Realizing that yesterday was “Update Tuesday,” I opened up my update history on a production Windows 8.1 PC this morning, and found 40 (!) updates of varying shapes and sizes had been installed thereupon. You can read all about what hit yesterday in the MS Security Bulletin Summary for May 2015 if you like, but you’d best set aside at least half an hour to chew your way through its formidable contents. Suffice it to say here that you’ll find two critical items (MS15-043 and MS15-044) that could permit remote code execution, one that provides a cumulative security update for IE, the other that patches TrueType font driver related issues for Windows, .NET, MS Office, MS Lync, and Silverlight.
The big bulletins for May pose interesting vulnerabilities for IE and “TrueType fonts everywhere.”
Just for grins, I jumped over to my Windows 10 test machines and found a single common update from the herd of Windows 7/8 items had propagated over to the new desktop OS — namely, the usual monthly update to the Windows Malicious Software Removal Tool (KB890830). I’m not sure how many of the other updates released for earlier desktop OSes yesterday had already been applied to Windows 10, nor how many common elements may still be forthcoming. It seems fairly obvious, however, that ongoing streaming of updates instead of batching them up for monthly release will definitely lower the Wow! factor for those who have updates applied automatically when they log in the day after “Patch Tuesday” — err, rather, “Update Tuesday,” as Microsoft’s new nomenclature would have it.
The upcoming delivery of Windows Update for Business (see my May 6 blog post for details) means that enterprise admins will be able to permit some updates to propagate to end-users if they so choose, while holding back others for testing and safety/compatibility checks. My best guess is that enterprises will stick to their current approaches and toolsets, trusting to their own tried-and-true update handling techniques for some time to come, as they work with and try out WU4B to see if it does them any better than their own methods already do. The jury will be out on that question for some time to come, because it all hinges on large-scale, wholesale upgrades to Win10, which often don’t happen until 1-2 years after initial release to the general public. I’m wondering if Win10 will bring enough compelling new features to the party to accelerate things a bit, or if the impending retirement of Windows 7 and the lackluster response to Windows 8 might not prove a more telling impetus in the long run. We’ll see!
I’ve blogged repeatedly here about a great little free software tool called DriverStore Explorer (RAPR.EXE). In Windows environments all the way up to and including Windows 10, any drivers that have been loaded and installed on the current Windows OS (or prior OSes that have been upgraded) reside in a directory named %windir%\System32\DriverStore. As an experiment, I’ve been cleaning up that directory on one Windows 10 installation (on my Dell Venue 11 Pro 7130) and leaving that directory alone on another installation (on my i7-4770K homebrew desktop). Upon reading an observation from one Windows 10 beta tester over on the Windows 10 Forums this morning about a Windows install over 50 GB in size (!) I found myself wondering if DriverStore might not be playing a role in that burgeoning disk consumption.
So I decided to compare the size of those two directories on my cleaned-up versus untouched versions. On the untouched version the size of that folder is a whopping 26.1 GB; on the cleaned-up version, it consumes just 1.4 GB. Here’s what those folders look like in WinDirStat, just for a quick visual comparison:
Dell above, homebrew below: you can fit the smaller box into the bigger one more than 18 times!
(I reduced pixel count by 50% on both images to better fit most WordPress displays)
In case the moral of the story isn’t already clear, especially for those who want to run Windows on a smaller SSD or hard disk, you really can recover a lot of storage space by keeping your DriverStore cleaned up. If you need further proof, following a quick cleanup with RAPR on that directory, it consumed only 1.3 GB. I found over a dozen duplicate Nvidia drivers therein, but it was the 120-plus copies of the RealTek sound chip drivers that really sucked up the space, as the subsequent reclamation of 24.8 GB of disk space unequivocally illustrates. All I can say is “Zounds!”
In the wake of recent MS conferences like Build 2015 and Ignite, the pundits and prognosticators seem surprisingly unanimous with two short-term predictions. First, Windows 10 seems bound for general availability (GA release) by the end of July; and second, a new, improved and fanless Surface Pro 4 (SP4) model seems destined to hit markets at around the same time. Sean Cameron at WinBeta, Mary Jo Foley at ZDNet, and Brian P. Rubin at readwrite, among many others — including yours truly — have all recently opined about what it’s gonna take to turn the already formidable Surface Pro 3 into a market-leading monster upon its impending release.
What’s missing from the Surface Pro accessory collection is a plug-in keyboard with hinge like this one, to turn it into a clamshell PC.
I think I’ve got the answer (with which Sean Cameron concurs, as his afore-linked WinBeta story will attest): a clamshell style keyboard dock. The Type cover is fine, but I am continually frustrated by the kickstand with floppy keyboard whenever I try to work away from a desk or tabletop. Though MS delights in proclaiming the kickstand-plus-Type-cover as “lappable” ( or is that “lapable?”) I do not find the device to be such, nor terribly workable away from a hard, flat surface upon which to park it.
So far, I’ve owned two tablets that included clamshell keyboard plug-ins, both with added batteries to improve the runtime of the devices that plug into them. One, I got rid of — the Fujitsu Stylistic Q704 — primarily because its Haswell-era i7 processor produced enough heat to overwhelm the tiny unit’s built-in cooling capacity, and kept having to be throttled back to keep it from overheating. Its clamshell keyboard dock was great, if a bit heavy, and really made the unit much more useful (and thus also, likely to be used) over time. The other is my Dell Venue 11 Pro 7130, which includes a Broadwell M i5-4210Y CPU, and doesn’t need active cooling to operate. It too, has a nifty clamshell keyboard dock (which appears in the preceding photo), and I use it all the time both as a light-duty traveling machine and as a book reader/media player. Even with the keyboard attached, it’s light enough that I have recently traveled with a Lenovo T520 for work, an iPad to read on the plane with, and the Venue 11 Pro for personal use and entertainment, all in the same old beat-up but still serviceable Targus computer briefcase I’ve carried for over a decade now.
If MS doesn’t already have something like this in the pipeline, we won’t see such an accessory when the newest Surface Pro model ships in the next few months. But I sincerely hope MS decides to build something like this for the Surface Pro models, because it would make the difference between me watching my wife and son use the Surface as our household’s go-to mobile PC at home, and me turning that unit into my road machine and primary desktop replacement at home. Are you listening, Microsoft? I sure hope so…
One of the most interesting tidbits to emerge from the Ignite conference so far has been Microsoft’s announcement of its “Windows Update for Business” service. Terry Myerson himself, Microsoft’s EVP for Operating Systems, made this announcement — and offers an equivalent Blogging Windows post on the topic — which shows that the company really gets how important handling updates at the enterprise level truly is, and has put some serious thought into accommodating a very different set of needs and priorities when it comes to staging and deploying such updates in a business environment.
With Windows 10, MS will finally offer a different kind of Windows Update for business users, emphasis on enterprise-class deployments.
[Click image for full-size view, if the “fine print” is too challenging.]
What does Windows Update for Business involve? There’s a lot of hoopla in the announcement about matters related to protection, for devices, identity, applications, and information, but I’ll let the announcement handle those details. What I — and most enterprise IT organizations — care about even more is support for how updates get managed and deployed. Historically, the consumer-grade version of Windows Update has been totally at odds with business needs in that it’s endpoint driven, automatic, and more or less involuntary. In enterprise environments, the first concern about change management is to ensure that introducing change does not also introduce unwanted side effects, particularly those that might affect the proper operation of mission-critical line of business and custom applications. Perforce, there’s no way for MS to test against such things before unleashing updates on the world, so enterprise IT organizations have no choice but to test such things themselves, and only to permit updates that don’t create negative impacts to be deployed in their production environments. In addition, most enterprise IT organizations have only short intervals during which update deployment is scheduled to occur (usually on a monthly or quarterly basis) and they must be able to stage and deploy safe updates within the time windows available to them, or roll back problem or incomplete updates before the update time window closes, so as to leave their production environments in a stable, working state for employees, contractors, and partners to use when production work resumes immediately thereafter.
The MS announcement takes strong cognizance of these needs and the enterprise update situation. To that end, it includes the following capabilities:
1. Distribution rings: a means whereby IT can specify which devices go first in an update wave, and which devices will come later (this provides an opportunity to pilot new or changed elements to power users, developers, and the like, to enable issues to manifest and be solved, before rolling updates out to the entire world of production).
2. Maintenance windows: enables IT departments to establish the dates and times when updates may occur, and — more important — when they may not occur.
3. Peer-to-peer delivery: permits IT to deliver updates to branch offices and remote sites only once, after which they can fan out to individual nodes and devices at the edge of the network. This is essential to conserving bandwidth across private or high-cost WAN links from central, highly-connected corporate sites to the network edge.
4. Integration with existing tools: permits management tools and environments (e.g. System Center or Enterprise Mobility Suite) to continue to function as the “single pane of glass” through which to manage update deployment along with the myriad of other functions needed to care for and troubleshoot enterprise IT environments. I’m curious to see how well this will play in enterprises that use non-MS tools to perform such functions (where connectors may need to be built before full-scale integration is possible), though MS platforms already seem to be covered.
As somebody who’s witnessed a few holiday weekend exercises in update deployment, with a battery of experts on tap to escalate and shoot the inevitable trouble that often pops up as the time window expires, I’m delighted to see that Microsoft is getting with the program that has been in place in enterprise IT environments since the beginning. All I can say is “About time!” And again, it will be fascinating to see how the elements described above play out in actual high-volume deployments once Windows 10 has been deployed in sufficient numbers to make it suitable to put Windows Update for Business to work in the real world.
Like many other beta testers for Windows 10, I reported early on (around build 9879, if memory serves) that the deployment image servicing and management facility, better known as the DISM command, wouldn’t work without an explicit sources reference in the command line (see TechNet and MSDN for syntax and semantics info). I’ve been checking this capability with each new build since then, and hadn’t seen any progress until Build 10074 was released last week. Here’s a screen cap of the CMD (command prompt) window, with some visual proof for this assertion:
No more error messages when you run the default DISM with /Cleanup-Image and /RestoreHealth options!
For those not already using DISM, the tool is designed to replace the pkgmgr, PEImg, and IntlConfg tools retired with Windows 7. It provides a centralized console from which to create and manage Windows images, package them for deployment, maintain them with updates and added post-install executable elements, provide additional fonts and language support and, in the words of the infamous and notorious old Ronco ads: “Much, much more!” The particular command above is useful to restore the health of the currently running image on a Windows PC, and should be an early go-to in any Windows admin’s fix-it routines and procedures. That’s why it’s so welcome to see its defaults finally working as advertised or promised in Build 10074.
Whoa! Has it really only been two days since the last time I posted? It seems like a lot more time has gone by than that, but perhaps that’s because I’ve been pounding away at Win10 issues over most of the intervening days and hours. No sooner did I finally got my Dell Venue 11 Pro up and working with build 10061, than along came build 10074, and a new name for the current state of Windows 10, both in connection with this week’s Build 2015 conference held in San Francisco.
No more “Technical Preview,” Now it’s an “Insider Preview”
At the conference über-Windows guy Gabe Aul explained that “In fact, Insider feedback has become so valuable to our engineering process, we’ve decided to rename ‘Windows 10 Technical Preview’ to ‘Windows 10 Insider Preview.’ It’s the same OS as before” [I picked this gem up over at the Windows Ten Forums, where it appeared in a news item early on May 1, one day after Aul’s Blogging Windows post introduced the nomenclature update]. Here’s that headline, for your delectation:
Here is a new name straight from MS [click image to see full-size screencap].
From Build 10061 to Build 10074, and beyond!
So, just after getting the Dell Venue 11 Pro up and running on 10061, I found myself immediately upgrading to 10074. This one proved a great deal more interesting than the last upgrade for a whole slew of reasons, which I will now elaborate:
1. As usual the desktop upgraded smoothly and painlessly from old to new build, and the Dell once again hung after the initial shut-down that precedes the first restart once the new OS in place. Having now learned that a cold start will prevent this problem from pausing progress, this time I popped the battery out of the unit after the shut-down occurred, and was then able to boot right up into the “getting Store apps, setting a few things up, …” post-install clean-up during the finishing phases of the OS install. Having been through this 5 times in the past 10 days, I now believe there’s some issue with the start-up behavior of the Venue 11 Pro, possibly related to the BIOS or low-level boot blocks used in the earliest phases of start-up during or immediately after BIOS execution, that’s hanging during the restart that occurs during the installation process. The workaround of forcing a cold and complete shutdown, then a clean restart seems to fix whatever issue is causing the problem.
2. There’s no question that Windows 10 is getting bigger. For build 10061 I had 24.2 GB reported in the Windows.old holdings as available for post-install cleanup (you can clear these files in Disk Cleanup by selecting “System files” during its enumeration phase, or you can elect “delete old Windows installation” in Piriform’s CCleaner program: I am inclined to use the latter because it’s 3-4 faster to completion than the built-in utility). For build 10074, Windows.old was reported at 34.0 GB instead, an increase of almost 10 GB!
3. For the second time with any Windows 10 install, I found driver issues following the installation. It’s normal when performing a clean install of a new OS for the first time for there to be anywhere from a few to a couple of dozen device drivers in need of update or attention. But this is the first upgrade install of Windows 10 since the first build went out where I actually lost a half-dozen drivers following the upgrade (normally drivers are preserved from one build to the next, apparently unmolested during the upgrade process). On the Dell Venue 11 Pro, I found a handful of unknown devices in Device Manager following the install, which turned out to include these items:
- Intel Watchdog Timer
- Intel 82802 firmware flash hub (which turned out to be an Intel 28F320C3 Flash Update Device, when properly recognized)
- O2 Micro Integrated MMC SD card reader
- Intel Display Audio
- Intel Virtual Buttons
Fixing those missing items turned out to be the most interesting part of the “getting back to work” effort following the 10074 installation. DriverAgent helped me fix 3 of the 5 items reported as Unknown Devices, but I had to resort to old fashioned detective work to fix the other two. In each case I used the “Hardware Ids” string from the Details pane in the Properties window to search for the device that needed a driver. In both cases, the search was pretty straightforward, and I was able to find the necessary software to bring those devices out of terra incognita and endow them with current, working drivers. Very interesting!
So far, I like Build 10074 better than 10061. It is more stable, offers more interesting graphics and layout, permits running 32-bit applications from the start menu without workarounds, and generally seems pretty well-behaved. I’ve even been able to make new system image backups and system refresh images for both the desktop and the Dell Venue 11 Pro without incident. If I should accidentally trash something, as my experimenting sometimes causes, I’m pretty sure I can get back to a known, good working state on either machine pretty quickly. In the wonderful but whacky world of Windows beta OS work, it doesn’t get any better than that!
Just for grins, I decided to re-try the Windows Update download for Windows 10 Build 10061 on my Dell Venue 11 Pro 7130 yesterday afternoon. The last two times I’d tried, I’d not sat in front of the machine while the upgrade was underway, and each time it failed upon attempting to reboot after the initial installation got to its first restart en route to a complete installation. This time, I sat in front of the machine the whole time. Sure enough, although it failed again, this time I decided to shut down the machine completely, and then to do a completely cold reboot. For some reason or another, this worked: when I restarted the machine after the shutdown, the installation kept going and completed successfully. Go figure!
Here’s a bit of visual proof that I’ve gotten 10061 to run on the Dell VP11 Pro 7130. [Click image to see full-size original]
I wish I’d thought to try this earlier on in the process. As it was I left this machine idle for 3 or 4 days before I had time to attempt another installation of 10061. In the wake of that successful install, here’s what I’ve observed about Windows 10 Build 10061 on that machine:
1. As reported in the release notes from MS, indeed one cannot run 32-bit executables from the Start menu. But you can navigate into the Program Files (x86) directory manually to get to most of them (I still find some in Program Files), or use the search function to access them directly, so it’s no big deal.
2. Amusingly, the wastebasket icon for Recycle Bin is now squared-off rather than round, as it has been since time immemorial for as long as it’s been visible on the desktop.
3. As soon as I upgraded to the latest build, I attached an external USB3 drive caddy with a 1.5 TB Samsung SpinPoint drive, to make an image backup and a refresh image using RecImgMgr. I couldn’t help but notice the dinging and donging sounds that announce that as soon as the VP11 goes to sleep it drops the USB3 device, and remounts it again shortly after awaking. I’m not sure if this is a bug or a feature, but I imagine MS will want to do or say something about this depending on which side of the either/or divide it falls.
4. Despite other reports that the Spartan browser isn’t visible on the toolbar in Build 10061, it’s showing up quite visibly on both of my test machines running that build. It seems to work noticeably faster than IE11, too.
5. I was amused to have Secunia PSI inform me that the built-in Flash Player for IE was out-of-date before MS actually issued the patched version via Windows Update. Yesterday AM, PSI let me know it was obsolete; yesterday PM, MS released the update (KB3049508) that provided the latest version (version 126.96.36.199).
6. There are still some minor issues with the built-in Synaptics touchpad on the VP11 Pro: remote control handles the desktop flawlessly, but working directly on the machine, mouse clicks through the touchpad work only about two-thirds of the time (I’ll often use my finger on the touch screen rather than fight with the touchpad, so it’s more irritating than serious, but I hope Synaptics and MS get together on some driver fixes before the RMT hits in June).
In general, things seem to be working pretty well with this build, especially considering that it remains available only to Fast Ring installers at this point. The Build conference, now underway in San Francisco, is expected to include the release of a new build at some point over the next few days, and could include a new set of items for both fast and slow ring installers. Updates are expected to keep coming beyond RTM, in fact, all the way through GA, so life in the Windows 10 world should stay interesting right up until things freeze for final release.
Although Microsoft has itself described its upcoming plans to provide a no-cost copy of Windows 10 to Windows 7, Windows 8.1 and Windows Phone 8.1 devices to those who move up in the first year after its release as a Free Upgrade Offer, the company describes this plan as a “marketing and promotional activity” in its latest 10-Q filing with the Securities and Exchange Commission (SEC). Why is this difference in reporting to SEC versus how plans are described to the public important? In a word: Money.
The actual text is too big to turn into a compact screen cap, so I just grabbed some salient language.
The language in the 10-Q filing reads somewhat differently, and for a very good reason. If the company calls it a free upgrade, MS must defer some of the earnings on the current version of Windows (8.1) to defray the costs of the new release. If it’s a “marketing and promotional activity” MS is entitled to allow revenue from “new sales of Windows 8 … to be recognized as delivered” (see section entitled “Application of Critical Accounting Policies” in the 10-Q Filing Document).
While this may sound like mere accounting gobbledygook, there’s some serious money involved. ComputerWorld explains the potential costs in a story on the filing as follows:
The last time Microsoft offered a discounted upgrade to customers was prior to the launch of Windows 8. During an eight-month stretch from early June 2012 to the end of January 2013, people who purchased a new PC pre-loaded with Windows 7 were eligible for a $15 upgrade to Windows 8 Pro.
Microsoft deferred just under $1.1 billion in revenue for that upgrade program over a three-quarter stretch, then recorded that money as income during the first quarter of 2013.
I take this to mean that a one-year stretch for the deferral costs of the upgrade to Windows 10 would have to be at least $1.46B, if not higher, because the time period is longer and the number of potential upgraders higher (Windows 7 and Windows 8.1 users, plus Windows 8.1 Phone users, are all covered, whereas the earlier upgrade applied only to those who bought new PCs during the 8-month period of coverage for the $15 offer). Approximately $1.5B and potentially much more is not chump change, and with Windows revenues already trending down because of lower OEM licensing rates, and with no consumer upgrades likely to occur (except for serious procrastinators), this will probably result in even lower revenues for Windows OSes once Windows 10 hits General Availability. I think CW is right to interpret this move on Microsoft’s point as an attempt to head off downward pressure on the stock.
All this does raise an interesting question, though: How will MS and its stock fare when one of its revenue mainstays — namely, Windows OS monies from consumer license purchases and upgrades — takes a one year vacation? We’ll be finding that out later this year.
If something happens once, it’s impossible to tell if it’s an anomaly or an expected behavior. Let it happen even one more time though, and a suspicion of pattern or predictability can’t help but rear its head. When I installed the last “fast ring” (10049) build on my two test machines, here’s what happened:
1. The Windows Update based install worked like a charm on my desktop test PC (i7 4770K, MSI Z87-G45 mobo, 32 GB RAM, GTX 760 video) and worked itself through its paces without even requiring any input from me (except to restart the PC when I noticed the upgrade had been applied). Aside from a few minor glitches (repair install on 8GadgetPack to restore gadgets to life, reset network from Public to Private) there were no major clean-ups required.
2. It was a different story on the Dell Venue 11 Pro 7130 (i5 Broadwell M, Intel HD 5000 graphics, 8 GB RAM): after the initial install phase completed and the automatic reboot was instigated, the PC refused to reboot into any version of Windows (either the predecessor build, or the latest one). Ultimately, I had to perform a clean install from the ISO of the installer files when they became available about a week after the fast ring release, when its slow ring counterpart finally became available.
Build 10061 popped up on 4/22 via Windows Update for Fast Ring subscribers.
Guess what? My experience in updating to Build 10061 turned out exactly the same. This time, however, I rebooted the Dell from a recovery UFD and restored the most recent system image for the preceding build, figuring I’d otherwise have to wait a week to bring the tablet back into operation. Obviously, there’s some kind of low-level issue with the Venue 11 Pro and using Windows Update for an OS upgrade. I’ve not yet been able to figure out what’s going south during the process, but at least it’s fixable with enough time and elbow grease, along with the right bootable media and a workable repair strategy.
Otherwise, Build 10061 seems to extend a bit of new functionality, while smoothing off some sharp edges from earlier releases. The visual differences between Tablet and Desktop modes are better elaborated (for example, more space between notification icons in tablet mode makes them easier to poke with a finger) and more thought out. Application switching works nicely in tablet mode now with a “swipe-from-the-right” gesture showing all open windows in tiled fashion, where any windows is easy to select with a single touch (about as convenient as the old Alt-Tab clickthrough method on the desktop). Notifications has had a fairly complete rework, both visually and in terms of layout, and is looking and acting a lot more like it’s ready for prime time than in earlier releases. New apps making their debut include Outlook Mail and Calendar, while recent introductions such as Project Spartan and Music and Video have been spruced up (though the media items are unable to download content until a fix is released — which may explain why 10061 remains a “Fast Ring” item at the moment).
I’d predicted another build in my last blog post, but was still surprised to see it show up later on the very day I proffered that prediction. I’m expecting at least two more incremental Windows 10 builds to pop up before a locked-down version makes its way to the OEMs in late May or early June. That should make the next 4-6 weeks very interesting for us beta testers!
Last week, my wife told me the Internet was running slowly, so of course I checked the Ookla Speed Test page to see what was what. When speeds in the usual range manifested, I assumed the problem was a hiccup and nothing more. I was wrong, but it took me quite some time to figure out why. As it turns out, we tend to visit the same sites repeatedly at my house, and do very little serious random surfing. This matters for an interesting reason, but more on that shortly…
Yesterday morning I attempted to remote to one of my Windows 10 test units, and was mildly miffed to see it wasn’t working. Wanting to grab a screen shot of the Insider Hub, I simply attempted to connect to the other test unit, only to fail yet again. I checked the Remote Settings in the System widget in Control Panel, and found no problems. I check homegroup status, and quickly realized there were also issues there. Then I tried to connect via the usual IP address for one of my test units, and it failed, too. Very interesting!
My next step was to sit down at that same test unit, fire up the command line, and run the ipconfig command. Lo and behold, instead of a private IP address in the 192.168.0 Class C range, I saw a 169.254.0.x address instead. This is a special IP address on Windows machines that comes from its Automatic Private IP Addressing (APIPA) capability. Such addresses only appear on a Windows machine when it can’t find a DHCP server at boot-up. This clued me into an issue with my Time Warner boundary device where not only was DHCP not functioning as it should have been, but also where the Domain Name Servers to which the DHCP Server points were also not available (or only intermittently available, because name resolution would occasionally happen on devices with still-working IP addresses, but only very slooooooowly).
Before the TW folks reset their back end server settings, the old DNS server addresses were on a 70.x.x.x Class A network.
I tried resetting my Arris device, and it helped with DHCP (my wireless nodes now had legit LAN addresses) but it still didn’t resolve the DNS problem. A quick phone call to Time Warner led to a call back from their third-level support desk, which informed me that they had changed the addresses for the domain servers on their backbone, but it hadn’t propagated successfully to the broadcast domain for the local cable segment for my neighborhood for whatever reason. After they made sure those values were correct, and another reset to the Arris box, all was copascetic once again.
I concluded my adventures by apologizing to my wife for not properly researching her Internet problem last Friday. Had I done so then, I could not only have taken care of her issues right away, I would also have saved myself the time needed to diagnose yesterday’s strange case of the malfunctioning remote access that helped me find the problem by guess and by gosh. Live and learn, eh?