Thursday, May 16, 2024

Why?

 

This is a question that I ask so often and the reason I do that is to get an answer that I think someone knows, but I am not certain.

As a documentor being able to ask someone why they are doing something in a specific way can help provide either an answer to that standard question or it might not. I have asked that question before and the answer I got back was “Because it’s how it’s always been done.” In some many jobs you are taught by someone how to do a specific task, and you will continue to do it that way because that is how you do it or at least that is how the other person did it. It is amazing when you can look at the specific task and take it apart step by step that you may find an easier way of doing something. For me, I will sit and listen to the person explain the task and make lots of notes and then see if there is an easier way to do that task and get

This is a question that I ask so often and the reason I do that is to get an answer that I think someone knows, but I am not certain.

As a documentor being able to ask someone why they are doing something in a specific way can help provide either an answer to that standard question or it might not. I have asked that question before and the answer I got back was “Because it’s how it’s always been done.” In some many jobs you are taught by someone how to do a specific task, and you will continue to do it that way because that is how you do it or at least that is how the other person did it. It is amazing when you can look at the specific task and take it apart step by step that you may find an easier way of doing something. For me, I will sit and listen to the person explain the task and make lots of notes, and then see if there is an easier way to do that task and get the same or even better results.

When you can ask that simple question of “Why do you …” it will make people think about why they are doing something and how they are doing it. It is a matter of sitting back and thinking about a process and how it might be done differently. Also asking the question, “Why?” can help with building the documentation, especially if there are specific steps that are required. In some jobs there are specific tasks/steps that must be performed and for a lot of people they just become routine, and they don’t think about them at all and sometimes can't remember the steps outside of doing the steps (autopilot isn't always the best).

Here are several different ways of asking questions that will give you different answers.

  • Why do you do this specific step before another step?
  • Why do you do have to take copies of the item so many times?
  • Why does it work that way?
  • Why can't you do it a different way?

It is always fun when you can sit back and think through a process and see ways to improve it, even if they are just small changes. Some of these small changes can make the process a lot easier to do and maybe even faster to accomplish.

Why, seems like such a simple word, but it can spark a conversation that will provide a lot of information. Yes, there are times when I may sound silly asking that question quite a few times, but the more detail I can get, the better documentation I can do. Sure, just watching a person do a job is one way to document it but understand the steps and why they are doing something is also a key part of understanding the job so that it can be documented.

So, next time you hear me ask “Why” understand that I am trying to make sure that you also know why you are doing a specific task a specific way.

Thursday, May 9, 2024

Why blind copying recipients in emails is a good idea

Recently, I received an invitation to a Zoom meeting/interview, (for a volunteer board position).  It made me feel good, knowing that I had at least got a change for the interview.  Nice, I made the first cut, but then my security senses start seeing some issues that concerned me.

Here are the issues that concerned me with the invite:

  1. The invite to the Zoom meeting was sent to everyone in one email, and all applications were in the main address to field.  The applicants were not blind copied, which now shows each person who else has put their hand up for this position.

    1. It should have been blind copied to each of the applicants, so that they don’t know the email addresses of the other applicants. When you are sending an email to a non-team bunch of people, you should always blind copy to protect each individuals' privacy. This is also an HR level confidentiality issue of providing email addresses to others that may not have it, and they now know who their competition is. 

  1. The interview was going to be a single Zoom call and each person had 15 minutes for their interview before the next person was to sign-in.

    1. It would have been a better idea that each interview was done via a separate Zoom invite/meeting, so there was complete isolation from each individual.

    2. 15 minutes is not a lot of time to answer questions about a position, given there was no job description ever provided. Sure, a Treasurer position you can figure out the basics of the position but is there a term, and of course a lot of the other things. What is really required of this Treasurer role?

    3. What was stopping the rest of the individuals that are being interviewed to sign on early so they could watch the other person getting interviewed?

The basic courtesy when you are sending an email to a bunch of people that do not know the involvement of each other is to blind copy them instead of putting each of their email addresses in the to field. Also, if you are going to be interviewing different people, I would recommend that there be three different invites sent out to three different Zoom meetings. It might mean a bit more work for the individuals doing the interviewing, but at least then each person has their own meeting and not part of another person’s interview.

Blind copying people in emails is always a good idea when you don’t want each person to know who else has been included, and it is also a good security measure so that email addresses cannot be shared with others or possibly compromised if another person’s email account is compromised. So, next time you are wanting to talk to a group of people that probably don’t know each other or their involvement, I would blind copy everyone to ensure that privacy and security is part of the communication.

PS: the outcome of this was that one person immediately pulled because they thought they would be the only one, and then I pulled after drafting this and then letting the organization know my concerns about how things were handled.

Thursday, May 2, 2024

Addressing training needs of a small business

There are so many times that we hear someone say that they don’t have time to work with their staff to get them up to speed on the various tasks that the individual needs to do. They are too busy doing their own job to show someone what the new hire or new promotion person needs to do. It is something that can be easily resolved that will save you time and energy in the long run.

One of the simple ways of making sure that the new person will feel comfortable with their job, is to ensure that there is enough information available to them. So that if/when they run into an issue, they can either know where to go to get the answers or be able to look up some of the common issues that arise. A simple method is to have some documentation available, so that the person can understand their job and what is expected of them. Sure, that might take a bit of time initially to get written up, but once it is done it is easier to keep it updated, and it's a reference for you as well. Trying to get this done when you are also trying to do your own job can be nearly impossible. Having someone that can assist you with that needs can solve a lot of problems of getting the initial documentation going.

Writing documentation, manuals and training notes is something that is available through Konecny Consulting. Let us work with you to figure out what your needs are and if we can assist you in making it easier to ensure everyone is trained and knows their job.

Ideas of things that we can assist with are:

  • Quick tips
  • Lesson plans for training
  • Procedure manuals
  • F.A.Q.’s
  • Other documentation as requested.

These are just a few of the offerings that we have, so why not reach out to us and see if we can assist you in moving your training notes, etc. forward.

Thursday, April 25, 2024

Does my small business need policies or procedures?

The simple answer to this question is yes, you do. If you have even a couple of employees, having some good guidelines is important so that everyone knows what they should be doing and what needs to be done. A small company will need very few, as it is easier to scale up than having nothing when an issue arises. You probably have a lot of them in your head, but other's need to know and understand them.

Having some documentation about some of the standard questions is a good idea because then everyone gets the same answer, which is very important. Some of the guidelines that should be outlined are:

  • Vacation – how much time off do I get and am I entitled to vacation?
  • Hours – what are the standard hours of the business?
  • Overtime – if I work overtime, am I paid for it in money or in lieu time?
  • Personal time off – is this allowed or is it again either my vacation time or I don’t get paid?
  • Sick leave – what is the policy about sick leave, one day versus many days?
  • Social media and personal communications during work hours

These are just a few ideas of guidelines that should be documented so that everyone understands what is required of them. Knowing that everyone has the same understanding is important because it means that everyone is working with the same knowledge.

When you are a small business, it is still a good idea to make sure that you have some documentation, even if it is just one or two of you. Documentation will help remind you of decisions that were made, or also what steps are required to preform a specific or infrequent task. Having some guidelines when you are a small business means that as you add or change staff, it is a lot easier to just continue adding to the guidelines instead of suddenly realizing that you don’t have any and everyone thinks differently about how things are done.

One of the biggest guidelines I am now noticing that maybe no one wants to address is the social media during work hours. Making sure that you have something that outlines what is and isn’t allowed in regard to social media. Can any employee post on behalf of the business, or is it up to one individual to do that posting. Can an employee spend quite a bit of their time checking Facebook, Instagram, TikTok or any other social media during their work hours? If checking social media is part of the job, sure it can be done, but it needs to have guidelines.

Having some guidelines and procedures is always a good thing so that everyone knows what is acceptable and what isn’t. It helps make the business run a little smoother because everyone understands what is expected of them. Sure, the guidelines and procedures don’t have to be as detailed as if you are big business, but they are still needed. It is harder to discipline someone for doing something you don't like if you don't have policies written down, communicated and available to all staff.

If you are uncertain where you should start, you can always reach out to us, and we will try and assist you in making sure everyone in your business understands what they should and shouldn’t be doing to support your business goals.

Thursday, April 18, 2024

Moving a GroupWise System

Through the life of a typical GroupWise system, it will likely move platforms at some point. No fancy migrations needed as all the database changes get done in place.

This could be hardware replacement, changing virtualization types, to hitting the limits of the OS at the time of the original installation. After all, you can only upgrade a box so much before there become issues with the OS. Even when you otherwise love that OS, a new install gains you so many of the advantages of it that are blocked in just upgrading it in place. Any GroupWise system of any real age has likely been moved a few times, such as from NetWare to NetWare to OES to OES

For this document, I will stick to current (late SLES15 era) and most common GroupWise hosting OS, with pure SLES or OES (built on SLES). Assuming GroupWise is the only application on the system so that the old box can be retired, and running an incremental copy of some sort. Imaging the data such as moving/copying a virtual drive can be done as well. This is for any and each server with a Domain and/or PostOffice on it. A GroupWise upgrade can be a part of this process if desired, but is assuming at least a GroupWise 2014 or greater source system.

This process allows you to build the new server in advance, and get the bulk of the files copied over in advance without downtime as those OFFILES are bulky, don't change much, and take a while (possibly many hours) for that initial copy. You are typically just looking at a couple of hours of downtime for the final move, under an hour if all goes smoothly.

Pre-migration is a good time to make sure your GroupWise maintenance is running properly, also check the results and files that are not part of the GroupWise system are removed from the GroupWise folders.

Build the new system with a different IP from the old server and a separate logical drive for GroupWise, either as NSS or XFS. Both are excellent options, both needing specific settings made, ideally at creation. NSS needs Salvage turned off, XFS (or any DB safe Linux type) mount points need the noatime and nodiratime set for optimal performance.

  • Install GroupWise, but do NOT configure it!
  • Restart the server at least once before the final migration to really finish that install.
  • Copy the data with either rsync or dbcopy. rsync is very native with any Linux and is worth knowing for all platforms. I find it is the faster and easier of the two. It does every file that has ended up in the source (junk included) and doesn't get you restorable db files if the GW Agents are running, which is not a problem with such a migration. DBCopy requires a mount point to the new location to work, only does GroupWise files, is slower, and doesn't delete files. A script of the combination of them make for a decent low budget backup. Example in the Community.  
  • Both tools can and the one you choose should be used incrementally, with a primary full copy of both the Domain and PostOffice folders, making sure the size at the destination is about what you see on the source. Identify any notable differences, as there may be issues to take care of. You can/should do this in the days leading to the actual flip outage of a couple of hours. If different versions, it tends to be best to use the newest dbcopy if you are using it, otherwise the direction of copy doesn't matter much.
  • Easy comparison tools:
  • # du -h --max-depth=1 /GWdomain|GWpostoffice (the PO will take a while due to OFFILES)
  • or install and use ncdu from GWdomain|GWpostoffice folders

  • Is your GroupWise system the same IP as the server it is on, this is where we will change that. It makes these moves so much easier, is mandatory if you were to go to cluster services (where I learned this trick), and is how the containerized future of IT generally works.
  • On the new server, make sure the /etc/hosts file has the GroupWise agents as FQDN entries as needed for GroupWise since 18.4, and that they match what you have in the agents' settings.

  • On the new box, make sure the GroupWise agents ports are all open on the Firewall. Firewalls on servers are becoming less and less an option in the whole Zero Trust path of things.
  • Firewall ports references
  • on MTA system: 7100, 7180, 9710
  • on POA system: 1677, 8301, 7181, 7101, 7191, 9711,
  • on GWIA system: usually an MTA set and 25, 9850
  • For the final migration, make sure the source server's agents are shutdown, and preferably can't be turned back on
  • # rcgrpwise stop
  • # systemctl disable grpwise.service
  • perform the final sync
  • While that final sync is running, copy the following files to the new system.
  • /etc/opt/novell/groupwise/gwha.conf
  • /opt/novell/groupwise/agents/share/gwdva.dva
  • /opt/novell/groupwise/certificates/*
  • # scp /etc/opt/novell/groupwise/gwha.conf root@DestinationServer:/etc/opt/novell/groupwise/
  • scp /opt/novell/groupwise/agents/share/gwdva.dva root@DestinationServer:/opt/novell/groupwise/agents/share/
  • # scp -r /opt/novell/groupwise/certificates/* root@DestinationServer: /opt/novell/groupwise/certificates/
  • Once the sync is complete, remove the secondary IP from the source server if already using such, or down that server.
  • Add the secondary IP to the new server
  • # systemctl status grpwise.service
  • may not be enabled yet. enable it and start it
  • Test system, can you send & receive email, and manage the system
  • A reboot to make sure it all behaves is a good thing as well.

If this feels overwhelming, and you are in Canada, please reach out to us, as we can help. For other feedback and comments, post a comment below. 

Tuesday, January 30, 2024

Is your email system ready to keep delivering email as the spam wars escalate?

Google's new restrictions on the email they will accept starting February 1st 2024 are just good practices we should be following.  But what are they really, and how can we make sure they are in place?

This applies to any sending email system, whether on your own servers, or hosted in the cloud such as with Microsoft or Google, to be successfully delivered. 

The pieces have all been here for a while as good optional settings, but now Google is just the first enforcing them:

  1. The IP address of the server(s) your mail comes from must-have a reverse lookup.  PTR
  2. The server must have a functioning encryption running.  STARTTLS
  3. You must have published where your domain's mail is coming from.  SPF
  4. Your server has to sign the message (like a wax seal).  DKIM
  5. You have to publish your domain's alignment rules for #3 & #4, and where to send reports. DMARC
Note:
#3 & #4 are either/or for low volume senders, but both must be there for high volume senders.
#5 is mandatory for large volume senders.

It is a good idea to get all of them working, as inevitably, we will need to have this for all systems. #5 is the part that ties SPF and DKIM together to close the loop holes the spammers found in them. 

How to check:

Much of this is checked in DNS, checking the header/source of an email from the system, and talking directly to your mail server from another "mail server".  

  • You can see if your system is good to go, or if you have problems by sending an email to a Gmail account you can log into. For each message in Gmail, you can check much of the status of a message that was sent to you, as to how the sending system was working or not at the new levels, at the time the message was sent.
  • in Gmail, open the message,  then from the message 'more' stacked dots, select "<> Show original
  • This view will show any results for any SPF, DKIM, or DMARC settings that are in place. If doesn't show, then that protection level doesn't yet exist for that internet domain or mailserver (i.e. it needs to be added).
  • To check if it was encrypted, Ctl-F(search) for TLS, and there should be at least one (such as TLS1_3 or TLS1_2) for the connection from the sending server to Gmail's first server in.   

Summary:

Google is just the first, Yahoo! and AOL have committed to doing the same thing very soon, and Microsoft won't be far behind (looks like they may just be letting the others take the heat for being more secure)

These are also all good things to check and filter at your inbound / receiving mail systems.

Offering:

Would you like someone from outside your organization to validate how ready your organization is for these upcoming changes. Konecny Consulting for $99CDN + HST (payment via credit card) will do this checking for you. To engage with us please complete the contact form and we will get back to you. This offer is available to organizations within North America.

 


 

Thursday, January 18, 2024

Google making major changes to email acceptance requirements

Will your email be blocked by Google, or are you ready for the changes they are making? Google will be blocking emails from weakly configured systems as of February 1st, 2024. Make sure your system isn’t one of them that will be blocked.

Starting February 1st, Google will be imposing requirements on any emails being sent to a Gmail account.  They are asking for you to have some basic email system hygiene in place for your mail system.  If you are at all responsible for your own domain (the part after the @ symbol, such as username@gmail.com), then you must pay attention, whether you have an email server in your own data centre, or your email is hosted such as with 365 or Google.

Two other large email systems (Yahoo! and AOL) have already stated they are following in Google's footsteps, Microsoft is expected to follow before long.

These are Googles new requirements as of February 1st, 2024, and your email administrators need to make sure they are in place:

  • All your outbound email servers must now do TLS encryption.  Without this, your email can be intercepted and read, or worse. There are still so many systems running without this, as it is Not a default on most of the ones you setup yourself.  Most hosted solutions do have this already, but not a bad thing to check.
  • For systems with lower send rate, you need at least one of SPF and/or DKIM setup and working correctly.
  • For systems that sometimes send more than 5,000 messages a day to Google Mail servers (including their customer domains they are hosting), then you must have both SPF AND DKIM working correctly AND DMARC setup.

 The most basic SPF and DMARC records you can setup for you domain is (in standard BIND notation):

@ TXT "v=spf1 a mx ~all"

_dmarc TXT "v=DMARC1; p=none; rua=mailto:{emailAddress2processReports}"

That SPF record is NOT guaranteed to work, as it must identify your email server(s). That DMARC record is very safe with an email address that does accept mail. Checking DKIM requires a proper analysis of those DMARC reports, though some spot checking can be done looking at the source header of received messages. 

For more details of Google’s current requirements, including the other 'little' details, read their "Email sender guidelines." https://support.google.com/a/answer/81126

Expect Google and others to increase their requirements in the future, such as the number of messages per day trigger point to be reduced, as well as requiring DMARC enforcement (not just reporting).

Yes, this can seem overwhelming. If you would like some assistance checking to see if your email system is ready for this major change, we may be able to assist you. Please reach out to us and we can discuss this with you.