Category Archives: rants

The problem with price comparison sites

A piece in the weekend Guardian by its excellent personal finance correspondent Patrick Collinson includes, almost as an aside, an explanation of why price comparison sites are bad news for some customers.

Collinson’s report concerns a man who discovered that his elderly parents-in-law were being asked for £579.08 for home insurance from the Halifax. He considered this excessive, went online to get a quote direct from Halifax for the same house, and was quoted £108. In other words, the renewal was more then five times more expensive, a shocking penalty for loyalty or inertia.

Why is this happening? In part, because insurance companies can get away with it, but that is not the whole story. The problem, Collinson explains, is the price comparison sites which “drive nearly all new business.”

It is obvious that price comparison sites tend to increase prices, since they are financed by commission on sales made through the site. This effect in itself will not make such a dramatic difference though. The bigger problem is that in order to secure the sale, prices for new business have to be cut to the bone. The only viable way to quote such low prices is to subsidise new customers with profits made from existing customers.

That does not justify the behaviour of the Halifax, which actually increased the premium demanded from this elderly couple by £96.52 from that asked the previous year. But it does show why these sites tend to increase unfair pricing.

Microsoft’s Dynamics CRM 2016/365: part brilliant, part perplexing, part downright sloppy

I have just completed a test installation of Microsoft’s Dynamics CRM on-premises; it is now called Dynamics 365 but the name change is cosmetic, and in fact you begin by installing Dynamics CRM 2016 and it becomes Dynamics 365 after applying a downloaded update.

Microsoft’s Dynamics product has several characteristics:

1. It is fantastically useful if you need the features it offers

2. It is fantastically expensive for reasons I have never understood (other than, “because they can”)

3. It is tiresome to install and maintain

I wondered if the third characteristic had improved since I last did a Dynamics CRM installation, but I feel it has not much changed. Actually the installation went pretty much as planned, though it remains fiddly, but I wasted considerable time setting up email synchronization with Exchange (also on-premises). This is a newish feature called Server-Side Synchronization, which replaces the old Email Router (which still exists but is deprecated). I have little love for the Email Router, which when anything goes wrong, fills the event log with huge numbers of identical errors such that you have to disable it before you can discover what is really going wrong.

Email is an important feature as automated emails are essential to most CRM systems. The way the Server-Side Synchronization works is that you configure it, but CRM mailboxes are disabled until you complete a “Test and Enable” step that sends and receives test emails. I kept getting failures. I tried every permutation I could think of:

  • Credentials set per-user
  • Credentials set in the server profile (uses Exchange Impersonation to operate on behalf of each user)
  • Windows authentication (only works with Impersonation)
  • Basic authentication enabled on Exchange Web Services (EWS)

All failed, the most common error being “Http server returned 401 Unauthorized exception.” The troubleshooting steps here say to check that the email address of the user matches that of the mailbox; of course it did.

An annoyance is that on my system the Test and Enable step does not always work (in other words, it is not even tried). If I click Test and Enable in the Mailbox configuration window, I get this dialog:

image

However if I click OK, nothing happens and the dialog stays. If I click Cancel nothing happens and the dialog stays. If I click X the dialog closes but the test is not carried out.

Fortunately, you can also access Test and Enable from the Mailbox list (select a mailbox and it appears in the ribbon). A slightly different dialog appears and it works.

I was about to give up. I set Windows authentication in the server profile, which is probably the best option for most on-premises setups, and tried the test one more time. It worked. I do not know what changed. As this tech note (which is about server-side synchronization using Exchange Online) remarks:

If you get it right, you will hear Microsoft Angels singing

But what’s this about sloppy? There is plenty of evidence. Things like the non-functioning dialog mentioned above. Things like the date which shows for a mailbox that has not been tested:

image

Or leaving aside the email configuration, things like the way you can upload Word templates for use in processes, but cannot easily download them (you can use a tool like the third-party XRMToolbox).

And the script error dialog which has not changed for a decade.

Or the warning you get when viewing a report in Microsoft Edge, that the browser is not supported:

image

so you click the link and it says Edge is supported.

Or even the fact that whenever you log on you get this pesky dialog:

image

So you click Don’t show this again, but it always reappears.

It seems as if Microsoft does not care much about the fit and finish of Dynamics CRM.

So why do people persevere – in fact, the Dynamics business is growing for Microsoft, largely because of Dynamics 365 online and its integration with Office 365. The cloud is one reason, which removes at least some of the admin burden. The other thing though is that it does bring together a set of features that make it invaluable to many businesses. You can use it not only for sales and marketing, but for service case management, quotes, orders and invoices.

It is highly customizable, which is a mixed blessing as your CRM installation becomes increasingly non-standard, but does mean that most things can be done with sufficient effort.

In the end, it is all about automation, and can work like magic with the right carefully designed custom processes.

With all those things to commend it, it would pay Microsoft to work at making the user interface less annoying and the administration less prone to perplexing errors.

The price of free Wi-Fi, and is it a fair deal?

Here we are in a pub trying to get on the Wi-Fi. The good news: it is free:

image

But the provider wants my mobile number. I am a little wary. I hate being called on my mobile, other than by people I want to hear from. Let’s have a look at the T&C. Luckily, this really is free:

image

But everything has a cost, right? Let’s have a look at that “privacy” policy. I put privacy in quotes because in reality such policies are often bad news for your privacy:

Screenshot_20180211-141004

Now we get to the heart of it. And I don’t like it. Here we go:

“You also agree to information about you and your use of the Service including, but not limited to, how you conduct your account being used, analysed and assessed by us and the other parties identified in the paragraph above and selected third parties for marketing purposes”

[You give permission to us and to everyone else in the world that we choose to use your data for marketing]

“…including, amongst other things, to identify and offer you by phone, post, our mobile network, your mobile phone, email, text (SMS), media messaging, automated dialling equipment or other means, any further products, services and offers which we think might interest you.”

[You give permission for us to spam you with phone calls, texts, emails, automated dialling and any other means we can think of]

“…If you do not wish your details to be used for marketing purposes, please write to The Data Controller, Telefönica UK Limited, 260 Bath Road, Slough, SLI 4DX stating your full name, address, account number and mobile phone number.”

[You can only escape by writing to us with old-fashioned pen and paper and a stamp and note you have to include your account number for the account that you likely have no clue you even have; and even then, who is to say whether those selected third parties will treat your personal details with equal care and concern?]

A fair deal?

You get free Wi-Fi, O2 gets the right to spam you forever. A fair deal? It could be OK. Maybe there won’t in fact be much spam. And since you only give your mobile number, you probably won’t get email spam (unless some heartless organisation has a database linking the two, or you are persuaded to divulge it).

In the end it is not the deal itself I object to; that is my (and your) decision to make. What I dislike is that the terms are hidden. Note that the thing you are likely to care about is clause 26 and you have to not only view the terms but scroll right down in order to find it.

Any why the opt-out by post only? There is only one reason I can think of. To make it difficult.

The annoyance of mistaken email addresses – an example from Netflix

One of the reasons email is broken is that many companies do not bother to verify email addresses when setting up accounts. If someone by accident or design opens an account with an email other than their own – yours, for example – the person who actually has that email address may get bombarded with unwanted emails. Mostly you can just block them with all the other spam but it can be problematic. You may run into difficulties if you try to open your own account with the same organization. If there is money involved you may also get pursued by email for the other person’s debts; presumably this sort of thing can be sorted out but in some cases passively accepting the problem might not be the best idea.

What should happen is that all email addresses are verified. The company where the account is set up sends ONE email to the address given, with a magic link to verify that it really is you that set up the account. If you ignore that email you should never get another one. Sometimes there is even a link to say “this is not me” or “disavow”, which is even better.

Unfortunately it can be hard to inform the organisation of the wrong email address. In the majority of cases, emails come from a “do not reply” address. Often you are meant to log into the account (that is not your account) to make changes or contact support. You would have to change the password of course. That seems a bad idea and might even be considered a tacit acceptance that it is your account, or a hack attempt.

When this happens to me I mostly ignore it, but sometimes resort to things like Twitter support contacts or web chat. It can still be awkward. Here’s my chat transcript when Netflix (which should know better) sent me a welcome email for my new account (nothing to do with me):

Me
Someone has created a Netflix account with my email address. Please delete it.

[Rep] Netflix
Hi there 🙂

[Rep] Netflix
Sure!! No problem

[Rep] Netflix
Could you please tell me what’s your email address?

Me
*************************

[Rep] Netflix
I could find any active account with this email address… don’t you have another email address?

Me
I have just received a welcome email

[Rep] Netflix
To that email? *************************

Me
yes

Me
Hey there, My name is ****. I work at Netflix and help our newest members get started. If you’d like to chat before you start your free month, you can call 1-***-***-**** with any questions. Also, don’t worry about being billed by surprise — we always send a reminder before your free trial ends. If you’re all set, finish your account setup to start watching. If there’s anything you need help with, don’t hesitate to contact us. Cheers, **** netflix.com

[Rep] Netflix
Oohh!!! That’s definetely not from us!!

Me
it passes DKIM

[Rep] Netflix
This is a phising email

[Rep] Netflix
phishin*

Me
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@netflix.com

Me
so it is from your domain

[Rep] Netflix
Please tell me the email address who sent you the email
Me

Me
***********************

[Rep] Netflix
OOH!! O.O

[Rep] Netflix
Please wait a second

[Rep] Netflix
I’m checking here… please hang on there

Me
thanks

[Rep] Netflix
It looks like someone took your email information and created an account, but don’t worry, I’m cancelling the account right now

Me
thanks
Me

that is what I said at first 🙂

[Rep] Netflix
Yes… I know xD but I really needed to confirm all the information

[Rep] Netflix
I’m on it now 🙂

[Rep] Netflix
Done 🙂

Me
thanks

[Rep] Netflix
I was a pleasure 🙂

[Rep] Netflix
And one more thing, if you wouldn’t mind, please stay online for a one question survey.

I declined the one question survey.

The threat from insecure “security” cameras and how it goes unnoticed by most users

Ars Technica published a piece today about insecure network cameras which reminded me of my intention to post about my own experience.

I wanted to experiment with IP cameras and Synology’s Surveillance Station so I bought a cheap one from Amazon to see if I could get it to work. The brand is Knewmart.

image

Most people buying this do not use it with a Synology. The idea is that you connect it to your home network (most will use wifi), install an app on your smartphone, and enjoy the ability to check on how well your child is sleeping, for example, without the trouble of going up to her room. It also works when you are out and about. Users are happy:

So far, so good for this cheap solution for a baby monitor. It was easy to set up, works with various apps (we generally use onvif for android) and means that both my wife and I can monitor our babies while they’re sleeping on our phones. Power lead could be longer but so far very impressed with everything. The quality of both the nightvision and the normal mode is excellent and clear. The audio isn’t great, especially from user to camera, but that’s not what we bought it for so can’t complain. I spent quite a long time looking for an IP cam as a baby monitor, and am glad we chose this route. I’d highly recommend.

My needs are a bit different especially as it did not work out of the box with Surveillance Station and I had to poke around a bit. FIrst I discovered that the Chinese-made camera was apparently identical to a model from a slightly better known manufacturer called Wanscam, which enabled me to find a bit more documentation, but not much. I also played around with a handy utility called Onvif Device Manager (ONVIF being an XML standard for communicating with IP cameras), and used the device’s browser-based management utility.

This gave me access to various settings and the good news is that I did get the camera working to some extent with Surveillance Station. However I also discovered a number of security issues, starting of course with the use of default passwords (I forget what the admin password was but it was something like ‘password’).

The vendor wants to make it easy for users to view the camera’s video over the internet, for which it uses port forwarding. If you have UPnP enabled on your router, it will set this up automatically. This is on by default. In addition, something strange. There is a setting for UPnP but you will not find it in the browser-based management, not even under Network Settings:

image

Yet, if you happen to navigate to [camera ip no]/web/upnp.html there it is:

image

Why is this setting hidden, even from those users dedicated enough to use the browser settings, which are not even mentioned in the skimpy leaflet that comes with the camera? I don’t like UPnP and I do not recommend port forwarding to a device like this which will never be patched and whose firmware has a thrown-together look. But it may be because even disabling UPnP port forwarding will not secure the device. Following a tip from another user (of a similar camera), I checked the activity of the device in my router logs. It makes regular outbound connections to a variety of servers, with the one I checked being in Beijing. See here for a piece on this, with regard to Foscam cameras (also similar to mine).

I am not suggesting that there is anything sinister in this, and it is probably all about registering the device on a server in order to make the app work through a peer-to-peer network over the internet. But it is impolite to make these connections without informing the user and with no way that I have found to disable them.

Worse still, this peer-to-peer network is not secure. I found this analysis which goes into detail and note this remark:

an attacker can reach a camera only by knowing a serial number. The UDP tunnel between the attacker and the camera is established even if the attacker doesn’t know the credentials. It’s useful to note the tunnel bypasses NAT and firewall, allowing the attacker to reach internal cameras (if they are connected to the Internet) and to bruteforce credentials. Then, the attacker can just try to bruteforce credentials of the camera

I am not sure that this is the exact system used by my camera, but I think it is. I have no intention of installing the P2PIPC Android app which I am meant to use with it.

The result of course is that your “security” camera makes you vulnerable in all sorts of ways, from having strangers peer into your bedroom, to having an intrusion into your home or even business network with unpredictable consequences.

The solution if you want to use these camera reasonably safely is to block all outbound traffic from their IP address and use a different, trusted application to get access to the video feed. As well as, of course, avoiding port forwarding and not using an app like P2PIPC.

There is a coda to this story. I wrote a review on Amazon’s UK site; it wasn’t entirely negative, but included warnings about security and how to use the camera reasonably safely. The way these reviews work on Amazon is that those with the most “helpful votes” float to the top and are seen by more potential purchasers. Over the course of a month or so, my review received half a dozen such votes and was automatically highlighted on the page. Mysteriously, a batch of negative votes suddenly appeared, sinking the review out of sight to all but the most dedicated purchasers. I cannot know the source of these negative votes (now approximately equal to the positives) but observe that Amazon’s system makes it easy for a vendor to make undesirable reviews disappear.

What I find depressing is that despite considerable publicity these cameras remain not only on sale but highly popular, with most purchasers having no idea of the possible harm from installing and using what seems like a cool gadget.

We need, I guess, some kind of kitemark for security along with regulations similar to those for electrical safety. Mothers would not dream of installing an unsafe electrical device next to their sleeping child. Insecure IoT devices are also dangerous, and somehow that needs to be communicated beyond those with technical know-how.

Fake TalkTalk Frequently Asked Questions

I use TalkTalk for broadband and landline – though I never signed up with TalkTalk, I signed up with a smaller provider that was taken over – and recently I have been plagued with calls from people claiming to be from TalkTalk, but who in fact have malicious intent. If I am busy I just put the phone down, but sometimes I chat with them for a while, to discover more about what they are trying to do.

Rather than write a long general piece about this problem, I thought the best approach would be a Q&A with answers to the best of my knowledge.

Why so many fake TalkTalk calls?

I have two landline numbers, and until recently only the non-TalkTalk number ever got called by scammers. This makes me think that the flood of TalkTalk calls is related to data stolen from the company, perhaps in October 215 or perhaps in subsequent attacks. Some victims report that scammers know their name and account number; in my case I don’t have any evidence for that. On a couple of occasions I have asked the caller to state my account number but they have given me a random number. However I do think that my telephone number is on a list of valid TalkTalk numbers that is circulating among these criminal companies.

How do I know if it is really TalkTalk?

My advice is to assume that is it not TalkTalk. If you think TalkTalk really wants to get in touch with you, put the phone down and call TalkTalk customer service, either from another number or after waiting 15 minutes to make sure that the person who called you has really terminated the call.

How does the caller know my Computer License ID?

A common part of these scripts is that the caller will show that he knows your “computer license ID” by guiding you to show it on your screen and then reading it to you. They do this by getting to you open a command window and type assoc:

image

The way this works is simple. The number you see next to .ZFSendToTarget is not a license ID. The abbreviation stands for Class ID and it is part of the plumbing of Windows, the same on every Windows PC.

What about all the malware errors and warnings on my PC?

This is a core part of the fake TalkTalk (and fake Microsoft) script. Our server has picked up warning messages from your computer, they say, and they show you a list of them.

The way this works is that the scammer guides you to open a Windows utility called Event Viewer, usually via the Run dialog (type eventvwr). Then they get you to filter it to show “Administrative events” which filters the log to show only errors and warnings.

Now, you have to agree that the number of errors and warnings Windows manages to generate is remarkable. My PC has over 9,000:

image

However, these messages are not generated by malware, nor are they broadcast to the world (or to TalkTalk servers). They are simply log entries generated by the operating system. If you have time on your hands, you can look up the reason for each one and even fix many of them; but in most cases they are just noise. Real malware, needless to say, does not make helpful logs of its activity but keeps quiet about it.

What does Fake TalkTalk really want to do?

Once your fake TalkTalk caller has persuaded you that something is wrong with your PC or router or internet connection, the next step is invariably to get remote access to your PC. They do this by guiding you to a website such as Ammyy or Logmein Rescue, and initiate a support session. These are legitimate services used by support engineers, but unfortunately if you allow someone untrustworthy to log onto your PC bad things will happen. Despite what the caller may tell you, these sessions are not just for messaging but enable the scammer to see your computer screen and even take over mouse and keyboard input.

Windows will generally warn you before you allow a remote session to start. You have to pass a dialog that says something like “Do you want to allow this app to make changes to your PC?” or similar. This warning is there for a reason! For sure say No if fake TalkTalk is on the line.

Note though that this remote control software is not in itself malware. Therefore you will see that the software that is trying to run is from a legitimate company. Unfortunately that will not protect you when someone who means you harm is at the other end of the connection.

OK, so Fake TalkTalk has a remote connection. What next?

Despite my interest in the goals of these scammers, I have never gone so far as to allow them to connect. There are ways to do this relatively safely, with an isolated virtual machine, but I have not gone that far. However I have seen reports from victims.

There is no single fake TalkTalk, but many organisations out there who do this impersonating. So the goals of these various organisations (and they are generally organisations rather than individuals) will vary.

A known scam is that the scammer will tell you a refund is due because of your slow internet connection. They show you that the sum has been paid, via a fake site, but oh dear, it is more than is due! For example, you are due £200 but have been paid £1200. Oops. Would you mind repaying the £1000 or I will be fired? So you send off £1000 but it turns out you were not paid any money at all.

Other possibilities are that your PC becomes part of a bot network, to be rented out to criminals for various purposes; or that the “engineer” finds such severe “problems” with your PC that you have to purchase their expensive anti-malware software or service; or your PC may be used to send out spam; or a small piece of software is installed that captures your keystrokes so your passwords will be sent to the scammer; or the scammer will search your documents for information they can use for identity theft.

Many possibilities, so for sure it is better not to let these scammers, or anyone you do not trust, to connect to your PC.

Who are the organisations behind Fake TalkTalk?

When I am called by TalkTalk impersonators, I notice several things. One is that the call quality is often poor, thanks to use of a cheap voice over IP connection from a far-off country. Second, I can hear many other calls taking place in the background, showing that these are not just individuals but organisations of some size. In fact, a common pattern is that three people are involved, one who initiates the call, a supervisor who makes the remote connection, and a third “engineer” who takes over once the connection is made.

One thing you can be sure of is that the are not in the UK. In fact, all the calls I have had seem to originate from outside Europe. This means of course that they are outside the scope of our regulators and difficult for police or fraud investigators to track down.

If you ask one of these callers where they are calling from, they often say they are in London. You can have some fun by asking questions like “what is the weather like in London?” or “what is the nearest tube station?”, they probably have no idea.

What is being done about this problem?

Good question. I have reported all my calls to TalkTalk, as well as using “Report abuse” forms on LogMeIn with the PIN numbers used by the criminals. On one occasion I had a scammer’s Google email address given to me; there is no way I can find to report this to Google which perhaps shows the limits of how much the company cares about our security.

I am not optimistic then that much of substance is being done or can be done. Addressing the problem at source means visiting the country where the scam is based and working with local law enforcement; even if that worked, other organisations in other countries soon pop up.

That means, for the moment, that education and warning is essential, imperfect though it is. TalkTalk, it seems to me, could do much better. Have they contacted all their customers will information and warnings? I don’t believe so. It is worried, perhaps, more about its reputation than the security of its customers.

Why Microsoft is hard to love

Microsoft CEO Satya Nadella stated last week that “We want to move from people needing Windows to choosing Windows to loving Windows. That is our bold goal with Windows.”

It is an understandable goal. Many users have discovered a better experience using a Mac than with Windows, for example, and they are reluctant to go back. I will not go into all the reasons; personally I find little difference in usability between Mac and Windows, but I do not question the evidence. There are numerous factors, including the damage done by OEMs bundling unwanted software with Windows, countless attacks from malware and adware, badly written applications, low quality hardware sold on price, and yes, problems with Windows itself that cause frustration.

There is more though. What about the interaction customers have with the company, which makes a difference to the emotional response to which Nadella refers? Again, Apple has an advantage here, since high margins enable exceptional customer service, but any company is capable of treating its customers with respect and consideration; it is just that not all of them do.

Now I will point Nadella to this huge thread on Microsoft’s own community forums.  The discussion dates from September 10 2014 and the contributors are customers who own Windows Phone devices such as the Lumia 1020. They discovered that after updating their devices to Windows 8.1 they experienced intermittent freezes, where the phone stops responding and has to be cold booted by pressing an emergency button combination (volume down plus power). These, note, are critical customers for Microsoft since they are in the minority that have chosen Windows Phone and potentially form a group that can evangelise this so far moribund platform to others.

The thread starts with a huge effort by one user (“ArkEngel”) to document the problem and possible fixes. Users understand that these problems can be complex and that a fix may take some time. It seems clear that while not all devices are affected, there are a substantial number which worked fine with Windows Phone 8, but are now unreliable with Windows Phone 8.1. A system freeze is particularly problematic in a phone, since you may not realise it has happened, and until you do, no calls are received, no alerts or reminders fire, and so on, so these customers are anxious to find a solution.

Following the initial complaint, more users report similar issues. Nobody from Microsoft comments. When customers go through normal support channels, they often find that the phone is reset to factory defaults, but this does not fix the problem, leading to multiple returns.

Still no official comment. Then there is an intervention … by Microsoft’s Brian Harry on the developer side. He is nothing to do with the phone team, but on 27 October receives this comment on his official blog:

Brian, sorry to hijack you blog again, but you are the only person in MS who seems to care about customers. Can you please advise whoever in MS is responsible for WP8.1 and make them aware of the “freeze” bug that MANY users are reporting (31 pages on the forum below). There has been NO feedback from MS whatsoever in the months that this has been ongoing and it is obviously affecting many users (myself included). If “cloud first, mobile first” is to be a success, you better make the bl00dy OS work properly. Thanks

Harry promises to raise the issue internally. On 12 Nov still nothing, but a reminder is posted on Harry’s blog and he says:

Nag mail sent.  Sorry for no update.

This (I assume) prompts a post from Microsoft’s Kevin Lee – his only forum post ever according to his profile:

I’m sorry we’ve been dark – I work closely with the Lumia engineering team that’s working directly on this. Trying to shed a little light on this…

Beginning in early September we started to receive an increased number of customer feedback regarding Microsoft Lumia 1020 and 925 device freezes. During the last two months we have been reaching out for more and more data and devices to systematically reproduce and narrow down the root cause. It turned out to be a power regulator logic failure where in combination with multiple reasons the device fails to power up the CPU and peripherals after idling into a deep sleep state.

I am pleased to pass on that we have a fix candidate under validation which we expect to push out the soon with the next SW update!

Appreciate your patience.

OK, so Microsoft knows about the problem, has sat back saying nothing while users try this thing and that, but now after two months says it has a “fix candidate”. This is greeted warmly as good news, but guess what? Phones keep freezing, no fix appears, and in addition, there is lack of clarity about how exactly the fix is being “pushed out”.

Two months later, user Shubhan NeO says:

And I broke my Lumia 1020. Not going back to Windows Phone ever ! Switching back to Android ! Here is sneak peek of my phone !

image

It is not quite clear whether he broke the phone deliberately in a fit of frustration, but perhaps he did as he comments further:

Works ? Seriously ? It hangs 2-3 a day, has stupid support for official apps. So many issue.

I’m done.

Here is another:

I paid the extra £ for a better phone; with a better ’41-megapixel camera’… now to find out that people with cheaper models have not had any freeze problems. Despite peoples comments about this being an aged device, and probably the reason for lack of support, I must add that I only purchased my 1020 ‘NEW’ in July 2014 (which is only 6 months ago). For 3 of those months it has been very unreliable … I am extremely disappointed in how I and everyone else here has been treated by Microsoft.

Read the thread for more stories of frustration and decisions never to buy another Windows Phone.

What are the real problems here? The hardest thing to accept is not the fact of the fault occurring, or even the time taken to fix it, but the apparent lack of concern by the company for the plight of its customers. If Mr Lee, or others from the team, had posted regularly about what the problem is, how they are addressing it, possible workarounds and likely time scales, it would easier for users to understand.

As it is, it seems that this part of the company does not care; a particular shame, as Nokia had a good reputation for customer service.

I post this then as feedback to Nadella and suggest that a cultural shift in some areas of Microsoft is necessary in order to make possible the kind of emotional transition he seeks.

When Windows 8 will not boot: the Automatic Repair disaster

“My PC won’t boot” – never good news, but even worse when there is no backup.

The system was Windows 8. One day, the user restarted his PC and instead of rebooting, it went into Automatic Repair.

Automatic Repair would chug for a bit and then say:

Automatic Repair couldn’t repair your PC. Press “Advanced options” to try other options to repair your PC, or “Shut down” to turn off your PC.

Log file: D:\Windows\System32\Logfiles\Srt\SrtTrail.txt

image

Advanced options includes the recovery console, a command-line for troubleshooting with a few useful commands and access to files. There is also an option to Refresh or reset your PC, and access to System Restore which lets you return to a configuration restore point.

System Restore can be a lifesaver but in this case had been mysteriously disabled. Advanced start-up options like Safe Mode simply triggered Automatic Repair again.

Choosing Exit and continue to Windows 8.1 triggers a reboot, and you can guess what happens next … Automatic Repair.

You also have options to Refresh or Reset your PC.

image

Refresh your PC is largely a disaster. It preserves data but zaps applications and other settings. You will have to spend ages updating Windows to get it current, including the update to Windows 8.1 if you originally had Windows 8. You may need to find your installation media if you have any, in cases where there is no recovery partition. You then have the task of trying to get your applications reinstalled, which means finding setup files, convincing vendors that you should be allowed to re-activate and so on. At best it is time-consuming, at worst you will never get all your applications back.

Reset your PC is worse. It aims to restore your PC to factory settings. Your data will be zapped as well as the applications.

You can also reinstall Windows from setup media. Unfortunately Windows can no longer do a repair install, preserving settings, unless you start it from within the operating system you are repairing. If Windows will not boot, that is impossible.

Summary: it is much better to persuade Windows to boot one more time. However if every reboot simply cycles back to Automatic Repair and another failure, it is frustrating. What next?

The answer, it turned out in this case, was to look at the logfile. There was only one problem listed in SrtTrail.txt:

Root cause found:
—————————
Boot critical file d:\windows\system32\drivers\vsock.sys is corrupt.

Repair action: File repair
Result: Failed. Error code =  0x2
Time taken = 12218 ms

I looked up vsock.sys. It is a VMware file, not even part of the operating system. How can this be so critical that Windows refuses to boot?

I deleted vsock.sys using the recovery console. Windows started perfectly, without even an error message, other than rolling back a failed Windows update.

Next, I uninstalled an old vmware player, using control panel. Everything was fine.

The Automatic Repair problem

If your PC is trapped in the Automatic Repair loop, and you have no working backup, you are in trouble. Why, then, is the wizard so limited? In this case, for example, the “boot critical file” was from a third-party; the wizard just needed to have some logic that says, maybe it is worth trying to boot without it, at least one time.

Finally, if this happens to you, I recommend looking at the logs. It is the only way to get real information about what it going wrong. In some cases you may need to boot into the recovery console from installation media, but if your hard drive is working at all, it should be possible to view those files.

Something Microsoft has never fixed: why Windows is slow to start up

One of the most common complaints I hear about Windows is that it is slow to start up. Everything is fine when a machine is new (especially if it is a clean install or purchased from a Microsoft store, and therefore free from foistware), but as time goes on it gets slower and slower. Even a fast PC with lots of RAM does not fix it. Slow boot is one of many factors behind the drift away from PCs to tablets, and to some extent Macs.

image

As far as I can tell, the main reason PCs become slow to start is one that has been around since DOS days. Some may recall fussing about TSR – Terminate and Stay Resident – applications that would run at startup and stay in memory, possibly causing other applications to fail. Windows today is generally stable, but it is applications that run at startup that cause your PC to start slowly, as well as having some impact on performance later.

I install lots of software for testing so I suffer from this myself. This morning I took a look at what is slowing down my desktop PC. You can view them easily in Windows 8, in Task Manager – Startup tab. A few of the culprits:

  • Adobe: too much stuff, including Service Manager for Creative Suite, Creative Cloud connection, Acrobat utilities
  • Intel Desktop utilities – monitors motherboard sensors
  • Intel Rapid Storage Technology – monitors on-board RAID
  • Sync applications including SkyDrive, Dropbox, SkyDrive Pro (Groove.exe)
  • Seagate Desktop, manage your Seagate NAS (network attached storage)
  • Google stuff: Google Music Manager, Google update, some Chrome updater
  • Plantronics headset updater
  • Realtek HD Audio Manager
  • Fitbit Connect client
  • SpotifyWebHelper
  • Microsoft Zune auto-launcher
  • Microsoft Lync, famously slow to start up and connect
  • Roccat Gaming mouse settings manager
  • Flexera “Common software manager” (InstallShield updater)

Many of these applications run in order to install a notification app – these are the things that run at bottom right, in the notification area of the taskbar. Some apps install their own schedulers, like the Seagate app which lets you schedule backup tasks. Some apps are there simply to check for updates and inform you of new versions.

You can speed up Windows startup by going through case by case and disabling startup items that you do not need. Here is a useful guide. It is an unsatisfactory business though. Users have no easy way to judge whether or not a specific app is doing an important or useful task. You might break something. When you next update the application, the startup app may reappear. It is a mess.

Microsoft should have addressed this problem aggressively, years ago. It did put great effort into making Windows boot faster, but never focussed on the harder task of bringing third-parties into line. A few points:

  • If Windows had a proper notification service, many of these apps would not need to exist. In Windows 8, it does, but that is little help since most applications need to support Windows 7 and even in many cases Windows XP.
  • The notification area should be reserved for high priority applications that need to make users aware of their status at all times. The network connection icon is a good case. Printer ink levels are a bad case, aside from reminding us of the iniquity of printer vendors selling tiny ink cartridges at profiteering prices. In all cases it should be easy to stop the notification app from running via a right-click preference. The Windows 7 idea of hiding the notification icons is counter-productive: it disguises the problem but does not fix it, therefore making it worse. I always set Windows to show all notifications.
  • Many tasks should be done on application startup, not on Windows startup. Then it is under the user’s control, and if the user never or rarely runs the application, no resources are grabbed. Why do I need to know about an update, if I am not running the application? Have the application check for updates each time it runs instead.
  • It is misguided to run a process on start-up in order to speed up the first launch of the application. It may not be needed.
  • If a background process is needed, such as for synchronisation services, why not use a Windows Service, which is designed for this?
  • Windows has a scheduler built in. It works. Why write your own?

Of course it is too late now for desktop Windows. Microsoft did rethink the matter for the “Metro” personality in Windows 8, which is one reason why Windows RT is such a pleasure to use. Apple does not allow apps to run on startup in iOS, though you can have apps respond to push notifications, and that strikes me as the best approach.

Update: I should mention a feature of Windows 8 called Fast Boot (I was reminded of this by a commenter – thanks Danny). Fast Boot does a hybrid shutdown and hibernation:

Essentially a Windows 8 shutdown consists of logging off all users and then hibernating.

This is almost another subject, though relevant. Microsoft has for years sought to address the problem of slow boot by designing Windows never to switch off. There are two basic approaches:

Sleep: the computer is still on, applications are in memory, but in a low power state with screen and hard drives off.

Hibernation: the computer writes the contents of its memory to disk storage, then powers off. On startup, it reads back the memory and resumes.

My own experience is that Sleep does not work reliably long-term. It sometimes works, but sooner or later it will fail to resume and you may lose data. Another issue on portables is that the “low-power state” is not as low power as it should be, and your battery drains. These factors have persuaded me to shut down rather than sleep.

My experience of hibernation is better, though not perfect. It usually works, but occasionally fails and again you lose data.

Fast boot is a clever solution that works for some, but it is a workaround that does not address the real issue which I have outlined above: third-party and Microsoft applications that insist on automatic start-up.