Blog on Much Ado About IT

Home working, IT Hints and Tips

Julian Knight — Fri, 20 Mar 2020 15:45:05 +0000

The COVID-19 crisis has meant many more people working from home. From long experience with this kind of working, here are some hints and tips to help.

This is taken from an article I wrote for work. Some of it is a little Microsoft-centric I’m afraid but most of it is generally applicable.

I really hope you find something useful in here. If you have other ideas, hints and tips, please do share them in the comments.

Non-IT
Wi-Fi
Alternatives to Wi-Fi
Other Network Considerations
General Hints and Tips
Collaborative working tips
Remote Conferencing

Non-IT

First let’s say that working from home is great for some and horrible for others. There is no right or wrong. Here are a few thoughts about it in general and some ideas, especially for those people who don’t work well when isolated.

You don’t have to be alone!

The many IT tools for social interaction can be a real distraction but in this case, they can be a boon. Find other people who also need more interaction and use social media tools or video conferencing to keep in touch.

Maybe try to find a friend or family member (or household) that would be prepared to sometimes share their evening meal time with you and arrange to have screens at your respective tables so that you can eat “together”. Something like Skype is ideal for that.
Set boundaries and rhythms.

Most people really need some structure to life and you can easily loose sight of this when working from home. Set your own boundaries and create a rhythm to your work life. It may not need to be as rigid as working in an office (which is nice) but consider some of these:
- Have your own private “dress code” that reminds you you are working
- Try to have some set times to get up and stretch or exercise
- Work, play, socialise. You need all three. Balance your time accordingly.
You also need to set boundaries with other people. Children especially but even pets! Make it clear when you are working and when you are not. Consider having some kind of signal (a note, flag, certain cloths, anything really) that shows you are working and that people (and pets) should not be disturbing you.

If younger children are around however, also consider their view of the world. They will not understand you having to work solidly for hours on end. If your job allows it, consider breaking work up more into 1 hour slots for example and spending some time with them in-between.

Now, onto more IT related matters.

Wi-Fi

Get a reliable connection - Wi-Fi signals drop off quite rapidly, especially with cheaper home routers. You may also experience interference from microwaves, cordless phones, baby monitors, and neighbours Wi-Fi. All of these may slow down your connection.
If you know how and have a router that supports it, try to use a 5ghz Wi-Fi connection. It may have less interference, and can be faster. However, it will have less range. If you need the internet to pass through several walls / doors, then 2.4ghz Wi-Fi may be better.
If you have a poor signal from your preferred working position, try moving the laptop a couple of CM in either direction, reflections from walls can sometimes reduce or enhance signals. Try to minimise obstructions between your working area and the Wi-Fi aerials.
Getting the best from your Wi-Fi can be a bit of an art, especially if you are trying to make it reach the whole house. Some routers support a “mesh” arrangement using additional devices, if so that is worth investing in if you are having difficulties in certain areas. Generally recommended to stay away from Wi-Fi “Repeaters” or “Range Extenders” as these sometimes do not work reliably, if you already have one though, by all means try it.
If you cannot use wired connections and are having ongoing problems with Wi-Fi, consider investing in a dedicated “Access Point” and turn off the Wi-Fi on your router. AP’s such as those from Ubituiti’s Unify range (there are plenty of others) will always provide a better signal than one built into a domestic router.

Alternatives to Wi-Fi

If you cannot get a good and reliable Wi-Fi signal:

You can plug into your router using a wired connection if your work area is not too far away - that’s what the little network dongle was for when they gave you your laptop. You may find this better than Wi-Fi.
If you have a fixed home office desk, you might also consider investing in a USB Dock. This will give you a network connection and sockets to plug into external monitors. If you have a USB-C capable laptop, try to get a USB-C dock but the older (and possibly cheaper) USB docks will also work.
Powerline networking is also useful if you want a wired connection but cannot be situated near your router. For about £40, you can create a connection to anywhere you have a plug socket. You will need a pair of units, one of which must be near your router. You will need 2 network cables (check if the Powerline devices come with them). Again, you will need the network dongle for your laptop or a USB Dock.

Other Network Considerations

You may well have other people, including children, around at home and it is all too easy for them to absorb a lot of network bandwidth leaving you with a slow and unreliable connection, especially for conference calls. It is sensible to set early ground-rules. There may be times you need people to avoid Netflix in HD and Skype or intensive online games.
Remember that most home broadband connections are asynchronous. That is to say that you have a higher download (into the house) speed than upload (out of the house). If a document took 2 minutes to download, it may take several times that to send back to the servers when you save it. Generally, you don’t have to think about that except if you are in a hurry to save something, grab the laptop and go somewhere. It is possible to disconnect before the updated document has been fully synchronised back to the servers.
Saving to SharePoint may be quicker than saving to a shared drive since the data doesn’t have to go via the central servers and then back to the Internet, it goes direct to Microsoft’s cloud servers. Also, don’t forget that, for quick and simple edits, you may be able to do this in the browser which saves having to synchronise everything.

General Hints and Tips

Reboot or shut-down from time-to-time. Always reboot as soon as feasible when asked to.
If your laptop seems to be running slowly, try closing some applications or browser tabs/windows. Possibly try rebooting. Especially be mindful if viewing/editing large, complex spreadsheets.
Chromium-based browsers (new Edge, Brave, Vivaldi, Chrome, etc) are currently best for the majority of sites. Only use Internet Explorer (IE) if you really need to (for a legacy app).
Make use of browser shortcuts and bookmarks. Try creating some bookmark folders for a project or for common files or locations. It can save a lot of time.
If Microsoft Outlook is being problematic, you can probably access your email via the browser.
If you can, set aside space and a desk with a decent chair in a room apart from the rest of your household, you will find working from home a lot easier.
If you cannot set aside a separate room, consider having some kind of signal (a note or light maybe?) that lets people know that you are working and shouldn’t be disturbed.
Be realistic about other family members expectations, especially children. You will probably need to be more flexible about work periods. Consider setting aside some time each hour or two to spend with younger children.

Collaborative working tips

There are many collaborative working tools available. Many organisations will probably have some tools already available for you.
If you are an independent worker, you may need to use what your customers use or find something for yourself.
Google G-Suite is easy to setup and good for small organisations. Larger organisations will gain benefit from Microsoft Office 365 with Teams, Yammer, Exchange and SharePoint amongst other powerful tools
Decide what features are important to you and how much you can afford to pay. Then try a few tools, making sure that you test the features you’ve decided are important.

Remote Conferencing

When working remotely, many people will have to spend hours on conference/video calls.

Use a good headset. A good headset ensures good sound for other listeners by eliminating background noise. It protects the wearer’s hearing by keeping to sound levels appropriate for long-term use. It covers both ears which allows your brain to process the sounds in both halves which reduces fatigue and increases comprehension.
Do not use your laptop’s microphone and speakers. These will cause noise in the meeting, may cause feedback and will be distracting and tiring for everyone.
Do use video, at least to begin with and with new people. We still need to see each other. Many people don’t like seeing themselves on video but remember this is for other people, not for you.
When using video, make sure:
- The backdrop is as plain as possible – this is easier for other people
- There is never movement behind you – this is distracting to other attendees and increases bandwidth use significantly
- There isn’t an exposed window behind you - which puts your face in shadow.
Try to pay attention and not be distracted by emails or other work. If it is worth having a meeting, it should be worth attention. If not possibly reconsider whether the meeting or your attendance is necessary.
Set expectations with other family members who may be at home. Consider having a note on the door if you are in a separate room.
If/when your meeting audio and video starts to break up or stutter, consider turning off your video. You can also turn off incoming video. Also let others on the meeting know, they may wish to do the same.
When sharing content or a screen/window from a laptop, this uses quite a lot of bandwidth. You may need to turn off video to compensate.
Sharing an individual application window takes less bandwidth than sharing a whole screen.
Try to start meetings 5 minutes early. This gives time for everyone to get their equipment working. Better still, start 10 minutes early and give people a few minutes to chat and socialise.

Rules for working with dates and times

Julian Knight — Sat, 07 Mar 2020 15:35:49 +0000

Dates and times are incredibly complex. They can be different in different countries, languages. They are often inconsistent and have weird edge-cases. These are some basic rules I apply when working with dates and times.

when handling dates and timestamps, here are the foundation rules that I work to:

Always use ISO date format where possible (YYYY-MM-DD)

So that there can be no ambiguity and so that date strings will naturally sort
Always work in UTC (Aka Zulu time or GMT) except when displaying to the user

To avoid weird errors, especially with timezone and daylight savings transitions. It also makes date/time calculations a LOT easier.
When needing a string format for timestamps, always use ISO format

e.g. 2020-03-07T15:27:46.123Z

These are always unambiguous and easily machine parsed.
When specifying decimal seconds in a timestamp, avoid more than 3 decimal places

The parsing tool used in node-red-contrib-moment to parse input dates in different formats cannot cope with more than 3dp and may return strange dates, a problem that I reported in May 2019 but hasn’t been resolved.

It should also be noted that I’m not sure that MomentJS can cope with more than 9dp.

Also worth noting that JavaScript’s Date native object only supports up to 3dp anyway and will turn anything beyond that into zero’s.

References

parseFormat function issue for >3dp seconds resolution

The worst thing about this issue is that it can result in an incorrect date being returned but does not give a warning.

Checking user access to files in Linux

Julian Knight — Fri, 18 Jan 2019 17:33:26 +0000

How can I know if a user has access to a file or a folder in Linux? Also, what groups is a user a member of? A few things I can never remember how to do.

Add a user to a group

sudo usermod -a -G [userName] [groupName]

Check what groups a user is a member of

groups [userName]

Check if a user has access to a file or folder

sudo -u [userName] ls [path]

# or perhaps

sudo -u [userName] namei [path]

Note that it isn’t always obvious where a blockage may lie in the path. You may need to walk back up the path to find out.

Give a group access to a folder or file

sudo chgrp [grpName] [fileOrFolderPath]

# or

sudo chown [userName]:[grpName] [fileOrFolderPath]

Change the level of group access for a folder or file

sudo chmod -R g+rwx [fileOrFolderPath]

References

Creating GitHub Releases from git Tags

Julian Knight — Sun, 30 Dec 2018 21:23:20 +0000

The workflow for updating version numbers and doing git/GitHub/npm releases is far too complex to easily remember when you aren't doing it very often. This post is a reminder of the various steps.

Just a quick reminder for myself mainly.

GitHub will automatically create a release from a git tag. Having had a request for this from an issue with node-red-contrib-uibuilder, I decided that I’d better look into how to do it.

Why is everything harder than it should be!? Anyway, here is the raw workflow for committing changes to a git managed repository of code, creating a tag, pushing both master and the tag to GitHub and then publishing to npm.

# This could be minor or major instead of patch, it updates package.js
npm npm version patch -m "Patch version bump to %s"
# We might want to stage instead of committing everything at once
git commit -m "Commit message"
git push
# Create a tag to match the npm version
git tag -a v1.4.1 -m "my version 1.4.1"
git push origin --tags
# Publish to npm
npm publish

Of course, the commit and push are easier done direct from VScode.

It is annoying that I can’t link the tag to the npm version.

References

git docs 2.6 Git Basics - Tagging

Use an Authenticator App to Login to PayPal

Julian Knight — Sun, 11 Nov 2018 16:52:21 +0000

PayPal seem to think that SMS text messages are a secure two-factor authentication method. Sadly, they are greatly mistaken. This article explains why and what to do about it.

History

PayPal were early adopters of two factor authentication at a time when there was significant distrust in them as an organisation. Depending on what country you were in, you could get one of their own hardware tokens or use a Symantec VIP security token. Neither of these hardware tokens are available any more.

However, they never did adopt what the rest of the world started doing. Using “soft” tokens from a standard authenticator app on smartphones. Examples of these apps are: LastPass Authenticator, Authy, Microsoft Authenticator and Google Authenticator.

Instead, they adopted the use of SMS text messages - which were also adopted by many others due to the fact that most people were, by then, carrying mobile phones of some sort.

The Problem

Unfortunately, over the years since then, the weaknesses of SMS have been discovered. Not only can SMS text messages be intercepted relatively easily (a problem particularly in the USA) but there is now an epidemic of phone account hijacking. Phone account hijacking is where an attacker gets enough information about you that they can pretend to be you and then go on to be able to persuade your mobile phone service provider that you need a replacement SIM card. Once they have a new SIM, they hijack your account and go about changing passwords to key systems such as PayPal, Email, etc. If the second-factor for those systems uses your phone then they hijack those accounts as well.

These are really well-known issues and it is appalling that PayPal haven’t allowed people to use authenticator apps for two-factor authentication as these are a lot more secure. Especially since you can backup the authenticator details and use them on another phone in the case that yours is lost, stolen or broken. That way, you can keep control of your important accounts.

So, when you go onto PayPal and try to activate two-factor authentication, they try to force you to register a phone. Once registered, that phone will receive SMS text messages when you try to log in. You can also have PayPal phone you and you get some backup manual codes that you can type in instead. Using those alternatives isn’t especially obvious.

Please help everyone by complaining to PayPal directly and on social media so that they understand that customers no longer find this behaviour acceptable.

A Solution?

In fact, though, PayPal’s alternative token registration does still exist on their website (at least for now).

It is just *really hard to get to.

It is called Activate your PayPal Security Key.

But how do we get a mobile app that will generate the right codes to go with this page?

Solution 1 - the Symantec VIP app

The old Symantec VIP access tokens are long gone. However, they did replace it with a mobile app.

You can download the app from your phone’s app store. It will show you a “Credential ID” that you will use to plug into the “Serial number” field on the Activate your PayPal Security Key page.

Then you also provide the Security Code from the app that is currently showing, wait for the next code to show and enter that as well.

Great! Pretty simple when you know how!

There is, however, a little problem. There doesn’t appear to be any way to back up that configuration in case your phone is lost, broken or stolen. It would be FAR better if we could use on of the more standard authenticator apps such as those listed above.

Solution 2 - Using a Standard Authenticator App

So, it turns out that we can use a standard authenticator app. But it is certainly pretty painful to do it. The advantage is that some of the better authenticator apps such as LastPass Authenticator and Authy provide the ability to back up your accounts.

Here is a work around that will let you use a standard authenticator app with PayPal. It is involved and clunky but it does - currently at least - work. You will need some minimal knowledge of using a command line.

We will use a set of scripts called python-vipaccess. This will let us pretend to be a Symantec VIP hardware token. There are several versions of this application but only one seems to be maintained, the version by Dan Lenski.

In order to use this work around, you will need a computer that can run Python. So the first step is to install it. You will need v3.x of Python. How you install this will depend on your operating system. The following instructions have been tested on Linux on a Raspberry Pi. You may need to tweak things on other OS’s such as Windows.

You will also need the Python 3 version of something called pip. If using Linux, you should install pip via your package manager. The examples below use Rasbian which is derived from Debian Linux. The package manager for Debian is apt or apt-get.

Finally, the following also assumes that you have an application called git installed. If you don’t have and don’t want to install that, you can manually download the required python-vipaccess application archive from GitHub directly & unpack the archive. We will assume that you are starting on the command line from the folder immediately above the place you’ve unpacked the application (the git clone command does the equivalent).

Install the Python 3 version of pip if needed: sudo apt install python3-pip
Download an application from GitHub. git clone https://github.com/dlenski/python-vipaccess.git
cd python-vipaccess
pip3 install -r requirements.txt (takes quite a while on a Pi3. Not entirely sure you need this step or whether the next step does the same thing)
pip3 install .

The next problem is that this method of installation does not create an executable!

You have to execute using the following command:

python3 ./vipaccess/cli.py provision -p

Next, open your favoured OTP/Authenticator tool (I prefer LastPass Authenticator). Add a new account using a barcode. Now run the command:

qrencode -t ANSI256 'ZZZ'

Where ZZZ is the long URI output by the provisioning command and looks something like otpauth://totp/VIP%20Access:XXXXXXXXXXXX?issuer=Symantec&algorithm=SHA1&digits=6&period=30&secret=YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY. Don’t forget to add the wrapping single quotes.

XXXXXXXXXXXX being the credential from the provisioning command and YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY being the long code you would also use with oathtool. The whole otpauth URI is given to you so you can simply copy and paste it between the single quotes in the qrencode command.

This generates a visual, 2D barcode in your terminal that you can use in your authenticator app to finish creating the new account. The account will be named “Symantec” by default.

Now go to https://www.paypal.com/cgi-bin/webscr?cmd=_activate-security-key-any

In the resulting form, “Serial Number” is the XXXXXXXXXXXX value. Then you have to enter two security codes from your authenticator app. Enter the code that is currently showing. Then wait 30 sec for the next code to show and enter that.

All being well, you should now have a new activated security key. The key should last for 3 years after which you can create a new one following the same process.

Windows 10 1803 Timeline Feature

Julian Knight — Tue, 29 May 2018 09:42:53 +0100

The May 2018 version of Windows 10 has an updated alt-tab view called the timeline. While it will eventually be more useful, its current implementation is poor.

When you press win+tab, you used to get a sticky view that showed all of the open application windows for each monitor with a miniature picture of the window.

As of the 1803 update in May, this view has slightly changed so that view now includes a timeline that you can scroll through rather than just a list. There is also a search box to make it easier to find what you want if you have lots of windows open.

The new view also includes application tabs as well as windows. But only if the application has been adapted.

I have to say, though, that the feature has been very poorly implemented so far:

Tabs only show if the application has been altered to make use of the new feature.

Currently these mainly seem to be Microsoft applications such as Edge and the Office 365 versions (Click-to-run) of Office applications.
Search only works with applications amended to work with it as above.

This is especially annoying as it should give a nice way to quickly search through all of the open window titles at least. That information is clearly shown above each window in the list but you can’t search it. Seems like a petty limitation.
Windows opened on a secondary monitor for applications not adapted to timeline don’t appear in the main timeline display (on the primary monitor) but applications that have been adapted do appear.

This is, in my view, a poor UX decision since it is confusing to people.
The search function is only available on the primary monitor even though it searches applications on other monitors (though only if they have been adapted for the timeline as already mentioned).

Again, this is unnecessarily confusing to users.

Cloud Automation for IoT

Julian Knight — Sun, 06 May 2018 22:09:44 +0000

Having just brought a Google Home, I've quickly realised that, although Google are supposedly fairly open about allowing people to develop for it, there are still far too many limitations. To try and get round these, I've been looking at automation tools. In this article, I will list some of the key tools and their strengths and weaknesses.

If you want to go beyond the relatively simplistic capabilities provided by the original vendor, you need to look for additional automation tools. Unfortunately, none of the vendors make the creation of personalised actions easy (or even possible sometimes!). So you are highly dependent on third-party integrations.

I’ve focussed here, mainly on tools that will integrate to Google Home. Please feel free to chip in others in the comments.

Overall Conclusions

Sadly, despite several years in which to mature, alternatives to IFTTT seem to be poorly designed and executed.

IFTTT itself has not matured as a platform and remains very restricted. It is fine if you just want to automate a few, simple tasks. However, they have seriously failed to capitalise on their head start.

So it seems as though I will be forced to continue to use IFTTT & will have to live with its limitations.

Security and Safety

The need to interlock several cloud services to overcome the current limitations of smart speakers continues to be a real concern.

It is not clear how secure these 3rd party services are nor is it always clear what interconnectivity you are giving away.

While you are only turning on or off a few lights, this may not be too much of an issue unless you are someone with a high profile or are an annoyance to certain governments, you should be very cautious if considering using any of these services in a more sensitive environment or to control more critical hardware.

Under no circumstances should you ever allow any of these services to have access to anything important (like your financial systems for example). Try to limit the number of interlocked services and always use separate id’s and passwords where possible. For example, never use your Facebook id to log into any of these services.

Why would I want to use these services then?

Some ideas of things you might want to do with a Google Home but cannot without external help:

Ask where your spouse, partner or children are or when they will be home (at least if not all using Android phones)

Always nice to have a meal waiting when you’ve just come back from work - but my daily commute can vary between 50 minutes and 2 hours!
Ask to turn on/off lights connected to a custom home automation system

Rather than the over-priced and insecure branded light systems
Take one or more actions when all of the families mobile phones have left the area around your house

IFTTT

IFTTT was one of the earlier cloud automation tools. As such, it has generally excellent access to many services including a useful selection of IoT related ones.

IFTTT Advantages

Lots of cloud services and IoT platforms you can connect to
If all you want to do is a very simple flow or 2, IFTTT makes it fairly painless
Flows can be created and edited both from the web and the app

IFTTT Disadvantages

Only ever a single input and single output - impossible to create more complex and interesting flows
Very limited parameters available for each connection
Have to activate an applet before you can see what parameters are available
No possibility to duplicate an applet - for example, if wanting an “on” and “off” version of a flow
Very little flexibility

IFTTT Conclusion

Really, IFTTT is horrible to work with. It is impossible to look into an applet until you’ve gone through configuration and turned it on. This is especially galling where it means that you have to connect to an external service just to see if it will even be of any use.

It’s extremely limited configuration also leaves you needing to make several (sometimes many) similar versions but you have to do this by hand with lots of unnecessary typing and clicking since you cannot make a copy of existing applets unless they belong to someone else.

Also, it used to be clear whether you were creating an applet that was public or private - this is no longer the case - so you don’t really know whether you are leaking private information.

Stringify

Stringify Advantages

The flow editing interface in the mobile app is actually not bad
Complex(ish) flows can be created with multiple inputs and outputs with multiple intermediate processing steps - making it potentially far more useful than IFTTT

Stringify Disadvantages

No web signup - you can only sign up for the service via a painful mobile interaction in their app. This is pointlessly and needlessly complex and painful.
Can only edit flows using the app - !?!? Why ?!?! They created 1/2 a web interface.

Stringify Conclusion

The lack of a useful web interface is a foolish error. Stringify does have a web interface but you can only view your flows not edit them. Very poor showing.

Setting up multiple integrations on a mobile phone is unnecessarily painful and pointless. You have to go back and forth between multiple different id/password entry screens and sometime it doesn’t look like the data “took” so you end up trying to do the same again. Frustrating, why would you put customers through that.

Stringify cannot be recommended for anyone other than someone with technical knowledge and a lot of patience.

Yonomi

Yonomi is rather like Stringify and shares many of the issues and failings.

Yonomi Advantages

None that I could see

Yonomi Disadvantages

The same annoyances and pain as for Stringify since this is another tool that forces you to do everything via the app and completely fails to provide a more user friendly web interface
Completely failed to find the Google Home that is quite happily working on my network. But did claim to find a non-existant Amazon Echo.

Yonomi Conclusion

Appears to be a poor copy of Stringify. Or perhaps the reverse is true.

The fact that it couldn’t even discover our Google Home device but did discover an Amazon Echo (which we don’t possess) immediately ruled it out for me.

Even had it worked, Yonomi, like Stringify, cannot be recommended for anyone other than someone with technical knowledge and a lot of patience.

Other services

There are plenty of other automation services, some of which are long established. However, few, if any of them have Google Home integration:

Zapier
Microsoft Flow

So they may be useful for other things but not here.

Home automation platforms

There are a number of home automation platforms that support Google Home.

Node-RED

This is generally my “go to” tool for home automation and rapid IoT prototyping. However, it is not really the best tool for Google Home. It has 2 contributed modules, one of which is for sending audio to the Google Home - useful enough. The other integrates to Google’s Action platform which is far too complex for most people to us and is designed specifically for creating public, reusable actions and not for personalised automation.
Home Assistant

This Python-based home automation platform looks promising since it uses configuration files rather than complex programming to integrate.

I’ve not yet tried it so I cannot yet comment on how good or useful it may be.
…

iTunes Finally Hits the Windows Store - What Does it Mean?

Julian Knight — Fri, 27 Apr 2018 08:11:13 +0000

iTunes on Windows has always been a horrible application. It is highly intrusive, installing many background services. It also has a terrible UX/design. So, now that it is available in the Windows Store, is there a difference? Improvement?

Yes, this will, or at least should, make a difference.

The reason is that Windows Store apps are actually wrapped in a sandbox environment. This means that your actual Windows environment, including your registry, will not be littered with rubbish.

It also means that, not only will iTunes be updated for you automatically by the Store, but if (when!) you decide to uninstall it, it will be totally gone. Unlike the standard installation that leaves behind all sorts of rubbish that slows down your PC.

Here are some articles that describe the Windows Store Sandbox and its implications:

And one more link that is relavent to the Windows Store version of iTunes as this is very likely how it has been built: Desktop Bridge – The bridge between desktop apps and the Universal Windows Platform – App Consult Team

Unfortunately, the expected raft of announcements on the various tech news sites, as so often, miss the whole point of why this is an important release. Most make no mention of the protections, performance and update benefits or if they do, they don’t explain why they are important:

Migrated from WordPress to Hugo and Netlify

Julian Knight — Sat, 21 Apr 2018 22:00:00 +0000

The migration from WordPress is now completed. This blog and the new Knowledgebase are generated using Hugo and hosted with Netlify.

It’s done!

Please see the section of the Knowledgebase on Hugo for more information.

Switching from WordPress to Hugo

Julian Knight — Fri, 06 Apr 2018 22:00:00 +0000

I've been fed up with the speed of WordPress for years but haven't had the time to learn how to properly switch to an alternative. Until I discovered Hugo!

Hugo is a static file website generator written in Go. It generates an updated site pretty quick on a laptop for the kind of size of blog and information site I’m running.

I have also been trying out Jekyll since that is natively supported on GitHub pages - for example, GitHub itself will generate your site when you “push” changes to the repo that underpins the site.

There are several problems with using GitHub and Jekyll:

Unless you pay, you cannot hide the source code for your site on GitHub
Jekyll’s build process is very sensitive. It fails fairly often for the most trivial of reasons and when the build does fail, the help information is obscure to say the least.

You can build locally and you might get more information but then you have to install and maintain an installation of Ruby. This is a significant pain, especially on Windows. I don’t know Ruby and I don’t want to know it either.
Jekyll itself is also more than a little strange in places. With things that don’t work for no obvious reason.
While there are some themes for Jekyll, I couldn’t find any that really met my needs and writing your own seems harder than for Hugo. Though that might just be me.

So Jekyll/GitHub was not a viable alternative to Wordpress. It just about works for a simple information site like a documentation one but I certainly wouldn’t want it to be my main blogging site.

Moving away from WordPress

Of course, when you switch away from WordPress, you immediately inherit a number of issues that you have to deal with:

No dynamic content - unless you build it yourself.
No WYSIWYG content editing - unless you integrate with Forest.IO (see below). Hint: it is easy.
No search. WordPress gives this via its MySQL database integration.

Moving to Hugo

But you also get a number of advantages when using Hugo:

Blazing speed from the final output - it is HTML & CSS, no messin'
Hugo is (mainly) very comprehensible and logical. In the time it took me to learn Jekyll (a fair bit less actually), I’ve been able to start from scratch, even building my own theme from scratch. Export my WordPress blog (which I could never get to work with the Jekyll export tool) & begin fixing up the content. I’ve even merged in the pages from Jekyll.
Working with a theme is very easy. You make it a submodule using Git. That way it can be in an entirely different repository - either belonging to someone else or belonging to you (maybe cloned and edited).

Issues to resolve

I’ve not got everything worked out yet. There are some things I need to get working.

Site Search
RSS Feeds

Additional Tools

Of course, you still have to host your site somewhere. I’ve been hosting my WordPress and other sites on a low-cost VPS for some years. It works well enough but recently the VPS has been filling its hard drive and is in serious need of some maintenance. Finding a cloud service to do the heavy lifting would be nice.

So, like many, I’ve integrated a few cloud tools with Hugo to give me hosting and other utilities.

Source Code and Content Backup

This one is simple. The site is generated by Hugo either on my local PC (Hugo is a single binary install, no messing with Golang) or in the cloud. That leaves the site structure which is a load of HTML and Markdown files with some static content files.

All of the structural and content files are easily stored in a git repository. This also gives multi-versioning.

I’m using GitLab for the main site content and structure because it lets me have private repos for free (unlike GitHub). But I’m using GitHub for my theme since this can be public - indeed, I want it public so that other people can use it if they want to.

Hosting

I am using Netlify to actually host the site.

I don’t have to faff with or worry about my own server.
Netlify hosts everything for you. Not only the site but also the build process. You can bring your own Domain as well.
It is free for small sites.
You get TLS/SSL integration without having to faff with Let’s Encrypt - they do it all for you. Or you can provide your own certificate.
Netlify is also a CDN so files are replicated and delivered regionally.
You get full build messages so you can see if something goes wrong.
You get some automatic optimisations if you want them - a valid TLS certificate for HTTPS, Some file optimisations.
You get form submission for free (with some sensible limits).
You get identity management for free (with some sensible limits) using OAuth.
You get alerting with integration to email, Slack, etc. All for free.
You even get integrated Amazon AWS Lambda serverless functions for free! These are great for building small utility functions that run in the cloud and can be called using a simple REST web API. They can be a pain to set up and manage though but Netlify makes it easy.
It has a local command-line interface in case I want to control everything locally. The CLI also simulates the running of Lambda functions.

Online Content Management

It isn’t always convenient to fire up my code editor and run the Hugo development server on my laptop.

Also, it can be nice to have a WYSIWYG writing experience, or at least something close.

Forest.IO gives me a convenient web editing experience.

Very quick and easy to set up.
Edits data (e.g. JSON), not just pages and blog posts.
Merges changes direct back to the GitLab repo - git takes care of merging so it isn’t a problem to edit both locally and in the cloud.
It provides editable templates for frontmatter and other metadata.

Other cloud tools

Site search - I’ve not yet got this set up. There are several possibilities but I think it will take some work.
Image optimisation
Website testing and optimisation

Tools for Local Editing and Development

Hugo - the single binary install, very easy.
Microsoft Visual Studio Code - makes an excellent editing and testing environment.
Chrome, Edge & Firefox browsers - with their development tools.
Cmder - an enhanced command shell. Not really needed but it makes working with the command prompt a lot nicer on Windows.

Presentation: Security and Governance in the Cloud

Julian Knight — Mon, 28 Nov 2016 12:54:25 +0000

Here is a presentation that I did recently for NHS CIO’s and CCIO’s. It is all about how NHS England has followed a journey to cloud services and the IT Security & Information Governance issues we had to deal with along the way. It tries to also show other NHS organisations how they might work towards similar aims.

Open Source vs Proprietary in UK Central Government Organisations

Julian Knight — Mon, 20 Jun 2016 00:00:00 +0000

NB: This article is incomplete - it was converted from a previous blog site. It is included as a draft.

Open source does not necessarily mean that open integration and open data is facilitated

The issue of open source vs proprietary applications for organisations related to the UK government comes up regularly. the UK’s Cabinet Office have issued clear guidance that open source is preferred and should always be considered when procuring new systems.

However, this actually leads to confusion with many people then assuming that choosing proprietary applications will lead to trouble.

The truth is rather more nuanced and it is worth thinking about. For me, the best approach is to deliver open data and open integration rather than focusing on open source per se.

The following notes have been extracted from some internal documentation I did for our organisation. That is why is focuses on Microsoft. I am not advocating a specific vendor nor am I prioritising proprietary over open source. I am simply recommending a balanced and holistic view to get the best possible deal for the public purse.

My view, and the view of quite a number of other people I’ve had the opportunity to talk to across government, is that the focus should be on open integration rather than necessarily open source. Using open source does not necessarily mean that open integration and open data is facilitated. Conversely, some proprietary vendors have made great strides in ensuring that systems can be integrated and data shared.

At present, Microsoft, Google and Amazon all seem to “get” the issues of open integration and open data to one degree or another.

Discussion in the open source debate tends to focus on license costs. OS is license free by definition; however, you will still pay for support. OS software is often also (much) harder to implement and support due to patchy documentation and many individuals contributing different code. Not always true of course but there is certainly a degree of truth in this.

In the case of something like the Microsoft platforms, the implementation and support costs of the core software (such as Office 365) have been driven down massively and the economies of scale we are bringing to bear through greater cross-government collaboration is improving that still further. At the same time, large license scales enable organisations to make use of additional funding that comes out of our EA agreements. This gives us access to additional planning, design and implementation services that all would have to be separately paid for with open source software. These all have a tendency to balance out the books.

User and administrative training is the final element and again, proprietary vendors tend to provide more and better quality training/documentation resources than open source (again, in general). Proprietary software also has a tendency to have better developed user interfaces requiring less training. This further balances the cost equation.

So while I fully support the need to evaluate OS vs proprietary software, we must do so holistically otherwise we will not get the expected benefits and there is plenty of evidence to support this view from the likes of Germany and Brazil both of whom have extensively switched to open source software.

The bottom line is that Microsoft are often currently viewed as the best strategic partner we can have in areas of desktop operating systems, general office applications and general cloud computing facilities. They have already made good progress in opening a lot of previously proprietary code and supporting open interface standards & they currently see the health sector as one of their primary growth areas. We have made good use of this while continuing to keep an eye out for changes in their policies that will happen inevitably. The key things are to ensure that we have strategies for exiting Microsoft platforms should we need to in the future and that we continue to evaluate the value of our investment. We don’t do this blindly though. As a specific example, the use of Microsoft Dynamics Online, their cloud CRM, is relatively expensive. It is a good platform where a full CRM is required but it is expensive when only limited CRM tools are needed and we recommend other tools in those cases.

A simple mail filer for Microsoft Outlook (VBA)

Julian Knight — Sun, 19 Jun 2016 00:00:00 +0000

Like many people I receive an unmanageable amount of email each day. Many days I get through only around 1/3 of the email I receive.

However, the role I am in professionally requires me to retain a large proportion of correspondence. Some because it relates to ongoing projects, other because of security, audit or compliance reasons.

In addition, I work across many projects. It isn’t unusual for me to be involved in two dozen or so projects at any one time on top of my day-to-day management work.

So I have many folders – hundreds in fact – and filing email into the right folder has become a real drag. It can take an appreciable amount of time to hunt down the correct folder and Outlook does not provide any way to search/filter folder names in the UI.

Thankfully, I have access to VBA macros in Outlook. While the experience of using VBA macros to control Outlook is rarely pleasant, it does get the job done – mainly.

My requirements for the utility were as follows:

Must let me select multiple emails, if any have already been filed, show me the folder(s) so I can quickly file new email to the same folder as the rest of the conversation.
Must give me a list of all my folders with a simple way of filtering the list by typing a few letters.
Must also let me open a folder for viewing instead of filing or cancelling.

A couple of hours later, I was able to create a new utility which you can grab the code for from my GitHub repository: https://github.com/TotallyInformation/outlook-filer

There are a few tweaks I’d like to incorporate but as it is, it is highly useful and I use it many times a day.

DSC vs. GPO vs. SCCM vs. MDM (Intune)

Julian Knight — Sat, 18 Jun 2016 17:42:13 +0000

Microsoft Windows administrators now have a number of ways for managing their estates.

Group Policy (GPO)

Allows very fine-grained control over every aspect of Windows. Primarily aimed at Windows desktops. Requires Active Directory (AD) and very careful configuration. Requires well trained specialist staff to get it right.
System Center Configuration Manager (SCCM)

Allows central control over software delivery. Also requires AD. Configuration of delivery packages can be complex and very careful change control is required. Software delivery via SCCM can also be intrusive to users. Requires well trained specialist staff to get it right.
Desired State Configuration (DSC)

Though extended by Microsoft this is actually part of a wider open standard “Open Management Infrastructure” and so applies to other platforms as well including Linux. Mainly aimed at server configurations. Falls into the DevOps camp as it defines server configurations in purely text format and so can be put under source control easily. DSC is typically dynamic and enforces the correct configuration (normally every 15 minutes) which greatly helps ensure secure configurations.
Mobile Device Management (MDM)

Primarily aimed at mobile devices, this style of configuration is increasingly applicable to Windows Desktops with the advent of Windows 10. Microsoft InTune is leading the way with other MDM vendors following on. Not everything on the desktop can yet be controlled this way, even with W10 but many key settings and controls are already available. A much simpler method for enforcing desktop settings than the other methods, it allows fewer administrators and much less specialist knowledge.

The article from FoxDeploy covers the first three of those and lays out the purpose of each. Well worth a read.

What is missing is the 4th method which uses Mobile Device Management tooling. The leading contender for this is Microsoft InTune. However, InTune is really only focussed on Windows 10 (desktop and mobile), it has limited control in other Operating Systems.

Servers only ever exist in a given state. If they deviate or we make changes, we refactor and redeploy. DSC drives it all and the machine will be up and running on a new OS, with data migrated in a matter of minutes.

For all practical purposes, the first true large scale management tool we had for Windows systems in the modern era was Group Policy, or GPO as it is commonly truncated.

Comparatively, SCCM and MDT allow us to we import an image from a Windows install disk and then run dozens of individual steps which are customized based on the target machines platform, model, office location and other factors. The sky is the limit.

Curated from DSC vs. GPO vs. SCCM, the case for each. – FoxDeploy.com

Update 2018-05-04 - Intune and Autopilot

It should be noted that Intune is now much more capable than when this was originally written.

Intune now has mobile device management that easily rivals any of the other MDM tools across all platforms. It is also well able to manage Apple OS X as far as Apple actually allow remote management of this type (they provide only a restricted set of API’s unlike Windows).

It should now be possible to manage and configure Windows desktops (at least Windows 10) just using Intune via the Cloud without any input from the other tools.

Intune coupled with Microsoft Autopilot provides a massively powerful and attractive set of tools for the deployment and configuration of Windows 10 based devices.

Autopilot lets you ship devices straight from the manufacturer to the end user with no build needed. The user only requires a broadband Internet connection. Devices are unboxed by the user and connected to the Internet. The user logs in with their cloud identity. Intune “knows” which organisation the device belongs to and begins configuration. The whole process takes about 10 minutes to give a device that can browse the Internet and 1 to 2 hours at most before all local client applications are installed and configured (in the background) depending on the complexity of your configuration.

Why I Still Don’t Use Bing For Searching

Julian Knight — Sat, 23 Jan 2016 13:12:13 +0000

Microsoft continue to reinvent themselves for the 21st Century but Bing lags behind compared to its competition.

Whilst Microsoft seem to continue to reinvent themselves for the 21st Century and are coming out with some excellent products and services that are far more reactive to the views of their customers, there is one product that still lags far behind the competition – at least if you are not in the USA.

The Bing search engine.

With my recent move to a Surface Pro 4 and various recent updates to Windows 10, I thought it a good idea to revisit using Edge as my default browser and to try to stick with Bing as the default search.

But I’m sorry Microsoft, it doesn’t work! Even when not logged in to Google, it consistently returns far more relevant answers as evidenced by the following search for the latest Raspberry Pi flavoured version of the Scratch programming environment “NuScratch”

. Search in Google vs Bing

Need to do better!