Tag Archives: I’d

Welcoming and retaining diversity in cybersecurity

I doubt I’d be in the role I am now if leaders at one of my first jobs hadn’t taken an interest in my career. Although I taught myself to code when I was young, I graduated from college with a degree in English Literature and began my post-college career in editorial. I worked my way up to Assistant Editor at a math and science college textbook publisher located in Boston, Massachusetts. I was responsible for acquisitions and training on the software that that the company distributed with its textbooks. The senior editors sent me to a conference in Florida to train the sales team on how to present the software to professors. This is where I met Jennifer. Jennifer headed up the network and IT support for our California parent company, and because we shared a room at the conference hotel, we got to know each other, and she saw me present. This interaction proved pivotal. When the publisher created a new position to support a network of AS/400s, Jennifer talked me into applying—and yes, she did have to talk me into it! Like a lot of young professionals, I was intimidated to take on such a different role. But I’m so glad she was looking out for me. It was the start of my career in technology, which ultimately led me to Microsoft.

My experience is a great example of how individuals and company culture can influence the trajectory of someone’s career. To celebrate Women in Cybersecurity month, Microsoft is exploring tactics to increase diversity in the tech industry. In the first post in the series, Ann Johnson wrote about mentorship. In this post, I share some ideas for cultivating the diverse talent that already work at your company to build a strong and diverse leadership team.

Retention is as important as recruitment

When we talk about the lack of diversity in tech, much of the conversation focuses around hiring. And it’s true that we need to dramatically increase the number of women, non-binary, and people of color that we recruit. But if we want to create more diverse technology teams, we also need to address the talent drain. Too often smart technologists with nontraditional backgrounds drop out of STEM careers. Studies have shown that up to 52 percent of women leave technology fields. This is nearly double the percentage of men who quit tech. And for those who think it’s because women don’t enjoy technology, 80+ percent of women in STEM say they love their work. The problem often comes down to culture. Which means it’s something we can fix! I’ve worked with and managed many neuro-diverse teams and here’s what I’ve seen work.

People aren’t books

One of the most famous pictures of Einstein shows him with his hair in disarray, sticking his tongue out. If you didn’t know he was one of the greatest thinkers in the world, you might assume he wasn’t the fastest electron in the universe. Or what does it say that many of us didn’t discover Katharine Johnson, another brilliant physicist, until 2017 when the movie “Hidden Figures” was released.

Our collective mental model for what an engineer or scientist is supposed to look and act like doesn’t reflect reality. Some people have purple hair, some like to work in yoga pants, some listen to loud music on headphones all day, or have creative face tattoos. And many are women or LGBTQ or people of color or disabled. People’s race, gender, appearance and work styles have no bearing on whether they are a hard worker or a valuable contributor. We know this, but often we don’t realize we’ve made a judgement based on unconscious biases.

How to address: Don’t judge people by their “covers.” This starts by acknowledging that your biases may not be explicit or intentional, but they still exist. Listen to what people say. Evaluate the work they produce. Observe how they collaborate with others. These are the indicators of the value they bring. And keep in mind that people who’ve been conditioned to believe that technology isn’t for them, may not exhibit the level of confidence you expect. It doesn’t mean they can’t do it. They may just need a little more encouragement (thank you, Jennifer!).

Women often leave jobs because they feel stalled in their careers. In one study, 27 percent of U.S. women said they feel stalled and 32 percent were considering quitting in the next year. For a variety of reasons, unconscious bias results in straight white men getting more opportunities on high profile projects, more ideas greenlit, and faster promotions. As a result, women get discouraged, do not feel supported and look for other opportunities. That is why in the previous blog, we focused on mentorship.

How to address: Be a champion for women and other underrepresented groups in your company. My relationship with Jennifer is a great example of this. She took an interest in my career, identified an opportunity and helped me get to the next rung. Our relationship was informal, but you can also create a structured sponsorship program. The goal is to go beyond mentorship and become an advocate for promising women, people of color, and other underrepresented groups. Use your influence to get them the right projects, the right advice, and the right exposure to help them advance their careers.

Nurture unique thinkers

Back when I was a manager at KPMG, we used to try to hire people who “think outside the box.” But the tricky part about hiring out of the box thinkers is that their ideas are, well, outside the box. Organizations often think they want people to shake things up but in practice many are uncomfortable being challenged. This leads them to quickly shut down bold new ideas. When original thinkers don’t feel valued, they take all that innovation and creativity elsewhere.

How to address: Build a culture of inclusion where everyone has a chance to share. Not every idea is great; in my career I’ve had more than my share of bad ones! But you should listen to and consider all opinions—even if they seem a little off the wall. It doesn’t mean you have to move them all forward, but sometimes an idea that sounds outlandish one day starts to make sense after a good night’s sleep. Or take a page from the women in the Obama administration and amplify ideas that have been overlooked.

Respect the hours

Not everyone can commit to a regular eight in the morning to six in the evening work week. Many people care for children, sick spouses, and elderly parents—being a caretaker is a skill in and of itself! In fact, this quality of being a caretaker is something that in most technology roles can be a valued asset. In addition to being a caretaker, others can’t work “regular” weeks because they’re finishing degrees or have other time challenges and commitments.

Varied approaches to time also apply to project milestones. People deal with deadlines differently—some get stressed if the deadline is too close (like me!) and do their work in advance, others need that adrenaline pump and wait until (almost) the last minute to deliver.

How to address: Institute and support flexible work hours, job sharing (two people share the same job, both doing it half-time), or three weeks on/one week off work schedules that enable people to contribute without requiring them to keep the same hours as everyone else. Trust that people can be productive even if they don’t work the same way or at the same time as your typical employee.

To build a diverse, experienced team of leaders, you need an environment that supports and accepts differences of all kinds. Don’t let bias about gender, appearance, or the hours someone can work get in the way of nurturing all those great hires into the next generation of great leaders. Our senior director for our cybersecurity operations team, Kristina, looks for diversity as this helps with managing the diversity of threats. Listen to her thoughts on diversity in our CISO Spotlight Episode 7.

What’s next

For those interested in how to find more diverse talent, next week Theresa Payton will share ideas from her experience recruiting girls, women, and other people with differing backgrounds into technology.

In the meantime, bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. To learn more about our Security solutions visit our website. Or reach out to me on LinkedIn or Twitter.

Go to Original Article
Author: Microsoft News Center

For Sale – Epson A3 duplex inkjet/scanner/fax – WF-7710DWF – brand new, never opened

I’d like to table an offer of £80 including delivery (slowest and/or cheapest is fine)
Thanks
Glen

Go to Original Article
Author:

For Sale – EVGA GTX 1070 FTW

I’d like so sell my trusty EVGA GeForce GTX 1070 FTW 8GB. It was bought from Scan almost 2 years ago (21 Sep 2016) and was registered with EVGA.

The card has never been overclocked and runs very quiet. Reason for selling is that I’ve moved to a 4k monitor and want something more powerful. Original box will be included.

Price and currency: £300
Delivery: Delivery cost is included within my country
Payment method: BACS/PPG
Location: Ipswich
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – EVGA GTX 1070 FTW

I’d like so sell my trusty EVGA GeForce GTX 1070 FTW 8GB. It was bought from Scan almost 2 years ago (21 Sep 2016) and was registered with EVGA.

The card has never been overclocked and runs very quiet. Reason for selling is that I’ve moved to a 4k monitor and want something more powerful. Original box will be included.

Price and currency: £300
Delivery: Delivery cost is included within my country
Payment method: BACS/PPG
Location: Ipswich
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Fixing Erratic Behavior on Hyper-V with Network Load Balancers

For years, I’d never heard of this problem. Then, suddenly, I’m seeing it everywhere. It’s not easy to precisely outline a symptom tree for you. Networked applications will behave oddly. Remote desktop sessions may skip or hang. Some network traffic will not pass at all. Other traffic will behave erratically. Rather than try to give you a thorough symptom tree, we’ll just describe the setup that can be addressed with the contents of this article: you’re using Hyper-V with a third-party network load balancer and experiencing network-related problems.

Acknowledgements

Before I ever encountered it, the problem was described to me by one my readers. Check out our Complete Guide to Hyper-V Networking article and look in the comments section for Jahn’s input. I had a different experience, but that conversation helped me reach a resolution much more quickly.

Problem Reproduction Instructions

The problem may appear under other conditions, but should always occur under these:

  • The network adapters that host the Hyper-V virtual switch are configured in a team
    • Load-balancing algorithm: Dynamic
    • Teaming mode: Switch Independent (likely occurs with switch-embedded teaming as well)
  • Traffic to/from affected virtual machines passes through a third-party load-balancer
    • Load balancer uses a MAC-based system for load balancing and source verification
      • Citrix Netscaler calls its feature “MAC based forwarding”
      • F5 load balancers call it “auto last hop”
    • The load balancer’s “internal” IP address is on the same subnet as the virtual machine’s
  • Sufficient traffic must be exiting the virtual machine for Hyper-V to load balance some of it to a different physical adapter

I’ll go into more detail later. This list should help you determine if you’re looking at an article that can help you.

Resolution

Fixing the problem is very easy, and can be done without downtime. I’ll show the options in preference order. I’ll explain the impacting differences later.

Option 1: Change the Load-Balancing Algorithm

Your best bet is to change the load-balancing algorithm to “Hyper-V port”. You can change it in the lbfoadmin.exe graphical interface if your management operating system is GUI-mode Windows Server. To change it with PowerShell (assuming only one team):

There will be a brief interruption of networking while the change is made. It won’t be as bad as the network problems that you’re already experiencing.

Option 2: Change the Teaming Mode

Your second option is to change your teaming mode. It’s more involved because you’ll also need to update your physical infrastructure to match. I’ve always been able to do that without downtime as long as I changed the physical switch first, but I can’t promise the same for anyone else.

Decide if you want to use Static teaming or LACP teaming. Configure your physical switch accordingly.

Change your Hyper-V host to use the same mode. If your Hyper-V system’s management operating system is Windows Server GUI, you can use lbfoadmin.exe. To change it in PowerShell (assuming only one team):

or

In this context, it makes no difference whether you pick static or LACP. If you want more information, read our article on the teaming modes.

Option 3: Disable the Feature on the Load Balancer

You could tell the load balancer to stop trying to be clever. In general, I would choose that option last.

An Investigation of the Problem

So, what’s going on? What caused all this? If you’ve got an environment that matches the one that I described, then you’ve unintentionally created the perfect conditions for a storm.

Whose fault is it? In this case, I don’t really think that it’s fair to assign fault. Everyone involved is trying to make your network traffic go faster. They sometimes do that by playing fast and loose in that gray area between Ethernet and TCP/IP. We have lots of standards that govern each individually, but not so many that apply to the ways that they can interact. The problem arises because Microsoft is playing one game while your load balancer plays another. The games have different rules, and neither side is aware that another game is afoot.

Traffic Leaving the Virtual Machine

We’ll start on the Windows guest side (also applies to Linux). Your application inside your virtual machine wants to send some data to another computer. That goes something like this:

  1. Application: “Network, send this data to computer www.altaro.com on port 443”.
  2. Network: “DNS server, get me the IP for www.altaro.com”
  3. Network: “IP layer, determine if the IP address for www.altaro.com is on the same subnet”
  4. Network: “IP layer, send this packet to the gateway”
  5. IP layer passes downward for packaging in an Ethernet frame
  6. Ethernet layer transfers the frame

The part to understand: your application and your operating system don’t really care about the Ethernet part. Whatever happens down there just happens. Especially, it doesn’t care at all about the source MAC.

lb_out_traffic

Traffic Crossing the Hyper-V Virtual Switch

Because this particular Ethernet frame is coming out of a Hyper-V virtual machine, the first thing that it encounters is the Hyper-V virtual switch. In our scenario, the Hyper-V virtual switch rests atop a team of network adapters. As you’ll recall, that team is configured to use the Dynamic load balancing algorithm in Switch Independent mode. The algorithm decides if load balancing can be applied. The teaming mode decides which pathway to use and if it needs to repackage the outbound frame.

Switch independent mode means that the physical switch doesn’t know anything about a team. It only knows about two or more Ethernet endpoints connected in standard access mode. A port in that mode can “host” any number of MAC addresses;the physical switch’s capability defines the limit. However, the same MAC address cannot appear on multiple access ports simultaneously. Allowing that would cause all sorts of problems.

lb_broken_si_traffic

So, if the team wants to load balance traffic coming out of a virtual machine, it needs to ensure that the traffic has a source MAC address that won’t cause the physical switch to panic. For traffic going out anything other than the primary adapter, it uses the MAC address of the physical adapter.

lb_good_si_traffic

So, no matter how many physical adapters the team owns, one of two things will happen for each outbound frame:

  • The team will choose to use the physical adapter that the virtual machine’s network adapter is registered on. The Ethernet frame will travel as-is. That means that its source MAC address will be exactly the same as the virtual network adapter’s (meaning, not repackaged)
  • The team will choose to use an adapter other than the one that the virtual machine’s network adapter is registered on. The Ethernet frame will be altered. The source MAC address will be replaced with the MAC address of the physical adapter

Note: The visualization does not cover all scenarios. A virtual network adapter might be affinitized to the second physical adapter. If so, its load balanced packets would travel out of the shown “pNIC1” and use that physical adapter’s MAC as a source.

Traffic Crossing the Load Balancer

So, our frame arrives at the load balancer. The load balancer has a really crummy job. It needs to make traffic go faster, not slower. And, it acts like a TCP/IP router. Routers need to unpackage inbound Ethernet frames, look at their IP information, and make decisions on how to transmit them. That requires compute power and time.

lb_router_hard

If it needs too much time to do all this, then people would prefer to live without the load balancer. That means that the load balancer’s manufacturer doesn’t sell any units, doesn’t make any money, and goes out of business. So, they come up with all sorts of tricks to make traffic faster. One way to do that is by not doing quite so much work on the Ethernet frame. This is a gross oversimplification, but you get the idea:

lb_router_easy

Essentially, the load balancer only needs to remember which MAC address sent which frame, and then it doesn’t need to worry so much about all that IP nonsense (it’s really more complicated than that, but this is close enough).

The Hyper-V/Load Balancer Collision

Now we’ve arrived at the core of the problem: Hyper-V sends traffic from virtual machines using source MAC addresses that don’t belong to those virtual machines. The MAC addresses belong to the physical NIC. When the load balancer tries to associate that traffic with the MAC address of the physical NIC, everything breaks.

Trying to be helpful (remember that), the load balancer attempts to return what it deems as “response” traffic to the MAC that initiated the conversation. The MAC, in this case, belongs directly to that second physical NIC. It wasn’t expecting the traffic that’s now coming in, so it silently discards the frame.

That happens because:

  • The Windows Server network teaming load balancing algorithms are send only; they will not perform reverse translations. There are lots of reasons for that and they are all good, so don’t get upset with Microsoft. Besides, it’s not like anyone else does things differently.
  • Because the inbound Ethernet frame is not reverse-translated, its destination MAC belongs to a physical NIC. The Hyper-V virtual switch will not send any Ethernet frame to a virtual network adapter unless it owns the destination MAC
  • In typical system-to-system communications, the “responding” system would have sent its traffic to the IP address of the virtual machine. Through the normal course of typical networking, that traffic’s destination MAC would always belong to the virtual machine. It’s only because your load balancer is trying to speed things along that the frame is being sent to the physical NIC’s MAC address. Otherwise, the source MAC of the original frame would have been little more than trivia.

Stated a bit more simply: Windows Server network teaming doesn’t know that anyone cares about its frames’ source MAC addresses and the load balancer doesn’t know that anyone is lying about their MAC addresses.

Why Hyper-V Port Mode Fixes the Problem

When you select the Hyper-V port load balancing algorithm in combination with the switch independent teaming mode, each virtual network adapter’s MAC address is registered on a single physical network adapter. That’s the same behavior that Dynamic uses. However, no load balancing is done for any given virtual network adapter; all traffic entering and exiting any given virtual adapter will always use the same physical adapter. The team achieves load balancing by placing each virtual network adapter across its physical members in a round-robin fashion.

lb_si_hp

Source MACs will always be those of their respective virtual adapters, so there’s nothing to get confused about.

I like this mode as a solution because it does a good job addressing the issue without making any other changes to your infrastructure. The drawback would be if you only had a few virtual network adapters and weren’t getting the best distribution. For a 10GbE system, I wouldn’t worry.

Why Static and LACP Fix the Problem

Static and LACP teaming involve your Windows Server system and the physical switch agreeing on a single logical pathway that consists of multiple physical pathways. All MAC addresses are registered on that logical pathway. Therefore, the Windows Server team has no need of performing any source MAC substitution regardless of the load balancing algorithm that you choose.

lb_stdlacp

Since no MAC substitution occurs here, the load balancer won’t get anything confused.

I don’t like this method as much. It means modifying your physical infrastructure. I’ve noticed that some physical switches don’t like the LACP failover process very much. I’ve encountered some that need a minute or more to notice that a physical link was down and react accordingly. With every physical switch that I’ve used or heard of, the switch independent mode fails over almost instantly.

That said, using a static or LACP team will allow you to continue using the Dynamic load balancing algorithm. All else being equal, you’ll get a more even load balancing distribution with Dynamic than you will with Hyper-V port mode.

Why You Should Let the Load Balancer Do Its Job

The third listed resolution suggests disabling the related feature on your load balancer. I don’t like that option, personally. I don’t have much experience with the Citrix product, but I know that the F5 buries their “Auto Last Hop” feature fairly deeply. Also, these two manufacturers enable the feature by default. It won’t be obvious to a maintainer that you’ve made the change.

However, your situation might dictate that disabling the load balancer’s feature causes fewer problems than changing the Hyper-V or physical switch configuration. Do what works best for you.

Using a Different Internal Router Also Addresses the Issue

In all of these scenarios, the load balancer performs routing. Actually, these types of load balancers always perform routing, because they present a single IP address for the service to the outside world and translate internally to the back-end systems.

However, nothing states that the internal source IP address of the load balancer must exist in the same subnet as the back-end virtual machines. You might do that for performance reasons; as I said above, routing incurs overhead. However, this all a known quantity and modern routers are pretty good at what they do. If any router is present between the load balancer and the back-end virtual machines, then the MAC address issue will sort itself out regardless of your load balancing and teaming mode selections.

Have You Experienced this Phenomenon?

If so, I’d love to hear from you. What system did you experience it happening? How did you resolve the situation (if you were able)? Perhaps you’ve just encountered it and arrived here to get a solution – if so let me know if this explanation was helpful or if you need any further assistance regarding your particular environment. The comment section below awaits.

For Sale – Zotac GeForce GTX770

Zotac GTX770 2GB, had it a few years and just upgraded to a 1050Ti.

Due to its size and weight I’d rather it was collected in person.

Price and currency: 45.00
Delivery: Goods must be exchanged in person
Payment method: Cash
Location: Manchester
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – MacBook Air.

hello

I’d like a MacBook Air. 350

Pick up in or around London preferred

Location: LONDON

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Zotac GeForce GTX770

Zotac GTX770 2GB, had it a few years and just upgraded to a 1050Ti.

Due to its size and weight I’d rather it was collected in person.

Price and currency: 45.00
Delivery: Goods must be exchanged in person
Payment method: Cash
Location: Manchester
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Zotac GeForce GTX770

Zotac GTX770 2GB, had it a few years and just upgraded to a 1050Ti.

Due to its size and weight I’d rather it was collected in person.

Price and currency: 45.00
Delivery: Goods must be exchanged in person
Payment method: Cash
Location: Manchester
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Zotac GeForce GTX770

Zotac GTX770 2GB, had it a few years and just upgraded to a 1050Ti.

Due to its size and weight I’d rather it was collected in person.

Price and currency: 45.00
Delivery: Goods must be exchanged in person
Payment method: Cash
Location: Manchester
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.