Sadly, most of the writing I have done for the Internet is no longer available online. But here are some links to works of mine that are.

• For Pepperdata
  • eBook: Reducing Costs and Increasing Efficiency with Autonomous Big Data Optimization
• For Ransomware.org
  • Phishing Is Still Easy—and Effective
• For Venafi
  • Comparing Capabilities of Venafi Jetstack Secure with Open Source cert-manager
  • eBook: Cloud Native Certificate Management – Exploring How cert-manager is Used in Kubernetes Production Environments
  • How to achieve FIPS 140-2 compliance for cert-manager
  • Global Bank Eliminates Kubernetes CertificateBased Outages with Venafi Jetstack Secure
  • Blogs:
    • China-Linked Cybercrime Group Attacks Asian Certificate Authority, Breaches Government Agencies
    • The CA/Browser Forum Won’t Yet Require HSMs Yet, But You Should
    • OpenSSL Update Patches High Severity Vulnerabilities
    • Keeping the Web Secure: Certificate Revocation Lists (CRLs) Rise from the Dead
    • Lloyds Backs Off Insurance for State-Sponsored Cyberattacks
    • Key Cryptography Standard Still Not Functional, FIPS 140-2 Going Out to Pasture
    • Study Shows Widespread Abuse of Code Signing Certificates
    • Microsoft Backs Off Internet Office Macro Ban [Update]

• For Hewlett-Packard Enterprise (click here for all of my writing, with highlights below):
  • RPKI brings security, reliability to BGP routing
  • DNS security still an issue
  • Automation and artificial intelligence are the future of security, according to new report
  • Security and quantum computing: Planning next generation cryptography
  • With WebAuthn, web authentication is finally getting smart
  • WPA3: How and why the Wi-Fi standard matters
  • Windows cross-platform client software is hard to do
  • Serverless computing explained
  • Data encryption: How to avoid common workarounds
  • Say yes to the progressive web
  • The state of patch management
  • The case for and against decentralizing data for security
  • Open source vs. open standards: Know the difference
  • Can you really put your desktop in the cloud?
  • SHA-1 and the art of digital certificate management
  • Enterprise password management: A field guide

• 3 ways to monitor encrypted network traffic for malicious activity (for CSO)
• Top tools and resources for running a capture the flag competition (for CSO)
• A Secure Key Management Architecture for the Thales nShield Family of Hardware Security Modules (for Thales e-Security)
• Comparative review and analysis of web APIs for e-Signing services (for ProgrammableWeb/Mulesoft)
• Securing Your Private Keys as Best Practice for Code Signing Certificates (a 2010 post-Stuxnet white paper for Thawte)
• Articles on web API for Internet commands like whois (for ProgrammableWeb)
• Article on problems with VPNs and open Wi-Fi  (for Ars Technica)
• Feature on the potential for mobile websites to supplant native mobile apps (for Ars Technica)
• My work in Betanews
• Migrating to Office 365 (for InformationWeek)
• Hundreds of articles on ZDNet, mostly on security targeting enterprise IT
• White paper, infographic, and webinar on their “Windows to Go” devices (for IMation )
• The use of GOTO in modern programming (for Dr. Dobb’s Journal, I’m very proud of this one)

I was in the business at PC Week (now eWEEK) at the dawn of the World-Wide Web in the early 90’s. We did some speculating about the impact on publishing; IIRC, we saw early on that it wasn’t going to be pretty.

But one of the happy things we foresaw was that, as storage prices came down, it would finally be easy to get at old stories. There was no reason to take down old articles; they would just be more pages on which ads could be served.

We were right about the web devastating established publishers. We were wrong about the archive thing. For some reason, most publishers don’t want their old content up, or perhaps they just don’t care.

If you want to look at old editions of major newspapers and magazines you likely have to pay for a subscription service and these are not cheap. The New York Times appears to give full archive access to subscribers, which is a good idea to keep some people subscribing, but the Washington Post sells old articles for a lot, even to subscribers.

But that it should happen to tech publications which were always free on the web and which have always existed online with ad sales seemsjust weird to me. But there it is. The really old articles from PC Week (now eWEEK) and PCMag when I was on staff are not available. They used to be available through a paid service, but I’m not sure even that’s true.

And given all the corporate mitosis that has characterized Ziff brands since I was there, it’s not clear that eWEEK owns PC Week’s old content, or PCMag owns theirs. And what about defunct publications like Windows Sources? There may be some CDs in a filing cabinet somewhere.

I freelanced for eWEEK for many years until 2011 and all of those articles seem to be up. You can get them with search, but some change they made has caused the article list on my eWEEK bio page to be empty.

I know what you’re thinking: “Who wants to read a review of Windows 98 Second Edition anymore?” Hard to argue with that, but many of the articles still have historic interest. Sometimes it’s just funny to look back at PC Magazine reviews in the days when they could compare 12 word processing programs.

I think it’s a damn shame. The entire history of PC Week and PC Magazine from their launches until today would easily fit on a single hard drive. But they’re probably lost to history.

I have decided to take at least a break from ZDNet, my only public writing gig. I may still write on contract for vendors in the meantime. But overall, tech writing is no longer a decent way to make a living. I think every year the number of positions making a living gets smaller and smaller and I’ve fallen off the list.

My current plan is to get back into writing software. I used to do it full time and I think I was really good at it, but my skills are rusty. I figure if I spend some time mastering some worthwhile skill I should be able to sell it.

But I’m also open to a full-time position using my knowledge of the industry, of security in particular and/or my writing skills. If you know of something in northern New Jersey or Manhattan please let me know.

After a hiatus of over 10 years I’m back on ZDNet, writing mostly about security.

Some of my initial blogs there:

• Trust the PKI or it’s anarchy on the Internet
  

• BGP spoofing – why nothing on the internet is actually secure

• Xerox scanners alter numbers in scanned documents

• Cybersecurity incentive proposals from White House underwhelm

   

We’ve got a new Doctor (Who), Peter Capaldi. I believe the only thing I’ve seen him in was the 5 part Torchwood: Children of Earth, in which he played the heartless British Civil Servant John Frobisher. There was nothing extraordinary about his acting there, but the role called for a cold, businesslike bureaucrat, so it’s not really the best basis for judging him. Little of his work seems to have had an American audience.

I still prefer the Classic Dr. Who and I’ve been watching whatever episodes are available on Amazon Instant Video. I can’t find a poll widget that can do ranking, but please use the comments to rank the classic Doctors from 1 (best) to 7 (worst). Here they are chronologically:

William Hartnell
Patrick Troughton
Jon Pertwee
Tom Baker
Peter Davison
Colin Baker
Sylvester McCoy

and here is my ranking:

1. Tom Baker
2. Sylvester McCoy
3. Patrick Troughton
4. Jon Pertwee
5. William Hartnell
6. Peter Davison
7. Colin Baker

I’ve developed a real appreciation for McCoy.