In this issue:
Mailbag. Editor’s Corner. This Week in IT – hardware, cybersecurity. Windows news. Windows Server news. Spy vs Spy. IT Bookshelf: The Security Risk Assessment Handbook (3rd Edition). Opening the box. Plus lots more — read it all, read it here on WServerNews!
If you could get any job you wanted as an IT professional, where would you want to work? Photo by Markus Winkler on Unsplash
Mailbag
In last week’s issue I shared how I had just discovered that Corel still develops and sells WordPerfect, which is software I hadn’t seen or heard about for many, many years. I asked if any of our readers knew about this or still used WordPerfect, and several responses came back to me:
Still use WordPerfect? Yes, yes, absolutely, yes. I am punished daily at work with having to use Microsoft Word. At home I have remained a WordPerfect user since the DOS days. I even used WordPerfect for Linux back when Corel made it. I will never give up the Reveal Codes functionality. Ever. One of the greatest things about WordPerfect is that despite being acquired by Novell and then Corel, the file format is still fully compatible with every version back to WorkPerfect 5.0 for DOS. Oh, WorkPerfect also ships with a cut down version of the Oxford-English dictionary and thesaurus. I know we are all in IT, but my degree is English: Creative Writing so I both care about my word processor and have files that old that I still care about as they are not time sensitive. My Maximum PC subscription is also very much in good standing; reader since it was called Boot. –Mark Van Noy
Ages ago, when I was working for a CPA, Certified Public Accountant, he had some attorneys as clients, and whenever I got stuff from them, it was always WordPerfect files. I finally asked the boss, why WordPerfect and not MS office. He told me that attorneys/lawyers only used WordPerfect, they would not touch MS office. Maybe it was only our little area of the world, but he said the legal profession only used WordPerfect. I’m not one to argue with the boss, so I just said, Ok. It’s probably not true now-a-days, but it was so odd, that I think about it every great once in a while. Anyway, thanks again for the newsletter. –Michael Hallsted
And two weeks ago in our issue titled Is Open Source security an illusion? I asked our readers whether they thought Linux was more secure than Windows, my own answer simply being “it depends”. Martin Urwaleck from Vienna, Austria reached out to us to share his thoughts as follows:
Hi Mitch, as you already said – it depends. We are a Microsoft shop with some exceptions:
- Our current ticket system is linux-based
- Our network management is linux-based
- We have some virtual appliances from different vendors with no access to the underlying OS
Why? Because the application matters and not the underlying operating system. And as I have no linux guy in my team (and I will never have one) I have an external consultant who manages these machines.
Another topic: Microservices / Containers. There’s a lot of Linux Docker containers out there ready to be used – but it’s a hassle to get Linux containers running on Windows servers (don’t even think of running this productively). It’s much easier under Linux…
Martin is absolutely correct of course, it’s applications that matter, not the underlying platform they run on. The platform needs to be reliable, scalable etc of course, but without apps your business can’t operate. What do other readers think?
Got questions? Ask our readers!
WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!
Help spread the news!
Please tell all your colleagues and friends about WServerNews and its companion newsletter FitITproNews, and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!
Editor’s Corner
Last week I stumbled across the following article on PCMag:
The 100 Best Companies to Work for in 2022
https://www.pcmag.com/news/the-100-best-companies-to-work-for-in-2022
I clicked on the link in the article, which took me to the referenced GlassDoor article where I saw that their reviewers had rated the top 100 companies to work for in the USA. Below are numbers 1 to 10 along with short descriptions taken from Google and Wikipedia or my imagination in case you’ve never heard of some of them before:
- NVIDIA – I think we all know who these guys are and what they do and sell.
- HubSpot – A developer and marketer of software products for inbound marketing, sales, and customer service.
- Bain & Company – A management consulting company headquartered in Boston.
- eXp Realty – A fast-growing real estate company that operates as a a global cloud-based brokerage.
- Box – Develops and markets cloud-based content management, collaboration, and file sharing tools for businesses.
- Boston Consulting Group – Describes itself as a global consulting firm that partners with leaders in business and society to tackle their most important challenges.
- Google – Never heard of them. Do they make mouthwash?
- Veterans United Home Loans – Good cause, helps U.S. Veterans become homeowners.
- lululemon – Sells funny-looking clothing, or maybe candy.
- Salesforce – A provider of enterprise cloud computing solutions with a focus on customer relationship management (CRM).
None of the above companies really interest me workwise as an IT professional and some of them aren’t really tech-focused anyways, though I have heard that Google might have a couple of computers sitting somewhere in their office.
But seriously. Returning to the PCMag article, the graphic at the start of the article lists the following tech companies as being among the top 100 of GlassDoor’s reviewers’ ratings:
- NVIDIA
- HubSpot
- SalesForce
- ServiceNow
- Meta (Facebook)
- eBay
- Cisco
- VMware
OK looking at these I see I do know a few individuals at several of these companies, but I wouldn’t be interested in working at any of them myself except perhaps Cisco or VMware, mainly because of my interest in networking and server/cloud technologies. But it does raise an interesting question which I hadn’t really considered for some years:
If you could work anywhere doing the kind of IT stuff you enjoy doing, what company(s) would you like to work at?
Let me throw this out to our newsletter readers: What would your ideal employer look like? What matters to you most in getting a job in IT? Is location important to you? Company culture that aligns with your personal values and lifestyle? Good management people and practices? Working with cutting-edge technology? Big salary with lots of benefits?
I’d love to hear your thoughts on these questions, and why your choices matter to you. Email me.
And what about GlassDoor? Think it might be useful to you if you’re job-hunting? Or if you’re looking to hire more people for your company? Share your thoughts with us.
This Week in IT
A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in.
Let’s start off with hardware. Tom’s Hardware says that Intel will be officially supporting it’s mysterious Software Defined Silicon (SDSi) mechanism in Linux when kernel version 5.18 is released which will probably be some time before summer this year. The article goes on to explain that “Intel SDSi is a mechanism for activating additional silicon features in already produced and deployed server CPUs using the software.” That sounds like processors of the future may support “pay-as-you-go” upgrades for adding cool new features on your existing hardware. Of course the thought that comes to my mind is, how long will it take before someone learns how to hack these new processors to turn on new features without needing to pay for enabling them? Implementing this capability first on Linux sounds like a good strategy however since tests have apparently shown that recent improvements in the Linux kernel have made Linux beat Windows 11 in performance benchmarks when the two platforms are run on Intel’s Alder Lake processors (also Tom’s Hardware). And in other hardware-related news, Western Digital confirms—as expected—that with the escalating rise in NAND pricing one can expect SSDs to get more expensive (Tom’s Hardware again). On the other hand, with the ongoing collapse of the crypto marketplace it looks like high-end graphic cards may be rapidly falling in price—so go grab some while you can get ’em (once again Tom’s Hardware, great site) so you can build that next great gaming rig you wanted, or perhaps a singularity (The Register).
Cybersecurity matters continue to make the news, as usual. Now that war has (depending upon your viewpoint) broken out in the Ukraine it’s interesting to speculate how this might impact the cloud and data center industry (DataCenter Knowledge). FBI officials have been sounding the alarm about malicious QR codes being used to redirect victims to malicious websites (Axios). A new flaw has been discovered in the Snap Package Manager for Linux, so better make sure your Linux systems get patched right away if they haven’t been patched recently (The Hacker News). That same site also informs us that Microsoft is warning customers about “ice phishing” but hey, I’m a Canadian and it’s -30 C below outside right now and there’s no way I’m going to go fishing on the icy river near our home, so no worries as far as I’m concerned—Microsoft, take a pill.
However—and this is BIG news for those still doing remote work from home—watch out for malicious actors trying to drop malware into your Microsoft Teams chats (ITPro). Now if that is possible, then why not also in Zoom, Cisco Webex, Google Meet and other online meeting software? And then there’s this report from ITPro telling us that LinkedIn phishing attacks have surged 232% since the beginning of February. Clearly these are dangerous times we live in, so better make sure you have good cybersecurity software in place for your organization. Check out Kerio Control the next-generation firewall and unified threat management product for small and medium-sized businesses (SMBs) that are looking for a comprehensive solution for their security needs. (GFI sponsors our newsletter so please click the above link—thanks!)
Got more cybersecurity news or other IT industry news our readers should hear about? Email us.
Windows news
Tired of having to re-learn how to use Windows? It’s been hard enough with the ongoing changes (improvements?) in Windows 10. Now Microsoft has indicated that Windows 11 will be getting new features on a regular basis. Read more about it on the Windows Experience Blog.
It also looks like Microsoft won’t be backtracking on requiring TPM 2.0 for hardware supporting Windows 11. In fact they’re already talking about a future where Windows will leverage Pluton-enabled CPUs as Brien Posey tells us on our TechGenix website.
And of course we’re sure that you’ve already heard the news about needing a Microsoft account to install Windows 11 Professional. That’s right—the Professional edition, not just for the Home edition. This may not be set in stone yet, but the mortar seems to be drying—see this and this and this and this for various takes on the matter. But. I’ve heard word from an inside source that this will mostly affect home users and SMBs as larger organizations can still use an unattend.xml/autounattend.xml in their deployment to get around this requirement, at least for a domain-joined deployment. So I guess we’ll see. What do you think about this new requirement? Will it drive you or your customers towards Linux?
See also our Tip of the Week section later in this issue for more on administering Windows 11 vs Windows 10.
Windows Server news
Ned Pyle has written an in-depth post on the Windows Server Essentials and Small Business Server Blog describing a new way to patch Windows Server 2022 VMs running in Azure without having to reboot the machines after patching them. The new capability is called Hotpatch for Windows Server 2022 Azure Edition and it promises to “drastically increase uptime of your mission critical application workloads running on Windows Server” which to my mind is a funny way to put as it seems to admit that present methods of patching Windows servers are admittedly disruptive as far as workload uptimes are concerned. Thomas Maurer and Nick Washburn also discuss this new technology on YouTube. Also be sure to check out Windows Server 2022: Everything You Need to Know (TechGenix).
And finally: Spy vs Spy
I don’t know about you but I’m a fan of Eurospy movies from the 60s. Special agents like FX-18 and 077 and others are fun to watch, and of course sometimes silly since they’re dubbed in. Which is why Bruce Schneier caught my attention with his recent post Tracking Secret German Organizations with Apple AirTags (Schneier on Security). It looks like spy organizations have finally caught up with technology—no more Moscow Rules using markings with yellow chalk. That’s a great miniseries, by the way—Alec Guinness nailed it as George Smiley.
Got comments about anything in this issue?
Email us! We love hearing from our readers!
Meet the Editors!
MITCH TULLOCH is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.
INGRID TULLOCH is Associate Editor of both WServerNews and FitITproNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.
IT Bookshelf: The Security Risk Assessment Handbook (3rd Edition)
The Security Risk Assessment Handbook (3rd Edition) from CRC Press is the definitive guide for planning and performing information security risk assessments for enterprise environments in corporate, financial and government sectors. The author Douglas Landoll has many years of experience working with clients that have included the CIA, the NSA and NATO.
Landoll starts by defining the different phases of a security risk assessment project and the roles of key people involved in the project. He then leads us through the step-by-step process of kicking off the assessment, gathering data from technical and administrative sources, analyzing risk from both a qualitative and quantitative perspective, establishing mitigation strategies to reduce and control the risks your organization faces, and reporting the results of the analysis to management so they can take appropriate action to plug identified cybersecurity gaps improve their overall security posture.
One thing to understand is that the approach used in the book is very corporate process-oriented and something that so-called “agile” tech companies of today may have difficulty following because of their “move fast and break things” culture. But this kind of careful, measured, thoughtful approach is much needed today as businesses and governments face increasing attacks on their IT systems, infrastructure and data.
Another thing to realize is that this book only covers the risk assessment side of information security, so you won’t become a cybersecurity expert simply by reading it. In fact you need to already have a good background in cybersecurity (e.g. threats, vulnerabilities, exploits, malware, firewalls, patch management, business continuity, identity management, cloud storage, and so on) in order to get the most out of reading this excellent book.
To sum up then, if you’re a CIO or CISO and want to help your organization become more secure in today’s rapidly growing cyberthreat landscape, you should buy this book on Amazon.
Admin Toolbox
EDITOR’S NOTE: We’ll be rebooting this section soon to make it more useful to our IT pro readers—stay tuned!
Passwordstate is an on-premise web based solution for Enterprise Password Management, where teams of people can access and share sensitive password resources:
https://www.clickstudios.com.au/
Devolutions Password Server is an on-premises management solution to help organizations control access to privileged accounts:
https://server.devolutions.net/
DNS Benchmark is a free utility to determine the exact performance of local and remote DNS nameservers:
https://www.grc.com/dns/benchmark.htm
Notepad++ is a free source code editor and Notepad replacement that supports several languages:
https://notepad-plus-plus.org/
Tip of the Week
This week’s tip can be found on Microsoft’s Core Infrastructure and Security Blog:
Windows 10 or Windows 11 GPO ADMX – Which One To Use For Your Central Store?
Factoid: Opening the box
Two issues ago we included the following factoid:
Fact: Researchers use tiny magnetic swirls to generate true random numbers.
Source: https://phys.org/news/2022-02-tiny-magnetic-swirls-true-random.html
Question: When was the last time you ran a program to generate a random number?
Longtime reader Dennis DeMattia from Spokane, Washington USA couldn’t resist a length response to this question. Here is what he said:
And here I am, raising my hand again, silly little me, still doing some archaic stuff! Maybe that is what happens when you start your programming life with paper tape and assembly language and ASR35’s. If you are looking for truly unrepeatable random numbers, I only know of people doing high energy physics caring about that.
[EDITOR’S NOTE: Funny you should say that as my own background was originally in Physics. Way back in 2000 an IT industry paper called NetworkWorld had me travel to Geneva, Switzerland to visit CERN, the the European Organization for Nuclear Research, where the Large Hadron Collider (LHC) quietly runs beneath pastures where grazing sheep function as radiation disaster counters. I met with a bunch of technical people there to ask them questions about their network (which has grown considerably since then in both speed and storage capabilities) and used what I learned to write an article for NetworkWorld on the subject (archived on ProQuest here). I even took a few photos:
Caption: This is me in the Control Room at CERN. The whiteboard has my Theory of Everything scribbled on it, and the number 42 is hidden there somewhere.
[You can see from the above that I had put on quite a bit of weight at that time, mostly due to the stress of recently having started a business. Fortunately I later lost most of that excess weight—and you can too, if you’re a typical “fat IT pro” like I used to be. Check out our companion newsletter FitITproNews for help losing weight and becoming fit.
[OK back to you Dennis and sorry the interruption.]
If you are interested in repeatable random numbers (pseudorandom numbers), then there are probably lots of applications. So, let’s say you create an application that you want to get paid for on a monthly basis. This was mentioned in the article you linked to. When you get a check at the end of a month, you want to send them something that will allow that application to keep on running. Conversely, when you Don’t get a check, you want your application to just crawl into a corner and die automatically. I imagine there are lots of ways to do this.
I find that generating a random number, using as a seed something unique to that client, has worked well for the last 20 some years. The nice thing about a seed is, you might see a generated number, but that does not help you to know the next number in the sequence without knowing the seed. At least, at the level of IT sophistication of my clients, they can’t. Where things go south, is if you change your environment. VB6 generates random numbers one way. Dot Net generates them in an entirely different way. Fortunately, somebody somewhere created a function that runs in dot net that reproduces the vb6 algorithm.
Interesting, thanks! Moving on now, this was last week’s factoid:
Fact: Love and logins: Who gets custody of passwords in a breakup?
Source: https://apnews.com/article/technology-lifestyle-philanthropy-0237c5054c9e020c6929700ddd0caa48
Question: Technology has disrupted many aspects of our society in recent years—has it also disrupted the traditional way of writing up wills, powers of attorney and similar documents? Are these done online now in some jurisdictions? Can you write up your will on your phone and have it legally enforced? Can you have digital-only wills or does there still need to be a hardcopy stored somewhere? Are people including clauses in their wills that grant password usage rights to beneficiaries or to executors? And so on.
Turns out that reader Wayne Hanks has some first-hand observations about this:
Hi Mitch,
As i am about to go into a meeting with the lawyer to help contest my Father in Law’s will (never trust family, they will always try to take advantage of the sick and elderly 🙁 ) I am reminded the legal industry relies heavily on bits of paper and printers. This is one of the few industries that has not accepted electronic signatures, and still insists on having people “witness” the signing. Given that many of the senior partners, judges and politicians that create the laws are of an age that they would not trust an electronic will, except for distribution, I think it will be a while for this to take hold.
Alternatively, I have heard that some services ( I think Google and Facebook are 2) allow you to specify a next of kin who would be allowed access to your online services if they can produce a death certificate. This is certainly one way to take care of your electronic legacy.
Interesting, I just checked my Google Account profile and can’t find any setting for indicating a beneficiary. Do any other readers have further info on this? Email me.
Now let’s move on to this week’s factoid:
Fact: Connected cars must be open to third parties, say Massachusetts voters
Question: Ooh, it looks like the US automotive industry is going to use every trick in the book (including dirty ones) to try and fight this new “right to repair” law that Massachusetts has passed. Which raises an interesting side question: What about repairing (or modifying) PCs? Do you still open the box from time to time? Can you still find your way around inside? Has the reparability of PCs you’ve bought changed over the years? And is that simply because of evolving technology, or do you think PC manufactures are deliberately making it harder for customers to play with the guts inside their machines?
Email us your answer and we’ll include it in our next issue!
Subscribe today to WServerNews!
Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.
Conference Calendar
NOTE: Conference dates and locations are subject to change
Big Data & AI World — March 2-3, 2022 in London, UK
https://www.bigdataworld.com/welcome
Mobile World Congress — June 29-July 1, 2022 in Shanghai
Cisco Live Las Vegas – June 12-16, 2022
https://www.ciscolive.com/us.html?zid=cl-global
HPE Discover 2022 – June 28-30 in Las Vegas, USA
https://www.hpe.com/us/en/discover.html
Def Con 30 — Aug 11-14, 2022 in Las Vegas, USA
Big Data Expo — Sept 14-15, 2022 in Utrecht, The Netherlands
https://www.bigdata-expo.nl/en
Podcast Corner
We’re retiring this section of our newsletter and will be replacing it soon with something more comprehensive and informative. Stay tuned!
New on Techgenix.com
FYI links to select TechGenix articles will now be distributed across other parts of our newsletter, so we’re deprecating this section as of this week’s issue.
Fun videos from Flixxy
ELVIS Trailer (2022) – Austin Butler & Tom Hanks
https://www.flixxy.com/elvis-trailer-2022-austin-butler-tom-hanks.htm
Jazzy Juggling Couple – ‘Sweet Georgia Brown’
https://www.flixxy.com/jazzy-juggling-couple-sweet-georgia-brown.htm
Classic Dancing Movies – ‘Chunky’ by Trampsta
https://www.flixxy.com/classic-dancing-movies-chunky-by-trampsta.htm
‘Shut Up and Dance’ – The Age of Cinema – Movie Dance Compilation
https://www.flixxy.com/shut-up-and-dance-the-age-of-cinema-movie-dance-compilation.htm
Please tell others about WServerNews!
We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!
Product of the Week