SAST 14

Today’s Short Attention Span Theater is not brought to you by disease or lack of sleep, it’s just an excuse to deal with my to-do pile.

First, a brief administrative note.

I will be attending the Scott Joplin Ragtime Festival at the end of the month. I’m not planning a book signing or any other formal event, but The RagTime Traveler will be available for sale*. Come on down to Sedalia, enjoy the music, pick up a book, and I’ll be delighted to sign it for you.

* Dad’s ragtime books, both fiction and non-fiction, will also be in the festival store. In my totally unbiased opinion, you need copies of all of those as well.

While I will take my laptop along, I don’t plan to write any blog posts. I’ll make sure to have a post for Friday, May 31–I don’t want to be responsible for riots caused by cat deprivation–but other than that expect silence between May 28 and June 4, with a return to the usual schedule on June 6.

Second, I’m a little disturbed to discover that El Sobrante* is more dangerous than I’d thought.

* For those unfamiliar with the Bay Area, El Sobrante is the closest of the several cities that border the part of Richmond where I live.

Over the years, I’ve gotten accustomed to the suspicious sorts lurking in the local undergrowth, but it appears that a new threat is moving in.

According to a recent post on everyone’s favorite unbiased news source–Nextdoor–“[…]a somewhat large buck with velvet covered antlers jumped out from the side… he mean mugged us hella hard and took a few quick steps towards the car…”

That’s right. As if street gangs of turkeys and terrorist coyotes aren’t bad enough, now we’ve got to deal with deer carjackers. It’s a bad neighborhood, obviously, and getting worse.

But I have to wonder: how the heck did the deer expect to drive the car to the chop shop? He could probably hold the key between his hooves, but it’s not like the driver’s seat can be adjusted to fit his shape. For that matter, what kind of payment would he have been expecting? I’ve heard that fences pay chicken feed, but salt licks?

Anyway, moving on.

The big story a few days ago was that Microsoft is working on tools to (as the Chron’s headline put it) “secure elections”. Which is great news as far as it goes.

Microsoft is doing it right: making the source code freely available, so anyone can audit it and any company in the voting machine field can use it.

The thing is, it’s not a complete voting system, and the value of Microsoft’s software is only as good as the implementation. Voting machine companies have a justifiably poor reputation for the quality of their coding. You can have the greatest software in the world for allowing voters to verify their ballot, and it’ll be absolutely useless if the rest of the software and the hardware it’s running on is riddled with security holes.

How many voting machines run on Windows XP, an operating system that has been completely unsupported for half a decade? (Probably fewer than the number of ATMs running on OS/2, which has been dead for three times as long. But I digress.) Sorry, not totally unsupported. Microsoft just released a security patch for XP. How many of those voting machines running the code are going to get the patch? I’m betting on a percentage in the single digits.

Also, as the articles point out, Microsoft’s new code doesn’t support Internet voting (something far too many people want, given the woeful state of the art) or vote by mail systems, which are increasingly popular.

I’m not running Microsoft down. As I said, it’s a step in the right direction. But we as a country need to take far more than just that one step.

And, finally, no SAST post is really complete without a mention of either the Bay Bridge Bolt Botch or the Transbay Terminal fiasco. I don’t have anything on the BBBB, but there was a brief note in the Chron a few weeks about about the terminal.

The cracked support beams are nearly repaired–though we still don’t have a date for the grand reopening. What we do have is word that the paths in the rooftop garden are going to be replaced.

Those paths, you may remember, are made of decomposed granite, and even before the terminal was closed, the granite was decomposing even further. So the decision has been made to repave the paths, this time using concrete.

As local megaconstruction repair projects go, it should be a comparatively cheap fix, no more than half a million dollars or so. The city and the contractors are, of course, arguing over who is at fault for the failure of the paths. We all know who’s going to wind up paying for the repair, though, and it isn’t either of the arguing parties.

Windows 10+

Very interesting.

Microsoft’s annual developer’s conference is going on now. There weren’t any astonishing announcements on the scale of last year’s revelation of HoloLens, or even at the level of “free upgrade to Windows 10” announcement*.

* Nor has there been any word about what happens when that free upgrade period runs out at the end of July.

But what they did announce is rather interesting. Not the AI tools and the ongoing announcements of new cloud functions. Developers may go ga-ga over some of that. Consumers will be more interested in the announcement of “Windows 10 Anniversary Update” (which I’ll refer to as “AU” for the rest of this piece).

AU, which will be released “this summer,” will tie Cortana more deeply into the infrastructure, allowing the OS to link applications together–the example demoed was writing a note “Call Mom tomorrow” and having Cortana automatically create a calendar reminder, complete with Mom’s phone number. The functionality will be exposed to third-party developers. If non-Microsoft programs pick up on that–and I suspect they will, and quickly–that just might be useful enough for me to turn Cortana on.

Biometric authentication will also take a big step forward in AU, according to Microsoft. “Windows Hello” isn’t just fingerprint scanners. It will also include other technologies, including facial recognition: sit down at your computer and it’ll use your webcam to recognize your face and unlock itself. Android has had that capability for a while, but it’s still rough around the edges. Hopefully more powerful desktop machines will do a better job of reliably recognizing users than phones do. In any case, AU will not only implement Hello for unlocking the computer, but will also let third-party software use the same technology for other logins: programs, networks, and websites.

Then there’s the third major enhancement for consumers. AU will include what could be called a Linux accessibility layer. For those of you who speak Linux, Windows will introduce the bash shell as an alternative to the aging “DOS” command prompt and the (IMNSHO) over-complicated PowerShell. As you might guess, this is controversial in the Linux community. Accusations of selling out are flying.

This isn’t totally new territory, of course. Tools for running Linux software on Windows have been around for years–Cygwin is arguably the best known, and it dates back to the mid nineties. For that matter, Microsoft has supplied tools to integrate Windows and UNIX systems since the days of NT.

What’s new here is that it’s (a) from Microsoft, (b) written with the help of Canonical (makers of Ubuntu Linux), and (c) doesn’t have the hassles of previous solutions: no recompiling applications, running a full-on virtual machine, or being limited to a tiny subset of available software. If we can believe the early reports, most command line Linux software will run unmodified–just download and go, and GUI software should theoretically* be almost as solid.

* The difference between theory and practice is, of course, that in theory there isn’t a difference…

As I said, there’s a lot of sniping, snapping, and snarling going on in the Linux community right now. Personally, I’m on the side that considers this move a definite positive. At least three-quarters of the Windows-using public will never notice the “Windows Subsystem for Linux”. But those of us who live on the command line should be cheering. No more “bad command or filename” when we absentmindedly type “rm” instead of “del”. And I’ll take vim over Notepad any day. (Maybe that’s just me.)

One final thought: AU is due out “this summer” and the free upgrade offer expires July 29. Here’s my bold, fearless prediction: AU will come out in mid-July, and on August 1, the nag messages upgrade to Windows 10 will stop. Instead, Windows Update will simply go ahead and install AU on every system capable of running it. You heard it here first.

Are You Sure…?

Tomorrow is, as we’ve been told over and over by the tech press, release day for Windows 10, and I’m sure we’re all looking forward to discovering our Windows 7 and 8 machines have been upgraded.

No, of course we’re not. I think we’d all be rather peeved to learn that our OS was changed without being given the opportunity to say “No, wait! I’m not ready!” And Microsoft is smart enough to recognize that. The upgrade will be pushed out to computers that have requested it, but it won’t be installed until the users give the OK.

Good thinking, Microsoft. But apparently there’s a bit of a left hand/right hand disconnect in Redmond.

Y’see, once we install that upgrade, we* lose the ability to control future updates. Since at least XP, Microsoft has allowed users to choose which updates to install and when to install them. It hasn’t always been easy to find the “Download updates but let me choose whether to install them” selection, but it’s been there. Apparently it won’t be there in Windows 10.

* In this context “we” are anybody who has an individual Windows license. The rules will be slightly different for business customers. But if you bought Windows directly from Microsoft–including getting the free upgrade–or had it pre-installed on your new computer, you’re part of the “we” even if you get Windows 10 Professional**.

** Win Pro users will be able to turn off automatic updating and defer updates indefinitely, but if they haven’t installed all updates, they don’t get support from Microsoft. Got a glitch that forces you to call Microsoft to reactivate Windows? Better hope you’ve installed all updates.

In some respects, this is a GoodThing. Quickly getting security updates onto millions of machines is, on the whole, a desirable thing. There’s an obvious analogy here to requiring kids to be vaccinated before they can attend school. (The computing equivalent of children who shouldn’t be vaccinated would be those “high-availability” corporate servers and the like, where the owners have to be able to control exactly what and when updates are installed.)

But Microsoft won’t just be installing security updates. Windows Update will also deliver driver updates. I’ve had a few network cards disabled by an updated driver delivered by Windows Update. I don’t anticipate Windows 10 will be totally free of bad drivers and driver conflicts. Though I suppose if Windows Update kills my network, I don’t need to worry about getting any further updates.

And don’t forget that Windows 10 will get significant feature updates, totally new functionality, delivered via Windows Update too. Fortunately, Microsoft never has bugs in new features, right? OK, maybe that’s a tiny bit optimistic.

Bottom line, being able to control updates meant we could hold off installing them for a few days to check early reports of problems and even opt-out of troublesome updates.

Delaying updates will still be possible, at least for a “limited” amount of time–although there’s no word on how long “limited” is. (Hours? Days?) And Paul Thurrott points out that one of the first updates Microsoft will be pushing out is a functional update to allow users to “hide” updates so they won’t be installed. So it seems Microsoft is backing away from a fully automatic update process–but Thurrott’s screenshots of the “hide” UI shows that Microsoft doesn’t intend you to permanently hide any updates. The exact text is “…if an update isn’t working you can temporarily hide it.” Hopefully by the time “temporarily” expires, it’ll be working.

If not, well, maybe you can roll it back. Thurrott also points out that you can use System Restore to restore your OS to the state it was in before the update was installed. Of course, first you have to turn on System Restore, since Microsoft decided to disable it by default. But you can turn it on (at least for now), roll back any updates you don’t like, and hide them so they won’t be reinstalled. Kinda like playing Whac-A-Mole with your computer.

One final thought: significant updates are still going to require a reboot. One of the things that I loathed about my PS3 was that it frequently required me to install an OS update–with reboot–before I could play any game, and then when I put the game disc in, it would make me wait while it downloaded patches for the game. I often had to wait half an hour or more before I could start playing a game. If Windows 10 forces me to install an update and reboot without giving me the opportunity to defer the reboot until I’m ready without constantly nagging me to reboot, I’ll be reverting to my Windows 7 and 8 backups.

You were going to do a full backup before you installed Windows 10, right?

Microsoft Is the Future

Before I get to the meat of today’s post, I want to close out Tuesday’s post. I got a very pleasant e-mail from Jaxon in response to my dissing of his latest article on the Bay Bridge Bolt Botch.

Unsurprisingly, he disagreed with my view that the article places too much of the blame for the fiasco on the design committee and their choice. This is still a more or less free country, and he is, of course, entitled to his opinion, however wrong it may be. I didn’t expect that he’d read my blog post and immediately see the error of his ways. But perhaps he’ll come around in the future.

And there will be opportunities for Jaxon to see the light. He assured me that he’ll continue to cover “the flaws and foibles” of the Bay Bridge project. That’s good news. Despite my teasing and my disappointment with the latest article, his writing on the subject has been consistently good. Certainly better than that of certain other Chronicle reporters; if you doubt that, take a look back to June, 2013. Jaxon’s article names names and doesn’t cut Caltrans any slack, while his colleague’s piece a few days later swallows Caltrans’ claims of collective responsibility whole, and regurgitates them, entirely undigested.

Moving on.


There were a number of interesting announcements out of Microsoft earlier this week related to the impending arrival of Windows 10. I found two of them particularly fascinating.

First, there’s the announcement that Windows 10 will be a free upgrade for anyone running Windows 7 or Windows 8, as long as they do the upgrade in the first year after Windows 10 is released. What really makes that interesting is that the free upgrade is not available to anyone running XP.

As ArsTechnica notes, XP still accounts for almost 15% of the worldwide OS marketshare–nearly twice as much as all versions of Macintosh OS X–despite the fact that it’s completely unsupported. Apparently, Microsoft is giving up trying to convince XP users that it’s time to move on and upgrade to a supported OS.

And that one year window has some interesting implications for users of Windows 7, which moved from “mainstream support” to “extended support” earlier this month and will become unsupported in January of 2020. Microsoft hasn’t announced a release date for Windows 10, but it’s almost certainly going to be sooner than four years from now. Why would Microsoft eliminate its biggest incentive to upgrade? Do they really want a years-long period of Windows 7 getting increasingly creaky but nobody moving on? Didn’t they learn anything from the effort to get people off of XP before the end of extended support?

We could be optimistic, I suppose. Microsoft has taken the important step of offering a free upgrade. Maybe as Win7’s end of life approaches, they’ll take the next step and try paying people to upgrade. Imagine: “Download your Windows 10 (2019 edition) upgrade here and we’ll send you a $50 Visa Debit Card, good at any retailer that still has a bricks-and-mortar outlet.” It’s worth a try, guys.


The other interesting announcement is, as you’ve probably already guessed, Microsoft’s HoloLens.

It seemed a little odd how much excitement HoloLens is generating, given the recent crowing we’ve seen in the press about the death of Google Glass*. On further thought, though, I think the buzz has a lot to do with the difference in HoloLens’ focus.

* For the record, Glass isn’t dead. The current hardware may not be available, but Google hasn’t given up on the idea. There’s still a Glass team, and even if the classic spectacle-mounted display doesn’t make a comeback, ideas and techniques from Glass will find their way into other Google products.

Glass was and is primarily about sharing your life–remember the live skydiving video at Google I/O 2012?–rather than enhancing it. The provision of contextual information is a secondary goal, and Google took great pains to keep it unobtrusive.

At the other extreme, you’ve got Oculus Rift and other virtual reality systems working toward a fully-immersive experience.

HoloLens sits in between the extremes, aiming to provide contextual enhancement to your environment without replacing the entire world around you.

By focusing on providing useful information without burying you in it, Microsoft may just find the sweet spot of user interest. The demos being run for reporters suggest they haven’t yet decided exactly where on the spectrum that sweet spot lies–the Mars demo, for instance, is nearly as extensive as an Oculus Rift-style virtual reality–but the current state of the hardware makes it clear that they still have time to refine their target.

Microsoft says HoloLens will be available “in the same timeframe as Windows 10.” It’s clear that the HoloLens hardware is not as close to release as Win10, so don’t expect to get a HoloLens system the same day you download your free OS upgrade. I wouldn’t be surprised, in fact, if HoloLens doesn’t hit the shelves until after the free upgrade offer runs out–but I also wouldn’t be surprised if the hardware came with a bundled copy of Win10. That might be just enough incentive to convince a few laggard Win7–or even XP–users that the time catch up with the rest of the world has arrived.

The Cycle of Life

So there’s a lot of excitement in MicrosoftLand today. There’s a birth and a death!

The birth is the release of Windows 8.1 Update 1. Seriously, that’s what they’re calling it. Maybe somebody’s already trademarked “8.2”? Anyway, the update is the latest tiny step towards Microsoft’s inevitable admission that it just doesn’t make sense to have a single UI across their entire product line from phones with four-inch touch-sensitive screens to computers with thirty-inch non-touch monitors. Yeah, the update has a bunch of bug fixes (many of which are already installed on any computer that has automatic updates turned on). The big excitement is for the enhancements aimed at desktop users. The most thrilling of these is a tweak that will cause machine without touch support to boot to the traditional desktop instead of the new Start screen. Can you feel the adrenaline hitting your innards at the thought? No, me either.

The death is official End of Life for Windows XP. Sorta. At least two governments are paying Microsoft to continue releasing security fixes. But those fixes are for government use only; they won’t be released to the general public. Meanwhile, Microsoft has said that they will continue to issue virus definition updates for their popular “Security Essentials” program. They’ve also said that they will not continue the updates. Except that they will. But they won’t. At this point, I’m not sure if anyone, including Microsoft employees, know whether the updates will continue. Joy. That “general public” that won’t be getting security fixes, by the way, may make up close to a quarter of the machines surfing the Web. That’s a heck of a lot of machines that will be vulnerable to the security exploits that will be discovered from now on.

So with all that excitement, the search engines must be staggering under the load of people trying to find out how to upgrade their zombie XP machines to that thrilling Windows 8.1 Update 1, right?

Not so much, actually. A quick check of Google’s Trends shows that Microsoft and Windows haven’t even cracked the top searches lists.

OK, I didn’t really expect that all of the people who have been ignoring Microsoft’s increasingly frantic warnings that XP computers would turn into pumpkins to suddenly update, but I did think there would be a flood of people wanting to get the latest and greatest 8.1. I don’t have a clue what went wrong there–I can’t imagine that all of the early adopters have dropped dead. Maybe Windows 8 just isn’t as popular as Microsoft has been telling us? Certainly Microsoft has been complaining that the Windows 8 adoption has been slower than they hoped.

Here’s a thought, a way for Microsoft to solve two problems at once. We’ve discussed the recent “free OS” trend before. The latest OS X is a free upgrade. Windows 8.1 is a free upgrade from Windows 8, and Microsoft just announced a couple of days ago that Windows will be free to manufacturers of devices with screens under 9 inches.

So take the logical next step, Microsoft: Make Windows 8.1 a free upgrade from any version of Windows. Shove it into Windows Update for XP, Vista, and Windows 7. Millions of machines run by people who aren’t paying attention move off of XP, adoption of Windows 8 soars. Microsoft is leading the the way into the future instead of limping along shouting “Wait for me!” Everyone is happy.

Yes, I’m aware that you can’t actually upgrade XP to Windows 8: you have to do a clean install and migrate your settings. But it’s not technically impossible. Remember that–all jokes aside–Microsoft’s developers and QA folks have the expertise to integrate a migration tool into the Windows 8 installation system. They just need a reason to do it. Now there’s a reason.

What do you say, Microsoft?

Knock-Knock

No, that title isn’t the start of a joke.

Now I feel like an idiot for April’s post on the CISPA bill and its potential to strip privacy protections online.

After all, we now know that we already have no protection.

With this week’s revelations about phone companies being required to turn over metadata for all calls and the existence of the PRISM program that gives the NSA full access to everything that Microsoft, Google, Apple, and a host of other large Internet companies know, it’s clear that if you use a phone or computer, you have no privacy whatsoever.

Consider: According to the Guardian and Washington Post reports, to conduct a PRISM search, the NSA has to be 51% sure that the subject is foreign. That’s the only limitation. A barrier that low will allow a massive number of false positives, but that’s almost irrelevant, because once the search begins, it can (again according to the reports) be extended to all of the contacts of the subject and all of the contacts of the contacts. By design, anyone who is “probably” not a US citizen is – and has been since at least 2007 – a terrorism suspect.

Hell, more than half of the regular readers of this blog are “foreign”; they have no protection against being the subject of a PRISM search: PRISM was designed to allow the NSA to monitor everything they do online to “protect against terrorism”.

Last week’s picture of Kokoro lurking in the headboard of my bed drew likes from people in England, Wales, and Moscow. The NSA knows that (and knew it before this post told the world). Since I’m now associated with those foreign “suspects”, all of my online activities are now available to the NSA, and because I’m associated with you, so are yours. And by “you”, I’m not just talking about those of you reading this post. Everyone I’ve communicated with falls into that category – as described, PRISM would make it trivially easy for the NSA to link the email address I use for this blog to all of my other email addresses, at which point they’ll find out that I’ve exchanged emails with citizens of India, Japan, and China. Better check all of their contacts; since they’re foreign, the rule of “two levels of contacts” resets and the NSA can chain their searches outward from there. Nice work, Kokoro. You’re single-pawedly responsible for the investigation of thousands of people around the world for their possible roles in plotting terroristic acts against the US.

Yes, I do have a sudden urge to make myself an aluminum foil hat. Why do you ask? Right now it’s seeming like the most sensible thing to do.

Seriously though folks, if even half of the capabilities being touted for PRISM are accurate, by combining its output with the results of the phone company data, the NSA can figure out not only damn near everything you’ve done online, but also what you’re doing out in the real world. Legally. And that’s why I feel like an idiot about getting bent out of shape over CISPA – all that adds to the government’s capabilities is to let the FBI and Homeland Security track US citizens without first linking them somehow to someone “foreign”.

Please, no comments along the lines of “If you’re not doing anything wrong, you shouldn’t care.” If nothing else, when the government can secretly monitor everything you do, “wrong” is what they define it to be. I don’t think I’m being overly pessimistic in saying that “Niemöller” and Orwell were conservative.

Frankly, I think there’s very little we can do. The capability won’t go away: even if a public outcry forced the repeal of the PATRIOT Act and the other legislation that enables this warrantless surveillance, you can be sure that the tools will stay in the hands of the government agencies that have it now. They’re just too useful for them to give up. And removing the laws that limit their use will just encourage the agencies to use them more: why shouldn’t they if any use is illegal?

Heck, given the administration’s position that these data collection programs are “a critical tool in protecting the nation from terrorist threats”, even trying to take those toys away can be classed as a terroristic act (giving aid to terrorists).

If y’all will excuse me, I’m going to go downstairs and arrest myself. Maybe if I save the government the effort of doing it, they’ll let me share my cell with Kokoro.