Sadly, most of the writing I have done for the Internet is no longer available online. But here are some links to works of mine that are.
- For Venafi
- Comparing Capabilities of Venafi Jetstack Secure with Open Source cert-manager
- eBook: Cloud Native Certificate Management – Exploring How cert-manager is Used in Kubernetes Production Environments
- How to achieve FIPS 140-2 compliance for cert-manager
- Global Bank Eliminates Kubernetes CertificateBased Outages with Venafi Jetstack Secure
- China-Linked Cybercrime Group Attacks Asian Certificate Authority, Breaches Government Agencies
- The CA/Browser Forum Won’t Yet Require HSMs Yet, But You Should
- OpenSSL Update Patches High Severity Vulnerabilities
- Keeping the Web Secure: Certificate Revocation Lists (CRLs) Rise from the Dead
- Lloyds Backs Off Insurance for State-Sponsored Cyberattacks
- Key Cryptography Standard Still Not Functional, FIPS 140-2 Going Out to Pasture
- Study Shows Widespread Abuse of Code Signing Certificates
- Microsoft Backs Off Internet Office Macro Ban [Update]
- For Hewlett-Packard Enterprise (click here for all of my writing, with highlights below):
- RPKI brings security, reliability to BGP routing
- DNS security still an issue
- Automation and artificial intelligence are the future of security, according to new report
- Security and quantum computing: Planning next generation cryptography
- With WebAuthn, web authentication is finally getting smart
- WPA3: How and why the Wi-Fi standard matters
- Windows cross-platform client software is hard to do
- Serverless computing explained
- Data encryption: How to avoid common workarounds
- Say yes to the progressive web
- The state of patch management
- The case for and against decentralizing data for security
- Open source vs. open standards: Know the difference
- Can you really put your desktop in the cloud?
- SHA-1 and the art of digital certificate management
- Enterprise password management: A field guide
- 3 ways to monitor encrypted network traffic for malicious activity (for CSO)
- Top tools and resources for running a capture the flag competition (for CSO)
- A Secure Key Management Architecture for the Thales nShield Family of Hardware Security Modules (for Thales e-Security)
- Comparative review and analysis of web APIs for e-Signing services (for ProgrammableWeb/Mulesoft)
- Securing Your Private Keys as Best Practice for Code Signing Certificates (a 2010 post-Stuxnet white paper for Thawte)
- Articles on web API for Internet commands like whois (for ProgrammableWeb)
- Article on problems with VPNs and open Wi-Fi (for Ars Technica)
- Feature on the potential for mobile websites to supplant native mobile apps (for Ars Technica)
- My work in Betanews
- Migrating to Office 365 (for InformationWeek)
- Hundreds of articles on ZDNet, mostly on security targeting enterprise IT
- White paper, infographic, and webinar on their “Windows to Go” devices (for IMation )
- The use of GOTO in modern programming (for Dr. Dobb’s Journal, I’m very proud of this one)
I was in the business at PC Week (now eWEEK) at the dawn of the World-Wide Web in the early 90’s. We did some speculating about the impact on publishing; IIRC, we saw early on that it wasn’t going to be pretty.
But one of the happy things we foresaw was that, as storage prices came down, it would finally be easy to get at old stories. There was no reason to take down old articles; they would just be more pages on which ads could be served.
We were right about the web devastating established publishers. We were wrong about the archive thing. For some reason, most publishers don’t want their old content up, or perhaps they just don’t care.
If you want to look at old editions of major newspapers and magazines you likely have to pay for a subscription service and these are not cheap. The New York Times appears to give full archive access to subscribers, which is a good idea to keep some people subscribing, but the Washington Post sells old articles for a lot, even to subscribers.
But that it should happen to tech publications which were always free on the web and which have always existed online with ad sales seemsjust weird to me. But there it is. The really old articles from PC Week (now eWEEK) and PCMag when I was on staff are not available. They used to be available through a paid service, but I’m not sure even that’s true.
And given all the corporate mitosis that has characterized Ziff brands since I was there, it’s not clear that eWEEK owns PC Week’s old content, or PCMag owns theirs. And what about defunct publications like Windows Sources? There may be some CDs in a filing cabinet somewhere.
I freelanced for eWEEK for many years until 2011 and all of those articles seem to be up. You can get them with search, but some change they made has caused the article list on my eWEEK bio page to be empty.
I know what you’re thinking: “Who wants to read a review of Windows 98 Second Edition anymore?” Hard to argue with that, but many of the articles still have historic interest. Sometimes it’s just funny to look back at PC Magazine reviews in the days when they could compare 12 word processing programs.
I think it’s a damn shame. The entire history of PC Week and PC Magazine from their launches until today would easily fit on a single hard drive. But they’re probably lost to history.
Here are the stories I wrote for ZDNet over the six months of which I am most fond. In many cases, the ones I worked the hardest on and like the most did poorly in traffic. C’est la vie.
2015: Year of the Windows renaissance?
December 23, 2014
After largely avoiding Windows 8, I really got to like Windows 8.1. When Windows 10 comes along I’ll feel a lot better about it and so, I suspect, will everyone else.
Congress blocks ICANN transition. Good.
December 17, 2014
The “Cromnibus” budget bill blocks the Obama administration’s plans to relinquish control of Internet domain name and address administration. We’re all better off this way.
I have decided to take at least a break from ZDNet, my only public writing gig. I may still write on contract for vendors in the meantime. But overall, tech writing is no longer a decent way to make a living. I think every year the number of positions making a living gets smaller and smaller and I’ve fallen off the list.
My current plan is to get back into writing software. I used to do it full time and I think I was really good at it, but my skills are rusty. I figure if I spend some time mastering some worthwhile skill I should be able to sell it.
But I’m also open to a full-time position using my knowledge of the industry, of security in particular and/or my writing skills. If you know of something in northern New Jersey or Manhattan please let me know.
After a hiatus of over 10 years I’m back on ZDNet, writing mostly about security.
Some of my initial blogs there:
We’ve got a new Doctor (Who), Peter Capaldi. I believe the only thing I’ve seen him in was the 5 part Torchwood: Children of Earth, in which he played the heartless British Civil Servant John Frobisher. There was nothing extraordinary about his acting there, but the role called for a cold, businesslike bureaucrat, so it’s not really the best basis for judging him. Little of his work seems to have had an American audience.
I still prefer the Classic Dr. Who and I’ve been watching whatever episodes are available on Amazon Instant Video. I can’t find a poll widget that can do ranking, but please use the comments to rank the classic Doctors from 1 (best) to 7 (worst). Here they are chronologically:
and here is my ranking:
1. Tom Baker
2. Sylvester McCoy
3. Patrick Troughton
4. Jon Pertwee
5. William Hartnell
6. Peter Davison
7. Colin Baker
I’ve developed a real appreciation for McCoy.
NOTE: The green eye lights indicate that the cat is fully charged.
[credit: Pet Pix Pillow]
I’ve been struggling for a good year now with Microsoft’s decision to push users as hard as they are pushing them to use the new, modern user interface, what was once code-named Metro. Even in Windows 8.1, a.k.a. Windows Blue, it is the primary user interface. Why is Microsoft forcing us to use the new modern UI?
“Forcing” is perhaps too strong a word I suppose (although it’s a good one for a headline). You can continue to use conventional Windows programs – hell, even text-mode console programs – and keep using a conventional keyboard/mouse computer, but they’re all legacy now, at least for programs with significant user interface.
Moreover, and Microsoft’s protestations notwithstanding, Windows 8 is far less usable on a conventional computer without a touch display. You need to get used to a few gestures and then things are not as bad, but they are still markedly inferior to Windows 7, particularly in desktop mode.
Why would Microsoft make the old interface so undesirable? In order to make the new one desirable. Why? There are a lot of reasons for that, but one very big one is security.
(Originally posted Saturday, June 22, 2013)
Ed Iacobucci, best-known as co-founder of Citrix Systems, died Friday morning after a 16 month battle with pancreatic cancer, according to a press release from VirtualWorks Group, another company he co-founded and where he served as Chairman. Ed was 59.
Ed was the IBM executive who oversaw (from their side) the OS/2 project with Microsoft. He left in 1989 to co-found Citrix, which took a source license of OS/2 and build a true multi-user operating system out of it. The company eventually did the same with Windows NT and now they’re in a lot of things, but most of their business is still based on the original notion of remoting user interfaces.
I first met Ed back in the early 90’s when Citrix was brand new and awe-inspiring and Ed was always a big part of what made the company impressive. I would run into him over the years and it was always a pleasant experience. Long after he left I couldn’t help think of Citrix as anything but Ed’s company. I’m very sad that I won’t see him again.
(Originally posted Wednesday, June 12, 2013)
Today it occurred to me that an idea I had long ago, that I wrote about many times and nagged Microsoft to implement, that they refused to do for reasons which I understood but did not sympathize with, well they have done it in Windows 8. But not because of anything I said.
My idea, the first incarnation of which I first wrote about for eWEEK in 2007, was that Microsoft should open up Windows Update to 3rd parties to offer updates. The obvious candidates were programs like Adobe Acrobat and Flash which were emerging at the time as major malware platforms. (I’m pretty sure I had this idea much earlier, maybe 2005, but didn’t write about it till this column.)
Microsoft politely declined to respond to my suggestions. Off the record people told me that they couldn’t accept the liability of distributing other people’s updates. There’s something to this, and so I modified it in a later column (which I can’t find at the moment), that what Microsoft should open up is just interfaces to Windows Update: They don’t need to host anyone else’s updates, they just need to allow programs to register at install time with the system to pull updates from a location at the ISV using Windows Installer protocols. In this way, if users are set up to use Windows Update, they will at the same time update, through the ISV, all applications registered with it.