Optimize your technology. Solve your IT headaches. Leverage your infrastructure.

Yellow and Black is Back!

Ben Erickson  April 9 2019 07:33:41 AM
Ben Erickson
Here's a story I've been following since the middle of last year 2018. But first, some background. I was a junior network engineer working in Los Angeles for a small IT consulting business. The year was 2004. I was introduced to a collaboration platform that wasn't Microsoft Exchange (version 2000 back then). Unlike Exchange, it was solid. It was reliable. And it went beyond replacing email, shared calendar and tasks, and instant messaging. It was an application platform, and it was web-enabled. It was how we ran our business and it was way before its time. And best of all, did I mention it wasn't Microsoft Exchange? It was Lotus Notes and Domino. They even had some really great TV commercials back then as well.





Then the marketing department seemingly went into hibernation. There was still tons of innovation going on and new versions on a constant cadence but only us insiders seemed to know about it. Then came V10 on 10/10/2018. (Get it? V10 on 10/10?) Some much needed improvements were made on the server end, making it more robust and powerful. The sale of the platform to HCL (who had done the development work for V10) was announced. And somebody woke up the marketing department. Yellow and black is the new yellow and black!

Do you remember The Princess Bride scene where Miracle Max gives Inigo and Fezzik an education on "mostly dead"? Well, plenty of internet pundits have proclaimed Lotus Notes/Domino's death throughout those silent years. But here's the funny thing- it never died. The innovation and sales continued, even as marketing slept. And now, with the transition from IBM to HCL, someone seems to have pumped some air into the marketing department's lungs.

 

A couple of days ago they even published a new commercial to youtube in the same spirit as the old-school commercials. Check it out. Lotus Notes/Domino marketing is back, baby!




And all along it's been the premier, constantly innovating, Mail, Calendaring, Instant Messaging, Team Collaboration, and App Platform for business. Many of us partners and resellers and our clients never left (this blog, our CRM, Wiki, and many other apps we use every day run on Lotus Domino!). In another post, I'll talk about all of the new features and under-the-hood improvements that have come in V10 and what's on the radar for V11. Stay tuned!


Image:Yellow and Black is Back!

Windows Server Updates Improvements in Server 2019

Ben Erickson  April 3 2019 10:01:28 AM
Ben Erickson
The update mechanism in Windows Server 2016 has been... what's the word? Disastrous. Whether it's a newly installed test machine or a production box that's been in service a while, the network administrator has fewer choices, less flexibility, and more problems. Most of this comes down to a cultural change where Microsoft feels it's their duty to push all updates to all computers all the time whether you like it or not. The official term for this is "Software as a Service" (SaaS).

The difference in success rates in installing updates between Server 2012 and Server 2016 is stark. The amount of time it takes to update servers has gone from minutes to hours. And the icing on the cake: the amount of useful information on the progress or status given to the person completing (or not completing!) the updates has been reduced to almost nothing. Anyone who's had to deal with this fiasco over the last few years with Windows Server 2016 likely knows exactly what I'm talking about, but in case you haven't, here's a sampling of some of the admins' experiences and rants:


Why do Server 2016 updates take SOOO LONG to install ... (spiceworks.com)

Windows Server 2016 Updates slow! (technet.microsoft.com)

what's with the really slow windows updates on 2016? (technet.microsoft.com)

Window Server 2016, very slow Windows Update : sysadmin (reddit.com)

Yes, there are some things you can do that will help (a little). But they only make a dent in the problem. For example, before downloading and installing you must check to see what updates are available and make sure that any Servicing Stack Updates (SSUs) get downloaded, installed and rebooted individually before anything else. You can manually download from the
MS Update Catalog or use sconfig for this. Disabling Windows Defender also seems to help. But even with these manual interventions, it's still a terrible experience where you're left in the dark for a long period of time without any status updates or even reassurances that the darn thing isn't completely frozen:
Image:Windows Server Updates Improvements in Server 2019




Enter Windows Server 2019. Yes, the same Windows Server 2019 that MS had to pull in October 2018 because it was deleting corporate files. No,
seriously. Pick your poision, I guess. The evaluation version was pulled from their website and only became available again recently.

Since the re-release, we've done some limited testing and our preliminary experience shows a huge improvement in how Windows Updates operate. Instead of stuck percentages and misleading phrases like "Preparing to Install", you actually get a moving percentage complete for each stage of downloading, installing, etc. on each update. Not only that, but it is capable of (gasp) multitasking and can work on more than update at once. Also, the amount of time to completion is actually reasonable (minutes instead of hours). Check out this brief screen recording (you can use the controls to fullscreen it) and see for yourself!






So while I'm not advocating jumping on the Server 2019 bandwagon or joining a crowd of lemmings just yet, it's good to know that some improvements have been made. Like a tax refund, where the IRS just lets you have some of the money they took from you back, it's not really anything to celebrate. All Microsoft has done is take something that they had broken beyond all recognition and make it functional again. But it's something to keep in mind as you consider your server upgrade strategies.

If you need help navigating the nightmare of Windows Server 2016 updates or figuring out a strategy for the future,
give us a call. We'll be glad to help!

Cisco (re)-Certified

Ben Erickson  March 21 2019 02:21:20 PM
Ben Erickson
I've opined before on the importance of certification, but also of practical experience. They go hand-in-hand. Since first I obtained my Cisco certification 15 years ago, not only has the certification logo changed (thank goodness!)

               
Image:Cisco (re)-Certified
Old Logo, circa 2004





but much of the technology has as well. And since then, I've gained tons of valuable experience in computer networking, from which my employers and clients have benefited.

Experience is great, but sometimes you need to fill in the gaps with some of the aspects of the technology that you just haven't had the benefit of running into. That's where the formal education and verification (certification testing) comes in. As a side benefit, it's a great motivator to try out new stuff you hadn't considered before and just read about! Today marked the completion of months of study and practice. I took the proctored exam and passed with a 908 out of 1000 score.

So if you've got Cisco gear or you're considering upgrading to the BMW of networking equipment, give us a call! We can set you up, fix your problems, and keep you running. Newly recertified in 2019:
Image:Cisco (re)-Certified

...and its gone.

Ben Erickson  February 26 2019 07:52:00 AM
Ben Erickson
Clouds are strange creatures. They are beautiful and noble. But people see different things in them, or even what they want to see. They are there for a moment and dissipate quickly. They rain on parades. They bring storms. They shut down interstate freeways.

There are a couple of really cool uses of cloud technology. The best example is backups, since a mission-critical part of backups is having another copy of your data somewhere else. Actually, "Cloud" is a term that needs some definition, but that will have to wait for another post. For now, I'll just point out that most businesses fall prey to a false definition of "magic solution that makes all my technology problems go away." However, cloud doesn't mean you don't have errors, exceptions, or service interruptions anymore. It just means you have to wait for someone else to fix them.

But sometimes it's even worse. With cloud services, sometimes it's not your technology problems that might go away, but your technology itself. Like your applications. Like your data. That you run your business with. Poof. As in, "
...and it's gone." Sometimes it's only temporary and bearable if you have patience (and your customers have patience, too!):

Image:...and its gone.




But sometimes, it's not temporary. Sometimes, that application you've been running your business with and storing all of your records in decides to close up shop forever. Then you really have a problem. Then you really have costs. Because not only did you spend all that money moving your data to that service in the first place, but now you have to spend more money moving it again. Last month, IBM announced that Watson Workspace, a cloud computing solution, wasn't profitable enough, so they would be ending the offering as of 2/28/2019 (two days from today)- announcement
here:

Image:...and its gone.



What's the takeaway? The promises of cloud services are illusory. Don't be a marketing zombie. Don't buy into the hype and become a bandwagon victim. Think about the future, not just the next five minutes. Cloud computing (especially in someone else's cloud) is not the answer to everything.

There's real value and ROI in owning your hardware, software, and data in your own network. Remember this old saying, slightly modernized: "A bird in the hand is worth two in the cloud." If you have questions about how to steward your applications and data, or how to repatriate them, give us a call and we'll be glad to help!

Apple Boot Security

Ben Erickson  February 22 2019 11:36:00 AM
Ben Erickson
Last May (5/2018) while I was doing some security testing in MacOS, I found an interesting but very concerning bug. The firmware password is a setting that prevents unauthorized access to your Mac. This is what it looks like when you start up your Mac and it has a Firmware password:

Image:Apple Boot Security





Without this password set, anybody with physical access to your Mac can simply reboot the computer and with certain keyboard shortcuts, access Single User Mode or MacOS Recovery. Once booted to either of those modes, you can do absolutely anything to any file or user including deleting or adding new administrator accounts or reformatting the hard drive and reinstalling MacOS. So it's a very important security feature Apple has put into their products. What I found out was that it wasn't working.

To my surprise, on any Mac I tested, with the Firmware Password set, I was still able to access Single User Mode without entering the password. Now, as a Linux/Unix guy, I really like single-user mode because it gives me a nice, soothing black background and command-line only interface with a root prompt and whispers into my ear that MacOS, despite all the loud graphics is really just BSD Unix under the hood after all:

Image:Apple Boot Security





But I shouldn't be able to get here without a fight. After checking a few other machines to make sure I wasn't seeing things, I contacted Apple Product Security to report this giant, Men-In-Black-alien-size bug. What happened next was interesting. They asked me for some additional information and thanked me. Then nothing. No communication at all.

I discovered that it had been fixed in November (2018) when I was testing MacOS Mojave 10.14 as it was in beta, where the firmware password was working properly in securing Single User Mode. I was surprised that they had said nothing, so I started a dialog again with Apple Product Security. It went back and forth for a while, and after about a month (December now) they told me it was fixed (promptly!) in macOS High Sierra 10.13.5. But they never notified me nor even published it on their security bulletin
at the time. In other words, they fixed it secretly and told no one, even though it is supposedly their policy to disclose these things, as well as the person who originally found them, in their security updates.

So we went back and forth again, and finally after two more months (February 2019), I can now disclose this on my blog since they have
put it in their bulletin too. Now, if you scroll down to the EFI section you will find this issue listed and find my name listed in the acknowledgements:

Image:Apple Boot Security





This may sound like it wasn't a good experience, and that Apple dropped the ball. And they certainly did in the communication department. But in all fairness, I think it's important to point out that Apple's products, including MacOS, are generally very secure, and also that they did fix the vulnerability almost immediately after I reported it. If you have any questions about how to use the firmware password on your Mac or anything related to Mac Security or MacOS, I am a certified
Apple Certified Support Professional and can help you with that. Just give us a call!

    Happy Holidays!

    Ben Erickson  December 25 2018 06:00:00 AM
    Ben Erickson
    Image:Happy Holidays!

    Amateurs and Professionals

    Ben Erickson  November 19 2018 06:13:23 AM
    Ben Erickson
    In most industries, but particularly in IT (Information Technology), there are amateurs and there are professionals, and both have their place. There are advantages and disadvantages to both.

    For example, having a friend who knows a lot about computers who can help you with a problem with your PC at home is very handy because they can answer a quick question for you that doesn't involve too much time or commitment. Additionally, services that use "geek" in their name and most free tech support that comes included with a software or hardware purchase are quite capable of dealing with common problems or FAQs (frequently asked questions) that can be solved by someone in a call center that only knows how to read a script. But if you ask a question that's not on their list, you quickly discover their knowledge is superficial at best. Still others may know a lot, but lack social or business skills, acting like "know-it-alls" and belittle you for not being an expert in their  business even though you are an expert in your own. Remember this classic Saturday Night Live skit, "Nick Burns, Your Company's Computer Guy"?




    Professional service, like the kind you can expect from Trusted Computer Consulting, is different. We know that communication is important. That's why we don't use a menu system on our phone calls. During business hours, our phones are always answered by a living, breathing human being. And since we are living, breathing human beings, we treat you like one too, with the respect and common courtesy that you deserve.

    We take responsibility for the challenges, projects, or problems that you bring to us to solve. Unlike amateurs, we take the time to understand your requirements and preferences, then do the research to find the best way to address what you need done. This ensures that the process will be much smoother and you will be much more satisfied with the results we deliver.

    Then we follow-through. In baseball, if you don't have follow-through in your throw or bat swing, your performance will always be weak and unsuccessful. At Trusted Computer Consulting, we understand that it's the same in business. That's why we always follow-up with you after we implement new solutions or fix a problem to make sure that the real-world, actual results are what we expected and what you expected.

    So if you're tired of dealing with amateurs that are hard to reach, don't follow-through, don't respect you, or don't know their stuff, come to the professionals. At Trusted Computer Consulting, that's our differentiation. That's what sets us apart in our field. That's why we chose the domain name "trustedcomputer.pro". You can trust us with your computers because we are professional.
    Give us a call today!

      Instant Support Without the "Man in the Middle"

      Ben Erickson  November 12 2018 06:00:00 AM
      Ben Erickson
      What is MITM?

      "In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other."
      From Wikipedia, the free encyclopedia

      Image:Instant Support Without the "Man in the Middle"


      Now that we're in the "put everything in the cloud" era of computing, it's all to easy to take for granted that some services need to be cloud-based, and in fact are not possible or practical on-premesis or directly between two parties. This is the assumption I'd like to challenge with today's blog post. Instant support, sharing your desktop, screen sharing, etc, are almost always done through a broker nowadays. This is because of the difficulty of getting through the firewalls of both the support technician and the individual needing help. LogMeIn, TeamViewer, and GoToMyPC are a few examples of the most popular. But think about it: how well do you really know these companies? Can you really trust them with full, unrestricted access to absolutely everything on your computer? What you are doing when you use a service like this is intentionally making them the "man in the middle" and giving them the access for this kind of attack on a silver platter, should they choose to take advantage of the situation.


      It's actually quite difficult to find and implement a direct "instant support" mechanism nowadays that doesn't rely on a third party or a previous firewall configuration, but at Trusted Computer Consulting, we thrive on challenges like this. And this is exactly what we've done. By compiling a custom build of ChunkVNC, we've created a small executable that you can download
      from our website that will connect your computer directly to a support technician on our network without any intermediary. We can then view your screen and help you with anything you need to get you up and running again. And all of this is done with banking-grade, 256-bit AES symmetric encryption and 2048-bit RSA key pairs so no one can eavesdrop on our session (one of the ISP's?).

      So rest easy knowing we can help you in a pinch wherever you are- inside or outside your business network, whether you can modify your firewall or not, with the best available encryption, and without any "man in the middle".
      Give us a call today!

      Do SSDs Need Defragmentation?

      Ben Erickson  November 7 2018 10:18:04 AM
      Ben Erickson
      I was at a client site yesterday and the question of defragmentation came up. They have replaced their hard drives in their workstations with SSDs. There is a lot of information, mis-information, and confusion out there about Defragmentation, Windows, and SSDs.

      Image:Do SSDs Need Defragmentation?
      Old school defrag from the Windows 95/98/ME days




      Part of the defrag confusion comes from the evolution of storage over the last decade or so. Solid State Drives (SSDs) and mechanical hard drives (HDDs) simply are not the same kind of device. They perform the same function of containing logical filesystems, but SSDs aren't just faster or better than HDDs, they are a different animal. Another part of the confusion is that there has been a lack of transparency among and between drive manufacturers, Microsoft, and their customers. There has also been confusion stemming from the evolution of SSDs from the very fragile first generation drives, to the more robust second generation drives, to the even newer M.2 form factor "SSDs" which really could benefit from a new name at this point (should we really even call them drives anymore?).

      If you're interested in seeing some legitimate debate between industry experts, Microsoft reps, and ordinary customers sharing their own experiments and results, please see this (personal)
      blog post by Scott Hanselman, a Microsoft employee, but especially read the comment section to see this is a muddy issue. Here are some other worthy mentions if you want to dig deeper from PC World and a storage software company, EaseUS, each adding their different opinions to the soup along with their reasons which seem to make sense.

      Where do I weigh in on the subject? What do I think is the bottom line after all the voices have been heard?


      Both sides are right in a sense. Fragmentation is an outdated concept that is obsolete when you don't have mechanical needles and spinning disks anymore. But Microsoft filesystems, especially NTFS, are based on the assumptions of the old mechanical hard drives. So they can "think" they are fragmented even though it's impossible, which causes its own problems. Microsoft claims that with SSDs, their defragment tool and scheduled tasks do SSD trimming and Garbage Collection (GC) instead of defragmenting. But this is not completely true. If you observe the process and the log outputs, it is undeniably still virtually trying to defragment your SSD, which in real terms means that it's doing some good stuff (TRIM and GC) but also some bad stuff (pointlessly moving files around, which decreases the life of the SSD).


      There is a way to get Microsoft Windows to play nice with your SSDs and it's outlined in this excellent post on
      outsidethebox.ms.

      Here's the basic idea:


      1. MS Windows is trimming AND "defragmenting" your SSD by default.


      2. This has been reported to Microsoft and has largely been denied/ignored (boo!).


      3. You can fix this. But don't just turn all the maintenance off, which would be even worse. Do #4 instead.

      4. You can hack it (change what the scheduled defrag task does) by exporting it, changing it, then importing it back into the task scheduler.

      This has been a fairly detailed technical post, and it would be easy to be overwhelmed by the detail. Instead of being overwhelmed, why not give us a call? At Trusted Computer Consulting, we have over a decade of experience in helping businesses with their difficult-to-grasp IT issues by simplifying them and implementing tested solutions that work. Give us a call today!

      The Agony of Unsubscribing

      Ben Erickson  October 25 2018 06:01:00 AM
      Ben Erickson
      Spam and marketing emails are a vast majority of the email traversing the Internet today. What follows is a TED talk on a funny way one person decided to respond to it:



      Now that you've stiched your sides back up, let's talk business. Securing your email and ensuring your people are on-task and focused is an achievable goal. All you need is a good spam protection solution. Don't rely on hosted email services that don't allow you to control what's coming in. On-site and on-premise email is still the only way you have the control you need over incoming emails.

      Call us today to find out more about how you can take back your power from the cloud and control your email flow!

      Copyright © 2018 Trusted Computer Consulting, LLC. All rights reserved.