Monthly Archives: August 2016

Microsoft, Patches and updates, Things that are bad, Windows 10

Windows 10 update problems continue

Leave a comment

Recent updates to Windows 10 are causing headaches for Kindle and Powershell users.

Kindle users are reporting that simply plugging their Kindle into their Windows 10 PC is causing Windows 10 to crash. Two important Powershell features were rendered inoperable by the updates, making the jobs of system administrators more difficult.

Both problems are apparently the result of poorly-packaged cumulative updates. Microsoft is working on fixes, but seems to be in no hurry, since the fixes will not be available until August 30.

As with the webcam problems reported last week, these problems highlight what appear to be major holes in Microsoft’s new testing process, which relies on user feedback. Clearly, huge swaths of functionality are not being tested either by Microsoft or Insider users.

Firefox, Patches and updates

Firefox 48.0.1 and 48.0.2

Leave a comment

Mozilla snuck a couple of Firefox releases past me again. I only noticed version 48.0.1 when Firefox offered to upgrade itself on one of my computers. On a different computer, Firefox offered to upgrade itself directly to 48.0.2. I’m currently unable to induce Firefox to update itself to 48.0.2 on the former; the About dialog insists that “Firefox is up to date.”

Come on, Mozilla. Get your crap together:

  • Provide proper release announcements. I’ve been harping on this for a while, but Mozilla is oddly resistant.
  • Clarify update availability: why do I see update alerts on some computers, but not others?
  • Add a manual update checker to the About dialog (menu > question icon > About), because otherwise it may not show the most recent version for several days after that version becomes available.

This is basic stuff, folks.

Firefox 48.0.1 was released on August 18. It’s mostly fixes for crashing problems, and doesn’t seem to include any security fixes.

Firefox 48.0.2 was released on August 24. It fixes one specific crashing problem.

Since neither of these updates include security fixes, delaying their installation (for whatever reason) isn’t going to make your computer less safe.

Update 2016Sep03: On my Windows 8.1 computer, Firefox didn’t prompt me to upgrade to version 48.0.2 until a week after the update became available. That seems an excessive delay. Of course, 48.0.2 isn’t a security release, so it’s not really urgent. Or is it? The 48.0.2 update message says “A security and stability update for Firefox is available.” Which seems weird, since the release notes don’t mention anything about security. The update message also says this: “It is strongly recommended that you apply this update for Firefox as soon as possible.” That would make sense if this was a security update, but again, it’s not. And how much sense does it make to tell people to update ASAP, when the message doesn’t appear until a week after the update becomes available? Sheesh.

Apple, Mobile, Patches and updates, Security

Apple fixes three critical vulnerabilities in iOS

Leave a comment

If you have any Apple mobile devices, including iPhones and iPads — anything that runs iOS — you should update them immediately.

Three three vulnerabilities are already being exploited (0days), and can lead to a complete remote compromise of an affected device.

Yesterday Apple released updates that address these vulnerabilities. The updates were released outside of Apple’s regular update schedule (i.e. out of band updates).

Duo Security has additional analysis.

Privacy, Windows 10

The EFF scolds Microsoft for anti-consumer Windows 10 tactics

1 Comment

The Electronic Frontier Foundation (EFF) is “the leading nonprofit organization defending civil liberties in the digital world.” If you’re not familiar with their work, you should be.

In a recent post on their site, the EFF provides a scathing review of Microsoft’s troublesome decisions in relation to Windows 10, including: hitherto unheard-of free upgrades; insistent and entrenched upgrade prompts on Windows 7 and 8; pushing Windows 10 upgrades via Windows Update; categorizing privacy-compromising and advertising-related updates as important for security; user interface tricks that are common to malware; collecting and transmitting large amounts of potentially sensitive data from Windows computers to Microsoft; failing to provide either adequate explanations for — or methods for disabling — various unwanted features; obfuscating their intentions behind claims of improved security and enhanced functionality; and claims that Windows Update is somehow unable to function without privacy-violating functionality enabled.

It concludes with a stern warning:

Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.

Otherwise it will face backlash in the form of individual lawsuits, state attorney general investigations, and government investigations.

We at EFF have heard from many users who have asked us to take action, and we urge Microsoft to listen to these concerns and incorporate this feedback into the next release of its operating system. Otherwise, Microsoft may find that it has inadvertently discovered just how far it can push its users before they abandon a once-trusted company for a better, more privacy-protective solution.

Windows users face a choice:

  • Option #1: Continue using Windows 7, 8 and 10. Trust that Microsoft’s intentions are good; that they are not really trying to control what we see, and track what we do, when we use Windows.
  • Option #2: Continue using Windows 7, 8 and 10. Assume that Microsoft will back down from its more aggressive moves, whether prompted by consumer backlash or legal action.
  • Option #3: Continue using Windows 7, 8 and 10. Disable what you can, block what you can, and stop using Windows Update, hoping that this will prevent Microsoft from compromising your privacy, but making your computer increasingly less secure.
  • Option #4: Continue using Windows 7, 8 and 10. Rely on the computing community to develop ways to block Microsoft’s attempts to control and monitor users (without compromising security), as we’ve already seen in the form of GWX Control Panel and other software.
  • Option #5: Stop using Windows 7, 8 and 10. Rather than wait for Microsoft’s plans to reach their probable conclusion (a Microsoft-controlled advertising platform on every desktop), switch to a less problematic operating system, such as Linux.

Recommendation: Option #5 if you can; otherwise Option #4. Option #3 should be viewed as a temporary solution only, and dangerous in the long run. Option #2 is probably overly optimistic. Option #1 is just sadly naive.

The Verge and Techdirt have their own take on the EFF’s post.

Hardware

Latest hard drive reliability data from Backblaze

Leave a comment

Cloud storage provider Backblaze publishes their hard drive reliability findings quarterly, thus providing a useful benchmark for us regular folks.

In their most recent report, Backblaze’s data includes 8 terabyte drives for the first time. Failure rates for the 8 TB drives is slightly higher than smaller drives, but this may be due to the fact that all of the 8 TB drives are new, and new drives tend to fail more often than drives that have been running for a while.

As usual, HGST (Hitachi) drives top the reliability charts, but Seagate is now close behind. Western Digital failure rates are the worst of all the drives analyzed.

Microsoft, Patches and updates, Things that are bad, Windows 10

Windows 10 update breaks many webcams

1 Comment

Microsoft wants us to let them update our Windows computers whenever they choose. Anyone using the Windows 10 Home edition is already living with this new reality, and — short of upgrading to Windows 10 Professional — can do nothing about it.

Of course, Windows 10 Professional is only slightly less invasive, as it only lets users delay updates for a few weeks. The only way to regain complete control over updates is to use one of the extremely pricey Enterprise or Education editions.

If you wanted to demonstrate just how awful this all is, you couldn’t ask for a better example than the recent anniversary update, which caused huge numbers of webcams to stop working.

Nothing in the release notes for the anniversary update provided any clues that this might happen. I imagine plenty of people simply assumed that their webcams had failed. Some may even have purchased new webcams.

Microsoft is apparently working on a fix, but there’s no indication of when it will be available. In the meantime, there are a lot of angry webcam users out there.

But wait a second: why wasn’t this problem reported by people with affected webcams who are on the Windows 10 Insider Preview program? The problematic changes were available to those users well in advance of the anniversary update’s release. If it was reported, Microsoft apparently failed to grasp the scope of the problem. A more likely explanation is that Insider Preview participants either don’t have webcam hardware (e.g. they test Windows 10 on a virtual machine), or simply never thought to test their webcam. Either way, Microsoft failed to perform adequate internal testing, and this doesn’t bode well for Microsoft’s reliance on the new Feedback mechanism.

Adware, Linux, Microsoft, Patches and updates, Privacy, Things that are bad, Windows 10, Windows 7, Windows 8.x

Microsoft: “Upgrade to Windows 10 or we’ll make Windows 7 and 8.1 just as bad.”

1 Comment

Microsoft just announced the next move in their fight to push their advertising platform into our faces, and it’s very bad.

Let’s review, shall we? Microsoft really wants you to use Windows 10. Their official explanation for this includes vague language about reliability, security, productivity, and a consistent interface across platforms. Their claims may be true, but they hide the real reason, which is that Microsoft saw how much money Google makes from advertising, realized that they had a captive audience in Windows users, and added advertising infrastructure to Windows 10 to capitalize on that. The privacy-annihiliating features are easily explained: the more Microsoft knows about its users, the higher the value of the advertising platform, since ads can be better targeted.

A short history of Microsoft’s sneakiest Windows 10 moves

Move #1: Offer free Windows 10 upgrades for Windows 7 and 8.1 users. Who doesn’t like free stuff? Many people jumped at this opportunity, assuming that newer is better.

Move #2: Dismayed by the poor reception of Windows 10, and upset by all the recommendations to avoid it, Microsoft creates updates for Windows 7 and 8.1 that continually pester users into upgrading, in some cases actually upgrading against their wishes or by tricking them. Angry users fight back by identifying and avoiding the problematic updates.

Move #3: Still not happy with people hanging on to Windows 7 and 8.1, Microsoft creates updates that add Windows 10 features to Windows 7 and 8.1, including instrumentation related to advertising. Again, users fight back by identifying and avoiding these updates.

Move #4: Microsoft announces that business and education customers can avoid all of the privacy-compromising and advertising-related features of Windows 10 through the use of Group Policy. This is good news for bus/edu customers, but then again, those customers pay a high premium for Enterprise versions of Windows already. At least now Windows 10 is a viable option for those customers.

Move #5: Microsoft realizes that the Group Policy tweaks provided for bus/edu customers can also be applied to Pro versions of Windows, Microsoft disables those settings in the Pro version. Windows 10 Home users never had access to those settings. Angry users are running out of options.

Move #6: Which brings us to today. Since the only way to avoid privacy and advertising issues (borrowed from Windows 10) in Windows 7/8.1 will be to stop using Windows Update entirely, angry users are now looking at alternative operating systems.

We know business and education customers won’t be affected by this latest change. The rest of us will have to suffer – or switch.

Assuming Microsoft doesn’t back way from this decision, I imagine my future computing setup to consist primarily of my existing Linux server, and one or two Linux machines for everyday use, development, blogging, media, etc. I’ll keep a single Windows XP machine for running older games and nothing else. In this scenario, I won’t run newer games if they don’t have a console version. Aside: if I’m not the only person doing this, we might see a distinct decline in PC gaming.

Dear Microsoft: I only kind of disliked you before. Now…

Computerworld has more. Thanks for the tip, Pat.

Patches and updates, Vivaldi

Vivaldi 1.3

Leave a comment

The people behind the alternative web browser Vivaldi keep hammering away at it, improving features and fixing bugs. With the release of version 1.3, Vivaldi is closer than ever to being a legitimate contender in the current browser war.

Still, Vivaldi has more than its share of problems. Some aspects of the user interface remain visually clunky or difficult to use, including the bookmark editor. There’s still inconsistency in the way links and bookmarks are handled.

I’ve been installing developer snapshot builds of the browser when they become available. In reviewing the change logs for these snapshots, I noticed a surprising number of ‘regression’ bugs being fixed. I understand that developer snapshots are not intended for regular use, and are likely to be rough around the edges, but each of these regressions belies a lack of communication and coherent effort among the developers.

Don’t get me wrong: I’m actually rooting for Vivaldi. I continue to hope that the Vivaldi developers get their act together and produce a version that I can once again consider seriously as a replacement for Firefox.

Opera, Patches and updates, Security, Vista, Windows XP

Opera update for Windows XP and Vista

Leave a comment

Opera is now the only major web browser that still supports Windows XP and Vista. If you’re still using either of those operating systems and browse the web, you should definitely stop using Internet Explorer, Firefox, and Chrome, and switch to Opera. Browsing the web is dangerous enough without the added risk of using a browser that has known security vulnerabilities that will never be fixed.

Note that the most recent Opera version that supports Windows XP and Vista is 36. It wasn’t easy to find older versions on the Opera web site, but I eventually found a page that allows you to download any version by platform.

A recent update to Opera 36 addresses security issues that are specific to XP and Vista. The announcement doesn’t mention the actual new version number, but based on my research, it seems to be 36.0.2130.65.

If you’re using Opera on XP or Vista, make sure you install the new version. It should update itself automatically, but you can also download Opera 36.0.2130.65 directly.

I’ve tried to locate release notes for the new version, with no luck. According to the announcement, several security fixes previously applied to later versions were back-ported to Opera 36.

Microsoft, Patches and updates, Silverlight, Windows

Silverlight 5.1.50428.0

Leave a comment

Silverlight 5.1.50428.0 was released on June 21. Windows systems configured for auto-update should have received the update as soon as it became available. Without auto-update enabled, the new version should have been installed the first time Windows Update was run after June 21. The update is designated KB3162593.

Fortunately, the new version doesn’t fix any security issues. According to the release notes, it “Fixes the DateTime parsing for Norwegian and Serbian cultures.” So, not all that interesting, and certainly not an urgent update.