Weeknote 4: music; teenagers; creating a chatbot; tech, more tech and tech TV; 7 day photo challenge; and cycling (Week 46, 2017)

Another week, another weeknote…

There’s not much to say about work this week – I’ve mostly been writing documentation. I did spend a good chunk of Monday booking hotels and travel, only to find 12 days of consulting drop out of my diary again on Friday (cue hotel cancellations, etc.) but I guess that’s just life!

Family life: grime, rap and teens!

Outside work, it’s been good to be close to home and get involved in family life again.

I had the amusement of my 11 year-old and his friends rapping to their grime music on my car on the way to/from football training this week (we’re at the age where it’s “Dad, can we have my music on please?”) but there’s only so much Big Shaq I can take so I played some Eminem on the way back. It was quite endearing to hear my son say “I didn’t know you knew about Eminem!” after I dropped his mates off. I should make the most of these moments as the adulation is dropping off now he approaches his teens!

Talking of teens, my eldest turned 13 this week, which was a big day in the Wilson household:

 

I’m not sure how this little fella grew into this strong chap (or where the time in between has gone) but we introduced him to the Harry Enfield “Kevin the teenager” videos a few months ago. I thought they were funny when I was younger but couldn’t believe how accurate they are now I’m a parent. Our boys clearly understood the message too and looked a bit sheepish!

Tech

I did play with some tech this week – and I managed to create my very own chatbot without writing any code:

Virtual Mark (MarkBot1) uses the Microsoft QnA Maker and runs in Microsoft Azure. The process is described in James Marshall’s blog post and it’s very straightforward. I’m using Azure Functions and so far this serverless solution has cost me absolutely nothing to run!

It’s also interesting reading some of the queries that the bot has been asked, which have led to me extending its knowledge base a few times now. A question and answer chatbot is probably more suited to a set of tightly bounded questions on a topic (the things people can ask about me is pretty broad) but it’s a nice demo…

I also upgraded my work PC to the latest Windows 10 and Office builds (1709 and 1710 respectively), which gave me the ability to use a digital pen as a presentation clicker, which is nice, in a geek-novelty kind of way:

Tech TV

I have an Amazon Prime membership, which includes access to Amazon Prime Instant Video – including several TV shows that would otherwise only be available in the US. One I enjoy is Mr Robot – which although completely weird at times is also strangely addictive – and this week’s episode was particularly good (scoring 9.9 on IMDB). Whilst I was waiting for the next episode to come around, I found that I’d missed a whole season of Halt and Catch Fire too (I binge-watched the first three after they were recommended to me by Howard van Rooijen/@HowardvRooijen). Series 4 is the final one and that’s what presently keeping me from my sleep… but it’s really good!

I don’t have Netflix, but Silicon Cowboys has been recommended to me by Derek Goodridge (@workerthread). Just like the first series of Halt and Catch Fire, it’s the story of the original IBM PC clone manufacturers – Compaq – but in documentary format, rather than as a drama series.

iPhone images

Regular readers may recall that a few weeks ago I found myself needing to buy a new iPhone after I fell into the sea with my iPhone in my pocket, twisting my ankle in the process…

People have been telling me for ages that “the latest iPhone has a great camera” and, in daylight, I’m really impressed by the clarity and also the bokeh effect. It’s still a mobile phone camera with a tiny sensor though and that means it’s still really poor at night. If a full-frame DSLR struggles at times, an iPhone will be challenged I guess – but I’m still finding that I’m inspired to use the camera more.

7 Days 7 Photos

Last week, I mentioned the 7 days, 7 photos challenge. I’ve completed mine now and they are supposed to be without explanation but, now I have a set of 7 photos, I thought I would explain what and why I used these ones. I get the feeling that some people are just posting 7 pictures, one a day, but these really do relate to what I was doing each day – and I tried to nominate people for the challenge each day based on their relevance to the subject…

Day 1

7 Days 7 Photos Day 1

I spotted this pub as I walked to Farringdon station. I wondered if “the clerk and well” was the origin of the name for “Clerkenwell” and it turns out that it is. Anyway, I liked the view of the traditional London pub (I was on my way home from another one!) and challenged my brother, who’s a publican…

Day 2

7 Days 7 Photos Day 2

I liked the form in this photograph of my son’s CX bike on the roof of my car. It didn’t look so clean when we got back from cyclocross training though! I challenged my friend Andy, whose 40th birthday was the reason for my ride from London to Paris a few years ago…

Day 3

7 Days 7 Photos Day 3

Not technically a single photo – lets’ call it a triptych, I used the Diptic app (as recommended by Ben Seymour/@bseymour) to create this collage. I felt it was a little too personal to nominate my friend Kieran, whose medals are in the lower left image, so I nominated my friend James, who was leading the Scouts in our local remembrance day parade.

Day 4

7 Days 7 Photos Day 4

I found some failed backups on my Synology NAS this week. For some reason, Hyper Backup complained it didn’t have enough storage (I’m pretty sure it wasn’t Azure that ran out of space!) so I ran several backups, each one adding another folder until I had all of my new photos in the backup set. I felt the need to challenge a friend who works in IT – so I challenged my friend Stuart.

Day 5

7 Days 7 Photos Day 5

My son was cake-baking, for Children in Need, I think – or maybe it was my other son, baking his birthday cake. I can’t really remember. I challenged a friend who runs a local cafe and regularly bakes muffins…

Day 6

7 Days 7 Photos Day 6

Self-explanatory. My son’s own creation for his birthday. I challenged my wife for this one.

Day 7

7 Days 7 Photos Day 7

The last image is following an evening helping out at Scouts. Images of attempts to purify water through distillation were not that great, so I took a picture of the Scout Badge, and nominated my friend Phil, who’s another one of the local Scout leaders.

(All seven of these pictures were taken on an iPhone 8 Plus using the native camera app, then edited in Snapseed and uploaded to Flickr)

Other stuff

I like this:

And I remember shelves of tapes like these (though mine were all very neatly written, or computer-generated, even back in the 1980s):

On the topic of music, look up Master Boot Record on Spotify:

And this “Soundtrack for Coding” is pretty good for writing documentation too…

I added second-factor authentication to my WordPress blog this week. I couldn’t find anything that uses the Microsoft Authenticator, but this 2FA WordPress plugin from miniOrange uses Google Authenticator and was very easy to set up.

Some UK libraries have started loaning BBC Microbits but unfortunately not yet in my manor:

Being at home all week meant I went to see my GP about my twisted ankle (from the falling-into-the-sea incident). One referral later and I was able to see a physio… who’s already working wonders on helping to repair my damaged ligaments. And he says I can ride my bike too… so I’ll be back on Zwift even if cyclocross racing is out for the rest of the season.

Cycling

On the subject of Zwift, they announced a price rise this week. I understand that these things happen but it’s gone up 50% in the US (and slightly more than that here in the UK). All that really does is drive me to use Zwift in the winter and to cancel my membership in the summer. A more reasonable monthly fee might make me more inclined to sign up for 12 months at a time and create a recurring revenue for Zwift. Very strange business model, IMHO.

I particularly liked the last line of this article:

“Five minutes after the race
That was sooo fun! When can I do it again?!”

I may not have been riding cyclocross this weekend, but my son was, and Sunday was the popular Central Cyclocross League race at RAF Halton. With mud, sand, gravel and steep banks, long woodland sections and more, it looked epic. Maybe I’ll get to ride next year!

I did get to play with one of the RAF’s cranes (attached to a flatbed truck) though – amazing how much control there is – and had a go on the road safety rig too.

And of course, what else to eat at a cyclocross event but Belgian fries, mayo and waffles!

Finally, my friends at Kids Racing (@kidsracing) have some new kit in. Check out the video they filmed at the MK Bowl a couple of weeks back – and if you have kids in need of new cycling kit, maybe head over to HUP CC.

Wrap-up

That’s it for this week. Next week I have a bit more variation in my work (including another Microsoft event – Azure Ready in the UK) and I’m hoping to actually get some blog posts written… see you on the other side!

Securing the modern productive enterprise with Microsoft technology

“Cybercrime costs projected to reach $2 trillion by 2019” [Forbes, 2016]

99: The median number of days that attackers reside within a victim’s network before detection [Mandiant/FireEye M-Trends Report, 2017]

“More than 63% of all network intrusions are due to compromised user credentials” [Microsoft]

The effects of cybercrime are tremendous, impacting a company’s financial standing, reputation and ultimately its ability to provide security of employment to its staff. Nevertheless, organisations can protect themselves. Mitigating the risks of cyber-attack can be achieved by applying people, process and technology to reduce the possibility of attack.

Fellow risual architect Tim Siddle (@tim_siddle) and I have published a white paper that looks at how Microsoft technology can be used to secure the modern productive enterprise. The tools we describe are part of Office 365, Enterprise Mobility + Security, or enterprise editions of Windows 10. Together they can replace many point solutions and provide a holistic view, drawing on Microsoft’s massive intelligent security graph.

Read more in the white paper:

Securing the modern productive enterprise with Microsoft technology

Missing Office 365 icons after blocking untrusted fonts in Windows 10

One of my customers contacted me recently to ask about a challenge they had seen with Windows 10. After blocking untrusted fonts in Windows 10, they noticed that parts of the Office 365 portal were missing icons.

The problem

The issue is that Office 365 uses a font to display icons/glyphs (to improve the experience when scaling to adapt to different screen sizes). It appears some browsers are unable to display the embedded fonts when they are untrusted – including Internet Explorer according to one blog post that my colleague Gavin Morrison (@GavinMorrison) found – apparently Edge has no such issues (though I can think of many more issues that it does have…) – Chrome also seemed to work for me.

There’s some good information about blocking untrusted fonts on TechNet and this highlights that:

“Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.”

The fix

So, that appears to be the issue. What’s the fix?

It seems there are two workarounds – one includes excluding processes from the font blocking (but it’s no good excluding a browser – as the most likely attack vector for a malicious font would be via a website!) and the other includes installing the problematic font to %windir%\Fonts.

Tracking down the Office 365 font

So, where do you get hold of the Office 365 font? I thought it should be part of the Office UI fabric but I couldn’t find it there, nor any reference to it in the Office developer documentation (there are some icons in the fabric – but they don’t seem to be the ones used for the Office 365 portal).

There is a site where you can select Office 365 glyphs and download a font file but I’m not sure that will address the issue with the Office 365 fonts being blocked in the portal, so some more detective work was required…

Stefan Bauer has posted quite a lot of information on the Office 365 fonts (there’s more in his “lab”) but it seems the CDN location Stefan highlights has changed. Thomas Daly found some new locations (and helpfully hosts a copy of the font on his site) but I wanted to signpost my customer to a Microsoft-provided source.

One of the locations that Thomas highlights is https://outlook.office365.com/owa/prem/16.0.772.13/resources/styles/fonts/office365icons.ttf but that results in an HTTP Error 404 now (not found). So I opened the Office 365 portal in my browser and started the Debugger. Then, I found the following line of code that gave me a clue:

<meta name="msapplication-TileImage" content="https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/images/0/owa_browserpinnedtile.png"/>

I used that base location (up to and including the version number) with the tail end of the URI that Thomas had provided and was pleased to find that https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/styles/fonts/office365icons.ttf got me to an installable TrueType font file for the Office 365 fonts on Windows.

I expect the location to change again as the version number is updated but the method of tracking down the file should be repeatable.

Testing my theory

Testing on one of my PCs with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions set to 0x1000000000000 resulted in Internet Explorer loading the Office 365 portal without icons and Event ID 260 recorded in the Microsoft-Windows-Win32k/Operational log:

C:\Program Files (x86)\Internet Explorer\iexplore.exe attempted loading a font that is restricted by font loading policy.
FontType: Memory
FontPath:

Office 365 fonts blocked - missing icons

After installing the Office 365 icons font (office365icons.ttf) and refreshing the page, I was able to view the icons:

Office 365 fonts installed - icons visible

Uninstalling the font locally and refreshing once more took me back to missing icons.

I then tidied up by setting the MitigationOptions registry key to 0x2000000000000 and restarting the PC, before removing the registry entry completely.

Further reading

Block programs from loading untrusted fonts in Windows 10.

Forcepoint’s 2017 Security Predictions

Last week, I spent an evening at my local BCS branch meeting, where Scott Bullock (Cloud Trust Officer at Forcepoint Cloud) was presenting Forcepoint’s 2017 Security Predictions.

For those who aren’t familiar with Forcepoint, they were formed from a combination of Websense, Ratheon Cyber Products and Stonesoft. Most of us have heard of Websense (and maybe Ratheon) but it seems Forcepoint have a suite of email, web and data protection products. They cite metrics like 27 globally distributed data centres, 5 billion web transactions a day, and 400 million emails processed per day. Those numbers may be a fraction of those processed by Microsoft (it would be interesting to compare with Symantec) but they are still significant.

What follows are my notes from Scott’s talk. My observations are in the square parentheses [].

A look back at 2016

Before looking at the 2017 predictions, Scott took a look at last year’s score card:

  • US Elections will drive significant themed attacks – A+
  • Mobile wallets and new payment technologies introduce increased fraud risks – C
  • New GTLD domains provide new opportunities for attackers – B
    • These are mostly spelling errors on recognised sites – for example rnarkwilson.name instead of markwilson.name. With the number of GTLDs in existence now, it’s harder than ever for companies to register all of the domains associated with their brands/trademarks.
  • Cyber insurers will require more evidence for coverage – B+
    • It’s no longer good enough to forget about implementing security measures and rely on insurance.
  • DLP adoption will dramatically increase – B
    • Data loss prevention is coming back into favour [I’m not sure it ever went away…]
  • Forgotten technology will increase risks to organisations – B
    • [Technical debt is never good]
  • IoT will help but also hurt more – B
    • Worm took over DVR and DoS…
  • Social views of privacy will evolve – great impact to defenders – B

Forcepoint give themselves a B+ overall… and you can read what you like into whether that means the predictions are worth taking note of (Matt Ballantine has some comments on that in his WB40 podcast with Chris Weston where he discusses Foxes and Hedgehogs). Nevertheless, let’s see what they are predicting for this year…

So what’s in store for 2017?

  1. The digital battlefield is the new cold (or hot?) war
    • Enhanced NATO policy on collective defence (article 5 – if one nation is attacked, then will work together) could lead to military responses to cyber attack
    • The potential and consequences of misattribution could lead to destabilization of the policy.
    • Essentially, cyber warfare could have physical impacts. [Worrying]
  2. Millennials in the machine
    • The digital generation know how to mix business and pleasure – millennials bring an understanding of the digital realm into the workplace.
    • Millennials are used to over-sharing information. [So they are also used to the consequences.]
    • The potential for accidental data leakage has risen (e.g. take a picture of a whiteboard at work and it’s automatically uploaded to iCloud)
    • [I’m calling BS on this one – if indeed there is any difference in the ways that each generation uses tech – which I doubt – then it’s more likely that there is a bigger issue with Generation X and Baby Boomers not being as cyber-savvy as millennials.]
  3. Compliance and Data protection convergence
    • EU GDPR is around the corner and will come into place in May 2018
    • Businesses will redefine their organisational processes to accommodate new controls
    • The onset of new data protection controls will incur costs for businesses and that impact will be most felt by large enterprises that have not yet begun to prepare:
      • Companies need to appoint a Data Protection Officer
      • Fines can be 4% of global annual turnover…
      • Will apply on top of DPA (enforced by Data Protection Office)
  4. Rise of the corporate-incentivised insider threat
    • Corporate abuse of PII will increase; business goals will drive poor decisions resulting in bad behavior
      • Corporate-incentivized insider abuse of customer PII – is it just too tempting?
    • Regulations will further restrict corporate and personal access to digital information
  5. Technology convergence and security consolidation 4.0
    • Mergers and acquisitions change the security vendor space
    • Cybersecurity corporations are buying up smaller vendors
    • Vendors that are not consumed or do not receive venture capital funding will exit the market
    • Products will stagnate/orphans as a result of mergers and acquisitions
    • Adjustments in employee base will benefit the cyber security skills shortage
    • [Whilst I can see the convergence taking place in the security sector, I have to take this prediction with a massive pinch of salt, bearing in mind its source!]
  6. The cloud as an expanding attack vector
    • Cloud infrastructure provides an ever-expanding attack vector with possibilities for hacking the hypervisor
      • [I’d suggest this is more of an issue for so-called “private clouds” as the major players – Amazon, Microsoft, Google cannot afford a breach and are investing heavily in security – Microsoft spends over $1bn annually on security-related R&D and acquisitions]
    • Organisations will combine on premises and cloud infrastructure – a hybrid approach
      • [Yes, but this is for much broader reasons than security]
    • DOS of cloud providers will increase so ask what anti-DDoS protection they have and check that you have the right to audit…
      • [Isn’t that just due diligence?]
  7. Voice-first platforms and command sharing
    • Voice-first AI and command sharing bring a new level of convergence
    • Voice activated AI will radically change our interactions with technology
    • AI will be able to distinguish between individuals and their patterns of behaviour
      • For example it will know when you’re at home, tech in house, when to burgle you!
    • AI will influence our normal or default settings
    • The number of voice-activated apps will rise significantly in 2017 – and so will attacks
      • [I already mute Alexa in my home office when I’m working – do you really want your conversations being overheard and used for analysis?]
  8. AI and the rise of autonomous machine hacking
    • The rise of the criminal machines
    • Automated hacking machines vs. AI cyber defence machines
    • Widespread weaponisation of autonomous hacking machines will occur in 2017
    • State actors could use such systems to overwhelm rival national cyber defences
  9. Ransomware escalation
    • Ransomware is here to stay
    • Data will be held to ransom, and traded
    • Ransomware will morph to gain data exfiltration capabilities
      • Taken to another network and sold to others… pay multiple times…
  10. Abandonware vulnerability
    • Legacy tools leave holes in your defences
      • [This is not new. We call it technical debt!]
    • End-of-life abandoned software will lead to data breaches
      • Lapsed domains are bought up and used to inject code into software that phones home for updates
      • Systems are not patched
    • Businesses will start to consider the perils of abandonware
      • [And some will continue to ignore it, at their peril!]

In conclusion

Security challenges arise from the convergence of the digital and physical worlds and treating each world as insulated is an obsolete view.

The full report is available from the Forcepoint website.

Short takes: super-sized Windows desktop icons; LastPass multifactor authentication; MTP on Windows 10 1607

A collection of short posts that don’t justify their own blog post!

Fixing super-sized Windows desktop icons

Mostly, I don’t get on with track pads – there’s just something about them that I find awkward and before I know it the cursor is shooting off somewhere that I don’t want it to be, icons are being resized, or something equally annoying.

I recently found myself in a situation where an errant trackpad response to my hot hands hovering over it whilst typing had left me with super-sized desktop icons but I couldn’t work out how/why. Luckily this Lifehacker article helped me put things right – a simple Ctrl + mouse scroll got my icons back to the size they should be…

LastPass Multifactor Authentication

For many years, I’ve used LastPass as my Password Manager. I don’t normally reuse passwords and have gradually been increasing the complexity of my passwords but these days I don’t know the password for the majority of the sites I visit – LastPass fills it in for me. The one weakness in all of this though is my master password for LastPass. It’s a long and secure passphrase but what if it was compromised? Well, now I have multifactor authentication enabled for LastPass too. It’s really simple to set up (just a couple of minutes) and options include Google Authenticator as well as LastPass’ own Authenticator app.

MTP not working on Windows 10 anniversary update (1607)

My son has an Elephone P9000 smartphone, running Android Marshmallow.  He was struggling to get it working with our family PC to import his pictures until I found this forum post that explains the process. It seems that, on the Windows 10 Anniversary Update (1607), the Media Transfer Protocol (MTP) driver needs to be manually installed:

  1. Go to C:\Windows\INF
  2. Type “wpdmtp.inf” in search bar provided to the right of the address bar in Windows.
  3. Once you found it, just right click on it and select install. It will take a very few seconds.
  4. Connect your device to the PC.

Short takes: a password generator; cybercrime 101 and an HTML table generator

Some more browser tabs turned into mini-snippets of blog post…

Password generator and cybercrime advice

The Random number service (random.org) has a useful password generator (though I tend to let LastPass generate mine, this is useful when creating passwords in customer implementations).

And, whilst on the subject of security – Microsoft Researcher Shawn Loveland has written a useful introduction to understanding cybercrime.

HTML table generator

I know that HTML tables fell out of fashion when we started to use CSS but they do still have a place – for displaying tabular data on a web page – just not for controlling page layouts!

I needed to create a table for a blog post recently and I found this HTML Table Generator that did a fair chunk of the legwork for me…

A “Snooper’s Charter” for the postal system?

I spotted this on my Facebook feed today, from an old University friend, who now works as a Senior Cyber Security Consultant:

“I will shortly be writing to my MP urging him to push the Cabinet to extend it’s Investigatory Powers Bill to mandate that all mail carriers must open all letters they collect, scan their contents, and store those images in an archive for a given period in case law enforcement agencies needed to review their contents. Furthermore, I think it would be reasonable outlaw glue on envelopes altogether…with a recommendation to allow postcards only.

I urge the rest of the UK to do the same as a matter of priority due to concerns around National Security.”

He always had a wicked sense of humour but for those who think this is just banter, it really is the postal mail equivalent of what the UK Government is proposing for email in the Investigatory Powers Bill (nicknamed “The Snooper’s Charter”). The staggering thing is that the UK public is largely unaware – generally engagement with politics here is low and I’d wager that the combination of politics and technology has a particularly high “snooze factor”.

[Perhaps Parliament needs to be transformed to involve some kind of “bake-off” type element with MPs getting voted out each week based on their performance. The Westminster Factor. Britain’s Got Legal Talent. Would that get the public involved?]

Putting aside low social engagement in politics (or anything that’s not a big competition on TV) this quote highlights how out of touch our legislators are with the realities of digital life – and how ridiculous the new law would be if applied to analogue communications…

Short takes: calculating file transfer times; Internet breakout from cloud datacentres; and creating a VPN with a Synology NAS

Another collection of “not-quite-whole-blog-posts”…

File transfer time calculations

There are many bandwidth/file transfer time calculators out there on the ‘net but I found this one particularly easy to work with when trying to assess the likely time to sync some data recently…

Internet breakout from IaaS

Anyone thinking of using an Azure IaaS environment for Internet breakout (actually not such a bad idea if you have no on-site presence, though be ready to pay for egress data) just be aware that because the IP address is in Holland (or Ireland, or wherever) location-aware websites will present themselves accordingly.

One of my customers was recently caught out when Google defaulted to Dutch after they moved their client Internet traffic over to Azure in the West Europe region… just one to remember to flag up in design discussions.

Creating a VPN with a Synology NAS

I’ve been getting increasingly worried about the data I have on a plethora of USB hard disks of varying capacities and wanted to put it in one place, then sync/archive as appropriate to the cloud. To try and overcome this, I bought a NAS (and there are only really two vendors to consider – QNAP or Synology).  The nice thing is that my Synology DS916+ NAS can also operate many of the network services I currently run on my Raspberry Pi and a few I’ve never got around to setting up – like a VPN endpoint for access to my home network.

So, last night, I finally set up a VPN, following Scott Hanselman’s (@shanselman) article on Setting up a VPN and Remote Desktop back into your home. Scott’s article includes client advice for iPhone and Windows 8.1 (which also worked for me on Windows 10) and the whole process only took a few minutes.

The only point where I needed to differ from Scott’s article was the router configuration (the article is based on a Linksys router and I have a PlusNet Hub One, which I believe is a rebadged BT Home Hub). L2TP is not a pre-defined application to allow access, so I needed to create a new application (I called it L2TP) with UDP ports 500, 1701 and 4500 before I could allow access to my NAS on these ports.

Creating an L2TP application in the PlusNet Hub One router firewall

Port forwarding to L2TP in the PlusNet Hub One router firewall

Copy NTFS permissions from one folder/file to another

I’m working with a customer who is migrating from on-premises datacentres to the cloud – using a virtual datacentre in Microsoft Azure. One of the challenges we have is around the size of the volumes on a file server: Azure has a maximum disk size of 1023GB and the existing server has a LUN attached that exceeds this size.

We can use other technologies in Windows to expand volumes over multiple disks (breaking the <1TB limit) but the software we intend to use for the migration (Double Take Move) needs the source and target to match. That means that the large volume needs to be reduced in size, which means moving some of the data to a new volume (at least temporarily).

One of my colleagues moved the data (using a method that retained permissions) but the top level folders that he created were new and only had inherited permissions from their parent. After watching him getting more and more frustrated, manually configuring access control lists and comparing them in the Windows Explorer GUI, I thought there had to be a better way.

A spot of googling turned up some useful information from forums and this is what I did to copy NTFS permissions from the source to the target (thanks to Kalatzis Stefanos for his answer on Server Fault).

First of all, export the permissions from the source folder with the icacls.exe command:

icacls D:\data /save perms.txt [/t /c]

/c is continue on error; /t is to work through subfolders too

Then, apply these permissions to the target volume. They can be applied at volume level, because the export includes the file names and an associated ACL (i.e. it only applies to matching files)

icacls D:\ /restore perms.txt

But what if the source and destination folders/files have different names? That’s answered by Scott Chamberlain in another post, which tells me I can just edit my perms.txt file and change the file/folder name before each ACL.

By following this, I was able to export and re-apply permissions on several folders in a few minutes. Definitely a time saver!

Have I been pwned?

You’re probably aware that LinkedIn suffered a major security breach, in which something like 164,611,595 sets of user credentials were stolen. Surprisingly, you won’t find anything about this in LinkedIn’s press releases.

In less enlightened times (and before I started using LastPass), I may have re-used passwords. That’s why breaches like the one at LinkedIn are potentially bad. Re-using that identity means someone can potentially log in as me somewhere else – I could be pwned.

Microsoft Regional Director and MVP, Troy Hunt (@troyhunt) has set up an extremely useful site called HaveIBeenPwned. Entering your email address (yes, that means trusting the site) checks it against a number of known lists and yes, it seems mine was compromised in three hacks (at LinkedIn, Adobe and Gawker). In all of those cases, I’ve since changed my passwords and for popular sites – where they offer the option – I’ve started to use second factor authentication solutions (Azure MFA has been on my Office 365 subscription for a long time, I use Google two-step verification too and, since tonight, I’ve added LinkedIn’s two-step verification and Facebook Login Approvals).

So, I guess the two points of this post are:

  1. For heavens sake stop re-using passwords on multiple sites – you can’t rely on the security of others.
  2. Turn on 2FA where it’s available.

Hopefully one day soon, passwords will be consigned to the dustbin of technology past…