Friday, August 26, 2016

SurfaceBook's 1st Birthday approaching - How's it Really Been?

Hi all,

I've has lots of requests to update my judgement on the SurfaceBook. In this short update I try to go through my experiences and thoughts about the future.

In the beginning of November my 1 year guarantee will end and before that I'm luckily going to US as I have to return the device. The thing that amazed me the most is (not that surprisingly now that I think about it) actually the reason to take it back: The Hinge. Since a few months now the problem has been that when I crab the tablet part of the Book the connection between the tablet and the keyboard breaks. At home this means that for an annoyingly long 1 minute or so I lose my external monitor, LAN, keyboard and mouse. While training on Skype for Business or doing some webinars this much more dramatic as I lose the connection to my headset which then disconnects me from the call. If I'm presenting in a big conference I lose my connection to the projector so this is one of the biggest game stoppers for me.

Now a hinge can probably be repaired but now it's time to think about what I really need from the Book and why would I keep using it. This is not to include the reason of paying crazy amount of money for it of course.

What I need or don't need from the Book compared to others:

  • The Pen. This is what made me choose it over the Dell XPS 13.
  • The camera
    • I just can't live with the XPS's camera pointing at my fatter and fatter chin... That's just a looks issue but the technical is more important which is the compatibility with the Windows Hello facial recognition. Now I just realized I really need it only maybe four times a year as a fingerprint reader is more convenient for my use anyway. I now have an Intel RealSense R200 for my demos which is a lot smaller than the previous one I had which was the F200. The feature is FUN that's for sure but when thinking about my primary machine - not a game stopper anymore.
  • The Tablettability (I just came up with the term)
    • Adults honestly?? I only detach the tablet from the keyboard for the short amount of time when my plane takes off or lands. The time when you need to put your laptop away. Now with the iPhone 6s Plus I actually use that to watch videos for that short time so for the past two months I haven't detached it once except to brag to friends about the cool mechanics (that don't work anymore...). When I detach I lose all connections to projectors, all USB-devices, more than half of my battery, my external SSD and all the juice of the GPU in the keyboard base. The connection-thingy looks very neat but when I need to fold my laptop to a tent to draw for my students I need to detach and turn the tablet around which again means I lose all the connections for a while. So if you compare this to HP's devices or Lenovo's Yoga series, this is a really big disadvantage :(
So from the previous perspective I can probably live without the Book. Now what's still wrong with the Book after almost a year of ownership:

  • The USB-issue is still there :( So after every build upgrade of Windows 10 I need to install a false USB Controller and a USB Hub driver. That is to keep my external SSD's working.
  • The wireless issue is still there. SurfaceBook is still the only one of my machines that doesn't work with my wireless presenter from Logitech. That's not a game stopper as I have the Kensington BlueTooth one that works perfectly.
What do I now want:

  1. I still believe that the Book has huge potential and it is easily the coolest and best device from Microsoft that I have ever had. I can't wait to get the next one (I guesstimate it's 2017 spring) to see how it will be and will it make me a SurfaceBook lover again.
  2. I am going to buy something else.. If not before then at least after writing all down to this blog post do I realize I can make my life easier. I need a higly portable UltraBook with i7, 16GB or RAM, 8 hours of batterylife, 1TB SSD, a normal camera and at least a DisplayPort connection and a USB3 or 3.1 port. I don't need a tablet, I don't need a pen or a touch screen, I don't need a Windows Hello Camera, I don't need a USB-C only option for network/screens and I absolutely don't need a US keyboard...
  3. I think I'm going to get my hands on a Lenovo X1 Carbon and an X1 Yoga to start testing how my relationship after the honeymoon will be with either one.
Cheers,

Sami

Thursday, August 11, 2016

Biometrics – Have your fingers been pwned?


First to start with I believe biometrics are in many ways the future of authentication but sometimes people forget to think about the bad sides as well – when they get too excited. I wanted to take some time and write down my thoughts on this and related topics. I’m talking about Security Internals in Estonia this year (http://koolitus.ee/blackbelt/) and I started to gather my thoughts on current trends in security and that gave me the inspiration to write this article. One important trend in my life also changed dramatically this summer as I and my family moved to iPhones. I still think that Windows OS is the best one that there is for mobile phones but at some point the lack of stability and apps just threw me over the Edge. “Over the Edge” in this context is actually just funny if you ask me ;) The iPhone introduced me with the simplicity of using my fingerprint to authenticate to my phone and boy did I welcome this ease! After the honeymoon with my new iPhone I started to seriously consider about this. In the next few paragraphs I’m going to talk about some common questions/comments I get and some points that I don’t believe all people totally understand.

 

#1 Ease of changing a password

 

I hope all of you know the best website out there monitoring system breaches called http://haveibeenpwned.com/ It’s run by a fellow PluralSight author and highly appreciated security expert called Troy Hunt. So what if you lose a password as you just need to change it, right? Right. So now what happens if your biometrics get stolen? You change your finger? Or even worse your face or your retina? So to cut corners a bit you can only be ten times pwned when it comes to your fingerprints.

 

#2 Lack of true biometric data in Windows

 

This is what I hear quite often: “Why do we still need to use a password in Windows which is then protected by a PIN or a biometric info? Why can’t we yet in 2016 save the biometric data to Active Directory and just use that?” Think about the previous point and the bad thing about not using a password. If your fingerprint is value 400 and your password is value 400 we can calculate a value of 160000 by multiplying them. If I lose my biometric data to someone I just need to change the password to invalidate the result. So from this perspective I am happy that my true biometric data is not stored in my AD as it would make it more probable for someone to steal my true identity and a lot harder for me to recover when it happens – and it will.

 

#3 Difference between physical and mental proof of ownership

 

By law in US you can be forced to use your finger or your “face” to open your device. By law you cannot be forced to give your PIN code to open your device. I would say I have nothing to hide and I’m not a criminal so it doesn’t really matter but many people don’t like the fact that a device with a biometric protection can be used to incriminate you and one with a PIN code can’t.

 

#4 Why Windows wants me to use a 4 digit PIN code when I have a 16 character password?

 

When you install Windows 10 and start using any cloud related features it will ask you to change to using a PIN code even if your password would be a lot stronger mathematically. This is because this PIN code protects your password on that certain device. If your real password is stolen all of your physical devices can be used to access your data but with the PIN code only that one device is compromised. That is if you use a different PIN on different devices – As this has always been the suggested best practice I’m sure all of you adhere to it ;) BTW. If your computer has a TPM then that is used to store the PIN making it very secure but if you don’t have one then the PIN is actually just saved in the registry making it a lot less secure.

 

#5 How do I do it?

 

To finalize I believe it’s fair to share how I do it personally. So here are some of my best practices I know I use and I also really, I mean REALLY, have the strength to follow.

 

-          My Windows passwords are always passphrases that have at least 15 characters, have at least characters from three different character sets and have numbers in the middle. So for example Jakedrank16beers! is a very good password but easy to remember. Most people use numbers at the beginning or the end and that’s also programmatically a lot easier to break so put them in the middle. I’m not trying to play Mother Teresa here so next time Jake might have drunk 17 beers ;)

-          I protect that password with facial detection on my SurfaceBook and with different PINs on my tablets that don’t have a keyboard.

-          I will never buy a device that doesn’t have a TPM, and I’d prefer them to have an IO-MMU for future features.

-          When signing in to websites I have a strong base-password but I use the two first letters of the websites Top Level Domain name to make it more unique.

-          I always use a password manager. I prefer LastPass although I hate that they were acquired by LogMeIn and I know they have had their break ins. It is still the only tool that does everything I need.

-          I never logon as an Admin to my workstations! And my Domain Admins are always prevented by policy from logging on to any computer except Domain Controllers

-          And YES, on my iPhone I use a fingerprint – the ease of use wins in my case – at least with my personal phone.

-          If you would ask me what the secure authentication of my choice would be I would like it to be a PIN+Biometrics so I could have a strong protection, easily change the password, not forget my dongles and not too complicated a method to use.

 

Stay safe,

 

Sami

Wednesday, April 6, 2016

First PluralSight Course Published!

I am so proud/happy/excited to tell you that my first ever PluralSight course was published today!

You can find it here: https://www.pluralsight.com/courses/windows-how-its-hacked-how-to-protect

It's about how to hack the OS so my favorite topic :)

Hope you have already gotten your license to PluralSight as it is the Best VOD training site out there with thousands of courses at an easy to handle price!

Hope you can view and enjoy my video.

Sami

Wednesday, February 17, 2016

Best Speaker at Nordic Infrastructure Conference 2016! YES!!

Today Nicconf organizers had this to say:

We are proud to announce Best Speaker of NIC 2016:

Congratulations to SAMI LAIHO for outstanding feedback and performance! Your sessions rated extremely high with a large number of votes, and you also manage to combine a great sense of humor with deep technical and practical knowledge, which make your sessions highly appreciated.


YES, YES, YES - I'm super happy about this because I was in a crowd of so many of the Best speakers in the world and even honored to just get invited :) 

Here are the results (censored other than mine):

Tuesday, February 16, 2016

Sysinternals 20th Birthday Party this summer in Helsinki!

This is a short one I know but I need you to be in the front row to get this news! I have been given the permission from Mark Russinovich himself to host the SYSINTERNALS 20th BIRTHDAY PARTY in Helsinki this Summer! Seats are limited and there's an EarlyBird price so head to: http://www.sysinternals20.com/ We'll update the speaker list asap but already now we have both of the official Sysinternals Admin Guide authors:

WelcomeNote by Mark Russinovich

Keynote by Aaron Margosis
Session on Sysmon by Paula Januszkiewicz


I have never been this honored and excited to host an event :) JIIHAA!!!

Sami
Twitter: @samilaiho

Wednesday, February 10, 2016

Quick and Dirty Reinstall of Windows 10 on XPS 13

I just wanted to share this super easy and dirty way to do a clean reinstall on an OEM-installed XPS 13 (in this case it was the XPS but can be any OEM Windows 10).

  1. Use Johan's instructions on creating a fresh ISO of newest Windows 10: http://deploymentresearch.com/Research/Post/399/How-to-REALLY-create-a-Windows-10-ISO-no-3rd-party-tools-needed
  2. Create a bootable USB key
    1. Diskpart
      1. list disk
      2. select disk 1
      3. clean
      4. cre part pri
      5. format fs=fat32 quick
      6. assign
      7. active
    2. Mount the ISO (in this case shows up as e:\)
    3. xcopy e:\*.* f:\ /cherkyi
  3. On the OEM-installed XPS 13Run in PowerShell "Export-WindowsDriver -Online -Destination d:\drivers" while you have the USB key as D:\ on it
    1. This exports all 3rd party drivers to the USB
  4. Mount the install.wim with dism to add the drivers to the Windows image itself
    1. copy d:\install.wim c:\temp
    2. dism /mount-wim /wimfile:install.wim /index:1 /mountdir:mount
    3. Dism /Image:C:\temp\mount /Add-Driver /Driver:d:\drivers /Recurse
    4. dism /unmount-wim /mountdir:mount /commit
    5. copy /y install.wim d:\sources\ (or replace with other means)
  5. (You can repeat the previous for the D:\Sources\Boot.wim if you want to skip steps 7 & 8) 
  6. Boot the new machine with the USB
  7. If you can't find the disk so do the following
    1. Hit Shift+F10 to get to the command prompt
    2. Change to your drivers folder like c:\Drivers
    3. Run "for /r %i in (*.inf) do drvload "%i"
  8. Refresh the disk view
  9. Clean the disks and install Windows 10
So what this does is takes all needed drivers from the preinstalled OS and makes sure your new OS (and WinPE if you did the step 5) has the same drivers :) Your Device Manager should look quite nice without any additional steps!

Cheers,

Sami

Judgement day: SurfaceBook vs Dell XPS 13

Now it's time for the verdict :) Remember this is purely from my point of view as someone who travels 200 days a year and does presentations for living. This is just my opinion.

I'm trying to review features that really matter to me. It's easy to say that both are superb devices compared to many others as the 3000$ price tag would suggest.

For more specific figures and values read this: http://www.notebookcheck.net/Dell-XPS-13-9350-InfinityEdge-Ultrabook-Review.153376.0.html

I totally agree with it and it gives the common performance numbers that I've verified with the great (Finnish) PCMark tests.

Size with Accessories = What I need to carry

The Dell XPS is way more beautiful and compact. Seeing them next to each other I would easily choose Dell. That's not the whole story anyway when it comes to what I need to carry with me. I sit in the airplane and I'm usually first in the plane because I'm a priority passenger and I want get a place for my trolley. This means I sit in the airplane more than others and have more time to watch series before the seat belt light goes off. This time I need a tablet and Dell XPS won't do. This means it doesn't work by itself but I need to carry my Surface 3 etc. with me to be able to use it while the flight ascends or descends. With the SurfaceBook I'm good. I'll turn the keyboard under the screen and if someone still complains I just put the keyboard away. It's a very big screen so I am missing my kickstand to be honest. That's something I'll live with or buy a kickstand.

That's for the device itself but that's not all. I need a USB hub and wired network. That goes for both and the external devices for this are the same sized. I need DisplayPort adapter for the SurfaceBook. The one I have is from StarTech with VGA,DVI and HDMI. With Dell I need the USB 3.1 extender but it has VGA, HDMI and Ethernet. It only has one USB port so I need the Hub anyway. So both require two devices which are of equal size and weight in total.

I need Biometric readers to authenticate. With the Dell XPS this only means a thumb size USB fingerprint reader for my personal use. It doesn't take space but looks ugly. And it only allows me to authenticate but not to demo Windows Hello's Facial Detection. For this I need an external camera. With the SurfaceBook I'm good to go as it has the needed camera for both my personal use and demos. SurfaceBooks battery lasts twice as long for me as the XPS does. With the XPS I can get through flights but only with the Power Companion from Dell. So SurfaceBook is bigger but with Dell I need these extra things to carry with me: Powerbank, RealSense Camera, Fingerprint reader. The ones that I need to carry for both or are of equal size are not listed, like external SSD, power supply, mouse and a wireless presenter.

Working with the computer = What can I do with it and how well

Keyboard and touchpad on both are good. The only problem I have is the US keyboard on the Surface which really does heavily bug me. Performance is good enough on both though SurfaceBook beats basically every aspect and the SSD and GPU performance is WAY better on the Book. Now when it comes to presenting there are a few things that differ. SurfaceBook with the DisplayPort adapter has never failed me - it just works. Only thing I need to do sometimes is to change resolutions. XPS on the other hand only fails me :( The HDMI-adapter hasn't worked on any of my external screens without using Intel's application to set frequencies etc... The VGA I haven't tried on either one. For me the quick and easy use of external monitors and projectors is of huge importance. The next thing I need to do is draw on the screen while presenting. I bought this to work with the touch screen of the XPS at all: http://www.adonit.net/jot/pro/ I highly recommend it if you don't have an active digitizer - it's very good compared to any other I've tried. Now I can't rest my hand on the screen, I can't erase, I can't select and I don't get pressure sensitivity. All of these I get with the SurfaceBook. This is honestly one of the biggest differences for me between these two. To do my work I like to do it I need the Surface 3 as a companion for my Dell. Well I need it for the travelling time as well on the other hand. But getting that picture to show from two devices during a presentation - that's not always that easy. Next I need to run VMs. If you've read my previous blog you know how it works on SurfaceBook as well and I can say both run just as fine with nice SSDs and 16GB of RAM.

Fun and spare time = Which one I like if I don't need to worry about work

The Dell is awesome on the lap! Both have equally good speakers and screens. I'd rather have the XPS on my lap but honestly the battery runs out too soon for my liking... I like to sketch and draw sometimes so Dell won't do it for that either. And OH BOY do I hate the webcam placement on the XPS!! I knew I wasn't in perfect shape and have gained a few pounds but the XPS really makes sure I understand the seriousness of the situation... The webcam is situated in the lower left corner of the screen so it looks up to you below your chin and you have no contact what so ever with your family while on Skype...

The verdict

I know SurfaceBook has it's faults and I do hate the wrong keyboard layout but for my work the choice is actually quite easy at the end of the day: The XPS has to go! SurfaceBook is a keeper :)

Cheers,

Sami