Friday, June 25, 2010

Windows 7: Byte Me

I've had to play with Windows 7 in the workplace lately.

It's been...interesting?

First of all, Microsoft did improve heavily from Vista. Vista was frustration wrapped in a pretty eye candy shell, and no matter what you did to try and enjoy the candy the frustration was just itching to burst through and make you gag.

At least now it doesn't nag you quite as much.

That said, I've still had issues with Windows 7.

I hate not being able to easily run something as administrator. I find that I have to type "cmd" into the search bar and then right click on the result to "run as administrator."

We use a VNC server to remotely work on many of the desktops in our organization. Windows XP? It wasn't a problem. Under 7 (and Vista when we tested that abomination) we needed to run something like UltraVNC, because the version we were running isn't compatible with the security model used in newer versions of Windows.

I also was more than a little irritated when I could no longer run XLiveCD, a CD disc that has a standalone set of Cygwin tools and X Windows client for Windows. Pop in the CD, run it, and it allows me to secure shell into a Linux system at the office and run my mail client or other tools on my office system. Exit out, and there's no trace of anything on the client computer. Really handy for getting some work done in the field. Windows 7 won't allow me to run it, no matter what I've tried (compatibility settings, permissions, running as administrator...) How annoying!

Another item; I had to change some permissions on icons placed on the desktop of a system. They were icons for everyone, but because of the way my boss made a batch file the icons were placed in a directory for everyone to use under Users but the permissions were set to just the administrative user running the batch file. I went into Users (since documents and settings is no more) and went into all users (after I finally found the setting for showing hidden files and folders, since the file menu is gone now from Explorer windows.) I went into All Users, but even as an administrative user I couldn't get into the "desktop" folder.

I swore a few times and my supervisor came over. "Oh no, it's not there. Go up one and go into Shared." (It may have been Public, I'm recalling this from memory and am too lazy to look it up.) Sure enough, that folder had the Desktop folder for all users who log into the machine.

"That's stupid! The folder sounds like one used as a common sharing area for any user to share documents with each other..."

"I know. But that's what it is now."

Bloody @#$.

Then I had to reset the permissions by selecting the folder containing the desktop files and resetting the files from there, since I couldn't just select the files and tell it to change permissions to those inherited by the parent folder as I could under XP.

Then today I had an application that is niche, used by only a few of our users but "vital" (due to more mandates from outside our control) for their job function. The program looks for "Windows NT 4.0 SP 6 or higher", and installed .NET runtime 1.1, if that tells you anything about the age of the program. It looks like something shoveled together at the last minute and shoved out the door, then as long as the #@#% thing ran the company never bothered to improve it (hey, they have a contract to supply it and we're mandated to use it! So why should they improve it?!)

Can you guess where this is going?

I contacted the company, saying that we have this program that apparently has problems with Windows 7. Is there an update or patch?

"Nope. The workaround is to use a Windows XP SP 3 system until we get a chance to test it with Windows 7, maybe sometime next month."

Um...you're aware the Windows 7 has been released, right? And if you actually developed the product, you should have had a copy of the betas of Win7 to...I don't know...test with several months ago, yeah?

Great. Another company producing shovelware.

And I can't get the "compatibility" mode of anything to work with this piece of crud. Then I saw something that gave me hope! Windows 7 XP mode!

Basically, it's a virtual machine running Windows XP for backwards compatibility!

I downloaded the 500 meg installer from microsoft, installed the virtual machine software, then installed the update patch (MS actually had a convenient web page with a "install this, then install this, then install this...set of instructions and download buttons.) I was getting irritated that I had to run some "Authentic windows" verification program, several times for reasons unknown to me other than probably clicking the link too many times while it was pausing to think about whether it actually wanted to do what I told it to do, and finally everything installed!

Then I created a new virtual machine. Oddly enough it said for memory I could allocate 4 to 511 meg. I skimmed the wizard's instructions (don't most people) and just clicked "next"; it beeped at me with an error. Apparently the default memory size in the box was 512, despite the warning that it could only go up to 511. My supervisor wondered what was going on when I blurted out, "How fucking retarded is this thing?!"

He just shrugged and went back to what he was doing once I explained what Windows was doing again. Because really, how hard is it to check that error condition?

Fixed it, created the VM, and double clicked it, giddy with excitement that I may have found the solution to our problem. The computer hesitated, gave a busy pointer for a moment, then *blip*...blue screen of death.

The machine rebooted, and I tried again. *blam.* Blue screen of death.

Yes, I found a great Windows simulator here.

I slammed the desk with a fist and moved on to Googling the error. So far I found griping about problems with XP Mode on Windows 7, but no solutions. The last thing I did before leaving was upgrade the BIOS since it was an older computer, but haven't tested it again.

So what do I think of Windows 7? It has potential. It looks nice, it has great features, it's leaps ahead of Windows Vista, but it's still frustrating as hell half the time and the rest of the time it's mildly irritating. It's broken a lot of software, and if you're using software by developers that played loose and wild with best practices you'll be lucky if your software works properly.

There are those that would say it's just because I'm used to "bad habits" from Windows XP. Perhaps they are right to some degree. On the other hand, every irritation is one more reminder why I have come to prefer the Mac as my computing platform. It's not fanboy fanaticism or a need to feel superior to Windows users. It's because I find it far less frustrating to use and it doesn't get in my way even half as much as Windows.

Sunday, May 16, 2010

OSNews isn't OSNews

One of the tech sites I follow is OSNews. It was originally a website for...well, news about operating systems. Linux, Windows, OS X, etc.

A recent post was titled "Why OSNews Is No Longer OSNews." The editor outlines how OSNews shifted from news about operating systems into more general news about technology, Recent stories cover news about Adobe vs. Apple and H.265 developments and Microsoft Office changes, rather than developments about new kernel threading implementations in Linux or compatibility changes in Haiku.

The article was pretty good, and I'm not writing to rehash what Thom Holwerda wrote in the article. I am writing because as I read the article and ensuing comments, it actually dawned on me the scale to which computer technology has "standardized" and stagnated.

I became interested in computers and platforms in the dawn of home computing. I was born at the dawn of the birth of Apple Computer. I saw the introduction of the Macintosh. Okay, I didn't see it, but I was becoming aware of the world and computers in 1984 when the infamous ad debuted. The Internet was expensive, slow, and difficult for home users to get access to, so I relied on shopping in local department stores (remember when Sears mattered?) and magazines in bookstores to get news about computers, and Byte and Computer Shopper were chock-full of stories about AmigaDos and AmigaOS, OS/2, the fledgling pseudo-OS called Windows, various flavors of DOS, CP/M,...all sorts of technology goodness.

But gradually the stories about operating systems dwindled because companies closed down, markets dwindled, and eventually the biggest of the niche OS's like AmigaOS were relegated to hobbyist markets. Magazines started changing their focus into something more like Cosmo for geeks; "Win95 vs. OS/2 vs. NT! Which is Best For You?"

Fast forward to today and you have the situation that the OSNews article was discussing; hobbyist OS's are largely stagnant. Operating systems are basically, for practical purposes, down the the "big three" of OS X, Linux, and the Windows family.

Hobbyist OS's that I can name include MorphOS, FreeDOS, ReactOS, Plan 9, and Haiku. There are others, but for the most part, the number of installed systems are tiny. Really tiny.

The comments put the second part of the puzzle in place for me; people commented that in colleges, computer science majors didn't have to take compiler courses. Someone else said that more recently they went to a nearby college and the computer science majors weren't even taking courses on operating systems. I remember when I went to college that the debates focused on what the latest, most relevant computer languages were to teacher...Java? Python? Should we keep C++?

My daughter applied to the college I went to, so I was able to kind of revisit what was going on with their CS program. Basically, it's gone. The college is doing something more like an information technology track rather than a computer science degree that focused on data structures and how the system worked under the hood. This would be akin to people going to a vocational school for auto repair and learning more about body work and adding spoilers without going over how pistons or fuel injectors work.

Basically, we moved to a position in technology where the public has popularized particular platforms, and the focus has shifted into the more shallow but productive application of technology. We aren't teaching data structures or operating systems and more technology-oriented interest have nothing to do with the underpinnings of improving the computer platform, it's focused on applications and supporting Grandma so she can get her email.

I'd love the hobby OS's. I had an installation CD of BeOS when it was distributed to the public for the Intel platform. I disliked MacOS because it relied heavily on cooperative multitasking, and found it fascinating when Win95 introduced preemptive multitasking to the platform (except for the Win16 subsystem, and to a degree I guess the Win32 subsystem addon for Win3.11 had some elements of preemptive multitasking, but still...). End users just glazed over when told why these things mattered. They didn't care because they just wanted to play games and browse the web. While things under the hood improved with these features, they were quiet improvements and added largely because they improved the user experience without them knowing it.

What hobby OS's are out there are relegated to R&D departments (Plan 9) or are so hobby that they basically, for practical purposes, boot up and do little else unless you're using the machine exclusively as a platform for simple web browsing and email (if you're lucky). To get any actual work done you have to use one of the "big three" operating systems.

If OSNews only covered news for operating systems, they'd have new stories maybe once a month. There simply aren't too many people working on operating systems and those that are are working just on operating systems; I can't use it to accomplish things I use every day reliably, and without more development on applications the operating system is largely useless.

Basically one of the things that attracted me to computing as a career is dead. Commoditized. And it's a shame. My first computer was a Commodore 128, and my first PC was a 486sx 33 Mhz system with 4 meg of RAM. Today if you get a new computer to run Windows 7 you really need at least 2 gig of memory and a 100 gig hard disk. But I still remember running BeOS on an Intel system that was only a couple hundred Mhz and something on the order of 128 meg of RAM and it was able to render an animated OpenGL demo without any stutter or pausing. I was spinning a three-dimensional cube on the screen while each facet played a different movie file without stuttering. It was absolutely amazing that something with such a small amount of resources was able to pull this off.

In other words, the these hobby and research (and niche) OS's can do some really amazing things, but if they don't have anything to edit home videos or play podcasts, what am I going to do with it? How many half-rendered or unreadable web pages will I have to work around before it just annoys me too much to use it?

And without users, these projects stagnate and die off. There's very little variety.

This isn't necessarily bad; as technology has become more popular (i.e., dumbed down until the average teenager could waste an entire day playing flash games and sending pointless text messages to one another) variety becomes a detriment for support and usability. It's horrible, but the more choice you give people, the more confusing it is for people who don't love the platform itself. I can relate. I don't really give a damn about who and how my tires are manufactured or what kind of configuration my engine is in my car. I just want to get to the store and run errands without a huge cost. Same for computers. As the userbase shifted away from technology geeks and educated, savvy users to more general Mom and Pop users the operating system platform became more bland and general, and feature lists were focused more on eye candy than on multitasking and memory protection.


Computer technology is going the way of the wild west. When I first became interested in the tech I was voraciously digesting articles that explored the nitty gritty of memory protection and multitasking algorithms and what additional specialized hardware made the Amiga computer from Commodore rock the special effects industry. Today, computers are migrating into appliances that are supposed to be as easy to use as VCR's and microwave ovens and are cheap enough that if they break, the cost to repair them is often higher than simply buying a new one at Wal-Mart. They're becoming civilized and boring.

I'll continue to read what news articles emerge regarding Haiku or ReactOS or a new project that still shows signs of life. I would love to try out an operating system that is niche enough to address problems with my operating system platform of choice or introduce cool and useful features without having to sacrifice my ability to "get stuff done." And I hope that these mini-projects can inject some excitement to the profession (Plan 9 has some really really interesting concepts in it...now if only I could edit video or use it to enhance our IT infrastructure without users crying and whining that it doesn't run Internet Explorer, I'd love to play with it more.)

Otherwise I guess I'll have to either move with the times or seriously look at shifting careers. The excitement simply isn't there anymore. I guess that's one of the side effects of not inventing the future but rather moving with the passage of time.

Thursday, May 6, 2010

Lower Merion School District Spying Report Issued

The findings of an independent consulting company (Ballard Spahr, LLP) were released recently regarding the remote monitoring of student laptop computers by the Lower Merion School District. Already it spurs an outpouring of vitriol in comments from the smart masses who think they understand anything that is going on here. Personally I think there's a huge disconnect between the peanut gallery and their perceived intelligence.

The report, an approximately 70 page outline of everything that was leaking into the press and then some, basically said what I originally thought. The school district has a lot of idiots running it. Not in so many words and perhaps not for the reasons people would think, but they did some pretty spectacularly stupid things.

The biggest problem, of course, was the IT department hiding the presence of the tracking software. It wasn't so much that I can't relate to their desire to hide it from people in case they try to circumvent the protection; I work in IT. I know people could do that. But anyone with half a brain in IT knows that security through obscurity won't work well. The laptops, if stolen, could easily be wiped and reinstalled with a clean OS image, and the tracking software would be useless. They not only hid it was there, but apparently they tried to obscure the fact that the software was there even when rumors were swirling about its existence. That is a blatant lack of respect for the students and faculty. Whether you regard them as little vengeful monsters or not they still deserve not to be lied to.

A very close second (okay, maybe it's a tie) was the lack of an updated usage policy for taking technology home. There were no documents to disclose modified acceptable use policies for using the laptops at home versus on the school network nor was there disclosure about potential security and privacy issues in the documentation given to parents.

Everything else in the report seems to nick the school for lax and ill-codified policies, and not being fully forthright with administrators and board members.

As someone who has to work in IT, I think the two biggest sins were the lack of properly documented procedures and the hiding of the ability to monitor the laptops. The fact that administrators and board members didn't know about these things, or didn't understand it, were not the IT department's fault, unless they went out of their way to hide it.

Really...there is a point where someone needs to take responsibility for themselves. The board didn't know about it because they didn't care. Neither did the administrators. They all had a vague idea of this ability, if they've seen evidence from the "anti theft" systems. What the hell did they think it did? That this stuff runs on unicorn farts and fairy dust?

I deal with users all the time. They care about how and why their systems work about as much as you care about how your car engine works. The IT department didn't explain it to them because it was a waste of time to do so! I've dealt with users to whom I've explained a simple (to me) concept several times and they simply don't listen. I can repeat it until I'm blue in the face and it doesn't matter. So why and how would this IT department telling their school board about activating timed snapshots from a webcam and screen capture utility while logging the remote system's IP address to a central server make any fucking difference to them?

And lack of following formal policies? In most smaller businesses and schools and, I'd venture, government agencies, following strict, codified policies is a luxury. We always hold up best practices as an ideal but more often than not they're aspired to, not followed. Departments like those in public schools are under immense pressures from the powers that be to just get a task done, and if it's held together with duct tape and broken pencils then so be it. Doing it "right" takes money and time. They don't want it done right. They want it done now.

While some would say that's an excuse, it's more of an explanation for the culture that this attitude has fostered. More often than not if something works, then it's good enough, and it saves money. If it's actually bad enough to bite you in the ass later then it will be fixed then. Otherwise, good enough is good enough.

What I find interesting is that lack of citing personal responsibility by the peanut gallery. These kids were using school property and apparently treated it like their own property. It wasn't. I was floored when this story broke and people were raving about how they'd format the computers if their kid had brought one of them home; yeah, right. You can't. It's not yours. The school was extending it as part of an experiment in technology-based curriculum. And it's their computer. Not yours. Not a handout. Not your property.

I'd have trusted the laptop about as far as I could throw it. Any organization that "lends" you a thousand dollar piece of equipment, would surely have the right to inspect it for activity; porn surfing, games, inappropriate use, anything of that nature. What universe would you live in where you go to school, can't browse the web the way you want, can't play the games you want, but expect them to just hand over a thousand dollar laptop so you could surf porn at home on their dime?

Use your damn brain!

There was one report of a girl who had taken the laptop into the bathroom to listen to music while she showered, and the parent was furious because the school may have seen his little high school princess naked. Huh?!

Damp, humid room...thousand dollar laptop...electronics...water. What the hell was it doing in that environment to begin with?!

To me, there were a number of failures here. From hiding the fact that this software existed to lack of formal CYA policies to cover proper usage of the laptops at home to a lack of common sense from the students and parents, there was a systematic failure that happened here.

The sadder part in my view is the ignorance of the peanut gallery. It's simply too easy to blame the evil school district and portray them as completely at fault while completely forgetting that there was also a bit of an attitude of entitlement, that reality has slammed down hard on the community realizing that these free toys weren't free. 

Tuesday, May 4, 2010

Thinking About the Future of Data Access, NetBook Edition

've had some occasion now to reflect on the netbook and how practical it is to use it for mobile data access, and now I've been using a full-fledged MacBook Pro (albeit the 13 inch model). I've come to some conclusions about using them. What follows is some mental rambling, not a submission for consideration of a Pulitzer, but see if you follow my ramblings to get some semblance of what the overall picture is.

Basically, computing is moving in a direction where the term "netbook" is pointless.

What you have are more or less capable computers. Parts continue to commoditize in a way that renders computers into data access portals.

What used to be a netbook was basically a computer that scaled back speed and memory and storage to a point where it was cheap in a package that was small enough to easily carry. That was definitely the state of affairs with the Asus EEE PC I tested in my "going mobile" change in digital lifestyle.

My daughter is about to head to college, so I've kept half an eye on what computers are going for in terms of what she would probably need to take to school. The answer? Computers now considered "netbooks" are practically desktop replacements for the majority of users out there.

They aren't specialized systems that will rip through animations or video games with the highest frame rates and benchmarks. But she doesn't need that, and neither does the majority of users out there. She needs email, office applications, and maybe skype or instant messaging and web browsing. These $400 netbooks today are capable of that and more, and at that price they're practically disposable (another requirement, giving a teenager a piece of equipment that they're going to treat as well as their cellphone...it's most definitely going to have a finite lifespan before Mr. Floor or Mr. Beercan introduces itself to Mr. LCD Display).

The distinction between netbooks and notebooks are a non-issue anymore. You can buy a perfectly usable $500 machine and at that price if it lasts 2 years and something dies, it's better for your time and money to get a new $500 machine at that point than invest the money in fixing it.

And for the average user it means even less because whether they're aware of it or not, access to data is the important thing, not the computer. Most people I see now are getting information via Facebook and Twitter. They want to text friends. They don't care if it's done via email or their cellphone, they simply focus on the goal, not the means. And some are adopting tools to make them even more mobile; saving documents to Google Docs or a USB thumb drive means they can edit and print work in a computer lab or their computer or whatever computer they're sitting in front of at the time. It means that when their computer, whether a $400 "netbook" or a $2000 workstation, dies or is inaccessible or is back in the dorm while they're in another building the documents or work they need can still be accessed from another convenient system.

Parts of this revelation comes at a time when Apple is trying to redefine the non-netbook with their iPad. It's a big success for Apple. But as a computer, it both sucks and is wonderful. It doesn't neatly fit the niche filled by small computers, and Apple won't say it does. But it can redefine how people work. It's almost like the PADD device on Star Trek: The Next Generation.

It neatly fits a niche for conveniently accessing information. It can be shoehorned into being a device that can write novels or, with the proper application (or if you can program the application and get it accepted to the app store) manage servers with remote access applications like secure shell or VNC. It's ideal for what most users are using the Internet for; music, social networking website, watching videos, and in many cases instant messaging and email (although for most users that is interchangeable). It's wildly popular, and by using a combination of management tools with web interfaces and applications from the app store an iPad, while not a general purpose computer, neatly fills a niche for accessing information on the go.

Smart phones can also access much of this information. My wife's phone can get directions, Google information, and reserve movie tickets. An iPad with Internet connectivity will probably have similar abilities, as can a small notebook computer at a wifi hotspot. Three different devices with similar abilities but targeted to different audiences and tailored to suit some tasks better than others by their nature.

In the end it's the goal that is important to users, not the means. Tech people like focusing on the means. We bitch about Microsoft Windows and how it's like drinking cyanide, or why MS Office is a pain and overpriced while OpenOffice is great (and vice-versa). We debate using webmail versus Outlook versus Thunderbird for reading email. But for the average end user, it doesn't matter; they just want to use the computer and write a letter and send an email, and as long as they can do it with minimum hassle, they don't care about the means used to do so. And they'll do it with an iPad, a $400 netbook, a $1,500 Macintosh or their cellphone.

All that matters is that they can get the task accomplished.

When schools and colleges and businesses have IT departments worrying about computer deployment and management, they should probably take a few minutes to step back and reframe their perspective. It's not a matter of getting computers for students or employees. It's a matter of enabling access to the information they need.

Subtle difference, but the implications are quite large once you see them.

Tuesday, April 27, 2010

Microsoft Licensing: The Pain It Keeps On Rolling

I continued to set up the Dell machine from the other day. I started out my day at the office where I updated my supervisor on the installation, saying that the laptop couldn't be joined to the Active Directory domain because it was running Windows 7 Home, and apparently that ability is disabled in the home edition. I wasn't sure if he'd care because I thought the user was going to be using it primarily at home anyway.

"Nah," he said. "We have Windows 7 Professional and the licenses, just install that on it."

I sighed, packed up my shiny Windows 7 DVD (64 bit, since for some reason the home version of Windows 7 was 64 bit on that laptop with less than 4 gig of usable RAM...) and headed out to the office where I could work on that system.

I vaguely recall that Windows since Vista has been coming in a form where every version, and there are lots of them, of Windows is included on the install DVD. The different versions that cost you hundreds and hundreds of dollars between the lowliest, crappiest version to the least crippled version are all one in the same; they simply have functionality that is disabled or enabled depending on the license key you feed it.

Neat, eh?

Don't get me wrong with what I'm about to say. I personally hate using software that is crippled artificially. It was one of the reasons I initially moved to Linux; my desktop computer could act as a capable server, while Windows, despite being able to handle a modest workload, was throttled back in what it could handle simply because of a registry setting. Even though I never to my recollection was even maxing out the throttled limits I hated the idea that my system was crippled simply because of me not having more money.

At the same time, I understand and support that it is Microsoft's right to impose limits on their users, as we have to agree to the license in the first place and that license places these (irritatingly arbitrary) limits on the end user. That's why I moved to Linux instead of pirating Windows. It's their product. They dictate what can and can't be done with it.

That said, why is it that Microsoft seems to go out of their way to make a task as simple as installing our volume-licensed, legal copy of Windows 7 Professional over the default Windows 7 Home preinstalled on a Dell laptop?

Here's the thing; for the most part, choice is bad for ease of use. You give users choices, you make them think, you give them the opportunity to screw up. That counts against you in the ease of use department. Weird, isn't it?

Microsoft has outdone itself, going out of their way to make something as simple as licensing into a pain in the arse.

The DVD we have actually has two licenses printed on it. One is KMS and the other is MAK. KMS is their Key Management Service key, and MAK is their Multiple Activation Key. Two really long string of numbers and letters that belong to our business. The difference? The KMS key allows us to have an "in-house" server to handle activations more or less automatically, while the MAK key allows us to input the MAK key individually into systems that then call Microsoft over the Internet to activate. Both the MAK and KMS keys are types of Volume Keys.

Making sense so far?

The Dell laptop with Windows 7 Home apparently has a self-activated key already installed. I popped in the DVD with Windows 7 and told it to run Setup. Setup started chugging along, asking a couple questions, then  it got to the point where it asked if I wanted to upgrade or clean install. I said, upgrade! I already installed an antivirus and our full version of Office (after deleting some crappy trial version of Office that was on the system when we received it for configuration. Setup started looking at the drive and said, "Nope! We can't do that with this version of Windows! You have to run the Windows Anytime Upgrade from the start menu!"

Ah-ha! It does have all the versions of Windows, I just need to plug my key there!

I do a search, since the menu system in today's incarnations of Windows makes it damn near impossible to actually find anything now, for the Windows Anytime Upgrade utility. Run it, it asks for the key. I put in our MAK. It rejects it.

Apparently you need a special Windows Anytime Upgrade key in order to activate that function.

So now I have a licensed, pre-activated Home key, a MAK key, and a KMS key, and none of them do me a damn bit of good because I need a WAU key.

I swear, several times actually, and re-run the setup utility, this time telling it to nuke the C: drive and start over.

This time it worked. I had to spend most of the day reinstalling Windows (Professional, this time), reinstalling Office, reinstalling antivirus, and all the miscellaneous utilities that I had installed but wiped out in the full reinstall.

This wouldn't piss me off so much if I hadn't seen the alternative way to handle licensing. In Linux, there are no real restrictions. You may get a flash of the GPL license, but no key to enter, no restrictions on how you use the operating system (other than what the GPL enforces, which for most users is of no consequence).

On OS X, there are licensing restrictions, but Apple largely takes you at the honor system. Their attitude seems to be, if you put the operating system on hardware that's not ours and it doesn't work, you're screwed, buddy. Apple is largely a hardware company. They make money from their hardware and services. While they have restrictions on what you can and can't do with their software they don't go out of their way to make customers bend backwards while gargling Yankee Doodle Dandy on a unicycle in order to install their software on their hardware.

In the end it feels as if you buy their operating system just by having purchased the Mac. It doesn't bug you for software keys or activation. It just installs. The closest I've had to being locked out from an installer was trying to use a MacBook installer CD to reinstall OS X on an older system whose hard disk had failed. The install CD was keyed to work only with MacBooks, even though it was the version I had on the PowerMac before it died. I think I was still able to reinstall on the new hard disk by booting the Mac to Target Disk Mode and installing from there, as I recall.

No pestering. No nagging. Definitely no typing thirty-digit codes by hand. Maybe Apple just thinks it's not worth pissing off or frustrating customers for the possibility that someone will pirate their software. I had to take my mother-in-law's old G4 notebook in to an Apple store after the operating system became corrupt, and in the end they did a restore from a clean image. The guy at the Genius bar asked what version of OS X was on it.

How would I remember? I haven't looked at that system in probably two years. I can't remember what I wore two days ago, let alone what my mother in law had on her notebook. I guessed 10.4 judging from what I probably had on it when it became her system.

The Genius didn't ask for proof. Didn't hassle us at all. I think he was prepared to install whatever version I said (except Snow Leopard, since that didn't work on G4 Macs). Oh dear, they might lose $30 if I stole a newer version of their operating system! Instead, they made happy customers a priority over losing a drop in the bucket in change.

On the other hand I ended up losing most of a day of work because I needed to install from scratch Windows because I didn't have a particular type of key. Because the keys we paid lots of money for, legitimate keys, wouldn't work to do an in-place upgrade that would have taken ten minutes.

Thanks, Microsoft. One of the largest companies on the planet and you manage to make something as simple as installing your operating system a major hassle for a legitimate customer. Let me wave my "you're number one" sign at you without using my pointer finger. With both hands.

Sunday, April 25, 2010

The Unpacking Experience: PC vs. Mac

I wrote that I recently purchased two 13-inch (mid-2010) MacBook Pros as gifts for myself and my wife. Late last week I also had to unbox and configure a Dell Inspiron 1750 (reviewed by PC Mag here and on Amazon here).

There is a significant difference in pricing between the two laptops and it wouldn't be fair to bitch about things that are primarily pricing differences. On the surface, there are several similarities that would make little difference to the end user; four gig of RAM on both, they both have webcams built in, they both have ports for external video (although the Mac isn't standard and requires a $30 adapter purchased separately), disc burners, etc. Most people, the vast majority, won't care about the manufacturer of the RAM, the brand of burner, or for the most part (unless it's really really bad) the resolution of the built-in camera.

The differences that really slapped me in the face were due to the differences between operating systems. This is something that is very much in the control of the manufacturers, regardless of the pricing of the laptops and the included hardware for the most part. Every time I cursed because I hit another roadblock to overcome was another "papercut" that makes me hate the hardware and software just a little more.

The Mac started up with a nice little flying welcome and music score before asking me some questions for basic setup. It took a few minutes before I was at the Finder desktop. Then I proceeded to run system updates; despite the system being introduced, literally, a week ago, it had two somewhat large updates (a little north of a hundred meg of downloads as I recall). Two reboots, done. My system had iWork already installed and I then proceeded to download some software that I planned to use (OpenOffice, FireFox, etc.) and all was well. I literally had a system ready for my personal use in about an hour or so, not counting the long process of copying my personal data from my old drives to the new laptop.

Not everything was gummy bears and rainbows. For my personal use, I wanted the laptop to run with encryption. The Mac uses FileVault for built-in encryption protection of your files, which is fine (aside from scary stories of the disk image now used for your home directory becoming corrupt; if it gets corrupted, you lose your whole home directory, not just a few files).

I also wanted backup protection. For the longest time I was very much a manual-protection person; I ran a script that synced my hand-created directory structure for personal data to external drives. I kept my photos in a folder structure I made to my own specifications, I kept my documents neatly organized, and if something happened I would just rebuild the computer from a clean install and copy the "files" folder from my external drive to the new computer. Fairly simple.

The Mac encourages...strongly...using a feature called Time Machine. It is really snazzy in that it creates hourly snapshots of your data to an external drive and has a neat almost Dr. Who-like flying-through-space interface for browsing your data as it changed over time. Just plug in an external drive and the Mac pops up asking if you'd like to use it as a Time Machine volume and from there handles the backup details in the background.

The problem? Use FileVault, and it will only back up your data at logoff for FileVaulted users. And you can't restore individual files from the Time Machine interface if you use FileVault, only the whole home directory. Ouch...

The process of enabling FileVault and Time Machine together on the Mac wasn't one hundred percent smooth either; the first time I enabled Time Machine, it said I was backing up about 150 gig of data (everything I read said this wasn't possible, as about 140 gig of it was my home directory and that wouldn't work until I logged off). Hmm...I think I'll log off to help it.

When you log off of a FileVaulted system the Mac will go through a process of recovering space on the disk; it's shrinking the disk image used in the background for storing your home directory data. Usually it doesn't take too long (unless you created and deleted a huge file during your session, I suppose.) Here, it did. It was going on ten or fifteen minutes before I made the decision to kill the machine from the power switch.

Reboot, came up, logged in without error (disk check revealed no problems). I did a reformat of the drive I was using for backup so I could start from scratch. Then I let Time Machine do its thing, this time staying logged in while it ran the first time. It told me it was backing up around 150 gig. Chugged along, and all of a sudden said it was done. Apparently it backed up the system and quit once it found the FileVault home directory image.

Logged out, and this time it recovered disk space in just a few seconds and the prompt changed to "backing up..." with a progress bar. Hours later (hey, it's USB...) it completed without issue. Definite user friendliness issues with how that was implemented, despite the somewhat scary warning that comes up when you turn on Time Machine with FileVault enabled.

Thinking back over the past week or two that's the only thing that really stood out as an operating system issue in migrating a brand new out-of-box system to my primary workhorse so far.

The work laptop running Windows 7 was in my experience far more frustrating.

Turned it on and the system asked me a few standard questions for configuration. Nod nod, yeah yeah, click click.

Next I was going to install our licensed copy of Microsoft Office. Usually it's pretty standard, but I had the slight irritation at having to remove the "trial copy" that was on the Windows 7 system first. I hate it when makers license "trials" of crap. It's a trap for users; they think they own the software or it came with the system, only to have it pop up errors a month down the road asking them to purchase it if they want to keep using it.

Then McAfee popped up with notices for updates and advertising. Another big peeve of mine related to what I just noted, because the user thinks they have antivirus protection when really it's a limited trial that will bug them to purchase further protection down the road. Users really don't think about these things and remain largely ignorant of the topic, right up until it stops protecting them. Errors pop up but the user just typically clicks through them until something goes really wrong, takes it to their resident geek, and he finds that the computer hasn't had updated virus definitions in six months and the user assumed it worked because they had McAfee (or another vendor's software) installed.

Uninstall uninstall uninstall.

Next I tried to put it on the domain. Guess what? Whoever purchased the laptop bought it with Windows 7 Home. Windows 7 Home won't connect to a domain. Another peeve of mine; artificially crippled software. I know it's a licensing issue and Microsoft has every right to do this with their software. It explained that this version of Windows is unable to join a domain. It's still a pain in the arse that I threw into my curse-pile after having to uninstall trialware crap.

I next had to uninstall a Dell wireless utility. On our network for reasons never fully explained the Dell utility for wireless interferes with the ability to connect to our Cisco wireless access points. Delete the utility, let Windows manage the connection, generally there's no problem after that (although now that it can't connect to the domain, I suppose the point is somewhat moot). I deleted the utility as we've done with countless Windows XP systems. Suddenly the system conveniently forgot it had a wireless card, period.

A big sigh and a dig through the box yielded a Dell Resource Disc with the drivers (ALREADY INSTALLED, it proclaimed). I inserted the disk and it prompted me to run a setup program first. Huh?

Okay...run install. Then it prompted me to remove the disc and reinsert it. Okay.

Then it popped up an error that I had the wrong volume in the drive.

Told it to continue twice and it suddenly decided it was okay. It ran a program that detected my hardware. Okay, I think, this is a turn for the better because now I don't need to guess the hardware!

It popped up with the Inspiron 1750 page and gave me an option of installing one of four or so drivers for the wireless card. Um...aren't you supposed to have detected it?!

I ran the first one. It told me that hardware wasn't installed.

Started running the installer to the second one. Suddenly Windows detected the wireless card, installed driver support (while the second installer hadn't run yet, it was just finished extracting files). So Windows now had the driver rediscovered and working, apparently, as it now had it in the device manager again.

That resource CD was a waste of time, and who knows what the installer littered on the drive?

The Mac doesn't have this issue because Apple hardware is tightly integrated with the operating system. If you buy OS X as an upgrade, it will have drivers to update all the hardware that it is known to support built right into the operating system.

What I don't understand is why Dell goes through the trouble of creating a separate utility that rides on top of or supersedes the Windows wireless utility. If it works fine for the purpose I'd far prefer having the built-in system over a third party utility. When I sit at the Mac, I know what to expect when I want to change settings, whether it's my system or a friend's system. On Windows, there's the Windows utility and there's a vendor utility or there's a manufacturer's utility (do I use the Dell configuration program? Windows? Intel?), and sometimes they work or they goof each other up.

Confusing, and definitely not user-friendly.

Not to mention that adding additional layers of software for redundant functions adds complexity, and with complexity comes more possibility for failure or bugs.

In the end I'd prefer that manufacturers stop adding trialware crap to entrap clueless users and stop adding software with redundant functionality. Unless you can genuinely add functionality to the system, I don't need a utility to join wireless networks when Windows has that function already built into Windows, and it's a real boon for the neighborhood geek when he doesn't need to know the ins and outs of each manufacturers crap utility just to join a laptop to a home router. Worse, I don't need to have two or more utilities that fight each other for access to the hardware and in the process can disable settings that were put into one program and now won't work when switching to the other program they ran intuitively (what do you mean I wasn't supposed to run the Windows network settings to join the network? Windows told me too, dammit!)

Overall these little papercuts in the process of configuring the system started having even minor things like the wallpaper, a series of upside-down boomboxes for reasons I haven't yet figured out, really grate on my nerves after the fourth reboot for updates and configuration settings.

I'm sure there are apologists that will point out that the circumstances were different between unboxing my system and unboxing the Dell. I'm aware of that. And I'm sure that there are good points that I'm overlooking. The point is that there was a lot more friction in just getting this Dell system configured for even basic use than I encountered on the Mac, and it was almost always due to problems and peeves that were under control of the manufacturer, right down to the gawdy and irritating upside down boombox wallpaper (c'mon...what the hell is that?? Look at the links at the beginning and see if you can see in the screenshot of the product for the reviews the wallpaper I'm referring to.)

There are people who will be anti-Apple no matter what. There is an "Apple tax" for their hardware; and it purchases less irritation for me. The hardware integration with the operating system simplifies things and standardizes the interface and removes the need for two different ways to turn on my wireless networking, and I don't have to go through and delete trialware from the computer to clean it up. It's not perfect by any means (why can't they use a networked Finder, like X? Or workspaces that allows me to rotate a cube or slide the screen for multiple desktops like I can with Ubuntu's desktop? Yes, I know it has Workspaces, but I always found the Ubuntu enhanced GUI features a little easier, if not glitchy at times, to work with, but maybe that's just habit speaking right now.)

What it boils down to is that I am an Apple fan because despite the money I have to spend on their hardware they generally treat the customers right. They remove friction, for the most part, in using the system. Their walled garden is expensive to get entrance into and has a few bees hovering around. It simply seems that the more I use Windows 7, OS X, and Ubuntu, the more I appreciate the differences and enhancements each offers.

To tell the truth though I'm still looking for the enhancements Windows 7 has over Ubuntu and OS X...anyone? Honestly?

Tuesday, April 20, 2010

MacBook Pros (or, Surprise, Honey!)

I recently emailed a friend of mine about an unrelated item in life but alluding to self imposed stresses that I'd blog about in the near future. Well, here it is!

I've been going through both a technology crisis and a crossroads with technology. I've been working on trimming costs around the house and trimming my computer taxes (i.e., shutting off home servers because of the electricity they suck down) while evaluating how much I really need for using technology. By that, I mean, do I really need a desktop computer? I've been finding myself more often than not trying to work on my novel from a notebook or netbook at Barnes and Noble or in the bedroom, or having to remotely edit things to my desktop from another room.

So I began testing whether I could use a netbook for my computer needs. That was a mixed success for another blog entry.

At the same time, I had my "podcast" computer, a lowly Windows computer used pretty much for Skype for my son and podcast syncing to my iPod in the morning, die on me.

On top of that, my wife's MacBook had Applecare die. Again, topic for another blog post so I won't dive into it, but as a tech person who wants minimal hassle in supporting his own gear, any notebook that has gone out of warranty is a pain since the hassle in replacing anything beyond the most basic component is probably going to cost you more in time and parts than a whole new laptop would cost.

My wife's computer was going out of warranty. My netbook was adequate, but barely, for anything beyond basic web browsing, email, and working in OpenOffice.org on my manuscript. My multimedia computer was toasted, so I had to improvise another system that used to be my primary server/workstation but the CPU cooler was loose from the motherboard and thus rather unreliable (at least enough that I don't leave it alone for long periods while it's running).

So I formulated a plan.

And despite my constant debt worries, I purchased two new MacBook Pro's. One for me, one for my wife. With hardshell cases (one blue, one pink) to protect them.

And my wife knows that I constantly stress over bills and income, so she wasn't expecting it.

But I didn't just give it to her. That would be too simple.

When I was younger, my mother would (rarely) play this game to entertain me where she would hide clues around the house and give me the first clue, which would lead me to the next clue, and the next, etc. until I arrived at the final prize, usually some small toy or food or something. I don't remember the prize. I remember the fun of running around the house looking for hidden notes and the rush of figuring out her clues.

So the day FedEx finally delivered the notebooks I enlisted the help of one of my wife's coworkers and hid a number of clues around the campus of her workplace after hours (she usually hangs around with work after 90% of the other people have run home).

I had come up with clues and taped them to cut out foam letters spelling the word "apple". I also took an empty MacBook box from a friend and stuck a Fuji apple in it along with a "congratulations, you found the final clue!" note. I then messaged her to Skype me and I chatted for a few minutes before reminding her about my clue game as a kid, and said that now it was her turn. Then I gave her the first clue and told her she was on the clock.

Confused, she started following the clues until she arrived at a backpack that I normally use for my work equipment, but unbeknownst to her I had switched everything out of it and instead had her notebook and equipment inside. The MacBook box hinted that the Fuji apple inside was the prize, but there was a hint that it was the "final clue", meaning there was one more thing. In the hint, the words "under" and "me" were capitalised, so she had to figure out that she needed to look under the plastic insert in the box to find a printed picture of my bag that in turn had the MacBook Pro in it.

It took her about twenty or thirty minutes to figure everything out and get all the clues, but in the end I think she was rather surprised. I had spent, literally, weeks going over specs and finances and talking myself into doing this, since you can imagine these are not overly cheap computers. These are 13" MacBook Pros with iWork installed. I have been saving money whenever I could to help offset the cost. I also spent weeks coming up with the clues, the props, and the plans to pull this off on my wife, without her stumbling onto the equipment (the hard shell cases came days ahead of time).

So when I told my literary friend that I had some self-imposed stress on the docket, this was it. Weeks of planning culminating into this big surprise. I think she kind of liked it.

My biggest regret is that I am far enough in debt that I couldn't justify the expense of getting SSD drives, despite the added durability they offer. I juggled the numbers and figured that these were investments for the next three years, and over that time I would be using this almost every day. My wife uses her system almost every day as well, although I can't comment on how important her computer is to her. I know how vital it is to me, considering how much I work with computers at work, how much I work on my manuscript, online research, etc. and the computer I was using before the MacBook Pro was nice in some way, woefully underpowered in others.


So now I go back to worrying about paying bills. The fact that I'm using these laptops all the time probably means I made an okay decision this time around and probably  won't regret it. Yeah, it's more debt. But I know that unlike many frivolous purchases, these will be heavily used for the next several years, and I'll make a small amount of money back in saved electricity. Oh, and did I mention that my wife and I aren't buying anything for our birthdays and Christmas? Yeah, this was our gift for this year, so that also factored in to the cost.

With some luck, I'll manage to finish, and perhaps (dare I dream it?) sell a manuscript that is finished and polished on the new laptop...

Well, there's that, and I think my wife really liked her present. But I can't speak for her...

Sunday, March 28, 2010

The Merion School Spy-On-Kids-With-Webcam Case

Wow.

Every once in awhile I get hit with a story that leaves me scratching my head and saying to myself, "What the hell were they thinking?"

This particular scratching came from the story pertaining to the Lower Merion School District. The best summary thus far of the events comes from Philly.com. The gist of the story; kid had a school-issued laptop at home, gets called into the office, and the assistant principal confronts the kid with a picture taken by the laptop's built-in web camera showing him with "pills" and accuses the kid of drug activity.

Um...

The school had software called LANRev installed on the laptops for theft control. If a laptop is stolen, then it's "tagged" on a server and the laptop tries to "call home" to record the IP address as well as record snapshots from the web camera and screen activity.

The student's family apparently turned around and filed a lawsuit for invasion of privacy, and from there poo was hitting all sorts of ceiling fans. Students had noticed the webcam light randomly blinking on and off at various times and were told this was a "glitch," that they could ignore it.

Now it's time for all sorts of indignant cries to rise up from the choir...

For example, one parent saying that the computer could have taken pictures of his daughter when she took the computer into the bathroom as she showered. Huh? Isn't that like cooking bacon in the nude? Why would you take a thousand-dollar laptop into a humid, wet room while you were showering? You do know that electronics don't like water, right? (this link gives the example in the transcript of the podcast) My daughter is nearly 18 years old and I wouldn't hesitate to whack her on the back of the head if we spent a thousand dollars on a computer for her and she took it into the bathroom while she showered.

But this does bring up a legitimate concern, namely the ability for someone to get pictures of kids in their rooms in various states of undress. This would then bring the school (or system administrators) into the nasty territory of child pornography.

Hmm...

I'm personally torn on the issue. I've read the excellent writeup by Stryde Hax on his blog here, and I think I understand his viewpoint. Unfortunately it's not really a balanced view on the situation (as is his right to present on his own blog, of course; he I think he has been very understanding of dissenting viewpoints in my opinion and am glad for what he has contributed to the story since most involved seem to prefer throwing out non-constructive or vindictive opinions without any actual content to justify the viewpoint, while Stryde has been very good at articulating his view.)

Here's my take.

People have a right to their property, and to protect said property from theft. If I'm robbed, I am damn well justified in being angry at the violation of my privacy and have a right to be angry at having someone steal my sense of security.

I think I should be allowed to set my computer to do whatever I want. It's mine. If I want it to take pictures and upload them to a server, I should be allowed to do so, as long as there's no intent to violate someone's rights (having my computer take pictures of me during the day or pictures when it's stolen is legit in my book, but having it programmed to take pictures because I'm planting it in a locker room is clearly wrong.)

The school laptop program is giving students school property. This cannot be emphasised enough because people like to conveniently forget that part of the story. The schools is lending property to students. My feeling is that because the laptop isn't mine, and isn't under my control, I'd trust it about as far as I absolutely must and after that it's shut down. The laptop was supposed to be used for schoolwork, not texting friends, browsing the web for porn, or anything else the personal computers are used for, even email that isn't school-related. Anything you do can be recorded and used against you later. I have yet to understand why people can't get that through their heads; just as employers own the computer on your desk at work and can browse your mail and monitor your Internet use, schools have the same rights on their network, and unless it's spelled out otherwise you should reasonably assume those Big Brother rights extend to a laptop you don't own.

I think that a school should be able to do whatever they can for gathering evidence to bust people for stealing expensive property, and taxpayers should support it since this ultimately is funded by the taxpayers. Losing laptops and breaking them and treating them like crap doesn't get them fixed for free. Someone foots the bill, even if the path for the money is convoluted to the point where kids don't understand that Mommy and Daddy may end up having to pay more in taxes because they can't be more responsible with school property.

BUT...

There are caveats to the case. The computers were meant to bridge the digital divide; every kid has a computer with which to do schoolwork under the laptop program, and that meant as they implemented the program that every kid was basically required to use the school laptop to get through their classes. In other words, there wasn't a choice in the matter. They had the laptop, and it was apparently spying on them at times. Again I wouldn't have trusted them for anything not school related; I'd use the laptop for school, and use my own computer for my own personal use. This isn't necessarily an option for kids that don't have computers of their own, and I understand that. But I'm still torn on that as another issue because it seemed that many of the kids that can't afford even a $300 computer manage to afford a cell phone. Priorities. But that's not the topic at hand.

Also, the school denied that the laptops had the ability to take pictures of the kids and spy on them. It's one thing to have the ability, it's another to hide the fact that it can be done. According to the Philly.com story, representatives from the student council asked administrators about this and were basically ignored when they voiced privacy concerns; from the sounds of it the administrators stuck to the story that it was a "glitch" causing the webcam light to come on. Totally unethical.

The Philly story also points out what was possibly the biggest bonehead move on the school's part. The user agreement that the kids and parents had to sign was just the old boilerplate used in past years for using the Internet in the school, nothing new or updated related to using school computers at home. Dude, liability 101...were you all asleep at the wheel here? Where was the tech with half a whit of common sense who stopped to say that maybe you should have special rules in place for kids carrying thousand-dollar equipment around, especially knowing that kids treat school equipment like crap since, "Hey, I didn't pay for it! It's FREE!"

Most parents don't seem to know just how much liability schools have to cover their arses for. When a teacher sees or overhears anything, anything, they have to report it to higher ups or they can be responsible should something happen to said kid. Kid has a bruise around the neck resembling fingers? Kid have unusual cuts on the arms, or marks that look like something was injected with something? Or maybe they heard some passing talk about a kid being coerced into oral sex? These things have to be reported to administrators or authorities.

So if I were there when discussing issues in rolling out these laptops, one of my concerns would be that these things are virtual black boxes for collecting data on kids and that would put technicians into a potentially dangerous situation with knowing "too much." Troubleshooting a computer and running across browsing history involving abortion, drug use, parents raping sons or daughters...sure, chances are slim, but in a litigious society there is little room for "we'll deal with it if it ever comes up" and hope for the best. With the addition of taking pictures of the computers in homes, you can be sure to bet that I'd worry about collateral damage; pot plant in the background? Parent or sibling walking in the background half-nude from the shower? It's a can of worms I'd not want to deal with.

More than that, where are the checks and balances? The article states that the system was only used if requested by administrators at the high school or higher-levels. That isn't good enough. There should have been an iron-clad method for controlling who gets to use this and view the collected evidence, not just within the school but by a third party, such as the local police department. Better yet have the police involved each and every time the system is used.

Side note-the school apparently is saying that the police department did know about it, because the pictures are uploaded to a website where they can view the collected evidence. The retired police chief was quoted as saying he knew nothing about it. Another case of police being...surprise...technology-tarded, nodding their heads when told about what they can do when in fact they had no clue what they were agreeing to? Or is the school lying? Or are the police covering their own behinds?

These seem like common sense cover-your-behind issues that should have been dealt with at the outset of the program.

Of course there are little details that are squeezing out as the story develops. Worse, the details that do leak out are mostly one-sided, as the school plays the stoic "lawyer advises us to say nothing so we're not commenting" game while the kids and parents are shooting off whatever details they want, true or not. For example, there's no full explanation for why the theft-tracking was activated on a laptop that the school knew the particular student had in his possession. There is also a rumor that the kid wasn't using drugs, he was actually eating Mike and Ike's candies, which if it's true is going to be a definite story for the hall of embarrassingly stupid mistakes.

The Philly.com story also has some more background on the details of the kid and his history with (mis)using the equipment. According the news story, his family never paid a required $55 insurance fee before taking the laptop off campus, and the laptop in the question was a loaner unit because he had broken at least two laptops. It then went on to say that the theft tracking features were turned on because the school suspected the student had taken the computer home when he wasn't supposed to, in which case it would be considered "stolen."

...of course, it was just laziness and/or lack of procedure that would lead them to turn on the picture taking features, as the only thing needed to prove the laptop was removed from campus was that it "phoned home" to the school's server after hours from an IP that belonged to a home network.

No doubt the case is going to continue to contort and twist as more details leak out. The federal authorities are now involved to see if there are civil rights that were violated, and congressional representatives are trying to score points by calling for an investigation (really, with all the waste in government, is it necessary to waste time grandstanding on this when there's already a court system being involved?) Everyone is now in spin control mode, doing what they can to cover their own arses and justify missteps.

What is clear is that the school was engaged in unethical behavior. Had I had a hand in the program, I would have encouraged openly telling students that yes, there are systems in place to keep them from being stolen. Students are issued laptops with ID numbers that are registered, and they are responsible if said laptop is broken or disappears while in their care. It has been my experience that kids treat technology as if it's disposable if there's no consequence for destroying it; they need to have encouragement from parents and school alike to take care of the equipment.

I also would have made it perfectly clear with an updated technology policy what is expected from students and parents charged with the care of the laptops. That would include notifying them of the possibility of photos being uploaded remotely as well as what the laptops could be used for. How they could have been so negligent in this is truly mystifying.

But life is 20/20 hindsight and this district will have a black eye for a long, long time. They will be known for many years as a district that deviously spied on kids and because of that they will have a long and hard road to travel in rebuilding what trust they had among students, parents, and probably teachers. They'll also have an interesting time if they are found guilty in the courts and end up paying a large settlement to this kid's family and as a consequence raise taxes on residents in the district...

Sunday, March 14, 2010

EEE PC: More Conclusions

I've been using the EEE as my primary system for over a month now. So what's it like?

First the upsides.

My data is always with me. That's the primary reason we use computers; to have access to our data and services. I always had my computer on at home with secure shell open and waiting for my connections in the first place; I could access it from a laptop or other computer when away. Now I have that data whenever my netbook is with me, meaning accessing it is a bit faster (since I'm not editing a manuscript over a network connection, for example). It also means that I can access the data when I don't have a network connection available.

This thing is a tough little computer. The hard drive in the 701/4G Surf is not a standard drive, meaning no spinning platters with a little read/write head floating a hairs' breadth from the surface of the metal, further meaning that if it were dropped or there are extremes in temperature it would scrape the platter and possibly damage the head or media. It also means it runs quieter and requires less cooling.

It's small. This thing takes portability to heart; it's so lightweight that I think the Vaultz case I use to carry it actually weighs more than the netbook.

It runs Linux. I know Linux. It's usable, it's relatively small, and commands that work on my desktop at work also work on my netbook. I now have it running the Ubuntu Netbook Remix, so it stays up to date with security fixes and again...the commands are familiar. I can use handy tricks like redirecting Secure Shell tunnels and mounting other Linux computer filesystems with sshfs, and there's no vendor-exclusivity.

This unit happens to be one of the ones that has an underside panel that unscrews to add memory. I have a 512 meg DDR2 DIMM card running at 400 Mhz. I can probably upgrade it relatively inexpensively and without needing to solder or screw around with modifications to the unit.

Once you get the hang of it, using encryption on the laptop isn't so bad. I have encrypted my home directory so that if it is stolen, someone would have to crack the password in order to gain access to my files. If I'm not logged in or didn't leave my account logged in, my files appear as gobbledygook to anyone that tries looking at my home directory contents from a boot disk.

The unit has a built-in SD Card slot. I like it because I'm frequently transferring images from my camera and video camera to my external drives. The EEE was initially using the SD slot as additional swappable storage to make up for the small 4 gig built-in drive, but I've found that it was ahead of its time with giving access to SD cards now that so many accessories store data on them and using the USB cable can entail special drivers or instructions or software to interface with the toys. Lowest common denominator tends to be more reliable. Just insert the data card and use it like a disk volume instead of farting around with your high tech sony insta-digital-camera's settings.

Then there are downsides.

My data is always with me. If my netbook dies before I make a backup or if it's stolen, I lose my primary working set of data.

The drive in it tends to be on the slow side. I'm pretty sure this thing is using something more akin to an internal flash drive than an SSD drive because I've read information and seen video of SSD-equipped systems and they are fast compared to standard drives. this thing has a tiny amount of storage space and tends to crawl. It could very well be the sub-par specs compared to today's machines; it wouldn't be the first time I've hit bottlenecks that I didn't think were caused by a particular technology (i.e., a server that was slow and I thought it was the network getting bogged down, only to discover that indeed we've hit a point where the RAID controller and slower drives couldn't keep up with data requests!)

The battery life is sub-par. I bought a new battery thinking the old one was dying; nope, I still get around two hours of usable time on it. Very annoying, given the small screen and lack of spinning drive. The time on comparable netbooks today is closer to six hours or more. Either the battery technology on this is really crap or there's somthing quirky in the early generation 4G's.

It's small. The portability comes at a price. I wish there were some easy way of getting a virtual keyboard or a keyboard that expanded; the keys on this unit are small, and my fingers are big. I know I've brought this up before. My take is that I can almost type on it well. My error rate is definitely higher, and I am glad when I use it at home that I have a USB keyboard to plug into it so the "native" keyboard is more of a fallback while on the road. It's annoying but not a dealbreaker.

Linux was created for geeks, by geeks. It scratches personal itches, meaning that usability "papercuts", as they're called by Canonical's CEO, aren't bandaged unless a particular programmer is irritated by it enough to fix it. More often than not that means that Linux afficionados find workarounds and make excuses, saying that it's not hard to get around the issue, just do XYZ. That works well for them, but makes the Linux system look piss poor when comparing a simple, everyday task on a Mac running OS X (which is running a derivative of UNIX under the hood) and a Linux system side by side and it just works on the OS X system. I shouldn't have to use workarounds after two decades of development under Linux.

What kind of tasks? This is another papercut. I use a desktop monitor at home, an LCD panel. I plug it into the Mac, the Mac recognizes it and sets the display and refresh rates correctly. I have the monitor in front of me and the notebook on my right; on the Mac I tell it to arrange the monitor on the notebook's left and then dragged the strip on the virtual monitors to the LCD panel, turning it into my primary display. Works great. I was pleasantly surprised when I connected it up again the other day and the display came up as my primary display again, complete with doc and menu bar, with the notebook acting as a secondary display. It must have filed away some information about my LCD panel to remember my settings. Nice!

The netbook, however, loses this configuration. I connect the monitor up and boot the netbook. Inevitably, the first time it discovers the monitor, it mis-sets the refresh rate so that things are readable, but vibrating so fast that graphics look like they're being buzzed visually. Highly annoying. Oddly enough, I reboot the computer, and it will display things more sharply, like the second time around it discovers the proper refresh rate. Two boots. Every time.

Furthermore, if I try rearranging the displays, it won't set the graphics properly. I lose the menu bars and task bars, I can't use the netbook with the monitor attached anymore because I've basically lost all the control elements. I need to disconnect the monitor and re-set my settings to fix it. No matter how I try to set it or arrange it, the netbook screws it up. So I'm left with my primary display being on the netbook on my right side, and dragging my windows to the right hand side of the netbook's display to have it "wrap" to the primary monitor I want to use, then re-maximize programs. It appears that the primary display on the netbook/Ubuntu system is the monitor that is set to be on the "left" side of the virtual displays. Since I can't rearrange the displays and have it properly arrange graphical elements like menus, I can't move the Samsung LCD monitor to the left; the netbook always thinks it's on the right. That sucks.

I think the USB controllers on the netbook are slow, or the combination of memory/CPU/controller makes it slow. The netbook has a tremendous system load appear if I copy a lot of data over the USB bus to external Western Digital drives. Given that the netbook has a low amount of storage to begin with, this really means that things I occasionally do on computers...audio or video editing, for example...are out of this system's reach. It can barely watch YouTube videos, let alone edit them. Using external drives to store large data files would be painful to even contemplate.

Power is screwy on this thing. I keep getting this "your battery may be bad" error. I looked into it after I replaced the battery and it still had the error message; turns out that the unit is apparently known for it. The circuitry reports the power level to the operating system as a percentage, so the operating system interprets it as being at 1.9% power since it's converting the percent to another percent; it's suppose to report the power output in mAh. 100 mAh on a battery reporting itself as having a capacity of 5200 mAh is indeed going to screw up the math, and it appears that no one is going to fix this issue with a patch specific to the ASUS battery model in question within Linux.

Related to power, when this gets low on power it just shuts off. Blip. All work not saved is gone. No warning. The MacBook I use from work will try to go to sleep or hibernate to save your work, and give ample warning. The most warning this gives is a red battery display in the upper corner of the menu (which I configured to show that information) and if I don't keep an eye on it, blip it shuts down straight dead. It's a nasty surprise.

There is no disc drive. I know this cuts down on power use and size, but still it's a little bit of a pain not to be able to burn discs or access burned discs, especially when Ubuntu's built-in support of disc burning trumps OS X's way of handling it in my opinion (in OS X it looks like I'm burning aliases instead of files. I was sure when I first did it that I actually burned a disc of shortcuts instead of the content I actually wanted. Not user friendly in that aspect. Ubuntu uses Brasero to open a window in which it looks like I'm dragging copies of my files to that window, then click the big "burn" button to finalize it.)

Conclusions...

I've been using it exclusively for my desktop work at home. I am able to use it for most things I need; but I am limited, and those limitations chafe me. I can't watch many Youtube videos because it stutters on some of them horribly; I'm better off using my iPod. I can't use my computer to sync my iPod; but I already have a Windows computer to which I connect it with iTunes (and use my netbook to VNC into the headless Windows computer to do updates and maintenance.) I can't run Virtualbox...I suppose I could, but man it would be horribly slow, and there's no way I could create a hard disk bigger than a couple hundred meg at most without an external drive, and that would make access even slower.

The tasks I primarly focus on...remote control of the Windows system for my iPod, editing my manuscript of a novel, composing email in Thunderbird and reading mostly static web content...it works okay for those tasks. It does get bogged down with flash content to the point where it'll stutter the interface (the web browser will "pause" as it loads content, making the menus and tabs unusable for up to thirty seconds at a time.)

It's portable and it boots relatively quickly. Actually running of tasks seems to slow it down, but booting isn't that bad, despite running with encryption on the home directory.

I am able to get my primary work done, just with a little more care and a few more...papercuts.

In the end there are systems today available for under $500 that are refined versions of this 701. Unfortunately most of them are Windows 7-based so support for Linux is limited to what you can find from other netbook pioneers and experimenters online before buying, and since netbooks often have specialized design considerations there is an increased chance that something won't work properly due to driver issues if you try installing Linux on a new netbook. Would I consider getting a new netbook to use as my primary system? I'd consider it. I'd like to find something that addresses limitations in storage and speed, but again that influences some of the things I like about this unit...size, quiet running, and the flash memory instead of regular hard disk drive. Most of the cheaper units out there use micro drives so there's plenty of storage (if it has Windows, it needs that extra storage). On the other hand the battery life has increased to 6+ hours despite the slightly larger displays and traditional hard disks.

So the unit is usable, but I'm on the lookout for something better down the road. If I had a ten star rating system I'd give it an overall six for my purposes; satisfied enough to keep using it, but I definitely look around at Sam's Club and Amazon and NewEgg at the current crop of systems and wonder if I have enough money to buy something that might possibly fit my needs better.

Saturday, February 27, 2010

Encrypting your Laptop: Summary Thoughts

The issue of encrypting your data is far more complicated that I'd like it to be. After doing this on my work laptop running OS X and my personal netbook that I'm using as a "portable computing experiment," I can say there is significant difference in the experience.

I used the "default" methods for encrypting these systems. There are many options if you research online; Truecrypt is popular and cross-platform, EncFS can be used on Linux and OS X but takes some Terminal Fu to accomplish, dm_crypt on Linux,...options abound.

But here's why I chose the "Default" methods; they work. They're supported (in this case by Apple and Canonical). When you upgrade the operating system, there's a far better chance that the encryption isn't going to break the new installation.

The problem is that these encryption techniques are still with trade-offs, partially because of the way these encryption techniques are implemented.

Both FileVault and EcryptFS as implemented here encrypt just the home directory. This means that anything in the temporary directory or in the log files are accessible, as is the swap partition, which can hold data that was in memory and could have sensitive information tucked among the crud. The good news is that odds are very good, since Linux and OS X are "UNIX-based" in design, that your personal data is contained within the home directory.

When you log in, the encrypted volumes are mounted so you can access the data. This means that when you're logged in malicious software can access your unencrypted data. In other words, encryption isn't a cure-all for security.

EcryptFS on Ubuntu stores your files as files on top of the filesystem. This means that if I were to look at my username's files when that username is logged off, say, by logging in as root, the files look like gobbledeygook. Each "real" file appears as a string of nonsense. There's a one to one correspondence...the encrypted file will still allow a nosebag to see when I created the file or last accessed the file, the approximate size of the file, basically they can get a lot of metadata without seeing the actual content or name of the file. This means that it's a lot easier to back up the files to another media.

FileVault is implemented using a "filesystem within a file". If I log in as my secondary user (more on that shortly) I see a huge number of files that comprise a sparse disk image. When I log in as my normal user, OS X takes the image files and combines them into one big container, and my files are contained within that container file. (To be more accurate, the many files are contained in a bundle, so within Finder you only see the top level bundle).

The reason the FileVault image was broken into many smaller files was because of an issue with Time Machine. Originally the encrypted volume was one giant file. If the user was logged in and then a backup was run, the backup will see that giant file has changed whenever even a tiny change was made in your home directory (since your home directory was actually contained in that giant container file). Apparently users got irritated at backups that took hours to complete when only a couple of documents changed.

Later versions of OS X changed the single giant volume into a number of smaller files. That way one small change doesn't trigger a backup of an entire multi-gigabyte file repeatedly but rather a single chunk of the volume.

In contrast, the EcryptFS method of using a one-to-one file encryption means that backups are simpler and faster. You alter one document, that file is the only one that changed and thus the nonsense-i-tized file will be backed up to your storage media.

It's also because of the OS X "container" approach that when using a utility like Carbon Copy Cloner for making images and backups of your computer that Bombich Software recommends you make sure you're logged out of any FileVaulted accounts. On the OS X system I had to create a second administrative user to do backups from.

Neither solution gives full-drive encryption, arguably the most secure. It is possible to configure a new Ubuntu system to encrypt an entire volume at installation time, but to do so means installing from the alternate installation CD. Not exactly user-friendly. So you balance security and convenience, accepting that anything in the temporary caches outside the home directory or anything in swap area could be recovered. On the other hand this means less of a performance penalty for accessing routine system files, since any encryption means having the CPU jump through more hurdles to decrypt information before you can access it.

Encryption adds a layer of security in case your notebook is stolen. The price is that it also adds a layer of complexity. Recovering your data in the event of drive corruption is far more difficult, and in the case of FileVault, if part of that container file is damaged you will most likely lose everything in your home directory. This makes having a backup even more important. Encryption adds processor overhead, so it slows the computer.

One last point I have is that these only encrypt the home directory. Since I'm using a netbook, my expansion storage area on the SD Card or USB drive is not encrypted. If I have that with my netbook case and they're both stolen, anything on those secondary drives is open to theft. I'm sure I could find a way to encrypt the data on those drives, but then if I needed to share data with another computer or use the drives with another computer, they couldn't use it since that system probably doesn't have the same encryption scheme installed. I also make heavy use of external drives at home for expanded space and backups, and they are not encrypted.

I do think that while FileVault has detractors...there are many on the Internet claiming that it will eventually destroy your data, and they decry the shortcomings of only encrypting the home directory...Apple has made the process braindead simple. When it comes to something like encryption, options are definitely a bad thing for end users. People want to accomplish a task. They don't want to have to weigh options and choose the "correct" answer among a sea of possibilities. With the Snow Leopard version, they get protection for the home directory, the protection is implemented in-place so they don't need to move their files around to a special encrypted directory or temporary holding area, the slack space can be securely wiped after the change is made, and they don't need to play with configuration files or the command line to set up details like automatically mounting the home directory, and since it's a standard OS X feature, chances are that new versions of OS X aren't going to render your home directory inaccessible.

The EcryptFS doesn't necessarily have detractors, but for a reason that is itself a criticism...it's not widely used. Linux has a small base of users compared to Windows (or Mac OS X), and an even smaller percent of those users are even aware of the existence of encrypted home directories. It's a feature that's probably not widely implemented in the wild.

I didn't talk about Windows encryption because I don't use it. Windows has had encryption support for some time now and third-party support is, predictably, even more mature (for example, TrueCrypt supports full-disk encryption for Windows, but not for Linux or OS X). But Windows is what I work with in my day job. And it drives me nuts. And one thing encryption will not protect you from is spying when you're already logged in with access to your encrypted volume, and the market for malware on Windows is more mature than the malware market for Linux and OS X as well.

What does that mean? It means that if spyware gets installed while you're logged in, the disk encryption can't prevent that spyware from uploading your documents or opening the machine to remote access to an attacker. The encryption only guards you from having your data stolen if your laptop is stolen; the attacker looks at your hard drive and finds nonsense instead of your banking information if they don't have your password.

It's all a balancing act. The two operating systems I am implementing encryption on stay true to their roots. OS X made it simple and painless. Linux makes it a hidden feature for people who dig under the surface to find the Easter eggs. Neither one is a panacea but are instead an added layer of security.

Thursday, February 25, 2010

Encrypting Your Laptop: EEE PC (Ubuntu Netbook Remix) Edition

Continuing from my previous post regarding encrypting my employer-issued Mac, here I describe the experience of encrypting my netbook running, as the title says, Ubuntu Netbook Remix.

OS X includes FileVault for encrypting your home directory and is braindead simple to implement. It allows for live home directory encryption; that is, if you have the space available on your laptop and turn on FileVault, you don't have to do anything to your directory that involves copying or manipulating your files in order to get protection. Most of the time was spent just sitting and waiting while the laptop went ahead and started altering my home directory for me.

Ubuntu...not quite so much.

It's not fair to say that Linux makes it completely difficult to implement encrypted home directories. The latest versions of Ubuntu supports eCryptfs, the encrypted filesystem. This is built on the FUSE filesystem which allows users to mount "plugin"-supported filesystems (FUSE is a topic all of its own; I can use FUSE to do neat things like mount a SSHFS filesystem, a mount over secure shell. I used to do this to gain access to my home computer's files as if they were mounted locally on my work computer's directory tree.)

The main problem I ran into was that Ubuntu's supported home directory encryption was meant for implementation when users are newly created or when the system is being set up. There is no "live migration" as of Ubuntu 9.10.

There were instructions that were supposed to support a manual move to an encrypted home directory. I had a second computer, so I logged off of my netbook and secure shelled into the system from another system (you can't have files being accessed while you're trying to move them from your home directory, and part of the instructions tells you to log off the graphical interface to minimize the risk of corruption.) I tried those directions twice, and both times failed miserably.

What I ended up doing was first disabling the automatic login to my administrative user by going to system->login screen and telling it to "show the screen for choosing who will log in".

Next I set about the task of creating a new user using the "adduser --encrypt-home tempusername" command, giving that user full sudo privileges by adding him to the admin group, then logging in as the new user. Next I synced my original user's files with the new user's directory (from secure shell, not the graphical login) using the command "sudo rsync -aP --exlude=.Private --exclude=Private --exclude=.ecryptfs /home/username/ /home/tempusername". This copied all the files from the original unencrypted directory to the encrypted new user's subdirectory.

Next I changed ownership to the new user. Probably unnecessary, but I did it for testing purposes; "sudo chown -R tempusername:tempusername *" from the new user's home directory. Then to copy the hidden files, "sudo chown -R tempusername:tempusername .*"

A quick "ls -al" told me that I had caught all the files in the new user's home directory in the net of ownership to the temporary user. I then logged in as the new user on the netbook and lo and behold, my customized color scheme, icons, configuration...all of it...popped up. I checked that my files were intact and happily found that they were.

Next I deleted the old home directory by changing to /home and running "sudo rm -fr username" as well as removing the user from the user management GUI (which just disables the user; home directory is left intact.)


Then I went back to the command line and ran "adduser --encrypt-home username" to create that username again. I verified that /home/.encryptfs now had a home directory for that user then reversed my sync of directories; "sudo rsync -aP --exclude=.Private --exclude=Private --exclude=.ecryptfs /home/tempusername/ /home/username", followed by a "sudo chown -R username:username *" and "sudo chown -R username:username .*" from within username's home directory.
 
Once the sync was complete I logged in on the netbook again and my desktop once again popped up to greet me! Yay!

I then deleted the tempusername from the Users and Groups utility and deleted the subdirectory for TempUsername from /home and /home/.encryptfs; the last one is the actual home directory, where the encrypted files are kept. The "home" directory directly under /home is a mountpoint.

To sum it up, what I ended up doing was creating a new user with an encrypted home directory, copying my data there, then deleting my username and username's home directory and rebuilding it by creating a new user with my old username's name and copying my home directory contents *back* over to the newer username that I just created.

Now when I log in it's using eCryptFS to protect my home directory. Is it particularly user friendly? Not in my opinion. No end user is going to want to sit down and create a "temporary user" to hold data, delete then recreate their username so it will be encrypted.

There was also no built-in way to scrub slack space; my files were deleted, but they're still recoverable to disk utilities. In order to truly delete that old data you need to overwrite the "cleared" space a few times with nonsense data. Over time those files will be naturally erased as I use the computer and other data is added and removed, and without a special utility I'll have to rely on that.

A second problem is that the EEE PC uses a form of flash for storage, like an internal USB thumb drive. From what I understand the cells used to hold the information have a limited "write" lifecycle. The more you write to them, the sooner they'll fail, so controllers use algorithms to write to random spots on the drive to minimise wear on the cells. Running a scrub operation to overwrite the disk spots (and thus make my old data irretrievable) can wear more on the drive and there's no guarantee it's going to actually write where it needs to write to hide old data. Then again, I'm not a storage technology expert, so I don't know if there's a different mechanism at work here or not.

Overall the netbook encryption was more manual and difficult a process than it was on the Mac. If it weren't for my own experience in using Linux, I'd not have been able to easily do it. Even the encrypted home directory feature is not fully advertised in the Ubuntu installer; it's more of a stealth feature being tested internally and by advanced users worried about privacy. This is evident in the fact that to even create the encrypted home directory you have to add the user via the command line since the GUI user manager doesn't have the option. No doubt the feature will appear in a later version of Ubuntu. It'll be interesting to see what the next netbook remix version will bring in options for data protection should my netbook get stolen...