Author: Mark Coughlan

I live in Central London, and one of the benefits of living here is that the Internet connectivity has always been relatively good. I’ve had 200Mbps down/20+Mbps up for quite a while, and you get used to such performance. The upload speed always seems to be the restrictor though, doesn’t it? Makes things like uploading YouTube videos, and online backups (for example) something you set off, and leave to it. 

Anyway, I got the opportunity to upgrade to 1Gbps Fibre connectivity from a company called HyperOptic. That’s 1Gbps up and down. I saw it was available, and given the cost at circa GBP50/month, I thought it was a no-brainer. I also kept my existing provider, as something so cutting edge may perhaps not be reliable. I tend to adopt stuff early, and sometimes that can cause some headaches – I couldn’t afford any issues with my Internet as I rely on it so much. So much so I’ve had more than one provider for as long as I can remember. In fact, I wrote about load-balancing multiple connections here:

Load Balancing Broadband Connections

So I’ve had the service for a good few months now, so thought I’d share my views. 

My opinion is a simple one – just wow. It’s been rock-steady from a reliability point of view, and the performance just changes the way you use things. Uploading/download stuff feels much the same as it would as if I were operating over a local network. Just simple things like Windows Insider Preview updates come down in no time at all. It just makes my remote working life far, far easier.

Online backups now are far more tenable than they were. I use BackBlaze, and I’ve found their service very fast, and utterly reliable. You add in a decent connection and all of a sudden I can now backup all of my important stuff and not give too much thought as to how much I backup off-site. I wonder with the advent of such Internet connections whether services like BackBlaze, who offer unlimited backup, may have to reconsider the price point/offer? Mozy went through that pain, and I believe Crashplan has now pulled out of the consumer market? I shall watch that space. I’ve a ton of cloud storage with my Office365 tenancy and my DropBox area so was considering jumping to that, but the BackBlaze service is just such a configure-and-forget platform it’s well worth the money. Backups you have to do sometimes just don’t happen. Automating those backups is the winner here.

Anyway, performance. Below is the current performance I’m seeing using the DSL Reports Speedtest. I’m connected over 1Gbps wired-Ethernet at this point. 

Seriously, how impressive is that? For comparison, this is the same test but over WiFi.

In this case, it’s my WiFi not keeping up with the connection – which is fair enough. I use a Netgear R8000 AC3200 router and am in general very happy with the performance.

Anyways, want to see this stuff working? There are a couple of videos below you may find interesting. I’m incredibly satisfied with the service. Fantastic performance, and a very reasonable price – what more can you ask for?

Oh – as a quick side note – if you do consider the service remember they use Carrier Grade NAT (CGN). CGN can cause issues with stuff like VPNs and the like. My work VPN won’t work through it for example. They can give you a static IP address too – I spoke to them online about it, and it was sorted in minutes.

I’ve today had to spend time moving my password management solution from 1Password to another vendor. I won’t say which vendor I’ve moved to, as the idea makes me a bit uncomfortable. Anyway, the reason I’ve moved got me thinking about other vendors I’ve used – and loved – in the past, but then ended up really, really disliking. The process is usually a similar one, and it goes this way:

• Vendor produces a GREAT product. 
• I invest in it.
• I tell people to invest in it, as it’s great. 
• Vendor basks in its success.
• Vendor has idea to get more money out of that love.
• That vendor implements things that annoys.
• Vendor refuses to listen to its long term users.
• Users get rage, move on.

The critical part of this seems to be that vendors almost get arrogant in their success – once they have that arrogance, things start to go wrong.

So what has 1Password done? Why has it annoyed me so much I’ve binned my investment in them, and re-invested in one of their competitors? Well – at a high level – they’ve got very arrogant in their position. Specifically, they’re pushing their user population to a subscription service, and yet seem to be completely disregarding their existing customers. Customers who have invested in their success. Firstly, one of the things I liked about 1Password was its ability to use local vaults that did not require uploading my stuff to someone else’s cloud in a way that that vendor could read your data. Other things I liked were it’s multi-platform support, and the fact that it in general worked well.

What’s so wrong with the subscription service? Well…not that much I guess. It moves the financial model from a platform related one – I.e. Paid version, then you pay to upgrade – to a regular monthly cost. Of course they say it’s ‘the cost of a couple of cups of coffee a month!’.. Sure, that’s true, but it adds up to a lot more over time than the investments in platform/version type investments. In addition, 1Password have made no effort to smooth the journey for people who have already bought the client on (in my case) Mac OS, Windows, iOS and Android. I’ve effectively just burned that investment – so hell, I’ll burn it and invest again elsewhere. 

WAIT, you think – this doesn’t of course mean the existing clients will stop working does it? No, it doesn’t. In addition 1Password has stated they’ve ‘no plans’ to remove the support for local vaults. They shout about that, and the words they use tell me one thing – that they’re ignoring the key question most people like me are asking: Will the existing non-subscription client continue to be updated? The silence on that question, from multiple people, speaks volumes. I’ve spent way, way too much time getting them to answer this question today. They’ve answered everything except this specific question. Make your own conclusions from that. A lot of users – me included – feel betrayed by them as a vendor. 

So, it’s goodbye 1Password. I’ll take my investment elsewhere, and I’ll also advise everyone I talk to of exactly the same thing. This bit is interesting – as somebody who works in tech I get asked a lot about what to buy/use etc. I wonder what the effect of that is?

Just for clarity, I don’t expect to buy one product and expect upgrades for free forever. I’ve no issue re-investing in new versions etc. This method of pushing to subscription though just bugs me. I have to pay again, for something I already have, and that uses a sync methodology I don’t want to use, and the platform I’ve already purchased will no longer get any updates. 

So who else have I dealt with that have gone this route? Well, let’s think:

• MOZY – the backup service. Initially a great service, at a great price. Gets you invested, and then they whack the price up. Mine went up nearly 1200% for example. So bye then.
• Crashplan – same thing, attractive buy in, then the service got massively over-subscribed, and plummeted.
• TomTom – pushing everyone to their subscription model, negating my fairly substantial investment in the existing apps from multiple countries.

It just bothers me that companies get this success behind them, and then they go and crap all over the people that got them the success in the first place!

Professionally I come across this too. How many times have I worked with customers where existing providers, vendors, and partners have just taken that customer for granted? Margins start to go up, response times go up, the vendor/partners ‘want’ of that business seems to assume that they’ve already won the business. Then along comes a hungrier partner, keen to get some good stuff going, and boom, that original partner is now sidelined and struggling to get back in the door.

It’s a difficult thing to try and keep that hunger I think, in some respects anyway.

The push to subscription services is a golden opportunity for a lot of companies. A golden opportunity to turn business into a nice annuity – few vendors have done it well in my experience. Who has done it well? Well, Office365 I think is an utter bargain for what you get. Same with the Adobe stuff. TomTom? Nah. It’s WAVE or Google Maps for me now. 

Such is life I guess. Become arrogant in your success, and your success will become a lot more difficult to maintain. Annoy one of your customers – whether consumer or business – and it’s not just that customer you’ll lose, it’s everyone else that customer gets to influence too.

Haven’t blogged for a while. I’ve been busy with the day job, doing some properly interesting stuff. Without boring you all to tears I’ve moved back from being constantly in a sale/pre-sales environment and gone back to actually doing stuff. It’s what I enjoy, it’s what I’m good at – I think.. and it produces defined actual outcomes. Mac is in a happy place.

Anyways, that’s not the point of this blog. I’m sure by now you’re all sick to death reading about the recent ransomware attack. Now, in the press it was all about the NHS – the UK’s National Health Service for my overseas readers. FREE DOCTORS for my American friends. The actual scope of the attack was far wider of course – lots and lots of people got hit by it.

I’m not going to delve into that attack too much – like I say, you’re probably sick of hearing about it – but I did have an interesting conversation about how to protect your stuff against such things. It set me thinking about how I protect my data. 

I’ll be honest and say I’m quite paranoid about my data. Why? Well, I’ve experienced losing some important things – think photos and some videos. Stuff you cannot reproduce. It’s utterly gutting. Some stuff would just be a pain in the backside to lose – but you can reproduce it. Documents and the like. Others – irreplaceable. 

This paranoia has led me to have a really robust backup system – I think. So I thought I’d share my thoughts on how you make your stuff resilient to such attacks.

There’s more to just protecting your data by having a copy of it – you need to protect against corruption too, regardless of whether that corruption is accidental or malicious. The malicious bit may take some explaining – let’s say for example you have a weeks worth of backups of your stuff. Now, you get infected by some pesky ransomware that slowly sits in the background encrypting your data….and in week three pops up the dreaded ‘Give us ONE MEEEELION DOLLAARS’ for your data. You’re utterly stuffed. It’s outside your backup window – all the stuff in your backups will already be infected with that crappy malware.

Now I’m not going to preach to you about how to protect your stuff, but I thought some of you may find it interesting to see how *I* protect my data.

For perspective, my typical active data is about 50Gb of work stuff, and about 200Gb of personal video/photos etc. I generate, on average, about 1Gb of work data a month (email and documents), and around 5Gb of personal stuff. I will point out that I archive and keep everything however, so your data production will likely be lower. Personally, storage is cheaper than my time to go through deleting emails I will never need. I just keep everything.

If you’re not very techy, or don’t have the inclination, I’ve ordered the below stuff in a list of importance and ease to do.

So, how do I do stuff? See below. Just to be clear – before I get a kicking in the comments – there are other things you need to do: Anti-Virus, keeping updates…updated etc. I’m specifically talking about how I handle backups.

Automate your backups

Firstly, and a really, really important point, is make your backups automatic. Why? Well, stuff that takes effort does not get done as often as it should. Also, it’s an effort. You have to do stuff. Both Windows and Mac OSX can fully automate backups for you:

Apple Mac OS TimeMachine

Windows 10 Backup

I will honestly say that Apple’s TimeMachine absolutely knocks the socks off Microsoft in this area. You setup TimeMachine, and it backs up every hour for you. That’s it. You never need to do anything else. Windows – sure, you can do it, but it seems a lot more involved.

Anyway, make the point of it automatic and you’ll *always* have backups of stuff. If I had one single recommendation, this would be it,

Backup Media

I have two backup media sets of 20Tb (Yer, I know – you probably won’t need anything like that) that I swap out once a month. What do I mean? Well, imagine in my setup that TimeMachine backs up my main machine every hour, on the hour, to that backup set. Let’s call it SetA. At the end of the month, I physically disconnect that backup set and stick it in a drawer – don’t panic…we’ll get to offsite in a minute – and then I connect another drive called ‘SetB’.

Why? Well, it does numerous things: It protects against a failure of my backup drive(s), lengthens my backup window, and also provides a longer backup set and will protect against such ransomware encryption attacks. Perhaps not totally – more on that in a second.

So how could you use this? Well, 2Tb drives are cheap. Let’s imagine you have a reasonable amount of data that a 2Tb drive could accommodate – buy two, and on the 1st of the month swap them over. Stick the other one in a drawer. If you want to be really fancy then stick it in a draw at your office.

Offsite Backups

Due to where I live, I’m blessed with a very good internet connection. I use this to backup up all of my stuff to an online service. Now, I use BackBlaze. It’s on my main machine, and it just sits there uploading my stuff to the BackBlaze service. OMG THEY’VE GOT ALL YOUR DATA! Calm your boots. I encrypt everything. Not the subject of this blog but if anyone’s interested happy to write about how I protect my own data when it hits the cloud? Let me know in the comments and I’ll sort something.

I’ve the best part of a couple of Tb up in BackBlaze now and it works really well. It also keeps an archive of up to 30 days for each file so you have an archival history of each file backed up too. It’s a good service. NOTE: With any backup service, make sure you test restoring!

Point-In-Time-Backups

The other thing I do is take snapshot or point in time backups. What do I mean by this? Well, in addition to the automated stuff above – the regular TimeMachine backups, and the backup to BackBlaze – I also take ZIP (Well, RAR, but people know what ZIP is) backups of my changed data, usually weekly. I put these into a folder that:

• Gets backed up to BackBlaze
• Gets backed up to my normal hard disk regular backups

Why do I do this? Well, simply to give me a point of time roll-back. I.e. I can go back and find all of my photos/documents etc. at a particular date. WAIT. Isn’t this covered above in the Offsite/Auto-stuff?? Well, yes, it is, but it enables one more thing……

Non-Syncronised Offsite Backups

This bit is key to protecting against ransomware. What I do is I take those point in time backups above, and I put them somewhere that isn’t synchronised anywhere on any of my machines. Think about this. I have a backup archive dated say 1st May 2017. I put it in a folder in DropBox that is *only* in DropBox. It’s not synchronised to any of my machines. How could any ransomware possible encrypt that and block me access? It can’t is the answer.

It’s an incredibly simple thing to do. On DropBox for example you can do selective synchronisation. I create a folder on DropBox, and ensure it isn’t synchronised to any of my kit – all using that selective synchronisation. If you’ve already uploaded the stuff you can use the DropBox web site to copy the stuff to the folder too – you don’t need to upload it twice. This is important as if you’ve got a ton of data up there you don’t want to be uploading it again.

So what does this give me? Well, it gives me a copy of all my stuff that my end-points (I.e. PCs, Macs etc.) can’t access to encrypt. It’s a simple solution to a complex issue.

Summary

Protecting your stuff shouldn’t be that hard, and it shouldn’t take very much technical know-how really. It would utterly break my heart to lose some of the photos, videos, content that I have – stuff that isn’t reproducible. So with some effort, I do my best to avoid that happening. As a side-result of that I protect other reproducible stuff in the same way……I don’t like having to re-do stuff.

Anyways, it’s an interesting subject. As data-sets get bigger this is going to become more challenging, not less. I’m sure technology will keep up however.

The consumerisation of technology has led to some interesting effects – namely people who do the odd bit of IT at home implementing IT systems for offices…and coming a bit unstuck for various reasons.

In some respects a lot of us will have been there. I remember early on in my career some of the initial deployments of Netware 2/3 … Well, let’s say visiting those sites a few years later made me cringe somewhat. Still, you learn right? Educate and move on.

Education & experience does seriously affect your world view though doesn’t it? For example I look now at code I wrote maybe 5 years ago – and while it’s functional – I often find myself thinking what on earth was I thinking? Or why did I write those 60 lines of code when a simple piece of sub-code would work? Also – I appear to have discovered in-code documentation. This is a good thing.

Anyways, a little while ago a friend of mine who’s an owner of a small startup (well, I say small – it’s about 150 people now, and I say startup – they’re on year 4 I think) asked me for some guidance. Why me? Well, their issues were predominantly around using Skype in Office365, WebEx, GoToMeeting etc. They’d tried them all. All with similar issues – disconnections, poor quality etc.

I swung by one day fully prepared for a free lunch, and then spent a good few hours scratching my head. I could see things were not working – what I couldn’t see was what wasn’t working. Yes, confusing statement. What I mean is that media products were terrible – laggy, disconnections, and just generally hideous. I got chatting to a few people around me and their general assumption was that it was ‘everything’. That ‘everything’ changed my view, and I started looking into general network performance.

Internet speed tests – brilliant. Local network tests – what you’d expect from 1Gbps local connections. Then wait – what’s that? Did I just see Outlook disconnect for a few minutes too? What on earth. So I started to look harder at the network – random loooong times to connect. Wait what?! Anyways, I did some more digging and I see that there’s been some hacking on the workstations to massively increase the TCP/IP timeouts and retries. Aha, now we’re on to something.

As part of my wandering about and getting coffee, I glanced at the IT rack. Yes, the IT rack is in the coffee area. Where else would you put it? Anyway, this consisted of a pile of Netgear switches on a shelf…in a usual uncomfortable mix of different colour cables, and lack of securing to the rack. In my idleness I started to work through the OCD damaging mess of cables – and the issue became clear. Something so, so basic that I’d almost forgotten to check for such things. Something was flashing in my brain about the 5-4-3 rule. 

So…I start pulling the mess of cables apart – and this connection method becomes clear:

So day 1 they buy a cheap 8 port switch. Who doesn’t have a drawer full of them? Then they need a few more ports – so add another switch, plug in the Internet connection and the odd on-prem service. Then wait, we need more ports. Plug in new switch etc. Then we end up in the world of network notwork. Did you see what I did there? Kinda proud of it considering my level of coffee intake.

Anyways, anyone with a basics of networking should see how inefficient the above is. A simple re-wire and guess what – everything now just works. Forgive the poor diagram – I’m still having breakfast:

It’s so easy to wander down to PC World (Other advice-filled wonderous providers are available), buy stuff, and just plug them in…and it mostly works isn’t it? Hell, this model probably would cope if all it were doing was delivering Netflix to the front room, kitchen and bedrooms. For work though, all those minor irritations, disconnections, poor quality media sessions – they rob your users of time and motivation, which of course robs your business of productivity.

Anyways, here endeths my Tuesday breakfast sermon. Be careful of the fella that ‘does IT’ because he got Netflix working in his kitchen. Or something.

UPDATE: Over the last week I’ve received numerous emails on my customer’s email platforms (like many consultants, I end up with a lot of accounts) re-affirming that corporate data must not be kept on Evernote. How much damage have Evernote done to themselves here? It’s looking like a colossal backfire.

Original Article

I stumbled across the Evernote platform a number of years ago. It’s multi-platform, sync to any device, electronic-scrapbook method of operation became very useful, very quickly. Here I am now with the best part of 10Gb of information in there. Not any more however.

Some articles flying around over the last couple of weeks set the alarm bells going off about their privacy policy. Take this one for example over at LifeHacker:

Evernote Employees Can Read Your Notes, and There’s No Way to Opt-Out

Even the headline made me sit up and take notice. So they can read your notes without opt-out made me immediately wonder about how. Surely my data is encrypted at rest within their cloud? So I can only assume they have access to the encryption keys. No, wait, how wrong I was. More on that in a second.

Firstly, the update to the privacy policy due end of January 2017 stated that a machine learning tool may require Evernote employees to look at your data. Hmmm. Ok. Perhaps. But wait, even if you opt out of that, you absolutely cannot opt out of allowing Evernote employees to look at your data. Think about that for a minute.

Now of course after a fair bit of pressure they’ve backed down on the changes, and sound contrite about it. See here:

Evernote Revisits Privacy Policy Change in Response to Feedback

By ‘feedback’ I assume they mean ‘rage’.

Note that they say that Evernote employees won’t access your data without your permission. Now, after that thing over having to opt-out of stuff explicitly to stop them reading your data – well, it’s got my spider senses tingling for a couple of reasons.

Firstly, what else have I opted in/out of that would allow them access whenever they like?

Secondly – and far more important to me – is how are they accessing my data? There’s only two options here really – the data is stored at rest with no encryption, or Evernote employee’s have access to your encryption keys.

After some investigation it would seem it’s the former – your data is not encrypted. A lot of talk about the encryption in the service really only is at a transport layer – I.e. Data to and from the US Data Centres. It is not encrypted at the data centre itself. (Update: It appears Google Cloud is encrypted at rest…but it’s not relevant really if Evernote staff can get a clear view of your data).

That sets off all kinds of uncomfortable feelings.

Looking into this even more, I can see that in the forums encryption at rest has been a long-requested feature. Why wouldn’t they implement it? Access – that’s why. I suppose there’s a marginal technical reason about workloads (encrypted data is slightly more expensive from a transactional point of view to process)….but hey, now they’ve moved to Google’s cloud there’s no issue there, is there?

Yes, Google Cloud.

So here we are now with your data, unencrypted at storage point, and within Google’s platform. The forum thread on the subject is interesting. 

I am so not down with this I couldn’t get my stuff off their platform quick enough. In particular this one almost made me choke on my coffee:

I’ve always been of the mindset that any company that has ‘Don’t be evil’ as a corporate motto has a reason for that motto being in place. This is not a good thing. I will add though that as far as I know Google’s Cloud does encrypt data at rest, so perhaps this is progress of a kind?

Everything about this move – the issue around access to data, the lack of encryption, the move to Google – has my tech senses tingling like Spiderman at a Marvel party. Consider this from the forums:

• We don’t provide you with a feature that lets you client-side encrypt all your content in a way that we can no longer read it. 
• The only end-to-end encryption feature we offer is note text encryption. We’ve had a lot of people voice their interest in full note, notebook, and account encryption, but we don’t have any plans to support that right now.
• Both Evernote and Google will have access to data that you don’t manually encrypt using our note text encryption feature.

Well ain’t that dandy.

So, for me, sadly, it’s goodbye Evernote. The platform front end is great – really great – the back end, and their attitude to their user’s data, not so much.

What will I replace it with? Well, not one product that’s for sure. I’m sure OneNote will be in the mix, as will making more use of my Office365 50Gb Mailbox, as will putting stuff in flat-file store again. All of them more preferable that what Evernote is doing with my data today.

Sad times.

If you read my blog you’ll know I have a certain healthy paranoia about security. I encrypt everything, and am at a loss why people don’t use Password Managers more often. From a finance point of view I go as far as having a separate cash account with low amounts of money in, and a separate credit card with a low limit. They’re the only ones I let near the Internet. Perhaps too paranoid.

Anyway, I’ve a current little spat going on with a certain electricity provider who insists they don’t send on my details from when I’ve registered with their website. I find this hard to believe, as since I’ve registered with them I’ve been getting a ton of spam – not crappy ‘you’ve won a million dollars’ ones, but proper targeted advertising. How do I know it’s them? Well, it’s the email addresses I use for services.

The email address for this account is similar to:

RoadNOenergysupplier@mydomain.com

…where ‘road’ is three digit abbreviation of the property address, NO is the house number, and supplier is the supplier – mydomain.com of course being my personal email address.

NOTE: @Simon_kiteless mentioned over on that there Twitter that you can do this very simply with GMail, using the ‘+’. So you could enter ‘yourEmail+supplier@gmail.com’ and filter your email on that address. Very cool, thanks Simon. You can read more about this method on Gizmodo. 

I do this for pretty much most key websites. This is for a few reasons:

• It’s more secure. Somebody getting one email/password combo won’t automatically get access to every other site where you’ve used that combination.
• It means I can track who’s doing what with my information.

The primary purpose was the first one – the second one was a curiosity…and it’s the first time I’ve had a major provider swearing blind they don’t sell on my data, and yet…….

For what it’s worth, does anyone else have a hotmail/outlook.com address they give to people they don’t want to really talk to? No? No, me neither.

Anyway, this is pretty easy to do with most email providers. I use Office365 for example, which allows up to 200 email aliases. As I use a password manager I don’t have to remember them all. I also of course have a generic one that I use on sites I don’t really care about – and email for that address goes to a dump account that I check now and again.

Anyways, I’m curious to see how this one plays out.

Woke up to see another data leak story today:

O2 Customer Data Sold on the Dark Net

When ever I see stuff like this it makes me double check my security for websites etc. to make sure I’m not accidentally doing anything daft. This morning though it got me thinking – how come more people don’t use Password Managers? Or more specifically – how do people make stuff secure without using password managers? It’s beyond me.

Looking at my own for example I currently have 422 logins to various things. Yes. Four Hundred and Twenty Two. Bonkers.

Without a PWD manager the likelihood is a lot of those sites would:

• Use relatively simplistic patterns or words that are memorable.
• Repeated across multiple websites. 
• Instantly forgotten and constantly having to tick ‘forgotten password’ on sites.
• Email to a single source meaning a single email could be compromised, resulting in the compromise of multiple sites.

Now, I’m the first to admit I can be a bit paranoid about such stuff. I like to follow best practice. Achieving that though without a way of managing your passwords – difficult. 

Working in IT means I get to ‘help’ a lot of my friends etc. with their computers, microwaves, shelves* etc. It astonishes me how poorly their general attitude to security is. Firstly, it’s rare someone will hand me their laptop and it be encrypted. They never think to question that I recover their stuff so quickly, just assuming it’s something down the black-art of ‘those computer things’. I’ll also often find things like text files on the desktop containing common email/password combinations and more often than not including the web site that they’re associated to.

Utterly crazy.

So why is a password manager so important? Well, the obvious one is that it stores all your passwords and makes them easy to access. It has other – more important – benefits too:

• You can generate truly random passwords that even you won’t be able to remember. Stuff like SAjhhWJKH987KJJ71$$$!$%%%%_43 for example. Try remembering that. (There’s a legitimate argument against such passwords too, to be fair: See XKCD). 
• You don’t have to remember all those ridiculous passwords! The manager will do it for you.
• You can have unique passwords for every single site.
• Most will do a security check through the passwords that are stored advising you of any poor or repeated selections.

Wait – how do you secure your password manager? Well – of course you have to set a master password…And you need to be creative with that. I use phrases that make no sense for example, rather than short words. So something like ‘Jay likes to eat b0ats on a Sunday’** for example. Easy to remember as it’s so weird. You don’t find yourself typing it in very often either – iPad/iPhone it’s all TouchID, and on my main machines it locks when I lock my normal machines.

Do I save passwords in my Browser? Yes, I do – for some sites. Never for any sites that hold any detail or financial information.

What about the ‘tick here if you’ve forgotten your password’ – if they all go to the same email address then hey, you only need that email address compromising don’t you…? Well, of course I don’t setup a different email address for every website as that would be beyond silly – but I do have a few separate ones for secure sites. I don’t use the same email on any financial sites for example. Ever. That could however be part of my general paranoia and may be a bit beyond the norm – I’ll graciously accept that.

Honestly, check out password managers. It’ll make your life more secure, and what’s more make your day to day easier too.

Products like:

LastPass

1Password

…are probably the most popular. All multi-device, all integrate natively in to your web browser etc.

Get secure. It’s your responsibility, not the providers. It’s your data. They’ve always got a get out – oh we did our best. Blaming them all you like may make you feel better, but it’s still your secure data flying around that internet.

*OOOO! You work in IT! Can you help me put a shelf up?

** No, this isn’t my passphrase. Even I’m not that daft. //scuttles off to change pass phrases.

Working in IT invariably means friends may ask you for help at some point. It’s the nature of it. Sometimes it’s help with a laptop, but it can also be random stuff like “Hey, you work in Computers! Can you help me with my new Microwave”. We’ve all been there.

Anyways, recently I’ve been following the developments on Apple vs The US Government on iPhone encryption – and it got me thinking. How many people who aren’t in IT actually encrypt their stuff on purpose? I bet it’s not many. I’d be surprised if a lot of non-computer literate people actually did it, or understood why it’s important.

Let’s take a recent event of somebody’s machine crashing and them not being able to start windows. Let’s forget for a second their extreme panic at the fact they had about 5 years worth of stuff on there…and no backup. Yeah, let’s forget that.

So, I pull the hard disk out of the laptop, plug it in to mine…and there you go. I copy off all their data. Easily. Everything. Photos, documents, copies of their passport, bills, driving license…I’m sure you can see where I’m going with this.

It’s so easy to do, it’s beyond terrifying. Imagine if they’d have had that laptop stolen, or left on a train?

What about home stuff? Sure your home PC (people still buy those, right?) is safe isn’t it? After all, it’s got a password on it. Of course it isn’t. If the worst happened and you were burgled, and the base unit/external drives nicked…getting your data would be beyond easy. If it’s an external drive, just plug it in to something else.

Personally, I encrypt absolutely everything. Every laptop, every external drive, anything that can be encrypted is encrypted. It’s the only thing that makes sense. Some may say I’m being over-cautious. Why am I? I have a sensible backup setup with multiple copies of stuff, on and off site, all encrypted of course. My risk to losing data is quite low.

The risk of losing unencrypted data though – that is sky high. I don’t mean the risk of losing drives, I mean the risk to me should I lose one of those drives with data on. Could be customer data, personal data, could be anything. 

Whatever it is, I don’t want people accessing it. The cost of the hardware/drive etc. is an annoyance. Losing the unencrypted data would be catastrophe.

It’s not hard to encrypt stuff now – so really, you should make it happen.

Use FileVault to encrypt the startup disk on your Mac

Turn on Device Encryption

It is beyond easy.

Now, what about the scenario above where somebody has a laptop, and it’s encrypted, and they’ve never taken a backup…and it fails. Well, you’re stuffed pretty much. There are things you can do if it’s just an OS corruption or hardware issue like take the drive out and use the key to decrypt the drive, but it is harder.

Me, I’d personally encrypt everything and have a decent backup. Failed drives to me are an annoyance, I can’t remember the last time it actually threatened any data.

Anyways, encrypt your stuff. It’s important. Unless of course you only keep pictures of cats.

It’s not often I write opinion pieces – I’m usually all about the technology and the how, and less about the why….so bear with me. I recently found myself having a coffee with quite a senior IT Director of a large organisation, and also a couple of very capable techies. The tech’s were focused on large infrastructure, so think large Exchange, AD, SQL and associated systems. I’ve known these people for a while – I came from a similar background.

The conversation got to asking why am I so into UC type technologies, with a particular lean to the Microsoft offerings. Such an open question, and one you’d expect a short and easy answer to – but the more I thought about it, I realised it’s not an easy one to answer.

My evolution in the world of technology consulting started with Novell Netware (version 2.11 if I remember rightly). I loved working on that stuff. Interesting, and it was an evolving market so interesting stuff. Worked right through the Netware 3.x and 4.x days, and then around the 4.x era Microsoft got in on the act. I remember sitting in a presentation over at Thames Valley Park and thinking that Windows was going to ruin Novell’s space – mainly through the commercial reality of it, even though the tech in me at the time didn’t think the platforms comparable. At the time, Novell was sold in user chunks, so 5, 25, 50, 250 seat licenses for example. Here was the upstart Microsoft offering a server that would do the file sharing (and much more) for just the server license cost – there were no CALs back then. Buy a single server license, connect as many clients as your server could handle. This seemed incredibly aggressive to me, and back then I wondered how it would work financially. Arguably it didn’t work – Microsoft later brought in the CAL model meaning each user would need a client access license. Ho hum.

…Anyway, off in to the world of Microsoft I go. Working on largish Active Directory, Exchange and also for a while Citrix deployments. Good stuff, enjoyable, and kept me in holidays and biscuits. A fairly rapid developing area anyway – keeping up with the new technology was interesting, and integration to other platforms also become more viable as the product set developed too. Interesting stuff.

The evolution of working on Microsoft Exchange and then moving into more realtime stuff like Office Communications Server (OCS), Lync, or Skype for Business seems a common one. Most of the people I work with in this space seem to have followed a similar route. This is the source of the originating question – why the passion to stay in realtime/unified comms?

I thought there was a simple answer to this, and there really isn’t. So I’ve thought about this some more, and tried to break it down objectively.

Technology

From a technology perspective, working in UC means you have to have a good in-depth knowledge of multiple complex products across the stack, as well as a solid understanding of how vendors work together. Consider a Lync/Skype deployment for example:

• Active Directory. AD is at the heart of the identity in S4B – getting user identity right is paramount to ensuring a high quality user experience. A lot of scripting/updating/architectural stuff here to be done.
• SQL. SQL is used for various function – it really helps to know how this works. In some of the larger estates I’ve delivered (think 200k+ seats), script modifications in databases etc. weren’t unheard of.
• Storage. Large transactional processing often requires storage that performs in the way you need. It’s not just a bunch of storage.
• Virtualisation. VMWare/HyperV – how often do we install physical servers now? Even on the installs you do where you are installing physical units often a chunk of the estate will still be virtualised.
• Networking. Fairly key to the delivery of media and a quality user experience.
• Load Blalancing/Firewalls-Reverse Proxy. Possibly should be under the networking header, but you get my point. Knowing how these work is fundamental to a great UC setup.
• Scripting. Anyone who says they’ve deployed/managed a large system of thousands of users, and who has no skills in PowerShell/VBScript type stuff…well, you’re either a glutton for punishment or I’m questioning your credentials.
• End Points. PCs, Laptops, Phones, Mobiles, Tablets…You name it, a UC platform needs an answer to deployment of. Also includes technologies such as mobile device management.
• Other Voice Vendors. You need a fairly good understanding of most of the other common vendors in this space too – Cisco, Avaya, Mitel etc.

The above is just a selection of technologies I now get to work with every day. Would I get to work with the above wide stack if I’d have stayed in a more traditional AD/Exchange type role? Possibly some, but certainly not all….which also leads me on to the additional point of….

What does UC do for the Users?

Ever tried to get users excited about a new version of Exchange or Outlook? Tough call that one. Each new version of Exchange brings a lot of architectural advantages of course – they tend to help the IT Services deliver a better service though – or arguably, deliver more with less kit. Apart from perhaps large mailboxes….What value does it really bring the user? Of course Outlook has developed on – it’s a great product, and highly functional. I’ll take you back to my original point though, ever tried to get users excited about a new Exchange/Outlook deployment? Yeah, doesn’t happen in my experience.

The same goes for other back-room IT type stuff too – if it doesn’t change the way a user works, then….from their perspective, what’s the point?

Conversely, with UC, you’re offering truly new capabilities to users, and in my experience, people love the opportunities it gives them. The capabilities make people’s working days easier. Connect people, connect them well, from anywhere….People love it. Even doing things like product demos or model office type stuff, you can see people joining the dots on what capabilities these types of technologies bring to the work life. Depending on what direction you’re coming from, it either makes your existing work easier, or it can enable you to achieve more in the time you have at work. Either way, it tends to be a positive experience for the adopters.

I’m not really talking about vendor aligned UC at this point either – Microsoft/Cisco etc. all have great solutions of course. From a user experience point of view, I’ve yet to see one that comes close to Microsoft’s however.

Of course from a delivery point of view, to get this positivity out in the user population the user experience is absolutely key. If a user has to start thinking about how to do stuff, based on their device, location etc. well, it doesn’t work quite so well. For example, there’s a site I know where a coupe of remote offices use an Internet VPN for connectivity. This is absolutely fine, and mostly transparent to the user….apart from them not quite having set up the routing appropriately for Lync 2013. Users on that site can get basic services, but they run into issues with web conferencing, sharing etc. I won’t bore you with why this is, but essentially those users have become accustomed to know they have to disconnect from the corp network and connect via a public WiFi access point in order to gain access to the flakey services. Great user experience that isn’t.

In the above scenario, the main sites that utilise the tech love it – it’s been listed repeatedly as the best thing IT have done for the employees in a while. Look at those couple of offices though, and they think the product set is terrible, unreliable……and this doesn’t sit well with me.

Why work in the channel?

The final thing we were discussing in relation to this, was that we’d all effectively spent our careers working in the IT Technology Delivery sector. That is working for the companies that repeatedly deliver this stuff, rather than working directly for end-clients who may operate such platforms, but perhaps only implement/upgrade etc. every few years.

For me, the reasons for this relate back to my points about the technology. Working for a reseller means a stream of projects around the technologies that I’m interested in. It means you get far more exposure to those core technologies, often in greater detail, and often with higher backup from the vendors themselves too.

Finish one 1k seat deployment? It’s off to your next one, with a new set of requirements, new unique business challenges, and yes, a new set of users to impress. It’s a different approach to design/implement/operate that I seem to observe working direct for the consumers of the technology.

What’s Next?

I suppose the next question is…what technology next? I’ve been fortunate to have spotted (probably by pure luck) evolving technology spaces – whether it was the jump from NDS to AD, or the excitement at remote desktop type services such as those delivered by Citrix. I saw the same opportunity with UC. Is UC mature now? Well, obviously it’s a lot more mature than it was. Working between platforms now is far easier than it once was, and people’s implementation of SIP seems to vaguely follow the same ideals now. So it’s certainly maturing, not convinced it’s totally mature yet.

What’s next? Well, if I told you that, you’d all get in to it wouldn’t you? Watch this space.

At home I have three Internet connections – two older ADSL lines, and a fibre connection. Why? Well, firstly I moved providers for ADSL and never really got around to cancelling the other one…and then got fibre, and, well, yeah.

Anyway, I use the ADSL lines constantly – they’re loaded most work days with backups, uploads etc. (I work from home a lot), and I use the Fibre connection for everything else in my place – Movie streaming, UC workloads (Voice/Video etc). So, I do push those lines.

One issue I use to have was trying to force certain services via specific connections. In fact I wrote about it ages ago, here:

Crash plan Routing (As a side note, why did I ever think this format looked OK?!)

I was using static routes to push services via certain connections – I eventually ended up putting in a small Cisco router to deal with the routing properly at the network layer, but it was never really ideal.

Anyway, I recently stumbled across a product that claimed to be able to load-balance broadband connections (ADSL, Cable, 4G, fibre…whatever) – this one:

TP-Link TL-R470T+ Load Balanced Broadband Router

Catchy name, hey?

This unit has up to four WAN ports and can load balance those WAN ports in various ways (more on that in a minute), across multiple providers. I found this idea interesting – I thought I could use it to load-balance the two ADSL lines I have to get better general performance from them, and also I found the idea of richer features attractive – static routing, firewall, more advanced NAT etc.

So, with that in mind – I bought it. Forty quid is half a tank of fuel so it wasn’t a massive risk.

Guess what? It works brilliantly well – it was up and running in about 10 minutes flat. Let’s have a look at how I set it up – click on the diagram to see a larger version:

The ADSL routers are at their default settings – DHCP enabled etc. all that good stuff – so it’s just a matter of plugging them in. I then wire in an Airport Extreme WiFi base-station for the WiFi provision. Bear in mind you can’t use the WiFi on the ADSL routers as that wouldn’t be going via the load-balancer.

So what was the result? Well, bear in mind I have two ADSL lines – one averaging about 7Mbps, and the other about 5.5Mbps – here’s the results:

I’ve also got my backup running at the minute – the upload is nearer 2Mbps without. Not too shabby? The general performance plays out as well, you can tell you’re getting far better performance than a single line can provide. I also tested media loads with Skype & Lync – usually notorious in these sort of setups, and it all worked just fine.

Did I see any problems at all? Well, yes – passive FTP doesn’t work well over this type of load balancing – it’s very, very slow. Fortunately, there’s a way around that in the unit’s configuration – I can specify that certain ports/protocols only go via one connection:

So what I’ve done above is send anything for a destination port of TCP21 (FTP) over WAN link 1 only. Sorted that right out. You can also if you want add static routes via one particular WAN interface as well.

Any other down-sides? Well, the ports are only 100Mb not Gigabit – so if you want to communicate between machines at faster speeds (Say for example one machine on Wifi 802.ac and another machine on wired Ethernet) then you will need the 802ac WiFi unit and the machine on Gb Ethernet plugged in to a Gigabit Switch, and that Gb switch plugged in to the load-balancer. (Or, if like me you’re using the AirPort Extreme from Apple, you’d ensure your Gigabit machines were plugged in to the switch on that).

If you do it that way, then traffic from the WiFi 802.ac connection will go from the WiFi base-station, to the Gb switch, and then to the machine over Gb – so you’ll not hit any contention.

If you just had the wired machine plugged in to the Load-balancer, along with the WiFi base-station, then you’ll be limited to 100Mb between the faster devices.

Very, very pleasantly surprised at how capable this unit is, and how easy it is to configure.

On the load-balancing piece, something to be aware of is the options in the load-balancing configuration. Have a look at this:

Out of the box, mine came configured for ‘Enable Application optimized routing’ – now, what this appears to do is allow a single application to connection over one of the connections. So multiple sessions/apps from a single machine will get balanced between the connections. What this doesn’t do is give you a higher general throughput. Testing at SpeedTest.net for example showed the source as alternating between the two providers.

It’s not very intuitive but if you turn off both options then the connection seems to be load-balanced at a lower level and you get the higher throughputs reported – from my testing you do get the faster general experience as well.

The unit itself has some other very cool stuff including:

• Static routing – you can enter static routing information for specific targets/ranges.
• Some very complex NAT options are possible.
• Some quite advanced traffic management/control rules.
• You can configure from 1 to 4 ports for load-balancing (Well, 2 as a minimum if you want to balance…).
• Very functional firewall configuration options.

This is quite a powerful little unit – all for forty quid!

Anyway, I’ll be using this unit over the next few weeks – if i run into issues I’ll report back in here, but from my testing so far I’m really, really impressed. You can also view a video run through below:

Here’s a little gotcha for you. Sometimes, you may want to connect your PBX to your Session Border Control (SBC) or Voice Gateway, via E1/T1…and for whatever reason you just can’t get the interface to come up.

Sometimes you need a ISDN CrossOver cable in these scenarios – and guess what, this is not the same as a normal Cat5 Cross Over. They’re different pin configurations.

A normal Cat5 cable is straight-forward connection, with a 1:1 Pin correlation. The colour scheme I normally use is (starting from the left, with the plug facing away from you):

Striped-Orange
Solid Orange
Striped-Green
Solid Blue
Striped-Blue
Solid Green
Striped Brown
Solid Brown

ISDN CrossOver
The ISDN Cross-Over swaps pairs 1/2 and 4/5, so the pin layouts you’re now interested in would be:

1 to 4
2 to 5
4 to 1
5 to 2

If you’re making the cables then don’t try and cut down the cable to those cables only – it’s nearly impossible to make the cable! Just leave the other pins straight through. So using the above colour scheme the layout would be:

I’ve been having some fairly interesting conversations about mobile device platform choice recently – one of the fundamental ones is my insistence that I think Windows Mobile 8 is a spectacularly good system. Of course the immediate response to this is to point to my iPhone/iPad and say ‘HA! It can’t be that good!’.

What’s interesting about that is that some of my friends who are not so into technology need it pointing out to them that the real investment in mobile devices (phones/tablets) is way beyond the operating system and handset layer…It’s applications. Cue blank stares around the table.

I’ve spent a lot of money over the years on IOS compatible apps – from things like TomTom to expense apps, to all kinds of stuff that form part of my day to day work & private functional life. To up & move from one platform to another is pretty much akin to asking somebody to drop everything on their Windows PC and move to a Mac where they can only run OSX apps (Yes, I know you can run Windows apps on a Mac, it’s the only thing that makes the platform tenable for me). It’s a very hard sell, and one that a lot of people just don’t seem to get.

It’s also I think part of the story that needs to be applied when looking at adoption rates and usage of Windows Mobile 8 against Android & Apple IOS – it doesn’t really say much about the platform capabilities as such, it says far more about Microsoft being late to the party of having a great mobile environment with decent apps. Everyone is invested everywhere else.

I’m sure a lot of my tech followers will read the above and just think, like der, it’s obvious. It is obvious – but you’ll be astonished by how many non-tech people assume WinMo must be rubbish due to its adoption rate. It simply isn’t. In fact, it’s so not rubbish that I’m not far off dumping my investment in IOS apps to go the Windows mobile route. Just for absolute clarity here – the only reason I’m still on an Apple iPhone is because of my investment in applications on my mobile & iPad, and how much I rely on them.

It’s a monetary investment – it’s not whether the apps are also available on WinMo. I don’t want to have to buy them again – certainly not the more expensive ones anyway. Like I say above however…I’m not that far off it. The biggest thing that’s holding me back at the minute is my investment in TomTom on the iPhone. Sure, my car has SatNav – but like most car systems it’s utter tosh compared to TomTom on any device. They can develop it so much quicker and they’re not so dependent on a single out of date hardware platform. I’m toying with replacing my car – and that will have a far more modern SatNav in it – for a couple of years at least until TomTom catches up, and by then I’ll have forgotten about what I spent on it previously – meaning my dependency on the iPhone app will diminish.

Where am I going with this? Well, I think vendors that are late to the market (Yes, you Microsoft) need to be looking at filling that application void. Looking at offering incentives and working models that drive traffic to your platform, not think ‘oh that’s a great platform but I’d lose everything I have already’. There must be a model where this could be workable for both Microsoft and their partner vendors? Who knows? If I did know, I’d not be worrying about what new car to buy that’s for sure. I’d buy both of them.

If you’re application light, don’t dismiss Windows Mobile 8. It’s fantastically good, and you have a massive range of handsets.

From a selfish perspective, driving competition can only end well. Competition drives innovations, makes better products and cooler tech. Everybody wins.