All posts by philipsymons

Making SENSE OF M365 Sharepoint

Sharepoint was well known as difficult to administer on an “on-premises” server. So prior to the advent of a cloud-based version of Sharepoint, a small organisation with a need for a searchable location for internal content would be looking elsewhere.

I found that Dokuwiki was a good alternative. It’s simple and reliable, but with some drawbacks:

Although it’s really quite easy to edit, people aren’t familiar. Unless they’re enthusiasts they won’t take time to learn how. So my hopes that the wiki would become a “one stop shop” for the organisation began to fade.

Added to that, the “look and feel” of Dokuwiki is plain and simple – which I like, it’s easier to scan. Unfortunately, general users are more likely to use a wiki that’s attractive to the eye.

The cost of Dokuwiki (free) was a big plus point, but even a basic Microsoft 365 business package now offers Sharepoint along with other essentials, so the saving is much less than previously.

What tipped me over the edge in deciding to migrate to Sharepoint was the fact that it’s written in PHP. This is a language I disliked from the first time I saw it. Many important web sites are written in PHP, so it doesn’t mean that Dokuwiki’s reliance on PHP really is a problem of course; it was more about my strategy for a small company, favouring “one stop shop”, over “best of breed”. If I can get Doku admin and security updates off my todo list, it’s more efficient, although there’s definitely a lot to learn before working with M365 is second nature.

This blog is for reference and will cover some of the basics. It’s a work in progress, which I’ll add to and correct as I gain experience with M365 Sharepoint. Here’s an intro to Sharepoint wikis.

Here’s the first draft of a collection of links on the various bits of MS365 Sharepoint:

About admin roles

Web Site
Create a Site

Team Site (or team collaboration site)

Communication Site
(More for communication than collaboration)
Use the SharePoint team collaboration site template

Home Site
A home site is a SharePoint communication site that you create and set as the top landing page for all users in your intranet.
(using the GUI)
How to make any SharePoint page the new homepage
(using PowerShell)
Connect to all Microsoft 365 services in a single PowerShell window
Get started with SharePoint Online Management Shell

Site Page
This is like a web page, more compex than a Wiki Page

Wiki Page
The wiki page is simpler and compact. A collection of links doesn’t take up much space, so it can be scanned more easilyh

Web Part Page

Web Parts
Using web parts on SharePoint pages

Teams/Channels
Channels belong to teams, they’ll be based on a topic that the team needs to discuss.

Sharepoint Apps
Knowledge Base
Document Libraries

Security
Multi-Factor Authentication

Documents are files that you can store in OneNote

Email
Configure mailboxes
Microsoft 365 admin centre > …Show All> Exchange Admin Center>Mailboxes

About shared mailboxes

Microsoft Teams
Note: it appears Firefox doesn’t support MS Teams, an alternative browser must be used.
Manage Meetings
May receive an error if third-party cookies are blocked:
Microsoft Teams is stuck in a login loop in Edge, Internet Explorer or Google Chrome

The Microsoft Exchange Server Attack

How serious is it?

The attack has been going on for some time, and the fix for it was only issued recently. The advice is that companies running the software targeted by this attack should assume it was successful. In other words, there’s not much gain in trying to find out whether the malicious files are in the system, they probably are.

The focus should be on fixing the problem. Unfortunately once the hackers are into a system they can do lots of things to make it harder to remove or disable their malicious software. So this story will run for some time.

What software is affected?

This Bulletin from Microsoft lists a number of versions of Microsoft Exchange Server with the problem.

Am I running this software?

If you’re a member of the public or a small organisation, unlikely. Email is probably a service you pay Google, Microsoft, or some other company to provide. They fix any problems.

If you ran Microsoft Exchange Server, you’d need an extra physical computer (server) somewhere. If there was a problem with your email, you’d have to reboot it, change some settings, install software or something similar. So it’s server software, for organisations that provide an email service.

Members of the public are email service clients. They don’t need server software.

Does it affect me?

If you’re not running the software it doesn’t mean that you can’t be affected.

You probably send and receive emails to and from many companies. Many of them don’t run Microsoft Exchange Server because it’s much easier to pay someone like Microsoft to provide email services, but there’s work involved in switching from “on premises” (your own machine) to the “cloud” (a service provided to you).

Some companies haven’t got round to that, or prefer to have control of the service by running it on their own computer.

Breaking into the email systems of these companies will give the attackers lots of data, which could mean that you start receiving spam emails. Links in those emails might contain links to malicious “phishing” sites that look like web sites you already use. The email might contain an attachment that will damage your computer.

If the attacker is able to capture more data about you than just your email address, they could launch a “spear phishing” attack. This means adding more details to the email to gain your trust. They could make the email look like it’s come from someone you know, and the message may contain genuine information to convince you that it’s not a scam.

What can I do?

Suspect all incoming emails, even when they seem to be from someone you know. We received a dodgy-looking message recently. We Googled the text from the message and it was very similar to a scam that’s doing the rounds. We then tested it using VirusTotal, a free service owned by Google that will run more than 80 scanners over a link (testing attachments is a bit more complicated than I can deal with here, but also worth looking at). Here’s what we saw:

So we never visited the malicious site, we knew it definitely was a scam.

Does it affect Microsoft themselves?

The news story is about on-premises users of Microsoft Exchange Server, not about Microsoft’s email services. As far as I know they are not affected, and with their resources they’re much harder to beat than private companies. There’s little you could do about that and no real point in worrying.

So what do you know about this?

I’m a developer not a security specialist, but I’m fairly well informed about security. This blog post is written for a general audience, which is why there’s not much technical detail. If that’s what you want you’ll need to read what Microsoft has to say and consult the usual security blogs and podcasts.

Fake Reviews

A lot of of buying choices are based on reviews from TripAdvisor, Amazon, etc.. Some of these are fake. One journalist highlighted the problem by writing fake restaurant reviews for his garden shed. He managed to get his shed the top rating for any London restaurant!

Online companies make efforts to detect fake reviews, but tricksters improve their skills. No-one has yet won this war so if you’re buying something important you need to think about whether you can trust the reviews. How can you tell if they’re fake? There are tips in the articles linked below. But first…

You might want to speed things up with automated tools. Paste the web address into the box and they’ll run tests and give it a rating. (NB: These sites were recommended in the CNBC article linked below but I also ran VirusTotal over them and they tested clean).

FakeSpot.Com handles TripAdvisor, Amazon and a couple of other sites.

ReviewMeta.Com gives you a lot of information and explanation as to how the figures are arrived at. It seems to handle Amazon only.

You’ll need to get used to these tools. Running the same web address through both will give you a good comparison. Perhaps one of them is often more negative than the other. Test a few products or services that you’ve been happy with and where you’re confident that the rating is accurate. Remember this isn’t an exact science. Try pasting this link (to a Galaxy S9 Glass Screen Protector) into both engines:

https://www.amazon.com/dp/B07B9W9DN8/ (the address comes from the BuzzFeed article linked below)

Amazon currently shows only 2 reviews, while at the time of writing Fakespot shows 642. This probably means Amazon have recently taken down nearly all the reviews, and Fakespot are displaying the result of a test they ran earlier. The ReviewMeta result agrees with Amazon, listing only two reviews. Here’s another one with less extreme results: https://www.amazon.com/gp/product/B074SJV133/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1#customerReviews

Both sites show an adjusted score after removing the reviews they think are fake. If you’re using the sites to help you make decisions, use your judgment to decide how much you’ll rely on the adjusted scores.

Perhaps you want to do the job yourself instead of using the online checkers. The consumer magazine “Which?” provides tips on what to look for: The facts about fake reviews. Which? also check on customer reviews when they write up articles on individual products. You may be able to find Which? at your reference library. Here’s a direct link to the podcast from the article: Alex Neill, Which? Managing Director of Home Products and Services, on Nick Ferrari’s LBC show to discuss fake reviews

… and one more article: Amazon has a problem with fake reviews — here’s how holiday shoppers can avoid falling for them (CNBC.COM)

Background

This Daily Mail article refers to a claim by Fakespot, and also include a statement from TripAdvisor in answer to it:
‘One in three TripAdvisor reviews is fake’: Hotels are accused of trying to manipulate their ratings on the site by paying third parties to give five-star write-ups and rubbish their rivals (Daily Mail)

Deep Dive

Buzzfeed: Inside Amazon’s Fake Review Economy

Reply All Podcast #124: The Magic Store This 2018 podcast is about one woman’s experience with an unsatisfactory product she bought on Amazon. It goes deeper into the methods some merchants use to get unfair advantages on Amazon. Please note:There is occasional swearing in the ReplyAll podcast series and if you are culturally conservative you may find some of the conversation offensive.

Fake News (and you)

The creator of fake news wants to influence you. They often hide why they’re trying to persuade you.

They tell deliberate lies – or take no trouble to check the facts. Or maybe the words are true if you read them very carefully, but the facts chosen are unbalanced. You only hear one side of the story so you get a false impression.

Start the Fightback

You don’t even have to get out of your chair. Part of the fake news problem is the attitude of people reading it. Try to be more sceptical about news generally.

According to the Oxford Dictionary a sceptic is: “One who maintains a doubting attitude”.  We shouldn’t believe news just because it’s exciting or shocking. We run a few tests in our head. What kind of questions should we ask? Librarians should able to offer good advice. The International Federation of Library Associations and Institutions has published what you see below.

How to spot fake news
Find a list of other language versions here

Next time you see something sensational you might want to check it against the chart and see whether it passes the tests. What else can help?

Try listening to all sides of an argument, especially if you hold a strong opinion. Even if it doesn’t change your point of view, knowing why others think differently will help you to be clearer on your reasons for thinking as you do.

Of course, you’re not guaranteed to get to the truth that way. Everyone may be distorting the facts even if they don’t mean to. Fact-checking websites may help. These are often run by charities and try to be unbiased (although no human can be completely unbiased).

Fact Checking

British

Full Fact is the UK’s independent factchecking charity
Channel 4: FactCheck
Independent: Fake News

International

FactCheck.Org
Snopes: What’s New
KnowYourMeme.Com

Other programmes and web content don’t provide fact-checking services but claim to get to the real story behind all the politics and propaganda, so they’re worth a look:

Science

SenseAboutScience.Org
What eight years of writing the Bad Science column have taught me (Ben Oldacre)

Listen/Watch

BBC Radio 4: More Or Less

Twitter

Of course, Twitter has a special place in fake news, but deciding what to believe is no different from anywhere else. Just a note about the “Twitter Verified Account” tick mark. It means Twitter has checked that this person really is who they say they are. It doesn’t mean that everything they tweet is true.

Repeat Offenders

Since you can’t spend all your time fact-checking it’s helpful to improve the quality of news you see. If you find that a site has a bad reputation, you can stay away from it.
List of Fake News Web Sites

Explaining it to the Next Generation

These skills will benefit your kids for life, so here are a few things you could show them (They’re for very young kids and don’t have any sound. I’ll post something better when I find it):
Who Writes the Internet Anyway?
Don’t jump to conclusions, #AskforEvidence
It’s ok to #AskforEvidence

Deep Dive

If you want to go deeper into this topic, here are a couple of deep dives:
Podcast: The Ugly Truth (Sense About Science at the British Library)
Editorial: Sky Views: Facebook’s fake news threatens democracy

Fact Checking

Sky

GDPR — The Getting Started

THE GENERAL DATA PROTECTION REGULATION TAKES EFFECT on 25 May of this year. When we hit that deadline, you won’t comply. That’s what a senior lawyer told the audience at an event I attended. What he meant was that businesses generally won’t be able to get the changes done by the time GDPR comes into force.

The Regulations will affect all organisations to some degree. I can imagine several reactions. The truly awful manager might sit back and relax. “Well, if everybody else is going to have big problems complying with the regulations, we’re just one in the crowd. No need to rush!”

Even a sincere manager might be paralysed by the size of the job: “Should I get legal advice?”, “Do I need to employ an expert in security?”, “How can I run the business while all this work is going on?”.

A better approach would be to treat the big demands of GDPR as a good reason to get started. After all, even if you’re not compliant by the deadline, the effort you’ve put in to move in the right direction could make the difference between a slap on the wrist from the regulator and having the book thrown at you. “But they won’t be able to prosecute everyone”: no of course they won’t, but they will prosecute someone, and under the regulations it’ll be possible for those who’ve had a bad experience with your company to report you for any mishandling of their data.

Another point: why think about GDPR only in terms of avoiding prosecution? While it’s true that new regulations often fail to achieve much and just add paperwork, think about what you’re required to do under GDPR. Shouldn’t we have been doing a lot of it anyway?

Could it be a great opportunity? Get your organisation compliant, then tell everyone. Awareness of data rights and of cyber-security are only going to increase. Meanwhile your non-compliant competitors may get whacked by the new fines that GDPR brings in. The best manager will start now and keep going.

Book Review:- The Four, Scott Galloway (ISBN 9780735213654)

A COMMENT ON THE COVER OF THIS BOOK states that you’ll never look at Amazon/Apple/Facebook/Google the same way again, which is true. Galloway brings out the corporate personality of each company. Unlike many business books he tells you things you couldn’t have worked out for yourself.

The section on Apple is notable for the way he recasts Steve Jobs as a marketing genius who transformed Apple from a technology to a luxury company, going against the conventional thinking about distribution: “Jobs understood, as none of his peers did, that whereas content, even commodity products, might be sold online, if you wanted to sell electronics hardware as premium-priced luxury items, you had to sell them like other luxury items”, with a bricks and mortar retail presence.

You may remember the portentous TED presentation asserting that Apple’s success was because the motivation of their people (The “Why”) communicated itself to customers. This was never very convincing, and it was always hard to find other companies whose success could be explained the same way. I’m grateful to Professor Galloway for showing that, although the Apple story is unparallelled, it’s a triumph of marketing, not a semi-spiritual journey.

What’s Amazon’s core competence? The conventional business book would cite the operational capabilities, engineering or brand. For Galloway, the reason is “…its appeal to our instincts. The other wind at its back is a simple, clear story that has enabled it to raise, and spend, staggering amounts of capital”.

He has plenty of comment on the other two companies, and the book is full of quotable phrases, but the real value is the way he puts the elements together. For example, in the mass marketing funnel he says that Facebook is in the high position: “It suggests the ‘what’, while Google supplies the ‘how’ and Amazon the ‘when’ you will have it.”

A growth investor will find this book helpful in deciding whether the valuations of these companies are an accurate reflection of their future prospects. There’s an equally useful survey of contenders like Microsoft, Tesla and Walmart.

Professor Galloway appears from time to time on the Bloomberg Surveillance programme and his book was Surveillance Book of the Year.

https://www.bloomberg.com/news/audio/2017-12-04/surveillance-book-of-the-year-galloway-s-the-four

The clip is worth listening to as Galloway suggests that there’s a possibility that these companies will be broken up by the government. I didn’t see that in the book and it’s something else that investors will need to think about. You’ll also note that Mr. Galloway doesn’t use the “F-word” on Bloomberg. In the book he doesn’t seem to be able to manage without it, which is irritating.

Distill Your Message for Maximum Strength

NINETEENTH-CENTURY CIVIL SERVICE EXAMINATIONS IN CHINA were so difficult that they played an indirect part in the death of more than twenty million people. Hong Xiuquan failed them repeatedly. Finally he had a breakdown, and instead of working for the Qing emperor, he lead the Taiping rebellion.

Among the requirements, candidates had to write poetry. One sardonic business writer saw an advantage to this: “It was known, finally, that it is virtually impossible to find an order of merit among people who have been examined in different subjects. Since it is impracticable to decide whether one man is better in geology than another man in physics, it is at least convenient to be able to rule them both out as useless.”

It occurs to me that the ability to write poetry may not have been such an odd qualification for a civil servant. If the poetry had to be flowery and verbose it wouldn’t help, but the skill of writing something like haiku could definitely be useful for communication, not just in government but in any organisation, and especially when talking to customers.

Less Is More
Being able to find words that evoke feelings is a talent that not everyone possesses. Another skill in short form poetry (which can be learned) is to throw out words that don’t add anything. Compare it to a distillery. At the beginning of the distillation process, there’s a lot of water in the mix. As it is removed, the whiskey gets stronger.

We get older and learn to handle “ten dollar” words. We know how to build long complicated sentences. We’re tempted to display our skill, but writing is like playing a musical instrument. Just because you can fill the air with notes doesn’t mean you should. What’s left out often makes the difference.

So it’s as simple as that? Was there really a story here? Well, if your writing doesn’t have the magic of poetry, perhaps it’s “anti-poetry”, unmusical and prosaic, repelling your readers instead of attracting them. If you don’t pay attention to your writing style, you could get into the habit of using jargon (as distinct from technical terms which have to be used in specialist fields). Jargon replaces ordinary words. It sounds more impressive – that’s the purpose – but doesn’t add meaning.

Words Beat Jargon
If you’re busy, do you really have to talk about “bandwidth”? Is there any need for the word “ideation” – do we get ideas nowadays in some new way that can’t be expressed in English? No – and yes, if you search other posts in this blog you may find that I’m guilty of jargon too – we all have to prune it back constantly. Jargon impresses naïve hearers or readers, but others will be annoyed. Some will wonder whether you’re covering up your insecurity. Why alienate part of your audience? Showing off with words is like showing off your money – it can be fun but it won’t make you real friends.

The more you distill your message the stronger it will be.