Upgrading the Lenovo ThinkPad L380 Yoga to Win11 – the somewhat different Windows

Windows 11 is finally here! And it somewhat brings a mixture of vibes from Mac OS and Linux whit it. I asked myself, if the new OS from Microsoft that nobody asked for could run on my three-year-old Lenovo ThinkPad L380 Yoga that I mainly use for coding, blog writing and other tech stuff. So, without thinking too much about the consequences, I gave it a shot… and was quite surprised about the outcome.

At the time of this writing, Microsoft officially released Win 11 but did not kick off the rollout for all PC models. The older your PC is, the longer you probably must wait to be able to update via the normal settings menu. But hold up, if you want to update right now, you can go another fairly easy way. On Microsoft’s website you can get the installer from the “downloads” section and the just execute it on your PC. If you want to check if your PC is capable of running Win 11 before making the switch, you can download a software that checks on that too.

I already knew from a list that Lenovo provided that my laptop is supported for Windows 11, so I just went straight for the installation. The whole process took round about an hour in my test and finished without issues. All my data was still at its place and the new Win 11 desktop layout was catching my eyes.

Let’s be honest, I’m a windows girl, and I became friendly with Linux over the years, but I never had the money or reason to use a mac. But unfortunately, I really love the style of the apple mac OS… And with Microsoft bringing new graphics with Windows 11 let’s start with the most obvious but also must unimportant thing first: the design.

The design

At the first look, the new design remembers me strongly of the mac OS design. Its softer than its precursor and overall, more centered. Window corners are rounded and the taskbar as well as for example the lock-screen clock is centered to the mid instead of a left-oriented alignment. The status-icons remain in the right bottom corner but are new arranged and to me it feels like that’s the first functional change in design. When using Windows 11 it felt like the status-icons and messages are easier to access now and I’m less likely ignoring them like I did on Windows 10. Another alteration to the taskbar is that they removed the option to snap it to the left, right or upper edge of the screen. I was especially annoyed by this because the Lenovo L380 Yoga is a convertible device, and I had the taskbar configured to the top of the screen as I tended to move around the icons on the taskbar with my wrist while writing on the screen. But to my surprise: I couldn’t reconstruct that problem while testing on Win 11 so I’m kind of fine with having the taskbar back on the bottom screen edge. Also, Microsoft did a few changes to the settings menu. The main categories stayed but a few rearrangements of the panels and options makes it way easier to orientate and navigate. And I really like this because if I don’t want to play around with my tec, I just want it to be easy and functional. 

 

Aside of this, if you dig deeper into the OS, you meet the old designs again. As in Windows 10, the underlying layers like network-settings or the system controls got new icons but aside this, didn’t changed.

Ok, so the design is pretty neat, no tiles, nothing to special, just nice to look at, kind of clean and orientated on the key points what makes similar mac OS or Linux designs as good as they are. But how does it behave with the underlying functionality?

Over-all functionality

I was a little bit concerned with updating the laptop to Win 11 as it already had a little heat-problem under Win 10 and when I tortured it with Fusion 360 it was usable but far from a good experience. They told me that Win 11 is quiet a heavy OS and so I was prepared to maybe must downgrade back to Windows 10 after my tryout.      

But… I got really; I mean really really surprised! Not only that I can’t trace any bigger heat-problem than I had before, but it might even have gotten a little better! I don’t know what leads to this, but it seems like the OS processes are more balanced now. Also, to my surprise, using Fusion 360 got way smoother under Windows 11. You still can go and cook coffee for the whole department while Fusion is starting on the L380 Yoga, but it actually is capable of moving 3D objects without workflow-interrupting frame drops. I’m honest, I was a little impressed. 

But enough of the good news, there need to be some bad once! And here they come:

It seems like some software integrations are not completely bug free yet. Starting with OS native things: sometimes the status-Icons don’t react probably. So, they sometimes just don’t do anything if I clicked them. That’s annoying and can make it really frustrating for now, but I expect Microsoft to fix issues like this soon as they belong to the typical childhood diseases of a new OS. It gets more complex when it comes to third party software. Since the upgrade, in some cases, a bug appears in Fusion 360 that disables the “orbit” functionality if you want to access it from the button. It’s still possible to use it via the shortkey combination but the button seams like not proper loaded or something. The issue is mostly resolvable by restarting Fusion but it never appeared before the Win 11 upgrade so this might be some small incompatibility.

However, most of the software I daily use runs without issues, and I think this will also get better as soon as Windows 11 becomes more common. Overall, the OS is usable for me as a daily productive tool so… good job on this Microsoft, I guess!

New Features and workflow-changing modifications

Some people might call me out for this but for me it actually is a big deal: being able to open a PowerShell directly through the context-menu after a right click without breaking my fingers on the shift key simultaneously. It just makes it a such easier workflow and also makes the PowerShell more present for people who aren’t as used to it and maybe gives it a less scary feeling.

In the design part I also already talked about the status-icons that got re arranged. It’s easier to get more done via this section and so I would name this another new likely feature.

Also oriented on other OS’s, Microsoft implemented the capability of using multiple desktops and being able to switch between them like between different work-settings. I’m sure this is a cool and productive feature and native users of other OS’s might get productive with it really quickly but as a Windows-kid I have my problems to get used to it until now… mainly, because I forget to use it.

Microsoft wouldn’t be Microsoft if it would not try to make us use more of it’s products (we remember how annoying getting asked to use edge was, after every good damn update…) and so we can find MS Teams in the shape of a chat bubble in the pre-set of taskbar-applications now. As I already use MS Teams for family intern communication, I’m quiet fine with that but I know at least a hand full of people who will replace this for sure.

Also predefined in the taskbar instead of the right bottom corner is the widgets field. This feature is what I really have the most problems with as I don’t understand it neither find it usable in any way. The thought of making news, the weather and the latest sports results visible in one overview is… nice. Yeah, I guess for the average home user this is what I would expect from a daily driver laptop OS but… why do I have to get it as a window from the taskbar? Is it something I don’t use right or is it just the way I would prefer it? For me, widgets like this need to be permanently and directly visible on the desktop so if I start up the PC, that is the first thing I see, if I close all my applications that is the last thing I see and why can’t I get them on my lock screen too?

So, am I going to keep it?

Definitely yes! Windows 11 is a daily usable OS. It is new and therefore has some childhood diseases what the reason is why I would not deploy it on critical machines or infrastructures jet. But it has quiet some advantages and if you are interested in it I can just recommend giving it a try!

 

Did you already have your hands on the new Windows 11? Did you maybe make a different experience? Feel free to share your thoughts on that down below!

Get it on your ears - my favorite podcasts around the web

From day one on I was a super bad listener at school. I always needed a visualisation for everything and never memorized facts that were only spoken out.

Because of that I never was interested in the world of podcasts until a colleague of mine brought it up and made me at least try it. I then realized that this might be an opportunity for me to train my brain a little bit on sound-content and I searched for a podcast that wasn’t packed too dense with facts. Over the time I collected a small list of podcasts I listen regularly to. Most of them are security-podcasts, all of them are tech-related.

 

Let’s have a look at what I found:

 

 

     Beers with Talos

The boys from ciscos talos intelligence group invite the listeners to a little hangout and chat about what they currently see around the web. Because of a big portion of humour and personal notes they make it some kind of a security - comedy show.   

 

-   Talos Takes

Talos Takes is another podcast from the cisco talos intelligence group. In contrast to beers with talos, it’s a short 5 – 10 minutes roundup of different topics with different guests every time “for everyone from the c-suite to the frontlines”. I prefer listening to this podcast for example while brushing my teeth or in short breaks between my lessons back when I was in vocational school. 

 

-   The Official Offensive Security Podcast

This is the official podcast from the dudes behind kali linux, the OSCP and so much more.

If you want to know about the latest news and insides about what’s up at offsec, this podcast is your place to go.

 

-   That‘s a Data Problem

…. is the podcast from splunk, for the splunkers. From organizational to technical topics, this podcast informs about what’s up in the splunk universe. For me this is the perfect podcast when I’m traveling for work.

“That’s a Data Problem” can be accessed via the official simplecast-site or the RSS-feed. As I prefer the google podcast app, I added the RSS-feed to google podcasts via the webside. I’m amazed by how smooth this works!  

 

-   #heiseshow

This podcast is for the German speaking people and kind of a tradition. Heise is a German tech-magazine that combines consumer with expert knowledge. I mainly listen to this podcast to know what’s up in the German tec community and to keep up to date with local events. Also, listening to something in my first language is an easy wake-up or “short before sleeping” podcast.

 

-   The WAN show

Most of you will know it… it’s the WAN show by linus and his people from linus tech tips. As this is for various reasons my most loved consumer IT-channel on YouTube, I love listen to the WAN show talks during hang-outs, while waiting for something or someone or when I’m out for a walk. Sometimes, as the WAN show is also recorded with video, a little imagination about what’s happening is required.

 

I hope you may found a show that fits you or maybe you have a recommendation what I should have an ear on?

Leave it in the commends!

Skills that helped me starting out as a Splunk-rookie

  

When I first got my hands on the Splunk cosmos, I quickly noticed that several topics and skills I learned in other fields could be more or less easily transferred to the Splunk environment. So I thought of my top skills and knowledges that help with getting started in Splunk.

1.      Imperative programming with C:

The Search Processing Language, short SPL, is the basic tool to search and filter through the collected data. Learning the SPL-syntax can be a challenging thing if writing commands to a pc is new to you.

But as I learned imperative programming with the C-language at university, I am able to deduce some knowledge like what functions are, how to modify them with options and how the logic behind the search operation works. If a feeling for the logic behind the SPL, that is quite like the C-language, is once evolved, building advanced and big searches become quite easy.

2.       Basic knowledge about statistics and behaviour of numbers:

As in Splunk it’s all about processing and analysing data, a lot of statistics and numbers are generated. Having a basic understanding of how numbers behave and how to correlate values to generate new insights is essential to work in the big data field at all but get’s even more important if you have a tool like Splunk that processes data from nearly any source. A major part of understanding comes with the experience of working with that data but having an imagination of the outcome makes creating the SPL-query much easier.  

3.       Linux-Operating System practical skills:

Splunk is a very heavy software as its main task is to process data. A lightweight operating system underneath can help to improve performance and get more power from your resources for Splunk. That’s why a major percentage of Splunk systems run on a Linux distro. To administer such a system, you’re not getting around configurations on the terminal. Knowing how to execute basic task in Linux bevor starting out on the first Splunk instance made it much easier for me to understand the Splunk related configurations and saved me from some mistakes for sure.

4.       Basic IT-knowledge in Networking, IT-Security and End-User behaviour:

To work with information, you need to know where it originates from. As most often, but not only, system information is processed, it is helpful to know the sources of the data you work with. Just as in 2. this is all about the understanding. The crucial point is to know what source delivers what peace of information and what that information pictures. A basic idea of a wide range of topics in the field makes understanding the details faster as soon as you need to.  

I guess with further processing and learning, I will realize more things that are useful in reference to Splunk. But for now, I leave it here, as my next step is just the power user certification.

1 year and 10 months to become an IT specialist for system integration and why this might have been the “time of my live” so far.

When I passed my A-level in 2017, the question what to do next had a clear answer to me: I would go to a university in a nearby town and study physics. I’d do my bachelor’s degree focused on astrophysics and then the master in astrophysics right away. Maybe I’d get a PhD and for sure I would end it all up in a research group for extra-terrestrial subjects.

Let me spoil you on this one: none of this happened, except me attending a university, “studying physics”. Why have I set that in quotation marks? Looking back, I’d not even say I really studied physics. Some people travel around the world, take gap years to chill at home or do several internships to find their way to go after school. Well, I went to university to find it. But I didn’t find my passion there, I found the realization that eating desert dry facts about the, still really cool, laws of physics just isn’t what makes me happy. Let me give you a short summary how I got to realize this.

In 2017, I didn’t question my decision to go to the university after school. Not even for a slightly second. Because it was all set for years already. Everyone around me talked about that slightly crazy redhead girl that for sure would make a big career in astrophysics. I never had a “plan B”, I never took a second to think about if I still want what grew in everyone’s head, above all my own one, for several years already. And so, I started my first semester studying physics, moved to the city of my university and ignored my first concerns that hit me even before it all really got rolling. The university offers a course that starts a few weeks in advance of the actual semester and is meant to help the “Erstis”, as the first semester students in Germany are called, getting an easier start at the university. From day one, I felt “wrong”, had problems to get together with the other students and to follow the format of a professor spending 90-120 minutes constantly writing on a blackboard – what really was a surprise for me, because in school I loved the teachers that didn’t came up with crap like groupwork and “discover yourself” but drew a clear and easy to follow line trough the topics by explaining it in front of the class. It would become better by time; I promised myself while my deficit got bigger and bigger from lecture to lecture. In Germany, finishing physics at a university without extra semesters isn’t quiet the normal case. It’s more like the upper few percent, also depends a little on the university. And my dump s**t a** managed to, without knowing, find the group of that upper percent and sticked to them. In a consequence I observed them showing of the best of performance while I realized that nearly every topic of all the lectures was hard for me to be exited about. Studying physics at my university can take up to 40 or even 50 hours a week, at least if you want to do it in the “regular” three years and are not gifted with a special talent. It sure is something that can fill out your live in a good way, but with my growing concerns if I really did choose what interests me enough to work a lifetime on it, my problems keeping on pace with the group and a few health issues that came up, the whole thing started to unravel faster and faster. After a year it was clear that I won’t finish these studies and I took a semester as a guest with the computer science people. This was my entry to coding. I started learning the C-language and realized that my real interest never was in physics but in the technology that comes with it these days. And I realized a second important thing: creating something real, not only as the result of a theoretical exercise, but a working real program, that got me motivated as hell.

With the ending of this semester, I had to ask myself: how do I want to move on? What is my new plan? Accepting that the journey I was absolutely sure of would be mine was the wrong one and also thinking of not studying at all was a hard pill to swallow. I couldn’t imagine it for a long time. In this messed up situation, I visited my hometown, sat down by the river with a wonderful view on the cities skyline and suddenly I felt like “It didn’t work out, so I am free to chose something entirely different, because now nobody expects anything concrete from me! I just need to keep going!”. On the way to my parents, I stopped at a bookstore and came across this big book that was meant to guide people in an apprenticeship to become IT specialists for system integration. I flipped through the pages and scanned the topics and immediately wanted to know how all of this works and what for awesome things, systems and possibilities are given for a person that knows all this.

Two weeks later I had sent a hand full of job applications. By this time, I already was a little late for the upcoming year of training, but I got lucky. Some companies didn’t fill all their capacities so far. Another two weeks later I signed the contract. It was official. By September I would start a whole different journey. One I didn’t plan as everything else in my life for month or years. One I choose from a “good feeling”. I was nervous, scared, and insecure. But I also looked forward to what I missed so badly at university: practical experience, structures and colleagues.

Initial I signed my contract for a normal three-year training. I sure had some experience but when I started my first week, I would not have been able to explain how the structure of an IP-address works. Luckily, the company I started at, begins the first year of training with courses to teach the basic topics. Every week, a different topic is taught by a different expert of the company in theoretical and practical exercises. Therefore, when the trainees attend to the different departments in the second and third year of training, they already know the basics and don’t have to “waist” time they could have used to get routine with the tasks by watching another person do it. The courses provide the content in a high density what made it effortful but also high effective and I personally loved every day for knowing I would learn a lot of new stuff I was really interested in. I also had my problems in the beginning, sure. We all came from different perspectives and with different prerequisites to this freshman year. It was not always easy or even possible to handle all needs equivalent. For me that meant I had to learn how to adjust myself to others or find workarounds in this situation.   

Parallel to the training at the company, in the most cases, apprentices in Germany also join a school class at a special school format that covers topics that come with starting in the world of employment like how the right of termination works, how do taxes effect my income etc… The school also provides basics in the main topics like IT systems and programming. But after only a few weeks, the training at my company went so far that I realized we are far ahead of what they teach us at school.

Personally, in this phase I evolved great friendships with the other apprentices from all three years and learned to know a lot of nice and always willing to help colleagues. The feeling of being part of a company, having people to ask for help and also responsibilities to fulfil made me feel like I’m doing something worth it. Also, seeing the progress of learning by being able to understand what my colleagues talk about and doing more and more tasks on my own every day gave me a good feeling even on hard or complicated days.

As the first year came to an end, according to the company training, I was so much ahead of the school’s topics, that the company offered me to skip the second year and attend the third one right away. On the one hand, this was a great opportunity as I lost time at university that I could regain here. On the other hand, I remembered my failure at university and was scared to get myself in trouble. Luckily, the older apprentice I got assigned as a mentor at the beginning of training made the same hop from the first to the third year and was able to give me some confidence. Also, hopping to the third year would mean to attend the school class of the apprentices I already spend my most time with, what was a nice side effect :D . I took the step.

Suddenly, I had to take the midterm exam and finals were no 12 months to go. I had to rethink the departments I wanted to visit and then I got involved in what lead me to my top interest today: an internal security project with one of the manufacturers the company partners with. As I always tended to the crime investigation scene, data analysis, threat hunting and digital forensics soon became my favourite topics. And then this “little” thing with the pandemic came up and send us all to the home office and school. And somehow looking back, I feel like this was the best that could have happened to me at this time. After I moved to a flat that offers enough space to work from home, self-organizing my stuff, most of the time doing the schoolwork on my own and in my own structure and pace was the best that ever happened. As we all are “computer people” we sure missed hanging out together or physically meeting at the coffee machine, but we connected digitally so nice that unlike all my concerns I never really felt alone. I created a discord server that became our social balance to sitting alone in front of a screen all day. We even have a place to join for coffee there! :D I would never fully want to give up the office, because on some topics, situations and personal requirements it still is unbeatable. But for me it is the hybrid stile to decide what is the best place to work from day by day. It makes me feel like I can manage both more flexible and therefor archive more at work and in my private life.

Working through my stuff, finals got closer. To pass the apprenticeship, three different parts of exams must be passed. First is a project that needs to be documented. Secondly, three written exams must be done. And finally, a presentation about the project following by an expert talk must be held. It was an extreme emotional roller-coaster. As I’m not completely free from exam nerves and if I really want something tend to unhealthy perfection, it was a stressful time. But then I passed the project and the three written exams (which btw. are held in one day with a 10-minute break between the 90- or 60-minutes exams. Yes, I was done with the world by the end of this.) and I was sitting in the foyer of my company, waiting for the examiner to pic me up for my final test. When I pass this test, my apprenticeship would be done. I would start the next day as a junior system engineer at the same company and what started one year and ten months before with only “a good feeling” would be no more than a memory. Looking out through the door I first stepped in not two years ago it felt like “that’s it? That’s all? That’s the end already?”. Even I was working on it for several month, finishing that day felt like super suddenly.

60 minutes later, it was done. I officially passed the final exams as an IT specialist for system integration. And I realized that I was so surprised about this sudden ending, because I absolutely made the right decision when I left the university to attend something that just “felt right”. Something that gave me practical experience, great colleagues and friends, the feeling of actually accomplishing something. I know, it’s just the base. The really basic starting point. Especially if I follow along my passion in infosec, I probably won’t avoid studying again. But for sure I won’t do this at a normal university and absolutely not in fulltime. The job environment gives me so much that dusty large lecture halls can’t. I love learning, but only if it enables me to use what I learn for something useful.

For now, I’m unbelievable happy that I can stay at my company and gain experience and training as a junior system engineer.

And this is, why I always would suggest everyone finishing school to rethink all opportunities. Sometimes, attending university might be what you love to do. Sometimes it might not lead you to what you really love to do. And sometimes attending university is the right decision to understand what you really want to do, outside of university. ;)      

Changes on the Feedburner add-on (E-Mail subscription for this blog will be retired!!!)

As blogger just made me aware of, according to the underneath added source, Google is making some huge changes to the Feedburner add-on, what will result in a shut-down of the “subscribe by E-Mail” feature:

https://developers.google.com/search/blog/2021/04/changes-to-feedburner

While I could export the subscriber-list and move it to another service, I decided to switch to google-blogger subscription only. As already offered until now, you can subscribe to this blog via your google account using the “follow” button on the righthand sidebar.

I decided to not switch to another E-Mail subscription service, as this would require moving subscriber’s data and I’m absolutely not comfortable with doing that.

After the changes on the Feeburner add-on are done, you will no longer be able to get notifications about news on my blog via this way. So please consider changing your subscription to follow via your google-account before July 2021.

Thx and see you on the web! :D

T3ss

My favorite websites around infosec

 As some of you might know, I’m heavily into the infosec topic and try to pick up as much as I can from this community. By the time I spend on it, I discovered a lot of websites that helped me dive into infosec. So here they are, my most used infosec websites!

 

Cisco Talos Blog

The Cisco Talos Intelligence Group is a Cisco associated group of researchers that hunt down and observe threats, offers whole drilldowns of malware and hosts webinars. They also upload two Podcasts, “Talos Takes” and “Beers with Talos”. Talos Takes is the perfect five-minute roundup of varying topics in infosec and Beers with Talos is exactly what the name promises: a casual funny round of security experts, hanging out and talking about what is up on their radar. Personally, I love waking up on a Saturday and listen to the newest Beers with Talos episode while drinking my first coffee of the day. I can also only recommend the weakly threat-newsletter! If you don’t have a lot of time to read security news (although it is an important part in infosec) this is the place to go to know everything you need.

https://blog.talosintelligence.com/

 

Try Hack Me

This is the perfect platform if you come with no infosec skill and want to build it up from scratch. The beginner labs start from the very bottom ground and while it does help to have basic understanding in information technology, the Try Hack Me rooms generally have a very guiding nature. Most of the labs also provide VM’s that can be deployed to practice on the topic and work out the quiz-answers to finish the room. Some rooms can be accessed for free while for others a premium subscription is needed. So far, for money reasons, I only have a free account, but I still have a lot of rooms on my agenda bevor I need to upgrade to premium.

https://tryhackme.com

 

Hack The Box

HTB is another learning- and playing ground for rising hackers. Next to the academy, what is really like the Try Hack Me platform but a little more challenging, they also provide “machines”. These are constantly changing challenges that are cycling through the platform and are designed to be done like an endless CTF-tournament. If you want to sign up for this part of the HTB-platform, the first challenge starts right there: you need to hack your way in to access the invite-code needed. By side of the academy and the machines, HTB also hosts various CTF-tournaments on their CTF-platform. Having fun in the HTB cosmos is the perfect thing if you have at least a basic level in IT and search for almost endless challenges and fun!

https://www.hackthebox.eu/

https://academy.hackthebox.eu/

https://app.hackthebox.eu

https://ctf.hackthebox.eu/

 

Virus Total – and almost every other threat-database

If blue-teaming is a thing to you, rich databases of threats and malware that was discovered recently is one of your main tools. Virus Total is an excellent example for a good resource to run searches if you came along something suspicious. You can search by URL, IP-address, domain or Hash and also run scans on URLs or submit malicious files to the DB. Virus Total can give you an overview of if the file was flagged malicious by AV-software and details other users discovered. A more advanced DB but under the same scope is the MITRE ATT&CK framework which provides a mass of information about threat-actors and their tactics and techniques.

https://www.virustotal.com/gui/

https://attack.mitre.org/