In this issue:
Must read in Mailbag this issue: should our IT profession be certified? Back and forth on patching EOL products. Linux dominates the enterprise—will Microsoft dominate Linux? Worried about SOX compliance? Some favorite “What is” tutorials. How-to various Linux stuff. Learn infrastructure-as-code for free. IT Bookshelf: Cybersecurity for Information Professionals: Concepts and Applications. Completely Outdated Badly Overused Language? Videos for motorcycle fans. Hey aliens, no one lives here on Earth so please go away! Plus lots more — read it all, read it here on WServerNews!
Last week’s newsletter where we revisited the relevance of IT certifications generated some good comments from our readers. We’ve selected the two most thoughtful and thought-provoking ones for sharing here. First off the mark is this email we received from Tim Plas who lives in Minnesota, USA:
Hi- I quite agree with your finding that one of the main benefits of IT certification is a structured learning path. I personally have been on again / off again about certs through my career. I needed it a couple times due to an employer needing “X” number of certified people for partnering with a particular vendor.
But mostly, I’ve found the biggest benefit to me is the structured learning – forcing me to explore various nooks and crannies of technologies that I wouldn’t otherwise typically encounter in day-to-day work, and to truly go deep (with lab exercises, etc.).
Now that I’m semi-retired, I still want to keep up on certain areas. But the cert itself is no longer the goal at all.
And in fact, the cert exam process really turns me off. I initially liked the idea of online exams, but the proctoring process has gotten really obnoxious. For the couple online exams I took, I really disliked having to totally rearrange my office to meet their requirements. And I’ve heard _SO_ many horror stories about people’s exams being terminated by over-zealous proctors, for exceedingly minor details. They might as well use an actual proctoscope.
Anyway, “yes” on the cert-related learning paths. And “no” for me on the actual exams, unless the piece of paper helps your employer meet a requirement.
Thanks. I also have a dislike for such exams and while I no longer pursue getting certifications I’ve occasionally used lists of objectives for certification exams to help guide my own study and practice of certain computing and networking platforms.
And next up is the following email we received from Brian Poppenwimer the IT Director for a multi-disciplined engineering, architecture, surveying and environmental firm located in New York. Brian raises the interesting and perhaps important question in his comments that it’s not so much that IT professionals need certifications but that the IT profession itself needs some form of government-recognized, vendor-neutral certification:
Certifications, that is a slippery slope. I myself see a lot of the certifications that are being created as worthless. That of course is my personal opinion. My experience with certifications in my career has been (and I guess I am dating myself) CNA/CNE 3/4/5 (what good those Novell Certs are doing me now) and then MCP on Windows NT 3.51. That is where I stopped. It was at that point, where I became very annoyed with the exams. I had taken the Windows NT 3.51 course at New York University in their continuing education program, where I learned a lot and received an A for the class. I went and took the first Exam with Microsoft and I barely passed it. The reason I barely passed it is because it felt like I was taking an advertisement, not an exam. They were not testing me on how to use the product, configure it, or troubleshoot it. There was a whole section of questions that to me just felt like advertisements, asking me about what products to use in what situations. It really angered me to have to pay for an advertisement to get a certification.
Next up, I took a CCNA and TCP/IP class at NYU (I saw the end of IPX in the near future). Once again I did well with the class, learned so much, but after the last experience I just didn’t feel like taking the exam, and didn’t bother. From this point going forward I always thought about getting more Certs, but just didn’t bring myself to do it. I just see the industry today as a commercialization of education. They give out a cert, but of course they charge fees, and they offer training, and training materials, and practice test materials, etc. Just money after money after more money.
As the years went on, I started hiring people to work for me. I always looked at the certs they had earned. I thought that it was great they had learned all this stuff. BUT, when I started interviewing people, those certs meant nothing. Half of them wouldn’t have the knowledge of a entry level position. I have no clue how they were walking around with more Certs than I had and could not do what I was asking them. I was seeing A+ Network+ MCSE and CCNA on people’s resumes and I would not even hire them for an entry level position. I would ask about the certs, and they had just been pushed through courses, and passed the tests, they didn’t actually know the stuff.
I work for a Engineering firm, and Certifications are very important here. Things Like PE (Professional Engineer), LLS (Licensed Land Survey), AIA Architecture. But these Certifications are given by the state, and actually have a meaning behind it. They have to work for years, show the experience that they got, had to have people sign off on that experience, and then finally take an exam. They then become certified to sign blueprints of their work.
This is what we need, some kind of governing body that gives exams, and maintain certifications, track experience and continuing education. It should also be somehow government regulated and not in it to make money. That is how we will earn respect. Otherwise the certification will mean nothing to me, and I will consider it a waste of my time. I don’t need a certification as a goal to learn something, not especially when I have dump hundreds of dollars to them to say I learned it.
At the moment, I have interest in the CISSP, because they do require an exam, after you show your years of experience, and then have continuing education credits to maintain it. It seems closely modeled after the PE (Professional Engineer) certification. But I still see it as commercial, as they are selling books and learning materials to their own certs.
I mean come on, right in the middle of the page of the information about CISSP is this:
Yup, lets not focus on what you will learn, or the skills you will get, lets sell you some training right away!
I mean come on, look at how many things the state, such as New York Licenses: NYS Licensed Professions (nysed.gov). Why can’t the Information Technology industry have something like that available to them. But instead we just have commercial things pop up that are only good as the paper they printed on, because who knows how long it might last.
After being in the industry for almost 30 years, I actually finally decided to some more training, but not for Certifications from some random company. I decided to finally go back to University and earn my Masters degree. I feel at least that will hold up better than Certification would.
I really do want to see some kind of certifications, give people a path to show their skill levels, but as the industry is right now, it is just a commercialized selling mess.
PS: I hate test taking, I am a hands on person. The stress I get over taking a test are high, but I took a lot of exams over my time. I would get nauseous every time I would go to take an exam and it would add more pressure when there was money involved.
Excepting from Brian’s above email and rephrasing a bit, let me pose the following question to our newsletter readers: Do you agree or disagree with the following statement:
We need some kind of governing body for our IT profession that gives exams, maintains certifications, tracks experience and provides continuing education. It should also somehow be government regulated and not in it to make money. That is how our IT profession will earn respect.
Agree or disagree? Why or why not? Email us your thoughts!
Got comments about anything in this issue?
Email us! We love hearing from our readers!
Help spread the news!
In the Editor’s Corner of our June 27th newsletter I talked about some vulnerabilities that were recently discovered in several Cisco small business router models and I said that Cisco could do better by patching these vulnerabilities even though the particular models involved have reached end of life (EOL). My reasoning was that many small businesses are struggling right now with escalating inflation affecting the cost of inventory, supplies and energy costs. And on top of these problems there remain ongoing supply chain problems that not only impact the availability of tech hardware but also their cost. My comments generated feedback from a couple readers and one reader in particular took issue with my view of the situation. Here is what Jeffrey Harris, one of our long time newsletter readers who resides in New York, USA has to say on this subject:
Mitch, I have a perspective on the points you brought up about the critical vulnerability in the Cisco routers you cited that are end of life.
First, I looked up the RV110W model on the Cisco site and found this page:
The end of life was announced in 2016 and last software update was scheduled for 2018. Businesses have had 5.5 years to switch to a new model. The other model announcement dates may be later, but Cisco is good about providing at least a few years notice before ending support.
Second, while it might be true that the older models are still for sale and the newer ones are scarce and expensive, that was not necessarily true two or three years ago. I am sure Cisco had small business routers readily available for purchase at reasonable prices relative to today.
Third, I understand the mentality that if it is working, why should I replace it? It is one of the core problems with security of critical infrastructure that relies on operational technology (also known as SCADA) – bridge controllers, pipeline controls and monitoring equipment, municipal water purification systems. Things work until they do not, and with IT, just working is no longer good enough. It has to be supported. Otherwise, when something bad happens (i.e., CVE-2022-20825), the business is at substantial risk of being hacked. And it is the IT support person or managed services provider who is liable, unless they have something in writing that they tried to have the client replace out of date hardware, and they explicitly chose not to.
Years ago, I had a client who had a pair of Cisco ASA routers, and they worked fine, and I kept them patched when new updates were released by Cisco and the client had support agreements for their routers, and all was well. But when Cisco announced the end of life for those models, I worked with the client to replace them. For their needs, a SonicWall device was a better (and cheaper) choice, and I swapped out the devices and retired the ASA routers. I also took them through one more round of hardware replacement when that SonicWall device reached end of life (I am no longer supporting any clients, but I expect they would probably need a new replacement by now).
I know companies do not want to replace working equipment, but these are key components to keep their assets safe and their businesses continuing to make money, and having supported equipment could be the difference between continuing to be a going concern and filing for bankruptcy.
Finally, while it would be nice if Cisco had made an exception to its end of life policy for this vulnerability, where does it end? There would likely still be unpatched vulnerabilities in these devices, and while a patch would prevent the most severe vulnerability from occurring, there are probably dozens of other vulnerabilities still unpatched that leave the client at risk. A hacker would want to try the most severe vulnerability first, but if that does not work because it has been patched, they can then try others. And it also gives a false sense of hope that somehow, by running out of date hardware, the vendor will miraculously step in to fix all their issues, ignoring the window of time that the hardware is without any patches and therefore still vulnerable to all of the existing vulnerabilities in the meantime.
In regards to the Microsoft analogy, yes, it is true that Microsoft does release patches for severe vulnerabilities for other operating systems, but we cannot forget that support has ended for Windows XP, Windows Vista, and Windows 7 (with a few exceptions for Windows 7), and it is still unsafe to run those operating system except offline or on a closed networked. I have one Windows XP system that store data on that is completely offline – no network cable attached, and the Ethernet adapter is disabled; that is the only way I would consider running anything less than Windows 10. An unpatched system with one new patch installed is still an unpatched, unsafe system. And this is a reminder to all of us to replace our own home routers when they reach end of life.
In normal times I would agree almost totally with what Jeffrey says above, but these last several years have been anything but normal. The COVID-19 pandemic caused great stress for businesses as they had to quickly adjust their workforce to remote work. Supply chains were also greatly impacted resulting in business having difficulty obtaining raw materials and products needed to sustain their operations. Production and delivery of tech products for both consumers and businesses were disrupted causing many additional difficulties. And the recent conflict in the Ukraine, disruption in energy supplies, skyrocketing inflation, escalating wage pressure, and continuing supply-chain interruptions due to China’s Zero-COVID policy have created a scenario where—in my opinion—tech vendors like Cisco need to think carefully about the possible consequences to customer loyalty towards their own brand if they don’t make an effort to bend over backwards to accommodate customer needs during this difficult economic time—a time we’re probably just beginning to enter and which is likely to last perhaps 3-5 years.
So in my opinion it’s not too much to ask—and would likely positively impact customer loyalty to their brands—if tech companies like Cisco back off on pushing their customers on their accelerating and never-ending upgrade treadmill and instead extend the lifecycle of existing products they sold which are still widely deployed, especially in the small business market which has been disproportionally impacted by the pandemic and by supply-chain problems. Large enterprise customers have the resources to survive such situations if they employ them appropriately; when bad times come the big fish usually get bigger while the smaller fish often get gobbled up.
So come on, Cisco, how about releasing patches for those small biz routers that are now EOL? Do it at least for the most serious vulnerabilities as it’s not just about protecting the customers who are using those routers, it’s about safeguarding our whole tech-powered ecosystem. Everyone will suffer if such vulnerabilities aren’t patched because everything is connected nowadays, and you can’t just blame the small business owner for not upgrading to a newer router model when his business is on the ropes and hanging by a thread. You’re to blame too, Cisco, if you don’t gird your loins and join the battle again instead of sitting back and just skimming the cream off the top. Or should I start investing my money in 0patch with the expectation that someday they’ll start issuing third-party patches for EOL routers from Cisco and other networking vendors??
Anyways, just my two cents as a tech guy, an amateur economist and part-time sociologist, plus a fascinated watcher of world events as they continue to unfold.
If any other readers of our newsletter would like to comment on this matter feel free to email me and join the discussion.
And as usual we hope that you enjoy this week’s issue of WServerNews, feel free to email us your comments or questions about anything in this newsletter.
This Week in IT
A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in. And for more tech news coverage see the News section of our TechGenix website.
Lots of stuff happening in the tech industry has been on radar this past week but the big news item that caught our attention is Lennart Poettering the developer behind systemd, the software that controls what happens when many distros of Linux boot up has left Red Hat (IBM) and moved over to Microsoft (Phoronix). Wow! At the time of writing there’s no official news yet about this on Microsoft’s website but this news is bound to shake up the Open Source world quite a bit. Microsoft has repeatedly said how they love Linux in this exciting new cloud-first world (ZDNet) and acquiring Poettering for their team to continue systemd development is another sign how committed Microsoft is to Linux and the Open Source paradigm. After all Linux has been more popular on Microsoft Azure for several years now Microsoft’s own Windows Server operating system (ZDNet).
Then there’s Windows Subsystem for Linux (WSL) the component for Windows 11 and Windows 10 version 2004 or higher that lets you run a GNU/Linux environment directly on a Windows computer without needing the overhead of running a full virtual machine or dual booting between operating systems. By using WSL you can install Ubuntu, OpenSUSE, Kali, Debian, Arch and many other Linux distros directly on your computer and use Linux tools like Bash and Grep alongside native Windows tools. And version 2 of WSL supports full system call compatibility letting you run a full Linux kernel and provides improved file I/O performance across operating system file systems. Plus there’s the recent announcement that WSL2 distros are now supported on Windows Server 2022 which means you can now have the same Linux experience on both server and desktop SKUs of Windows using WSL2 (Windows Command Line Blog).
Because we’re so excited (yawn!) about this news we’re going to hold off talking about other Windows news this week and focus instead of what else has been happening lately in the Linux universe. Are you ready, Penguin lovers?
It used to be that Microsoft attracted all the attention of malicious hackers. They seemed mostly happy to leave macOS and Linux alone for the most part. Not any more (Ars Technica). Will Microsoft’s growing footprint in the Linux/FOSS landscape cause the Black Hat community to up their targeting of Linux systems? What do you think?
Open Source software already dominates the enterprise (ADMIN Network & Security) and it’s also steadily making greater entry into government sectors in various countries, such as the UK government where research by Aiven shows that more Open Source software is being used now in this sector than five years ago (BetaNews). We’re pretty sure we can expect this trend to continue and even accelerate given the polarizing nature of Windows 11 (BetaNews). After all some modern Linux distros are so simple and easy to use that even Windows users can like them (Linux Magazine)!
In other Linux news popular Open Source email client Thunderbird recently released a new version that includes some much-requested features that can improve productivity for users (Thunderbird). And text warriors may be happy to learn that version 9.0 of the popular Vim text editor has just been released with a whole bunch of gnarly new features (UbuntuHandbook).
And finally if you’re hosting Linux servers in Microsoft Azure then this article goes into some good detail on how to use secure methods for authenticating to those servers (Manufacturing blog). Remember that it’s as important to secure and protect Linux workloads running in Azure as it is Windows Server workloads.
See also the Tips and Tutorials section further down in this week’s newsletter for more Linux stuff.
Upcoming webcasts, events and conferences
Got an event, conference or webcast you want announced in our newsletter? Email us!
GUADEC 2022: the GNOME community’s largest conference is back! – July 20-25 in Guadalajara, Mexico – More info
Virtual Event: Open Source Summit Latin America – August 23-24 – Register
Also be sure to check out the following event listings:
- Redmond Channel Partner’s calendar of upcoming Microsoft conferences for partners, IT pros and developers.
- TechRepublic’s 2022 tech conferences and events to add to your calendar.
Got questions? Ask our readers!
WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!
Meet the Editors!
MITCH TULLOCHis Senior Editor of WServerNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.
INGRID TULLOCH is Associate Editor of WServerNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.
Subscribe today to WServerNews!
Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.
IT Workshop – tools, whitepapers and more
Got a product or solution or some other resource you’d like to tell our readers about? Email us!
Our TOOL OF THE WEEK is Enzoic for Active Directory Lite a free password auditing tool for Active Directory. See your domain’s password vulnerabilities in seconds!
Worried about compliance with Sarbanes-Oxley (SOX)? Check out our Guide to Success on TechGenix!
With ETI from IgniteTech you can access, integrate and deliver data efficiently throughout the enterprise — regardless of format, complexity or size.
Need to move computers from one Active Directory domain to another domain? User Profile Wizard from ForensIT Software can help. Free download!
Lithnet Idle Logoff is a group-policy enabled utility for logging off idle windows user sessions.
Tips and Tutorials
Got tips or tutorials you’d like to recommend for our readers? Email us!
A good way to get your head around any technology area is to begin by reading a well-crafted article on the subject that starts with “What is…?” Here are a few of our favorite what-is guides from our TechGenix website:
Got a what-is topic you’d like to see covered on our website? Let us know!
And since we’ve focused on covering Linux news in this issue of WServerNews we thought we ought to serve up a few How-to tips on Linux. Here goes…
How to Create USB Installer for Windows 7/8/10 in Ubuntu 22.04 Linux (UbuntuHandbook)
How To Install Third-Party Linux Applications with Deb-Get (Tom’s Hardware)
Portable home directory with state-of-the-art security (ADMIN Network & Security)
Everything You Need to Know about Linux Input-Output Redirection (Linux Journal)
Packaging a WSL Distro to MSIX (Windows Dev AppConsult)
How to Use Nohup to Run Linux Scripts Unattended (Tom’s Hardware)
Doas authenticates as a simpler version of Sudo (Linux Magazine)
That’s probably enough for now, hopefully some of our readers have gleaned something useful from the above. Enjoy!
Got a freebie you want to offer our readers? You can reach almost 200,000 IT pros worldwide with our newsletter—email us!
Learn infrastructure-as-code (IAC) by downloading this free step-by-step guide from Linode. Covers Terraform, Ansible, Puppet, Chef, and Salt.
IT Bookshelf: Cybersecurity for Information Professionals: Concepts and Applications
Cybersecurity for Information Professionals: Concepts and Applications (CRC Press, 2020) is a collection of research papers by different authors that explore the relationship between information professionals (IT/dev) and cybersecurity. Many of these papers will only be of interest to academics, but some of them may be interesting for IT decision-makers to peruse and also for cybersecurity experts in general. I read through portions of several of these papers as certain topics interest me very much.
For example chapter 2 identifies trustworthiness as a top qualification for cyber information professionals while chapter 11 examines how certain psychophysiological and behavioral measures could be used to detect malicious activities. Both of these chapters deal with a very important aspect of cyber security—the problem of insider threats. Evaluating the trustworthiness of information professionals either while currently employed by your organization or during the application process for employment involves appraisal of complex factors involving psychology, social behavior, education, and skills. Both of these chapters wade into this difficult subject and offer practical recommendations based on theoretical models and experimental results. My impression from reading these two chapters is that the subject of determining trustworthiness of people is still somewhat in its infancy despite much thinking and attention having been given it by experts in various academic fields.
Another chapter which I found thought-provoking was chapter 4 on the challenge of bridging the cybersecurity talent gap through education (and also by the use of video games in chapter 6 though not being a gamer this interested me less). Having been an educator myself in earlier years I see only too clearly the difficulties associated with training new cybersecurity professionals in order to meet the pressing need for these in today’s online world. Developing programs by themselves, whether at the national or university level, or at technical schools and community colleges, is simply not going to bridge this growing and alarming gap or fulfill the dire and pressing need for more cybersec talent in business, industry and government. A key for ensuring these programs achieve at least some of their desired goals is to focus on aligning curriculums more closely with workforce roles and needs as the authors of this chapter indicate.
Several other chapters in this book look like they might interest me so I’m adding my copy to the slush pile of books I’m accumulating for reading when we take our vacation later this summer. And I recommend that readers of our WServerNews newsletter who are interested in the field of cybersecurity also consider reading it, particularly if you have an academic background (B.A./B.Sc. or higher). If you’re interested you can buy this book from Amazon.
Factoid: Completely Outdated Badly Overused Language (COBOL)?
Our previous factoid was this:
Fact: There’s surprising stuff lurking under the hood even in the latest versions of Microsoft Windows (Born’s Tech and Windows World)
Question: What’s the most surprising legacy junk you’ve stumbled across yourself in Windows 10 or Windows 11?
No one responded specifically to our question but one reader Jim Shaffer from Maryland USA did offer us some comments about replacing old technologies:
Mitch, a lot of today’s technology is great and extremely useful but unfortunately technology is constantly evolving and the old gets left behind or loses some functionality. Some examples:
I have to replace my old iPhone, which works just fine for my needs, because the Verizon network will no longer support 3G service. Related, some of the apps no longer work because iOS has evolved and newer versions of it are not supported on my phone.
Isn’t it wonderful that MS is offering free upgrades from Windows10 to Windows11? Not real useful if the hardware won’t support it. The small company where I work got some refurbished computers to run Win 10 at the end of 2020, so we will stick with Win 10 for another few years.
And I am quite happily using Windows7 at home although I have to switch to my wife’s laptop with Win10 to use my income tax software because it will not load to Windows7.
Yup, at our business we too plan on sticking with Windows 10 for the foreseeable future. In fact we’ll probably drive it till the wheels fall off—just like our old BMW.
Now let’s move on to this week’s factoid:
Fact: The first ever COBOL front-end for the GCC compiler was released recently a few months ago (Hackaday)
Question: Have any of our newsletter readers ever programmed in COBOL? [EDITOR’S NOTE: I have—once. Am I the only one?]
Email us your answer and we’ll include it in our next issue!
Fun videos from Flixxy
Are you a fan of motorcycles? We are!
Motorcycle Driving 300km/h On Autobahn Gets Passed By Audi RS6 – A guy doing 300 km/h (186 mph) on his motorcycle on the German autobahn gets casually passed by an Audi RS6.
Arc De Triomphe Motorcyle Jump – Red Bull paid Robbie Maddison $2,000,000 to achieves the impossible – jumping his motorcycle to the top of the Arc de Triomphe at the Paris Las Vegas.
Motorcycle Lake Skimming – Is it possible to drive across a lake on a motorcycle?
1867 Steam Powered Bicycle – A working replica of the 1867 ‘Roper Steam Velocipede.’
The odd, the stupid and the remarkable. Good for your mental health.
How to Move a Full-Sized Church Organ From a House to a Museum (Hackaday)
[The ultimate roadie challenge!]
UK, EU Cars (But Not Bikes, Yet) Fitted With Speed Limiters (Adventure Rider)
[What about having *low* speed limiters for dilly-dallying drivers?]
Coffee Drinking Linked to Lower Mortality Risk, New Study Finds (The New York Times)
[I’ll drink to that!]
Estimating the prevalence of malicious extraterrestrial civilizations (Arxiv.org)
[Maybe we should just shut up and stop broadcasting our presence in this corner of our galaxy.]
Hey reader! Got an amazing or weird or funny link you’d like to suggest for this section of our newsletter? Email us! But please make sure that it’s G-rated as in “Gee whiz”, “Golly!”, “Good grief!”, “Gaaahh!!” and so on. Thanks!
Please tell others about WServerNews!
We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!