Skip to content

But it still runs


The recent spate of malware attacks caused me to check on the security status of the various machines on the home/home office network that sit quietly doing their business without regular attention being paid to them. One of those is a machine used primarily as a file server. It’s a Linux box running Samba which raised issues with the recent SMB attacks (security notice from ).

My Samba install was too old to patch, so I went to find an update, which meant updating the web browser, which finally got me to check the operating system and hardware and realize that the server had been doing it’s job just fine but was too long in the tooth to keep going in the malware age. It’s running SUSE Linux Enterprise Server 10 (only 11 years old) but on an AMD Athlon and 1GB of RAM. I could probably get a current lightweight Linux to install on that hardware but I think I should throw in the towel and replace the server with something more current.

The point of this post is not to highlight my tendency to hold onto stuff, but to comment on a new reality. There was a time when working and filling a need was justification for keeping a machine in use. In the current reality security concerns change the equation.

When I was coming up in the IT world it was common to share stories about servers that had been walled in and forgotten and found years later but still running and in production the whole time. My server is not quite in that category but it was purchased in 2007, a then year-old OS was installed and it was put into use and that was pretty much it. There’s disk space left, it’s fast enough for what it does and I have a central place for my files. But in the modern world it’s a security disaster waiting to happen. Even with good patching practices, operating systems lose support and there is often no way to upgrade on old hardware.

Maybe if I can just find that old NetWare box inside a wall that will solve my problems…

Four Lessons from the recent ransomware attack

What can computer users and small businesses learn from the recent widespread ransomware attack?

One: Back up everything regularly! This is the most important lesson. Ransomware and most computer attacks destroy the information on your computer. If you have a good current backup of everything the worst you will lose is a little time as you reinitialize your computer and restore your data.

Most recent computers come with a CD, USB device or boot option to reset the machine back to the way it was when you first bought it. From there just run the restore option for your backup system. For Windows users doing manual backups you may have to first install any software you had installed, then restore your files.

Two: Patch your operating system. Every operating system, whether Microsoft Windows, Macintosh OSX or any distribution of Linux, receives regular security and bug-fix updates from the publisher. Check to be sure that your system is set to receive those updates automatically and that the feature is actually working (check your update history). In this latest attack Microsoft had already released a fix for the flaw being exploited, so the only machines affected where those that didn’t have the patch applied.

Some people like to wait to apply patches. They may fear that the automatic updates may introduce unintended problems or just like to feel in control. That was a legitimate concern at one time, and it’s reasonable for large organizations with big IT staffs to test and distribute updates. But for the rest of us the risk has become too great. You need the operating system updates, at least the security updates, as soon as they’re available.

Three: Don’t run unsupported operating systems unless you really need to. In practice that means update or replace any computer running Windows XP, Windows Vista or Windows 8. Unsupported means they don’t receive updates and you generally can’t get any support from the publisher. But it doesn’t mean they’re immune from newly discovered or newly exploited security flaws.

The only reason to run these older systems is if you have older software or hardware that won’t run with newer systems. If that’s the case you should at least be aware of the risks. Take extra precautions and don’t use the older machines for general-purpose computing. Only use them for the needed functionality.

Four: Use antivirus and antimalware software. Some products are better than others but the best system is one that is recently updated and running. For most users the free software included with Windows, such as Windows Defender, is adequate for virus protection. You can supplement your protection with a malware product such as Malwarebytes. Again the key is to make sure it’s up to date and used. Pay attention to the status icon(s) for your security software. If it gets turned off without your knowledge you may have a problem, or it may just be a one-time glitch, but you need to turn it back on and run a scan ASAP.

The bottom line: It pays to take precautions but eventually we all get stung by an attack, a scam, or simple hardware failure. Planning for recovery in advance makes it much less stressful, and potentially much less costly, when things eventually go wrong.

(In)Security in the Air

File_000 (1)I recently did a round trip on Delta – short domestic flights on Airbus A320. Both flights had WiFi from gogoinflight. You can use the WiFi for free for in-flight entertainment and flight information, or pay for Internet access.

I was somewhat surprised to see that even connected just for the free services a scan from my iPad (Fing) appeared to reveal the manufacturer and MAC address of  every connected device on the plane. For some devices it also revealed the owner’s name. All manner of hacking was, at least theoretically, available to anyone so inclined. I tried it on both legs of the trip, same results.

I also tested in my hotel, to confirm this was not expected behavior. A scan there, on the hotel’s free WiFi, revealed only my own device and the router.

Just thought folks might want to be aware of this potential exposure.

Google account without mail on iPhone

This may be old news to many but I just hit it for the first time.

iPhone, at least at iOS 10, will not allow you to add a Google account that doesn’t have GMail associated with it. It lets you go through the whole Add an Account, authenticates, then throws the account away before you have a chance to turn off Mail. There seem to be a lot of folks posting on the Apple forums with the same issue. The solution below is also there but you need to dig for it.

The workaround: For Calendar go to Settings > Calendar > Accounts > Add Account > Other > Add CalDAV Account. Use for the server name. For Contacts it’s the same except you’re adding a CardDAV account.

Why do they make you jump through hoops like this instead of using the standard Google account setup? We may never know.


Technology changes, people don’t

I just came across a Novell Success Story featuring me and the network I managed in 1991. It touts the productivity benefits of having folks store files in a central location where they can be easily found by others and where everyone will see the same version of a document.

The technology around meeting that need has changed drastically since 1991, and having everyone mobile and wanting their documents from anywhere in the world added some wrinkles we didn’t have when rolling out a file server in the 1990’s. But the business benefits, and the challenges of getting users to understand the benefits and think about it when saving files, has changed much less than we would have imagined back then.

Enjoy for nostalgia or for plus ça change



What should I be when I grow up?

channel_careers3I will be leaving my long-time position as Director of Technology for the management consulting firm Schaffer Consulting at the end of the year. So what do I do now?

Over the years I’ve thought of myself as a system administrator, a server, networks and desktop support guy. I’ve done a lot of telecom management over the years. I’ve worked a lot with collaboration systems.

And lately I’ve been getting more involved with marketing support – websites, social media, email campaigns, CRM. In this new role I’ve suddenly found some of my older experience relevant. I was a trade magazine editor and conference director before getting to where I am now.

I’ve developed a pretty broad range of experience in both tech and business.

But what does it prepare me for? Consultant, analyst, writer, sysadmin? New roles such as community manager? Am I looking for a job, a gig or engagements as an independent businessman?

I think the reality is that I will be exploring any and all of those.

Your thoughts, ideas and encouragement are much appreciated.



An Admin Looks Back at a Career with Notes/Domino

Scanned from a Xerox Multifunction PrinterAs so much is being written about moving off of the Notes/Domino platform I thought it might be useful to look back at my own experience. Much of what I’m reading lately is from Domino developers. This is, in contrast, the experience of a long-time admin.

For many, many years – since we migrated off of cc:Mail if you must know – I managed an infrastucture that eventually included Notes, Domino, Sametime, Quickr, Traveller and CRM running within Domino (iExtensions). This was for a relatively small management consulting firm operating globally.

At one time I managed Domino servers on premise, at a local cohosting site, at my home and on a national hosting provider. This was all to take advantage of Domino’s amazing replication, clustering and failover. We were protected from environmental and hardware glitches about as well as we could be.

In the end that was the products’ downfall though: we could no longer justify running that much infrastructure for under 50 users. We were also migrating our professional staff to Macintosh and the Mac support for Notes, and especially for Quickr, just wasn’t on a par with that for Windows. And finally we had the usual complaints that everything looked and felt old-fashioned.

In late 2014 the company made the decision to go to the cloud and get out of the business of maintaining servers. We looked hard at IBM’s hosted offerings but they didn’t address some of our lingering issues, and they were significantly more expensive than the alternatives.

We ended up going with what was then called Google Apps for Business, now Google for Work, and Zoho CRM.

What did we learn?

The transition was relatively easy in the end. Our Google partner, Viwo, found a tool to migrate all our Notes mail and archives. We moved the contact data from iExtensions into Zoho by simple export/import and abandoned our CRM history. Personal contacts were already on users’ smart phones and came back into Google Contacts from there.

For Quickr places we moved the folders down to a workstation using the Quickr desktop synchronization and then back up to Google Drive using Google’s sync.

The biggest user concern was “what about when I’m on an airplane, in a taxi, in the client’s office, etc.” How would we live without local mail replicas? We make some use of Gmail Offline/Inbox but, in practice, the lack of a local mail replica became a non-issue very quickly.

What was harder to adjust to was the simpler mail and calendar implementation. While Google has addressed some of this over the past couple of years we still miss the sophistication of the various calendar options, true mail/calendar integration and the ability to resort your mail in multiple ways.

Gooogle is, predictably, committed to search as the way to find things.

We make a lot of use of “My Drive” sync in Google Drive. Most folks find this far easier to work with than Quickr Places – and it has the great advantage of working for our Macintosh users!

We found that the native tools on iOS and Android met our need without looking for an MDM to replace Traveller. We tell the device that the Google system is Exchange, as was true with Traveller in the beginning before Traveller support was explicitly added to the mobile OS.

We had very few Domino applications beyond those associated with CRM, and they were very simple. Even so, two years later I’m still using a custom Notes database I put together to manage inventory because replacing it seems like more work than it’s worth. I imagine it will just continue as a local database once we finally shut off the last Domino server. For now what had been the primary mail server is still running for the odd need to get into archival data.

Our experience with non-standard apps points to the real issue with moving away from Domino, as many, many recent posts by Domino developers address. I don’t mean to minimize those issues in any way by recounting our experience. But it’s shared for what it’s worth.