Category Archives: Newsletter Reprints

When is Technology Too New?

A reprint from the PC410 Security Newsletter:

RobotTech at PC410.com

Don’t be somebody else’s guinea pig. There’s a reason that the latest and greatest widget is called the leading edge, or sometimes the bleeding edge of technology. If it still has rough corners, somebody’s gonna bleed. New technology isn’t particularly polished, compatible, or cheap. So configuration costs are high, and there can be a longer-than-normal list of “While we’re doing this, we really should upgrade that.” items.

The Amazon Echo and Google Home devices live in your home and can do things for you, like playing music, or ordering, well, dollhouses. A San Diego TV station said these magic words on television in a news report:”Alexa order me a dollhouse”, and multiple Amazon Echo boxes heard that broadcast and obeyed, by ordering a dollhouse.

And then there was the Google advertisement for Google Home during the Superbowl. Early adopters of the new Google gadget found that when the television said the “OK Google” trigger phrase, their Gooogle Home device woke up. Fortunately, it was not dollhouse-enabled, and didn’t place any dollhouse orders.

Any science-fiction reader knows that voice-controlled whole-house computers are on the way, that they will use voice recognition to only allow commands from a specific individual, and have a special command to say ‘Make it so’. In Robert Heinlein’s books, commands had to end with “I tell you three times.” Clearly, we haven’t reached the competence level of science fiction from 1980.

The Internet of (Stupid) Things

There are a lot of cheap security cameras and so-called ‘smart’ light bulbs available now. Theses devices ‘connect to your cell phone’ and let you control them. Warning flag there–they connect to the internet in order to trade information with a central server, and accept outside instructions to control them, relayed from your cell phone, and possibly any other system that knows the sometimes-obvious default password, which is generally ‘1234′.

In the past year, there have been incidents like these:

  • The largest web site attacks ever seen were accomplished by taking over security camera video recorders (network DVRs), telling millions of them to attack a single site and take it down. As over 80 brands of security DVRs are made by just one company in China, and they share the same settings, and passwords like “123456”, they’re trivial to find online and then turn into attack ‘bots.
  • Some purchasers of video baby monitors were surprised to find that their baby monitors showed someone else’s nursery. There were some basic security flaws that didn’t account for two monitors on one account, or monitors returned as unwanted needing to be reset to factory defaults.

For many of these products, there is no way to contact the purchasers with a fix, and no way for purchasers to contact the manufacturer; a no-name product means no updates, no notices of security issues, and no fixes.

When is Technology Too Old?

A reprint from the PC410 Security Newsletter:

Lately, I’ve been asked why some old good stuff doesn’t work anymore. Usually, that’s for software, printers, and scanners. Basically, it’s because old tech doesn’t understand how to talk to new tech, and new tech has no drivers, or translators, for old tech.

While you can use any one device forever, in offline isolation, or as long as it lasts on its own, when you combine it with other technology, especially printers or the Internet, compatibility issues start showing up when it’s too different in age from the other systems in use. This works as long as nothing breaks. Replacing whatever died starts a mismatch of old and new, and the work to keep it all going surges badly.

My basic rule is to try to have all the technology in an office be of a similar age, preferably with a 4-year range. That’s generally reliable. Beyond that, the savings in not buying new hardware or software are gradually overwhelmed by additional configuration expenses.

But How Old is Old?

For computers, the rule used to be, according to Microsoft and Intel, that a computer is due for replacement after three years. As both those companies wanted to sell more products, their opinions include a lot of bias. What I’ve seen over the years is that desktop computers that are kept off the floor, had no basic defects, and have an annual internal de-dusting, become useless from a lack of compatibility with new software long before they actually stop working from hardware issues. Basic defects can make a big difference on some groups of computers, like the bad lead-free solder and leaky capacitors that killed off nearly every 2003 computer.

Leaking Capacitors

And better computers last longer, but not always because they’re better. Dell’s low-end home computers have exactly the number of internal connectors they need, plus one spare power connection. Need to add another drive? The power supply isn’t powerful enough for that. Need to add a USB 3 card? No, there isn’t a connector to power that, or an open slot to install it in. The same upgrades in their more-expensive business products are routine.

Notebooks add handling to the age question. The cheaper ultra-light notebooks are frequently all plastic, impossible to upgrade (obsolete sooner), and more fragile. Sturdier notebooks, like a Lenovo ThinkPad, have metal hinges and corner reinforcements, and can survive a drop or a bad thump that would crack a plastic hinge. And inside, solid-state drives can survive bumps where a spinning hard drive would bounce the read/write head off the spindle and lose alignment. Again, the better computer will last longer.

Mismatches:

QuickBooks only supports the last three annual versions of their product. If you need payroll tables inside the product, or links to an industry-specific company management product, plan to upgrade at least that often. If not, you can wait until your version of QuickBooks won’t install in your new version of Windows; new versions of Windows are mostly supported by only the most-recent annual edition of QuickBooks.

Some old laser printers just won’t die. But they need parallel printer cables, not USB connections. While I can add a printer port to anything, there is no printer driver software for a printer of that age in Windows 10, so some ‘emulation’ driver will have to be used, because every printer can make believe that it is something truly generic. That was an ‘IBM Pro Printer’ 20 years ago, and ‘PCL 5’ now. Emulations work, but advanced features of those old printers won’t.

Specialty software, mostly industry-specific, is mostly a case of letting your software vendor control your office. They will release updates, and you’re either ready or not. The better vendors will warn you about big changes one month in advance, mostly, but they aren’t willing to spend their programmer hours on any version of Windows that is over 5 years old. That’s Windows Vista and older now, and will be Windows 7 in April of 2020, when the security patches from Microsoft stop.
Replacement Cycles:

Some computer shops suggest replacing every computer on a staggered schedule every three years, and only buying computers with 3-year on-site warranties. This saves those shops from ever opening a computer or going on-site. While it’s a sure recipe for reducing down-time, here is a more cost-effective replacement cycle:

4 years for notebooks and small servers.
5 years for most information-worker computers.
3 years for power users (video editing, computer-assisted design/CAD).
7 seven years for non-critical desktop computers that aren’t in daily use.

Multiple Backups? Why? Is it Time to add a Cloud Backup?

A reprint from the PC410 Security Newsletter:

Cloud Backup, Why now?

Cloud backup is a worthwhile addition to your backup choices. Here’s why: Security software doesn’t block new threats under three days old, surge suppressors can’t handle a direct lightning strike, and no one is ready for what they don’t expect. Damage to computers and your backup drives is going to happen, and there won’t be advance notice.

Different backup types and destinations offer protection against different threats, and have dramatically different restore times. Some protect the newest files, and can be up and running in 10 minutes after a disaster. Others protect everything EXCEPT the newest files, from more types of mayhem, but take multiple days for recovery.

These are instructions for small business and home users; large businesses have more options, like backing up systems to virtual computers for emulation of a failed computer while waiting for IT staff to configure new hardware.

WHAT to Backup?

You should have three copies of your data, on two different types of backup (drives, cloud, or DVD/BluRay disks), and one copy should be off-site. If you’re only running one kind of backup, you’re not protecting your data against the most-likely problems.

Modern backup software automatically grabs your document folders. Add the contents of folders on servers, and any project folders that aren’t already inside the ‘my documents’ folders. If you use DropBox or OneDrive for sharing files, set one system in your office to keep a full copy of those files, and include them in your backups, because cloud file-sharing isn’t immune to cryptoware.

And backup these items: Software license keys (scan them), software installation disks, especially of backup software (convert them to “ISO” files and setup a folder for them on your backup drives), and the invoices that establish warranties on your computer and office technology (scan these as well).

HOW to Backup?

Image Backups are a backup against drive failures and lightning strikes. This is the backup used to rebuild your system after a drive failure–it’s a snapshot of the entire drive. Some software offers this as either a drive backup or a system backup; when in doubt what a backup will do, ask the publisher.

Data Backup is a compressed copy of your data, usually documents and anything else inside the ‘My documents’ area, but not your software or operating system. Data Backups offer some protection against overwritten files and ransomware–there are multiple sets of data, and you can choose which to restore from.

File Sync is an automatic copy of your data. This backup saves time in getting your data running, because it can substitute for a file server, for a small number of users. Daily file sync to a network-attached storage device (NAS) is best. Continuous file sync is also an option, but that increases potential damage from ransomware, and provides no protection against human errors.

Cloud Backup, set for “continuous” backups, goes to a good service provider that keeps multiple file versions, as protection against cryptoware, and captures the most-recent files that may have changed since the last set of image backups and file syncs. Cloud backup can also save you from human errors, when you need an older version of a valuable document.

WHERE to Backup?

Cloud backup is protected from ransomware, but make sure the cloud company you choose can delete encrypted files for you, by date or by extension–ask the question, and if they can’t answer in plain language, take your business elsewhere. File Sharing services like OneDrive and Google Drive are not backups; they’re single-copy storage that ransomware sees as a folder that can be encrypted like any other folder. Don’t use them for backups.

Network-attached storage drives are for continuous or scheduled backups. With the right software, they offer protection against drive and computer failures. If you bolt them down in a hidden spot in your building, they can protect against data loss from technology theft. Some of these units are even fire-resistant. They aren’t immune to power problems, and won’t survive a direct-to-building lightning strike, but neither will the wiring of your building.

USB-connected ‘portable’ drives (small, no power cord), and ‘external’ drives (larger, with a power adapter), are for backing up and then locking up data, so they’re protection against burglars and lightning, and if off-site, floods, fire, and general mayhem. But as nothing done manually is reliable, they can’t be your only backup destination.

WHEN to Backup?

The standard question for backups is “How many days, hours, seconds, or months of data can you afford to lose?” Answer that, and plan accordingly. For an airline, one second of data loss is millions of dollars. For most small businesses, more than a few days of lost data may lead to financial trouble.

As a starting point for small business, try this:

  • Image backups once a month, automated, for each computer, to a NAS drive. If your software configuration only changes rarely, an image every three months is OK.
  • Data Backups, every weeknight, full backup once a week, and incremental (new files and changed files) for the rest of the week.
  • File Sync, weekdays, late in the day.
  • Cloud Backup, continuously.

On computers other than your file server, if all your data is going to the server, you can skip data backups and file sync, but in this case, create image backups at least quarterly of these machines. Check the location of data files from Outlook or Thunderbird; they should save to the file server so that they’re included in all backups.

Keep the last three complete sets of all these backups. Assume there’s corruption–there frequently is, and recovery of an older file set may be needed. In some cases, a failed backup is the first sign of hard drive trouble, so monitor the backups, and restore some files as a test. If there has been no test of your backups, you don’t have any backups. Always test.

Monitor your backups. All good backup software can email the results of a backup, either that it worked or that it failed. Usually, if it fails, the backup device didn’t turn back on after a power failure, or it’s full. That’s OK if you’ve got that email that tells you to check your backups.

Finally, if you’ve been carefully backing up for years, great! But look at the backup drive; if it’s a 240 Gb drive, it could be from 2004. Backup drives fail, and old drives are slow and erratic. If you are running one type of backup, to an old drive, it’s time to update.