06 December 2015

Windows needs to be kicked off the K-12 bus. Immediately.

School districts throughout America are issuing 1 to 1 mobile devices to students in secondary (grades 6-12) education to meet various requirements related to the common core. We will put aside the debate associated with this regulatory mess and focus in on the technology itself. Some districts have been issuing iOS, some Android devices but the main battle today appears to be between Chromebooks and Windows. Google and Microsoft are fortifying their lines for the battle with Chrome OS beginning to pull ahead with over 50% of all device purchases in 2015.

Since Chrome OS is the newcomer, there is no end of articles questioning whether we can trust Google and dictating what a district loses if they pick Google. What you will not find are articles saying, "why would any school district put the security nightmare of Windows in the hands of students?"

Until now, that is.

The security and confidentiality of students and their families should be the top priority of every district. If it is a choice between safety or education, skip the latter until the former is nearly guaranteed. Knowing what we know about the malware mess of the Windows operating system, there should not need to be any further reason to select something else.

Thanks to "zero day attacks" through their countless security holes, Microsoft is continuously patching their software. This means school districts handing Windows devices to students will need to have some way to apply these patches on a regular basis and "re-image" (wipe and re-create) the hardware at least annually. Districts also must create elaborate firewalls and filters along with a full Active Directory network to manage it. They will also need to put a far more robust network to handle all of the additional traffic and build out multiple networks to handle trusted versus guest-only access rather than having all student traffic outside the primary trusted network. Then you need a vastly larger technical staff to manage all of these functions, to develop and maintain the device image, to test all of the patches before issuing them, to create a help desk team available in each school to handle the much larger support needs of the devices and so on. Yes. Windows is an expensive choice.


Even if you successfully do this your students will still not be safe. In our testing we found example links served up by the Bing for Education web page on a district network for the VLC player, a video program used by many districts. This link search result would take the student to a page where malware would be installed on their Windows device without any assistance from the student. This despite a network that had all of the appropriate filters. This is not anyone's fault - certainly not the district. According to PC Magazine, in 2015 Windows sales represent less than 3% of all cellular equipped devices. Despite that small percentage, Windows had 80% of all malware infections and is expected to reach 90% before 2016. We already know from the corporate world that a combination of using Windows and Internet Explorer on a mobile device makes blocking malware a nearly impossible task.

It does not matter how good your firewalls are, how good your antivirus is or how often you re-image student devices: If you are running Windows a certain percentage will be infected. If you are issuing these to all students then you can expect a certain number to infect their family networks. As some districts have discovered, a certain percentage will then infect the school network. This is just the nature of running Windows. We sometimes have no choice in the corporate world since the applications we need to run may only exist on Windows.

Secondary education is not training students to build a domain controller. They are not showing students how to write C# code in Visual Studio. What they are doing is trying to replace paper and books. They are trying to give new opportunities for improving education. The goal of educating at a secondary level requires handing students nothing more than a fast running and secure web browser since all basic applications can be done in the cloud.

Yes, some will argue that Google might be collecting student data. However, to focus on that is to ignore that Microsoft is doing the same thing with Windows 10. We also know that Microsoft has outright misled consumers on a variety of issues - whether it is their hacking of Hotmail accounts, OneDrive's "unlimited" plan or their decision to abandon support for versions of Internet Explorer that they had guaranteed. Regardless of whether we trust Microsoft or Google (it is a safe bet that they can both be trusted equally), we know for certain that using Windows guarantees that a certain percentage of students will be infected by malware and their confidential data shared with criminals.

Then there is the issue of hacking possibilities when providing Windows technology to teenagers. Developmentally, secondary education is the age when humans start pushing boundaries and questioning authority. These are the years when white and black hat hackers are born. This does not mean that these students intend to create havoc on the school network. I have complete faith in teachers and students to find the right path and 99+% of them will make the right choices. But. There is always that fraction of a percentage. And it only takes one. Giving him or her an operating system that can run just about every hacking program in the world is probably not a great idea.

You might think I despise Windows. Not the case at all. I genuinely believe Windows 10 is the best desktop operating system ever created. (Sorry, Apple.) However, handing Windows mobile devices to students is a very expensive and silly liability that no school district should choose. There are numerous better choices on the market today and no reason to risk placing criminal activity at the fingertips of students.

25 July 2015

Microsoft security still lives in 1998.

Whether we like them or not, our passwords are the last roadblock to a hacker accessing our information. So, here is how you can keep your information safe:
  • Use dual layer authentication with every provider that offers it.
  • Use a unique password for every single site and have a reputable password manager track them.
  • Do not choose a password that can be easily guessed by someone who knows you or knows where you reside.
  • You can ignore special characters and upper/lower case, if the site will permit you because studies have shown that the length of your password is what slows down a hacker.
  • Feel free to use combinations of words or phrases to get the password length up there.
  • For important web sites (Google, Microsoft, Apple, Facebook, PayPal, banks) use a password over 14 characters long - ideally nearly 20.

Do all of these things and odds are that you will not have an account hacked. Unless we are talking about your Microsoft Live password, of course, because the folks in Redmond love to remind us that their security measures are still a step more ancient than everyone else. This is particularly troubling because most of us use our Microsoft Live password as our login to our Windows desktops and tablets, too.

It is not all storm clouds in the Seattle area. They did recently start offering dual layer authentication, which I highly recommend. One particularly negative part of the process is that I had to wait 6 weeks with limited access to my Microsoft Live account while they made the change. I have no idea why since other companies (ahem - Google) can make this adjustment in seconds. But - I still recommend it, despite the delays.

Even with text verification in place, it is still possible for someone who steals your phone to access your account if they can figure out your password. Until we all start putting RFID chips under our skin, the number one security measure is to use passwords that are at least 14 characters in length. Which is why I continue to be in shock that since Microsoft merged Windows logins with Microsoft Live accounts that they have a secret limit to password size of 16 characters. The information I store in OneDrive is worth my typical 20 character length and so every few months I go back to see if I can increase the size of my password. No such luck.

Password length should be unlimited. If someone wants to use a 500 character password then let them do it - they will have the most secure Microsoft account anywhere. The time it takes to break a password that is 10 characters (meets your requirements) is as little as 40 seconds. If you require at least 14 characters it would take 8 thousand years and 18 characters would require 3 billion years.

Please, Microsoft ... Get this bug fixed. 



19 July 2015

Forwarding address: The Cloud

Should you move your business into the cloud? Only you can truly answer that question but I hope to provide a little perspective on good reasons for and against evaporating the server room.

Let's first clarify what I am defining "the cloud" to be today. The term is used to describe anything connected to the information superhighway and while we could argue the semantics, for this article we will say that "moving to the cloud" means that you will no longer manage some or all of those servers. If done correctly and you successfully eliminate all servers, you could stop cutting checks for network staff and potentially even do away with your chief propeller head so that your business is purely run by those who understand it best.

It is a grand idea and has made the playing field a little more level for small businesses. A shop with less than 50 employees should seriously consider not having any servers in house and avoid the need to hire any purely technology staff. Find an outside consultant to handle workstation, phone and tablet setup and help desk and your business can focus on your core mission. Unless you are in the tech business, you should avoid it and let the experts run that stuff.

If you happen to be one of the fortunate (or unfortunate) souls that is managing a business that is growing (or shrinking) your FTE (full time employee) count by double digits annually, then that is another reason to focus on cloud options. They are quick to scale and you can typically make a quick phone call to increase or decrease you license count.

For everyone else, though, this decision requires a little more thought. It is critical to see beyond the (ahem) cloud created by the hype and acknowledge the disadvantages of server evaporation.

The Cost

Cloud servers and support cost more than keeping them in-house. Companies have a vested interest in moving you off in-house servers because they want to control every part of the process, and when a tech company wants you to move they have a way of fudging the numbers. They will advertise how much you will save because you will not have to buy hardware, operating systems, applications, server space, cooling and tech staff - and their figures will quote the most expensive scenario for each of them to compare against their low monthly cost. They will quote you a per user, per month cost to make it seem like it only costs a few dollars. The more employees you have, the more extra money you will pay for the privilege of not having that hardware.

For just one example, let's pick on the popular hosted Exchange Server. One of the biggest sellers is Rackspace who can get you out of managing that Outlook box for a mere $10 per user per month with discounts for more than 50 employees. Let's assume you have 100 employees and pay only $8 per month. (8 * 12) * 100 = $9,600 a year.

It is good to think of technology investments over their lifespan. While a new server and software could last 7 years today, let's assume you want your tech to be fresh - so let's assume you throw away all tech hardware and software every 3 years. Moving that one server to the cloud is a $28,800 cost.

The cost to putting an Exchange Server 2013 box in-house for 100 users over that three (or four or five or six) year span, assuming you do not have any hardware or software licenses - we will round up and assume zero discounts: Windows Server ($1K), Exchange CAL's ($8K), Exchange Server 2013 ($4K) and the hardware ($5K). So ... Less than 18K. Add another 2K to have a consultant install it for you and your employees and you will easily save one third your money. Again .. The more staff you add and the longer you keep the investment, the more you save.

Performance / Availability

Cloud products put you at the mercy of your internet connection and the reliability of the provider. Even Microsoft has had their entire Office 365 cloud go down before. Amazon is the biggest cloud provider out there and they have outages seemingly every month.

Now, if your internal server infrastructure is regularly having unplanned outages (then sack your tech person) and your internet connection never goes down then you can ignore this word of warning entirely. But most businesses have a server structure that virtually never has any problems and you are almost guaranteed to have an occasional blip when you do not have the box on premises.

Security

Cloud services may be no more likely to keep customer data secure than your internal server. All of the biggest names in the coding company world (Apple, Amazon, Google, Microsoft, Facebook) have been hacked on numerous occasions. This is not because they are doing a poor job at securing the servers - it is because they are huge targets. The bad guys go after what they know and/or whatever will reward them.

If you keep your information on an internal server behind a competent modern firewall then odds are your customer's bits of data are safer than if you had your infrastructure in the cloud. That is because the data is mostly kept just on your network. The advantage of not having the servers in your home is that you can access the data anywhere, but that also means the hackers can access it anywhere. And if you are keeping them on Amazon's servers (for example) then that just happens to be a place they are trying to break into anyway.

That said - security is also a reason to get rid of the servers, too, if you make certain that the provider is responsible for any hack onto their network. Unfortunately, almost all of them will require you sign an agreement that holds them harmless and essentially nullifies any possible security advantage they might have.

Competitive Advantage

When you toss your applications into someone else's hands you have decided to use the technology in the exact same way everyone else has. By managing your own servers, with a tech person or two that understand your business, you can create some custom functions that your competitors do not have. While you may not be in the tech business, everyone in the world uses this stuff and customers often select a business because they are better at it than anyone else. Those internal servers and the custom workflows or custom applications you have created can improve productivity and potentially be a huge selling point. Name it, market it and use it to sell your products and business.

Microsoft Office

My final note is an area where moving to the cloud, or to another product, could save every business: Dump Microsoft Office. This is the software product that brings in most of Microsoft's profits and allows the company to start giving away Windows 10 for free. Using FreeOffice, OpenOffice, WPS Office, Google Docs or LibreOffice could easily save a company 10K per 100 employees every year. The problem is that nearly every person in the universe knows Microsoft Office and abandoning is a difficult pill to swallow. But, if your goal is to save money (OpenOffice) or to fully embrace the cloud (Google Docs) then there are some huge savings that could await by not using this one little Microsoft product. Just be aware that you will be in a very limited crowd if you go down that road.

12 February 2015

America does not fix anything anymore.

There was a day when your fan stopped working or your telephone was crackling when you would hop over to Radio Shack and pick up a new motor, speaker, switch or wire to spark the thing back to life. Parents and kids would spend a weekend building a robot or soldering together an FM transmitter, all thanks to parts from your corner Rat Shack. No more.

There are many reasons why those days are already a distant memory to most of us. Yes, Radio Shack did not adjust their business model to take advantage of their original control of the computer market with the TRS-80 or refresh their focus in the model of a tech superstore like Fry's. They treated customers like idiots and their employees like slave labor, all while trying to become just another cell phone hut. One could rightly conclude that they dug their own final resting place.

Even with all those mistakes, their core business should have been enough to allow a meager subsistence. If Americans were still repairing, fixing and tinkering like we were in the eighties then Radio Shack should be doing fine. There are far more electronic gizmos in our home than ever before, so why is it that Radio Shack cannot eek out enough bucks to keep the lights on?

  • The tinkerers have left the building. Arduino boards are great fun, but the number of Moms and Dads working with their kids to program a cat feces sniffing attachment for their Tickle-Me Elmo doll are few and far between.
  • Repairing a power cord is for people with too much time on their hands. eBay puts replacements only a search and click away, so why spend a couple bucks and an hour fixing something when you can buy a replacement for thirty dollars?
  • Who can open up these gadgets, anyway? Apple makes the guts of an iPhone tougher to get at than the trusted network of Sony Corporation, so why bother potentially breaking a precious Siri portal - or, even worse, a nail?
We live in a "throw-away" society. Cell phones are replaced every two years. TV technology is constantly improving. Laptops get thinner, lighter and with better screens every year. And new iPad's are released often than my magazine subscriptions renew. Surely that is better than having repairable electronics that last as long as possible.

Oh well.

Thank you, Radio Shack, for sustaining that badge of honor for those that liked to build and repair. I suppose when the speaker in my phone peters out I will just buy a new phone now, like everyone else.

01 February 2015

Microsoft will price match software with Google.

Microsoft used to control the software universe with 90%+ of the market, but today it is Google's Android and Apple's iOS that are embedded on nearly every device sold. The founders of the "PC on every desk" movement (how quaint) played the Microsoft Office as a Microsoft-OS only product while putting the name "Windows" on everything with unabashed certainty that the tidal wave of sales would soon flow. Unfortunately, the tide had receded as consumers moved to a new cloud universe where Office and Windows are products that only grandpa and corporate geeks would use.

Fortunately, those corporate geeks discovered that switching away from Microsoft products would be entirely too much work, so they remain the financial backbone of the company. Kids may have stopped buying Windows products and the Xbox battle with Sony may be a break-even (at best) situation, but the leaders in Redmond would simply raise the price of the code that runs businesses to more than make up the difference.

It could be argued that the original release of the (formerly called) "Metro" interface was the most disastrous piece of software Microsoft has ever created. Not because consumers did not want it - that market was already dead. It was poison because it alienated business customers. A forced touchscreen world in a cubicle and server room was a future that only Ballmer could believe in and ultimately gave him the boot. To this day, even Microsoft's most profitable and important product (Microsoft Office) still does not properly support Metro.

Seeing the potential destruction, Redmond released subsequent versions that made Windows 8 look and work more and more like Windows 7. In fact, the product is quite good but the stink surrounding it so bad that, not only are corporations not adopting it, Microsoft had to skip a version number of Windows to be as far from Ballmer's flatulence as possible.

Everything about Windows 10 will be what consumers have demanded since the moment 8 was forced upon the world and it may well be be the greatest version of Windows yet. But is it enough to return to the land of Clippy?

Satya Nadella, the Grand Poohah of the Windows army, has a map to get us back and it is a plan that should sound familiar. When they were losing the next-gen battle to the Apple Macintosh they released a piece of software for dirt cheap that copied the interface. When Netscape Navigator was eating Microsoft's lunch, they gave away Internet Explorer for free. Sony owned the next-gen console world so Microsoft built the highest spec game machine and sold it at a loss. Customers cannot resist something for nothing which is partially the reason for Google's success.

Microsoft will be giving away Windows for free. Anyone who owns Windows 7 or better (a distinction made due to hardware requirements) will get a free upgrade to Windows 10. As home users dig into Google Docs instead of Word and Excel, Microsoft also decided to give away Android, iOS and web-based versions of Microsoft Office. They will match prices with the competition. Welcome to the Land of Free.

Google can give away their products because they make huge bucks on advertising. Apple can give away products (though, they rarely do) because they make huge bucks on hardware. How can Microsoft afford to give away software? Because the business world is picking up the bill. The margin is so high on Windows Server, Exchange Server, SQL Server, Microsoft Office and everything else they sell to the corporate world, that Microsoft can give their greatest products to everyone at home and still swim in money.

The boys (and girl) in Redmond finally have a plan to stay relevant with consumers. Word and Excel on the iPad are lovely. Windows 10 looks beautiful. The price is perfect. It is truly a great day to be a fan of Microsoft. And we have corporations everywhere to thank for it.

20 January 2015

Cheapskates for Windows Phone.

To those of us in the posh developed world, Windows Phone no longer exists. The last time a flagship was released was with Android-equivalent early 2013 specs. When American customers get lost in a Verizon, AT&T or T-Mobile store, the only place they will find a Microsoft Lumia is in the cellular gumball machine at two for a quarter. Yes, Windows Phone is still out there, but they are truly being given away to anyone willing to take them - which is mostly Microsoft employees. So, what happened to the cutting edge Lumia devices of old? Microsoft decided they want to make money and that means selling entry-level merchandise while giving every indication that they have no plans on battling the Apple and Google cutting edge any day soon.

The cell market is long since saturated in the States, Britain and Oz. Heck, your average American hobo is on their third Android smart phone these days. (They have nothing to eat, sure, but - hey - they have a phone.) Android and iOS own these markets, but the so-called "developing" parts of the world are just getting hooked. Microsoft wants to be one of the two systems left standing and knows that Apple is currently not playing the low-end game. The result, they hope, is countries throughout Africa, South America and Asia getting addicted to inexpensive Windows Phone devices.

Since all of their R&D attention is spent on finding ways to mass produce phones as cheap as possible, that has left the high end market to the Nexus 6, Galaxy Note 4 and iPhone 6. Microsoft spent years trying to shoe-horn their product in that market and got nowhere, so this new direction makes a great deal of sense. Or, at least, has the virtue of never having been tried. Why fight the battle long lost when there is a market of customers out there that just wants a portable device with internet access?

Time will tell whether this game plan will turn these markets into long-term Windows Phone customers. Until then, Microsoft will keep hammering away at cheap devices and might even occasionally release a half-decent Lumia for the iPhone crowd, too. But don't hold your breath you highly developed customers. It is pretty low on their priority list right now.

19 January 2015

Televising the national anthem.

A gentleman whom I consider a close friend (and he sometimes to tolerates me) has rightfully pointed out my nitpickobnoxiousness when it comes to following the rules of loving our country during sporting events. I once derided individuals at a football game for putting hand over heart during the national anthem and taking off their hat during America the Beautiful for not being requirements. Not surprisingly, he was correct in telling me that any display of affection and reverence is welcome. (Leave it to an astounding member of our military to put me in my place. Damn him.)

That said, I continue to be struck by the lack of patriotic reverence in the process of televising the games. My point is not to ridicule the great employees generating excellent TV coverage. I merely am asking everyone to follow the same set of rules. No more - no less. We play those impossible for me to sing notes before every game to show the most important element is not a win or loss but our dedication to this country. When we attend a game and the Star Spangled Banner begins, our hat should be off and our eyes planted firmly on the flag. Consider it a moment to ponder the greatness of America, or just to catch your breath to build up energy for a rowdy game. Whichever works.

That level of respect does not fully materialize on television. We see a little bit of the person or people singing the song. A little bit of the fans. A little bit of flag. And, most of all, we get close-up moments of the athletes and coaches - I presume so we can judge our favorite jerseys as being more respectful than their jerseys. Who knows.

This may be great for ratings and exactly what viewers want but I cannot help but find this as disrespectful as someone who decides to leave their hat on or strike up a conversation. The requirements of focusing on the flag and not be distracted by anything but the moment applies to those at home, too, and this undermines the patriotic experience for everyone - not least of which are the people behind the cameras.

I know I am asking a lot, but maybe for the Super Bowl we could just have a shot of the flag during the song so the camera jockeys and other employees could stop what they are doing, stand and face that symbol of our free country? Yes. Silly. How about simply pointing the camera at the individual singing the song and not moving it? There are a million opportunities during the game to see the athletes, coaches and fans. For a couple of minutes before the madness begins, let's ignore all of that and give our full attention to something slightly more important.