Newsletter Archives

  • Ewaste or usable – week 2

    It’s week 2 of my experiment to see if two computers I have are either e-waste or usable.

    So this week I have decided that trying to make either laptop into a usable and supported Chromebook is not going to happen. Now that Chromebook has bought out Cloudready they have a much more specified listing of hardware they will support.

     

    Clearly they want me to buy new hardware. So we will be trying next week with a Linux version.

    Now if you want to buy a new Chromebook this is where they have the advantage over other platforms, they are much cheaper. You can get a decent Chromebook for under US$250 and some even less than that.

    If all you want to do is surf the web and read your email online – the Chromebook is a viable option. It does take a pivot to the cloud as it wants your files up there, and you need to accept the privacy issues and risks of a gmail account log in.  But it will be useable for such tasks as telemedicine.

    Now for those of you that need to support people on Chromebooks, this is where it is vastly different than both Windows and Linux platforms. In the case of Windows and Linux you can install remote access tools and be able to remote into it. You can set it up so that you can remote into it even without someone sitting at the laptop and giving you access.

    Chromebooks, however, all of the tools I’m able to have access to, the person asking for help has to approve your access. And then with some tools you have only view access and cannot control the mouse. Chromebooks have their own remote tool, but it’s not quite as exact as others I’ve used.

    So bottom line these two old laptop will NOT be Chromebooks.  Stay tuned until next week when we see what options we have to install Linux.

  • Master Patch List as of May 10, 2022

    Patches came out yesterday.  The full details will be out in next week’s newsletter but in the meantime I’ve posted up the preliminary recap up on the Master patch listing page. Remember, other than the browsers, I have pause or defer on everything else at this time.

    For those tracking the NPS patching issue on domain controllers:  Microsoft is aware of the issue.  ” FYI we’re aware of the NPS issue. It’s not related to NPS specifically but rather with how we’re distinguishing between different kinds of names in the certificates. Only a subset of folks are affected by this.

    Acknowledgement here

    As always, thank you all for supporting the cause! Remember a mere $1 donation will give you access and if you donate $50 or more you’ll get a special code to enable text messages sent to your phone each time the Master Patch List gets updated and when I change the MS-DEFCON level.

  • Here come the May updates

    First up consumer advice:

    Remember this is the time that your main machine should be in deferral mode. So either defer updates for a later date, choose to be on metered connection, use WUshowhide to choose what updates you want ….but not now… today is wait and see what us testers find out.

    Business patchers:

    • I’m still tracking an issue with Windows Server 2022 and RDgateway brokerage service. I’ll let you know if that’s fixed.  It’s not been fixed. Still occurring.
    • Installation issues – as noted on the BornCity blog should be fixed in the May releases. Note I only saw this in corporate networks so to me it appears to be a build/deployment triggered event.

    Remember — “Windows 10, version 1909, and Windows 10, version 20H2 have reached end of servicing.  As of May 10, 2022, the Home and Pro editions of Windows 10, version 20H2, and all editions of Windows 10, version 1909 have reached end of servicing. The May 2022 security update, released on May 10, is the last update available for these versions. After that date, devices running these editions will no longer receive monthly security and quality updates containing protections from the latest security threats.”

    And now we pop the popcorn and see what today’s releases bring to us:

    from Dustin Childs he says…. “Some really interesting bugs in today’s #Microsoft patch release, incl one under active attack. I’ll have my thoughts out soon. #PatchTuesday

    Stay tuned, I’ll be adding links and comments here as well.

    Consumer comments:

    • Print spooler bugs being patched again, so I’ll be watching for printing bugs
    • The one bug in active attack is more corporate targeted (LDAP) not consumer.
    • .NET is getting patched (IMHO the whole retirement of the older .net versions is still extremely and frustratingly not clear, while .net updates no longer throw off quite the side effects they did before, the communication regarding the support of older .nets and lack of good informative tools to let you know what you have and what you are vulnerable to is frustrating to me. Look for more articles/guidance on this in the future)
    • Windows 11 is having issues with applications that want .NET 3.5.  Looks like Microsoft is handling this with a “known issue rollback”.  If you have 11 look in the comments link for more reports.

    Business comments:

    • If you still patch on premises Exchange there are updates out this month.
    • The “in the wild” vulnerability where we are patching PetitPotam again (CVE-2022-26925) is triggering some side effects with patches.  You may want to keep an eye out for NPS policies side effects
  • (USA Centric) Want a discount on your Internet?

    Heard this on the drive home on the radio.

    www.getinternet.gov

    or call 877-384-2575

    They just announced the Affordable Connectivity Program (ACP), which provides eligible households $30 per month off their internet bills. If you qualify you will receive a discount.  If you are unsure, reach out to your Internet Service Provider and look for their ACP program.  While this is for low income families, seniors on fixed incomes may also qualify as well.

    You may want to check out this list as well.

    We have another problem in the Central California area – that of decent speed for those that are in the more rural or farming areas. Unwired Broadband is one of the few companies in this area that specialize in rural customer.  There has been many a time that I’ve tried to remote into a computer of someone on rural internet and it feels like dial up.

    So what’s your speed and what’s your costs?

     

  • Is firmware patching important?

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    Firmware patching has always been fraught with concern.

    Until very recently, applying firmware updates often meant launching the update process from a DOS prompt. You often received warnings that if your computer lost power during the process, your machine might be bricked. This is such a daunting thought that, for servers, I would often update the firmware when I initially installed the server and never touch it again.

    But firmware is nothing more than software, and — like every other kind of software these days — attackers find vulnerabilities in firmware. Recently, researchers found security issues in Lenovo consumer notebook firmware.

    Read the full story in our Plus Newsletter (19.19.0, 2022-05-09).

  • Ewaste or usable?

    I have two old laptops that over the next few weekends I’m going to attempt to see what options I have to make them usable.

    Laptop number 1 was built for Vista and is now running Windows 7 (barely). Laptop number 2 was sold as a Chromebook but the version is now out of date and it’s unsupported. It’s no longer usable for it’s most recent use – that of tele-medicine for someone who used it recently. She’s since bought a new chromebook that is supported.

    But before I add these two laptops to the ewaste heap – I’m going to see what I can do to make them USABLE and SUPPORTED.  Meaning that it’s a functional machine and doesn’t mandate that I take a coffee break for 20 minutes as it boots up and it has to still get patches.

    What’s my goal? Well first they are no longer usable as Windows devices. These days you need 16 gigs (at least) and a SSD drive to be usable for Windows 10.  Clearly they cannot support Windows 11 as they have no TPM chip.  I don’t expect these two devices to be beefy workstations, rather merely web browsing and email only.

    I was going to try to initially move these to a supported Chrome OS like Cloud Ready but recently they got bought out by Google.  Along the way I’ll discuss the issues I hit.

    So my first bit of a roadblock is the fact that Cloud Ready has gone more “corporate” and now has certified models that they recommend.  I purchased the Acer C710-2834 from Amazon back in 2013 .  It has a 16 gig hard drive, Intel Celeron Processor 1007U 1.5GHz (2MB L3 Cache)  2 GB DDR3 RAM

    In poking around the web site, it’s definitely not supported, and was not considered a good candidate three years ago.  But I’m going to press on and just see if this is doable.  First I’ll follow these instructions to make a bootable flash drive, I’ll report next weekend on my progress!

  • Today is “What drives me insane about passwords” day

    May 5th was World password day. A day that Microsoft wanted us to ditch our passwords completely and move to authentication apps, fido keys and other tools to move us away from passwords.

    But I’d argue that all of these solutions haven’t addressed that there are times I need to have access to someone else’s account for purposes of administration, management, use case that is not being addressed well at all.

    My girlfriend and I recently discussed this issue. She is currently doing what she calls “case management” for a relative. Where she must manage the doctor’s appointments, assist with the bank accounts, help out with log ins for another person, someone who is remote to her and not local. Often she doesn’t want to have rights to the actual account or the bank account, but merely view rights.  She wants to be able to manage – but not BE the person when it comes to log ins. And often she finds this so frustrating that businesses from banks to medical offices can’t handle this secondary log in possibility.

    Then there is the issue of multi-user two factor. I’ve seen this often with Managed service providers and even in my industry. Often there is an invite sent to a specific person. But that person may not be doing the actual work of the project. So you end up sharing out the credentials which totally loses accountability.  These vendors need to not charge per user, but understand that sometimes in firms we assign someone else to do the actual work.

    Or let’s take the case I often see in small businesses – two people work in the business, the access is tied to the one person’s phone – but another person in the office is actually working on it. So you have to get the code that was sent to the other person’s phone in order to get into the thing.

    Now let’s take the hassle of migration and backing up two factor applications. Case in point: Microsoft authenticator application.

    “Before you can back up your credentials, you must have:

    A bit of a pain in the rear.

    Google authenticator appears to me to be easier – you can actually go into the app and export out the app. So you can place it on a backup device such as an Android tablet or iPad.

    But all of these claims about how passwordless is going to make things easier, no it’s going to make things different is all. Mind you, making sure your password is long, strong and written down either in a password application or literally WRITE THEM DOWN on a piece of paper that you then keep safe.

    But bottom line, on this day AFTER password day. I do want you to do better on passwords, too often we use really lousy ones. But I also want our vendors to realize that THEY need to do better as well.

  • MS-DEFCON 2: 2004 is out of support

    alert banner

    ISSUE 19.18.1 • 2022-05-05
    MS-DEFCON 2

    By Susan Bradley

    Check your Windows version, then update accordingly.

    I regularly come across PCs that are running old, out-of-support versions of Windows because they aren’t on the Web long enough to be “serviced” by Windows Update. For example, there are two Surface laptops in my office that are used by people on cellular connections. As a result of sporadic use, they never get a feature update.

    Just the other day, I realized they were running Windows 10 2004 and thus no longer were getting security updates, a serious matter.

    Anyone can read the full MS-DEFCON Alert (19.18.1, 2022-05-05).

  • Things that annoy me – Windows 11 edition

    You can tell that Microsoft is starting to react to some of the feedback on Windows 11, well at least their Enterprise customers.  In the Insider release comes new group policies:

    What’s new in Build 22610
    Additional new MDM and group policies for IT administrators
    We are introducing new policies so that IT administrators can simplify their Windows 11 experience across Start, taskbar, and the system tray. The following policies are available today:

    Disable Quick Settings flyout
    Disable Notification Center and calendar flyouts
    Disable all taskbar settings
    Disable search (across Start & taskbar)
    Hide Task View from taskbar
    Block customization of ‘Pinned’ in Start
    Hide ‘Recommended’ in Start
    Disable Start context menus
    Hide ‘All apps’ in Start
    To configure these new group policies locally, open the group policy editor and navigate to User Configuration > Administrative Templates > Start Menu and Taskbar. You can also deploy these policies via Microsoft Endpoint Manager as well.

    Let me know if you want any of these options in registry keys?  As typically if you can do it via group policy, you can also do it via a registry key in Home versions.

    You know what slows me down in Windows 11 the most?  The Cut and paste function in the File explorer.  It’s now hidden in the “show more options” section of the right mouse click

    Once you click on “show more options” then you see copy and paste.  Now yes, I can do control C and Control V, but that typically means I have to move my fingers off my mouse and over to the keyboard.

  • Today’s edition of things that annoy me

    Today’s edition of things that annoy me in Microsoftland:

    1. Whom did you get your feedback from?

    Peter Deegan writes on Microsoft’s latest huh move. In a recent post to their alerts, they indicate that they are going to move people from the semi-annual enterprise channel to the monthly channel because people in the monthly channel “Customers on a monthly feature update cadence, such as those on Monthly Enterprise Channel, have reported higher satisfaction than those receiving semi-annual feature updates.”  I don’t know about you but I hardly ever click on Office smiley face feedback so exactly whom did you speak to?  Note this does not impact consumer 365 subscribers, just business subscribers.

    2. The dribble changes

    Microsoft announces changes in their platform but then doesn’t push things out right away. So weeks go by and suddenly things change for some – but not all – of your computers and you have to figure out what change occurred. If you suddenly see your search results change, remember I wrote about this a bit back.

    Right-click the Windows taskbar, select Search from the popup menu, and then click Show search highlights.

    I prefer the second option, setting a Registry key because options set like this in the Registry tend to stick — further updates to this “feature” should not turn them back on. To block the external content, add the key Windows Search, add another dword key called EnableDynamicContentInWSB, and set it to 0. This is represented by the following:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\EnableDynamicContentInWSB=0

    To make it easier for you, I’ve coded up an easily installable registry key to place the block in your system. To install the block, merely click here and then click on Open file in your browser’s download dialog. Click to run the program, and then click yes to install the registry key.

    Bottom line, every day there’s something new to be aware of.  We try to keep you informed!

  • MS-DEFCON 4: Protect yourself with patches

    alert banner

    ISSUE 19.17.1 • 2022-04-26

    MS-DEFCON 4

    By Susan Bradley

    I’ve been holding my breath.

    For the past few weeks, I’ve been watching for attacks that researchers indicated would be coming due to a vulnerability in all versions of Windows. All I’m seeing so far are theoretical attacks, not actual attacks.

    CVE-2022-26809, the headline vulnerability of the April updates that impacts Windows 7 through Windows 10 — as well as Windows Server versions — sounded like it had the potential of being a worm inside a network. Microsoft complicated the matter when it first indicated that this vulnerability was triggered by SMB file sharing. Then it clarified that the original researcher had provided a proof of concept that used SMB file sharing, but that additional methodologies could be used in attacks.

    Anyone can read the full MS-DEFCON Alert (19.17.1, 2022-04-26).

  • Gearing up for cyberwar

    ON SECURITY

    Susan Bradley

    By Susan Bradley

    Once upon a time, I used to publish maps showing the location of each water pump in the city where I live.

    Fresno residents rely on the underground water supply and pump much of the drinking water from various wells throughout the city. And then Fresno — like every other city — realized that publishing information about critically important infrastructure items, such as drinking water, probably wasn’t wise. That was especially driven home after 9/11; governments realized that they were handing over helpful data to those who might use it to attack us.

    Read the full story in our Plus Newsletter (19.17.0, 2022-04-25).