North East Bytes - a Microsoft technology usergroup in North East England.

Powered by Squarespace

Wednesday
Dec112013

You've got to read this!

If you work in IT (heck, even if your business has any IT - so that's all of you), then there's a book that you should read; "The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win".

Regardless of your specific role, I'm certain that you'll learn something useful (and more importantly, actionable). I've changed my approach to doing a few things already based on lessons I've taken from the book and I still need to process some more ideas around how to do stuff better. I expect that I'll be reading it at least one more time through so that I don't miss anything that I could make use of.

One month ago, I'd never heard about this book. Of all the interesting and useful things that I took away from the Microsoft Global MVP Summit this November, I suspect that this will have the greatest impact. Fellow PowerShell MVP Steven Murawski often talks about DevOps and recommends this book in his presentations. He's such a fan of the book that he brought a bunch of copies to give out and I was very glad to receive one after hearing him extol its virtues. (Thanks Steven!)

Having read the first few chapters on the flight back from Seattle, on landing I purchased the Kindle edition from Amazon UK so that I could carry it around on my Kindle and phone in order to reduce the barriers to being able to consume it!

Personally, I love the approach that this book takes. By encompassing so much useful information about ITSM, DevOps methodologies and much more in a novel with an engaging storyline, I was able to read it much more easily and quickly that many of the dry technical texts that bog down our industry. I think that it also helped me to digest the information and apply it to my work situation more easily, even though I work in a significantly different type of organisation to that in the story.

The bottom line is that this isn't just a good book, it's an important book. You should read it at the first available opportunity. We'll all be the better for it.

Tuesday
Nov122013

Free events for IT Pros in Newcastle on 25th November

On Monday 25th November, St James' Park in Newcastle is the venue for three free events for IT professionals covering a range of Microsoft technologies.

During the day, the MVP Cloud OS Relay and SQL Relay 2012R2 have great line-ups of MVPs and other experts in Windows Server, System Center, Hyper-V, Office 365, Azure, SQL and Business Intelligence.

In the evening, the Windows User Group takes over with an event covering Windows 8.1, deployment, MDOP and Office 2013.

The schedule for the Cloud OS event is at http://www.cloudoscommunity.com/Newcastle and free sign-up is at http://www.eventbrite.co.uk/e/mvp-cloud-os-infrastructure-relay-newcastle-tickets-8456426399

The SQL Relay event has sold out, but if you're desperately interested in any of the sessions at http://www.sqlrelay.co.uk/events/2013r2/Newcastle.html you can register for the Cloud OS event and switch tracks throughout the day if there's capacity in the room.

Sign up for the evening event is at https://www.eventbrite.co.uk/e/windows-and-office-tour-tickets-9107714419

Hopefully I'll see you there!

Tuesday
Nov052013

Microsoft UK Tech Days Online starts tomorrow

For 3 days (6-8 Nov) Microsoft UK is running their Tech Days Online event, covering (day 1) Windows Client for IT Pros and Developers, (day 2) Server and Cloud for IT Pros, and (day 3) Visual Studio, Azure, Dev tools for Developers.

The late morning slot is where the headline content is because on Wednesday they have an intereview with outgoing Microsoft CEO Steve Ballmer, and on Thursday they have me ;-) talking about PowerShell, with a focus on Desired State Configuration.

As The Register says, "Microsoft TechDays Online is a lovely opportunity for IT pros and developers to beef up on the latest developments in Microsoft client, server, cloud, system management and developer tools technologies."

It's all free, and you can register at https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032564581&Culture=en-GB

Monday
Aug192013

PowerShell 4.0 DSC presentation at NEBytes

For those in or around North East England next Wednesday (28th August), I'm going to be doing a presentation at NEBytes on PowerShell 4.0, with a focus on Desired State Configuration.

If you haven't heard of DSC before, it's a really big deal - a new set of cmdlets and language extensions provide the ability to declaratively specify the configuration of your environment and maintain the desired state of your systems.

I'm going to cover what DSC can do for you, showing how to define and deploy configuration scripts, as well as touching on some of the other new features of PowerShell 4.0.

The event is free to attend, but we do ask that you register here: https://www.eventbrite.com/event/7898393307

As if PowerShell DSC wasn't enough, we've also got my partner-in-crime, Andy Westgarth talking about developing with Windows Azure Media Services.

Thursday
Jul252013

Anatomy of a Scam Email

A little while ago I received warnings on a couple of mailing lists of a new email scam claiming to be from Microsoft. There was some suggestion that this particular scam was well structured and more convincing than most, although everyday experience tells us that phishing emails don't have to be very convincing at all to get passwords (or whatever) out of some computer users.

This is an example of the message that's going round. It links to a MSI file that you should install "in order to keep your computer and data safe" - I've broken up the URL so that nobody clicks on it by accident - it's malware that wasn't detected by all anti-virus packages at the time.

From: Microsoft <updates@mcrsoft.com>
Subject: Attention: Microsoft Office
To: Recipients <updates@mcrsoft.com>

Dear Microsoft Office user, through our annonymous statistical
information collection system built into all Microsoft Office
products, we have detected that your system is currently lacking 3
critical Office patches. These patches are for Microsoft Word,
Microsoft PowerPoint and Microsoft Outlook, in order to keep your
computer and data safe we urge you to go to
Microsoft Download Center and download the Microsoft Office Critical Update
Pack available on our website.

You can do this by searching for the patch on our website or
directly at:

http dot slash slash fileserver dot updateservermicrosoft dot net/MS00285913/CriticalUpdates/

Sincerely,

Microsoft Office Support
Cardinal Place
80-100 Victoria Street 
London
SW1E 5JL

Now, there are a bunch of reasons why you are too clever to be caught out by this. You've already seen a bunch of them, haven't you? You wouldn't be foolish enough to fall for this, I know. But let's break it down just for fun anyway...

First up are the email addresses in the header. That's obviously not how you spell Microsoft, and Microsoft haven't run out of addresses @microsoft.com, so they wouldn't be using anything else. The trouble here is that this could potentially be much worse. Email is horrendously insecure and it's very simple to send an email that looks like it comes from absolutely any address whatsoever.

Some systems won't relay email from addresses without verifying the sender is who they say they are, and some systems won't accept email pertaining to be from some address if it didn't originate from a server that's designated as part of the DNS domain. Frankly though, there are loads of systems that are wide open, so you can pretty much assume that the address that an email comes from isn't proof that it came from that person/organisation.

The next thing that is often part of a scam email is bad speeling or grammar. This one is better than most, but even if I haven't screwed up the line breaks (which I may have - I didn't receive the message first-hand), this bit is suspect:

Dear Microsoft Office user, through...

You'd expect a line break after the comma there, which may have been in the original message - if this really was from Microsoft it would've been there, and if there was a line break "through" would be capitalised.

The next bit is the one that I would expect more people to miss:

through our annonymous statistical information collection system built into all Microsoft Office products, we have detected that your system...

Now some Microsoft products do optionally collect anonymous user data to feed back into their development cycle, so that's plausible, right?

The key thing here is that word "annonymous" (which is spelt incorrectly, but that's only part of the point). If the data is anonymous, how would they know that it was your system, or know your email address to warn you about it?

They wouldn't. Nobody will ever be able to contact you with a targeted message based on anonymous data. That's just nonsensical.

Other stuff that should ring alarm bells, although there require a bit of background knowledge...

Microsoft delivers critical patches via Windows Update. If they needed you to apply a critical patch, they'd simply direct you to Windows Update, or at the very least a page on microsoft.com.

The physical address is Microsoft's London office, so at least the scammer went to the trouble to check that out. However, they didn't bother to find out what Microsoft does there. A quick seach would have uncovered this: "Our London office primarily serves the MSN and Xbox teams, although the ground floor is set up for hot-desking to ensure that any of our employees can work from this office when they are in London." Critically, it doesn't include Microsoft Office Support.

The scammers are getting better, but they need to try much harder if they're going to fool anyone with a decent dose of both scepticism and common sense (unfortunately there are too many people lacking one or both of those).