From the Mind

Ideas and suggestions from the EfficiencyNext team

A Take on Apple Vs FBI by EfficiencyNext’s President

Posted by on Feb 25, 2016 in From the Cloud, From the Mind, Uncategorized | Comments Off on A Take on Apple Vs FBI by EfficiencyNext’s President

Note: The opinion in this blog post is that of Paul Katz, President of EfficiencyNext LLC. There has and continues to be a vigorous debate among EfficiencyNext staff, with many going #teamfbi and others #teamapple. The current Apple Vs FBI issue with regard to accessing a terrorist’s iPhone 5c has been a subject of active debate within technology and non-technology circles. The position held by many in technology is that Apple is correct in this specific matter. I, however, feel the FBI should prevail in this one specific case. Detangling Things There has been much talk about back doors and weakening encryption with regard to the court order for Apple to unlock the iPhone 5c used by Syed Farook, one of two the shooters in San Bernardino terror attack . The iPhone in question is owned by the San Bernardino County Department of Public Health, which has given complete consent for the FBI to access the phone. The court order is not aimed at weakening the iPhone’s encryption. Instead, the court order requires Apple to build a custom operating system that can be installed on the specific iPhone involved, which will: Nullify the auto-wipe feature Remove delays between PIN code attempts Allow for PIN attempts to be conducted at a rate of 80 milliseconds per attempt Apple, through signed encryption security, is the only party that can load a custom operating system on an iPhone, by their own design. This is why the FBI, through the court system, has compelled Apple to build the custom OS, and brute force determine the PIN to unlock the phone. The request is made under the authority of the All Writs Act to help service a valid search warrant. Hence, this particular case is not about encryption, but rather having Apple create a technique they can run themselves (and only them) which bypasses login security mechanisms. Why I Believe the FBI is Right Apple’s Government Information Requests policy currently states “For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess.”. Apple failed to consider the possibility that the All Writs Act might be employed to compel them to unlock phones via their authentication mechanisms. In my opinion, (I’m not a lawyer BTW), the All Writs Act applies. Apple seems sufficiently related to to this matter, and building a custom modified OS for a company of their size and financial ability doesn’t seem an undue burden. Under the current Law, I don’t see Apple having much of a case. And concern for precedents must cut both ways. If Apple, one of America’s most powerful corporations, is able to refuse to help service a court approved warrant, how many other companies can follow suit?   The Advice Apple Should And Can Give Each iPhone has the ability to accept passwords and phrases far more complex than a four or six character numeric code; the option is there, just buried a little. A six digit numeric pin has one million possible combinations (000,000 through 999,999). Brute force at about 12 attempts a second would take just under 24 hours. This is what the FBI is banking on. That said, A six character password (alphanumeric + special characters) has over 281 trillion possible combinations (281,474,976,710,656) by my count. Presuming the password isn’t readily guessable, we are looking at 6,515,624,460 hours of bulk attempts to brute force the password. Even sticking with numbers, a user can have a nine character numeric password with a possible one billion...

Read More

Microsoft Clarifies its Azure Support Options

Posted by on Jan 22, 2016 in From the Cloud, From the Mind | 1 comment

Microsoft has entered the new year with an updated Azure support page that greatly clarifies the support plans available under Azure (https://azure.microsoft.com/en-us/support/plans/). Prior to this update, a “Free” support column was displayed on the page that included “Web Incident Submission”. This led some Azure customers to believe that when Azure has a technical problem, submission of them for support would be free. This turned out not to be the case; Free “Web Incident Submission” was generally only for billing issues. With the new revision, the free tier is now gone, with the first support option listed now being “Developer” support, which costs $29 a month. Essentially, if you need to submit a technical ticket to Azure Support, you really need to purchase a plan. The @AzureSupport Twitter handle can receive outage info from customers, but fairly quickly, for specific help, they will advise you to open a ticket. I’m happy that Microsoft made this change, and clarified its wording. The new page is much clearer that free technical support in general isn’t offered. On occasion, in the case of major outages, Microsoft has offered complimentary technical support, but it wouldn’t be prudent to bank on that being available for all scenarios. Perhaps one thing to keep in mind is that support plans are purchased at the Microsoft Account level, and applies to all Azure Subscriptions under that account. If you are an IT firm, and setup Azure infrastructures for your customers, it might make sense to ask them if they can have their subscriptions setup on your Microsoft Account, instead of theirs, so that a singular support plan purchase goes farther. Want to discuss Azure with someone? We’re always happy to...

Read More

Recommendations for dealing with and planning for SAM Engagements

Posted by on Jan 1, 2016 in From the Cloud, From the Mind | Comments Off on Recommendations for dealing with and planning for SAM Engagements

In my last post, I actively protested against Microsoft’s bad behavior with how they execute their SAM Engagements. That said, I am a believer in properly licensing one’s software, and as such, EfficiencyNext operates out of an abundance of caution with regard to this. Here are my recommendations. Disclaimer: I am not a lawyer. This is not legal advice, but advice from someone who implements Microsoft technology. Cooperate when You Are Contacted, but Verify The SAM Engagement is a required process, no matter how much the initial contact tries to make it look like they are selling you something. It’s OK to be grumbly, but don’t block the process or try to hold it up. But, always demand they send you an email before giving any information over the phone. I have no doubt there are plenty of hackers pretending to be SAM Reviewers in order to get information they can use to break into networks. Be Truthful Don’t lie. In general, these SAM Engagements seem to be used by Microsoft as revenue optimizers. It’s about increasing revenue per customer, not necessarily anything punitive. If you execute the process in good faith, you might find out you need to buy more licensing, but in general, you shouldn’t find yourself being sued or being forced to pay costs in excess of actually buying the necessary licenses. Lying (or being uncooperative) is a road that actually can actually likely lead to legal action. Understand the Limits of Volume Licensed Operating Systems and OEM Operating Systems This is one of the Big Gotchas. Microsoft Operating Systems, licensed in Volume and Partner Programs, are Upgrade Licenses only. They do not include licensing for the base operating system, which must also be licensed for the computer the Upgrade License is installed on. These base licenses must be business class; that Windows Home license that comes with many PCs doesn’t cut it. That leaves two options: When you buy a computer, make sure it comes preinstalled (OEM) with a valid business-class operating system, such as Windows 10 Professional, and DO NOT LOSE THE RECEIPT FOR THE SYSTEM PURCHASE. Keep the physical copy, and also scan it into an online accounting system immediately. Without an invoice stating the computer originally came with the Windows license, the SAM Reviewer can make the case the OEM OS might have been installed after the computer’s sale, rendering the validity of the license unprovable. This is also a significant concern if your company buys PCs used; in such cases, you should insist on getting a copy of the original purchase receipt. I would argue this is a strong case for buying Surface Pro hardware specifically, as the hardware itself should be considered proof of a valid license, as it always comes with a Professional copy of Windows and is manufactured by Microsoft itself. You shouldn’t be screwed if you lose the receipt or buy the Surface Pro 1/2/3/4 used. There’s simply no mechanism for how the computer wouldn’t have a valid OS installed. The fact that Surface Pro come with Windows 8/10 OEM Professional is actually a $140 value that many other machines you buy at retail don’t have. Purchase Full Retail Copies of a Microsoft Business Class OS, and insure each license is mapped to a computer running an Upgrade Volume License of Microsoft Windows. As of today, technically, even Vista for Business works for this purpose. I highly recommend purchasing current retail copies that are verifiably legitimate, as counterfeit retail software remains a problem today. That’s roughly $200 a pop, but at least with retail licenses, you can transfer them from...

Read More

Microsoft’s Deeply Flawed SAM Engagement Process

Posted by on Jan 1, 2016 in From the Cloud, From the Mind, Uncategorized | Comments Off on Microsoft’s Deeply Flawed SAM Engagement Process

EfficiencyNext finished its first Microsoft SAM (Software Asset Management) Engagement this last  year, having been contacted by a SAM Engagement specialist contracted by Microsoft. This is a process Microsoft Volume Customers go through so Microsoft can check that customer deployments match the licensing they have purchased. Let us first say, we are an absolute supporter of Microsoft in their desire to insure people are using their software by the rules. Volume Customers receive steep discounts over retail, so some form of review every so often seems a reasonable fair trade. That said, I was deeply disappointed with the unethical nature of the original contact by the SAM Reviewer, and Microsoft’s inability to make the process efficient. This post is a compilation of thoughts I have; I will leave out the names of the individuals I worked with; if anyone at Microsoft would like to DM me on Twitter for details, you can find me at @napkatz. Likewise, I have a sympathetic ear to anyone else who would like to vent/discuss about this process. The way the SAM Reviewer Contacted Our Company and Represented Herself was Deceitful and Unethical I took the initial call from the SAM Reviewer. She said that her company was “Offering a Free Software Asset Management Review” of our software environment, and asked for our IT Manager. The tone was clearly that of a sale. Given that tons of companies cold call us about IT services all the time, I started the usual “just send us something in the mail” line. At that point, the tone changed, and she said she was working with Microsoft and that the review was mandatory. I told her to email me, as I wouldn’t share information about our IT setup with a random caller over the phone. She did email me the formal Microsoft SAM materials, confirming who she said she was. And in the FAQ document she sent over, was this threat: We hope that customers will work proactively with us to ensure they have a compliant licensing position.  However, given the great emphasis Microsoft places on protecting its intellectual property, for those organizations that don’t wish to engage in this process, a more formal communication may be made with respect to our licensing rights and your organization’s obligations under your Microsoft license agreements. In short, the SAM Reviewer wasn’t offering or selling us anything; she was forcing our company into a Microsoft-driven audit, under the implied threat of legal action. There’s plenty of potential motivations to be deceitful upfront I suppose; the SAM Reviewer needs to reach a manager of some sort or perhaps the review can’t happen? So maybe she has to lie her way to get to a manager. I don’t know. Whatever the reason, there is no excuse for such unprofessional and unethical behavior. Microsoft should be ashamed of this practice, even if it is their contractors and not them lying and misrepresenting themselves. In short, it is OK to be angry for how this initial contact works. I was, and to an extent, still am. Especially because at our company, we take great pains to make sure we license our software properly, paying Microsoft thousands of dollars a year. The SAM Engagement process ignores the cheaters who don’t have a Volume Agreements, and instead targets paying customers. The SAM Reviewer Only Gives You Three Weeks and You Never See the Review Coming I think this again cuts to how Microsoft doesn’t trust its customers. There’s no reason why these reviews can’t be presented clearly as a scheduled necessity that comes with the privileges of volume purchases at the inception of a Volume...

Read More

Good things from Microsoft in 2015

Posted by on Jan 1, 2016 in From the Cloud, From the Mind, Uncategorized | Comments Off on Good things from Microsoft in 2015

As a software development and services business that implements Microsoft technology, there are always ups and downs. This blog often has covered issues we’ve had while using Microsoft technology, however, it being the New Year, I thought it would be good to highlight some of Microsoft’s more generous actions we saw in 2015 1. Free Windows 10 Upgrades There is a definitely a pragmatic element here; Microsoft wants as many people on Windows 10 in order to drive developers to the platform. Still, Windows 10 is a pretty great operating system to get as a free upgrade from Windows 7, Windows 8, or Windows 8.1. And getting free assistance from a Microsoft Store, if one is close by, is a nice touch. I have family who ran away from Windows 8, but feel very comfortable on Windows 10. I’ve installed Windows 10 on plenty of devices and overall, it has performed well, especially with the November update. 2. Free Visual Studio Community 2015 Microsoft first made Visual Studio Community 2013 available in late 2014, and continued this offering in 2015 with the release of Visual Studio Community 2015. This product is on feature parity with Visual Studio Professional, which is a paid version of the product. There are licensing limitations that restrict how Visual Studio Community can be used in a business setting, however, if you are a free-lancer, student, or hobbyist, you have access to an incredible development tool at no cost. Even on the business side of things, if you are in a small company or your company works on open source projects, there is a high likelihood you can use this tool on some level. The reason for Visual Studio Community is likely pragmatic; Microsoft wants developers to learn and develop on their platforms. Still though, it’s an awesome giveaway. 3. Free Visual Studio Express 2015 I was really concerned that Visual Studio Express might go away in favor of Visual Studio Community. Fortunately, the free (for any use) Visual Studio Express 2015 line of products was also released by Microsoft. It’s a good thing for anyone with an inexpensive BayTrail Windows PC that only has 32 GB of storage; a lot of these $200 or so machines are still sold today, and Express for Web is small enough that it can actually fit on one. I had such a setup on my Dell Venue 8 Pro until its hardware went bad on me. 4.”Free” SAM Engagements (sarcasm) OK, a little snark here. Microsoft pays consultants to call up its customers and help then validate whether they are in compliance with licensing. If not, it’s time to pay up. We’ll talk about this a bit in later blog posts, but overall, its not fun to go through. At least Microsoft pays for the process on their end. 5. More Accessible OneDrive Yes, the story of the year is how Microsoft fumbled its OneDrive marketing, first promising an unlimited storage upgrade, and then reneging on that promise. As well as by reducing the amount of free storage offered. Perhaps what is missing is now that OneDrive is included by default with Windows 10 (an Operating System that is generally well received by millions), a lot more free OneDrive storage will likely be consumed by all. It’s clearly a play to get everyone in their ecosystem, but still, Microsoft is giving away a lot of free storage all around.   Concluding Thoughts? Have I missed anything important here? Feel free to let me know at my Twitter handle @napkatz. Overall, I think 2015 has been a good year for Microsoft and its partners and customers, and I look forward to seeing what...

Read More

A Thoughtful Discussion with the Azure Team

Posted by on Dec 4, 2015 in From the Cloud, From the Mind | Comments Off on A Thoughtful Discussion with the Azure Team

Following the prior blog post, representatives from the Microsoft Azure Team requested a call with me to discuss the concerns I had with the service. I applaud them taking the initiative to set that up, and I feel the call was very productive and informational. As with a lot of what Microsoft does, sometimes the issues are largely related to communication. Here’s some important clarifications regarding their Azure Support Offerings which are listed on this page (https://azure.microsoft.com/en-us/support/plans/), as well as some other notes. Currently, there is no free technical support, even if flaws in the Azure Infrastructure are the cause of the issues customers might see. The phrase “Web incident submission” on the page is strictly limited to Billing and Subscription issues. Everyone on the call seemed to think the wording on the page was a little confusing, and supposedly, it might be revised in the future. I would revise it to “Billing Support” myself. On occasion, in the case of large outages affecting lots of customers, Microsoft does sometimes offer free technical support to customers who are having issues getting back online.  I would not recommend counting on this, as this feels very arbitrary. For a regular Support Plan to be guaranteed applicable to an Azure Subscription having technical issues, the Support Plan must be under the Microsoft Account that owns the subscription. If a Co-Administrator of an Azure Subscription has a Support Plan himself/herself, there is no guarantee that support plan will be usable to open a ticket for the Subscription they are administrating. Note that this is not spelled out on the Support Plan page, but is very important to know. So, if one of your customers is setting up Azure hosting and you are quoting the cost, make sure to bundle a Support plan into the estimate OR Convince your customer to setup the Azure Subscription under your Microsoft Account so your Support Plan will work with it. There are ways Microsoft Partners can gain special Partner Support Plans that let them support the Azure Subscriptions of their customers, but they either involve certifications and/or high monthly fees. Think $1,200 to $1,500. A key driver behind Azure’s recent pains and outages seems to be astronomic customer growth. And this growth isn’t projected to slow down. The Service Level Agreements for Azure services are solely about reimbursement for downtime. Whether an Azure Service has an SLA or not is not guaranteed to be correlated with up-time. Don’t use Azure SLAs as any promise of up-time when quoting to a customer; instead, insure to add-in things like SQL Azure Geo-Replication with Failover into your quote. I think changes to Azure Support is coming. I’m participating in a follow-up call in January, and while the Azure Team I was talking to could not discuss the future with me, they really wanted the follow-up call. I’m hoping there is new stuff to discuss in January. And I really hope some form of free support for Azure-caused issues will be part of the discussion. I’m glad Microsoft has Azure outreach efforts to discuss concerns that folks might talk about online. The call we had I believe was mutually beneficial, and I look forward to the call in January. I also hope to see a drop in outage incidents going...

Read More