Month: December 2016

The consumerisation of technology has led to some interesting effects – namely people who do the odd bit of IT at home implementing IT systems for offices…and coming a bit unstuck for various reasons.

In some respects a lot of us will have been there. I remember early on in my career some of the initial deployments of Netware 2/3 … Well, let’s say visiting those sites a few years later made me cringe somewhat. Still, you learn right? Educate and move on.

Education & experience does seriously affect your world view though doesn’t it? For example I look now at code I wrote maybe 5 years ago – and while it’s functional – I often find myself thinking what on earth was I thinking? Or why did I write those 60 lines of code when a simple piece of sub-code would work? Also – I appear to have discovered in-code documentation. This is a good thing.

Anyways, a little while ago a friend of mine who’s an owner of a small startup (well, I say small – it’s about 150 people now, and I say startup – they’re on year 4 I think) asked me for some guidance. Why me? Well, their issues were predominantly around using Skype in Office365, WebEx, GoToMeeting etc. They’d tried them all. All with similar issues – disconnections, poor quality etc.

I swung by one day fully prepared for a free lunch, and then spent a good few hours scratching my head. I could see things were not working – what I couldn’t see was what wasn’t working. Yes, confusing statement. What I mean is that media products were terrible – laggy, disconnections, and just generally hideous. I got chatting to a few people around me and their general assumption was that it was ‘everything’. That ‘everything’ changed my view, and I started looking into general network performance.

Internet speed tests – brilliant. Local network tests – what you’d expect from 1Gbps local connections. Then wait – what’s that? Did I just see Outlook disconnect for a few minutes too? What on earth. So I started to look harder at the network – random loooong times to connect. Wait what?! Anyways, I did some more digging and I see that there’s been some hacking on the workstations to massively increase the TCP/IP timeouts and retries. Aha, now we’re on to something.

As part of my wandering about and getting coffee, I glanced at the IT rack. Yes, the IT rack is in the coffee area. Where else would you put it? Anyway, this consisted of a pile of Netgear switches on a shelf…in a usual uncomfortable mix of different colour cables, and lack of securing to the rack. In my idleness I started to work through the OCD damaging mess of cables – and the issue became clear. Something so, so basic that I’d almost forgotten to check for such things. Something was flashing in my brain about the 5-4-3 rule. 

So…I start pulling the mess of cables apart – and this connection method becomes clear:

So day 1 they buy a cheap 8 port switch. Who doesn’t have a drawer full of them? Then they need a few more ports – so add another switch, plug in the Internet connection and the odd on-prem service. Then wait, we need more ports. Plug in new switch etc. Then we end up in the world of network notwork. Did you see what I did there? Kinda proud of it considering my level of coffee intake.

Anyways, anyone with a basics of networking should see how inefficient the above is. A simple re-wire and guess what – everything now just works. Forgive the poor diagram – I’m still having breakfast:

It’s so easy to wander down to PC World (Other advice-filled wonderous providers are available), buy stuff, and just plug them in…and it mostly works isn’t it? Hell, this model probably would cope if all it were doing was delivering Netflix to the front room, kitchen and bedrooms. For work though, all those minor irritations, disconnections, poor quality media sessions – they rob your users of time and motivation, which of course robs your business of productivity.

Anyways, here endeths my Tuesday breakfast sermon. Be careful of the fella that ‘does IT’ because he got Netflix working in his kitchen. Or something.

UPDATE: Over the last week I’ve received numerous emails on my customer’s email platforms (like many consultants, I end up with a lot of accounts) re-affirming that corporate data must not be kept on Evernote. How much damage have Evernote done to themselves here? It’s looking like a colossal backfire.

Original Article

I stumbled across the Evernote platform a number of years ago. It’s multi-platform, sync to any device, electronic-scrapbook method of operation became very useful, very quickly. Here I am now with the best part of 10Gb of information in there. Not any more however.

Some articles flying around over the last couple of weeks set the alarm bells going off about their privacy policy. Take this one for example over at LifeHacker:

Evernote Employees Can Read Your Notes, and There’s No Way to Opt-Out

Even the headline made me sit up and take notice. So they can read your notes without opt-out made me immediately wonder about how. Surely my data is encrypted at rest within their cloud? So I can only assume they have access to the encryption keys. No, wait, how wrong I was. More on that in a second.

Firstly, the update to the privacy policy due end of January 2017 stated that a machine learning tool may require Evernote employees to look at your data. Hmmm. Ok. Perhaps. But wait, even if you opt out of that, you absolutely cannot opt out of allowing Evernote employees to look at your data. Think about that for a minute.

Now of course after a fair bit of pressure they’ve backed down on the changes, and sound contrite about it. See here:

Evernote Revisits Privacy Policy Change in Response to Feedback

By ‘feedback’ I assume they mean ‘rage’.

Note that they say that Evernote employees won’t access your data without your permission. Now, after that thing over having to opt-out of stuff explicitly to stop them reading your data – well, it’s got my spider senses tingling for a couple of reasons.

Firstly, what else have I opted in/out of that would allow them access whenever they like?

Secondly – and far more important to me – is how are they accessing my data? There’s only two options here really – the data is stored at rest with no encryption, or Evernote employee’s have access to your encryption keys.

After some investigation it would seem it’s the former – your data is not encrypted. A lot of talk about the encryption in the service really only is at a transport layer – I.e. Data to and from the US Data Centres. It is not encrypted at the data centre itself. (Update: It appears Google Cloud is encrypted at rest…but it’s not relevant really if Evernote staff can get a clear view of your data).

That sets off all kinds of uncomfortable feelings.

Looking into this even more, I can see that in the forums encryption at rest has been a long-requested feature. Why wouldn’t they implement it? Access – that’s why. I suppose there’s a marginal technical reason about workloads (encrypted data is slightly more expensive from a transactional point of view to process)….but hey, now they’ve moved to Google’s cloud there’s no issue there, is there?

Yes, Google Cloud.

So here we are now with your data, unencrypted at storage point, and within Google’s platform. The forum thread on the subject is interesting. 

I am so not down with this I couldn’t get my stuff off their platform quick enough. In particular this one almost made me choke on my coffee:

I’ve always been of the mindset that any company that has ‘Don’t be evil’ as a corporate motto has a reason for that motto being in place. This is not a good thing. I will add though that as far as I know Google’s Cloud does encrypt data at rest, so perhaps this is progress of a kind?

Everything about this move – the issue around access to data, the lack of encryption, the move to Google – has my tech senses tingling like Spiderman at a Marvel party. Consider this from the forums:

• We don’t provide you with a feature that lets you client-side encrypt all your content in a way that we can no longer read it. 
• The only end-to-end encryption feature we offer is note text encryption. We’ve had a lot of people voice their interest in full note, notebook, and account encryption, but we don’t have any plans to support that right now.
• Both Evernote and Google will have access to data that you don’t manually encrypt using our note text encryption feature.

Well ain’t that dandy.

So, for me, sadly, it’s goodbye Evernote. The platform front end is great – really great – the back end, and their attitude to their user’s data, not so much.

What will I replace it with? Well, not one product that’s for sure. I’m sure OneNote will be in the mix, as will making more use of my Office365 50Gb Mailbox, as will putting stuff in flat-file store again. All of them more preferable that what Evernote is doing with my data today.

Sad times.