Friday, November 26, 2010

Evil DRM preventing access to our purchases

The other day our xbox 360 stopped reading disks. It had done this before, but none of the usual tricks (like dropping it from 6 inches) or trying different titles worked this time. It was almost three years old, so unfortunately it was time for a new one. We got the new Kinect bundle with the xbox 360 s 250 GB unit. So far, so good. Next, we needed to transfer all the songs we’d purchased for Rock Band 2, the map packs for various “shoot-em ups” like Call of Duty: Black Ops and the like (I don’t know which titles they bought these expansion packs for, but I know there were quite a few of them). We purchased a transfer cable and transferred “our” content. I say “our” content because apparently it isn’t actually ours. Instead it is “ours” (you say that with those cute little air-quotes). There is some nasty form of Digital Restrictions Management on them so simply MOVING them isn’t enough. You need to “transfer the licenses”. To do this, you go to a flaky Microsoft web site (flaky in that for two days it showed various “not working” messages both from Live sign in, and later from the site itself – only to turn out that it worked in Internet Explorer). We finally got onto the site and found we had 161 items to transfer. We did that. It claimed they would download automatically. 24 hours later – no download. So we had to go to the flaky web site and painstakingly click “add to queue” for each of the 7 pages of items (161 in all). After a bit, it would start saying “queue is full” and we’d need to wait for the xbox to catch up. Since theses were just licenses, the xbox would show it was about to download say 160 MB and then – poof – it would be done since the content was already there. The real evilness of DRM reared its head on several of the titles. These were WORKING FINE before, and in fact one was purchased LESS THAN A MONTH ago. However, these items said “no longer available” when we tried to add them to the queue. Basically, since we’d transferred the licenses they were no longer available to us even though we “bought” (those cute little air-quotes again) them. This is the type of crap that should not be allowed. Any form of Digital Restrictions Management that not only gets in your way this much (if we had to transfer these there should have been a “do all” button and it should have taken 2 minutes), AND prevents you from using what you paid for is criminal. The other strange thing? We had better not accidentally break our xbox in a way that isn’t covered by warranty because we can apparently only transfer the licenses once per year. Why? No idea. It isn’t like we can copy the stuff and have it work. We should be able to transfer it to any xbox (or other platform) we want to. 

Wednesday, July 07, 2010

Microsoft: Where’s my universal updater?

When running the operating systems that Microsoft hilariously called “hobbyist”, I get a central program that manages updates to all of my installed applications. It looks like this:


                                   Above: A real updater

Now, I’ve heard that Microsoft may build an app store into Windows 8. I imagine (hope!) that it will include updates. But updates are something we need now. With the plethora of application level attacks, especially against Adobe Reader and Flash Player, it behooves Microsoft to make updating easier. Today, I think I have about a bazillion (OK 14) updaters on my system. Some of these run automatically and slow down logon. Others run as a scheduled task “every Saturday evening at 9:11 PM” (Apple) while my computer is asleep and so never actually run. In fact, since users rarely reboot anymore and just use sleep or hibernate many of these “run at logon” updaters don’t keep you very up to date either. Some updaters are built into the applications themselves and don’t pop up until you actually want to do some work in the app. Some, like the Adobe ones, seldom even work.

One good thing came about as part of this last round of Adobe Reader exploits being used by malicious advertisements served up on legitimate sites by ad networks. That’s right: both my boss and my brother in law were infected with unknown variants of some awful fake anti-virus product (variants of aVsoFt AvSuiTe) via drive by installs using a Reader exploit that was patched on June 29th. I had to submit samples to Sophos, Microsoft, and Symantec to get definitions that would detect these (both were different and the def that came out after the first one did not detect the variant a week later). The good thing that came out of it? Other folks who heard about their issues went back and updated their machines! However, they did NOT have an easy time of it. There is no single place to go to check to see “am I up to date?” As I’ve said, the various updaters are disjointed, often dysfunctional, and obtuse. For example some don’t work through authenticated proxy servers. Others try to foist crapware, foistware, and spy toolbars on you in addition to the updates. In all cases, each vendor is re-inventing the wheel (some well, some not so well) on things like update detection, update validation, downloading, and installing.

So, what should we do?

We get to continue slogging through these ridiculous hoops to get updated in the short term. In the long term, let’s lobby Microsoft hard to get these things done:

  • Create a “Windows, Applications, and add-ins” updater and evangelize it with all the ISVs in the Windows ecosystem – small and large.
  • Publicize how vendors need to create their updates and help some initial volunteers through the process.
  • Make it secure, but easy and free for the ISVs. They have their own QA / test / publishing rules already – Microsoft just needs to be able to have non-repudiation that the source of the updates is actually the vendor in question. If you can give me 25 GB on skydrive for free, you can give these updates some space too (I know akamai in bulk costs more than what you are absorbing for skydrive but still – this is needed). Get out your wallet.
  • Make it work with add-ins for programs like Outlook, IE, and Firefox – not just major application installs.
  • Go do it today; get it done!

Once this service exists, lobby all of your vendors to get on board ASAP. If (for example) Oracle or Open Office doesn’t want to play that counts as a point against them in a product evaluation. If Adobe signs up early and has it working well – that’s a point in their favor when doing an evaluation.

Update overkill

Here’s a sample of the updaters on my machine. This is a simple test machine that doesn’t have a lot loaded. Hard to believe, but it is true:


Perhaps all updates should be through the above interface?



Silverlight needs its own updater?



At least Picasa is up to date!



Paint.Net’s updater doesn’t work through a proxy server





Great, advertisements in the Lenovo updater.



I would be that Oracle won’t sign up to have their updates done through Microsoft. Users however will see that as a strike against them.



As you can see, the Adobe one tries to come with the Google spy bar. Quit that!



Like I said, the Adobe Flash Download Manager fails all the time.



This was the Farmville update and had nothing to do with security.







Note the “foistware” – a lousy browser.




Boy is that a lot of updates and updaters or what? After awhile, you realize that a lot of other applications that you use need updates too, but don’t have an updater at all. Here’s just a few of them from my machine:


Darn, no updates for these.


Wrap up

So why are you still here? If you are with Microsoft, go get started on this now. If you aren’t – find the nearest Microsoft representative and hit them up for this. Feel free to send them a link to this blog entry if you don’t feel like typing it up for them.

Monday, July 05, 2010

Flash: Hey Adobe, learn to write an updater!

As we all know, Adobe Flash has had more than its share of security vulnerabilities and the concomitant flurry of updates recently. I’ve recently seen several machines where the Flash updates just don’t work. It seems to screw up on all kinds of things:

  1. People tend to only reboot once in awhile now that sleep/resume works well. They’ll now reboot at maybe monthly intervals. Up comes the flash update message and they tell it to update. Who knows what the logic is in the updater, but it will pick one (Firefox or IE) to update. It updates that one and leaves the “other” Flash vulnerable. Fail.
  2. A person goes to the Adobe site to update Flash themselves. After they get through the screen where they need to turn off unneeded security scans from McAfee, spyware toolbars from Google, etc. and actually get the download it wants to install the Adobe Download Manager (or DLM). This wondrous tool loves to install, download the update, then randomly show that it failed. Convince it to try again and it says something to the effect that “no, I said I failed you moron”. So then you try to update your other browser and that one works. But the one where DLM failed doesn’t even have flash anymore. Well, at least it is secure. The other part of this is that Adobe is doing their best to hide the download links for install_flash_ax.exe (ActiveX) and install_flash.exe (NPAPI) so that you can only get things with their busted-ass DLM. Fail.

Please, Adobe: Put the links to the actual EXE downloads back at a higher level on your site with text like this, “In the all to common event that our DLM fails to update your install of Flash, download the appropriate updater here.”

Oh yeah – and fix your DLM. While you are at it, make the updater that appears when users logon to their machine update ANY and ALL versions of Flash on the machine.

Thursday, June 17, 2010

Learn to F’ing Drive

There, I said it. I’ll say it again: Learn to f’ing drive! That’s right – this is directed at 80% or more of you out there. As my daughter graduates from online Driver’s Ed to getting a learner’s permit and signing up for Driver’s Training I’ve been noticing more and more of you out there who, to be kind, need a refresher in said courses. Lots of you want to hit her (no, not that – get your mind out of the gutter). I mean many of you have a plan to hit her car with your car.

Let’s start with a quick quiz:

The lever that sticks out of the left hand side of the steering column is:

  1. It has something to do with the cruise control only; I’ve never used this mysterious lever.
  2. It’s the wiper control. It also turns on my emergency flashers.
  3. It is the turn signals.
  4. It must control the satellite radio or something.

From my observations of your driving skills, most of you probably answered something other than the correct number (number 3 was correct). For those who missed this question, you are supposed to use the signal before making a turn or a lane change. Note that I said BEFORE making a lane change. Not letting it flash once or twice while you are in between lanes, thinking it is oh so cute. Before. Get it right and use it. If your turn signals are disabled, you are supposed to use the alternate hand signals. Some of you know this one – it looks like this below:


Others of you have not quite mastered your alternate hand signals and seem to use the following instead of your turn signal:


I do see this used from time to time although strangely the people using it seem to only manage to get one of their fingers up. They must just be lazy I guess. They do seem a bit confused, too, though because they often stick their head out the window while performing this signaling operation.

Choose a lane and stick with it:

Many of you, especially those who haven’t mastered the simple art of the turn signal, seem to randomly change lanes – seemingly with no cognitive process involved – whenever you feel like it, or whenever the song changes on the radio. Many of you aren’t old enough to have ever gone to a roller skating rink, but if you had you would know that “you are going too fast if you are passing more people than are passing you.” That was a common refrain at the old rink. Even though it speaks of a poor understanding of math (with an odd number of skaters, only one person would be going the right speed and with an even number none would be going the correct speed), it is a decent enough guideline for driving. If you find yourself weaving around: STOP IT, you are going TOO DAMN FAST. Learn what the other drivers around you (who you are passing) seem to have grasped: the proper speed. Get in the correct lane and stay there. Do you have an off ramp you need to take in the next couple of miles? Get to the proper place. Does the freeway split and you have to go towards the left fork? Be in the correct lane. And STAY THERE.

Proper following distance:

Many people out there on the road believe I am possessed of either magic or supernatural powers and can somehow drive faster than the car in front of me. They probably think Angelina Jolie can curve a bullet too. Nothing else adequately explains why they are constantly “drafting” about 8 inches off of my bumper. It is amazing how they believe this – I think they need to take a basic physics course and learn both their reaction time and the distance it takes to bring a car to a stop. (Between reaction time and the coefficient of friction on a good day that is about 345 feet at 65 MPH). The time, in seconds, for them to hit my daughter’s car when following about 1 foot behind when she brakes suddenly? About 0.1 second. Please remember: you need to be back at least 3 seconds and preferably 4. Start counting seconds as the car in front of you passes a stationary object or marker along the road. One one-thousand, two one-thousand, three one-thousand, four one-thousand. Most of you didn’t make it all the way to two. Those few that made it to four – congratulations and keep it up. Either that or, more likely, the road was empty.

Turn correctly:

First, don’t cut the corner. On a right turn (left turn for you Brits), you need to keep as close to a right angle turn as you can reasonably do in a car with round wheels. That’s right – get the car out into the intersection before turning. Otherwise you will scrape the curb or hit the parked car around the corner. Also, if you are in an intersection where two lanes can turn to the right into a larger street with four lanes – you can’t turn from the left most of the turn lanes into the right most of the lanes on the larger street. Conversely, you can’t be in the right most turn lane and end up on the left side of the larger street. You can turn into the lanes shown only. See below for a diagram (I can drive, but I can’t draw worth beans!):


Master these simple things: Learn to f’ing drive!

Saturday, June 05, 2010

Google Voice: Support? What’s that?

As with several of Google’s free ad-supported services, Google Voice doesn’t have a support staff. Well, they say they do – but there doesn’t appear to be any evidence that said support staff does any support. They may do a wonderful job of keeping on top of the servers and various components that make up the service (as I haven’t personally experienced the service itself being down when I wanted to use it), but they don’t respond to any help requests from users as far as I can tell.

My Google Voice account works perfectly. My wife’s, not so much. Hers won’t route calls and won’t store messages. For example, if you call her you immediately get the “the Google Voice subscriber is not available” message that you should get only when the subscriber didn’t pick up one of their forwarding phones or when the person is set to “do not disturb”. The call goes straight to what sounds like Voice Mail – it even prompts you to leave a message. Said message never shows up in her inbox though. Her account is, to use a technical term, “borked”. We’ve looked through the help and found the support request form that emails the supposed support staff. We’ve filled that form out with the relevant info four times now over four months. Not once has anyone ever gotten back to us or fixed the problem. I’m forced to conclude that if they do have anyone, that person is either four months behind on support requests or perhaps has been on sabbatical. The unlikelihood of that leads me to believe that Google Voice doesn’t actually have any user support.

It really sucks that my wife can’t use her Google Voice. I’d like to be able to call that number and ring her cell phone and work phone at certain hours and cell and home phone during other hours. That works well for me. But nope, can’t use hers.

BTW, we do know how to use the service and it is configured properly to forward to two phones currently. We deleted all the phones, then added them back and went through the whole “service calls the potential forwarding phone and asks you to put in the security code” stuff for each. There is no schedule currently set and she is not set to “do not disturb”. She doesn’t have a block list and call presentation and screening are set to off. It is as simple a setup as it gets, yet it only worked for one month and has been “borked” since.

I’d imagine other users have had problems getting support from Google too. Perhaps it is time they started charging us a small fee and hired some support staff?

Sunday, April 04, 2010

iPAD Makes the Internet Useless for the Weekend

Boy the newly released Apple iPAD has sure taken over the technology sites on the internet on this launch weekend. Try reading Engadget, Gizmodo, or even BGR. Most (in some cases all) of the articles are about the iPAD. Best apps for the iPAD, your charger won’t work on the iPAD, guy destroys an iPAD with a baseball bat, iPAD optimized porn. OK, the guy with the baseball bat was pretty funny – he probably got tired of the internet being useless all weekend too. But the rest of it? Tech folks, get real. This thing is a 768 x 1024, Flash ignoring, keyboard less, apps more expensive, Star Trek ripping off, expensive magazine reader. That said, if it ran LCARS like the one faked up here, I’d buy it.


For their next Star Trek rip-off, they can make the iCorder (and I’d buy that one too; as long as it could tell me where all those life forms are).

How about on Monday, we get our normal tech sites back on the internet and maybe only one iPAD story per day please?

Monday, January 25, 2010

Firefox 3.6 went crazy

For several years people have complained vociferously about Firefox and memory leaks. For those same years, I have wondered what they were on about. They’d say things like, “once Firefox gets to about 1.2 GB RAM usage, I have to reboot.” All this time I have been thinking, “what the hell are you doing to get a web browser to that kind of memory utilization?” I figured they were ad-in junkies with fifteen different ad-ins running and that they had a leak in one of them. I only run adblock plus and I had never seen this problem. The other day, Mozilla released the 3.6 version of Firefox and I upgraded immediately. Today, my machine started running extremely slow and very obviously paging to disk. I checked task manager (which took about 30 seconds to start), and to my surprise found Firefox using almost 1.2 GB RAM – just like those other users have been reporting for years. Interestingly, Mozilla’s web site says they fixed many memory leaks in Firefox 3.6. My experience today and the graphic below would seem to indicate that they caused at least one new leak:


Wow! That’s a lot of memory to be consuming on a 2 GB Windows 7 machine! If anyone else is getting this type of result from the new 3.6 I would expect there will be an update pretty quickly.

Monday, January 04, 2010

Customer Torture Part II

Since I was thinking about the terrible customer service offered by most tech companies these days, I decided to compare the current “customer avoidance” dance that they perform with the tenets of a bygone era (the late 1980’s as best as I can determine based on mergers, company name changes, etc.). Here’s a link to the actual tenets of customer service as posted on the wall at a major company. (Portions of the image are redacted and the title removed so that the company remains unidentifiable). Let’s compare some of these tenets with the way customers are treated today.

A Customer is not an outsider to our business; he is a definite part of it. In today’s world, try to find contact information for a company that will take you anywhere except their marketing department. For example, spend time searching the Dell site for how to email in a service request. Try to search for how to actually use your warranty on HP’s site. It becomes obvious that we, as customers, are no longer a part of tech companies business. We are numbers and any interaction with us is too costly to imagine so they avoid us like the plague and relegate us to phone queues whose options have “recently changed” and whose operators (if you can get through to them) are powerless to actually help anyone.

A Customer brings us his wants. It is our job to handle them properly and profitably – both to him and to ourselves. In other words, not like this. I’d imagine it isn’t very profitable for either the company or the customer for the customer to have to call 5 different “customer service” representatives, all of whom either give different information or make different technical mistakes. It would probably be more profitable for both parties if the customer service people were trained to know when they can handle something or have to escalate (and soft transfer) to a higher level technician. It would definitely make folks like me have more customer loyalty if I knew the company actually cared enough to have decent customer service. I shouldn’t have to think, “ah, damn – I need to call support. Well let me clear my calendar for the next 8 hours and expect my service to be broken for 2 days.”

Retail companies deserve a call out here too as the news seems to be full of items like this where companies seem to be low-balling the pricing in their advertisements to get “chumps” or “marks” (how they must see us in order to act this way) into the store only so that they can push their overpriced “services”. Often times I have heard that although the companies themselves “don’t condone” deceptive sales practices, their quota systems mean sales folks either use deceptive practices like in the Consumerist article linked above or they get fired for not meeting quotas.

Many of these types of business will happily sell you a USB cable for $25.00 that you can get online for $2.00. Now obviously paying for retail space, having stock people, cashiers, and salespeople costs money so that $2.00 cable needs to be more than $2.00 in a retail outlet. The convenience of not having to wait for shipping does need to be worth some price difference. But 1250% markup of an already not wholesale internet price doesn’t seem to be a proper balance of profitability between customer and company.

A Customer is not someone to argue or match wits with. He deserves courteous, attentive treatment. It isn’t only the tech companies that violate this one. A few years ago, I went on a camping trip with my family. Unbeknownst to me, the prior day I had eaten some contaminated food. While on the trip, I got severe food poisoning and was losing fluids at an alarming rate. My wife got on the phone with the HMO’s advice line. She had to call twice only to be told rudely “he has INFLUENZA” and get hung up on. Now, since the normal symptoms of influenza (this is before bird-flu, swine-flu, or other “new flus”) don’t include intense diarrhea, crazy nausea, 5 minute variations from freezing cold to sweating, etc. we knew this was wrong and my family took me to a regional medical center. I was hospitalized, injected with anti-nausea drugs, put on a double saline drip and kept overnight. Oh, and by the time I was examined my temperature was down to 92 degrees and I could no longer move my fingers. Influenza, right.

A Customer is not dependent on us. We are dependent on him. This seems like an easy statement to agree with. But the practical treatment of it today seems to be along the lines of “attract as many customers as possible, while doing little to nothing to keep them.” Well, other than doing things like doubling the early termination fees or other things to confuse the customer into staying.

My advice to companies? How about training your support folks and sales associates? Perhaps you could have clear contracts that don’t hide large fees in 20 page agreements that customers are pressured to sign without reading? Maybe rethink spending so much money on marketing, segmentation, and advertising and a bit more on actual customer retention. People shouldn’t have to complain about companies on blogs and twitter in order to get service. That’s right, several companies have staff paid to help get them better PR by going through Twitter and Blogs and resolving the customer’s issue – hoping that they will get better coverage in the blog press because of it when the real issue is that their normal channels such as phone, email, etc. refused to solve the problem in the first place. Think about it…