Sunday, February 18, 2018

Windows 10 Spring Creators Update

No, I don't know what the next "version" of Windows will be called but history suggests it might be  "Spring Creators Update". One thing for sure, you don't want to be surprised when you wake up one morning and it has installed/uninstalled/crashed overnight.

Likewise Microsoft had their share of troubles with January's patches.

So now is a good time to prepare.

If you're not running Windows 10 Pro, the first thing to do is to go here and buy a Windows 10 key for $14.00. Then backup and upgrade ( Home to Pro.
  1. Select the Start  button, then select Settings  > Update & security  > Activation.
  2. Select Change product key, and then enter the 25-character Windows 10 Pro product key.
  3. Select Next to start the upgrade to Windows 10 Pro.
Then follow Woody Leonard's instructions from here.

To block Automatic Updates (you can say "defer" if you prefer), click Start > Settings > Update & security. Click the link marked "Advanced Options." You can see the "Choose when updates are installed" pane in the screenshot.

Microsoft has changed the terminology several times in the past couple of months, but choosing "Current Branch for Business" in the first drop-down box should assure that you won’t be upgraded to the next version of Windows (presumably, version 1709) until Microsoft says it's ready for widespread adoption. By choosing CBB, you’re avoiding the four-month-long unpaid beta-testing phase, where those who leave Automatic Update enabled get to install and test the new version of Win10 as soon as it's rolled onto their machines.

The Feature Updates box is supposed to delay the installation of new versions (read: version 1709) by the specified number of days. Remember Feature Update = Version change. At this point, we have no idea how that number will interact with the CBB choice in the first box - or even if it interacts at all. The rules seem to change every week.

The Quality Updates box, though, controls how long Windows Update waits to install the latest cumulative update. Remember Quality Update = Cumulative Update. I suggest you wind that up to 30 days, the maximum, but put a reminder in your calendar to check in a few weeks to see if the next cumulative update is behaving itself.

I don't recommend that you Pause Updates using this setting. It isn't clear what updates are being paused. You still want antivirus updates, for example, and even if Microsoft allows those through now, experience has taught that the rules change all the time.

Windows 10 versions 1507, 1511 and 1607 Pro and Enterprise had similar options, but you have to dig through Group Policy settings to get to them.
If you're on Windows 10 1709 "Fall Creators Update" the term will be "Semi-Annual Channel" instead of  "Current Branch for Business".

If you won't/can't upgrade to Windows 10 Pro, here are Woody Leonard's instructions for Windows 10 1703. You're on your own.

With all this doom and gloom, personally I've had good luck.

Cross your fingers.

Sunday, February 11, 2018

Edge Is Good For Something

I finally found something that Microsoft's Edge browser is good for.

Last week I was reading an article at on "What Really Happened with Vista: An Insider’s Retrospective". It was a good article but the presentation drove me crazy.

It had a CSS "shade" at the top and another CSS "footer" at the bottom. These caused PgDn to scroll too far and you would miss some of the text. Then you'd have to Up Arrow to see the skipped text.

I didn't have enough patience to read much of it in this manner.

Then I recalled that Edge has a reading view.

I copied the URL and pasted it into Edge. In the address bar is an icon that looks like an open book.

Click on that and you're put into Reading view" mode.

Much better.

I concede that there are similar capabilities in Google's Chrome but they all require hacks or non-Google extensions.

Sunday, February 04, 2018

R.I.P CrashPlan

I've been a huge proponent of CrashPlan. I started with the personal offsite backup.

That worked well and I eventually added their cloud backup.

You can read about my experiences here. I'll save you some time. It's nothing but good.


In August 2017 I got the following e-mail:
Thank you for being a CrashPlan® for Home customer. We're honored that you’ve trusted us to protect your data.
It's because of this trust that we want you to know that we have shifted our business strategy to focus on the enterprise and small business segments. This means that over the next 14 months we will be exiting the consumer market and you must choose another option for data backup before your subscription expires. We are committed to providing you with an easy and efficient transition.
They partnered with Carbonite but Carbonite's offering just isn't what CrashPlan's was. For example Carbonite only keeps deleted files 30 days.

Then during the Black Friday sales I saw an offer from StackSocial for 2TB for life for $39.99. (That has since gone back up to $49.99.)

I had to look at that.

What StackSocial was offering was Zoolz Archive Home. What comprised the 2TB was 1TB of Instant Vault storage and 1TB of Cold Storage.

Instant Vault has to be accessed using a web interface. You can also generate shared links for the Instant Vault storage like DropBox.

Cold Storage has a Windows Service that manages the backups like CrashPlan. Cold Storage uses Amazon Glacier as a store. This means that it takes approximately 3-5 hour to restore from Cold Storage. I don't see that as a problem for backup.

My CrashPlan backup was about 400GB so it's going to take a while to backup all that to Zoolz but it's chugging along just fine.

As a backstop I've signed up for CrashPlan for Small Business at 75% discount for a year.

Sunday, January 28, 2018

WOA, Again

I've blogged a couple of times (here and here) about the emergence of ARM in the (formerly) Wintel world (known as Windows On ARM - WOA). It's coming faster than even I expected.

We all try to forget about the ill-fated Windows RT devices. I hope you didn't buy one.

But now...

At the recent Microsoft Windows Hardware Engineering Community (WinHEC) event in Shenzhen, China Qualcomm announced Windows 10 devices powered by their Snapdragon processors.

They promised three big capabilities:
  • The screen turns on "instantly"
  • LTE is built right in
  • The battery can last for days
This isn't another Windows RT variant. Windows 10 on ARM will support Universal Windows Platform (UWP) apps and Win32 apps in the Windows Store, as well as existing Win32 apps.

That pretty much means everything.

HP, Asus, and Lenovo have already announced Windows 10 devices running on Snapdragon processors.

In one of his podcasts, Brad Sams described it this way:
This is kinda like Day 1 of the new generation of Windows-based machines.
Here we go!

Sunday, January 21, 2018

Windows 10 Rant

I haven't had a good rant in a long time. And it's not that I dislike Windows 10. And it's not that I don't like Windows 10 upgrading (different than updating) regularly.

Remember back in a previous post I enumerated the various versions of Windows 10. There's been more since then and a commitment (threat) from Microsoft for 2 per year.

In that post I noted 2 issues with the Anniversary Update (1607). They have continued with the Creators Update (1703).

I'll try to recap the things to look out for as Microsoft leads us down this trail.

Microsoft will silently remove drivers and software that they think aren't compatible with the new version of Windows. I have had my video drivers removed twice including the non-driver program used to update the drivers. Most recently they removed my VNC service. Microsoft admitted to the EU that they remove third party antivirus in certain conditions. I understand why in some cases that these actions are necessary but please don't do them SILENTLY.

Microsoft twice has reset password network protected sharing. I don't see that that has anything to do with a new version of Windows.

Microsoft has turned off System Restore. You find this missing at the worst possible time when you need to fall back to a known good state. You can turn it back on but still...

Sunday, January 14, 2018

One More Log on the Fire

If you're a regular reader you'll know that I'm a proponent of using Windows Defender as my anti-virus. While that it's free is a big factor for me, that it doesn't introduce new vulnerabilities into Windows is even bigger.

I've discussed that here, here and here.

In Microsoft's announcement of their patches for Meltdown and Spectre they included the following:
Note: Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:
Read that again.

If your anti-virus vendor doesn't set a new registry key you will NEVER get another security update.

Now, certainly mainstream anti-virus vendors quickly complied.

But what that means is that mainstream anti-virus vendors have been using non-public kernel calls.

Don't do that.

Further if you don't run any anti-virus you must manually set that registry key or you will NEVER get another security update.
In cases where customers can’t install or run antivirus software, Microsoft recommends manually setting the registry key as described below in order to receive the January 2018 security updates.
There's a pertinent blog post here.

Sunday, January 07, 2018

The World Revolves Around Memphis

Chrome 63 is forcing all domains ending on .dev to be redirected to HTTPS via a preloaded HTTP Strict Transport Security (HSTS) header. This may impact organizations that have been using .dev TLD privately for their own development teams.

Now most of us don't have to worry about that but it reminded me of a situation I had encountered at a former company.

My company had acquired another company. They were using an address space for their internal TCP/IP network that was routable but didn't belong to them. Obviously they weren't connected to the Internet.

They also had an internal DNS server that used their company's initials as a TLD. Needless to say that weren't the owner of the TLD.

Yeah, it took us a while to integrate them into our network.

But that was just the start.

As we were upgrading SAP worldwide we changed the GUI to use DNS rather than a hard-coded IP address. Then we pushed that change worldwide.

Then the SAP Basis team changed the target of the DNS name and watched for fallout.

Europe failed and was quickly addressed by updating our European DNS server.

But oddly, seemingly random US facilities were also failing.

We finally discerned that these were all facilities of the former company.

The on-site LAN admins determined that the locations' PCs had their DNS pointing to the former company's servers. Obviously they hadn't been updated.

When I reached out to management at the former company he responded that "You act like the world revolves around Memphis."

My response was "When it comes to DNS, it does."

Those were the good old days.