Monthly Retrospective: May 2024

May’s update was late, and June’s is in danger of rolling into July, so here’s a few highlights from my life in and around tech…

At work

On the work front, it was a short month – I was on holiday for the last week and with public holidays too there was lots to cram into a few short weeks. Nevertheless, I still managed to:

  • Continue to develop Node4’s new ransomware scanning service.
  • Finalise a dozen product data sheets for our public cloud services.
  • Submit some blog posts to our marketing team to support upcoming campaigns.
  • Keep pushing some pre-sales activities forwards.
  • And mine and Bjoern Hirtenjohann (/in/BjoernHirtenjohann)’s internal Node4 podcast on public cloud was released:

But the biggest activity in the month was presenting at Node4’s Infrastructure Symposium. One of our Practice Directors brought all his teams together to learn about the products and services that we jointly deliver. With four (or five, depending on how you look at it) companies all merged, there’s been a lot of change at Node4 over the last year or so. Getting everyone together is a great way to break down boundaries and understand the direction we’re headed in. And for me it was a chance to outline that our cloud offers span public, private and hybrid delivery models – and that we will deliver what’s right for the client, not for us. We call this Pragmatic Cloud (and I freely admit we didn’t come up with the term, but it I like it a lot).

I also celebrated my 9 year anniversary of joining risual/Node4 in May. And, for those who were confused by my comments last month, I was saying that my recent move has been overwhelmingly positive and I’m in a better place than I have been for a long while!

Elsewhere

Away from work…

  • My youngest son, Ben, passed his driving test. I was ready for a big insurance bill, but what I wasn’t ready for was: a) no decrease on the bill for the 19 year-old’s insurance (now with 2 years’ experience); and b) a 350% increase in premiums between him passing his test 2 years ago and the 17 year-old passing now. Even with a black box, parents as named drivers, etc. the car insurance bill for the two old cars that our family share with the teenagers was around £4500. For contrast, the bill for my Volvo (with just me and Mrs W as drivers) actually fell and is now back under £500. Public transport is just not reliable enough where we live, so the choices are: a) drive the teenagers everywhere; or b) pay the money. I’m still getting over this assault on our savings… some families just won’t have that money and I dread to think how many uninsured cars there are on the road as a consequence.
  • My eldest son, Matt, continues to race his bike up and down the country. After a catastrophic failure of the fork steerer tube, his Canyon road bike was hastily replaced. That meant a drive to Wakefield to collect the new bike, but it is rather lovely. I don’t get to all his races these days but I did manage to watch him in Ixworth and I was in the team car again for the Lincoln GP. Unfortunately, when he went to Ireland to race the Rás Tailteann I had to make do with watching for updates on Twitter!
  • Ben and I have been planning our Interrail trip – and now we have bought our passes along with inbound/outbound travel. Plus, we’re going to be taking the NightJet sleeper train from Berlin to Vienna! There were a few challenges with seat availability (things have changed since last time I went – we can use high speed rail, but there’s limited availability and we need to pay a supplement). This is more of a problem when dates are fixed so we had to change our route a little. On the flip side, with the start and end locked in, the middle section of the holiday is now free for us to be flexible.
  • I completed the home network upgrade. Was the switch from AmpliFi to UniFi worth it? Time will tell. It’s certainly more flexible but it’s cost me more and my house does not lend itself to structured cable runs. Maybe I should have just replaced the broken AmpliFi mesh point but it felt like I could fall into the trap of the sunk cost fallacy.
  • On the home automation front:
    • Octopus Energy sent us a Home Mini, which should give more granular data on electricity consumption, once I get the Home Assistant configuration right (I’m still tweaking).
    • I’ve also continued to play around with Home Assistant, including a bed occupancy sensor (which I can link to turning off the lights). I will admit that’s probably a step too far into nerd territory.
  • The month ended with a short break in Spain. Originally scheduled for May 2021, we never did get to go on a family holiday to Barcelona and the Costa Brava, though Matt made it out there on a training trip to Girona earlier this year. So, half the holiday, with only one of the “children” (though he is now twice the size!), Nikki, Ben and I spent a glorious few days in an around Begur.

Writing

These retrospectives are a bit of a blogging catch-all, but I did write a post on LinkedIn that turned into a blog in its own right. You can read it at the link below:

Photographing

Bits and pieces

  • 300m short of 200km!
  • Choose your PIN wisely:
  • Commentary on technical debt and the British Library’s ransomware attack woes:
  • Who doesn’t love a bit of Top Gun?
  • Thoughts on location tracking for family members:
  • Why it’s better to find a real application compatibility fix instead of just giving users admin access:
  • And why encrypted messaging is difficult:
  • Finally, shipping sunlight for green energy. Not as bonkers as it sounds!

Featured image: author’s own

Monthly Retrospective: March 2024

I managed the weeknotes for 9 weeks. The last one was posted as I was sitting on a plane, about to take off for a long weekend away with my wife. And then I started to take stock. I don’t have time for them. What had been a weekly reflective activity had become a chore.

And then the unwritten thoughts started to build in my mind. There were still things that I wanted to share. And the feedback had been positive, though the weekly cadence was probably too much.

So here we are. A new concept: Monthly Retrospective; 12 posts a year instead of 52. Maybe a better chance of me getting it out of the door on time too? I don’t promise it will be published exactly on the end of each month (I’m a week into April as I finish this post), but it will be there or thereabouts…

So what’s up this month?

Here’s a quick summary of what’s in the rest of the post

  • We have the tech – both at work and at home. Plus a few of the many interesting things I’ve spotted on my Internet travels (I still post most of them on X, and a more professionally curated set of posts on LinkedIn).
  • We have the events – typically evenings, attended to expand my knowledge.
  • We have the entertainment – music, film, TV.
  • We have life – family and friends.
  • And we have the photos – snapshots of life viewed through my iPhone.

So let’s get started…

In tech: at work

I’m busy, busy as always at work, with more organisational changes to keep me on my toes. One thing I’ve tended to avoid in recent years is working on bids. This is partly because I find there’s invariably a slow start and a mad rush to complete before the deadline, and partly because I prefer to work on a consulting-led sell where I have helped to shape the solution. In a competitive tender scenario someone else has influenced the client, so you’re already on the back foot, second-guessing what the client needs cf. what the invitation to tender says they want. In this case, one of my colleagues asked me to help out, and we have a few weeks to create our solution. It’s also a really interesting project so I’m enjoying pulling this solution together.

Meanwhile, the ransomware service is also moving forwards, though not as fast as I would like (or, more to the point, as fast as my boss would like). All being well, I’ll have something to shout about in next month’s retrospective.

In tech: at home

I’m still playing around with Meshtastic, with one node travelling mobile with me and another soon to be set up at home. Here’s the thread with the progress:

In addition to the excellent Meshtastic website, Andy Kirby’s YouTube channel has tons of information.

Other home projects include researching which CCTV cameras to put up (almost certainly from Reolink) and how to get an Ethernet cable to them…

In tech: some of the things I stumbled across this month

Some bits and pieces:

  • Advice to help build genAI prompts:
  • One of the many issues with QR codes:
  • Remembering some security advice I used last year:
  • One of my favourite design projects:

In events

March saw me getting out to a few tech events in the evenings

  • Milton Keynes Geek Night (MKGN) is always a good night out. In truth, it’s not really geeky these days – more creative – but I enjoy most of the talks and after a dozen years of attendance, I know a lot of the people in the crowd. This was the thread I created with the highlights from MKGN number 47:
  • A few days later, I headed down to London for the Windows Azure User Group Meetup. Unfortunately, I couldn’t use Node4’s London office, so I worked from the British Library and other locations for most of the day, before heading over to Elastacloud for the event in the evening. After Richard Conway (in/richardelastacloud) introduced the evening, Steph Locke (@TheStephLocke) from Microsoft talked about AI Landing Zones before Andy Cross (in/crossandy) gave a hilarious demonstration of how the death of coding is a little way off yet, even with multiple AI agents collaborating…
  • Towards the end of the month, I went to the inaugural NN1 Dev Club event, mostly to see what it’s about. I’m not a developer (though I might like to be…) and it seemed a good opportunity to get to know some of the tech folks in another nearby town. I enjoyed the talks – both PJ Evans (@MrPJEvans)’ tales of home automation (“Boiling Nemo”) and Dr Junade Ali (/in/junade)’s tales from the world of security research (“The Science of Software Engineering”) – so I’m sure I’ll be back for more events in future.

In entertainment

Cover image for The Silver Sword by Ian Serraillier

When I was about 8 or 9, I read a book at school. I couldn’t remember much about it, except that it was about some children travelling across Europe, it was set in WW2, Warsaw was a part of it, and I really enjoyed it. I asked a group of friends if they remembered something like this and one asked ChatGPT. ChatGPT thought it might be The Silver Sword, by Ian Serraillier. I read the synopsis and that was it! Why I never thought to ask an AI, I have no idea, but it worked. I then had a very enjoyable few hours in the car listening to the audio book…

On the subject of books, some more reading has arrived:

This month’s TV has been about:

  • Explosive action (deliberate pun) Trigger Point, S2 (ITV).
  • Laid back and delightfully silly Detectorists, S2 (Netflix).
  • Stunning landscapes mixed with murder mystery Shetland, S8 (BBC).

None are new, but they had been on the list for a while. The jury is still out on Shetland without Douglas Henshall in the main character role though.

I’ve also decided that I need to get out to some gigs. My wife’s not into the electronic music that I enjoy so much and I was thinking about heading down to Greenwich with my youngest son for a Day with Chicane. Unfortunately the gig is 18+ and he will be 3 months short of adulthood, so maybe that will wait a while longer.

In life: a trip to Tallinn

The month started with a trip to Tallinn, Estonia. Nikki and I were celebrating 21 years of marriage and we had a fantastic weekend exploring a new city. As a country that’s been in and out of Soviet control several times in modern history we were not sure what to expect. What we found was a beautiful medieval city, food that seemed more Scandinavian than Eastern European, and public transport that was cheap and plentiful.

Our hotel was only just outside the old town, which is a UNESCO World Heritage Site, so we didn’t actually need to use the transport much (the city is compact enough to walk). Even so, €2 each way for a bus to/from the airport seemed amazing value.

Similarly, we ate and drank well at remarkably good prices compared with the UK – whether that was hot chocolate in Pierre Chocolaterie, hot wine in Ill Draakon (a medieval-themed bar), or one of the modern Estonian restaurants that we dined in. (For future reference, they were: Kaerajaan, Rataskaevu 16 and Pegasus). I came home thinking that, for the most part, the UK is a very dull and overpriced culinary destination.

Other highlights were a visit to the top of the tower at the Niguliste Museum for views across the city. We also enjoyed a walk along the old town walls. Outside the old town, we took a short walk to Telliskivi and visited the photography exhibitions at Fotografiska.

If you’re inspired by this and you fancy a trip to Tallinn (highly recommended), we flew with Wizz Air from London Luton and the Visit Tallinn website has a mine of information.

Oh yes, and linking back to tech for a moment, I forgot that the delivery robots I see in Milton Keynes and Northampton have Estonian cousins…

…and was amused to see people out and about experiencing virtual reality headsets in the centre of Tallinn…

In life: a Welshman in Twickenham

I may have been born in Northampton, but I identify as Welsh. And certainly when it comes to international Rugby Union, my team plays in red. I wasn’t going to say “no” though when I got the opportunity to watch England host Ireland at Twickenham. What a game! The final drop kick was at the other end of the pitch to me, but it was a brilliant match to be at.

In life: sporty teens

As ever, my sons are a huge part of what I get up to outside work. With Matt away in Spain, I was able to get to watch Ben play Hockey a bit more, including the Eastern Counties U17 tournament. Now Matt’s returned and he’s racing as much as he can, trying to get his Category 1 (and maybe Elite, if he can get enough points) road race licence. That needs my support sometimes (passing bottles, driving on the longer trips). At the other end of the scale, it was exciting to be able to watch him pick up a win at our local race:

It’s fantastic to see the support he gets from his own teammates and some of the guys he’s racing against too (the video cuts off Richard Wiggins exclaiming “he’s got it!” just as I hit record). #ProudDad

After a couple more races that I didn’t get to see (and didn’t exactly go to plan), he wrapped up the month with a particularly eventful weekend. On the Saturday, a couple of punctures meant his race only lasted a few minutes, but that was probably lucky as we then found the steerer tube at the top of his fork had a huge crack in it…

That afternoon and evening, he rebuilt onto one of the spare cyclocross frames that were waiting to be set up, and then raced the Fakenham town centre crit’ on Sunday. It was a wet afternoon and my heart was in my mouth for the whole race but coming in third after an early break and leading for a good chunk of the race was a great result.

In photos

Wrap-up

That’s all for this month… please let me know what you think in the comments and I’ll be back in early May to recap on April… plus, hopefully, with extra time for some other posts in between.

Featured image by 139904 from Pixabay.

Weeknote 2024/07: pancakes; cycle races; amateur radio; flooding; and love stories

The feedback I receive on these weeknotes is generally something like “I’m enjoying your weekly posts Mark – no idea how you find the time?”. The answer is that 1) I work a 4-day week; and 2) I stay up far too late at night. I also write them in bits, as the week progresses. This week has been a bit of a rollercoaster though, with a few unexpected changes of direction, and consequently quite a few re-writes.

This week at work

I had planned to take an extra day off this week which looked like it was going to squeeze things a bit. That all changed mid-week, which gave me a bit more time to move things forward. These were the highlights:

This week away from work

Last weekend

I was cycle coaching on Saturday, then dashed home as my youngest son, Ben, said he would be watching the rugby at home instead of with his mates. England vs. Wales is the most important Six Nations fixture in my family. My Dad was Welsh. He wasn’t big into sport, but, nevertheless I remember watching 15 men in red shirts running around with an oval ball with him. Nikki’s Dad was Welsh too. Even though we were both born in England, that makes our sons two-quarters Welsh. Cymru am byth! Sadly, the result didn’t quite go our way this year – though it was closer than I’d dared dream.

On Sunday, our eldest son, Matt was racing the Portsdown Classic. It’s the first road race of the season and there were some big names in there. Unfortunately, he didn’t get the result he wanted – finding he has the power but is still learning to race – but he did finish just ahead of Ed Clancey OBE, so that’s something to remember.

I’m just glad he avoided this (look carefully and Matt can be seen in white/blue on a grey bike with white decals on the wheels, very close to the verge on the left, just ahead of the crash)

The rest of the week

Our town, Olney, has celebrated Shrove Tuesday with a pancake race since 1445. It even features on the signs as you drive into town.

I didn’t see this year’s race as I was working in Derby. Then driving back along the motorway in torrential rain, in time for a family meal. We were supposed to be getting together before Matt flew out to Greece for 10 weeks, but those plans fell apart with 2 days before his outbound flight. Thankfully he’s sorted a plan B but I’m not writing about it until it actually happens!

For a couple of years I’ve struggled to ride with Matt without him finding it too easy (and actually getting cold). I miss my riding buddy, but it was good to hear him say he’d like to ride with me again if I can get back into shape. Right. That’s my chance. Whilst he is away it’s time to get back on Zwift and prepare for a summer on the real bike. I need to lose at least 20kgs too, but that’s going to take a while…

…which reminds me. I must find a way to pull all my information from the Zoe app before my subscription expires.

As last Sunday’s bike race was “only” around 75km, I didn’t have any roadside bottle-passing duties so I took “the big camera” (my Nikon D700 DSLR). Then, I got home and realised my digital photography workflow has stopped flowing. My Mac Mini has run out of disk space. My youngest son, Ben, now uses my MacBook for school. And my Windows PC didn’t want to talk to the D700 (until I swapped cables – so that must have been the issue). It took me a while, but I eventually managed to pull a few half-decent images out of the selection. You can see them below, under “this week in photos”. I love using the DSLR, but do wish it had the connectivity that makes a smartphone so much more convenient.

The Portsdown Classic was my first opportunity to take a hand-held radio to a race. I’d seen spectators using them at other National Races last year but I didn’t have the equipment. I’d asked someone what they used and considered getting a Baofeng UV-5R but didn’t actually get around to clicking “buy now”. Then Christian Payne (Documentally) gifted me a Quansheng UV-K5(8) at Milton Keynes Geek Night. A chat with a friendly NEG rider and a little bit of homework told me which frequencies British Cycling uses. It was fascinating to be able to listen to the race convoy radio, both when driving behind the convoy at the start of the race and then when spectating (at least when the race was within radio range).

Listening in on the action gave me a whole new perspective on the race. So much so that I’m considering completing the ConvoyCraft training to be able to drive an official event car

I mentioned that Christian had gifted me a radio last December. That was on condition that I promised to take the exam for my RSGB Foundation Licence. Well, I took it this morning and passed. The results are provisional but, assuming all goes well and I get my licence from Ofcom, I’ll write another post about that journey into the world of RF and antennae…

Finally, I wrapped up the week by meeting up with my former colleague, manager, and long-time mentor, Mark Locke. I learned a lot from Mark in my days at ICL and Fujitsu (most notably when I was a wet-behind-the-ears Graduate Trainee in the “Workgroup Systems” consultancy unit we were a part of in the early days of Microsoft Exchange, Novell GroupWise and Lotus Notes; and later working for Mark on a major HMRC infrastructure project); he was the one who sponsored me into my first Office of the CITO role for David Smith, back in 2010; and we’ve remained friends for many years. It was lovely to catch up on each other’s news over a pint and a spot of lunch.

This week in TV/video

My wife and I started watching two new TV series this last week. Both are shaping up well, even if one is a rom-com (not normally my favourite genre):

This week in photos

Elsewhere on the Internet

In tech

At least one good thing came out of the VMware-Broadcom situation:

The NCSC appears to have rebranded 2FA/MFA as 2SV:

But this. This is a level of geekiness that I can totally get behind:

Even I have to accept that playing Snake on network switches is a little too niche though:

Close to home

The river Great Ouse in Olney saw the biggest floods I can remember (for the second time this winter). The official figures suggest otherwise but they measure at the sluice – once the river bursts its banks (as it now does) the sluice is bypassed through the country park and across fields. The drone shots are pretty incredible.

This is a fantastic project. The pedant in me can almost forgive the errant apostrophe in the final frames of the video because the concept is so worthwhile:

Underground-Overground

Transport for London decided to rename six formerly “Overground” lines, This is one of the more educational stories about it:

It’s not the first time naming these lines has been proposed:

But British Twitter stepped up to the mark and delivered its own commentary:

Or at least some of British Twitter. Those outside the gravitational pull of London were less bothered:

St Valentine’s Day

Every now and again, the social networks surface something really wholesome. This week I’ve picked three St Valentine’s Day posts. Firstly, from “the Poet Laureate of Twitter”, Brian Bilston:

And then this lovely story (pun entirely intended) from Heather Self (click through for the whole thread of three posts):

This one just made me giggle:

Coming up

The coming weekend will be a busy one. Ben is heading off to the West Country for a few days away with his friends. It’s also Nikki’s birthday… but I won’t spill the beans here about any plans because she has been known to read these posts. And then, hopefully, on Monday, Matt will finally get away to train in a sunnier climate for a while.

Next week is half term but with both the “boys” away it will be quiet. When they are at home, we have the normal chaos of a busy family with two sporty teenagers. When they are away it’s nice to enjoy some peace (and a slightly less messy house), but it sometimes feels just a little odd.

Right, time to hit publish. I have a birthday cake to bake…

Featured image by -Rita-??? und ? mit ? from Pixabay.

Removing password protection from PDF files

Important note: this post wont help you if you have a PDF file and don’t know the password. This is for removing passwords on PDFs that you have legal access to, but don’t want to be password-protected any more.

A while ago, one of my employers started emailing payslips in PDF format. Now, I know there are many issues around accessibility with PDFs, but it works for me – I get a digital version of a document that looks exactly as the printed one would have. Except that someone decided email (even to a company-secured account) was not secure enough, and they password-protected the files. In theory, this stops another employee from opening my payslip. In practice, they used a known piece of personally identifiable information (PII).

Anyway, I wanted to keep a copy of the files on my own file storage. I can do this because, technically, they are not company data and they are (or at least should be) private to me. Indeed the company in question has since moved to a system that emails a link to a personal email account, inviting the employee to download their payslip from a portal.

I didn’t want the copies of the payslips that I held to be password protected. That meant I needed to remove those passwords.

QPDF

QPDF is a computer program, and associated library, for structural, content-preserving transformations on PDF files. It’s not for creating, viewing or converting PDF files.

One of the things it can do, is remove the password protection on a file. Remember, this is a file that I have legal access to, so removing the password protection is not a crime. I’m not hacking the file – in fact I need to know the password in order to remove it.

QPDF can do much more than remove passwords (for example I think I could use it to create new versions of a PDF file with just a subset of the pages), but this was what I needed to do.

A little side-note

This was the second time I performed this exercise. I first did it a few years ago, but only on the payslips I’d received up until that date. Later ones were still password-protected. I didn’t document my method the first time around though… so I had to work it all out again. This time I decided to write it down…

A little PowerShell Script

It looks like, the first time I ran this, I downloaded a Windows executable version of QPDF and either wrote, or more likely found, a PowerShell script to adapt. The script is called payslips.ps1 and looks like this:

$children = Get-ChildItem # Save files in a variable. Piping the rest of the script from Get-ChildItem in a single line was a bad idea
$children | ForEach-Object {
Write-Debug "Working on $_.Name"; #Doesn't actually display a lot
$fileName =[System.IO.Path]::GetFileNameWithoutExtension($_.Name); #Strip name, we will append "tmp"
$ext =[System.IO.Path]::GetExtension($_.Name);
$tempFile = $fileName + "tmp" + $ext; # Append "_tmp" Move-Item -Path $.Name -Destination $tempFile; #Move the file to a temporary location
..\qpdf.exe --password=AB123456C --decrypt $tempFile $_.Name; #Use qpdf to decrypt it, save in original location
#Remove-Item $tempFile #Remove temporary file
}

ABC123456C should be replaced with the actual password. Actually, it shouldn’t, because including credentials in code is sloppy security practice. There are better ways to pass the password, but I’m just converting 50 files as a one-off exercise, not building a repeatable business process. If you go on to use this in a business environment, please don’t do it this way!

Release notes

The script makes a temporary copy of each file, suffixed with _tmp but preserving the file extension.

If you run the script against the current folder, it will run against all files, not just PDFs. That means it will rename itself and all the QPDF files with _tmp. This will cause it to fail.

It looks like, when I ran this a few years ago, I used a files.txt file to control this behaviour. files.txt was just a list of filenames and is easily generated using the following command:

dir /b /a-d > files.txt

But, this time, I couldn’t see how to provide that as a parameter to QPDF, so I had to:

  1. Place all the files to be converted in a subfolder of the folder containing QPDF and my PowerShell script.
  2. Edit the payslips.ps1 script to refer to ..\qpdf.exe (i.e. qpdf.exe in the folder above the current one).
  3. Change directory into the subfolder.
  4. Run payslips.ps1 from the subfolder – i.e.:
..\payslips.ps1

This means it will only run against the files in the subfolder, and not against QPDF, the script, or anything else.

It doesn’t seem to remove the temporary files. I didn’t try to work out why. It had already created what I needed by then.

Featured image: author’s own

Some thoughts on Microsoft Windows Extended Security Updates…

This content is 1 year old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Technology moves quickly. And we’re all used to keeping operating systems on current (or n-1) releases, with known support lifecycles and planned upgrades. We are, aren’t we? And every business application, whether COTS or bespoke, has an owner, who maintains a road map and makes sure that it’s not going to become the next item of technical debt. Surely?

Unfortunately, these things are not always as common as they should be. A lot comes down to the perception of IT – is it a cost centre or does it add value to the business?

Software Assurance and Azure Hybrid Benefit

Microsoft has a scheme for volume licensing customers called Software Assurance. One of the benefits of this scheme is the ability to keep running on the latest versions of software. Other vendors have similar offers. But they all come at a cost.

When planning a move to the cloud, Software Assurance is the key to unlocking other benefits too. Azure Hybrid Benefit is a licensing offer for Windows Server and SQL Server that provides a degree of portability between cloud and on-premises environments. Effectively, the cloud costs are reduced because the on-prem licenses are released and allocated to new cloud resources.

But what if you don’t have Software Assurance? As a Windows operating system comes to the end of its support lifecycle, how are you going to remain compliant when there are no longer any updates available?

End of support for Windows Server 2012/2012 R2

In case you missed it, Windows Server 2012 and Windows Server 2012 R2 reached the end of extended support on October 10, 2023. (Mainstream support ended five years previously.) That means that these products will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates.

Microsoft’s advice is:

“If you cannot upgrade to the next version, you will need to use Extended Security Updates (ESUs) for up to three years. ESUs are available for free in Azure or need to be purchased for on-premises deployments.”

Extended Security Updates

Extended Security Updates are a safety net – even Microsoft describes the ESU programme as:

“a last resort option for customers who need to run certain legacy Microsoft products past the end of support”.

The ESU scheme:

“includes Critical and/or Important security updates for a maximum of three years after the product’s End of Extended Support date. Extended Security Updates will be distributed if and when available.

ESUs do not include new features, customer-requested non-security updates, or design change requests.”

They’re just a way to maintain support whilst you make plans to get off that legacy operating system – which by now will be at least 10 years old.

If your organisation is considering ESUs, The real questions to answer are what are their sticking points that are keeping you from moving away from the legacy operating system? For example:

  • Is it because there are applications that won’t run on a later operating system? Maybe moving to Azure (or to a hybrid arrangement with Azure Arc) will provide some flexibility to benefit from ESUs at no extra cost whilst the app is modernised? (Windows Server and SQL Server ESUs are automatically delivered to Azure VMs if they’re configured to receive updates).
  • Is it a budget concern? In this case, ESUs are unlikely to be a cost-efficient approach. Maybe there’s an alternative – again through cloud transformation, software financing, or perhaps a cloud-to-edge platform.
  • Is it a cash-flow concern? Leasing may be an answer.

There may be other reasons, but doing nothing and automatically accepting the risk is an option that a lot of companies choose… the art (of consulting) is to help them to see that there are risks in doing nothing too.

Featured image by 51581 from Pixabay

Password complexity in the 1940s

This content is 1 year old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Over the last couple of weeks I’ve been fortunate enough to have two demonstrations of Enigma machines. For those who are not familiar with these marvelous mechanical computers, they were used to encrypt communications. Most notably by German forces during World War 2.

The first of the demonstrations was at Milton Keynes Geek Night, where PJ Evans (@MrPJEvans) gave an entertaining talk on the original Milton Keynes Geeks.

Then, earlier this week, I was at Bletchley Park for Node4’s Policing First event, which wrapped up with an Enigma demonstration from Phil Simons.

The two sessions were very different in their delivery. PJ’s used Raspberry Pi and web-based emulators, along with slides and a demonstration with a ball of wool. Phil was able to show us an actual Enigma machine. What struck me though was that the weakness that ultimately led to Bletchley Park cracking wartime German encryption codes. It wasn’t the encryption itself, but the way human operators used it.

Downfall

The Enigma machine was originally invented for encrypted communications in the financial services sector. By the time the German military was using it in World War 2, the encryption was very strong.

Despite having just 26 characters, each one was encoded an electrical signal which passed through three rotors from a set of five, changed daily, with different start positions and incrementing on each use, plus a plug board of ten electrical circuits that further increased the complexity.

There’s a good description of how the Enigma machine works on Brilliant. To cut a long story short, an Enigma machine can be set up in 158,962,555,217,826,360,000 ways. Brute force attacks are just not credible. Especially when the setup changes every day and each military network has a different encryption setup.

But there were humans involved:

  • Code books were needed so that, the sending and receiving stations set their machines up identically each day.
  • Young soldiers on the front line took short-cuts. Like re-using rotor start positions. They would spell out things like BER, PAR (for their home city, where they were stationed, girlfriend’s name, etc.).
  • Some networks issued guidance that all 26 letters needed to be used for a rotor start position each 26 days. This had unintended consequence that the desire for perceived variety meant the letter being used was predictable. It actually reduced the combinations as it couldn’t be one of the ones used in the previous 26 days.
  • Then there was the flaw that an Enigma machine’s algorithm was designed to take one letter and output another. Input of A would never result in output of A, for example.
  • And there were common phrases to look for in the messages to test possible encryption combinations – like WETTERBERICHT (weather report).

All of these clues helped the code-breakers at Bletchley Park narrow down the combinations. That gave them the head start they needed to use to try and brute force the encryption on a message.

Why is this relevant today?

By now, you’re probably thinking “that’s a great history lesson Mark, but why is it relevant today?”

Well, we have the same issues in modern IT security. We rely on people following policies and processes. And people look for shortcuts.

Take password complexity as an example. The UK National Cyber Security Centre (NCSC) specifically advises against enforcing password complexity requirements. Users will work around the requirements with predictable outcomes, and that actually reduces security. Just like with the “use all 26 letters in 26 days” guidance I cited in my Enigma history lesson above.

And yet, only last month, I was advising a client whose CIO peers maintain that password complexity should be part of the approach.

One more thing… the Germans tried to crack Allied encryption too. They gave up after a while because it was difficult – they assumed if they couldn’t crack ours then we couldn’t crack theirs. But, whilst German command was distributed, the Allies set up what we would now call a “centre of excellence” in Bletchley Park. And that helped to bring together some of our greatest minds, along with several thousand support staff!

Postscript

After I started to write this post, I was multitasking on a Teams call. I should have concentrated on just one thing. Instead, went to open a DocuSign link from the company HR department and fell foul of a phishing simulation exercise. I’m normally pretty good at spotting these things but this time I was distracted. As a result, I clicked the (potentially credible) link without checking it. If you want an illustration of how fallible humans are, that’s one right there!

Featured image: author’s own.

Weeknotes 18-19/2021: Doubling up

This content is 4 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Last week didn’t have a weeknote. I just didn’t get around to it! To be perfectly honest, my weekends are packed with cycling-related activities at the moment and work has been pretty busy too… so here’s a bumper fortnight-note. Even this is delayed because I locked myself out of WordPress with too many incorrect login attempts… but the very fact I managed to post this indicates that I got in again!

Working

There’s much I can write about my work at the moment but we are approaching my annual review. That means I’ve spent a lot of time reflecting on the last 12 months and looking forward to where I need things to head in the coming weeks and months. It’s not been a wonderful year: although my family has been fortunate to avoid Covid-19 we’re still living in strange times and I really could do with leaving my home office for the odd day here and there. Procrastination levels are certainly up, followed by evening catch-up sessions. That could be another reason there was no week note last week…

Learning

I did manage to squeeze in another exam. It’s one of the Microsoft Fundamentals series: Microsoft Azure Data Fundamentals (DP-900) and I used Microsoft Learn to prepare, passing with a good score (944).

I’m also really interested in building a body of knowledge around sustainable IT and I worked my way through the Sustainable IT MOOC from the Institut du Numérique Responsable’s ISIT Academy. Not surprisingly, some of the statistics are French-specific but, in general I found the content interesting and enlightening. Definitely worth a few hours for anyone with an interest in the topic.

Watching

I’m a heavy social media user and I’m under no illusions about what that means in terms of my privacy. I often say that, if you’re not paying for the product, you are the product. Even so, my wife and I watched The Social Dilemma on Netflix a couple of nights ago. Highly recommended for anyone who uses… well… the Internet. So, pretty much everyone then.

Cycling

After riding England Coast to Coast (C2C) on The Way of the Roses a couple of years ago, I’ve been planning my next big cycling trip.

My eldest son and I were planning to head to the French Alps after his GCSEs this summer but, well, that was before a global pandemic messed up our plans. So we’ve been looking for something a little closer to home. We’re planning on riding the length of Wales – from Cardiff to Holyhead on Lôn Las Cymru

After booking all the hotels, and the train travel to return from Holyhead (5.5 hours, via England, with a change mid-way at Shrewsbury) the biggest challenge was booking 2 spaces for bikes on the train. I had similar issues with the C2C and I’m just hoping that I manage to make the cycle reservations nearer the time. I certainly can’t allow myself to stress about it for the whole 4 day ride up!

Something that will almost certainly come in useful on that trip are the waterproof socks I bought from Sealskins… they are fantastic:

Still on the subject of cycling, the Trek X-Caliber 9 mountain bike that I bought last autumn is back in the workshop. It’s 6 months old, with just 300km on the clock and the forks have gone back for warranty repairs (and that’s after the headset bearings already had to be replaced because they were not fitted correctly in the factory). More generally, there’s a big problem with bike part availability in the UK right now – partly Brexit-related (inability to buy from some EU-based vendors) but some general supply issues with some parts on back order until 2023.

Meanwhile, I’m finding more and more of my weekends involve supporting my eldest son with his racing (either cross-country or cycle-cross, with the occasional road circuit). One bonus was that the usual Saturday Youth Coaching session was replaced by a pleasurable gravel ride (and pub garden visit) this week due to non-availability of our usual venue.

Random techie stuff

The last few weeks in pictures

Weeknote 12/2021: IT architecture, design thinking and hybrid work

This content is 4 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I’ve tried writing weeknotes a few time over the years and they have been pretty sporadic. So, let’s give it another go… this should probably be weeknote 28 (or something like that) but it seems last year I named them after the week number in the year… so let’s try that again.

Because I haven’t done this for a while, let’s add some bonus notes for last week too…

Last week:

This week:

  • I published my long-form blog post on developing IT architecture skills, spun out from conversations with Matt Ballantine (@ballantine70) but also part of the work I’m doing to develop my team at risual.
  • My technical training was interrupted to complete the Microsoft Catalyst pre-sales training. It started off as what I may have described as a “buzzword-filled gamified virtual learning experience”. Then, I started to learn some consulting skills as Rudy Dillenseger brought Design-Led Thinking (aka Design Thinking) to life.
  • It was interesting to see Microsoft recommending the use of Klaxoon with Teams when facilitating remote workshops, which made me speculate about the future of Microsoft Whiteboard.
  • Was a week of virtual calls – even in the evenings. I had Zoom calls with British Cycling and for some financial advice but also a really pleasurable couple of hours on Signal chatting with an old mate I haven’t seen or spoken to in a while, who now lives overseas. It was definitely one of those moments when I appreciated a good friendship and it made me think “we should do this more often”.
  • Just when I thought I’d handed off some project management duties to a real PM, they bounced back at me like a boomerang…
  • The UK Government’s comments on returning to work (ahem, we have been working, just not in the office) reminded me of a post I wrote at the start of the year. Hybrid working is the future folks – we ain’t going back to 2019

The last couple of weeks’ photos

Bulk removing passwords from PDF documents

This content is 4 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

My payslip and related documents are sent to me in PDF format. To provide some rudimentary protection from interception, they are password protected, though the password is easily obtained by anyone who knows what the system is.

Because these are important documents, I store a copy in my personal filing system, but I don’t want to have to enter the password each time I open a file. I know I can open each file individually and then resave without a password (Preview on the Mac should do this) but I wanted a way to do it in bulk, for 10s of files, without access to Adobe Acrobat Pro.

Twitter came to my aid with various suggestions including Automator on the Mac. In the end, the approach I used employed an open source tool called QPDF, recommended to me by Scott Cross (@ScottCross79). Scott also signposted a Stack Overflow post with a PowerShell script to run against a set of files but it didn’t work (leading to a rant about how Stack Overflow’s arcane rules and culture prevented me from making a single character edit) and turned out to be over-engineered. It did get me thinking though…

Those of us old enough to remember writing MS-DOS batch files will probably remember setting environment variables. Combined with a good old FOR loop, I got this:

FOR %G IN (*.pdf) DO qpdf --decrypt --password=mypassword "%G" --replace-input

Obviously, replace mypassword with something more appropriate. The --replace-input switch avoids the need to specify output filenames, and the use of the FOR command simply cycles through an entire folder and removes the encryption.

Weeknote 22/2020: holidaying on the Costa del Great Ouse (plus password resets, cycling performance, video-conferencing equipment and status lights)

This content is 5 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

In the last few hours of 2019, my family planned our holiday. We thought we had it all sorted – fly to Barcelona, spend the weekend sight-seeing (including taking my football-mad son to Camp Nou) and then head up the coast for a few more days in the Costa Brava. Flights were booked, accomodation was sorted, trips were starting to get booked up.

We hadn’t counted on a global pandemic.

To be clear, I’m thankful that myself, my family and friends, and those around us are (so far) safe and well. By April, I didn’t much like the prospect of getting into a metal tube with 160+ strangers and flying for 3 hours in each direction. We’re also incredibly lucky to be able to access open countryside within a couple of hundred metres of our house, so daily exercise is still possible and enjoyable, with very few people around, most of the time.

I still took the week off work though. After cancelling my Easter break, it’s been a while since I took annual leave and even my Furlough period was not exactly relaxing, so I could do with a rest.

The weather has been glorious in the UK this week too, making me extra-glad we re-landscaped the garden last year and I’ve spent more than a few hours just chilling on our deck.

Unfortunately, we also got a taste of what it must be like to live in a tourist hotspot, as hundreds of visitors descended on our local river each day this weekend. It seems the Great Ouse at Olney has featured in a list of top places to swim in Britain, which was recently featured in The Times. It may sound NIMBYish, but please can they stay away until this crisis is over?

As for the holiday, hopefully, we’ll get the money refunded for the cancelled flights (if the airlines don’t fold first – I’m sure that if they refunded everyone they would be insolvent, which is my theory for why they are not increasing staff levels to process refunds more quickly); FC Barcelona contacted me weeks ago to extend my ticket and offer a refund if we can’t use it; and AirBnB had the money back in our account within days of us being forced to pull out due to cancelled flights.

(I did spend a few weeks effectively “playing chicken” with easyJet to see if they would cancel first, or if it would be us. An airline-cancelled flight can be refunded, but a consumer-cancelled flight would be lost, unless we managed to claim on travel insurance).

Even though I’ve had a week off, I’ve still been playing with tech. Some of my “projects” should soon have their own blog post (an Intel NUC for a new Zwift PC; migrating my wife’s personal email out of my Office 365 subscription to save me a licence; and taking a look at Veeam Backup for Office 365), whilst others get a brief mention below…

Please stop resetting user passwords every x days!

Regularly resetting passwords (unless a compromise is suspected) is an old way of thinking. Unfortunately, many organisations still make users change their password every few weeks. Mine came up for renewal this week and I struggled to come up with an acceptable, yet memorable passphrase. So, guess what? I wrote it down!

I use a password manager for most of my credentials but that doesn’t help with my Windows logon (before I’ve got to my browser). Biometric security like Windows Hello helps too (meaning I rarely use the password, but am even less likely to remember it when needed).

Here’s the National Cyber Security Centre (@NCSC)’s password guidance infographic (used with permission) and the associated password guidance:

This list of 100,000 commonly used passwords that will get blocked by some systems may also be useful – from Troy Hunt (@TroyHunt) but provided to me by my colleague Gavin Ashton (@gvnshtn).

Performance analysis for cyclists, by cyclists

I’ve been watching with interest as my occasional cycling buddy (and now Azure MVP) James Randall (@AzureTrenches) has been teasing development on his new cycling performance platform side project. This week he opened it up for early access and I’ve started to road test it… it looks really promising and I’m super impressed that James created this. Check it out at For Cyclists By Cyclists.

Podcasting/video conferencing upgrades in my home office

With video conferencing switching from something-I-use-for-internal-calls to something-I-use-to-deliver-consulting-engagements, I decided to upgrade the microphone and lighting in my home office. After seeking some advice from those who know about such things (thanks Matt Ballantine/@ballantine70 and the WB-40 Podcast WhatsApp group), I purchased a Marantz MPM-1000U microphone, boom arm, shock mount, and a cheap rechargeable LED photography light with tripod.

It’s early days yet but initial testing suggests that the microphone is excellent (although the supplied USB A-B cable is too short for practical use). I had also considered the Blue Yeti/Raspberry but it seems to have been discontinued.

As for the photo lighting, it should be just enough to illuminate my face as the north-facing window to my left often leaves me silhouetted on calls.

Smart lighting to match my Microsoft Teams presence

I haven’t watched the Microsoft Build conference presentations yet, but I heard that Scott Hanselman (@shanselman) featured Isaac Levin (@isaacrlevin)’s PresenceLight app to change the lighting according to his Windows Theme. The app can also be used to change Hue or LIFX lighting along with Teams presence status, so that’s in place now outside my home office.

It’s not the first time I’ve tried something like this:

One particularly useful feature is that I can be logged in to one tenant with the PresenceLight app and another in Microsoft Teams on the same PC – that means that I can control my status with my personal persona so I may be available to family but not to colleagues (or vice versa).

One more thing…

It may not be tech-related, but I also learned the differences between wheat and barley this week. After posting this image on Instagram, Twitter was quick to correct me:

As we’re at the end of May, that’s almost certainly not wheat…