Hosts Juliet Beauchamp and Ken Mingis talk with guests about the latest tech trends and news.
Audio
On Today in Tech, join Michael Simon and Ken Mingis as they separate the facts from fiction about the new 13-inch MacBook Pro, the M2 chip, the M2 MacBook Air, and the latest rumors.
Technology bootcamps are relatively short-term full- or part-time intensive training programs offering skill sets that in many cases can quickly catapult a previously non-technical person into a high-paying tech career.
The schools teach students in-demand skills in areas such as coding, cybersecurity and fintech, and in recentyears, the one-and-a-half to six-month long bootcamps have become talent pools for organizations looking for skills-based job seekers. And with the Great Resignation in full swing, more workers are choosing to move into tech for flexible working conditions and high pay.
Globally, there are more than 500 tech bootcamps, according to Source Report, a coding school tracker. While the average bootcamp costs about $14,000, a Source report survey found the average salary increase for coding bootcamp graduates was 56%, or $25,000. And, in 2021, the average starting salary of a bootcamp grad was $69,000.
2U offers a tech bootcamp platform that’s been adopted by more than 50 universities. The bootcamp offers instruction across eight disciplines, including coding, data analytics, cybersecurity, and fintech.
Since 2U launched its platform in 2016, 48,000 students have graduated from its programs, and more than 6,000 companies have hired them, including Fortune 500 companies such as Amazon, Autodesk, Capital One, Cognizant, Deloitte, Google, Liberty Mutual, SkillStorm, and State Farm.
Two graduates from U2’s six-month tech bootcamp are Stephen Powell and Danielle Bowman, neither of whom had any previous experience with technology or coding as part of their careers.
Powell, 35, grew up in Washington DC and dropped out of high school before getting a job in retail sales at Verizon at 20. A year later, he got his GED and advanced into a corporate role. To further boost his career, Powell decided he needed more technical training — but didn’t want to spend four years getting a degree. At age 32 – recently married, working full time and raising a 10-year child – he enrolled in George Washington University Data Analytics Boot Camp and landed a new role in data engineering at Koverse, an SAIC subsidiary.
Based in Atlanta, Bowman spent more than 13 years as a Walgreens store manager before deciding to change careers. After graduating from a University of Central Florida coding bootcamp with a certificate in full stack web development, she now works as software engineering manager at CodeMettle.
The following are excerpts from interviews with both bootcamp graduates:
Stephen Powell
Stephen Powell
Stephen Powell
What were doing after getting your GED? “I started working for Verizon in the retail channel at 19. I did that for about four years and then went on to do government telesales. Then I was a federal account manager for a couple of years. Then I became a B2B trainer of B2B reps and managers and then a national client partner of enterprise accounts at Verizon. I was there for 11 years. I was able to move up…, mainly through sales and training. At the end of 2018, I decided to leave Verizon on my own volition and go work at a start-up as a sales engineer [at KryptoWire]. So, from a company of 66,000 to a company of 16, it was quite a culture shock. And, that’s kind of where I knew I needed to get a lot smarter around technology.
“It was actually my job at KryptoWire that prompted me to think, ‘I’m going to peak here at some point.’ It was a mobile appliction security testing firm. That’s why I decided to go to boot camp in 2019.”
What was it about your job at KryotoWire that gave you the idea to go to a coding bootcamp? “The first couple of meetings I had at KryptoWire — the internal meetings with the engineering team — they were saying things I had no clue about. To be candid, I felt kind of stupid. So, I went home and I started researching programs on tech, and coding specifically. I knew at 32-years-old, I didn’t have four years to give; not only that, I didn’t have debt to accrue. So, I literally Googled programs around Python and data analytics, and that’s how I found the bootcamp, and then I took the pretest and applied for it. It was literally researching programs on a Saturday.”
What was it about the program that you liked, or didn’t like? “What I liked was the instruction.
“Now, one thing I had over cohorts is that I spent such a long time in corporate America. I knew what it was like to generate and maintain relationships. That’s one thing I’m good at. I knew that developing relationships with instructors and teaching assistants was going to make me most successful in my career path. And, so that’s what I really enjoyed about it. I can’t say I had any dislikes only because I went into program knowing whatever happened would be based upon my effort. I was in sales, so I’m used to eating what I kill. So, I applied that same principle to the bootcamp.
“It was hard at first, from a work standpoint — but that’s because I hadn’t done Python before. …But after the first few weeks of me getting repetitious about it and doing some self-study, I was able to catch on.”
What was it like seeing code for the first time? “I remember the first night we did Python, I went home and told my wife I’m probably going to drop out. The first night we did Python, they were very simple tasks, but I simply couldn’t catch on.
“My wife has been a backbone for me. She told me to stick with it. It was scary. It was foreign. It looked like a foreign language. I know some Spanish and this looked a lot worse.”
Along with your wife’s support, what kept you from quitting? “I have an acute fear of failure. And also, I knew at KryptoWire, because I worked with such a smart group of people, my skillsets — even my ability to build relationships — wouldn’t carry me into tech. So, if I didn’t get any formal training, whether it be boot camp or a four-years degree, I was going to be left out of that pool of people smart enough to maintain a career in technology.
“So, that fear of missing out — that FOMO – and the fear of failing really drove me. I actually developed a personal interest in learning more about code and data science.”
Was it very expensive? “So, the whole program was $10K. Again, I think I was lucky in the sense that I had a good paying job, so it wasn’t a massive financial undertaking for me. I know some of my other cohorts emptied their savings, they got personal loans. But for me, it wasn’t a heavy lift financially. I always say, I’ve spent more on less.”
What was the course like? “It was six months long. It was all in person. We did Tuesdays and Thursdays for three hours — 6:30 p.m. to 9:30 p.m. And from Saturday from 10 a.m. to 2 p.m.”
Was the workload manageable, considering you were working a full-time job? “There were adjustments that had to be made, for sure. Because you have a full life, including your personal life, you do have to carve out time outside of regular coursework in order to maintain and upskill in the program. So, for the first couple of weeks there was a time I really had to adjust myself — not only my work schedule, but also my sleep schedule; some of these nights went a little longer than they would have if I weren’t in the program. It was a tough couple of weeks…just trying to get ramped up and really understand what being in a program like this takes….”
What was the most difficult part of the course? “The speed of the course work. They really try to squeeze in about four years of materials into six months. So, keeping up initially was really tough for me. That’s why I had to put in the extra time, not just in the classroom, but also at home. So, there were some personal sacrifices, albeit mostly social, I had to make in order to be successful. But the speed was it; one week we’re talking about one thing and the next week we’re onto another topic, and the next topic might incorporate that thing you learned four weeks ago. So, it was a lot to keep up with….”
What did you like best about it? “The teachers. I loved the instruction. It was careful and thoughtful. When you asked a question, you didn’t feel stupid. I really appreciated that. In fact, I still keep in touch with my instructors today. That’s how I know I valued them so much. They were always encouraging me, always.”
What was your first job out of bootcamp? “I was a data analyst. The boot camp was a data science program. Normally, the path is to start off as a data analyst and then you end up a data scientist. So, I went in thinking that would be my path. But in the program you start to understand the skillset you’re investing in can fit a wide range of roles. So, once I was in the program, I stopped narrowing my view of what I could do.
“Number one, I could keep the job I had and be better at it. I could be a data analyst or data scientist. That was a very buzz-worthy title three or four years ago. But after a while, I realized I could do anything with those skills. I actually got the data analyst job a month before completing the bootcamp program.
“Because I had a lot of federal experience, dealing with federal integrators and customers, I got a job as a data analyst with the Department of Justice — and I got that right before COVID started. I wasn’t comfortable with my coding prowess at that point to be a full-fledged engineer. That’s why I went that route.
“Now, I’m on my third job since the program. I was a data analyst for a year, and actually got the opportunity to become a data engineer at Koverse, an SCIC company.”
How has your career change affected your life? “I had a pretty good job before. Job security is a term I stay away from, but now I have skill security. What the program did was give me a sense of always wanting to learn more. I’m a heavy reader. I read at least two books a month around what I do. And I wouldn’t have gotten that fervor to learn — that fire — had I not attended that bootcamp.
“Engineering to me is a trade that if you’re able to learn and upscale it, you’ll be able to maintain [a career] for a very long time.”
In terms of income, has this allowed you to earn more? “Yes. Specifically, when I was at Verizon, I earned well, but it was commission-based. So, now I’m earning that kind of money at a salary level. And, now I work at a company — I started a new job last week — that afforded me the ability to actually have equity in the company….
“To be honest, you don’t know these companies like Facebook give you equity in the company until you get into that realm. It’s made a difference in how I view money, certainly in how I spend it and also how I invest it. It’s made a hell of a difference.”
What advice would you give others considering careers in technology and attending a bootcamp? “Consistency over fear. If you’re consistent with it, no matter what you’re afraid of, you’ll get it eventually. I still have imposter syndrome to this day. But, if I’m consistent with my work ethic and my ability to program and build things, I can put that fear on the back burner. Because all I have to do is get in front of my computer and say. ‘I’m just going to do it regardless of what the outcome is.’ Consistency, will trump everything.
“I now work for Gretel. It’s an AI and machine learning company. I’m super excited.”
What do you like about your current job? “I like the fact that I’m part of a company that’s defining a new space in technology. We specialize around synthetic data. We are at the forefront of defining this space, to the point where we’re going to have to be educating folks in the next few years about what it is, which I absolutely love…. I can look back and say Gretel was the one who introduced me to this amazing new topic of AI and machine learning.”
Danielle Bowman
Danielle BowmanDanielle Bowman
What was your career prior to attending the coding bootcamp? “I got my business management degree and started at Walgreens literally the week after as assistant manager. I had my own store within three or four years. Then I managed a bunch of stores. I started in Cleveland, Ohio before Orlando. Then I was managing stores in Orlando.
“It was fine. It was a good career. It was well paying. But, I knew it wasn’t my long-term career. I just happened to be good at it. But I also knew I didn’t want to work holidays, I was tired of working on weekends and dealing with stuff non-stop.”
How did you learn about the coding bootcamp? “A friend of mine — we used to be assistant managers together in Ohio — asked me if I’d ever thought about coding, and I told him, no. He’d become a [software] engineer. No one had ever suggested it as a career path to me. I was naïve to all of it. He told me there’s a demand for it and your salary could transition and you wouldn’t have to take a huge [loss].
Cisco has announced plans to formally exit Russia, winding down its business operations in Russia and Belarus in response to the invasion of Ukraine earlier this year.
The networking company first made a statement on March 3, declaring that it would be halting all business operations in Russia and Belarus “for the foreseeable future.” On Thursday the company released another statement, noting that it had continued to “closely monitor” the war in Ukraine and as a result, a decision had been made to “begin an orderly wind-down of our business in Russia and Belarus.”
“Cisco remains committed to using all its resources to help our employees, the institutions and people of Ukraine, and our customers and partners during this challenging time,” the statement said.
On an earnings call in April, Cisco’s CFO Scott Herren told analysts that historically, Russia, Belarus and Ukraine collectively have represented approximately 1% of the company’s total revenue.
However, he noted that the decision to stop business operations in both Russia and Belarus did have a negative impact on revenue, costing the company “approximately $200 million or two percentage points of growth.”
What are other companies doing?
In the days after Russia’s initial invasion, a long list of Western technology companies suspending operations in Russia began to grow.
SAP and Oracle were two of the first tech organizations to publicly pull out of the country after Ukrainian vice prime minister Mykhailo Fedorov publicly posted letters to appeal to both companies on Twitter.
In early March, Microsoft also announced it would suspend new sales of Microsoft products in Russia, “in compliance with governmental sanctions decisions.”
However, at the time, the statement was criticized by Ukrainian vice prime minister Mykhailo Fedorov, who said that simply suspending sales in Russia did not go far enough and that the company should block access to its products.
This week, Russian news agency TASS reported that attempts to install Windows 10 and Windows 11 in Russia had been blocked. Microsoft has yet to make any comment as to whether this is a technical error or part of the company’s plan to further withdraw from Russia.
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Zoom has unveiled Zoom One, a new offering that brings together chat, phone, meetings, and whiteboarding capabilities in a single, purpose-built environment.
Users of Zoom One will be able to access Zoom’s collaboration and communication tools and perform actions such as starting phone or video calls from a chat message or collaborating on a whiteboard from a Zoom desktop or Zoom room.
In a press release announcing the launch, company President Greg Tomb said that as Zoom evolved from a meeting app to a comprehensive communications platform, it was clear that introducing new packaging like Zoom One was the next step in the company’s evolution.
“By bringing together chat, phone, meetings, whiteboard, and more in a single offering, we are able to offer our customers solutions that are simple to manage, so they can focus on business issues that matter most,” he said.
Zoom One has six tiered plans available to customers, including Basic, Pro, Business and Enterprise versions.
Zoom One Basic provides free 40-minute Zoom Meetings for up to 100 attendees, persistent Zoom Chat for team messaging, limited Zoom Whiteboard for synchronous and asynchronous work, and real-time transcription.
Zoom One Pro provides everything Zoom One Basic offers without meeting time limits, plus cloud-based recording.
Zoom One Business provides everything Zoom One Pro offers, plus Zoom meetings for up to 300 attendees and unlimited Zoom Whiteboards.
Zoom One Business Plus provides everything Zoom One Business offers, plus Zoom Phone Pro with unlimited regional calling and Zoom’s all-new translation feature.
Zoom One Enterprise and Zoom One Enterprise Plus provide everything Zoom One Business offers with larger meeting capacity and additional features, like Zoom Webinars, to help modern businesses scale. Zoom One Enterprise Plus also includes Zoom Phone Pro with unlimited regional calling.
Zoom One Basic, Pro, Business and Business Plus plans are available for purchase today, priced at $149 per year/user; $199 per year/user; and $250 per year/user respectively.
Translated and multilanguage captions
Users of Zoom’s new Zoom One Business Plus and Zoom One Enterprise Plus packages will have access to bidirectional translated captions. The captions will be able to translate between Chinese (simplified), Dutch, English, French, German, Italian, Japanese, Korean, Russian, Spanish, and Ukrainian upon launch.
Zoom has also extended its automated captioning—the ability to caption in real-time what a speaker is saying in the same language as the one spoken—to include 10 additional languages. Automated captions previously were supported in English, but now can be displayed in the same 10 languages available for live translation.
Multilanguage automated captions are available in Business Plus, Enterprise, and Enterprise Plus packages with additional support for other plans coming soon.
Zoom Apps software development kit
Zoom also announced this week that the company has opened its Zoom Apps developer programme to all developers via Zoom Apps SDK (software development kit).
Zoom Apps JavaScript software development kit (SDK) is designed to provide developers with the resources and supports the necessary infrastructure to build Zoom Apps within the Zoom platform. By using Zoom Apps SDK, developers can reach Zoom customers via Zoom App marketplace, where users can simultaneously discover and add new apps, according to the company.
Zoom says that to date, over 100 apps have been published by developer partners in its app marketplace.
“With the launch of the Zoom Apps SDK, the Zoom Developer Platform continues to expand and offer developers new ways to incorporate video communications and collaboration into their creations, transforming business workflows forever,” said Zoom CTO Brendan Ittelson, in a statement.
As expected, Apple at WWDC announced a series of significant changes to how Macs, iPads, iPhones, and Apple TVs are managed in business and education environments. These changes largely break into two groups: those that affect overall device management and those that apply to declarative management (a new type of device management Apple introduced last year in iOS 15).
It’s important to look at each group separately to best understand the changes.
How did Apple change overall device management?
Apple Configurator
Apple Configurator for iPhone got a significant expansion. It’s long been a manual method of enrolling iPhones and iPads in management rather than using automated or self-enrollment tools. The tool originally shipped as a Mac app that could configure devices, but it had one major downside: devices had to be connected via USB to the Mac running the app. This had obvious implications in terms of the time and manpower in anything other than a small environment.
Last year, Apple introduced a version of Configurator for iPhone that reversed the workflow of the original, meaning an iPhone version of the app could be used wirelessly to enroll Macs into management. It was primary used to enroll Macs that had been purchased outside of Apple’s enterprise/education channel into Apple Business Manager (Apple products purchased through the channel can be auto-enrolled with zero-touch configuration).
The iPhone incarnation is incredibly simple. During the setup process, you point an iPhone camera at an animation on the Mac’s screen (much like pairing an Apple Watch) and that triggers the enrollment process.
The big change this year is that Apple expanded the use of Apple Configurator for iPhone to support iPad and iPhone enrollment using the same process — removing the requirement that devices be attached to a Mac. This greatly reduces the time and effort needed to enroll these devices. There’s one caveat: devices that require cellular activation or have been activation locked will need that activation to be completed manually before Configurator can be used.
Identity management
Apple has made useful changes for identity management in enterprise environments. The most significant: it now offers support for additional identity providers including Google Workspace and Oauth 2, which allows an expansive set of providers. (Azure AD was already supported.) These identity providers can be used in conjunction with Apple Business Manager to generate Managed Apple IDs for employees.
The company also announced that support for single sign-on enrollment across its platforms will be implemented after macOS Ventura and iOS/iPadOS16 arrive this fall. The goal here is to make user enrollment easier and more streamlined by requiring users to authenticate only once. Apple also announced Platform Single Sign-on, an effort to expand and streamline access to enterprise apps and websites each time they login to their device(s).
Managed per-app networking
Apple has long had per-app VPN capabilities, which allow only specific enterprise or work-related apps to use an active VPN connection. This applies VPN security, but limits VPN load by only sending specific app traffic over a VPN connection. With macOS Ventura and iOS/iPadOS 16, Apple is adding per-app DNS proxy and per-app web content filtering. This helps secure traffic for specific apps and functions the same as per-app VPN. And this requires no changes to the apps themselves. DNS proxy supports system-wide or per-app options while content filtering supports system-wide or up to seven per-app instances.
E-SIM provisioning
For iPhones that support eSIMs, Apple is making it possible for mobile device management software (MDM) to configure and provision an eSIM. This can include provisioning a new device, migrating carriers, use of multiple carriers, or configuration for travel and roaming.
Managing Accessibility settings
Apple is well known for its expansive set of Accessibility features for people with special needs. In fact, many people without special needs also use several of these features. In iOS/iPadOS 16, Apple is allowing MDM to enable and configure a handful of the most common features automatically, including: text size, Voice Over, Zoom, Touch Accommodations, Bold Text, Reduce Motion, Increase Contrast, and Reduce Transparency. This will be a welcome tool in such areas as special education or hospital and healthcare situations where devices may be shared among users with special needs.
What’s new in Apple’s Declarative Management process?
Apple unveiled Declarative Management last year as an improvement over its original MDM protocol. Its big advantage is that it moves much of the business logic, compliance, and management from the MDM service to each device. As a result, devices can proactively monitor their state. That eliminates the need for the MDM service to constantly poll for their device state and then issue commands in response. Instead, devices make those changes based on their current state and on the declarations sent to them and report them back to the service.
Declarative management relies on declarations that contain things like activations and configurations. One advantage is that a declaration can include multiple configurations as well as the activations that indicate when or if the configuration should be activated. This means a single declaration can include all the configurations for all users, paired with activations that indicate to which users they should apply. This reduces the need for large sets of different configurations as the device itself can determine which ones should be enabled for the device because of its user.
This year, Apple has expanded where Declarative Management can be used. Initially, it was available only on iOS/iPadOS 15 devices that leveraged user enrollment. Going forward, all Apple devices running macOS Ventura or iOS/iPadOS/tvOS 16 will be supported, regardless of their enrollment type. That means device enrollment (including Supervised devices) is supported across the board, as is shared iPad (an enrollment type that allows multiple users to share the same iPad, each with his or her own configuration and files.)
The company has made it crystal clear that Declarative Management is the future of Apple device management and that any new management features will be rolled out only to the declarative model. Although traditional MDM will be available for some unspecified time, it has been deprecated and will eventually be retired.
This has major implications for devices already in use. Devices that can’t run macOS Ventura or iOS/iPadOS 16 will eventually be dropped and any that remain in service will need to be replaced. Given the swath of devices losing support, this could make for a costly transition for some organizations. Although it isn’t immediate, you should begin to determine the size and cost of the transition and how you will manage it (particularly since it will likely require a transition to Apple Silicon, which doesn’t support the ability to run Windows or Windows apps, in the process).
Beyond expanding what products can use declarative management, Apple also extended its functionality, including support for passcode configuration, enterprise accounts, and MDM-governed app installation.
The passcode option is more complex than simply requiring a passcode of a certain type. Passcode compliance is traditionally required for certain security-related configurations, such as sending the corporate Wi-Fi configuration to a device. In the declarative model, those configurations can be sent to the device before a passcode is set. They are sent along with the passcode requirement and include an activation that will only enable it once the user creates a passcode that complies with that policy. Once the user sets a passcode, the device will detect the change and enable the Wi-Fi configuration with multiple connections to the MDM service, enabling Wi-Fi immediately and notifying the service it’s been activated.
Accounts — which can include things such as mail, notes, calendar, and subscribed calendars — function similarly. A declaration can specify all the types of accounts supported within the organization as well as all the subscribed calendars. The device will then determine — based on the user’s account and role(s) within the organization — to activate and enable.
MDM app installation is the most significant addition to declarative management, since app installation is one of the tasks that puts the most load on an MDM and the biggest bottleneck during mass device activations (such as a large onboarding of new employees, new device rollouts, or the first day of school). A declaration can specify all the potential apps to be installed and sent to a device at activation, even before it has been handed to its user. Again, the device will determine which app installation configurations to activate and make available, based on the user. This avoids each device having to repeatedly query the service and download apps and their configurations. It also simplifies and speeds up the process of enabling (or disabling) apps if a user’s role changes.
These are significant improvements and it’s easy to see why they are the first additions to Declarative Management after its initial rollout. There are still MDM capabilities that have not made the leap to declarative use, but it is obvious that eventually – perhaps as soon as next year – they will.
This is one of the most significant WWDC announcements for enterprise and it’s good to see that Apple has been thoughtful in deciding which features to add or update since most of them tackle areas that were difficult, time consuming, resource intensive, or tedious. Apple is not just addressing enterprise customer needs, but demonstrating that it understands those needs.
June’s Patch Tuesday updates, released on June 14, address 55 vulnerabilities in Windows, SQL Server, Microsoft Office, and Visual Studio (though there are oo Microsoft Exchange Server or Adobe updates this month). And a zero-day vulnerability in a key Windows component,CVE-2022-30190, led to a “Patch Now” recommendation for Windows, while the .NET, Office and SQL Server updates can be included in a standard release schedule.
You can find more information on the risk of deploying these Patch Tuesday updates in this infographic.
Key testing scenarios
Given the large number of changes included in this June patch cycle I have broken out the testing scenarios for high risk and standard risk groups.
These high-risk changes are likely to include functionality changes, may deprecate existing functions, and will likely require new testing plans. Test your signed drivers using physical and virtual machines, (BIOS and UEFI) and across all platforms (x86, 64-bit):
Run applications that have binaries (.EXE and .DLL) that are signed and unsigned.
Run drivers that are signed and unsigned. Unsigned drivers should not load. Signed drivers should load.
Use SHA-1 signed versus SHA-2 signed drivers.
Each of these high-risk test cycles must include a manual shut-down, reboot, and restart. The following changes are not documented as including functional changes, but will still require at least “smoke testing” before general deployment:
Test remoteCredential Guardscenarios. (These tests will require Kerberos authentication, and may only be used with theRDP protocol.)
Test your Hyper-V servers and start/stop/resume your Virtual Machines (VM).
Perform shadow copy operations usingVSS-aware backup applications in a remote VSS deployment over SMB.
Test deploy sample applications usingAADJ and Intune. Ensure that you deploy and revoke access as part of your test cycle.
In addition to these standard testing guidelines, we recommend that all core applications undergo a testing regime that includes self-repair, uninstall, and update. This is due to the changes to Windows Installer (MSI) this month. Not enough IT departments test the update, repair, and uninstall functions of their application portfolio. It’s good to challenge each application package as part of the Quality Assurance (QA) process that includes the key application lifecycle stages of installation, activation, update, repair, and then uninstall.
Not testing these stages could leave IT systems in an undesirable state — at the very least, it will be an unknown state.
Known issues
Each month, Microsoft includes a list of known issues that relate to the operating system and platforms affected this cycle. This month, there are some complex changes to consider, including:
After installing this June update, Windows devices that use certain GPUs might cause applications to close unexpectedly or cause intermittent issues. Microsoft has published KB articles for Windows 11 (KB5013943) and Windows 10, version 21H2, all editions (KB5013942). No resolutions for these reported issues yet.
As you may be aware, Microsoft published anout-of-band update (OOB) last month (on May 19). This update affected the following core Windows Server based networking features:
The security vulnerabilities addressed by this OOB update only affects servers operating as domain controllers and application servers that authenticate to domain controller servers. Desktop platforms are not affected. Due to this earlier patch, Microsoft has recommended that this June’s update be installed on all intermediate or application servers that pass authentication certificates from authenticated clients to the domain controller (DC) first. Then install this update on all DC role computers. Or pre-populate CertificateMappingMethods to 0x1F as documented in theregistry key information section of KB5014754 on all DCs. Delete the CertificateMappingMethods registry setting only after the June 14 update has been installed on all intermediate or application servers and all DCs.
Did you get that? I must note with a certain sense of irony, that the most detailed, order-specific set of instructions that Microsoft has ever published (ever), are buried deep, mid-way through a very long technical article. I hope everyone is paying attention.
Major revisions
Though we have fewer “new” patches released this month, there are a lot of updated and newly released patches from previous months, including:
CVE-2021-26414: Windows DCOM Server Security Feature Bypass. After this month’s updates are installed, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY on DCOM servers will be enabled by default. Customers who need to do so can still disable it by using the RequireIntegrityActivationAuthenticationLevel registry key. Microsoft has publishedKB5004442 to help with the configuration changes required.
CVE-2022-23267: NET and Visual Studio Denial of Service Vulnerability. This is a minor update to affected applications (now affecting the MAC platform). No further action required.
CVE-2022-24513: Visual Studio Elevation of Privilege Vulnerability. This is a minor update to the list of affected applications (now affecting the MAC platform). No further action required.
CVE-2022-24527: Microsoft Endpoint Configuration Manager Elevation of Privilege. This major update to this patch is a bit of a mess. This patch was mistakenly allocated to the Windows security update group. Microsoft has removed this Endpoint manager from the Windows group and has provided the following options to access and install this hot-fix:
Apply the hotfix. Customers running Microsoft Endpoint Configuration Manager, versions 1910 through versions 2111 who are not able to install Configuration Manager Update 2203 (Build 5.00.9078) can download and install hot-fixKB12819689.
CVE-2022-26832: .NET Framework Denial of Service Vulnerability. This update now includes coverage for the following affected platforms: Windows 10 version 1607, Windows Server 2016, and Windows Server 2016 (Server Core installation). No further action required.
CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. This patch is personal — we were affected by this issue with massive server performance spikes. If you are having problems with MSDT, you need to read theMSRC blog post, which includes detailed instructions on updates and mitigations. To solve our issues, we had to disable the MSDT URL protocol, which has its own problems.
I think that we can safely work through the Visual Studio updates, and the Endpoint Configuration Manager changes will take some time to implement, but both changes do not have significant testing profiles. DCOM changes are different — they are tough to test and generally require a business owner to validate not just the installation/instantiation of the DCOM objects, but the business logic and the desired outcomes. Ensure that you have a full list of all applications that have DCOM dependencies and run through a business logic test, or you may have some unpleasant surprises — with very difficult-to-debug troubleshooting scenarios.
Mitigations and workarounds
For this Patch Tuesday, Microsoft published one key mitigation for a serious Windows vulnerability:
CVE-2022-30136: Windows Network File System Remote Code Execution Vulnerability. This is the first time I have seen this, but for this mitigation, Microsoft strongly recommends you install the May 2022 update first. Once done, you can reduce your attack surface area by disablingNFSV4.1 with the following PowerShell command: “PS C:\Set-NfsServerConfiguration -EnableNFSV4 $false”
Making this change will require a restart of the target server.
Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:
Browsers (Microsoft IE and Edge);
Microsoft Windows (both desktop and server);
Microsoft Office;
Microsoft Exchange;
Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core);
Adobe (retired???, maybe next year).
Browsers
We are seeing a welcome trend of fewer and fewer critical updates to the entire Microsoft browser portfolio. For this cycle, Microsoft has releasedfive updatesto theChromium version of Edge. They are all low risk to deploy and resolve the following reported vulnerabilities:
A key factor in this downward trend of browser related security issues, is the decline and now retirement of Internet Explorer (IE). IE is officially no longer supported as of this July.The future of Microsoft’s browsers is Edge, according to Microsoft. Microsoft has provided us with a video overview of Internet Explorer’s retirement. Add these Chromium/Edge browser updates to your standard application release schedule.
Windows
With 33 of this month’s 55 Patch Tuesday updates, the Windows platform is the primary focus — especially given the low-risk, low-profile updates to Microsoft Browsers, Office, and development platforms (.NET). The Windows updates cover a broad base of functionality, including:NTFS, Windows networking, the codecs (media) libraries, and the Hyper-V and docker components. As mentioned earlier, the most difficult-to-test and troubleshoot will be the kernel updates and the local security sub-system (LSASS). Microsoft recommends aring-based deployment approach, which will work well for this month’s updates, primarily due to the number of core infrastructural changes that should be picked up in early testing. (Microsoft has published another video about the changes this month to the Windows 11 platform, foundhere.)
Microsoft released seven updates to the Microsoft Office platform (SharePoint, Excel, and the Office Core foundation library), all of them rated important. The SharePoint server updates are relatively low risk, but will require a server reboot. We were initially worried about theRCE vulnerability in Excel, but on review it appears that the “remote” in Remote Code Execution refers to the attacker location. This Excel vulnerability is more of an Arbitrary Code Execution vulnerability; given that it requires user interaction and access to a local target system, it is a much-reduced risk. Add these low-profile Office updates to your standard patch deployment schedule.
Microsoft Exchange Server
We have aSQL server update this month, but no Microsoft Exchange Server updates for June. This is good news.
Microsoft development platforms
Microsoft has released a single, relatively low-risk (CVE-2022-30184) update to the .NET and Visual Studio platform. If you are using a Mac (I love theMac version of Code), Microsoft recommends that you update toMac Visual Studio 2022 (still in preview) as soon as possible. As of July (yes, next month) the Mac version of Visual Studio 2019 will no longer be supported. And yes, losing patch support in the same month as the next version is released is tight. Add this single .NET update to your standard development patch release schedule.
Adobe (really, just Reader)
There are no Adobe Reader or Acrobat updates for this cycle. Adobe has released asecurity bulletin for their other (non-Acrobat or PDF related) applications — all of which are rated at the lowest level 3 by Adobe. There will be plenty of work with printers in the coming weeks, so this is a welcome relief.
Digital twins are being created in factories and cities, and we even have an Earth 2 effort that attempts to create a digital twin of the planet.
But the most important of these will be human digital twins, which many of us thought were still years away. Well, Merlynn, an AI-centric tech firm, has already begun marketing a human “digital twin” that might initially improve productivity but could eventually lead to the elimination of human employees in many companies.
I want to talk about the initial benefits companies could gain from this technology and the eventual problems that will result if we don’t think through what’s coming and move aggressively to protect the viability of human workers.
The promise of a digital twin
Merlynn has created a tool that will allow an employee to easily create and train a digital twin. Depending on training, this twin will be able to do the repetitive tasks an employee usually does (and hates). This might include attending meetings and taking notes, while being able to answer an increasing number of questions the twin has been trained to answer. Then it could summarize what it observed and how it responded so its human counterpart would be up to speed with a far lower time commitment.
Things like generating activity reports, responding to emails, taking and summarizing meeting notes, and even answering the phone by a capable digital clone are all possible near-term. Imagine being able to pass on many, if not most, of the tasks you dislike to your twin — enabling you to step away from work and enjoy your personal time.
This is the ideal use of artificial intelligence (AI) — to supplement rather than supplant an employee. That allows the employee to spend more time on work that engages them, and away from the painful, repetitive bureaucratic tasks most every job include. The employee is happier, and the company ends up with better productivity.
But technology does not stand still, and as the digital twin advances, a problem will emerge.
The problem with advanced digital twins
As this digital twin advances, it could well evolve into an outright replacement. When competing with humans, the digital twin has several big advantages long term. It can work continuously with no need for breaks or time off. It can work at machine speeds. And clones could be trained nearly instantly, making it easier to move to a fully autonomous operation.
So, an employee who does a fantastic job training his or her digital twin could find that not only do they become redundant, but so will anyone else doing the same job. The TV show “The Twilight Zone” explored this decades ago and the ending was both ironic and now, evidently, prophetic.
Consider the long-term implications
The question of who owns the digital twin you create, and whether it can be used to replace you, will need to be definitively answered. Otherwise, employees might not be so willing to train them. After all, few workers want to train a replacement who’s going to take their job.
While the need to confront this problem is likely years away, unions should flag this early on, as they flagged autonomously driven trucks. That move has significantly reduced the ability to deploy this increasingly valuable technology.
My sense is that there should be some residual ownership by the employee of the digital twin they create, allowing for a long-term revenue stream to that employee for each of the digital twins emulating them. This would help ensure employees’ income over time and promote their aggressive training of their twin. Because, even if the twin eventually replaces them, their income will be safe.
Long term, figuring out how to balance the corporate desire to automate with employees’ need to earn a living wage will become a major factor in the use and success of this technology.
The UK government has launched a new digital and data strategy, outlining plans to transform government digital services, upskill civil servants and streamline online processes by 2025.
The 21-point roadmap, titled ‘Transforming for a digital future: 2022 to 2025 roadmap for digital and data’, is being overseen by the Central Digital and Data Office, a department that leads the digital, data and technology function of government.
The strategy’s main pledge is that by 2025, at least 50 of the most used government services will be upgraded to ensure they are efficient, easy to use and accessible on mobile devices.
One Login, a single account for citizens to prove their identity and access services that the UK government has long been trying to make happen, is also central to this new strategy. According to the strategy paper, all government departments will need to confirm an adoption strategy and roadmap for One Login for Government by April 2023 and begin onboarding by 2025.
The government claims it will save over £1 billion by 2025 due to the streamlining of processes and elimination of paper-based services.
In comments published alongside the strategy, Paul Willmott, executive chair of the Central Digital and Data Office, said the roadmap is an ambitious statement of intent that represents a new era of collaboration on digital transformation and marks a step-change in the digital and data agenda.
“Written collaboratively, it sets out a collective vision under-pinned by real, tangible commitments and actions, to be delivered by all government departments,” Willmott said.
How the UK’s digital strategy will play out
The strategy states that this roadmap is ‘designed to be different’, due to the creation of the Central Digital and Data Office and the collaboration between Permanent Secretary leadership.
Furthermore, in order to ‘reach [its] vision for 2025’, the government has divided the 21 points that make up the overarching strategy into six cross-government missions:
Mission One – Transformed public services that achieve the right outcomes
Mission Two – One Login for government
Mission Three – Better data to power decision making
Mission Four – Secure, efficient and sustainable technology
Mission Five – Digital skills at scale
Mission Six – A system that unlocks digital transformation
Each mission is led by a permanent secretary-level sponsor and will be governed by a dedicated steering committee of government tech leaders that includes CDIOs, CTOs and CDOs. A ‘forum of permanent secretaries’ that make up a newly formed Digital and Data Board will oversee the delivery of the plan and review its progress every six months.
Digital transformation within government has long been promised by the Conservative Party since it was elected in 2010. As a result, some of the pledges outlined by this new strategy are likely to sound somewhat familiar.
The strategy notes that in a report published by the National Audit Office (NAO) last year, previous attempts at digital transformation in government have had mixed success. The NAO blamed a lack of strong leadership and weak understanding of digital change management among senior decision-makers, for a ‘consistent pattern of underperformance’ among UK government digital transformation projects.
In his written comments, Willmott acknowledges these issues, stating: “The barriers that the government faces in achieving digital transformation are significant, however the opportunity it presents is immense, and will ensure UK society reaps the benefits for decades to come.”
Apple, at its developers conference this week, unveiled a digital whiteboard app to support real-time collaboration among users. The slick-looking app, named Freeform, was among the highlights offered up by Apple execs during the WWDC keynote; they described it as a collaboration tool that could be easily used for project planning or brainstorm sessions.
But could its limited reach keep Freeform from gaining traction in the enterprise, much as Apple’s FaceTime video app — unlike Zoom and Microsoft Teams — failed to reach a broad audience during the COVID-19 pandemic?
Freeform can be opened from FaceTime: from there, users can access a shared whiteboard space for note taking and drawing (there’s support for Apple Pencil), and share content such as video and PDF files.
Mouse cursors are visible to all participants, indicating in real-time where other users are focused. You can also tap on a user’s icon to quickly jump to what they’re working on — which can be useful when boards are sprawling with information.
Freeform, which is slated to arrive later this year, will compete with numerous collaborative whiteboard apps aimed at use in the workplace. Mural and Miro are two popular standalone whiteboard apps, while Microsoft relaunched its Whiteboard app last year. Google, Zoom, ClickUp and Box are among the other software vendors that have incorporated whiteboards into their products of late.
“With support for both real-time and asynchronous collaboration, whiteboard tools play an increasingly important role in enabling teams to innovate, brainstorm and co-create when they can’t be together — evidenced by the continued growth of startups like Miro,” said Angela Ashenden, principal analyst at CCS Insight. “By leveraging the group messaging features in iOS/iPadOS/iMacOS and allowing users to invite whole groups to collaborate, Apple seeks to remove the friction of shifting between apps and thereby improve adoption of its newer tools.”
While Freeform is comparable in functionality to other digital whiteboard tools on the market, the app’s availability only on Apple devices means it won’t have as broad a reach, said Irwin Lazar, president and principal analyst at Metrigy.
“I could see this being useful for individuals or among small teams who are all on Apple’s OS, but I don’t see it having the widespread appeal of more robust tools that are supported across iOS, Mac, and Windows,” said Lazar.
Ashenden agreed — to a point. “The catch is that of course all collaborators must be Apple users — but that is the same for all the iWork apps and we still see consistent adoption of these tools by around 5-6% of all employees in CCS Insight’s surveys,” she said.
Freeform will be available on iOS 16, iPadOS 16 and MacOS Ventura when it is released.
Commercial devices enrolled in the Windows Insider Program for Business within the Release Preview Channel will automatically be offered Windows 11 22H2 as an optional update. Non-commercial Windows Insider devices can manually seek out Build 22621 via Settings > Windows Update.
Once an Insider channel subscriber updates a PC to version 22H2, it will continue to automatically receive new servicing updates through Windows Update (the typical monthly update process). Microsoft provides instructions on how to join the Windows Insider Program and join a PC to the Release Preview Channel.
In addition to commercial pre-release availability, Microsoft is also offering free support for organizations running the build, meaning IT shops can test the release, and their preferred deployment methods, while continuing to get support prior to availability. Microsoft has not specified when the next version of Windows 11 will arrive, though major updates have traditionally rolled out in October or November.
Steve Kleynhans, research vice president for Digital Workplace Infrastructure and Operations at Gartner, said the latest build of Windows 11 isn’t the “final release” in any real sense.
“This is a broader preview of the current build of the 22H2 codebase,” he said. “It is probably close to complete, but there is still likely to be some polishing and refinement in the coming months. Additionally, there are still some features that haven’t been released (like the Windows 365 pieces discussed back in April). Microsoft has a lot more flexibility in how it can deliver changes to the user experience without necessarily shipping a new build.”
It is interesting, Kleynhans said, “that Microsoft chose to move 22H2 to a broad preview this early — likely four months before it will be formally released. I suspect the hope is that enterprises will do some testing over the summer and potentially be ready to start broad deployments a little earlier than they currently plan.
“Most enterprises aren’t planning to do rollouts until well into 2023 — likely almost a year from now,” he said. “I suspect Microsoft would like to pull that forward to 1Q if at all possible.”
All that said, the current preview is “quite solid: and a lot more polished than the current 21H2 version, and because Microsoft is making it widely available, it shows a level of confidence on the company’s part that might entice some early adopters to take the plunge,” Kleynhans said.
In recent months, Windows 11 adoption rates have tapered off to a trickle, according to recent data from computer monitoring software provider AdDuplex and others.
The usage share of Windows 11 grew by less than 0.4% in April. That’s on top of less than 0.2% growth in March, according to AdDuplex.
While Windows 11 isn’t growing, Windows 10 21H2 added another 6.5%.
Microsoft has pushed to get users to upgrade to Windows 11, but the overwhelming majority have chosen to remain on the previous edition, which will continue to receive support until 2025.
Of the 80% using Windows 10, the largest number of users are on the two most recent updates, Windows 10 N21U (21H2), released in November 2021 (28.5%) and Windows 10 M21U (21H1), released in March 2021, (26.5%).
The remaining 25% are on five older iterations of Windows 10.
“For the most part, commercial customers are not really diving into the new OS, and we don’t expect to see much uptake there until 2023,” Kleynhans said.
“For most consumers who aren’t PC enthusiasts in some way, this is not really a high priority, and they won’t actively seek out the upgrade,” he said. “Until Microsoft starts forcing the upgrade, or at least more aggressively marketing it to users on eligible machines, things are bound to stall out a bit. I suspect we will see Microsoft start marketing the update more aggressively over the next few months and really start to push it in the fall.”
For its part, Microsoft said it has seen strong demand for Windows 11 with people accepting the upgrade offer to the OS at twice the rate the company saw for Windows 10, according to a January blog post by Panos Panay, Microsoft’s chief product officer for Windows and Devices.
