Last week, I blogged on my site to report that a pair of security researchers plan to unveil majority security flaws in the Windows Sidebar and Gadgets interface at the upcoming Black Hat convention, DEFCON, to be held in Las Vegas from July 21-26 at Caesars Palace (see Goodbye Gadgets, Goodbye to read the original). It seems that there are major security holes that can be exploited to create malicious gadgets quite easily. It’s even possible that existing gadgets can be subverted to confer the same rights and privileges to an attacker as enjoyed by the current logged-in user. And because so many users log in with admin privileges, that means the doors fly wide open for savvy attackers to do whatever they like on systems where gadgets grant them a foothold.
Some of my favorite gadgets I still keep running on Windows 7.
In the wake of this disclosure, Microsoft has indicated it will NOT include support for gadgets in the upcoming RTM and GA versions of Windows 8. It has also issues a security advisory — Vulnerabilities in Gadgets could allow remote code execution — that permits users to turn off the sidebar and gadgets in both Windows Vista and Windows 7 as well. This advisory includes two Microsoft FixIt tools named 50906 and 50907. Because MS doesn’t tell you what they do, I’ll add that 50906 turns the Sidebar and gadgets off, while 50907 turns them back on. In my blog, I opined that as long as users take all gadgets off their desktops, I’m not sure it’s absolutely necessary to disable gadget support and the sidebar entirely. In my case on Windows 7, given my own pretty good local security regime, I’m not worried too much about leaving my favorite gadgets up and running on my Windows 7 machines inside my double firewalled network (boundary firewall, plus individual firewalls on all client machines). Nevertheless, I’ll be keeping an eye out on the results of the DEFCON demo and presentation to see if my current lack of fear and trepidation remains justified once I better understand the nature of the threat(s) and vulnerabilities involved.
In the meantime, you might also find it interesting to read the chatter on this subject on the Windows EightForums, in a thread entitled “Microsoft urges death of Windows gadgets as researchers plan disclosur[e]…” You’ll find many of my thoughts and musings echoed and amplified there, and some occasionally hilarious conspiracy theories about what Microsoft is doing, how and why Win8 sucks, and various factors no doubt contributing to the end of civilization as we know it. But interesting to read nevertheless.
For myself, I’m waiting to learn more when the DEFCON disclosures are made. Should be interesting to understand how dire the security issues might be, and to ponder the question of why MS wishes to kills the sidebar and gadgets rather than to correct and repair their security deficiencies.
This title block from Blogging Windows says it all:
The blog in question is from the Communications Leader for the Windows 8 team, and the spokesperson for the group’s blogging activities, Brandon LeBlanc. He says “If your PC is running Windows XP, Windows Vista, or Windows 7 you will qualify to download an upgrade to Windows 8 Pro for just $39.99 in 131 markets” (that means 131 different countries, and in 37 languages, too). Better yet, this offer also includes the ability to “add Windows Media Center for free through the ‘add features’ option within Windows 8 Pro after your upgrade.” A packaged version of the upgrade on DVD will also be available while this promotion remains ongoing (from the GA date through January 31, 2013) for $70, and buyers who want an install DVD can buy one for $15 direct from MS.
But wait, there’s more: according to the answers.microsoft.com forums on July 6, 2012, the answer to the question “Are Windows 8 Release Preview users eligible for the $40 upgrade to Windows 8 Pro promotion?” is “Yes,” as long as they own an underlying license for XP, Vista, or Windows 7 for the machine running Windows 8 RP. That said, you won’t be able to migrate apps and will generally do a mostly clean reinstall, as with other earlier transitions from Developer Preview to Customer Preview to Release Preview. Still a pretty good deal, though — at least for those brave enough to move to the GA release of Windows 8 when it finally arrives.
Apparently, there’s been a worldwide conference for Microsoft partners in Toronto recently, because ZDNet Windows maven Mary Jo Foley reported on July 9, that “Windows 8 is on track to be released to manufacturing the first week of August, and to be generally available by late October 2012.” That means that all the planets should be in alignment some time just before Halloween (I’m guessing maybe Monday, October 29, or Tuesday, October 30) for the latest and greatest version of Windows to be on its way out to the world, in download, media, and pre-installed form on vendor PCs, notebooks, and tablets.
At the same Toronto event, MS Corporate VP of Windows Tami Reller (the same source for the GA date for Windows 8) also announced that Microsoft has now sold over 630 million Windows licenses so far (not clear if that ends with the end of June, or includes the first week of July). Windows 7 shipped October 22, 2009, so by my reckoning, 45 months have elapsed since then (not counting July, but counting October as a full month, so it’s a wash). That works out to exactly 14 million copies of Windows 7 for every month over that entire interval. That’s a pretty staggering number, when you stop to think about the magnitude of copies, dollars, and deployment effort this all means. In his story on these numbers, Paul Thurrott also reported that “The current Windows version  is installed on over half of all enterprise desktops, Microsoft says.”
What with Windows 8 getting ready to hit, and business users only halfway through Windows 7 migration (most from XP rather than the universally reviled Vista OS), methinks this argues very strongly for at least 3 years before Windows 8 starts making its way into enterprise operations in any numbers — if early user experience doesn’t nix the deal, and lead to a “second Vista” phenomenon. I’m going to be watching closely for news of corporate adoptions, and talking to OEMs about what they’re installing on big corporate orders after the GA data comes and goes, and makes Windows 8 at least a possible contender for business use.
My best guess is that “wait and see” will be the order of the day for some time to come, and that even traditional pioneers such as various branches of the military, Expedia, Continental Airlines, and BMW (all of whom jumped all over Windows 7 within 6-12 months of GA in very big ways) may hang back a bit longer than usual to see what gives with Windows 8. At the same time, they can gauge the enthusiast and SOHO response to the new OS, and learn from the experiences reported by those other, more tolerant network segments. But I’m guessing that for Windows 8, the uptake cycle will be more delayed than usual, in part because of Windows 7’s excellent stability and good overall reputation, and in part because of fear and loathing inspired by Windows 8’s touch-centric Metro GUI, a perceived higher-than-normal learning curve for users, and the unknowns always inherent in adopting a new but pervasive business platform.
Regular ComputerWorld Windows Guy and market observer Preston Gralla got me thinking this morning with his article entitled “Early warning signs point to a Windows 8 apathetic launch.” He makes some very interesting observations based on recent reports from Net Applications about the differences between Windows 7 and 8 uptake during their respective beta test periods. Seems that “at the same stage of development, Windows 7 had four times the market share of Windows 8” he notes, observing that only 0.2% of Windows PCs tallied by Net Applications were using Windows 8 about 4 months before GA release (June, 2012), as compared to 0.8% of PCs using Windows 7 in June, 2009 ahead of its GA date of October 22, 2009.
But that’s not what makes his article so interesting. He opines that with Windows 8 targeting tablet use as a primary goal of its UI design and operation, consumers aren’t as likely to buy into the new OS as they are likely to buy an iPad or some kind of Android tablet. This makes an awful lot of sense to me, and may indeed be a reasonable interpretation for the relative differences between Windows 7 and Windows 8 beta uptake. He also observes, quite rightly, that the sublime awfulness of Vista made Windows users a lot more interesting in some alternative, or any alternative to that OS, whereas users’ primarily positive attitudes toward Windows 7 also help to diminish interest in Windows 8.
I’d add a few more factors to this mix as well. When Windows 7 came out, businesses were facing the end of the life-cycle for their aging fleets of Windows XP desktops and notebooks, and were able to start migrating (a phenomenon that’s still underway, and by no means finished) to Windows 7 with more relief than trepidation. Recent reductions in the costs for RAM and processors (even with the spike in hard disk prices prompted by the floods in Thailand last year) have made buying new machines a powerful value proposition in the last two years as well, which has perforce meant many machines shipped out with Windows 7 pre-installed. Business users recognize that adopting Windows 8 means adopting the Metro UI and training users to be productive in a thoroughly recast Windows environment, so they’re hanging back from the upcoming OS as well.
It’s going to be a long, slow road to Windows 8 adoption. And the jury’s still out as to whether or not Windows 8 will be a blip like Vista or a home-run like Windows XP and 7. It will be interesting to watch and wait, to see how the market reacts when they must choose between a PC or a tablet with Windows 8 pre-installed. I’m guessing many, many buyers will opt for conventional desktop and notebook PCs with Windows 7 instead, for some time to come.
Like many of my professional colleagues who research and write about Windows, I’m an MSDN subscriber. Thanks to some great gigs in the past three years I’ve actually upped my ante to around $1,600 a year for the MSDN Premium-level subscription so as to gain access to developer tools as well as MS Office, and the usual collection of desktop and server operating systems. Late last week, Ed Bott served notice through a blog post entitled “To fight piracy, Microsoft tightens MSDN and TechNet terms again,” where he lays out the following changes to these programs that are bound to have a chilling effect on subscriptions for folks like himself and me:
- Fewer license keys: For MSDN subscribers, the number of product keys for client software (including Windows OSes) and MS Office drop from 10 to 5 for current versions, 3 for older versions. TechNet subscribers still get 3 keys per version.
- Fewer keys per day: For both MSDN and TechNet subscribers the total number of keys one can claim daily drops from over 50 to 10. This is intended to curb pirates who have been milking subscriptions to sell illegal OS and application copies as quickly as possible.
- Fewer products: Today, subscribers can grab any version of MS Office plus standalone programs in the Office suite (that is, Word, PowerPoint, Excel, and so forth). Under the new regime, only full suites will be available, and older versions of software gone (no more Office 97 or Windows 98, for example).
- No more perpetual software rights: TechNet users lose perpetual license rights to software they download. Today’s subscribers can continue to use software even after an active TechNet subscription lapses. Under the new regime, when the subscription goes, so do the rights to use the software obtained while that subscription was still in effect.
There are some mitigating circumstances, however, that should ease potential pain to legitimate subscribers to these programs. Any valid product key can be activated multiple times, so three to five keys actually cover dozens of installations. Legitimate subscribers can also ask for additional keys, and MS indicates it should be able to honor such requests in three business days. Should make life more interesting for TechNet subscribers, and more miserable for would be pirates. Arrrrrrrrr!
Thanks to a request from some colleagues at Dell recently, I’ve dug back into a pair of nonpareil websites to revisit their standout coverage and tutorials for all things Windows related. I’m talking about SevenForums and EightForums, two Websites that are the brainchild of John Fairbrother and ably assisted by Microsoft Windows Desktop MVP Shawn Brink, amidst a cast of hundreds of other savvy and knowledgeable Windows wizards and volunteers. There’s a Windows Vista site, too, but it doesn’t figure that much into anybody’s plans nowadays, nor register on too many radars, though it is every bit as good as its more modern counterparts.
Logos for the Windows Seven and Eight Forums sites
What will you find on these sites if you decide to visit them? In addition to a plethora of Forum areas that include news, general discussions, and a “Chillout Room,” you’ll also find discussion areas (forums, get it?) devoted to a laundry list of interesting OS and related topics that include the following:
|Drivers||Backup and Restore||Media Center|
|Hardware & Devices||Windows Updates & Activation||Music, Pictures & Video|
|Graphic cards||Crashes and Debugging||Microsoft Office|
|Sound & Audio||Software||System Security|
|Network & Sharing||Browsers & Mail||Virtualization|
|Installation & Setup||Customization||Overclocking and Case Mods|
|Performance & Maintenance||Gaming||Tutorials|
Please note that the final entry at the lower-right, Tutorials, is in boldface. That’s my emphasis, and where much of the amazing value of these sites resides. This is also where MVP Shawn Brink’s amazing command of modern Windows versions is also on full display (you’ll find several hundred, short, instructive and well-illustrated examples of his work spread across the Windows 7 and 8 Forums sites, and they’re uniformly interesting, on-target, and sometimes incredibly useful as well). There’s constant chatter on all of the forums, and lots of good information scrolling through them at a pretty ferocious rate. Lots of good stuff all around here, in fact.
If you don’t know about these sites already, be sure to check them out. If you do know about them already, be sure to share them with your friends, colleagues, and family members. There’s really and truly something for everybody here.
I generally don’t spend a lot of time following the rumor mill for Windows 8, but if Windows 8 is going to ship in October of this year — and I’m still pretty convinced it will be out before Halloween — it’s about time for the Release to Manufacturing (RTM) version to head out the door so the OEMs can start prepping their systems for the eventual general availability (GA) release. To that end, I did tune into the usual sources for such information to see what was circulating around the rumor mill and found some degree of unanimity among some usual suspects (Mary Jo Foley, Gregg Keizer, Ed Oswald, and so forth). Most people think that the RTM will hit the week of July 16, across all of the sources that I recently polled and trolled.
The big push, of course, is to get the OS done in time for holiday pre-sales. Thus, even the end of October is pushing things out as far as they can go to hit this oh-so-necessary sales window. That’s the only way to get the machines with the new OS pre-loaded into buyer’s hands soon enough to take advantage of holiday buying. The real question then becomes: “Does anybody really WANT a Windows 8 PC — or even a Windows 8 Surface tablet, of the RT/ARM or Intel persuasion — under their tree?” I’m sure lots of folks in the Redmond area are having trouble sleeping at night fretting over that very question.
Hence my intention, and your possible look-out: to watch for an announcement of an RTM date soon. Might be as early as the end of next week, but probably not until some time the week after. But only time will tell, so stay tuned.
If you allow Windows to track and report on errors, every time your PC experiences some kind of problem it “phones home” to Redmond, and reports on what’s happened. It also promises to send you information about any related solutions that may come up as a result, but for most of us, a much more typical response to seeking solutions for such problems looks like this in the Action Center interface:
As it happens, however, Microsoft also researches the causes for and sources of such problems, thanks to the telemetry that delivers all this information to their tracking servers. They’ve just published their first-ever report on this data. It’s called “Cycles, Cells, and Platters: An Empirical Analysis of Hardware Failures on a Million Consumer PCs.” The summary for the report is both interesting and informative enough to be worth verbatim reproduction, so here goes:
We present the first large-scale analysis of hardware failure rates on a million consumer PCs. We find that many failures are neither transient nor independent. Instead, a large portion of hardware induced failures are recurrent: a machine that crashes from a fault in hardware is up to two orders of magnitude more likely to crash a second time. For example, machines with at least 30 days of accumulated CPU time over an 8 month period had a 1 in 190 chance of crashing due to a CPU subsystem fault. Further, machines that crashed once had a probability of 1 in 3.3 of crashing a second time. Our study examines failures due to faults within the CPU, DRAM and disk subsystems. Our analysis spans desktops and laptops, CPU vendor, overclocking, underclocking, generic vs. brand name, and characteristics such as machine speed and calendar age. Among our many results, we find that CPU fault rates are correlated with the number of cycles executed, underclocked machines are significantly more reliable than machines running at their rated speed, and laptops are more reliable than desktops.
Lest you be inclined to pooh-pooh this report and its contents, it’s probably worth observing that it received the “Best Paper” award in the ACM’s (Association for Computing Machinery, a leading computer-science professional organization, to which I have belonged since 1982) Proceedings of Eurosys 2011 conference publication.
Joel Hruska from ExtremeTech overviews its findings in an excellent story entitled “Microsoft Analyzes over a million PC failures, results shatter enthusiast myths.” I’ll summarize the high points here:
- The longer a CPU runs, the more likely it is to crash. Machines with less than 5 days of active use over an 8-month period (what MS calls Total Accumulated CPU Time, aka TACT) have a 1:330 chance of crashing. Machines with over 30 days of TACT over the same 8-month period have a 1:190 chance of crashing.
- Once a hardware fault appears, it is 100 times more likely to recur after that. 97% of machines tend to crash from the same cause within a month of the first such crash.
- Over-clocking (no surprise there) is likely to cause crashes, while underclocking makes them less likely. Figure 3 from the report summarizes overall overclocking findings. For underclocking CPU failures go from 1:330 for stock to 1:460 for underclocked; DRAM one-bit flip errors drop from 1:2000 (stock) to 1:3600 (UC); and disk issues drop from 1:380 to 1:560. This also confirms conventional wisdom that underclocking improves PC reliability (it definitely reduces heat output, which is probably related).
- Surprisingly to some (but not to me, based on lots of hands-on experience) laptops proved to be more stable than desktops, countering the researchers’ own expectations.
- PCs from major systems vendors (such as Dell, HP, Asus, Lenovo, and so forth — defined as the “Top 20 computer OEMs” in the report) proved more reliable than those from all other vendors, with 1:120 for CPU problems (OEMs) versus 1:93 (everybody else), and 1:2700 (OEMs) for RAM one-bit flip problems versus 1:950 (everybody else).
All in all the report makes for some interesting reading and suggests that MS may be learning more from this data in the aggregate, however unresponsive their forwarding of problem solutions through the Action Center might seem. Should be interesting to keep an eye out for future such findings.
An interesting story appeared in Extreme Tech earlier this week. Entitled “The fanless heatsink: Silent, dust-immune, and almost ready for prime time,” it digs into a recent invention from the eggheads at Sandia National Laboratories called the Sandia Cooler heatsink. The reason why I designated the fanless heatsink terminology as “so-called” in my blog title is because calling this technology fanless is something of a misnomer. Actually, the heatsink’s heat dissipator IS a fan, so no additional fan is needed to provide cooling for this particular device, as shown in the photo below (reproduced from the Extreme Tech story cited above):
According to the Extreme Tech story, there are lots of interesting wrinkles to this invention, which sounds pretty much like a “gotta-have-it-yesterday” PC technology to me. First, it’s reportedly 30 times more efficient than current heatsinks. Second, it uses a “cast metal impeller” that floats 0.03 mm above a metal heat pipe spreader, and is powered by a brushless DC motor integrated into the unit itself. Third, the impeller is extremely quiet (no sound measurements provided, but even the quietest of fan-based coolers emit at least 30 dBA, so I’m guessing it’s in the lower 20s if not quieter than that — basically inaudible, especially in typical household or office environments which usually feature ambient noise levels in the 35-45 dBA range). There’s a video in the linked story (above) that shows how quiet it is, and that’s pretty quiet indeed. Fourth, the impeller has been designed to resist dust build-up owing to a constant rotation at 2000+ RPM, and use of centrifugal force to drive dust out of the air gap between the heatsink (the impeller) and the heat spreader (the metal heat pipe spreader attached to the processor package). Fourth, the Sandia folks estimate that “if every conventional heatsink in the US was replaced with a Sandia Cooler, the country would use 7% less electricity.”
OK, I’m sold, but apparently it’s going to be a while before this technology makes it into a commercial cooling product. According to the story, a company has licensed the technology for PC cooling, but that company hasn’t been identified nor any such products announced. Rats! I was hoping to rush right out and buy some immediately. Let’s hope it doesn’t take toooooooooo long to come to commercial fruition. Gotta have it!!!
Last February, in getting ready to work on a Windows 8 book — now abandoned, alas, in favor of other work — I purchased a couple of Lenovo notebook PCs. My X220 Tablet has become my go-to touchscreen Windows 8 test PC, and my T520 notebook has proved itself to be a solid and dependable traveling PC as well. In learning all about my Lenovo units, I’ve become familiar with a class of compact solid state SATA drives that use a special Mini-SATA or mSATA connector, not least because both of these notebooks will accommodate an mSATA SSD in the same slot into which you might otherwise plug a WLAN card.
(Photo from Wikipedia entry, Wikipedia commons, Author Bdortiz1076)
mSATA is essentially the same form factor as mini-PCIe (PCI Express Mini Card interface) and is becoming increasingly popular for SSDs. Right now, all of the major vendors — including Intel, Samsung, OCZ, SanDisk, ADATA, Transcend, SuperTalent, and so forth — offer mSATA SSDs in capacities from 20 GB to as large as 256 GB. They tend to be more expensive than their 2.5″ packaged counterparts, and some care must be exercised in picking units compatible with the chosen host PC. But I’ve had good luck with both of my Lenovo units in using an 80 GB Intel 310 mSATA drive, even if one must perform a clean install of the OS to get the machine to recognize the mSATA SSD as the boot drive.
For notebook PCs, the great thing about mSATA is that, when available, it provides an extra drive slot that’s perfect for a smaller (60-80 GB for a PC with 4-6 GB RAM; 120 GB or larger for a PC with 8 GB RAM or more) boot drive, which leaves at least one slot open for a conventional 2.5″ hard disk or SSD, depending on performance needs and budgetary constraints. What I really like about my T520 Lenovo notebook is that I can (and did) buy a $40 swap out, snap-in replacement for the optical drive module that lets me add another hard disk, for a total of 3 drives in that machine. Right now, I’ve got two 750 GB 7,200 RPM drives for storage, and a snappy 80 GB mSATA boot drive, for a pretty winning combination of speed and storage capacity.
But here’s another interesting news flash to consider as well: a growing number of motherboard makers — including at least Asus, Intel, Jetway, Gigabyte, and Zotac (see this Google search) — are selling modern mobos (mostly socket LGA1155) with built-in mSATA interfaces. These are smart enough to recognize mSATA devices in UEFI or BIOS, and to propel them to the top of the boot hierarchy by default. I’m starting to think that I might know what kind of motherboard I’ll be buying for my next desktop build, in fact…