Windows Server 2025 Announced

Microsoft announced Windows Server 2025 along with some great features! Can we say hotpatching??

Server maintenance gets faster and easier, for a price: Windows Server 2022 can upgrade directly from Windows Update. Microsoft also introduced Hotpatching for all versions of Windows 2025, but this requires Azure Arc to be enabled and have an active subscription.

Active Directory gets some love: A new functional level introduces scalability enhancements such as larger pages and support for over 64 cores. There are also several security improvements to the LDAP and Kerberos and the ability to prioritize replication.

NTLM is on the way out: Windows will now support local Kerberos authentication and provide a Local KDC feature.

Several storage enhancements: Improvements for NVMe, Storage Replica performance enhancements, and ReFS native Dedup and Compression.

Hyper-V gets better GPU support: You can now partition GPU resources, or assign GPUs to an HA pool. Hyper-V is also getting dynamic processor compatibility, allowing you to have multiple processor generations within the same cluster.

File Servers Improvements: Microsoft is rolling out SMB over QUIC for secure access to corporate file shares without a VPN.

These are just the highlights that I picked up after watching the last Ignite session: Introducing Windows Server 2025!

How a tiny Pacific Island became the global capital of cybercrime | MIT Technology Review

Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.
— Read on www.technologyreview.com/2023/11/02/1082798/tiny-pacific-island-global-capital-cybercrime/

(From How .tk Became a TLD for Scammers – Schneier on Security
— Read on www.schneier.com/blog/archives/2023/11/how-tk-became-a-tld-for-scammers.html)

Meross Smart Wi-fi Garage Door Opener

I’ve been having trouble controlling my garage door using the MyQ integration in Homebridge. The MyQ plugin would randomly stop working until I restarted the Homebridge server. Then it stopped working after the most recent plugin update. I tried several fixes from Reddit that didn’t work, so I gave up and started using the MyQ app again. The MyQ API calls used by these plugins are proprietary, and it looks like MyQ doesn’t want any 3rd parties utilizing it. So no more telling Siri to close my garage door until I fix it.

I stumbled across the Meross Smart Wi-Fi Garage Door Opener (MSG100HK) in one of those Reddit posts while trying to fix my old setup. I’ve been happy with the other Meross HomeKit devices I’ve purchased. Meross integrates nicely with Apple Home, and they have a good price point. This device is no different – it lists for a bit less than the MyQ devices do.

The Meross opener operates differently from the MyQ setup. Everything is wired to your door opener, so there are no batteries to replace. There is also no programming a new remote with your door opener, making almost any garage door opener compatible with Meross’ opener. Installation took about 30 minutes including taking down the MyQ. Adding to Apple Home took about 30 seconds and did not require the Meross app.

My experience with the Meross opener is better than MyQ. The opener responds nearly instantly to open/close commands. There is also no warning beep or flashing light when you trigger a door close. It works just like the button on your wall! I recommend the Meross Smart Wi-Fi Garage Door Opener (MSG100HK) over a MyQ device.

PKI Best Practices – xdot509.blog

This blog posting is just a list of PKI best practices and common practices. If you are implementing your own PKI or simply assessing your own PKI you can use this list to determine if your design or implementation is inline with industry best practices. This is by no means an exhaustive list, just common…
— Read on xdot509.blog/2020/10/15/pki-best-practices/

The rest of August

I’ve been busy during work hours and relaxing off-hours, meaning this post covers three weeks instead of the 1 week that I intended.

Home Automation: Simple steps to offload some maintenance work this week. I am setting up unattended-upgrades to automatically install most updates including restarting if needed. If all works as expected, I should be getting emails from the machines after they patch. I used this article from LinuxOpSys to set it up, but I also had to install the mailutils package to ensure I had the ability to send emails.

Reading

#328 – Health & Longevity – Making Sense with Sam Harris – Overcast – My key takeaway from this episode is the only proven weight reduction is caloric restriction. I find it curious that nobody home much nutrient density has fallen in our food.

Black Hat USA 2023 – Bitdefender macOS Threat Report Reveals Key Dangers for Mac Users – Looks like Trojans are the most likely threat to a Mac.

Stopping at 90% – Austin Z. Henley – Did you document your work? Did you share your work with your team? Can someone pick up where you left off? If not, you are not done.

Bill Gates-backed nuclear contender Terra Power aims to build dozens of UK reactors – CityAM – When will the US get behind these small modular reactors? These could be installed in/around existing substations, providing greater capacity and resilience for our grid.

Solar power generation averted Europe’s heat crisis – I want solar on my home even more now.

Run every day – Duarte O.Carmo – I appreciate the concept of taking back your time, especially to prioritize your health.

People are losing more money to scammers than ever before. Here’s how to keep yourself safe | AP News – Unfortunate but verifiable true stats. We see far too many folks succumbing to scams every day.

This Heat Is Shaking the Very Foundation of the Ocean Food Web | WIRED – More negative impacts from climate change.

Fitch downgrades U.S. after debt limit stalemate – POLITICO – Old news – still feels like a country-wide facepalm just happened.

PodcastOne: 875: Jonathan Kennedy | How Pathogens Have Shaped Our World – Wow

What I’m Doing and How It’s Going – A very powerful and informative post from Daniel Messler on what he’s doing now that he left corporate life. I personally think he’s got a somewhat negative view on what corporates are doing, but he’s s not far off the mark. It is time to go if a business can only motivate someone by having them in the office and under their thumb. There were plenty of jobs that never would have been WFH, and plenty of people who just are not cut out for it. But if you have got the right people in the right seats on the bus, then you’re probably fine.

Billion Dollar Heist: The simple typo that stopped the Bangladesh bank robbers from stealing $1 billion – Always proofread before hitting submit – even if you are a criminal. (Via Cyberwire)

First weeks of August

I feel really positive about how I’ve ended the last couple of weeks post-vacation. I’ve gotten to enjoy late Upstate summers spending loads of time in our backyard outdoor oasis with my wife watching the fur-kids play.  I’m finishing this week’s post doing just that with a cup of coffee. Side note – I got stung by yellowjackets about 15 minutes after I closed my laptop this weekend, so this post is a bit delayed.

My Projects

Leadership: Most of my last two weeks have been spent in meetings and catching up from being on vacation. I started to feel overwhelmed as I was pushing off “actual work” and administrative tasks, but I decided to use this as an opportunity to use some “tactical delegation.” I have a bad habit of loving the get my hands dirty, but that leaves me in the precarious position of balancing “real work” with leading my team and maintaining relationships with my colleagues. The latter typically suffers because of that. Not only does delegation preserve precious time for higher value things, but it also allows me the opportunity to build relationships and coach my team in both soft and technical skills. I find this more rewarding and it leaves me with a net positive in energy at the end of the day. Unfortunately, I still have to process a buttload of invoices until we find a better way to do our AP.

Intune: My team has been working to build our BYOD environment in Intune so we can leverage some cost savings. The initial work of setting up our device profiles is complete, but we’ve been struggling with the Microsoft Tunnel setup.

Shortcuts: I’ve been working on some iOS shortcuts to help me build these posts.  The initial shortcut will grab the page title and link, then create an email from it.  I can then type my draft thoughts into the email and send it to myself. This made for a housekeeping nightmare, so I’m testing out dropping the links directly into a note in Apple Notes. Both shortcuts appear to work much better on my iPhone, but they also function on one of my MacBooks. I think I’m 80% complete here.

HomePod: I’ve also picked up a HomePod Mini to become my HomeKit hub. I’ve been using Homebridge to bring MyQ, SmartThings, LG, and the various other smart devices I’ve collected into one panel. Adding the HomePod should allow me to set up automations as well as manage my devices remotely. So far the HomePod is working as expected with the added bonus of being a great little speaker. I use it mainly in the office, but it’s seen the backyard a couple of times to play my Apple Music playlist.

Reading

New Cisco platform deploys AI to take VPN decision-making off your plate – EVERYONE hates VPNs, but EVERYONE still uses VPNs.  Cisco Multicloud Defense would take the decision-making process out of the user’s hands and automatically tunnel the traffic that needs to be. I’m not sure this is truly AI as you can currently do this with AnyConnect OnDemand rules.

Apple issues third mobile OS update after zero-click spyware campaign | CyberScoop (From Risky Business #714) – I have been impressed by how quickly these patches can be deployed with Apple’s new deployment method.

Cyberattack causes multiple hospitals to shut emergency rooms and divert ambulances (From RiskyBiz News 8/7) – Ransomware attacks against critical infrastructure should be treated like a terrorist attack.

Satellites Are Rife With Basic Security Flaws (From Risky Business #714) – No surprises here as this is IoT for space.

Tenable CEO accuses Microsoft of negligence in addressing security flaw (From Risky Business #714) – Is Microsoft backsliding into the same shenanigans they pulled in the 2000s?

The Linux Community Is Circumventing Red Hat’s Controversial New Strategy – I’m glad to see some of the more popular Red Hat-based distros have gotten around the death of CentOS.  

If your iPhone or iPad is too old, you won’t get these new iOS 17 or iPadOS 17 features – The Mac Security Blog – Nothing here that is going to make you run out and buy a new phone.

If your Mac is too old, you won’t get these new macOS Sonoma features – The Mac Security Blog – Same story for a second time.

Practical Protection: Who Watches the Watchers?  | Practical365 – Paul linked two ideas from last week’s Risky Business podcast to give us some hints on preventing breaches in a Microsoft environment.

Exchange Online Enforces Sender DMARC Policy | Practical365 – Microsoft is sending a big message by honoring DMARC policies across the board. I highly recommend you verify your SPF, enable DKIM signing for all approved senders, and create a DMARC policy so recipients reject any spoofed email sent using your domain. I also recommend you setup a DMARC block-all policy for any domains that you own but do not use.

Microsoft resolves vulnerability following criticism from Tenable CEO – I have to agree with the Tenable CEO on this one. Microsoft has gone back to a culture of secrecy, denial, and stalling in all of its platforms. This is unacceptable for an organization profiting off a considerable number of businesses depending on their security.

DIY Scientists and Institutions Are Racing to Replicate the Room-Temperature Superconductor – Didn’t we do this song and dance years ago only to disturb was a farce?

Scientists Control Human DNA with Electricity in ‘Leap Forward’, Study Reports – Ok this is cool. Maybe a wearable DNA editor is in our future?

The Mystery of Chernobyls Post-Invasion Radiation Spikes | WIRED – Add radiation detectors to the never-ending list of hackable IoT devices.

What Doctors Wish You Knew About HIPAA and Data Security | WIRED – Your health data is only covered by HIPPA in a healthcare provider system. Apple Health, Fitbit, etc. are not covered at all. Read the fine print.

NASA regains contact with Voyager 2 after it went dark for two weeks | Engadget – Voyager 2 amazes me. 45 years old and still on mission!

How to see the Perseid meteor shower this weekend, 2023’s best – Eyes to the skies this weekend!

July Notables

I’ve taken my sweet time on this one. Multiple work projects, holidays, and a vacation.

The Final Frontier

Asteroid mining startup AstroForge will test its metal refinery tech in space this year – Finally, we are looking at the resources outside our own atmosphere!

243 | Joseph Silk on Science on the Moon — Sean Carroll’s Mindscape: Science, Society, Philosophy, Culture, Arts, and Ideas – Another discussion of getting humanity into space using the Moon as our jumping-off point.

Science Stuff

An Ancient Battle Is Playing Out in the DNA of Every Embryo – Interesting read.

Patient undergoes double neural bypass surgery | Popular Science – Some amazing work in using implants and AI to repair spinal damage.
This Prosthetic Limb Actually Attaches to the Wearer’s Nerves | WIRED UK – Amazing work with direct neural drive of prosthetics that allows finer motor control.

World Issues

Could the non-free regimes of the world be looking at long-term self-immolation?

859: Bradley Schurman | Demographic Collapse in Russia, China & the USA (The Jordan Harbinger Show) – An interesting listen on how some of the major superpowers might be facing population collapse. Will it be a bad thing? It depends.
How much trouble is China’s economy in? – It sounds like China’s economy could be taking a downturn, but leadership appears to be confident in a recovery. But how long will that recovery last?

Why U.S. credit rating was downgraded and debt is rising – The Washington Post – The US has dropped from AAA to AA+ bond rating due to how our elected officials are handling budget negotiations.  I wondered when the repeated crises would come back to bite us. Maybe it’s time we push both parties to work together instead of fighting.

IT

The Cloud Is a Prison. Can the Local-First Software Movement Set Us Free? | WIRED – I like the idea of local-first considering the impacts of our cloud services going offline, or just getting crappier and more expensive.

Some good articles on Microsoft 365 that I found over the week:
Practical Protection: Five Things To Know About Microsoft 365 Auditing – TL;DR – you don’t get most audit logging unless you pay for it.
Resolving the Five Most Common Conditional Access Misconfigurations – A great high-level look at leveraging conditional access policies for Microsoft Online.

NSA Releases Guide to Harden Cisco Next Generation Firewalls – The NSA published a comprehensive set of Firepower hardening advice.  I suggest anyone running Cisco Firepower devices take a look.  Most of the recommendations are standard practice, but it also explains how to properly build your ACLs.

My zsh shell takes forever to open sometimes – why?
Speeding Up My Shell (Oh My Zsh) | Matthew J. Clemente – In-depth review of Matthew’s attempts to speed up his zsh shell.
Speeding up zsh and Oh-My-Zsh | JonLuca’s Blog – another take on improving zsh load times.

Leadership

The Right Way to Hold People Accountable – Great article on the right way to hold people accountable.
17 Reasons NOT To Be A Manager – Got this from Daniel Miessler’s newsletter this week. This is a spot-on view of the differences between being a technical individual contributor versus management.  I’ve found much of this spot on with my leadership journey.

Health

These 8 habits could add up to 24 years to your life, study says | CNN – Another good find from Daniel Miessler this week.  Seems there is still hope for the fortysomething crowd after all.
A lack of sleep blocks brain-boosting benefits from exercise, study says | CNN – It looks like not sleeping well or enough can undo everything else you are working towards healthwise.
AMA #9: Kratom Risks, Does Infrared Sauna Work & Journaling Benefits – Huberman Lab – Overcast – Andrew Huberman tells you all about Kratom, including the very serious risks.  TL;DR – don’t do it.

Microsoft Sharepoint outage caused by use of wrong TLS certificate

Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main .com domains for the Microsoft 365 services.
— Read on www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-outage-caused-by-use-of-wrong-tls-certificate/