Welcome to the MSP Radio newsletter, catching you up on some stories you might have missed! Each week we'll pull a few stories from the podcasts, give you highlights and insights, and make it easy for you to catch up on the latest news and commentary.
Share the newsletter and podcast with your colleagues, and help change the conversation around delivering technology services.
You May Have Missed...
The Microsoft CryptAPI patch
From Wednesday, Jan 15th's Business of Tech Podcast: Patch announcements aren’t usually interesting, and Patch Tuesday comes regularly for those managing Windows systems. The National Security Agency alerted Microsoft to a major vulnerability in Windows 10 and Windows Server 2016. The vulnerability in the Windows CryptAPI that handles cryptographic operations, would allow an attacker to quote sign a malicious executable, making it appear the file was from a trusted, legitimate source. END QUOTE
Department of Homeland security has released an emergency directive to alert the US private sector and government entities about the need to install this patch.
Why do we care?
I’m far less interested in the fact there is a critical patch than the change in strategy by the NSA. This vulnerability is the first time Microsoft credited the NSA for reporting a bug. This is also new terrority for the agency, who rather than holding onto the issue and using it for its own offensive tools, not only reported the issue, but issued its own security advisory.
Not so bold but necessary predictions. Large scale rollout won’t happen. It should, and I’m screaming here on my podcast that everyone should be doing it, and right now service providers who have customers under contract should be rushing this out the door, and there should be marketing campaigns, communications to help customers and promote proper security. This one is hitting the national (and international news) so it should be easy.
But it won’t enough. Roughly 200 days from now, we’ll have evidence this exploit is being used in bad ways. Why 200 days? Because that’s the average time it takes for hacks to be discovered.
I’m pessimistic because I’m not seeing enough collective outrage over the failures to implement. Microsoft and even the NSA have done their bit. Now it’s up to those in technology services to fix it, and the public to demand it.
In legal moves this week...
From Wednesday, Jan 8th's show: This year, Oracle and Google will face the Supreme Court. Last week, Google filed its opening brief with the Court. What’s the 10-year old battle over? APIs.
Oracle claims that Google stole part of its Java technology for Android, and Google disputes that, claiming APIs cannot be owned.
This week, Google has seen support in briefs from a wide spectrum of major players. This list includes IBM, Microsoft, Red Hat, the Electronic Frontier Foundation, the Mozilla Corporation, and computer scientists from MIT and Carnegie Mellon.
Also this week in legal news, the US Attorney General Bill Barr has demanded Apple unlock 2 iPhones belonging to the Saudi Air Force cadet who killed 3 people in Florida last month. Apple has insisted that while it is cooperating, it will not build back doors for law enforcement.
Why do we care?
This case is still a bit away, but we care because of the very broad-reaching implications. Oracle’s copyright approach would make everything about computing difficult. Google’s blog post sums that up pretty well. "Software interfaces are the access points that allow computer programs to connect to each other, like plugs and sockets. Imagine a world in which every time you went to a different building, you needed a different plug to fit the proprietary socket, and no one was allowed to create adapters."
I’ve been talking about the coming regulation – here’s one more story to be watching. We can add this to the pile too, as the Sonos vs Google battle is upcoming (which should give some legal guidance around platform power), and you can always watch Apple versus the Justice Department, which seems to come up every few weeks.
My thoughts on each. I think copyright and patents are over abused, and I very much come down on Google’s side when in regards to APIs. Software works well when it interconnects, and ecosystems and connectivity are the way opportunity is built.
And so based on that, I’ll also come down against Google when it comes to their battle with Sonos. It’s clear these platform companies are leveraging their positions to kill companies as soon as they become threatening. There’s a long list of those.
Finally, I’ll side with Apple on encryption. We’re safer because of privacy and encryption. There are plenty of companies who specialize in hacking devices like iPhones to break into encrypted data, and law enforcement has been using those for years. That’s the best balance rather than adding back doors.
Enterprise Computing Spend Hits a Critical Milestone
What critical milestone did Enterprise Computing Spend reach?
Live Stream after Karl Palachuk's SMB State of the Nation
Each year, Karl Palachuk does his SMB State of the Nation. I had some thoughts on his topic, and break down how to measure the financial success of vendors through the M&A process, among other topics. Check out the video below, and broadcasts go to Facebook, YouTube, and Twitch. Follow on one of those platforms to get live-streamed coverage as it happens!.
Technology is changing all the time, but public perception of technology has changed even faster. From the darling of society to recipient of public scorn, big tech has changed the conversation … and not for the better. What has happened to customers’ trust, and how does it change the way solution providers should position their services? What new services can be leveraged, and how can the apparent difficulties in the market be leveraged into real opportunity?
This webinar will provide attendees with guidance for the new reality of customer perception by showcasing:
How the market has changed
What the pitfalls are
How to create new service opportunities to stand apart from the crowd