News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

ISSUE 17.27.0 • 2020-07-13

Logo
The AskWoody PLUS Newsletter

In this issue

DIVERSITY: Unconscious bias and hiring

ON SECURITY: Patching printers

LANGALIST: ‘Moving house is great fun,’ said no one ever

FREE SOFTWARE: Freeware Spotlight — Jarte Plus


Diversity

Unconscious bias and hiring

Amy Babinchak

By Amy Babinchak

One effect of the protests that followed the death of George Floyd is that the term “unconscious bias” is now pasted into the consciousness of most people.

This includes your clients. Last week, a client called me out after I used the terms “whitelist” and “blacklist” in a blog post about changes to email quarantine that we were rolling out.

My use of those terms was in no way racially motivated, yet she was right to draw my attention to it. It’s one of many cases where white is used to represent good, and black is bad. We don’t mean it in a racial sense when we use those terms, but that’s where the unconscious part of unconscious bias comes in.

And there are alternatives. For years, Microsoft has called these “allow” and “block” lists. Now I do, too, and I thanked my client for making me more conscious. I also informed my staff that we’re changing our language.

But what I really want to talk about is how bias affects hiring. I served on the CompTIA Advancing Women in Technology board for four years, and during that time, I was awakened to the bias that causes women to not apply for job openings, to be passed over for interviews, and to leave IT for some other career.

It also changed the way I advertise and hire. If you asked me, I would tell you I don’t have a bias against women in the technology industry. After all, I am a female, a technical person, and the owner of the company. Clearly, I would hire a woman if I found one to hire. On top of that, our company generally represents our area well from a diversity perspective in matters of race, religion, and sexual orientation. We’ve even celebrated two newly minted citizens during their tenure with us!

Today, we have a seven-person firm (four women and three men). But sadly, it’s the first time we’ve had more than two women on staff. In our last round of interviews, we hired two women after interviewing many more. So, what changed? We got less biased — or maybe I should say, “I got less biased,” since I’m the person that writes the ads and selects whom we are going to interview.

Shifting emphasis in job advertising

Here’s my newly worded ad:

Harbor Computer Services is an award-winning small IT firm with a focus on small and medium businesses. Our clients expect a high level of customer service and guidance for their business. They are fast, modern and value their technology highly. We look for staff that is self-motivated and with a desire to take ownership and responsibility for the client’s businesses they serve.

We specialize in being the IT department for small businesses. Our clients range from 2 – 100 users. Some have multiple locations. Some are fully in the cloud. As the IT department we are responsible for leading the technical direction at the company. Our clients look to us to guide them in making technology decisions that will help them best the competition and reach their corporate goals. This job requires a wide variety of skills and every day you will learn something new. You must be mature enough to set your own schedule and take responsibility for these networks as if those businesses are your own.

Responsibilities and Duties

You will perform the work of an IT administrator and helpdesk with an additional focus on Microsoft 365. The successful candidate will have a deep technical knowledge but will also be a people person that enjoys working with the end user. In Microsoft 365 you will take on tasks that include security, migration, compliance, user add/removes, end-user application training, business process modification and Azure integration. You should know all of the applications included in the enterprise plans.

You will be assigned a number of clients where you will perform standard IT administrator and helpdesk tasks. Every day you will have to apply your existing knowledge to new challenges.

You will work from home, from client locations and from our main office. We regularly train together as a group on Tuesday evenings until 7 pm. So you must be available on that evening twice a month. Otherwise the daily schedule is 8:30 – 5:30 pm with occasional out of band worked as required by the individual project or task.

  • Microsoft 365 experience in depth
  • 5+ years IT experience with evidence of interest in cloud technologies
  • Broad range of general IT experience
  • Shows an interest in current and future technology
  • Windows 10 experience
  • HelpDesk
  • Pluses include: certifications, server 2016, Azure, Microsoft 365, Microsoft cloud phone system and previous work in a consulting firm
Benefits List and Eligibility Policy
  • Employee Health Insurance
  • Employee Health Savings Account
  • Vacation
  • Personal and Sick Days
  • Employee Retirement Plan
  • Spouse and Dependent Children Health Insurance
  • Spouse and Dependent Children Health Savings Account
  • Expense Reimbursement
  • Mileage Allocation
  • Additional Time Off
  • Holidays
  • Purchase Discounts

Note that I didn’t alter what I want in a new hire. I only changed the way that I conveyed that information. I want passionate technical people that are nice and care about clients.

I emphasize what it is like to work here and what we look for in staff. Repeatedly during interviews, women — more than men — have asked questions about the culture of the company and what would constitute success. It never sank in for me that they really wanted to know what it was like to work here before committing — or even before applying. Some women will apply for jobs without that information, get the interview, and then ask those important questions. But most women don’t even apply if they can’t get a sense of who you are from the advertisement.

Reading a woman’s résumé

Is there such a thing as a woman’s résumé? I hate to say this, but there is. During my tenure at CompTIA, I proposed and organized a résumé review event that AT&T later took up for its internal applicants. The point of the résumé review was to help women showcase what they know using positive words, and fewer words, in an organized way.

Men’s résumés tend to be heavy on the list of things that they have touched in technology, leaving nothing out. They often have categories for languages, operating systems, applications, networking equipment — the list can take up half of the page. What men tend not to tell you on their résumés is who they are as a person. Women, on the other hand, hardly ever claim to know anything. On paper, they look unqualified.

To fix this problem, I realized that I couldn’t rely on the résumé to tell me who might be qualified. I knew to look at the men’s résumés as being mostly bluster and fluff, but looking at the women’s résumés in the same way would result in there being nothing left.

So we decided to interview every woman that applied and appeared to be even vaguely qualified. We were pleasantly surprised to find out that often that a candidate had a lot more technical depth than the résumé claimed. This changed everything about how we read résumés, and we ended up with a much better candidate pool at the end of the first round of interviews.

The result is that, for the first time, we have more women in our company than men. It was hard work. We had to ferret out bias, both ours and the applicants’. It was all worth it, though. We now have the best staff that we’ve ever had.

If you’re having difficulty finding women to hire, I hope you’ll see that fundamental changes to your approach could be needed to overcome the biases that we all carry.

Questions or comments? Feedback on this article is also always welcome in the AskWoody Lounge!

Amy Babinchak is the owner of three IT-related businesses: Harbor Computer Services, Third Tier, and Sell My MSP. She has been working in the IT field with small and medium businesses for more than 20 years. She’s also a Microsoft MVP and has received numerous leadership awards.


ON SECURITY

Patching printers

Susan BradleyBy Susan Bradley

The June bugs in Windows 10 that broke the connections to all of my PCL 5 printers reminded me that there are several ways that printers need updating.

The days when we could install a printer and never worry about it again are over.

If you haven’t updated your printer lately, the first thing to review its printer driver. The older the printer, the more likely you will need something like a universal PCL 6 driver in order to have it work with Windows 10.

Last and certainly not least, even in a home setting, I often have very good luck by setting up the printer on the wireless or wired network to determine the IP address assigned to the printer. On the computer, I go to Add a printer and Add a printer via TCP/IP settings and enter the IP address of the printer. A printer on a typical home network will be within the IP address range of 192.268.1.2 through 192.168.1.254. To determine the exact IP address that the printer has been assigned, you can go to the printer configuration page and print out the report. Typically, somewhere in the recap is a listing of the IP address that the printer is using.

But drivers are not the only thing that you need to be aware of when it comes to printers. I also check whether the printer itself needs updating. Inside printers is firmware or software that provides the printer with the instructions to do its job. Traditionally, printers were updated through a very cumbersome process of firmware updating. Older printers could be updated only directly from the computer they were attached to. So if your printer was connected via parallel port, you had to go to the computer it was connected to and use the firmware updating process recommended by the vendor. (See Figure 1.)

Firmware updateFigure 1. Printer firmware updates shouldn’t be ignored.

For printers that are set up via a TCP/IP address, you usually can go to the internal Web server on the printer to find the firmware updating process.

This brings up another interesting issue that faces printers these days: they often have embedded Web servers that are Linux- or Apache-based and, if they miss updates, can introduce vulnerabilities into a network. Printers with such a Web-application interface often come up as a printer application. In Settings, printers and scanners, check whether your printer offers up a printer application. In the bottom corner of the application, the printer will indicate whether it has a Web server (Figure 2).

Web serverFigure 2. My printer tells me it has a Web server.

Clicking on the IP address listed will launch a browser. The settings section of the printer’s Web server contains the location where you can then upload and update firmware. (Note that in my office I’m using a different IP address range, of 10.0.0.1 to 10.0.0.254. The IP address you see may be different depending on what your router hands out to your printer.)

To obtain the firmware update, you must visit the vendor’s website and compare the printer firmware version offered there to the one on your printer. If your printer is old, it’s going to be time to update the firmware. Download the file to your computer and then use the firmware-settings location in the embedded Web server of the printer to upload the printer firmware file. After it installs, your printer will reboot.

I have a newer HP printer that does away with the cumbersome process of firmware updating and just prompts me on the screen when an update is ready to be installed (Figure 3).

Printer app notificationFigure 3. Printers may have their own printer app as well as the native Windows management.

However, this is not without potential issues. Just last month, this multifunction device (it does faxing and scanning as well as printing) started downloading an update, keeping the phone line open the whole time. For the next hour, I couldn’t figure out why I had no dial tone on my phone. I was about to call the phone company when I remembered that the printer also had a phone line, and I turned the power off. Immediately, the dial tone returned.

So why do printers need updating, anyway? Shouldn’t they just work? Well, not always. Often, especially for networked printers with embedded Web servers, firmware and updates fix vulnerabilities. For many years, attackers have gone after network printers as entry points into a network. In office settings, you need to make sure your printer/copier vendor properly handles the old hard drive if it’s replaced. Often, the hard drive on the device has leftover files, images, and sensitive data from your network. Your vendor should properly wipe and clear out that data for you.

UC Berkeley’s Information Security Office offers this handy guidance: Don’t open up printing to remote printing, do change the default password on the Web interface of a printer, and do review whether you can set a Web-interface password.

And, of course, make sure bugs get fixed. That is usually going to mean updating the firmware, not the drivers.

So if you haven’t reviewed whether your printer is up to date, check your vendor site. You may find that the printer is woefully out of date and needs updating. Especially in a company office, printers can often be an entry point into a network. In a home office, updates can be needed to get your printer to work properly.

Questions or comments? Feedback on this article is also always welcome in the AskWoody Lounge!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.


LangaList

‘Moving house is great fun,’ said no one ever

Fred LangaBy Fred Langa

The Langas’ home and office relocation hits some snags, including fatal damage to 5TB of backup files.

But after some detours involving both high and low tech, things are finally getting back to normal.

Testing, testing … is this thing on? Aha, it is!

We’re still stepping over piles of boxes and packing material and waiting for some new furniture to arrive, but the worst of our home-and-office relocation seems to be over. (See “Tech insights from relocating home and office,” AskWoody Plus 2020-07-06.)

Moving mishaps are inevitable, but I didn’t expect this: the destruction of my 5TB, daily-use, primary backup drive — a three-year-old, spinning-platter, external Seagate unit that was stuffed to the gills with incremental backups, my Win10 File History files, my software archive, and gigs and gigs of family photos.

When I plugged in the drive after the move, my PC couldn’t even detect that the drive was connected. After lots of fiddling — placing the drive in various abnormal physical orientations (upside down, on end, etc.) and using dozens of power cycles and data reconnections — I was able to get it spun up and tenuously communicating with the PC. But then Windows announced, “You need to format the disk before use.” Yikes!

I don’t know what happened to it. I’d packed all my HDDs in foam and bubble wrap in a box labeled “Fragile — Electronics!” on all six surfaces. But somehow, something very bad had befallen that disk anyway.

Oddly, several 15-year-old (!) naked HDDs packed the same way in the same box came through just fine (see Figure 1); I use those truly ancient drives for long-term archival storage and had refreshed their contents just prior to the move. (For info on those drives and how I use them, see this Langa.Com article.)

Still spinningFigure 1. Four of my 15-year-old archival HDDs survived the move just fine.

But my much newer, daily-use, external drive was now defunct.

I wasn’t too worried — all my important data is backed up at least three ways, in a mix of live-local, cloud-based, and long-term archival storage. In theory, I could lose any one (or even two!) forms of backup without actually losing data.

But now I had several new, high-priority, moving-related tasks that I hadn’t planned for: getting a new drive, restoring my files to it, and then ensuring that the data on the old drive was unrecoverable, prior to disposing of the drive.

Getting the new drive was the easiest part. A two-day order later, and I had my replacement drive in hand. Figure 2 shows the old and new drives side by side. My old 5TB, USB 3.0 drive, on the left, cost about U.S. $100 when new, is based on a full-height 5.25″ platter mechanism, and requires its own separate 12v wall-wart power supply in addition to the 5v USB power.

Old vs new
Figure 2. Old (left) and new (right) 5TB USB 3.0 drives.

My new 5TB, USB 3.0 model, on the right, also cost about $100, but it’s tiny in comparison, is based on 2.5″ platters, is only about a third of the height of the old model, and is powered solely via its USB connection. Thus, the new drive saves desk space and outlet space, and a little energy, too — nice!

I then repopulated the new drive with files from my other backups; and set it up to work with both Win10’s File History. (See Microsoft info) and my daily backup tool (Macrium Reflect.)

Once I was sure I wouldn’t need to try to recover anything from the malfunctioning drive, I began to prepare it for disposal by rendering its data totally unrecoverable. I started with some standard software-based disk-sanitizing methods, hoping the damaged drive would allow them to run to completion.

After another round of futzing with cables, connections, and physical orientations, I again got the old drive running — sort of. I didn’t know how long access would last, so as soon as Windows could see the drive, I immediately tried to foil the simplest forms of data recovery: I reformatted the drive several times in succession, using a mix of NTFS and exFAT formats, both with nonstandard values for the allocation units.

This by no means made the drive secure — almost all the original data was still there, untouched — but the nonstandard formats would somewhat obfuscate the original sector’s start and stop points, forcing any potential recovery attempt to slog through the data byte by byte — a daunting and laborious process on a 5TB disk. But let me stress again: The nonstandard reformats are very, very weak protection at best; I tried them only because they’re relatively quick and I didn’t know how long the dying disk would last.

But I caught a break: after the reformats, the disk was still connected and spinning, so I crossed my fingers and tried to perform a true data wipe, overwriting the entire surface of the drive with 1s, 0s, or a random combination. A good data wipe makes future data recovery virtually impossible.

I knew the wipe would be slow going — overwriting 5TB of data on a classic HDD, via USB, could easily take more than a full day. Would Windows’ tenuous connection to my malfunctioning drive last that long? I had no way of knowing.

I tried two different “fast wipe” tools, but both failed after several hours. I don’t know why — with a flaky drive in the mix, meaningful troubleshooting was impossible.

So I then opened an admin-level command window and typed in Windows’ tried-and-true format-with-overwrite command:

format [drive:] /p:[number]

The /p stands for overwrite passes, and the [number] is how many passes you want the software to perform. One pass is usually sufficient for consumer-grade wiping, but multiple passes are better with especially sensitive data. (More format info, from Microsoft.)

My malfunctioning drive was currently designated I: in my system, so I used the command format i: /p:1 (see Figure 3) to try to get at least one full overwrite pass done before the drive died for good.

Window's format command
Figure 3. Window’s built-in format command offers a /p overwrite option.

By some miracle, the jury-rigged drive remained spinning for the 30-something hours it took the overwrite/format to finish. But it wasn’t an entirely happy ending, as Figure 4 shows: due to the drive’s damage, the overwrite was incomplete, and the reformat ultimately failed. Sigh.

Format-with-overwrite failed
Figure 4. After more than a full day, the format-with-overwrite ultimately failed.

Hmm. Now what? The drive was probably mostly wiped, and the multiple nonstandard reformats would help to at least partially obscure anything that was left. But there was no way to be sure — and no way to trust what the damaged drive was reporting anyway!

It was time to go old school.

I set down some scrap wood to protect my office floor (Figure 5) and drilled several large holes completely through the old drive — through the outer and inner cases, through the platters, through the electronics, through everything in the way of the drill bit — until the bit popped out the other side (Figure 6).

Drill, we must
Figure 5. I have to admit this was a bit of perverse fun.

Destruction by perforation
Figure 6. With a nonstandard, incomplete format, mostly overwritten, and physically perforated, this drive’s data isn’t coming back.

For good measure, I used a sturdy screwdriver to mess up the drive’s USB and power sockets, ensuring that the drive’s data and power cables would no longer fit.

And with that, I put the old drive into the electronics recycling bin, confident that no meaningful data would ever be recovered from it.

Once that was done, I turned my attention to the next move-related glitch — erratic, unpredictably slow local networking.

I’ll have more on that in the next column.

Whee! Moving is such fun. (Not!)

Send your questions and topic suggestions to Fred at fred@askwoody.com. Feedback on this article is always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all of Fred’s current projects.


FREE SOFTWARE

Freeware Spotlight — Jarte Plus

Deanna McElveen

By Deanna McElveen

Word processor request

requirements

More requirements

envelopes

No ribbon

Features

Suggestions

Go to our website and a grab a copy of Jarte Plus, from Carolina Road Software.

You will love it!

Happy computing!

Questions or comments? Feedback for this article is always welcome in the AskWoody Lounge!

Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.


Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your subscription:


Copyright © 2020 AskWoody LLC, All rights reserved.