happen soon with milk products?
Howard from Brazil gave us the most interesting response on this one:
Bananas to bananas? We do not import them. I have personally raised three different varieties. I see at least 6 different ones on the local grocery shelf. The plants grow in all different sizes, the fruit in several colors and a big variety of sizes. Easy to grow, they bust concrete sidewalks, flowers’ nectar adored by bats, plants very susceptible to rust infections though and the tree sap is impossible to wash out.
It must be nice living in Brazil…
What’s really in trouble is coffee. There are really only two species. Arabica is used for fresh coffee, the other (forgot the name) is for freeze dried caffeine free. It’s a fad around here, McDonalds is advertising they use only Arabica (they always did!). Only difference? Growing conditions/water.
Hmm , that doesn’t sound good. If some dreaded blight strikes coffee plantations around the world then the Internet will likely grind to a halt!
😉
Now let’s move on to this week’s factoid:
Fact: Developers everywhere jump on the Dark Mode UI bandwagon as The Latest Thing. Scientific research suggests differently however:
Question: What do you think of the new trend towards Dark Mode? They’re available in Windows 10:
https://www.howtogeek.com/222614/how-to-enable-windows-10s-hidden-dark-theme/
and Apple iOS 13:
https://support.apple.com/en-ca/HT210332
and Android 10:
https://developer.android.com/guide/topics/ui/look-and-feel/darktheme
and so on. How do you feel about this growing trend?
Email your answer to [email protected]
Conference calendar
>> Got an IT conference or event happening that you’d like to promote in our newsletter? Email us at [email protected]
Microsoft Business Applications Summit
April 20-21, 2020 in Anaheim, California
https://www.microsoft.com/en-us/BusinessApplicationsSummit
Microsoft Build
May 19-21, 2020 in Seattle, Washington
https://www.microsoft.com/en-us/build
Microsoft Inspire
July 20-24, 2020 in Las Vegas, Nevada
https://partner.microsoft.com/en-us/inspire
Other Microsoft events
Microsoft Licensing Boot Camps – Dec 9-10 in Seattle, Washington
https://www.directionsonmicrosoft.com/training
Infosec conferences
Cyber Security Summit – Nov 21 in Houston, Texas
https://cybersummitusa.com/houston19/
Cyber Security Summit – Dec 5 in Los Angeles, California
https://cybersummitusa.com/losangeles19/
Other conferences
European SharePoint, Office 365 & Azure Conference – Dec 2-5 in Prague, Czech Republic
https://www.sharepointeurope.com/
SharePoint Fest – Dec 9-13 in Chicago, Illinois
https://www.sharepointfest.com/Chicago/
Podcast Corner
Critical infrastructure security with Eric Rosenbach and Robert M Lee (Risky Business)
https://risky.biz/netcasts/risky-business/
Azure Quantum with Julie Love (Microsoft Cloud IT Pro Podcast)
https://www.msclouditpropodcast.com/
Microsoft Ignite 2019 Announcements (Microsoft Cloud Show)
http://www.microsoftcloudshow.com/podcast
Managing Groups and Teams in Office 365 with Tony Redmond (RunAsRadio)
New on Techgenix.com
Snapshots are not supported in Exchange — so don’t use them!
Snapshots may seem like an easy way to restore a balky Exchange server. But Microsoft doesn’t support this practice — for good reason.
https://techgenix.com/exchange-snapshots/
Top 6 data governance tools your company should be using
Data has become indispensable for performing everyday tasks in organizations. Here are data governance tools to help manage massive amounts of data easily.
https://techgenix.com/data-governance-tools/
Review: CoreView CoreAdmin for Microsoft Office 365
CoreView simplifies the challenging management of Microsoft Office 365 by creating its own management interface. Here’s our review.
https://techgenix.com/coreview-coreadmin/
Johannesburg hit by another ransomware attack
Deja vu for residents of South Africa’s largest city: Johannesburg, hit by a ransomware attack in July, has just been hit by a new one.
https://techgenix.com/johannesburg-ransomware/
Boosting DDoS protection in Microsoft Azure with DDoS Standard
Azure offers good DDoS protection for free. But sometimes good isn’t good enough. Should you consider adding DDoS Standard to your cloud infrastructure?
https://techgenix.com/ddos-protection-microsoft-azure/
Fun videos from Flixxy
Selfie At The Wrong Place And Time
Oops! Photographer’s iPhone flies out of plane window. The look on his face is priceless:
https://www.flixxy.com/selfie-at-the-wrong-time-and-place.htm
Shin Lim Does Magic On The Kelly Clarkson Show
America’s Got Talent winner Shin Lim shows his magic skills at The Kelly Clarkson Show. Max Greenfield and Kelly Clarkson are seriously impressed:
https://www.flixxy.com/shin-lim-does-magic-on-the-kelly-clarkson-show.htm
Arnold Motivates To Exercise
He convinced us. We’re going to practice!
https://www.flixxy.com/arnold-motivates-to-exercise.htm
Cats vs ‘Invisible’ Wall
An adorable family of cats are completely bewildered by an ‘invisible’ wall made of plastic wrap:
https://www.flixxy.com/cats-vs-invisible-wall.htm
More articles of interest
Get to know VM networking basics
To better help admins virtualize their data center operations, they should get to know these key VM networking terms.
What Windows 10 migration tools are available to IT?
A Windows 10 migration is a long, tedious journey, but there are tools to help. Discover 3 unified endpoint management tools that can streamline the process.
A quick look at the Exodus MDM migration tool
A bunch of former AirWatch folks built an MDM migration tool, which could be useful as companies contemplate EMM refreshes, update deployments, or go through organizational changes.
Tips to use for microservices in mobile app development
With mobile apps dominating enterprise customer interactions, developers must dig into microservices architectures, brush up on programming skills and decipher business requirements.
Send us your feedback!
Got feedback about anything in this issue of WServerNews? Email us at [email protected]