Tom Henderson
Author Archives: Tom Henderson
- Home → Author's archive:
Tom Henderson
0
After the WikiLeaks dump: Do nothing
You heard it here first. Don’t do a damn thing in response to the WikiLeaks dump that you’re not already doing. Don’t sit still, be vigilant, keep your eye on the targets. Because this isn’t news.What? Not news?!?No. Between the three-letter agencies, if they want you, they have you. They’ll find a way. It’s a matter of time. But they’re largely ahead of the ne’er-do-wells. You should expect this.+ Also on Network World: Apple, Cisco, Microsoft and Samsung react to CIA targeting their products + If hardware and device makers gasp that their stuff is crackable, it’s only time to snicker. Nothing is foolproof because 1) fools are so ingenious and 2) with a big enough hammer you can crack anything. Even you. You are not impregnable. It’s a matter of degree—and if you can detect the breach quickly.To read this article in full or to leave a comment, please click here
0
Checklist for choosing a small cloud host or ISP
I’ve gone through a number of hosting companies. My NOC is at Expedient in Indianapolis (Carmel). They do a great job for my testing needs. They have a large, well-designed facility, lots of power and, most important, they know what they’re doing and do it 24/7.In my role as someone who knows the difference between UDP and TCP, I get asked a lot to recommend an ISP or cloud host for purposes of web and mail hosting for small businesses, organizations and even generic civilians. Over the years, I’ve found some common difficulties that can mean the difference between enjoyable experiences and long, drawn-out support problems with incumbent frustration.To read this article in full or to leave a comment, please click here
0
Mobile World Congress 2017: Mobility monsters
At Mobile World Congress (MWC) in Barcelona, there are eight huge halls, not to mention the vendor-decked hallways, plus another sub-convention center to visit. Mobile World Domination is a better word for the event. I’m reminded of the old days of CeBIT where 800,000 people made it to Hannover, Germany, in the late 1990s and early 2000s.No more.The GSMA has adroitly herded all things mobile to Barcelona instead. The recognizable big guns are here, minus a large Microsoft presence, and Apple is the invisible 800-pound gorilla.To read this article in full or to leave a comment, please click here
0
REVIEW: Deep dive into Windows Server 2016
Windows Server 2016 was officially released in September, but we waited until all of the bits were at production level before taking a deep dive into Microsoft’s flagship server operating system.To read this article in full or to leave a comment, please click here(Insider Story)
0
The $475 S key
I have a Macbook Air, purchased from the Apple Refurb store about two years ago. It now has a dead key. It’s the S key. After cleaning it with compressed air, it worked badly for a while and is now dead. A query to the local Apple repair shop indicates it’s fixable for about $380. One look at the iFixit repair PDF, and it’s easy to see that it’s very labor intensive. For. One. Key. I obtained an appointment at the area Apple Store Genius Bar. After about 40 minutes, it was determined that Apple could repair my MacBook Air. The price would be $475, but that would include other refurbishments as determined at the time, perhaps including a new battery or whatever else was found “wrong” with the machine. To read this article in full or to leave a comment, please click here
0
Harbinger of The Great Internet Wall arrives
By Presidential proclamation, non-U.S. citizens' data is in jeopardy. An executive order by President Trump could hurt a data transfer framework that allows EU citizens’ personal information to be transmitted to the U.S. for processing with the promise that the data would have the same privacy protection in the U.S. as it has in the EU. That’s because a section of the order says, “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” To read this article in full or to leave a comment, please click here
0
Harbinger of The Great Internet Wall arrives
By Presidential proclamation, non-U.S. citizens' data is in jeopardy. An executive order by President Trump could hurt a data transfer framework that allows EU citizens’ personal information to be transmitted to the U.S. for processing with the promise that the data would have the same privacy protection in the U.S. as it has in the EU. That’s because a section of the order says, “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” To read this article in full or to leave a comment, please click here
0
The latest database attacks: Tips of the icebergs
MongoDB wasn’t the first database hit by ransomware, just a rich target for attacks. Now, ElasticSearch and Hadoop have become ransomware targets. They won’t be the last. Were these three database products insanely simple to secure? Yes. Were they secured by their installers? Statistics and BitCoin sales would indicate otherwise. And no, they won’t be the last. Every hour of every day, websites get pounded with probes. A few are for actual research. When the probe is a fake logon, like the dozens of hourly WordPress admin fails I get on my various websites, you have some idea that the sender isn’t friendly.To read this article in full or to leave a comment, please click here
0
The latest database attacks: Tips of the icebergs
MongoDB wasn’t the first database hit by ransomware, just a rich target for attacks. Now, ElasticSearch and Hadoop have become ransomware targets. They won’t be the last. Were these three database products insanely simple to secure? Yes. Were they secured by their installers? Statistics and BitCoin sales would indicate otherwise. And no, they won’t be the last. Every hour of every day, websites get pounded with probes. A few are for actual research. When the probe is a fake logon, like the dozens of hourly WordPress admin fails I get on my various websites, you have some idea that the sender isn’t friendly.To read this article in full or to leave a comment, please click here
0
Windows 10 peeping: Microsoft fails to understand the uproar
I’ve been covering Microsoft Windows since the 1980s. There have been several regime changes, each with its own distinct ego. Some regimes listened eagerly, some didn’t. This one is failing, but I believe the current fingers-in-the-ears stance are related more to revenue than to ideology. Microsoft wants data about you. To do so, Windows 10 is riddled with phone-home messaging. Some sites document dozens of IP addresses and add even more DNS calls for your machine’s data. We’re told that the data isn’t personally identifiable and that it’s used to improve QA. No one said Microsoft didn’t need QA. New versions of Windows have always had holes big enough to fly airliners through, but Microsoft finally got some sense when in Windows XP SP2 and Vista, they demoted user space. Finally. To read this article in full or to leave a comment, please click here
0
Rated insecurity: Faux Cat 6 cable sold on Amazon
Many of you are on Wi-Fi, but this is salient to you. Amazon’s enormous sales site is marketing Cat 5 and Cat 6 Ethernet cable with aluminum conductors, as well as “plenum-rated” cable that bears no UL markings and is likely fraudulent. This comes after a run of apparently bogus Apple chargers and cables. Why do you care? Several reasons: Some of the Ethernet cable sold uses either copper-coated or copper-mixed aluminum. Numerous specs call for the conductors to be solid copper. Why? Copper meets conductivity specs and won’t heat up under load. Organizations using Power-over-Ethernet (PoE) to power remote Wi-Fi access points (quite common these days) risk having the cable catch fire due to overheating, or just melt and short—especially on long cable runs. Plenum-rated cables are self-extinguishing. This means if you put a nail through one (we hope accidentally), then a jacket surrounding the cable prevents setting something in the surrounding area on fire. If you add the two factors together, cable that heats up and jackets that don’t extinguish a possible flame, then the sprinklers turn on. We hope. Whilst perusing the listings, I came across numerous enticing examples. Why enticing? Because their cost Continue reading
0
Rated insecurity: Faux Cat 6 cable sold on Amazon
Many of you are on Wi-Fi, but this is salient to you. Amazon’s enormous sales site is marketing Cat 5 and Cat 6 Ethernet cable with aluminum conductors, as well as “plenum-rated” cable that bears no UL markings and is likely fraudulent. This comes after a run of apparently bogus Apple chargers and cables. Why do you care? Several reasons: Some of the Ethernet cable sold uses either copper-coated or copper-mixed aluminum. Numerous specs call for the conductors to be solid copper. Why? Copper meets conductivity specs and won’t heat up under load. Organizations using Power-over-Ethernet (PoE) to power remote Wi-Fi access points (quite common these days) risk having the cable catch fire due to overheating, or just melt and short—especially on long cable runs. Plenum-rated cables are self-extinguishing. This means if you put a nail through one (we hope accidentally), then a jacket surrounding the cable prevents setting something in the surrounding area on fire. If you add the two factors together, cable that heats up and jackets that don’t extinguish a possible flame, then the sprinklers turn on. We hope. Whilst perusing the listings, I came across numerous enticing examples. Why enticing? Because their cost Continue reading
0
Rated insecurity: Faux Cat 6 cable sold on Amazon
Many of you are on Wi-Fi, but this is salient to you. Amazon’s enormous sales site is marketing Cat 5 and Cat 6 Ethernet cable with aluminum conductors, as well as “plenum-rated” cable that bears no UL markings and is likely fraudulent. This comes after a run of apparently bogus Apple chargers and cables. Why do you care? Several reasons: Some of the Ethernet cable sold uses either copper-coated or copper-mixed aluminum. Numerous specs call for the conductors to be solid copper. Why? Copper meets conductivity specs and won’t heat up under load. Organizations using Power-over-Ethernet (PoE) to power remote Wi-Fi access points (quite common these days) risk having the cable catch fire due to overheating, or just melt and short—especially on long cable runs. Plenum-rated cables are self-extinguishing. This means if you put a nail through one (we hope accidentally), then a jacket surrounding the cable prevents setting something in the surrounding area on fire. If you add the two factors together, cable that heats up and jackets that don’t extinguish a possible flame, then the sprinklers turn on. We hope. Whilst perusing the listings, I came across numerous enticing examples. Why enticing? Because their cost Continue reading
0
The loss of net neutrality: Say goodbye to a free and open internet
First: I’m not a lawyer. Net neutrality—the principle that no online traffic has priority over other traffic, not even for pay—might go away. If it does, big money will be behind its demise. The end of network neutrality will create many lasting problems, including these specific issues: 1. The lawyers win Every conceivable new theory about how one organization should have priority will ensue, and the courts will be clogged deciding the outcome. Today, the principle is simple: all traffic gets the same priority, and multimedia can have isochronous priority, but it’s not guaranteed. + Also on Network World: How Trump will attack the FCC's net neutrality rules + Without net neutrality, we will enter an era where ISPs, telcos, carriers and interconnects will all demand that THEIR traffic has priority, and yours does not—unless you pay. Let the litigation begin, and the courts glow in the dark in an attempt to sort out what theories of law now hold sway. Insert wallet, here. To read this article in full or to leave a comment, please click here
0
On being a 24/7 organization and the 2016 leap second
If the cloud is real, software important, and system reliability paramount, then non-stop computing, computing across time zones, and invisibly short repair times ought to be mandatory, wouldn’t you think? Of many requirements lain in litigation, regulatory compliance, and other “best practices,” there is one that doesn’t seem to make the checklists. Let me lay it out for you: Can you get support 24/7/365.25?You get bonus points for knowing leap seconds are coming. Why? Because among other things, Kerberos time synchronization mandates pretty accurate timing. We’re about to insert a leap second into your life on western New Year’s Day. You may have zones that celebrate other years, but to be in sync with the time standards in the United States, there will be an extra second. The earth is slowing down. To read this article in full or to leave a comment, please click here
0
On being a 24/7 organization and the 2016 leap second
If the cloud is real, software important, and system reliability paramount, then non-stop computing, computing across time zones, and invisibly short repair times ought to be mandatory, wouldn’t you think? Of many requirements lain in litigation, regulatory compliance, and other “best practices,” there is one that doesn’t seem to make the checklists. Let me lay it out for you: Can you get support 24/7/365.25?You get bonus points for knowing leap seconds are coming. Why? Because among other things, Kerberos time synchronization mandates pretty accurate timing. We’re about to insert a leap second into your life on western New Year’s Day. You may have zones that celebrate other years, but to be in sync with the time standards in the United States, there will be an extra second. The earth is slowing down. To read this article in full or to leave a comment, please click here
0
On being a 24/7 organization and the 2016 leap second
If the cloud is real, software important, and system reliability paramount, then non-stop computing, computing across time zones, and invisibly short repair times ought to be mandatory, wouldn’t you think? Of many requirements lain in litigation, regulatory compliance, and other “best practices,” there is one that doesn’t seem to make the checklists. Let me lay it out for you: Can you get support 24/7/365.25?You get bonus points for knowing leap seconds are coming. Why? Because among other things, Kerberos time synchronization mandates pretty accurate timing. We’re about to insert a leap second into your life on western New Year’s Day. You may have zones that celebrate other years, but to be in sync with the time standards in the United States, there will be an extra second. The earth is slowing down. To read this article in full or to leave a comment, please click here
0
Zen and the art of security
I’m a Zen heretic, and so also is my sense of systems security.A very cogent citation describes the folly of it all. The people who install toolbars, click on random stuff and feel like they won something when they downloaded the free app are too plentiful, and security is too tough to understand—even PGP. Bringing up the bottom is as important as extending the top. We don’t ritualize security because that would be too tough, to impolite to do. Your mother did not teach you to use complex passwords and to change them as frequently as your underwear. Given some people I know, it’s a wonder they passed the “p@55w0rd” rubric they were trained to use.To read this article in full or to leave a comment, please click here
0
Zen and the art of security
I’m a Zen heretic, and so also is my sense of systems security.A very cogent citation describes the folly of it all. The people who install toolbars, click on random stuff and feel like they won something when they downloaded the free app are too plentiful, and security is too tough to understand—even PGP. Bringing up the bottom is as important as extending the top. We don’t ritualize security because that would be too tough, to impolite to do. Your mother did not teach you to use complex passwords and to change them as frequently as your underwear. Given some people I know, it’s a wonder they passed the “p@55w0rd” rubric they were trained to use.To read this article in full or to leave a comment, please click here
0
IBM MaaS360 delivers powerful, easy-to-use mobility management
Fiberlink MaaS360 won our Clear Choice test of mobile device management tools in 2011. IBM bought Fiberlink in 2013, so we wanted to see how the product has evolved over the years.To read this article in full or to leave a comment, please click here(Insider Story)