DMA vulnerabilities have been around for ten years - are your machines in danger? Richard talks to Sami Laiho about his experiences trying to close the exploit that is Direct Memory Access. This technology for rapid data transfer has been available for years with FireWire and Thunderbolt, and now exists in USB 3.1 as well. The problem is that it has been two-way memory access, so connecting two machines together via FireWire can allow the attacking machine to steal any memory it wants, like your...
Apr 26, 2017•29 min•Ep. 529
How can automation help you? Richard chats with Jennelle Crothers about her work automating tasks with Azure. So what does automation mean to you? Jennelle talks about automating the delivery of resources to internal developers - whether that be on-premise or in the cloud. This is part of a DevOps practice, being able to use templates so that development is using resources configured as close to production as possible. Automation also applies to testing, deployment, instrumentation, disaster rec...
Apr 19, 2017•33 min•Ep. 528
Can Group Policy help protect your user's machines? Definitely! Richard chats with Jeremy Moskowitz about his on-going work with group policy, including his cool tool, PolicyPak. Jeremy talks about applying least privilege principles via Group Policy, including a case of a patch from June 2016 that may have broken some of your group policies because the machine that has to apply them doesn't have sufficient privileges! Other important least privilege aspects discussed include better management o...
Apr 12, 2017•37 min•Ep. 527
What's the Delivery Pipeline and why should you care? Richard chats with Steven Murawaski about his work at Chef, helping organizations get more effective at delivering software. Steven talks about how the latest generation of platform tools such as containers, that while helping to automate the delivery of software, are not a panacea that eliminates all the challenges of said software. You still have to take the time to get your automation right and deeply understand the value of being able to ...
Apr 05, 2017•35 min•Ep. 526
How do you get started in data science? Richard chats with long time data scientist Rafal Lukawiecki about practical data science. Rafal starts out focusing on the most common data science scenarios - understanding your customer and their needs. This goal is more complicated than it appears, often the questions first asked are not the questions you'll actually need answers to. But asking them is important since it leads to information that will influence the next round of questions. The cloud ha...
Mar 29, 2017•32 min•Ep. 525
Johan is back, and still doing deployment right! Richard talks to Johan Arwidmark about best practices and clear thinking around deployment. Johsan starts out with the idea that with the speed of updates coming these days, you really need to have a good lab. While it's awesome to test on native client hardware, it's not always possible - but testing in VMs is still a good idea! The conversation also goes to the need for caching of updates with WSUS and Configuration Manager - the network is the ...
Mar 22, 2017•32 min•Ep. 524
The oil and gas industry is in the cloud! Richard chats with John Paul Cook about his work bringing various Azure technologies to bear on the oil and gas industry. Contrary to popular belief, the oil and gas industry loves software and has embraced the cloud to increase efficiency. John talks about utilizing various Azure products to do data collection, including the IoT Hub. But the fun really starts when you get into the analysis side, using stream analytics to capture data in real time and re...
Mar 15, 2017•29 min•Ep. 523
Stephen Rose is back and in a new role! Richard chats with Stephen about his work on OneDrive for Business, which is one of the great cloud-enabling products out there today. Stephen talks about the automation in OneDrive for Business with Office 365 that gets rid of big email attachments, instead automatically embedding a link to the file into the email - the file itself lives in OneDrive for Business the whole time! The conversation also turns to the sophisticated security models available thr...
Mar 08, 2017•33 min•Ep. 522
PowerShell? On Linux? Why would you DO that? Richard chats with Tim Warner about the recent announcements around making PowerShell open source and available on Linux and Mac OS. What does this mean? The Linux world has been script-driven since it was Unix, so does PowerShell make any sense? Tim talks about coming up with common ways to manage both Windows and Linux machines, and where PowerShell adds some interesting capabilities by being far more object-oriented than text-file-oriented. It's st...
Mar 01, 2017•30 min•Ep. 521
It's 2017, do you know where your config manager is? Richard chats with Microsoft PFE Steven Rachui about his experiences helping companies manage substantial System Center Configuration Manager infrastructure. With the 2016 edition, the ability to handle rapid updates to Windows 10 is key and introduces the concept of Current Branch, as opposed to going with a more conservative stable edition of Windows. The conversation around non-Windows mobile device management focuses on using a hybrid mode...
Feb 22, 2017•30 min•Ep. 520
Are your noSQL stores safe? While at NDC London, Richard chatted with Niall Merrigan about the latest wave of exploits targeting MongoDB, ElasticSearch and others. As Niall explains, the challenge is that the default security models for many of these products leaves them vulnerable to outside attack. As these attacks have progressed, they have presented themselves as ransomware - data is removed and a bitcoin account offered up to restore the data. However, to date, even when the ransoms are pai...
Feb 15, 2017•29 min•Ep. 519
Of course you can scale in the cloud - but exactly how? Richard chats with Corey Sanders who goes on a whirlwind tour of the many options in Azure to help your applications be reliable and scalable. First up is a discussion on Virtual Machines and Scale Sets - rather than making separate VMs for every instance of your application, you can build them in blocks up to a thousand! After discussing the kind of problems that need a thousand of anything, Corey dives into Service Fabric and Containers, ...
Feb 08, 2017•29 min•Ep. 518
JSON for IT folks? Yes! Richard talks to Aidan Finn about his experiences actually getting into configuration-as-code. Aidan talks about discovering the Azure Quickstart Templates as a starting point to automating setting up test and training labs. JSON is a simple file format but takes a little getting used to, and with Azure you can specify virtually every aspect of a virtual machine so that it can be created on-demand. And there are great tools available to make it easier to build and maintai...
Feb 01, 2017•34 min•Ep. 517
VPNs don't have to suck! Richard chats with Richard Hicks about the latest in DirectAccess, Microsoft's built in VPN technology that makes maintaining a secure connection for a remote PC a bit less painful. Richard talks about how the server-side of DirectAccess being pretty solid for Server 2012R2 and 2016. But the big improvement comes from deploying Windows 10 Enterprise - bringing key features like multi-homing so that remote PCs can choose from a variety of geographically dispersed data cen...
Jan 25, 2017•34 min•Ep. 516
Have you used WireShark? Richard chats with Tim Warner of Pluralsight about his experiences working with this super-powerful open source network inspection tool. The conversation dives into the challenges of understanding what's going on with your network, both wired and wireless. WireShark gathers up traffic coming and going from a machine and analyzes it to identify what its for and where it's from. Tim talks about the challenges of seeing the network as a whole when it comes to Layer 3 routin...
Jan 18, 2017•32 min•Ep. 515
The cloud is secure, right? Richard chats with J Peter Bruzzese about Office 365 Security - focusing primarily on Exchange Online. The social engineering of email is hitting new highs, with ransomware, wire transfers and other approaches to exploiting people. Is the only solution education of the user? While an important part of the equation, J Peter also talks about building a robust email infrastructure that fights back from various attacks.
Jan 11, 2017•32 min•Ep. 514
Microsoft had a pretty good year in 2016 - or did it? Richard chats with Paul Thurrott about his impressions on Microsoft in the past year with an eye to the future. And while there have been some successes, there have also been some duds in 2016 too. Looking at you, Windows Phone! Paul talks about Microsoft's battles with hardware, from the killing of Band to the problems with Microsoft Surface Book. At the same time, he still loves his Book and is in awe of the Surface Studio. There's lots of ...
Jan 04, 2017•35 min•Ep. 513
Still have applications that depend on Internet Explorer? Richard talks to Fred Pullen from the Edge team about IE Enterprise Mode, allowing IT folks to strictly control what sites run in IE11, and what sites can run in Edge. The Edge browser breaks with the legacy of Internet Explorer, making it smaller, faster and more secure. But IE has a 20+ year history and there are plenty of apps, especially internal apps, that still depend on it. Fred talks about using Enterprise Mode to specify exactly ...
Dec 28, 2016•31 min•Ep. 512
SQL Server 2016 SP1 has shipped - what's new? Richard chats with Bob Ward about the latest in SQL Server, some of which was announced at the Connect event in New York. Huge on the list was the addition of many more of what was once enterprise-only features on the Standard and Express editions of the database. Bob discusses architectural changes that have come to SQL Server 2016 to better reflect the latest hardware, which has resulted in the same workloads on the same hardware actually running f...
Dec 21, 2016•33 min•Ep. 511
The DevOps Handbook is finally released! Richard chats with the one-and-only Gene Kim about the five years of effort that have gone into making the DevOps handbook. Gene talks about how the Handbook was supposed to come out before the Phoenix project, but as the scope of the book grew, they realized it needed more time. The benefit of time has been a ton of case studies and great detailed evidence of how automating workflows, instrumenting systems deeply and a culture of experimentation leads to...
Dec 14, 2016•33 min•Ep. 510
What does it take to make Azure networking actually work? Richard chats with Microsoft VP Albert Greenberg about the whole of Azure networking. The conversation starts out talking about the complexity of building massive virtual networks for Azure so that every customer has their own private space to work in, while not impacting or being impacting by any of the other customers. Albert talks about the need for no central point of focus when scaling to public cloud sizes when it comes to network -...
Dec 07, 2016•28 min•Ep. 509
How does your Active Directory data look? Richard chats with Chris Johnson of Hyperfish about how important AD personnel data is, and the terrible condition that most organizations leave it in. Chris talks about how the point of Active Directory was to be the authoritative source of personnel information in an organization - but most companies just use it for login credentials! It was Microsoft Exchange that first took on AD for all its user information, and more systems are doing so. The challe...
Nov 30, 2016•28 min•Ep. 508
Ready for Nano Server? Richard chats with Andrew Mason, one of the folks at Microsoft responsible for creating Nano Server. The conversation dives into the distinctions between Nano Server and Server Core - Core is still around, but Nano is substantially smaller. How much smaller? Less than half a gig! Andrew digs into what Nano Server can and can't do in this version, but don't worry, more is coming and user voice is being used (check the links) if you want to make suggestions to the team. If y...
Nov 23, 2016•34 min•Ep. 507
Once again into the breach of answering questions about SQL Server! Richard hosts the open Q and A session with Kim Tripp, Paul Randal, Bob Ward and a number of other talented SQL folks fielding questions from an engaged and fun audience at SQL Intersection. Lots of questions around SQL Server 2016 which shipped back in June, and explorations about the best way to deal with very large scale systems and transactional velocities. And listen at the end of the show for a question to Richard!
Nov 16, 2016•1 hr•Ep. 506
PowerShell is ten years old! How did that happen! Richard chats with Don Jones about his on-going enthusiasm for PowerShell creating the awesome PowerShell.org website and summit. The conversation turns to what PowerShell is like today - a mature product that is well supported throughout the Microsoft ecosystem and beyond. Don discusses the excitement around building your own automation in ways that help you deeply understand your infrastructure. Today the young product in the suite of tools is ...
Nov 14, 2016•33 min•Ep. 505
Microsoft Ignite was huge! What's an Exchange admin to do? Richard chats Gareth Gudger about his favorite sessions from Ignite in Atlanta that focused on Exchange. The conversation roams over classic sessions around migration and living in a hybrid world (forever) to the more leading edge features of Office 365 including Groups and Planner. Gareth talks about how effective some of the Q and A sessions were, where great panelists interacted with the audience to explore subjects in a way that make...
Nov 09, 2016•30 min•Ep. 504
The BIOS has evolved, and we need to take advantage of it! While at Ignite in Atlanta, Richard sat down with Mark Minasi to talk about UEFI and SecureBoot. The conversation starts out with a bit of a history lesson about BIOS, ROM and booting up a computer. Mark tells the story of how EFI started with Intel's Itanium, and eventually appeared everywhere. UEFI is effectively an operating system in its own right, with drivers and it's own set of security risks. This leads to a conversation around S...
Nov 07, 2016•40 min•Ep. 503
What does it take to make your applications work in Windows 10? While at Ignite, Richard sat down with Chris Jackson to talk about what's hard and what's easy. Of course, it comes down to what you've done before - if you implemented Vista and/or Windows 7 by turning off User Access Control, you're going to have a surprise. While you can turn UAC off in Windows 10, it's not considered a supported configuration. Time to do some testing! Chris talks about how UAC limits access even for administrato...
Nov 02, 2016•36 min•Ep. 502
How does data analytics fit into your business intelligence strategy? While at Ignite in Atlanta, Richard sat down with Jen Stirrup to discuss her experiences helping companies really take advantage of the data they have to understand how their businesses are doing, and what they could be doing better. The conversation starts out with a discussion on data warehousing, which is still valuable in this day and age. Jen talks about how the ETL process sometimes "shaved off the corners" of ...
Oct 31, 2016•34 min•Ep. 501
Holy smokes, 500 episodes! Richard brings in Carl Franklin to do hosting duties while guest stars on his own show - taking a look at the changes to the IT landscape in the past nearly 10 years. Back in April 2007, Vista was brand new (and not doing well), PowerShell was new also, Cloud was just starting out and DevOps didn't even really exist. 64 bit computing was something that was going to be important and smartphones were just starting to take off. Amazing what can happen in 500 shows... and ...
Oct 26, 2016•31 min•Ep. 500
