Atlantic Business Technologies, Inc.

Category: Managed Services

  • Protect Your IT from a Dirty COW

    Imagine you lived in a luxury high-rise apartment. Chances are, you’d have things inside that home that are valuable to you (computers, TVs, jewelry, and the like)—not to mention your pets and family. Thankfully, your home is protected by an experienced doorman who never lets anyone in who doesn’t have your permission.

    Sounds secure—as long as an intruder couldn’t bypass the permission process. Unfortunately that’s exactly what’s happening with the Linux Dirty COW vulnerability. And to make matters worse, this risk has been present for more than nine years—so if you’re using any recent version of Linux or Android, you need to act now.

    What We Mean by Dirty COW

    Linux uses a Change on Write (or COW) approach to reduce unneeded duplication of memory objects. This works in conjunction with Linux’s Discretionary Access Controls to decide which users get read-only privileges or read-write privileges. However, this permissions framework can be bypassed if a cyber attacker manipulates the COW mechanism to alter read-only memory objects on the system.

    While this requires a payload to be installed and executed on the server, this COW exploit allows the attacker to modify and replace a secure command restricted to non-privileged users with a command that could provide root access to the entire system. Because the COW element is what’s been compromised, this attack is known as a Dirty COW. This vulnerability affects anyone using a version of Linux or Android released in the last decade—which includes millions of web servers.

    Now for the good news: there is a fix available. This patch will likely require a full reboot of your system (unless you have a special live-patch solution in place), so it’s crucial your IT team has a plan in place based on security and continuity best practices. However (and this is a big however), this vulnerability represents a major wake-up call for any organization that depends on interconnected web based systems—it’s time to get serious about your security if you want your business to survive.

    Get Serious about Web Security

    As web systems become more complex and interconnected, it’s always safe to assume that new vulnerabilities will emerge. What’s noteworthy in this case is the Dirty COW vulnerability is baked into the Linux system as opposed to being a completely external attack. This suggests application developers should no longer trust the integrity of a host server or kernel; instead, they should work to develop applications that protect themselves from attacks on the kernel.

    This makes it even more important to know that your web developers and hosting team are experts in IT security. You need a comprehensive security strategy that keeps attackers as far away as possible from executing arbitrary code on your systems. Before any attackers get close, they should have to first defeat your network firewalls, your intrusion prevention systems, your web filters, and the RBAC protections around your daemons.

    In short, it’s time for you to get serious about web security. If you’d like advice from our security experts, feel free to reach out to us on our contact page.

  • How to Set Up Umbraco Courier in AWS EC2 behind an ELB with SSL

    During a regular day at work, while working at an Umbraco 7 instance, a client asked me for an easier way to move content from development to production and vice versa. Any Umbraco user knows that any changes you make in development need to be replicated in production, unless you use a tool to do it for you. When it comes to tools, you have options: build your own tool (Umbraco gives you all the resources you need to build your own), you can use a third-party one, or you can use Umbraco Courier. I elected to use Umbraco Courier—it’s simple, £99 per site, really cost-effective, and if you meet their partner standards you get it for free.

    Setting up your Umbraco Courier is pretty straightforward IF you don’t have a complicated setup for your servers. Login to Umbraco > Developer > Packages > Umbraco package Repository > Lookup for Courier > Install; answer a few questions; go to the new Courier section and login to download your license and get going. But, in this case, the configuration was not that straightforward.

    Courier wasn’t accurately replicating the content that we employed it to replicate. The content wasn’t successfully transitioning through the URL rewrite rule and Courier wasn’t logging real information about the problems it was encountering. It took me working with three of their developers just to pinpoint the issue. Fixing it with our system would prove to be another challenge entirely.

    Let me walk you through this client’s infrastructure setup and explain the problems I faced that required long hours and serious headaches to correct. With an understanding of that framework it will be much easier to understand how I corrected the issue.

    The Root of the Issue

    After installing Courier on our dev server and configuring the courier.config with my three environments (localhost, dev and prod), the first error we got was:

    “Object moved”

    The stack for this instance might look like this:

    System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Umbraco.Courier.RepositoryProviders.WebServiceProvider.RepositoryWebservice.OpenSession(String sessionKey, String username, String password)

    This was really frustrating. The logs don’t provide any real information about the problem as Courier is, apparently, very convoluted regarding licensing errors.

    Important Note:

    The client setup contained an ELB, which was hosting the SSL, in front of the EC2 instances for both dev and prod, and it incorporated URL Rewrite rules to enforce the http protocol.

    How We Solved the Problem

    To address this Courier problem check for the following in your Umbraco code:

    • Client in AWS with load balancer
    • Server where site is hosted
    • Site has an HTTP to HTTPS rewrite rule which forces client to go from an open connection to a secure one

    Once you’ve confirmed this is the issue you’re dealing with, you can address it easily. First, ensure all servers that will have Courier installed are up and running. If your production server is not ready yet, then only include the servers that ARE ready to be tested in the Courier Config file. Next, modify the rewrite rule to ignore all the Umbraco routes.

    Once you’ve done this, Courier should be able to replicate your content accurately across instances and you can start taking full advantage of the software’s functionality such as large uninterrupted deployments to remote instances, custom automated deployment functions, and free open-source software.

    To Address Your Own Umbraco Issues

    While this step-by-step should help you correct this particular issue with Umbraco, we’re always eager to hear what other problems you may be encountering. Feel free to respond via email or in the comments section to highlight the Umbraco issues you’re currently struggling to remedy.

  • On Edge about Leaving Internet Explorer?

    Our Answers to Your Internet Explorer FAQs

    On January 12, 2016, Microsoft ended support for older versions of Internet Explorer (IE). For those of us in web development, this was cause for rejoicing—we now had fewer browsers to support.

    However, for the many organizations and businesses who have relied on older IE versions to run their applications and websites, this news left them feeling a bit on edge. At Atlantic BT, we’ve heard a lot of questions from our clients who depend on IE: Why is Microsoft ending support?  Which versions are affected?  What happens for applications that remain on IE? And (most importantly) what are next steps I should take?

    Though we don’t know why Microsoft made the decision to end support for older versions of IE, we can help with the other frequently-asked questions.

    What Does End of IE Support Mean?

    Companies like Microsoft announce the end of support when the company feels their product is at the end of useful ‘life’. This decision usually means the company intends to focus its resources on supporting and developing newer software rather than patching older versions.  

    For Internet Explorer, end of support means that Microsoft will:

    • Cease technical support
    • No longer provide downloads of the browsers
    • Stop security updates

    All of these changes are excellent reasons to transition your company away from older versions of Internet Explorer.

    Which Versions Are Affected?

    The end of support announcement affects several versions of IE. Specifically, Microsoft has decided to end support for IE 10 and all previous versions; while IE 11 will continue to receive security updates this year, Microsoft has announced IE 11 will be the last version of Internet Explorer.

    This makes it vital to transition away from Internet Explorer. If you’d prefer to stick with Microsoft’s browser, then you should begin using Edge, Microsoft’s new browser for Windows 10. Microsoft developed Edge to better compete with Chrome and FireFox, so it offers new features found in these browsers. In addition, Microsoft is offering free upgrades to WIndows 10 for a limited time.  Because only Microsoft knows how “limited” this time is, it’s important to upgrade sooner rather than later.

    What Happens to Applications Running on Unsupported Versions?

    Older versions of Internet Explorer will not be automatically uninstalled from computers. So applications running on unsupported versions can still run on old computer systems.  However, this is not recommended because of the risks involved, including:

    • The end to security updates. This risk opens the application or website up to vulnerabilities from malware or malicious attacks. This puts your business application and its data at risk.
    • Appearance issues. If a user attempts to open your application or website in newer browsers, there’s a strong chance your site will not look the way you intended. The user may experience broken images, misplaced buttons and text, and an interface that appears scrambled.

    What Are My Next Steps?

    Considering the answers to these questions, it’s important for your business to plan its transition away from older versions of Internet Explorer. As digital problems solvers, AtlanticBT can provide direction as your business moves to newer technology.  We can help you:

    • Evaluate your current web applications and website to determine the most effective way to upgrade.
    • Redesign apps and webpages using cutting-edge technology that works across modern browsers such as Chrome, Safari, Edge, and Firefox;  these web browsers provide faster and more secure access to websites and services.
    • Develop a solution that is mobile-friendly; this means being more accessible on tablets and mobile devices, unlocking another path for business growth and productivity.

    And once your application or website has been updated, we can help you to stay up-to-date. If you’re interested in learning more about how we can help your business transition away from Internet Explorer, please contact us.

  • Why Social Media Matters to Small Businesses

    Most small businesses don’t have the time and money to try every new online trend. While corporate giants can burn millions testing out the possibilities of a certain type of new advertising, or pour cash into a marketing campaign that may or may not get off the ground, entrepreneurs and small business owners can’t afford to risk resources like that. If they want to compete and succeed, they have to be ruthless in deciding what kinds of investments to make with their hard-earned time and money.

    It’s no wonder that many of them haven’t decided whether try to find new customers through social networking sites like Facebook, LinkedIn and Twitter.

    These online destinations don’t do a great job of allowing for direct marketing opportunities (although Facebook does offer its own advertising service), and they often seem dominated by Fortune 500 competitors, celebrity self-promoters, and a small army of men and women who spend their days immersed in online marketing. So, does social media really matter to small businesses?

    Our answer would be that social media especially matters to small businesses.

    The reason is simple: from marketing perspective, the advantage of using social networking sites is that you get a chance to cut through the clutter – that is, the normal course of “corporate speak” that so many people have gotten to be so tired of. People don’t go to social networking sites to read ads or press releases; they want to stay in touch with friends, make contact with vendors and professionals who can help them one-on-one, and just be entertained. These are all areas where small businesses have enormous competitive advantages over their corporate counterparts.

    If you have yet to make social networking a part of your small businesses marketing strategy, here are a few tips to help you get started, and to compete with the bigger players:

    Be people, not organizations. Lots of people want to be friends with you, but few are interested in joining up with a faceless organization. Make sure your social profiles emphasize the people in your company and encourage customers to get to know them. You’ll be able to make a lot more progress if users feel like they’re reaching another human, not a marketing or customer service department.

    Develop a brand and voice. Really, this comes down to fun. If what you say, post, and share is entertaining, people are going to come back. Make a habit of finding something funny, or at least offering a message with some insight. Pretty soon, these will become a part of your brand, a voice that other social media users will look forward to hearing.

    Start slowly, but move consistently. There’s no reason to turn your company upside down if you just want to dip your toe in the social networking tool. There’s nothing wrong with setting up a few profiles, devoting 10 minutes a day to making contacts and updating messages, and seeing what happens. Just make sure that you get started, and don’t let your activity drop off completely. Social networking sites thrive on going conversations, so don’t go long stretches without saying anything.

    Whisper your marketing message. Facebook, LinkedIn, and Twitter are no places to go shouting about your low, low prices or some other special. Instead, use these forums to have a little fun, share some insight and advice, and ever so quietly mention once in a while that you or your products are available. If the rest of what you have to say is interesting enough, people will take notice and respond accordingly.

    Integrate social media into your overall marketing plan. One of the biggest social media marketing mistakes we see – in companies of all sizes – is using those sites in a vacuum. There’s nothing wrong with hoping your online profiles and messages will bring you new customers and clients; but make sure that what you’re doing and saying this supporting other things you have going on, as well. If you frequently have sales at your retail locations, mention them online (but again, without resorting to straight advertising.) Or, if your normal way of finding business is through business journal columns, be sure to mention them on social networking sites. The point is that everything you do, online and off, should be pointing in the same direction.

    Social media sites are one of those places where small businesses have a distinct advantage over large ones. Follow these tips, use your online profiles and messages to support your other activities, and you’ll soon begin to see why.

  • The Mobile Web Revolution: How the Past Can Shape the Future

    You already know that mobile web access has taken the world by storm. But can you believe that according to Portio Research there will be 5.8 billion mobile subscribers worldwide by 2013?* As tens of millions of customers flock to upgrade their equipment and access the web from anywhere, companies are scrambling to get mobile versions of their sites online. That makes good sense, but many of them would be better served by taking a moment to remember the lessons they learned from the last decade.

    Mobile Websites Are New, But Optimization Rules Aren’t

    What we’re really talking about here is search engine optimization. Just because there’s a new mobile version of your site out there doesn’t mean that you can forget about all of those critical keywords and phrases that were so important for getting you traffic in the past. Sure, you might have smaller versions of your pages, but it’s important that you make sure they are just as packed with the important stuff as ever. That means the right content, inbound links, alternate text for images, and all the other great stuff we all know and love.

    It’s All About How You Serve Up the Message

    It’s also important to remember that mobile users are looking for a totally different experience from the average desktop user. Think of it this way: if you needed a quick lunch to eat while traveling to a meeting, you probably wouldn’t order a steak dinner. The same is true with your mobile website content. Since phones aren’t used like your PC, you need to make sure usability of your site and the findability of your information is straightforward and clear. Your mobile users aren’t looking for a leisurely browsing experience – they want to get in, get the information they need, and get on with it.

    There’s No Such Thing as a Standard Smartphone

    Also, don’t forget that depending on the user’s smartphone, your screen rendering will really vary. Like the differences that various browser screens can offer on a desktop model, a user viewing your site on an iPhone will have a very different experience than one viewing your site on an older stripped down Samsung. So prepare to spend more time debugging your smartphone user experience than you would with a typical browser.

    Keep Forging Ahead

    Just like the Internet was 15 year ago, mobile Internet access is continually evolving the way we engage with customers going forward. Once again, marketers are faced with a medium that they want to embrace; they’re just not sure where to get started. Our advice:  go back to the basics and keep in mind that none of these changes mean we can turn our back on Internet history – or even a few simple keywords.

  • How to Become a Meeting Whisperer

    Every day, there are 11 million formal meetings in the United States. That’s more than 3 billion meetings per year. By one estimate, this means that the average professional spends 37% of his or her workday in meetings. That’s a lot of time. As project managers, it is up to us to set up our meetings for success and make the best use of everyone’s time.
    When I think of someone who’s an expert in taming problems, I think of Cesar Milan, the dog whisperer. He’s a master of controlling wayward animals with a simple click of the tongue—a small gesture that makes a big difference. That in mind, it’s time for project managers like us to become meeting whisperers, taking the small but important steps needed to control wayward meetings.

    How Meetings Lose Their Way
    When was the last time you walked out of a meeting thinking, “Wow. That meeting was incredible!” Most likely you’ve left feeling drained and with an action item of a follow up meeting. But it doesn’t have to be this way. It’s up to you, project manager, to not be the main culprit of bad behavior. If you’ve ever set up a meeting and did/thought any of these things, your meeting could be a waste of time:

    • Who needs an agenda? I’ve got this.
    • I don’t need to explain why we’re meeting. We’ll cover that in the meeting.
    • I can squeeze another one hour meeting between my 2 o’clock and 4 o’clock. It’s not like I need to prep the room.
    • It’s cool if people use their phones/laptops during the meeting. I know they’re busy.
    • This collaborative meeting is turning into a one-man show, but I can’t interrupt him. That would be rude.
    • Is this phone working? Why is nobody talking, and why are they all looking at me?

    Become A Meeting Whisperer

    Scheduling a meeting shouldn’t be taboo. Your meeting shouldn’t be unproductive or uninspiring. It should be to the point, drive results and get things done. Here’s a helpful checklist to make this happen. What project manager doesn’t like a checklist?

    1. No Agenda | No Meeting

    If you walk into your meeting and you don’t have an agenda, your meeting will not be productive. Instead of getting things done, you just charged your client money to talk to your co-workers about their weekend plans. Create a firm agenda with a desired outcome and plan, then send it out with your meeting request. Remember to be flexible, but having a set agenda for the meeting sets you up for success.

    2. Have A Set Meeting Time Every Time

    When you plan a project, you know there will be demos with the client. You also know that weekly check-ins lead to success. Plan for these meetings, and schedule them at the same day and time every week. This gets both your team and your client into a rhythm. It also guarantees your developers will always have their next release in mind and helps them avoid unexpected disruptions of their work.

    3. Think Like A Boy Scout

    Follow the scout motto and always be prepared to handle possible technology and room issues. Give yourself enough time to set up the room, clean the whiteboard, and make sure you can start your meeting on time. If you are using a conference line, dial in early. If you need to walk through a presentation, have it on screen as people walk in. Set out copies of the agenda on the table. Taking time for these preparation tasks will help you start your meeting on the right foot.

    4. Assign A Note Taker

    If you are running the meeting and doing most of the talking, then assign someone to help you take notes. If you are operating as the facilitator, then assign yourself as the note taker. Don’t be afraid to pause the conversation to let everyone know you’re jotting down what they said. Repeat back key points. At the end of the meeting, share out your meeting notes so everyone is on the same page. This will help your team leave the meeting ready to work instead of feeling drained and unsure.

    5. Please Mind The Clock

    It’s up to you to control the pace and respect everyone’s schedule. If you scheduled a meeting for 30 minutes, start wrapping it up at the 25 minute mark. Use your agenda to time-box the meeting and set a end time. Time-boxing will discourage the group from wanting to ramble. It will also reveal if a topic is too large to cover in one session. If a topic starts to run long, carve out time for a micro-meeting to stay on schedule.

    6. Leave Your Cell Phones At The Door

    Messing with your cell phone during a meeting is disrespectful. We understand how busy everyone is, but the world will not end if you go for 30 minutes without a phone. At the start of the meeting, ask everyone to stay off their phones. If there are a lot of laptops, go around the room and ask everyone to identify how they will be using their laptop. If it’s not being used to bring value to the meeting, ask them to close it. These measures sound strict, but they’re essential to keeping everyone focused in the meeting.

    7. Be The Enforcer

    If you called the meeting, you control the pace. We’ve all experienced the meeting hijacker—a person who takes advantage of having everyone in the room to interject his/her own agenda. This can rapidly eat up important time while distracting from the purpose of the meeting. If someone interrupts the agenda, it’s up to you to speak up. You can diplomatically interrupt to get the meeting back on track. Listen to his/her point, express appreciation and then suggest tabling that topic for another time. Engage with the group and be a facilitator.

    8. Leave With A Plan

    What project manager doesn’t love action items? The most successful meetings are those that end with actionable tasks and a clear understanding of what’s expected. At the close of the meeting, recap what was discussed, address each person by name who has a takeaway, and get their confirmation that they understand what’s expected of them. After the meeting, send out a recap email. Don’t forget to thank everyone for participating.

    What’s Your Approach?

    Ultimately, we project managers are the ones responsible for the success of our meetings. We can prevent our meetings from being a waste of our colleagues’ and clients’ time. Becoming a meeting whisperer doesn’t mean being bossy or condescending; it’s simply about being respectful of everyone’s time.
    We all have our own style and rules to live by when it comes to meetings. Some of these techniques may not work for you, but they should give you new ideas on how to transform your meetings. Do you have any tips or suggestions you’d like to share? Atlantic BT would love to know!