I find myself pretty busy now with writing, both for private clients and for publications. I’m back on ZDNet and trying to write as much as I can there. I believe this is actually my 4th time writing for them, going back to when they were started and I was a Ziff-Davis employee.
Here are my first few columns:
Windows 10 updates still largely opaque
The details Microsoft provided for the Patch Tuesday updates to Windows 10 are vague and unactionable, but that’s usually all we’ve ever gotten from them.
The internet of military things: Logistics dream, security nightmare?
IoT is a natural for the military, not just on equipment but for health monitoring on soldiers. But oh, what an attack surface!
When the Internet is down for us, many of the things we do become unavailable. Many organizations are, in effect, crossing their fingers rather than planning in earnest.
At the enterprise level IAM and SAML mitigate the password problem. Out on the civilian Internet our best attempts, mainly OAuth and OpenID, have fallen short. Passwords are a problem that will be with us for a long time.
If Microsoft has enough patience to stick with it, Windows Phone could be a much more successful platform within a few years. The future is the mobile web.
Finally Microsoft has provided a way to unify endpoint management of mobile devices and Windows desktops, but it’s doomed to many years of impracticality.
Nothing has changed the way I use computers in the last few years more than Dropbox. The ability to get at my files from anywhere has made a huge difference. But it’s the cloud – not Dropbox specifically – that has made the difference. Any cloud storage service that also supported all the platforms I need would do as well… wouldn’t it?
There are a few biggies in the market, but Dropbox is the biggest, best-known name. My opinion is that they got this good reputation for a simple reason: They have the best software. I’ve tried a bunch of these services in the past: Box, Google Drive and Microsoft SkyDrive. There are others, like SugarSync, but I’ve never paid much attention to them.
About a year ago I gave Box and Google Drive serious attempts. I thought Box’s software was awful. Google Drive was OK as was SkyDrive, but at the time Dropbox seemed the best deal because the software was drop-dead simple and many of the people I was working with already used it. I have a 200GB Dropbox account, the subscription for which expires in October, so I thought I would re-evaluate things.
Security and management in the mobility space, at least since the dawn of the iPhone, has always had a “figuring it out as we go along” quality to it. So far we’ve gotten away with it; even though the potential for significant security breaches via mobile devices has always been there, and even though compliance with best practices in mobility is a rare thing, I’ve seen no evidence that they are a significant source of actual breaches. The real problems are what they always have been: SQL injection, weak passwords, social engineering, etc.
In the meantime, the market for products to manage and secure mobile devices has been maturing. Of course management and security should be closely-intertwined, if not run by the same products. That can be difficult when the major products don’t include more than trivial management capabilities and very little is compatible cross-platform.
This has created an opening for third parties, and those third parties have flooded into that opening. Several large and important companies have emerged, such as AirWatch, Good and MobileIron. They have all been on acquisition sprees and are attempting to fill out the gaps in their management capabilities.
I’ve been struggling for a good year now with Microsoft’s decision to push users as hard as they are pushing them to use the new, modern user interface, what was once code-named Metro. Even in Windows 8.1, a.k.a. Windows Blue, it is the primary user interface. Why is Microsoft forcing us to use the new modern UI?
“Forcing” is perhaps too strong a word I suppose (although it’s a good one for a headline). You can continue to use conventional Windows programs – hell, even text-mode console programs – and keep using a conventional keyboard/mouse computer, but they’re all legacy now, at least for programs with significant user interface.
Moreover, and Microsoft’s protestations notwithstanding, Windows 8 is far less usable on a conventional computer without a touch display. You need to get used to a few gestures and then things are not as bad, but they are still markedly inferior to Windows 7, particularly in desktop mode.
Why would Microsoft make the old interface so undesirable? In order to make the new one desirable. Why? There are a lot of reasons for that, but one very big one is security.
(Originally posted Monday, June 24, 2013)
The advertising industry is in a huff over Mozilla’s plans to support “The Cookie Clearinghouse” at the Center for Internet and Society (CIS) at Stanford Law School. The Cookie Clearinghouse starts with some browser behavior changes and adds what Mozilla’s Brendan Eich describes as both block- and allow-lists of sites and a mechanism for managing exceptions to them. What would be blocked? 3rd-party tracking cookies.
The advertising industry is indignant, as they have been in the past when their abilities to track users are impeded.
As Eich says, it will be months before this hits the release versions of Firefox but there certainly seems to be a lot of indignation out there at how much business would be lost by the Doubleclicks of the world and other sites that people don’t visit, but which visit them. That’s how 3rd party cookies work.
And yet, something seems so familiar to me about the whole “Cookie Clearinghouse” thing… It sounds so much like…. Like Internet Explorer 9.
[cue harp strum…]
(Originally posted Wednesday, June 12, 2013)
Today it occurred to me that an idea I had long ago, that I wrote about many times and nagged Microsoft to implement, that they refused to do for reasons which I understood but did not sympathize with, well they have done it in Windows 8. But not because of anything I said.
My idea, the first incarnation of which I first wrote about for eWEEK in 2007, was that Microsoft should open up Windows Update to 3rd parties to offer updates. The obvious candidates were programs like Adobe Acrobat and Flash which were emerging at the time as major malware platforms. (I’m pretty sure I had this idea much earlier, maybe 2005, but didn’t write about it till this column.)
Microsoft politely declined to respond to my suggestions. Off the record people told me that they couldn’t accept the liability of distributing other people’s updates. There’s something to this, and so I modified it in a later column (which I can’t find at the moment), that what Microsoft should open up is just interfaces to Windows Update: They don’t need to host anyone else’s updates, they just need to allow programs to register at install time with the system to pull updates from a location at the ISV using Windows Installer protocols. In this way, if users are set up to use Windows Update, they will at the same time update, through the ISV, all applications registered with it.
(Originally posted Wednesday, June 12, 2013)
Ed Bott’s column this morning does a good job of explaining how, with Windows 8.1 (Blue), Microsoft is going hard-core for the tablet market. What he doesn’t go on to say, and what is the unfortunate corollary, is that they are actively using Windows 8/8.1 to drive users off of non-touch systems on to touch-enabled systems.
With Windows 8, Microsoft redefines tablets as PCs, with their tablets having the benefits of PCs (keyboard, mouse, printing, corporate network access, etc.). Keyboard and mouse maybe there on your tablet/PC, but they aren’t your main interface to the OS – touch is.
(Originally posted Friday, June 07, 2013)
Microsoft has dropped strong clues, without saying it explicitly, that, Internet Explorer 11 in Windows 8.1 (Blue) will support WebGL, a DirectX-like standard for fast gaming on the web. The biggest clue was this video they posted on Vine.
Others have found direct evidence in leaked builds.
It’s not hard to see why they would want to support WebGL. Everyone else does. They spelled out the reasons they haven’t so far in a Security, Research and Defense blog post 2 years ago.
Larry J Seltzer 
Recent Comments