An interesting report appeared today, courtesy of the Windows Secrets newsletter, indicating that anyone who’s used the Windows Repair feature on the XP or Vista installation media may have been excluded from up to 80 recent official Microsoft patches, some of which were fairly serious. There’s no conspiracy or other nefarious plot involved; the problem seems to be that use of the repair option rolls certain files back to version that are too old to work properly with recent Windows Update versions. As a result, the 80 most recent updates simply won’t be applied. This could expose user systems to known exploits or other problems.

According to the article, “after using the repair option from an XP CD-ROM, Windows Update now downloads and installs the new 7.0.600.381 executable files. Some WU executables aren’t registered with the operating system, preventing Windows Update from working as intended. This, in turn, prevents Microsoft’s 80 latest patches from installing.” Happily, the files can be re-registered by hand in order to work around the problem. Details of the manual file correction process are supplied in the article.

Windows Secrets also broke the story of Microsoft’s “stealth updates” process, which raises the larger question of whether any vendor should be permitted to install updates on user systems without first informing the owner. This update process installs patches on systems even when users have opted out of the automatic patch delivery process available under XP and Vista. It’s at least worrisome, and at most legally actionable, that “updates to the WU executables seem to be installed regardless of the settings — without notifying users.” Not only does it raise issues of privacy and security, but many corporations explicitly forbid the installation of patches that have not been tested and approved for internal use. Such companies typically bundle groups of patches together, test them against their own internal product suites, and only release them to the general user population once it’s been ascertained they won’t cause crashes or other problems.

Then there’s the problem of accountability. What happens if you leave your PC, which is connected to an always-on DSL or cable connection, only to return later to find the system unusable? If you run diagnostics and find that Microsoft’s auto-update utility installed patches even after you’ve opted out of the service, can you sue Microsoft for damages? I suspect the answer is “yes.”

It’s important to note that none of these patches are known to have caused problems with user systems – yet. However, if Microsoft is able to install updates without the user’s knowledge or consent, there’s no way to know what use will be made of this ability in the future. Also, will a hacker manage to slip malicious code into an official patch, thereby causing it to be distributed to the whole installed Windows base? Will someone figure out how to commandeer this process and use it to push malware to user systems? These revelations have opened the proverbial can of worms, and only time will tell what the consequences are.

Tonight a writer on a discussion group I frequent mentioned that she’s still using a decade-old word processing program that was only ever available for the Mac. The program is so old that no current software can read files created with it; the writer works around this problem by exporting files to a format that Word can import when she sends them to her publisher.

The problem is that she’s been retaining her massive archive of articles in the word processor’s proprietary format. If an OS update renders her outdated word processor unusable, or a disaster destroys her copy of the application software, her work will become instantly unreadable. Her only recourse might be to find some other user of the old application who will agree to open her files and save them into a more modern format. This could be expensive, and would probably lead to a loss of some formatting information.

I know many people who have old data. Some have run across a diskette or old CD containing photos, documents, spreadsheets, and even tax information they can’t read because they no longer own the application used to create it. In my closet I have a tape filled with articles I wrote while in graduate school; they were all written using a long outdated word processor, and nothing currently available on the PC or Mac can open them. At best, I can only ever hope to hack into the files and pull out some of the text; the formatting and embedded graphics are gone forever.

This problem will only get worse over time, as we accumulate piles of data that we don’t update as technology changes. I read an article recently that discussed the problem of photo storage, for instance. In the past, physical photographs were lost, discarded, or degenerated over time; today, we retain photos on a floppy or hard disk but it may be unreadable in the future. The primary reason is the one described above, but there’s also the chance that the media itself will degrade over time. Floppies, CDs, and even hard drives may lose data over time, even if they’re stored in a closet or locked in a safe. I’ve also heard from people who own ancient tapes written on hardware that no longer exists except in a museum.

One estimate I saw a few years ago suggested CDs would start losing data after about 60 years. Floppies are even less stable since they’re magnetic in nature. We need to be aware of this problem since we’re storing massive amounts of data in an electronic format, and the quantity is increasing exponentially every year. Even today, some old data stored in large corporate databases is difficult to read using modern systems, and migrating massive amounts of data from one system to another can be a time consuming – not to mention expensive — task.

What will happen to your data in 100 years? Will your grandchildren find an old DVD containing family photos or word processed correspondence, only to discover it’s degraded over time or unreadable due to changing data formats?

While reading an article on the proliferation of residential network bandwidth and its growing impact on the entertainment industry (hint: at least the “big three” TV networks are becoming passé) I started musing over what other effects we might see. Given the increasing popularity of “software as service” applications that run directly over the Web from Google and other providers, coupled with the fact that the streaming media industry is really just in its infancy, I arrived at an interesting conclusion: Windows, and probably many other traditional operating systems, are doomed as long term desktop products.

Mind, this has nothing to do with the quality or features inherent in any given OS; this is not a Mac-vs.-Windows-vs.-Linux argument. It simply comes down to this: the technology to load operating systems dynamically over a network has existed for two decades, and it only makes sense that eventually we’ll have enough bandwidth to make it a viable option for home users.

The idea of “diskless workstations” first became popular in the late 80s and early 90s, and various organizations experimented with the idea as a method of minimizing the overhead involved in installing an OS by hand on individual workstations. X-terminals and even some DOS/Windows systems could be loaded via the BOOTP or other protocols. You can set PC network cards to request an OS located on a remote server when the PC is booted up. The problem, of course, was that networks at that time didn’t have enough bandwidth to handle hundreds or thousands of machines pulling copies of an OS from a central server. And given that home users of the era connected via 56k modems, there was no way remote loading of an OS could be accomplished anywhere but large corporate or university networks.

Now, however, things are different. Many residential DSL and Cable users now enjoy (theoretically) 3-6 Mbps connectivity, and even higher speeds are right around the corner.

What are the implications? The first is that providers would need to make absolutely certain the OS copies they were providing to users were clean of all viruses and other malware, since a compromised OS load server could potentially infect thousands of user machines in a very short period of time. This said, another effect is that if your copy of “Windows Network Edition” (or whatever it’s called) becomes corrupted, you can just reboot your PC and let the system reload itself with a fresh copy. You’d also have no need to worry about patches and troubleshooting, since your provider would apply all patches and you’d pick them up the next time you rebooted.

Another advantage is that providers could certainly provide the ability to load different OS types and versions, so that you could boot Linux when you wanted it and then reboot in order to switch to a Windows interface if desired. One problem might involve disk formatting and compatibility during OS-switching tasks, since Windows and Linux use different disk layouts, but this is certainly not insurmountable from a technical point of view.

Does this mean Vista will be the last “traditional” Windows release? Will we all be booting our machines via remote OS copies in the next few years? I doubt it, since a lot of issues like UI customization and anti-trust issues will slow down the transition, but it may happen once the benefits outweigh the negative aspects.

I’ve owned a Webcam, in one form or another, since about 1997 but have rarely found a good use for them, aside from some infrequent videoconferencing and a half-hearted attempt at capturing a decent photo of myself. The idea of recording my own activities while typing at the keyboard and broadcasting them for the world was never appealing (a friend did this and received several marriage offers). Of course there’s always the option of recording a video for YouTube, but I’m not that desperate for fame!

However, recent gains in home network bandwidth may make the humble webcam useful. Numerous packages are on the market that allow you to, for instance, turn your PC/camera combination into a home security device. For instance, there’s Crime-Catcher, which will capture and store images if the camera detects movement while the software is operating. Not only is this useful for home users, but businesses could set up this system, or the Deskshare webcam monitor, to monitor their office space while no one is present at the location.

In another vein, AT&T is offering their Residential Monitor system, which allows users to view images remotely as they’re being captured by a home webcam. With this system, homeowners can set up multiple Web-enabled cameras that can be accessed from a remote desktop or even a phone with video capability. Need to monitor your kids’ activities while you’re at work? This might be the system for you.

Of course, one of the problems with capturing surveillance video on your home PC is that it might be stolen during a robbery (bye bye data!). AT&T’s monitoring service actually provides up to 250MB of online storage for captured video, so the archived images will be available even if your house is cleaned out.

For something completely different, there’s also UStream.tv, which allows users to stream their own video live to anyone who wants to watch. Services like this may become the TV of the future, since they allow anyone to broadcast “to a global audience.” Users of the service could produce their own news, entertainment, or educational material and stream it at will. TV viewers are tiring of the semi-canned “reality” shows produced by traditional networks; the next step may involve independently produced reality video. This could also be an excellent medium for new performers who want to build an audience; they now have the ability to present their work without an agent, contract, or the support of a large entertainment company.

We’ve already seen feature-length films produced by independent filmmakers and released over the Internet. It’s possible we’re witnessing the next evolution in media and information services. The Internet is here, and it’s the great leveler: anyone can write, produce, and broadcast their own show. Look out NBC, and look out Neilsen ratings. The new generation won’t need you.

If you’ve encountered a problem involving a machine that slowly bogs down over time, you may be suffering from a RAM shortage due to increasing memory requirements in one or more applications. In the past, most developers wrote code that was very stingy in regard to memory allocation. This was largely because RAM was really expensive (I remember paying $1000 for 1MB SIMM in 1988), and as a result programs were written to use only what they really needed. It was also standard practice to release memory whenever possible in order to make it available for other applications.

Today everything has changed. Memory is cheap and plentiful, and as a result developers don’t feel bad about allocating large amounts whenever necessary. The use of feature rich applications has also increased memory requirements, and the OS takes a much larger chunk than ever before for the same reason. You could run DOS in 64KB on a 386; I doubt a Windows XP box would even manage to boot to the splash screen without at least 128MB aboard. Multitasking takes its toll too: my XP Pro box with 1.5GB aboard manages to eat up over half its RAM and 1GB of its swap file when I have just Firefox, Eudora, BOINC, and Second Life running.

Another problem is that the amount of memory an application uses when it starts up is usually only a starting point. As mentioned above, programs are designed to request more memory when they need it for a specific task. Opening MS Word might take 20MB of RAM, but opening the program plus a 50 page document could require another 20-50MB depending on the complexity of the data. If I run Firefox 2 with one tab open it takes up 50-60MB; more tabs require more RAM, and all bets are off if I hit a page that requires Java. Handled improperly, the Java compiler can eat up huge amounts of memory very quickly; if an application is very complex, a process can eat up a few hundred megabytes without breaking a sweat.

I’ve also seen many more cases of “leaky” behavior in applications lately. This is when a process requests memory, but fails to release it properly. Repeated over time, this cycle is known as a memory leak. It’s a very common problem in badly written applications (and even some good ones). The only way to flush all the unused RAM is to exit from the program.

What all this means is that your 512MB system may be adequate to run a copy of Windows and a few applications, but as those applications grow you’re likely to encounter performance degradation. Open a copy of Task Manager and use it to monitor the size of some of your commonly used applications; if they’re using lots of memory and the “available” reading in the Physical Memory section of the Performance tab is small, you’re probably running short on RAM. Happily, today you can probably double your available memory for under $100.

When you’ve been involved in technical support as long as I have, you tend to develop lists of standard questions to ask when someone calls in with a problem. A given question, like “why did my network connection stop working” or “my PC was working fine, but now it’s suddenly slower than before” automatically generates a list of initial questions that are designed to help isolate the nature of the problem.

In cases involving the sudden appearance of problems on a machine that “was working fine yesterday,” the first question I tend to ask is “what’s changed on the PC since yesterday?” There’s a reason for this: in general, PCs don’t suddenly stop working properly. If they do, it’s usually something dramatic like a blown power supply or faulty RAM stick. Subtle problems, like “it’s slower than before” or “it crashes when I try to print a document,” point to software related issues that can be difficult to diagnose unless you keep track of changes that occur on your machine.
I recall tracking down a problem for a university professor who taught Russian: his machine ran fine, right up to the point when he opened certain documents containing Cyrillic (Russian alphabet) fonts. Invariably, this would cause a crash or hang. After hours of diagnostic work, I finally found the problem. The printer driver – which, as I discovered, also controls the formatting on the screen – was incompatible with the special fonts he’d installed. I chose a driver for a different HP printer, and the problem vanished. That’s subtle.

If your machine suddenly starts doing strange things you’ll need to isolate what might have changed and how you can either back out those changes or work around them. If a PC seems suddenly slower, it’s a good idea to think about software updates you may have applied recently. Did they change the amount of memory an application uses? Do they cause the application to use more CPU time? If you fire up Task Manager, are certain applications using more resources than you’d expect them to? You may be able to isolate a rogue application by exiting from your standard set of running programs one at a time to see if the behavior changes. If the problem disappears, it’s time to run more tests and check that application’s behavior.

A customer recently complained that their machine was perceptibly slower than before, but virus and spyware checks revealed no problem. The only software change they’d made was to a mail system plug-in for Firefox, so I suspect that’s the cause. Some mailers are set to check for new messages in the background (without informing the user) on a set schedule; since this task would be given priority on the CPU for a certain slice of time, the machine might appear to be lagging behind or hanging for brief periods.

Remember, the key question to ask is “what changed?” You may be surprised at the number of problems you’ll solve by finding the answer.

In an interesting addition to its service offerings, AOL announced plans to offer a centralized media cataloguing service for Internet users, even those who make use of competing services like Flickr and Yahoo’s photo service. Yes, that’s right: AOL. You remember those guys; they’re the folks who tried to portray themselves as the one and only provider of all things to their users, when in reality many of their claims skirted the line between reality and fiction. I recall a series of commercials in which they’d talk about Ebay or some other service while using a phrase like “choose destination Ebay on AOL.” It always struck me they were somehow claiming to be “providing” these services, when all that was really happening was that they were navigating their users to Ebay’s front page.

In any case, AOL’s operators say the days of a “walled garden” approach to the user experience is over, and that they’re ready to play with everyone else on a peer basis. Their new site, called bluestring.com, is supposed to act as a super-repository for all the media that today’s Net users tend to scatter across multiple services. I see it as a form of content management for individuals, which actually isn’t a bad idea overall. This said, it’d be better if people would keep all their stuff organized and in one place so that services like this wouldn’t be necessary. But that’s wishful thinking on my part, and I’m just as guilty as anyone else of scattering content around the Internet.

According to the article, “BlueString will let users store photos, video and music on their computers and create slideshows combining those elements. Copy-protected music can’t be shared but can be used in slideshow soundtracks” The latter makes sense given today’s culture and the legalities of DRM. It sounds great, but at least one analyst noted that AOL “might face competition from online hangouts like Facebook, which has already become a repository for some users’ digital identities.”

So while AOL’s new service is a good idea, it may well be too slow out of the gate due to the presence of established competition that already has a decent chunk of the market locked up. AOL has been trying to reinvent itself for years, but has never broken out of its old walled garden model sufficiently to attract new users. It’s also something of a dinosaur, since it’s a holdover from the days of ISPs that provided actual dial-up service and physical modem banks. Companies like EarthLink aren’t doing well either, and most of the ISP business seems to have been subsumed by cable and phone providers.

Will social networking save AOL’s bacon or will it, like so many others, fade into oblivion in the face of a changing business model? Stay tuned.

In the latest episode in the life of the well known “Storm” Trojan, it was recently found that a major GOP (Republican party) Web site was infected by a new variant, which was itself infecting visitors to the site. This adds new life to an already infamous virus and shows how vendors of malware adapt existing code to make use of new attack vectors. Until now, the Storm malware had only infected other machines via email or embedded links.

One researcher from Symantec commented in an Infoworld article that “They have a knack for latching onto the latest newsworthy events and capitalizing on the public interest in them. […] And if no newsworthy events are happening at the time, then they will just make them up.” In this case, the malware vendors apparently targeted the GOP site as a result of heightened media coverage of the upcoming US presidential campaign. It’s not known how many other sites were compromised or what type of material they were providing, but some researchers estimate that hundreds may have been altered.

That the infected site had nothing to do with business computing or commerce shows that any Web presence is vulnerable to attack and infection. It’s also interesting to note the method use, which involved what’s known as an IFRAME, or invisible frame, placed on the GOP site. These invisible frames are regularly used to pass information to and from the browser while a page remains visible (and potentially unchanged in appearance) on the screen. They’re frequently used to build dynamic menus or provide feedback to user responses without completely repainting the entire browser window, but obviously can be used for malicious purposes. All that’s required is that some percentage of users visit an infected Web site using an out of date browser containing an exploit that the malware developer can use to infect their PC.

In most cases the infected sites were discovered and corrected fairly quickly, but it’s entirely possible many users’ systems were infected during the time the IFRAMEs were in place. Compromised machines were added to Storm’s botnet network, which is thought to involve 2 to 4 million PCs worldwide. That’s a lot of computing power, and it’s surely being used to send even more spam and infect other machines. The Storm worm has shown a remarkable ability to adapt to preventative measures, and is likely to continue its spread over time.

Recently I saw an estimate stating that over 95% of all email sent worldwide today is spam. How long will it be before a large percentage of Web sites are infected with viruses or other malware and become similarly useless? This is a serious problem, and it’d be wonderful if more governmental bodies would treat it as such.

Privacy has been a hot topic in technology lately, largely due to the burgeoning online retail and financial management markets. Whereas threats to privacy were limited to occasional telephone or confidence game scams, or blackmail involving illicit photographs in the pre-digital era, today’s Internet environment allows scam artists to set up professional-looking Web sites that can be used to entice likely victims. Cloned copies of legitimate Web sites, in conjunction with email-based phishing scams, can also be used to catch unwary consumers.

Another problem is that online business transcends national boundaries. Whereas it was probably very rare for most individuals to order goods from abroad before the advent of the Web, today it’s an extremely common occurrence. Thus, consumers are exposed to varying privacy laws that may or may not make adequate guarantees regarding their personal data. The good news is that the European Union’s laws are actually much stricter than those found in the US today. The bad news is that other areas have no privacy protection laws in place at all.

Currently, if you provide credit card or other personal data to a company based in the US, they can retain that data indefinitely if they choose to do so. This rule applies for both face-to-face and online transactions, so your data may be compromised even if you swipe your credit card at the cash register. The net result of this policy is that, if you buy a $4.99 article from Company X today, the theft of archived data from that company’s servers ten years from now might result in the exposure of your personally identifying data. The EU has implemented a much more sane policy that mandates the deletion of personal and credit card data from a company’s systems no more than two years after a transaction takes place.
A very different concern, which I’ve discussed in the past, is that search engines and companies like DoubleClick track activity and search terms, matching them to IP addresses in order to generate demographic and usage metrics. This data is another source of concern, since its use is currently largely unregulated.

Google has announced an initiative that’s intended to drive the development of a global privacy policy framework. The claimed objective is the creation of a single standard for the management of sensitive private data, though it may also be the case that this initiative was inspired by the company’s pending takeover of DoubleClick. This move has “stirred complaints from privacy watchdogs and prompted antitrust regulators to take a closer look at Google’s proposed acquisition,” so the company’s initiative may be more self serving than egalitarian.

That said, it’s a great idea if it actually results in an enforceable global standard that provides reasonable guarantees regarding the use and retention of privacy-related data. Such a global policy is sorely needed, but the process of creating one from the current morass of competing laws may end up an exercise in cat herding.

I’ve been ruminating over whether I want to abandon Windows and move to another OS (Linux) altogether. Currently I maintain several machines (XP, 2000, and Red Hat) that handle a multitude of tasks. The Linux box is used for software development, and also acts as my primary Web server. I was thinking I’d need to maintain one pure Windows box for compatibility purposes, but this may no longer be necessary due to improvements in a very interesting product that you may have heard of. It’s called VMware.

This product has been around for years, but it’s gotten better with each release and I’m now convinced I can use it to solve my hardware problem. VMware is a “virtualization” application that allows you to run an OS within another OS: if your machine boots a Linux kernel, you can start one or more virtual machines within that OS that run Windows, other Linux versions, and so forth. Each instance is completely separate from the others; as the company’s Web site notes, VMware “lets you use your virtual machines to run Windows, Linux and a host of other operating systems side-by-side on the same computer. You can switch between operating systems instantly with a click of a mouse, share files between virtual machines with drag-and-drop functionality and access all the peripheral devices you rely on.”

This is a really cool technology, and the idea of virtualization is a hot topic in business computing for a number of reasons. For instance, many consultants run demos at customer sites and often need to showcase a client/server relationship between two or more machines. In the past, this meant either using their laptop as a client while connecting to a server at the home office, or (worse) lugging multiple laptops from one site to another. With virtualization, they can run both the client and server application on the same laptop – even if they require two different operating systems.

Other companies have gotten into the virtualization game, including IBM, Sun, and Microsoft. For instance, you can buy an IBM system and plug one or more CPUs, huge amounts of RAM, network interfaces, and disks into it. Then, using a special console, you can allocate these resources to one or more virtual machines running AIX (IBM’s UNIX variant). Even better, you can shift resources from one virtual machine to another on the fly. Microsoft is working on the same technology for Windows.

I remember the days of swapping disks back & forth in order to boot different OS variants on the same hardware. I’ve also used boot manager software that allowed me to switch among installed operating systems, but these methods allowed only one OS to be active at a given time. Virtualization means you can run multiple OS instances at the same time, so I can switch to Linux and fire up a virtual copy of XP if I need to run a “Windows only” application. How cool is that?