Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Microsoft’s Edge-related shenanigans continue

There’s apparently a team of people at Microsoft who spend all their time trying to come up with sneaky ways to get Windows users to switch to Edge as their default web browser. To be clear, I have no direct evidence that such a team exists, but it seems likely.

The latest trick? Automatically importing Chrome bookmarks into Edge, then sneakily running Edge instead of Chrome, presumably in the hope that some users will fail to notice the difference.

In practise, though, I doubt many people will be fooled, because site passwords are not imported along with the bookmarks. They will, I think, realize that something funny is going on when their site passwords are missing.

I wonder how far Microsoft is willing to go with these tricks. They’ve been doing this kind of thing since the early Internet Explorer days, so it’s nothing new. The company has been spanked from time to time for these shenanigans, but those spankings don’t seem to have been much of a deterrent.

Tom Warren over at The Verge has the details of his own encounter with this latest trick.

UPDATE 2024Feb16: The Verge reports that Microsoft has quietly changed this behaviour in Edge, calling it a ‘bug’. Riiiiiiiight.

Microsoft can’t stop bugging us about Edge

They just can’t help themselves. Microsoft’s latest attempt to prevent Windows users from switching away from their browser of choice takes the form of a large panel that appears in Edge when you download another browser.

I suppose that as long as what they’re doing is legal, they’re just being pushy. Still, one could argue that they have an unfair advantage: the user has to use Edge to download another browser on Windows. But regardless of its legality, this behaviour is very annoying.

The Verge posted a useful summary of Microsoft’s recent attempts to steer Windows users away from other web browsers.

At least this latest intrusion seems like a sincere attempt to understand why many Windows users run Edge only to download a different browser. However, there are a few obvious answers missing from the poll:

  1. Edge won’t let me run an ad blocker or a script blocker (not actually true, but commonly believed).
  2. I hate Microsoft, and only use Windows grudgingly. I avoid Microsoft software as much as possible.
  3. I don’t trust Microsoft any more than I have to.
  4. Edge is just another way for Microsoft to shove ads down my throat.
  5. Edge doesn’t support the plugins I want to use.
  6. Windows is already more intrusive than I would like.
  7. I can’t really control how much Edge communicates with the Microsoft mothership.

And of course it could be much worse. Microsoft could nag you every time you start a non-Edge browser, when you start Windows, or even at random intervals. This latest nag screen only appears once, when you run Edge that first and only time you need it, to download a non-Edge browser.

What else will Microsoft try? Will they actually pay any attention to the results of this intrusive poll?

Dear Microsoft: if you want people to use Edge, try making it better than the other available browsers. You know, compete.

Bug causes clock problems on Windows 10, 11, Windows Server

A recently-discovered bug in newer versions of Windows is causing bizarre local time shifts.

Keeping accurate time on computers is important for a lot of reasons, many of which are not obvious to non-technical users. Update schedules, scheduled background tasks, synchronization with server and cloud resources, and many other time-sensitive processes depend on your PC maintaining accurate time.

Because it’s so important, and because various factors can sometimes cause a PC’s clock to drift, operating systems use a variety of methods to check and adjust it. The most obvious of these in Windows can be seen in Windows 10 and 11 in Settings > Time & Language. Windows regularly compares the PC’s clock with an Internet-based clock, such as time.windows.com. When a discrepancy is observed, the PC’s clock is updated.

Between a PC’s internal clock and Windows’ time synchronization, most Windows-based computers are able to maintain accurate time.

But at some point, someone at Microsoft decided that Windows needed additional time checks. So they created something called Secure Time Seeding. This function regularly analyzes secure network traffic from a ‘known good’ host computer, and calculates the current time based on what it sees.

Sounds good, right? Anything that makes the clock more accurate is good, right? Well, no. There’s at least one major problem with Secure Time Seeding, which causes it to get confused about the date and time, and can set your computer’s time based on random values. This has been observed to incorrectly change the Windows clock by minutes, hours, days, or more. As you can imagine, this causes all manner of strange problems.

Microsoft’s response to the report of this bug has been disappointing: they are downplaying its scope and effects. And while it’s true that there are very few reports of this happening, the problems it can cause are bad enough that anyone running Windows 10 and up or Windows Server 2016 and up should disable Secure Time Seeding.

To disable Secure Time Seeding on a Windows 10 or 11 PC, follow the instructions provided by Microsoft.

Trying to make sense of the actions and statements of a corporate behemoth like Microsoft is an exercise in futility. It’s possible that they will realize that this bug is actually very bad, and fix it, or they may find a way to limit its effects, or they may change the feature so that it’s disabled by default. But in the meantime, there are potentially millions of computers out there that might start exhibiting strange clock problems for the forseeable future.

Microsoft’s empty promises

I was just talking about a recent announcement from Microsoft, in which they assured the general public that their days of messing around with user settings and defaults on Windows were behind them.

In that post, Microsoft claimed that they are “reaffirming our long-standing approach to put people in control of their Windows PC experience”. Which I called out as baloney, since Microsoft has a long history of reverting user settings and defaults when it suits Microsoft.

That was on March 18. Yesterday, a mere six weeks later, The Verge reported that “Microsoft is forcing Outlook and Teams to open links in Edge”.

So this is Microsoft once again changing the way Windows works, to favour their own applications. I’m sure there are workarounds, but I’d be willing to bet that these workarounds will need to be reapplied after Windows updates.

Look, I understand that once a corporation gets to a certain size, it can be very difficult for one hand to know what the other is doing. But as I pointed out in my earlier post, Microsoft has engaged in these problematic behaviours for years. For them to a) claim that they’re innocent; b) “reaffirm their approach”; then c) keep right on doing this stuff… is incredibly annoying.

UPDATE: And the shenanigans continue. As of August 2023, Microsoft is showing annoying popups in Windows 11, urging users to switch to Bing for search. These things are appearing on top of games, presentations, and in other extremely inconvenient contexts. Come on, Microsoft, this is some serious bullshit.

UPDATE 2023Sep11: Ctrl.blog has additional details. It looks like Microsoft’s recent announcements about improving Windows’ behaviour were complete bullshit.

Microsoft frames long-overdue Windows changes as ‘reaffirming our long-standing approach’

Here are the first two paragraphs of a recent post on the Windows blog:

“Today we’re reaffirming our long-standing approach to put people in control of their Windows PC experience and to empower developers to take advantage of our open platform.

We want to ensure that people are in control of what gets pinned to their Desktop, their Start menu and their Taskbar as well as to be able to control their default applications such as their default browser through consistent, clear and trustworthy Windows provided system dialogs and settings.”

These changes are very welcome, and appear to resolve some particularly annoying Windows behaviours that users have been complaining about for decades.

But for Microsoft to frame these much-needed fixes as “we’ve always done this, and now we’re just making sure” is rather amusing. Come on guys, admitting mistakes is healthy. Are you saying these issues are new? Because they’re not. Are you saying you were unaware of these issues? I doubt that very much, because people have been complaining about them for years. No, this is just Microsoft public relations attempting to revise history.

What Microsoft is conveniently leaving out is that the worst offenses of this kind (reverting user settings, pinning and unpinning shortcuts, changing default applications, etc.) have always been committed by Microsoft. For example, Windows Update had a very annoying tendency to revert the default web browser to Internet Explorer.

Microsoft has of course run into legal trouble for some of these behaviours. It seems clear that reverting a user’s default web browser to a Microsoft browser in the process of updating the operating system is unfair to competitors. And Microsoft has been forced to stop doing some of those things.

Anyway, here’s hoping that Microsoft truly is committed, now, to avoiding such devious — and incredibly annoying — practices.

ChatGPT: experiments in writing

As I’m sure you’ve noticed by now, I’m using ChatGPT to generate some posts defining computing terms. I’m labeling them all clearly as generated text, but I’m also checking them carefully before posting.

Checking ChatGPT’s output is extremely important, because one can be lulled into believing that the program knows what it’s talking about. The text it generates always sounds authoritative, even when it’s horribly wrong. And it’s wrong more often that you might imagine.

Note: I’m not going to call ChatGPT an Artificial Intelligence (AI), because it’s nothing of the kind. It’s just a program that is able to generate believable-sounding text, regardless of its accuracy, based on analysis of a crapload of content written by humans. True AI will include this particular skill, just as it will include the ability to play chess, to generate art, to drive cars, to make quick decisions based on unpredictable circumstances, and many thousands more specific skills that humans possess.

A recent post at Futurism does a nice job of providing real-world examples of a mainstream news site (CNET) using ChatGPT to generate articles that sound fine, but include serious errors. In this case, the publisher did not initially identify the generated articles as being from ChatGPT, and while I can understand their reluctance, I think that was a bad call.

The risks of depending on ChatGPT are enumerated in this post from KnowBe4:

  • A big downside to ChatGPT is that its sources are unknown, meaning the creators themselves may not even know where the answers it produces come from. This often leads to incorrect information being given.
  • The concerning thing about this flaw is that the inaccuracies are tough to notice, especially because it sounds confident but can really be utter nonsense.
  • You cannot use ChatGPT to find out if text has been written by ChatGPT. There is no antidote.
  • It cannot detect scams. ChatGpt is a natural language processing tool that can answer questions and generate text based on the input it receives, but it does not have the ability to detect scams or other fraudulent activities.

Meanwhile, when I asked ChatGPT “Can ChatGPT’s writing be relied upon as accurate?” it responded as follows:

ChatGPT is a machine learning model and its accuracy is based on the data it was trained on. It can provide accurate information and responses to a wide range of questions and prompts, but it may not always be completely accurate or up-to-date. It’s always a good idea to verify any information provided by ChatGPT with additional sources.

Another breach at a password storage service: LastPass

Using a password manager is still the best way to securely record all your passwords. This assumes that you are in fact using different passwords for every web site and service that require one. If you’re using the same password for everything, you are risking your privacy, financial security, and sanity.

So… which password manager should you use? Most of the major password management services (1Password, LastPass, etc.) store your passwords on their own servers, and there’s no question that this provides some benefits in terms of convenience, with the main one being that you can access your passwords from anywhere. You don’t have to back up your password data or copy it between devices; it’s maintained by the service provider and easily accessible via their web site.

But this convenience comes at a huge cost: the risk that your passwords will be compromised when the service provider experiences a security breach.

A recent breach at LastPass is, sadly, only the most recent example. In this case, the LastPass servers were compromised and attackers gained access to user data. The company first reported the breach in August 2022, but downplayed the impact on users. Their latest announcement finally provides the full story, and acknowledges that the attackers gained full access to user data, including encrypted passwords.

More about the breach from Bruce Schneier.

Although LastPass is to blame for the breach and compromised user data, passwords in the user data obtained by the attackers are all encrypted, and there’s no way to magically decrypt them without knowing the master passwords of individual users. However, that just means that the people who have the data will be using brute-force techniques to crack those passwords. For users whose master password is long and complex, it would take years–if not centuries–to crack, but if your master password is simple or commonly-used, all of your passwords are now known by these attackers.

Something for your to-do list: if you use LastPass, and your master password is easy to crack (check it here), you should immediately change ALL of your passwords.

In my opinion, you’re much better off using password management software that stores its data locally, on your own computer. Then you only need to worry about someone getting access to your computer, which you can actually control.

I’ve long recommended Password Corral for Windows users. It’s simple, secure, and free, and it stores its data locally only.

Other password managers that use only local storage include PasswordSafe, KeePassXC, and KeeWeb. Password managers that can be used with local storage include Roboform, and Sticky Password.

And remember that when you use a ‘cloud’ service, you’re just storing your data on a total stranger’s computer, which may or may not be managed and secured competently, and which you have basically no control over. Cloud stuff is convenient, but the risks of using it indiscriminantly are enormous.

Update 2023Sep11: Brian Krebs reports that password information obtained during this breach is being actively used by criminals to gain unauthorized access to various systems and services.

Cortana

Some technologies seem always to be just around the corner. Every few years, people get excited all over again, about 3D media, virtual reality, voice assistants, hoverboards, self-driving cars, flying cars, artificial intelligence, and other things that always turn out to be more hype than anything else.

I started writing the post below about Cortana way back in 2015, but never published it. I can’t even remember why it never got published, but presumably I just lost interest, and figured everyone else would as well.

For a while there, my main interest in Cortana was the ways in which it was making work difficult for IT staff. My favourite example of that is shown in this video of someone prepping a room full of new computers with Windows 10.

Now, all the excitement about Cortana, along with Amazon’s Alexa, has almost completely disappeared. Cortana is still around in recent versions of Windows, but much of its functionality has been stripped away (and now it’s gone). Alexa is being similarly sidelined, and increasingly viewed as a failure.

Why are voice control tools like Cortana and Alexa failing?

  1. Talking to your computer is amusing for a while, but once the novelty wears off, one can’t help noticing that it’s just as easy (and in many cases much easier) to use your mouse and keyboard.
  2. Privacy issues. Computers are really good at making our lives easier. And that’s good. But some technologies, to be truly useful, need to know about us — a lot about us. The most obvious example is Internet advertising: unless you’re blocking ads and related scripts and cookies in your web browser, the ads you see are based on what advertising networks know — or think they know — about you. And that’s just one example. A lot of what makes modern computers useful is based on this tradeoff between privacy and convenience. Computer ‘assistants’ like Cortana and Alexa rely on what they learn about you to improve their effectiveness. And of course they’re always listening.

Anyway, here’s what I wrote back in 2015:

Cortana limitations

Having a computer you can talk to is one of those things that most of us associate with science fiction. Cortana is Microsoft’s attempt to make that fantasy real. The extent to which they have succeeded depends on your point of view. There are loads of examples of cool things Cortana can do in response to your questions and commands, but they still feel very limited to me. Not to put too fine a point on it, there are some things Cortana is good at, and others it is not. If your idea of talking to your computer is to find out the weather, the time, and stock prices, or set up appointments in your calendar, you might find Cortana quite useful. To my way of thinking, unless I can debate philosophy or sports with a computer, I’m not really interested in talking to it.

That said, there are plenty of examples of useful ways to use Cortana (find some). (Editor’s note: I never found any, although admittedly I didn’t look very hard. I assumed if someone found a killer app for Cortana, I’d hear about it.)

Cortana is also region-dependent and may not be available in your country. If that’s the case, and you happen to be an English speaker (which I can assume given that you’re reading this), you can make Cortana work by configuring the Windows region settings to the US. I’m in Canada, and I’ve been using the US English Cortana for a while, and it works fine. The main difference between the versions is the speech recognition database, so the Canadian version is going to be pretty much identical to the US version. There may be other small difference as well, such as units of measurement. If you do decide to tweak the region settings to use the US Cortana, keep in mind that this will affect other apps as well. For instance, your web browser may tell search engines that you’re in the US, and your search results may be regionally skewed as a result. Still, most apps are more likely to use your location than your computer’s region configuration when doing their thing.

There are other problems. In my tests, the ‘Hey, Cortana’ feature worked for a few days, then stopped responding. Disabling and re-enabling the feature didn’t help.

Cortana is a fun feature, and it’s likely that many of the current issues will be resolved in the near future. It’s worth looking at, and anyone with Windows 10 should probably try it, but it’s not something that should figure prominently in deciding whether to use Windows 10 at all.

Dark Mode Rant

What you see above is what I see after a few seconds of viewing a web site in ‘dark mode’.

Web sites are traditionally shown with dark text on a light background. Which is reminiscent of something… (checks notes)… that’s right, books! Why change something that’s worked fine for literally millennia? Apparently because a lot of people think light text on a dark background looks cool. And, to be fair, some people claim that using dark view is easier on their eyes.

So now we have a ton of web sites, apps, and other assorted crap showing up on our computer screens that is almost entirely illegible to a large proportion of the population (well, me for sure, and I’m guessing I’m not the only one).

When I look at white text on a dark background, after about five seconds, all the lines start to blur together (see image above), and I’m unable to continue. If I persist, I just end up with a headache. For the record, I’ve had my eyes checked, and aside from needing to update the prescription for my reading glasses, my eyes are fine.

Here are a few links to web sites that default to dark mode:

A request to web designers and developers: if you can’t resist making your web site dark mode by default, please, please at least provide some method for viewing it in light mode.

Some browsers have built-in features that allow viewing dark sites in light mode. But they’re inconsistent. Firefox has Reader View, which reformats a web page to show it like a book, with less clutter and — more importantly — dark text on a light background. Sadly, the Reader View button, which normally appears at the right end of the address bar, doesn’t always show up. That’s apparently because it’s only able to handle individual posts/articles, not other types of pages.

There are many Firefox plugins for showing web pages in dark mode, but initially I wasn’t able to find one that does the opposite. I had been struggling with a plugin called Dark Reader, which sort of worked, but only with a lot of fiddling, presumably because it was designed to do the opposite of what I want.

Recently, however, I discovered a Firefox plugin called Tranquility Reader. This one does exactly what I want, forcing page text to black and page background to white. So far, it’s worked perfectly on every page I’ve tried.

When installed in Firefox, Tranquility Reader adds an icon to Firefox’s toolbar. Click it once to view the current page as black text on a white background. Click it again to go back to the page’s default colour scheme. Simple!

If you ever find yourself struggling to read dark mode web pages, try Firefox with Tranquility Reader. It may save you from a headache or two.

Related:

Some VPN services should be avoided

People use VPNs (Virtual Private Networks) for lots of reasons, both legitimate and… less so. They are commonly required for remote access to workplace computers by employees. They are used by people who do their banking from public WiFi networks. They are used by people who can’t afford to pay for dozens of streaming and cable services and instead rely on still-considered-illegal downloads of copyrighted media. And some people use VPNs to get around ridiculous regional limitations on access to streaming media.

I myself fit into at least two of those general categories of VPN users. I won’t say which.

Because people want (and rightly feel they deserve) access to their culture, and because Big Media is willing to go after absolutely anyone who dares to defy their stranglehold on culture, savvy media consumers rely on VPNs to avoid costly (and absurd) lawsuits.

But sadly, some VPN services exist only to fleece gullible consumers. There are numerous ways in which a VPN provider can cause problems for its customers:

  • Faulty service can leave the customer’s activity exposed.
  • Logging customer activity, and being willing to provide those logs to Big Media’s law enforcement lackeys, essentially renders a VPN service pointless.
  • Requiring installation of software that is then used by the VPN provider to route other customer traffic through the customer’s computer is just a horrible idea.
  • Selling customer information to anyone who wants it.
  • Poor security can lead to customer data being exposed.

Recently, a group of VPN providers, all owned and operated by one company in Hong Kong, was discovered to be doing many of the problematic things listed above. Needless to say, all of these VPN providers should be avoided:

  • UFO VPN
  • FAST VPN
  • FREE VPN
  • SUPER VPN
  • Flash VPN
  • Secure VPN
  • Rabbit VPN

In general, VPN services should be carefully researched before using them. There are numerous VPN rating sites on the web, but many of them are maintained by the VPN providers themselves, and not to be trusted. TorrentFreak’s “Which VPN Providers Really Take Privacy Seriously” series is both trustworthy and comprehensive, and focuses on investigating the privacy claims of VPN providers.

There’s also a growing chorus of voices encouraging people to reconsider their reliance on VPN services for privacy, arguing that the way most of these services work provides little actual privacy for their customers. Techdirt has more along those lines.

There’s more on the welivesecurity site.

Brian Krebs recently investigated the extremely shady proxy service provider Microleaves (currently being rebranded as ‘Shifter.io’). This service uses a huge network of computers runing their software, often installed without the knowledge of their owners.