Earlier this month, I sold the Fujitsu Q704 Stylistic tablet PC that I purchased last January, having learned as much from it as I could, and having also decided it didn’t present enough performance and stability for the costs involved in acquiring and maintaining that platform. Early last week, I ordered a Surface Pro 3 (i7-4650U CPU, 8 GB RAM, HD Graphics 5000, 256 GB SSD) to replace that unit, so as to give me a Windows tablet to play and work with. It arrived on Friday afternoon, about the same time my son came home from school. I was in the middle of upgrading my production PC, so the last thing I wanted to do was to unbox and set up another new PC. “That’s OK, Dad,” said Gregory, “I’ll do it.” And do it he did, all by himself (with a little help logging into my Microsoft Account) to the point where he used the system to do his homework this weekend.
The latest addition to our computing stable is already a huge hit with the younger generation.
I stayed busy through the weekend working on my production PC (which I’m writing this blog post on right now), applying updates, catching up drivers, installing MS Office and a bunch of other applications. I also decided to consolidate 4 of my older and smaller 3.5″ hard disks (ranging in size from 750 GB to 1.5 TB) onto my remaining spare Toshiba 3 TB SATA3 3.5″ HD, which supported data throughput over 100 MB/sec in its USB3 drive caddy for really big files (and probably averaged about half that overall during the entire drive copy marathon session involved).
An interesting and terrifying dilemma emerged on Sunday morning, as I was continuing my setup marathon. Suddenly, for no reason I could discern, I found myself unable to use my keyboard on any of the machines I was logged into with the shared Microsoft account I typically use. When my son “accidentally” reset the desktop theme on the Surface to High Contrast, and the same theme immediately popped up on my production PC’s screen and that of my traveling Lenovo laptop, I realized that something about the account settings made on the Surface was preventing my other machines from using their keyboards. A little poking around on the notification area showed me that my son had enabled Sticky Keys and Filter Keys on the Surface to improve use of the Type cover on that machine. Unfortunately, those settings also turned off the keyboard on the other Windows systems that shared those settings. Though it took me over half and hour to get to the bottom of the situation and find a fix (turn off both of them completely), once properly diagnosed it was relatively easy to work around. Of course, because I didn’t immediately understand what was going on, I first tried multiple keyboards on my production desktop without success. It was only when I turned to the Lenovo and found its keyboard out of commission as well, even though the keyboard drivers reported those peripherals as present and working, then saw the sudden change of desktop them across all systems, that I figured out the shared account settings must be involved.
This is a level of synchronization that I hadn’t encountered as a problem before. I’ll use this experience to warn admins to tell their users that they should be careful with account settings, particularly when they run the same Microsoft account across multiple machines. That also raises the interesting query of how all this will play out when people start running the same account on their smartphones as well as on conventional PCs.
Next month HP is expected to reveal a new PC product line up aimed at the commercial market, a little over a month after it split the company in two.
But questions still remain as to whether the move will succeed in getting itself on track with its hardware business and address the gaping holes in its mobile strategy with Hewlett-Packard Enterprise.
Longtime high-tech industry observers wondered why it took HP so long to do the split.
“It was overdue,” said Rob Enderle, principal analyst for the Enderle Group, based in San Jose, Calif. “The two halves of the company have been pretty separate for some time.” As separated partners, both companies should become more agile, he said.
It’s a model that companies like IBM started to follow a while ago. For example, IBM sold off its hardware business to Lenovo, allowing them to focus solely on the enterprise with its software and services business. IBM also aligned itself with Apple with a far reaching enterprise alliance to benefit both companies.
But on the flip side, there’s a danger in splitting the company in two. There’s nothing so far that says HP Enterprise is required to sell HP Inc.’s hardware when they sell to customers.
Indeed, what’s to stop HP Enterprise from selling a Lenovo or Dell PC for that matter?
“In this model, it’s unclear how [the two entities] will work together,” said Tim Bajarin, a long-time industry analyst and founder of Creative Strategies Inc., based in San Jose, Calif. “Does the enterprise group support a 2000 PC sale? Will the PC business be able to innovate on their own? Where does HP Labs fit in all of this? While I understand the reasoning and the goals there’s too many outstanding questions that makes it hard to determine whether it will be successful.”
What’s the mobile story?
While the industry contemplates HP’s, it seems like the company is beginning to fill in the gaps of a cohesive mobile strategy. With new 2-in-1s coming down the pike and a recent partnership with VMware, HP could be on track for the future.
In fact, the HP-VMware deal is a strategic move that could plug the hole from the lack of an enterprise mobile management platform strategy. But, the partnership may be confusing too.
“It’s a good offering and reflective of where the companies need to go [for] management services,” says Bob O’Donnell, chief analyst and founder of TECHnalysis Research LLC, FosterCity, Calif. “[However] If I’m from HP Inc. … part of what I want to offer is the software and services. If [I was a customer] and wanted services I could go straight to VMware whereas [before] I was going to HP because I wanted the hardware piece and services to be bundled along with it.”
Other analysts agree.
This is a good example of large organizations selling anything they can get their hands on, says Chris Hazelton, research director, enterprise mobility, for 451 Research, in Boston. Before, HP didn’t list enterprise mobility management as part of its mobile offering, which was a mistake, he adds.
For its part, Hazelton calls the deal between HP and VMware a big win for VMware and Airwatch.
“The idea is to create a one-stop shop for mobility and that’s what these system integrators, app developers and ERP vendors are jumping on this door opener to the mobile enterprise,” he says. “One manages mobile devices, another manages the user data and together [they] start building the ecosystem for apps and services. That’s where HP is going to provide value.”
And with that, here’s hoping HP’s new strategy and its new commercial PC offerings is enough to begin plugging in the gaps.
Right now, you can buy an el-cheapo HP Windows laptop for $200. It’s designed to compete with Chromebooks, while offering a more familiar (and complete) computing experience — at least, in the minds of some — than the “other platform” can provide. Curious as to what’s inside the New HP Stream 11 (official product name: HP Stream – 11 – d010nr Laptop) after reading about it on Paul Thurrot’s SuperSite for Windows, I wandered over to HP’s specs page to learn more about what makes this device tick.
Thurrott loves the look of the new HP Stream 11; I see it as just another 11″ notebook, albeit a very inexpensive one.
Here’s what HP provides buyers for their $200 bucks. It’s not overwhelming, and to me it’s very reminiscent of what those of us who decided to give netbooks a try about 5 years ago were likely to encounter, updated to reflect more modern OSes and mobile device components:
|HP Stream 11 Specifications|
|Processor||2.16 GHz dual-core Intel Celeron N284|
|Operating System||Windows 8.1 x63 with Bing|
|Graphics||Intel HD Graphics|
|Display||11.6″ WLED-backlit 1366×768|
|Memory||2GB 1333 MHz DDR3 SDRAM|
|Hard disk||32 GB eMMC|
|Wireless||802.11 b/g/n, BT 4.0|
|Power Supply||45W AC adapter|
|Battery||3-cell, 37 Wh Li-polymer|
|Ports||USB3x1, USB2x1, HDMI, audio|
|Expansion slots||SD card reader|
|Energy Efficiency||Energy Star qualified; EPEAT Silver|
|Webcam||HP TrueVision Webcam with digital mike|
|Pointing device||HP ImagePad with multi-touch gesture|
|Keyboaerd||97% size island-style|
|Weight||2.74 lbs (1.24 kg)|
|Software Included||See specs page: bottom row of table|
The secrets to the low price come primarily from four elements. First, the Windows 8.1 with Bing option involves no MS license costs to HP, and brings the price down by $50-80 right there. Second, the Celeron processor is a no-frills workhorse that provides basic functionality sans bells and whistles, and in large lots, can’t cost more than $20 apiece. 2 GB of memory isn’t the absolute minimum, but it’s a workable amount; in large quantities, such SO-DIMMs probably cost $10. The real secrets to the low cost of the device are the slow but cheap eMMC storage device (“eMMC” stands for embedded MultiMediaCard, which is essentially the same kind of flash chips and controller found in an SD card or a low-end UFD, with low speeds to match; less than $25 in large quantities) and the all-plastic clamshell enclosure for the laptop itself. The device is a close match for many Chromebooks in components and by no coincidence whatsoever, also in cost.
Now, it remains to be seen if there’s an appetite for such devices. I’m planning on buying one for my son’s 5th grade class at school. His fourth-grade teacher loved the Chromebook I gave her for that class to use. Now, we’ll see if a workable Windows analog gets the same reception.
Last Friday, two interesting and complementary blog posts appeared, each with its own discussion of security in the latest Windows 10 Technical Preview version. The first comes from Microsoft itself, in a post by Jim Alkove for the Windows for Your Business blog, entitled “Windows 10: Security and Identity Protection for the Modern World.” The second occupies a significant portion of Paul Thurrott’s mind-bending Windows SuperSite article entitled “Windows 10 is the Most Audacious Release in the History of the Platform.” This is pretty strong stuff, and will take a little time to work your way through. Hopefully, the summary that follows will give readers the impetus to do just that.
It is too facile to say that Windows 10 locks things up from a security perspective, though it certainly adds and extends protection at many levels.
Source: Shutterstock 210211225.
The MS blog post raises the following issues:
- Windows 10 is intended to “move the world away from the use of single factor authentication options, like passwords.” Once mobile devices are enrolled, they become one of two factors required for authentication, where the second factor could be a PIN or a biometric (e.g. a fingerprint). This lets a user’s smartphone vouch for his PC and requires attackers to compromise two devices to mount a successful attack. MS describes this functionality as allowing a mobile device to “…behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.” It works with existing PKI infrastructures, and with Active Directory, Azure Active Directory, and Microsoft Accounts. MS is also taking steps to protect user access tokens created upon authentication from attack by storing them in a secure Hyper-V based container.
- Windows 10 will build “robust data loss prevention right into the platform itself.” This involves use of strong encryption technologies from BitLocker, Azure Rights Management, and Information Rights Management in MS Office, but adds DLP technology “that separates corporate and personal data and helps protect it using containment…” so that there’s “… no need for … users to switch modes, or apps, in order to protect corporate data, which means that users can help keep data safe without changing their behavior” (emphasis mine). This applies equally to mobile devices running Windows Phone and to other devices (also possibly mobile) running Windows. VPN control options for remote access are also extended and improved, including “app-allow and app-deny lists” as well as controls aimed at “specific ports or IP addresses.”
- “When it comes to online threats, such as malware, we’ll have a range of options to help enterprises protect against common causes of malware infection on PCs.” This includes options for device lock down, mechanisms to allow users to install only trusted apps (though MS provided signing services) that covers “anything that can run on the Windows desktop” for both mobile and desktop devices and PCs.
Thurrott follows up with his own salute to security improvements, including:
- Use of Azure Active Directory (AAD) instead of Microsoft Accounts (MSAs), which “enables corporations to federate their on-prem Active Directory with AAD and continue using the Universal apps platform and other features that required an MSA in a way that respects their internal policies” (emphasis mine).
- Integrate multi-factor authentication more deeply into the platform (ties into the use of mobile devices as what Thurrott labels as “virtual smart cart technology” through use of mobile devices as explained above).
- Information protection is another way of describing data loss prevention (DLP), which Thurrott views as an “evolution of the rights management technologies Micrsofot has been working on for over a decade…”
- Secure remote access, which Thurrott explains as an “evolution of the managed VPN technologies that debuted in Windows 8.1 and Windows Phone 8.1” which he sees as “extend to individual desktops and Universal apps (per-app VPN) and managed via MDM” (Microsoft Device Management) and made “available to all third-party VPN providers.”
The MS post conveys all the key points, but Thurrott is better at estimating their impact on enterprises and organizations that will deploy the new OS sooner or later (probably later, if history is any guide, though these new features may actually provide a real impetus for businesses to speed things up, somewhat). Good stuff!
PCs are not dead and neither is Microsoft.
The company proved the skeptics wrong and posted strong revenue for its fiscal year first quarter 2015 earnings. Microsoft posted $23.2 billion in revenue, up 25% compared with the same period last year. However, net income was down $4.5 billion, compared with $5.2 billion a year ago.
While Microsoft’s fortunes are tied to a variety of technologies from PCs, servers, tablets, and Windows to Office 365 and cloud services, its transition to a mobile and cloud-first company is clearly making headway.
Indeed, Microsoft is actually making money from its hardware and posted nearly $11 billion in revenue in its Devices & Consumer group. Not only is the Xbox console doing well, even Surface is making a comeback. This quarter Surface posted $908 million in revenue, much of it driven by sales from the Surface Pro 3. That’s a big turnaround considering Microsoft had to take a $900 million inventory write-off for Surface RT during its fourth fiscal quarter of 2013, causing the company to miss Wall Street’s expectations.
On Windows Phone, Microsoft only enjoyed “modest gains,” said CEO Satya Nadella during the earnings call. Those gains took place in Europe where Microsoft captured some market share due to low-cost phones.
It’s clear Microsoft has a lot of work to do against the smart phone leaders. The company hopes its Windows ecosystem of universal apps will drive sales but what matters is how Microsoft executes its strategy. The company must convince device owners to make the switch away from Apple iOS and Google Android. Today, it’s all about the apps. Good luck, Microsoft. That’s no small feat.
What will be interesting is whether enterprises make the shift towards PC refreshes once Windows 10 ships next year.
Both Microsoft and its OEM partners enjoyed some growth during fiscal 2014 due to businesses refreshing their PCs with the end of support for Windows XP in April 2014. But now, there’s little incentive for IT pros to go through another PC refresh, especially if the upgrade cycle occurred within the last two years.
PC growth will continue and the overall worldwide decline in shipments is not as high as before according to recent market data from IDC. PCs are not getting cannibalized by the tablet market as much as before and the growth of well-designed notebook PCs and Chromebooks all factor in to a more stable market. IDC forecasts PCs to decrease 3.7% in worldwide shipments for 2014, which is less than was previously forecasted with a decline of 6%.
Nadella said he expects the enterprise to go back to its normal PC business refresh rate in 2015. I suspect, though, that despite early positive feedback for Windows 10, it won’t motivate businesses enough to upgrade their employee’s PC as most likely they’ll be able to run the new OS on a “fairly new” PC. By that I mean one that was bought or leased only within the past two years.
Where Windows OEM Pro licensing reflects the PC market forces, overall Windows volume licensing did grow by 10%. However, it’s going to be a tough battle for Microsoft now that they’re offering Windows licenses for free for phones and tablets below 9 inches. That’s lost revenue, which they think will be offset by the emerging low-cost $199 Windows PCs the industry will see unveiled this fall and winter.
For IT pros wondering whether they should move their organization’s on-premises Office productivity suite to the cloud, more companies seem to be doing so as sales of on-premises Office are getting cannibalized by Office 365.
With Office, one-third of the renewals include Office 365, according to Amy Hood, Microsoft chief financial officer. “We are seeing a mix shift from on-premises to the cloud, from transactional purchasing to annuity, and from standard to premium versions,” Hood said.
Let’s say you’ve been meaning to install Windows 10 on a test machine, but you haven’t gotten around to that just yet. Because MS has already released another version of the Windows 10 Preview, this might mean you’d have to download and install the original build (9841), then do likewise for the latest version (Build 9860) to play catch-up. “Wouldn’t it be easier,” I can hear many readers grumble, “if MS just provided a new ISO file so that those just getting started with Windows 10 could just install 9860 in one fell swoop?” Alas, that’s not what MS provides, but there is a way to get there from what is available, thanks to Chris Holmes, an automotive electrician from NYC who dabbles pretty seriously with Windows stuff as an avocation (and thanks also to Sergey Tkachenko of WinAero.com for alerting me to this possibility by posting a nicely illustrated blog about an ESD Decrypter tool and how to put it to work).
Holmes has actually blogged on this topic himself in a post called “Make an ISO for Windows 10 9860,” wherein he describes how to take the ESD file from the 9860 Win10 update and convert it into an ISO for direct installation. ESD stands for electronic software download, and for Windows updates, it refers to an encrypted and heavily compressed Windows Imaging Format, or .wim, file. This file is part of the download for the 9860 update: it’s named install.esd and it resides in C:\$Windows.~BT\Sources while the download and install process is underway.
Once you’ve downloaded and installed the ESD Decrypter tool, you can use it to create what the program calls a “traditional Windows ISO” from the install.esd file you’ve obtained and stashed in a directory of your choosing. You can either shell out of the download and install runtime environment on a Windows PC while the install gets underway and save a copy of install.esd, or you can grab the x64 or x86 versions of that file directly online (thanks to links from Tkachenko’s blog post on the subject). Either way, you’ll run the decrypt.cmd file from an administrative command prompt windows, and type the number 4 at the command prompt input line to build a traditional ISO image. From there, you can use Rufus to construct a bootable UFD installer for the latest Windows 10 build, and be off and running with the latest version without first having to install Build 9841 and immediately upgrade it to Build 9860. I like it, and you probably will, too! In fact, this is a nice addition to my overall Windows image management toolkit.
In the last week’s technology news, I’ve been struck by the recent confluence of several business and technology factors that either promise or threaten — I can’t yet really decide which — to remake the world of personal computing as it’s currently understood by those who come at it from the Windows direction. Certainly, it’s already clear that for the bulk of the world’s low-end consumption of processing power, the advent of low-cost high-function smartphones and tablets primarily based on Android has broadened the total user population enormously. Microsoft is by no means oblivious to this trend, and has been casting about (along with technology partners such as Intel) to find a counter to the otherwise inevitable loss of its market position to Google and the hordes of budget device designers and fabricators driving the Android phenomenon relentlessly forward.
The HDMI stick is the same size as a typical USB flash drive; plug it into a suitably-equipped TV, add keyboard and mouse, and you’ve got a PC at your disposal.
Here are some examples of what I’ve been seeing that lead me to believe that the Windows team may be closing in on some interesting and possibly effective low-budget counter-thrusts:
In this story at Neowin, a $200 Windows 8.1 PC that’s small enough to fit into a pocket is depicted and discussed: “ZOTAC unveils the ZBOX PI320, a $200 Windows 8.1 PC the size of a chunky smartphone” (10/21/2014; Quad-core Intel Bay Trail Z3735F CPU, 2 GB RAM, 32 GB Flash SSD, 3xUSB3 ports, full-size HDMI, microSD, Ethernet GbE, 802.11n Wi-Fi, Bluetooth 4.o).
Sean Portnoy at ZDnet profiles an E Fun Nextbook in a story entitled “$179 10-inch Windows 8.1 tablet coming to Walmart,” (10/21/2014; Quad-core Intel Bay Trail Z3735G CPU, 1 GB RAM, 32 GB Flash SSD, 1xmicroUSB2, mini-HDMI, microSD, 10.1″ 1280×800 IPS touch screen, attachable POGO keyboard base, 802.11n Wi-Fi, Bluetooth 4.o, one year free Office 365 subscription with 1 TB OneDrive cloud storage and 60 free Skype world minutes monthly).
Shreyas Gandhe writes about a $125 UFD form-factor PC in another Neowin story entitled “Intel Bay Trail-based HDMI stick capable of running Windows 8.1 goes on sale” which recounts an Alibaba affiliate selling a complete HDMI dongle-based PC for $110 (the extra $15 covers shipping world-wide; 10/19/2014; no OS included or pre-installed; Quad-core Intel Bay Trail Z3735 F or G, 2 GB RAM, 16 or 32 GB Flash SSD, 2xmicroUSB2, micro HDMI, microSD, 802.11n Wi-Fi, Bluetooth 4.0). Here’s the link to the English-language product page at Aliexpress for “Merry He’s store” in mainland China.
In all three cases, users gain access to usable computing for $200 or less, in form factors that range from a mid-sized tablet with clamshell keyboard (E Fun Nextbook), to a sub-NUC supercompact PC (ZBOX PI320), to an HDMI plug-in PC ready to add to just about any modern TV set to turn it into a fairly full-featured PC that can run either Windows (all models) or Linux (HDMI stick). These devices put reasonable computing power into just about anybody’s hands in an affordable and compact vehicle, where a TV set can act as a first (or second) monitor. A modest outlay for peripherals (keyboard and mouse) turns these offerings into usable desktops, even.
What we see here, I think, is a real riposte at the emerging dominance of Android based smartphones and tablets, at the same price points as those “other” devices already deliver. It remains to be seen whether the low-end buyers at which these offering are aimed will “get” that PC capability buys them more than what Android devices deliver, or it they will even care. I do think this latest wave of low-cost Bay Trail devices has a chance to retilt current buying trends in the global marketplace, but only time will tell if that chance will turn the tide or not.
In working with the Windows 10 Technical Preview, and reading others’ reviews of that environment, I’ve been forcibly struck by the major improvements and additions to the venerable old command line prompt environment, accessed in Windows versions through cmd.exe since time immemorial. The key to exploring this facility’s new features and capabilities lies in the Experimental tab in the tool’s Properties window as shown here:
Check all available checkboxes after enabling experimental features (top checkbox) to explore the full range of added features.
There’s a nice blog post in the Building Apps for Windows blog dated 10/7/2014 from Rich Eizenhoefer that explains all these features. It’s entitled “Console Improvements in the Windows 10 Technical Preview” and it’s very much worth a read-through. The checkbox items in the preceding screen cap do tell most of that story, for those who know how to read between the lines, but here’s a quick recap to help make things clearer for those who may not immediately grok all the potential implications involved (verbatim text from the screen cap is bolded to make it stand out from the rest of the following information):
- Enable experimental console features (applies globally): turns on the new cmd.exe features for all users, and also applies to the PowerShell environment, too.
- Enable line wrapping selection: You can turn line wrapping on or off inside the Command Prompt window at will (but it’s necessary for it to be turned on to support the “Wrap text output on resize” item below).
- Filter clipboard contents on paste: TAB characters are removed when pasting, and smart quotes get converted to dumb quotes likewise.
- Wrap text output on resize: In keeping with the newly-added ability to arbitrarily resize the Command Prompt window using standard controls (mouse to stretch horizontally, vertically, or diagonally), the window can also wrap text automatically to fit the current window size.
- Enable new Ctrl key shortcuts: There are lots of Ctrl key shortcuts for navigating and selecting text in Windows applications. For those familiar with these shortcuts they now work in the Command Prompt window; those unfamiliar with them will find all of them nicely documented in the aforelinked Building Apps for Windows blog post that precedes this bulleted list.
- Extended edit keys: No more need to right-click the Command Prompt title bar to cut-n-paste text using pop-up menu selections. You can now cut and paste text inside the Command Prompt window using Ctrl-C (cut) and Ctrl-V (paste) keys, and the mouse cursor to select text without opening or navigating any menus at all. Hooray! For the complete set of editing key options available, check the blog post again.
- Trim leading zeros on selection: When numbers include leading zeros, these will be removed from the paste buffer by default when using cut-n-paste operations in the Command Prompt window. If you need to retain leading zeros for some purposes or specific applications, be prepared to toggle this on and off as needed.
- Opacity controls can be set between 30% and 100%; lower values allow you to see into the window behind the open Command Prompt window, which may be helpful in some situations. When it comes to this setting, YMMV clearly prevails.
There are a few other new features not explicitly called out in this window that are nonetheless worthy of mention:
- High-res display support: The Command Prompt window supports selection of TrueType fonts via the Fonts tab, where that facility automatically scales fonts to an appropriate size based on monitor size and pixel resolution. For high-res displays, especially those at 2K or larger, this makes Command Prompt text much easier to read (or even see, for those approaching geezerhood, like yours truly).
- PowerShell support: Everything that goes for the Command Prompt window in Windows 10 also goes for PowerShell, too. Among other nice benefits, this enables easy back-n-forth action between both environments with consistent features across the board for cut-n-paste, window resizing, high-resolution readability, and transparent windows. Hooray again!
This is good stuff, and worth getting to know, especially for admins who tend to spend more time on the command line than do most ordinary Windows users.
On October 15, the Microsoft Open Technologies initiative announced that it plans to “deliver new container technologies in the upcoming wave of Windows Server releases.” At the same time, the company also announced a partnership with Docker Inc. that is intended to add Windows Server support to existing Docker tools, where the Open Tech group will contribute software to the Open Source Docker Client to “support the provisioning of multi-container Docker applications [running] on Azure.” Here’s the image that MS used to depict what’s on its way in the next version of Windows Server:
Microsoft Azure already supports Linux hosted containers; the next Windows Server version will support them natively.
MS plans to demonstrate this capability at Docker Global Hack Day #2 coming up at the end of this month (October 30). A technical preview of what Mary Jo Foley wisely labels “Windows Server vNext” — given that we don’t yet know what MS intends to call this product family — is available on MSDN to those with access to that service. It appears there under the heading of “Windows Server” as “Windows Server Technical Preview,” “Windows Server Technical Preview (VHD),” and “Microsoft Hyper-V Server Technical Preview.”
The way in which MS describes this effort is both interesting and accurate enough to be worth presenting verbatim, so here goes:
Docker is an open source engine that automates the deployment of any application as a portable, self-sufficient container that can run almost anywhere. This partnership will enable the Docker client to manage multi-container applications using both Linux and Windows containers, regardless of the hosting environment or cloud provider. This level of interoperability is what we at MS Open Tech strive to deliver through contributions to open source projects such as Docker.
Docker containers simplify the development of software applications that consist of micro-services. Each service then operates as an isolated execution unit on the host. Common use cases for Docker include:
- Automating the packaging and deployment of applications
- Creation of lightweight, private PaaS environments
- Automated testing and continuous integration/deployment
- Deploying and scaling web apps, databases and backend services
This promises to be an interesting development for Windows Server, which has been perceived to be lagging behind in the container field, despite Hyper-V’s substantial virtualization portfolio. I expect this to be one of the biggest and most heralded new features to be discussed and explored as the next version of Windows Server makes its way through the preview process and into general release around the middle of 2015.
Yesterday was the second Tuesday of the month, Microsoft’s customary day to unleash its latest batch of updates, fixes, patches, and so forth. The October 14 collection included 30 mandatory items on my Windows 8.1 and Office 2013 equipped desktops and notebooks, along with at least one optional item as well (a fix to avoid an unwanted camera switch on PCs with more than one camera attached: this usually means a tablet or mobile device with cameras fore and aft). Eight bulletins were released to address a total of 24 vulnerabilities that touch upon most modern Windows versions (server and desktop), the MS .NET Framework, MS Office, and most versions of Internet Explorer. The most current Security Bulletin Summary provides all the gory details, but I am coming to really appreciate the “summary graphic” from the talented art staff at ghacks.net which released this gem yesterday afternoon:
Most exploitable items are numbered zero; otherwise, bulletins are ranked by severity. Lots of action — and restart items — here.
The bulletins of greatest interest appear at the top of this very informative table:
- MS14-056: Critical: Cumulative Security Update for Internet Explorer (KB2987107)
- MS14-057: Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (KB3000414)
- MS14-058: Critical: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (KB3000061)
Microsoft also release three security advisories worth digging into this month as well — namely:
- 2871997 Update to Improve Credentials Protection and Management: designed to enhance and improve credentials protection and domain authentication controls to help reduce credential theft for Windows 7 and 8.1 versions plus Windows Server versions 2008 R2, 2012, and 2012 R2.
- 2949927 Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2: adds support for SHA-2 signing and verification functionality (not needed in Windows 8 and Server 2012 versions; already included therein).
- 2977292 Update for Microsoft EAP that enables the Use of TLS: Update to the MS Extensible Authentication Protocol (EAP) to enable use of TLS 1.1 or 1.2 through system registry modifications. Works for all modern Windows versions (7 and up on the desktop; 2008 R2 and 2012 on the server).
Admins planning for update deployments should also ponder the security advisories as well, and plan their next scheduled deployments as soon as their testing and open time slots will permit. There’s some important stuff in here!