Friday, January 29, 2016

Reset your Windows 10 system with the Keep My Files option

If your Windows 10 system goes awry, it's good to know that you have tools to help revive it--without losing any data.

Microsoft went to every effort to ensure that Windows 10 is a solid OS, but you still might encounter a situation that causes your system to become unstable. You could suffer a nasty virus infection, install an incompatible software application, or possibly even install a rickety device driver. Whatever the cause, Windows 10's Recovery Drive tool can help you revive an unstable system without losing your data.

Using Reset This PC with the Keep My Files option will essentially perform a fresh install of Windows 10 while keeping all your data intact. More specifically, when you choose this option from the Recovery Drive, it will find and back up all your data, settings, and apps. It will then install a fresh copy of Windows and restore the data, settings, and the apps that were installed with Windows 10. When your PC restarts, just log in with your same username and password and find all your data.

Now, it's important to remember that using Reset This PC with the Keep My Files option does not back up and restore any desktop applications you have installed. The reasoning is that a recently installed desktop application could be the cause of the instability. To help you to remember what desktop applications you had installed, the Reset This PC tool will create a list of those applications that were not saved or restored, so that you can decide whether you want to reinstall them.

Let's take a closer look at how Reset This PC with the Keep My Files option works.

What you need

To run Reset This PC with the Keep My Files option as I'll describe in this article, you'll need to have created a Recovery Drive. (See Be prepared: Create a Windows 10 Recovery Drive for a description of that process.) If you are using an optical disc Recovery Drive—or for some reason couldn't use the Back Up System Files To The Recovery Drive option, you can still use Reset This PC with the Keep My Files option. You will just need to have some form of Windows 10 installation media, either USB or DVD.

You can create your own Windows 10 installation media using the Windows 10 Media Creation Tool from Microsoft.

Running Reset This PC with the Keep My Files option

Running Reset This PC with the Keep My Files option is actually easy. It will take some time to complete, but it is a straightforward operation. After your system boots from the Recovery Drive and you select the Troubleshoot > Reset This PC option. You'll select the Keep My Files option

Select the Windows 10 tile.

In a moment you'll see the Reset This PC screen, which outlines what this option will provideResetting will:

Remove all apps and programs that didn't come with this PC
Change settings back to their defaults
Reinstall Windows without removing your personal files

To proceed, click the Reset button. (If required, you will be prompted to insert your Windows 10 installation media at this point.) The system will then reboot and begin performing the first stage of the procedure, as shown in Figure D, which includes saving your data files and settings

Your system will reboot and start the first stage of the reset procedure.

During the next stage of the procedure, the system begins installing Windows. When the percentage count hit 99%, I thought it was ready to finish—but it actually sat at the 99% mark for quite a long time. On my test system, the entire procedure took somewhere around 40 minutes to complete, and of course the system restarted several times.

During the second stage of the procedure, the system begins installing Windows.

After the final restart, your Login screen will appear and you'll be able to log in with the same username and password, just like you always have. When you log in for the first time, some of the standard screens associated with Windows 10's first run will appear.

Once everything is complete and you see the desktop, look for an HTML file called Removed Apps. Open the file in Microsoft Edge and you'll see a display similar to the one shown in

Figure F

The Removed Apps file contains a list of all the applications that were removed during the Reset operation.

As you can see, this list shows all the applications that were removed from my test system during the Reset operation. At this point, you can begin reinstalling your desktop applications. You can then get right back to work on a stable system.

Thursday, January 28, 2016

Photos of the world's self-driving cars racing toward 2020


                     Google                                                            Ford


                      Audi                                               Kia

                       Toyota                                                                GM
                Mercedes-Benz                                                                    Nissan
                       Volkswagen                                                            Honda
                            Volvo                                                                         Bosch
                          Baidu                                                                           Apple

Wednesday, January 27, 2016

Amazon, robots and the near-future rise of the automated warehouse

How warehouse roles carried out by large numbers of Amazon's 220,000 staff are expected to be automated in the coming years.
A human worker in one of Amazon's warehouses picks items from shelves brought to him by Kiva robots.

While Amazon employs more than 220,00 people and is growing fast, it is also pursuing technologies that would ultimately allow it to replace many workers in its warehouses worldwide.

Amazon's warehouses - known as fulfilment centers - are already partially automated, with a growing number of centers using Kiva robots to carry shelves of products to human workers, who then pick the items to be shipped.

Without automation, Amazon would be unable to ship items to millions of people each day and as the retail giant moves towards its goal of delivering packages within 30 minutes it needs to continue to streamline delivery.

Not only does Amazon plan to use Kiva bots in more of its warehouses but it also wants to automate the process of picking items from shelves. To that end, the firm last year set up the Amazon Picking Challenge (APC), a contest where robotics researchers compete for a $25,000 prize for designing the best picking bot.

The inaugural contest highlighted just how difficult bots find such tasks, with about half of the teams competing failing to score a single point and the bots working far more slowly than humans. A human can sort about 400 items per hour with minimal errors, while the best robot in the APC achieved a rate of about 30 sorts per hour with a 16 percent failure rate. This relatively poor performance occurred despite the robots being given a far simpler challenge than they would face inside an Amazon warehouse, with bots being tasked with picking from a pool of just 25 items, rather than millions, and with only a few items mixed together.

However, looking back at the contest the teams that took part in the first APC are upbeat - forecasting these early issues will be overcome and that warehouse automation is on the cusp of increasing significantly.

"Recent developments in robotics have the potential of substantially increasing the degree of automation in warehouse logistics and order fulfillment in the near future," according to the paper written by key APC team members - including Peter Wurman, the technical co-founder of Amazon-owned Kiva Systems - now Amazon Robotics.

"The kind of warehouse logistics addressed in the APC, however, can believably be automated using existing or near-future technologies and potentially faster than many other target applications of robotics."

But the teams also warn of the need for "substantial scientific progress" before picking can be automated - pointing out that standard approaches to building robotic hands and creating motion planning software are not sufficient to succeed in the APC.

Building a better warehouse worker

Robotics researchers across the world are working on automating warehouse picking, with advances in many areas. Last week, a team of European researchers revealed a system that picks items within 24 seconds - another step closer to the 5 - 10 seconds it takes human workers to pick each item in an Amazon warehouse.

In contrast, in the Amazon Picking Challenge each robot had more than one minute and a half to pick each item. However, the European bot is working in a very different, and arguably simpler, environment than an Amazon warehouse, with the robot transferring cans between pallets, rather than many different-shaped items from packed shelves.

Nevertheless the European gripping arm - which forms part of an autonomous forklift named the Autonomous Picking & Palletizing (APPLE) platform - demonstrates a novel approach to grasping items, one of the difficulties that contestants had in the APC.

APPLE grips items using the tips of its arm's two "fingers", which close around the item until sensors in the fingertips tell the bot not to exert any more pressure. Conveyor belts on the fingers then roll the object back into the grasp of the hand. The system, which can work safely alongside humans, gets around the difficulty of precisely calculating to what extent the hand should be closed in order to get a firm grip on an object- overcoming another common difficulty with picking bots.

Robert Krug, of the Sweden-based Centre of Applied Autonomous Sensor Systems, was one of APPLE's programmers, and sees their work as progress toward widespread warehouse automation in the near future.

"Clearly there is a discrepancy with a human's speed but there is a big step up from what we could previously achieve with this kind of system."

Krug anticipates picking systems of the type Amazon is pursuing being introduced to warehouses around the start the next decade.

"I don't know whether the first real commercial system will hit in three or five years but it will happen in the very foreseeable future, I'm sure about that."

"The strong interest [in greater warehouse automation] by companies like Amazon shows you the big players think there is something that will happen soon, otherwise they wouldn't put this effort and money into this."

The introduction of automated pickers and other new computerised systems to warehouses will take place gradually - Krug believes - with smaller groups of human workers initially being kept on site to keep the machines on track until they can consistently match or surpass human performance.

"The robot might be able to fulfil its tasks 98 percent of the time, but what do you do about the remaining two percent? One way out is to still have a reduced numbers of humans in the loop. Maybe you could have emergency helpers, who fix tasks when the robot gets stuck."

When asked whether a greater reliance on robots will lead to job losses, Amazon has pointed out that so far its workforce has continued to grow rapidly as it has increased automation.

However, Amazon hasn't explained the commercial benefit of retaining the same number of employees while also running an automated picking system. When asked to comment on the issue for this article, Amazon did not reply.

Tuesday, January 26, 2016

How driverless cars will transform auto insurance and shift burden onto AI and software

In the era of autonomous cars, driving will become safer. With a predicted 80% drop in accidents by 2040, there are major implications for the car insurance industry. Here's what you need to know.
With almost every major car company—and even tech companies like Google and Apple—looking to unveil models of self-driving cars in the next few years, considerations for car safety are being radically altered. According to a report from KPMG, there will be an 80% drop in accident frequency by 2040.

So what does this huge drop in accidents mean? According to Jerry Albright at KPMG, "the implications for the insurance sector are going to be profound. They have to completely transform their business model."

How cars are getting safer

Humans are responsible for 90% of the accidents on the road, said Albright. So when cars make more and more decisions, with tools like like lane assist, self parallel parking, traffic jam assistant and more, accidents drop. "When you remove the human element with something that can react quicker, detect with sensors and lenses, perform a full environmental driving scan," said Albright, "the vehicle risk profile is going to change, and it's going to get safer."

SEE: Autonomous driving levels 0 to 5: Understanding the differences

And, as automated vehicle technology moves toward level 5—offering a completely driverless experience—safety increases. The Insurance Institute for Highway Safety's research shows that fully-engaged technology, meaning that you don't turn off any function, translates into a 7% to 15% reduction in property damage claims. Still, "you don't have to wait to be at a level four to realize the safety benefits," said Albright. "Each generation, each capability that advances the autonomous technology—be it lane assist, stop and go traffic—all of those continue to improve the safety profile of the car."

The rise of the "smart" car

Another way that safety is increasing is through car to car communication. Cars "talk" to each other. "We're anticipating a smart environment in which cars will be talking to the stoplights, to the guardrails, actually to the pavement itself as well as to the other vehicles," said Albright. It's like "a spider web of interactive interchange of communication—as it gets denser and denser, the safety factor continues to advance."

In many ways, autonomous cars can become safer by continuing to learn about the driver. "It's going to also learn from the cumulative driving of all the other drivers," said Albright. Vehicle-to-vehicle communication, (V2V), means that cars will start interacting with other cars. And, eventually, they will also "talk" to the infrastructure at some point, or vehicle-to-infrastructure (V2I).

"You're essentially accumulating driving information from all of their vehicles on the road," said Albright. "If you're driving down 290 West in Chicago and see a huge pothole in the left-hand lane and all the cars are swerving around it, your car then tells all your other cars that are going on 290 West to 'watch out.'"

Impact on insurance companies

Insurers have typically considered the past to be an indicator of what's going to happen in the future. But what's happened over the last 100 years is radically different than what the next five to ten years will bring. "You go from human behind the wheel to no human behind the wheel," said Albright "How do you accurately predict what you should be charging people from a premium perspective on their insurance when the world is totally different than it's been for the last century?"

The key, he said, is to be proactive. It's no longer an option to deny that self-driving cars will be a reality. "The thing that's plaguing a lot of insurers," said Albright, "is disbelief that this is ever going to happen, or it's going to happen too far in the future to do anything about it now. They are weighed down by legacy systems and process and all sorts of other things that do not enable them to act nimbly to massive changes in their environment," said Albright.

Now is the time for a "call to action," he said. "They need to completely reevaluate their business strategy."

So it's time for businesses to answer some core questions, said Albright, like how to sell business, who to sell to, how to underwrite risk, and how to manage claims."Every core component of doing insurance right now will change," he said.
With new technology comes new risks

Of course, automated driving does not mean that accidents will be altogether eliminated. There will still be bad weather, animals darting in front of vehicles, and other unforeseen circumstances that will lead to crashes. Also, there are still problems with the technology behind level 3 driving, in which drivers are handed back control from the system.

Gill Pratt, head of the Toyota Research Institute, which is studying AI, said that this hand-off can sometimes be dangerous. "Our view is that in certain circumstances, hand-off can be valuable, but in others, it can't," he said. "The important thing is to make sure that drivers know what to expect and aren't surprised when a car hands off control back to the driver."

But the big change in insurance is likely to come from a shift in focus, going from covering the car itself to the software of the car. "That may well become the majority of the driving exposure and the component of the insurance," said Albright. "That's a different product from the personal auto insurance that you or I would buy for our car."

Thilo Koslowski, an analyst at Gartner, believes that we will always have a need for insurance. "Technology can fail. But we will move from a driver-centric approach to a product-centric approach. Going forward, manufacturers would insure that the vehicles will function, rather than putting the burden on the driver."

Instead, car insurance companies will need to broaden the scope of what constitutes potential safety threats. Cybersecurity, for example, is one of the biggest areas of concern.

According to Koslowski, "the companies have to master cybersecurity. They have to consider it wholistically—data communication, the cloud, and a cybersecurity approach needs to be on the table."

"I hope the industry is taking it seriously enough," said Koslowski.

The 3 big takeaways for TechRepublic readers

1. The auto insurance industry will change dramatically with autonomous vehicles, and the burden of indemnity could switch from drivers to the software and systems powering the vehicles.

2. The driverless cars of the future will talk to each other (V2V) and the infrastructure around them (V2I) to provide a far safer driving experience than humans currently can.

3. With the rise of autonomous vehicles, there are will be demand for a lot more tech jobs in the auto industry in the years ahead.

Monday, January 25, 2016

Google Play had twice as many app downloads as Apple’s App Store in 2015

There were twice as many downloads from the Google Play store globally as there were from Apple’s App Store, according to 2015 stats from app metrics company App Annie.

Overall, the report says, Google Play saw around 200 million (Android) versus 100 million (iOS) downloads over the course of the year, largely driven by Android’s growth in emerging markets. Brazil, India, Indonesia, Turkey and Mexico accounted for nearly half of Android’s download growth.

While that impressive growth in users might be good news for Google’s ad business – a larger user base means a bigger, more enticing pool of people that advertisers can reach – Apple’s App Store revenue still far outstripped Play, though both made gains across the year.

App Annie says that the App Store’s revenue growth was driven primarily by users in China, the US and Japan, accounting for nearly 90 percent of the increase.

Google is still struggling to shake Apple’s dominance in some markets, however. For example, in the UK, iOS downloads and revenue put the country in fourth place globally for Apple but the UK’s contribution to Google Play doesn’t even make it into the top 10.

Other highlights in the report show an increase in the number of Apple Watch apps – from 3,000 in April to 14,000 by December –  and that global revenue for music streaming services was 2.2 times higher in 2015 than 2014.

Finally, and potentially more concerning for anyone particularly invested in online privacy matters, the report says that all of the top five apps by monthly active users are owned by Google or Facebook – given that 11 percent of the world use Messenger alone, that’s not altogether surprising.

Friday, January 22, 2016

Millions of Linux servers and PCs, 66% of Android devices vulnerable to serious 3 year old bug

A recent report from Perception Point claims that a vulnerability in the Linux kernel could affect millions of devices. Here's what you need to know.

Security firm Perception Point recently discovered a privilege escalation vulnerability in the Linux kernel that has gone unchecked since 2012.

On Tuesday, the Perception Point research team penned a blog post explaining the bug and walking through their proof-of-concept exploit, as well as noting that the bug had been reported to those maintaining the kernel.

The bug, listed by Perception Point as CVE-2016-0728, affects the keyring facility in Linux Kernel version 3.8 and higher. The problem is that it allows drivers to retain and cache encryption and authentication keys, as well as other security data in the kernel. Due to the sensitive nature of what it holds, the keyring facility is supposed to be inaccessible by other user-space applications.

Basically, what this means is that a user or application without proper permissions may still be able to gain access to root.

Being that the Linux kernel is the foundational piece of all Linux-based operating systems, including Android, the implications are huge.

According to the blog post: "As of the date of disclosure, this vulnerability has implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets)."

Hopefully, a security patch will be released soon. If you are a Linux user, make sure you update your kernel as soon as you can to protect against this vulnerability.

For Android users, the bug affects Android version 4.4 (KitKat) and later. Currently, that covers 69.4% of all Android devices, although the number was originally listed by Perception Point as 66%.

The implications for Android users are that, if exploited, the bug could allow another application to take over core OS functions on your device—not good. The problem is further compounded by the fragmentation of the Android ecosystem, and the often difficult process of receiving updates. Google finally rolled out a plan for monthly Android updates back in August 2015, but that still doesn't account for the plethora of obstacles and delays that come from specific vendors.

There is a silver lining to all this, though. According to Perception Point, neither their research team, nor the Kernel security team have seen any known exploit "targeting this vulnerability in the wild." However, the research team did recommend that security teams take a look at any devices in their portfolio that could have been affected and respond immediately.

Thursday, January 21, 2016

The New Strategy in the Auto Industry: Cars Nobody Will Buy

Car companies are running out of stuff to make and struggling to stand out

The fancy-car selfie is a social media staple. And there will be a steady stream of them starting Saturday, when the masses pour into the annual North American International Auto Show in Detroit. But it will be difficult to picture people actually buying many of this year’s crop of fancy cars.

This is de rigueur at a vehicle convention where regular people with regular paychecks intersect with six-figure speed machines. But the disconnect between the cars and the commerce is more pronounced at this year’s show, because the newest vehicles aren’t really the kind of rides people are lusting after these days. They’re also quite expensive.

The Mercedes-Benz AMG S63 races into a crowded field.

The Mercedes-Benz AMG S63 races into a crowded field

Of the 20 or so models unveiled in Detroit this week, four were large, luxury sedans—a class of vehicles whose U.S. sales dropped 15 percent in 2015. Also prominent were premium sports cars, a segment that saw almost one-third of its buyers disappear last year.

The growth in the auto industry of late hasn’t come from low-slung, pricey machines, but rather from pickup trucks, entry-level sports cars such as the Ford Mustang, and SUVs of all shapes and sizes.

So how does a self-respecting car executive explain the carbon-fiber cornucopia delivered to the auto show this week? Well, it’s not that they’re tone-deaf. They know the sales trends better than anyone. It’s just that they’re running out of stuff to make.

While car sales recovered after the recent recession, product planners went for the easy money. They started making and overhauling the vehicles that would move the needle fastest.

Lincoln greenlighted a midsize crossover, the MKC, which parked squarely in the hottest segment of the business. Hyundai made over its Sonata sedan, its second-best seller. Acura designed an all-new sedan for first-time luxury buyers, the TLX. Meanwhile, Volvo spent lavishly to design a Swedish knockout of an SUV, the XC90.

Now all those brands are rolling out swanky sedans. The Lincoln Continental, the Genesis G90, the Acura Precision, and the Volvo S90 are some of the most saccharine eye candy in Detroit.

The new Volvo S90 promises to be as cool and easy as its award-winning XC90 crossover.
The new Volvo S90 promises to be as cool and easy as its award-winning XC90 crossover.

There’s a similar shift going on in the world of sports cars. In recent years, Mercedes dialed its SUV production up to 11; Porsche crafted the Macan, a pint-size SUV that quickly became the brand’s top seller in many markets; and Lexus added a similar model in the all-new NX.

One can find all those vehicles on the stands in Detroit’s Cobo Center. But the prime real estate—the spotlit, spinning podiums—will be filled with sportier options: the all-new Mercedes SLC roadster, a souped-up version of Porsche’s 911, a sinuous Lexus that looks like an angry spaceship, and the Buick Avista, a slinky streak of blue.

Buick’s Avista concept drew rave reviews for its leaf-shaped window openings and lustrous paint job.
Buick’s Avista concept drew rave reviews for its leaf-shaped window openings and lustrous paint job

A lot of these cars won’t sell enough to justify their creation. It takes somewhere around $1 billion to develop a vehicle from pencil to final product, so it’s helpful to amortize that cost over as many units as possible.

But car executives have a bigger problem than unit economics to worry about: With a crush of buyers, they just need to get noticed.

Xavier Mosquet, senior partner in Boston Consulting Group’s auto unit, raised his eyebrows as he walked up to the sporty red Lexus. He was surprised that the vehicle was going to find its way to an assembly line, rather than being just a concept car to excite the crowds. Would it make money?

“That depends on how you divide the costs,” Mosquet explained. “I think this one is for the branding. It’s a halo car.” In short, if the vehicle gets on enough magazine covers and turns enough heads at dealerships, its return will be evident in sales of less flashy Lexuses (Lexi?).

What also helps make the business case (at least a little bit) is China, where drivers—and the driven—still love big, distinguished sedans and stupid-expensive sports cars. Product planners looking to get the OK on a billion-dollar sports-car project, keep one figure at the ready: 9 percent. That’s the average annual growth rate of the passenger-car market in China for the past five years.

Klaus Zellmer, Porsche’s chief executive officer for North America, said he expects the Chinese economy to continue growing at more than 5 percent a year, despite recent signals that the wheels might be coming off.

Nissan CEO Carlos Ghosn was also sanguine about China as he pitched a new sedan from Infiniti, his company’s luxury brand. “When you look at the fundamentals, there is nothing wrong with the development of the Chinese economy,” he said in an interview.
If Ghosn is wrong about that, the car show crowds should be quick with their cameras, because the industry’s stateliest, sportiest stuff, will just idle in dealerships … and then disappear fast.

Tuesday, January 19, 2016

10 things the tech world should leave behind

As technology evolves, some things need to fall by the wayside. Scott Matteson thinks these 10 things are holding back progress

Like many of you, I saw Star Wars this past month and thought, "Man, it's good to be back among the lightsabers, Tie fighters, droids, and of course, the Millennium Falcon!" It didn't feel anachronistic to return to the Star Wars universe, even though it had the same elements as when I was six years old.

Some old-school technology (both on and off the big screen) will always remain fun and interesting. But other technological elements have worn out their welcome and need a swift kick to the curb. This article looks at 10 examples.

Now, this list is subjective and I can't promise all these things are headed for the dustbin of history. But I hope so. As a system administrator and technology writer, the problem wasn't finding 10 examples. The problem was narrowing the list to only 10.

1: Website frustrations

For a society that is becoming more and more reliant on web browsers, we sure do have our share of hair-yanking experiences dealing with them.

Constant updates. Plug-in woes. Websites that require you to log in to proceed to view an article but then take you to the home page when you comply. Browsers that don't save credentials no matter how many times you tell them to. Cumbersome site registration with illegible captchas and the requirement to wait for an email to complete setting up your account. (This is getting a better with the opportunity to log in with social media accounts, I'll admit.) The necessity to log your account ID and password somewhere or else use the same one you use everywhere—which is a BIG no-no. The list goes on.

Oh, and while I'm on the topic of aggravating websites, why is Yahoo still around?

2: Rude online behavior

Yes, I know I said I would leave out SOME of the things that are here to stay, but online etiquette needs to get better before we all devolve into a pack of snarling hounds.

In the first place, anonymous comments need to go. I understand they may have some merit when posting information from behind the curtains of oppressive governments, but using a handle like "YerMomDoesMyDishes" to sneer about someone else's hard work is strictly 1990s. Many sites are requiring valid human accounts or eliminating comments altogether thanks to the silliness in the feedback section.

Second, deliberately malicious endeavors intended to thumb your nose at strangers have had their day. Some people were posting spoilers about the latest Star Wars film on Facebook for no purpose other than hoping to ruin it for people. I myself glimpsed three key facts about the film thanks to individuals who thought it would be funny to leak surprises. No reason for that other than sheer immaturity.

And then we have the hoaxes. Always with the hoaxes. Back in the 1990s people were breathlessly forwarding emails insisting Bill Gates would pay you $50 if you did the same—and just a few weeks ago they were posting absurdities on Facebook about how Mark Zuckerberg would give away stock for copying and pasting a chain letter. While well-intentioned, this stuff is always prefaced with something like "Hey, it couldn't hurt to try!" It DOES hurt when people don't research facts and just repost wishful thinking; it wastes time, energy, and computing resources. is a wonderful resource for debunking myths, rumors, and urban legends, and there are many other resources out there just a Google search away.

3: Large companies getting hacked

I'm not going to name names, but if you have billions in assets you have no excuse getting hacked. Hacks aren't some inevitable force of nature; they are preventable with the right controls, analysis, and measures in place. I'd like 2016 to herald the end of large corporate behemoths being taken down like Goliath by silly measures such as insufficient security regulations, unsecured terminals or devices, or exploited vulnerabilities found in outdated software.

Now, 2015 did involve a bit of schadenfreude when it came to some big targets getting poleaxed. I can't say that I feel too bad for Ashley Madison users, who perhaps learned a valuable lesson in their quest to engage in or promote adultery; hackers obtained the customer list and threatened to expose users. But the lesson should be twofold for companies and users alike: We're not at a point of foolproof security yet. Maybe we will be in 2016—though security is more a journey than a destination—but details remain murky.

4: Java headaches

There are two kinds of Java: one that increases your stress levels, gives you the jitters, and makes you hopelessly dependent. The other is the hot caffeinated drink we all know and love.

I'm singling out Java since it represents by far one of the most backward technological problems out there. So many websites and programs rely on Java... but it has to be the right version. There are plenty of "Allow access" hoops to jump through if your browser even thinks you're doing something remotely unsafe, and you usually have to jump through these hoops repeatedly. I once administered some Citrix Netscalar appliances that demanded a specific Java level or else they wouldn't run properly (and which would threaten you that future updates would block said access).

Yes, Java has an auto-update process like many other apps, which is supposed to help alleviate these issues. But this is often kludgey or unreliable and can wreak havoc on programs it previously played nicely with. Older versions aren't removed when Java is updated, and these invariably end up with gaping security holes.

In short, we are told that billions of devices run Java, as meanwhile there is much drama and hand-wringing about the security problems it presents and the difficulties in getting it to work right.

5: Vendor manipulation

It's long been a mantra of mine that the customer drives the vendor, not the other way around. So why are vendors attempting to herd consumers when it should be the consumers setting the pace?

I'm going to use Microsoft's push to get people to Windows 10 as an example. It is aggressively promoting its newest OS, even by putting an upgrade icon in people's system trays that can't easily be shut off or remove—or actually downloading Windows 10 onto computers without being given the go-ahead.

I tried Windows 10 and had a "meh" reaction, especially after my VPN client stopped working, and went back to Windows 7. Now, I'm not a wet blanket; it's my job as a technologist to stay on top of current trends and never fear change. But it's also my job to find the tools that work the best for me and define my own methods of productivity. There is nothing lacking in Windows 7 that has me pining for any solutions offered by Windows 10. And yet we are told that Windows 7 is frightfully insecure and we should stop using it. It reminds me of TV commercials from the 1970s whereby "new and improved" products were showcased alongside the original products and we were told how poor the original product was by comparison. My reaction, even as a child, was to think: "Then why did you tell us that product was so great a year ago?"

It was different in the past, when it came to operating system upgrades. Going to Windows NT to 2000 was a must for better stability and resource utilization. Now, the OS is more a matter of choice.

Oh, and one final word on vendor manipulation: Please stop bundling apps like McAfee with other apps so that unwitting users won't install unnecessary software!

6: Removal of choice

This goes hand-in-hand with #5 but deserves to be a separate category. Having choice in a product means the ability to expand or customize it to better suit your needs. Recent smartphones from Samsung have shipped without micro USB slots or replaceable batteries (neither of which Apple ever offered). As someone who uses lots of micro USB cards and goes camping for days at a time, this rendered the Samsung Galaxy 6 a no-go for me.

Removing choice takes away a lot of the fun for the user. I realize Apple's goal is a complete soup-to-nuts ecosystem that reduces as many variables as possible to implement a more predictable and stable environment. However, this can lead to dread, with iTunes synchronization woes and frustration that only the "prescribed" way to get music onto the device is permitted.

Steven Levy's brilliant book "Hackers: Heroes of the Computer Revolution" touts the heady days of exploration and experimentation in the 1950s MIT technology realm. Read this book and you too will get a feel for the sheer excitement of learning how stuff works by being allowed to tinker. Removal of choice means limiting the user. Some users don't mind. Some even WANT a minimal set of options. But for others this is a buzzkill.

7: Lost data

I was approached several times this year by friends who had lost data when their hard drives or operating systems fizzled out and wanted to know if I could recover the information. To which I responded, "Why weren't you using Dropbox?" Any cloud storage solution, such as Google Drive or Box, could also suffice of course. It's inconceivable to me that something as easy as this hasn't become universal.

Operating systems, hard drives, and the devices themselves should be seen as finite and disposable, like vehicles on the highway. It's the passengers that they carry—namely, the data—that are valuable and irreplaceable. Let's hope 2016 sees the last of questions like "Hey, do you know how to recover files off a dead hard drive?"

8: Password hoops

Passwords need to die. In this age of fingerprint, facial, and voice recognition (The 2015 film Mission Impossible: Rogue Nation even featured a gait-analyzer to see how people walk and compare against a known metric to ensure their identities!), all the rigmarole associated with creating and changing passwords—never mind the endlessly onerous requirements—should be extinct.

And don't even get me started on the logistics of storing passwords in a central database that must be protected by, you guessed it, yet another password, then made available on any devices on which you might need to use these passwords.

9: Outdated or incompatible technology

Just this morning my wife texted me and said our printer wasn't working. Again. Despite my replacing the toner cartridge the other day. This is hands-down the biggest headache in technology; babysitting cranky printers that are perpetually out of ink. More so even than fax machines or poorly powered batteries, printers should be a thing of the past, what with digital newspaper subscriptions, PDF files, ebooks, and the ubiquity of portable media devices.

However, in my view there are many other candidates for the museum: digital/video cameras, MP3 players, CDs, DVDs, radios, cassette players, calculators, alarm clocks, and vinyl/turntables. Your mobile device can perform many of these functions and more. I even read a news article recently that typewriters were "coming back" and a nearby shop was devoted to refurbishing and selling them.

Now, I realize stated in #6 that removal of choice was bad. I myself feel it's a waste of time to haul around audio cassettes and DVDs or—heaven forbid—to type documents on an IBM Selectric like we used to do in college in 1990. In my view what's different here is that this technology represents an anachronism—a step backward in terms of convenience and clutter, that increases waste—rather than a step forward with new capabilities.

10: Manual intervention

All too often achieving our computing goals requires manual steps. I sync my smartphone pictures to my Dropbox account, but I still have to remember to go in periodically and delete the images from my Samsung lest it fill the drive. (I do the same for my wife's iPhone, which backs up to iCloud but doesn't need to keep those pictures permanently when they can be stored elsewhere.)

Similarly, at the end of every year I offload my project work into an Archive folder, which I then make sure gets backed up to an external hard drive so I can start the New Year fresh.

Getting my ebooks and music synchronized across my devices can be a headache. I prefer to use local storage, as I often go off the grid on camping trips. Copying data to my Android via a USB cable is horribly slow; much slower than it was even on the Blackberry I used to use. It times out often and I have to unplug the cable, then plug it back in. I tried a wireless sync program but it ran into too many issues to serve me reliably.

We need better automation of repetitive processes for the background stuff we shouldn't have to manage. True, there are scheduled tasks, automatic synchronization, and reminder apps for some of this. But overall there is still too much hands-on work to keep our personal technology running smoothly. Even the stuff we can automate often requires manual checks to ensure that it worked properly. Do you really want anything to automatically delete old data without being sure it was properly offloaded or backed up? I realize this question makes the solution even harder but it's a valid point.

Thursday, January 14, 2016

VW CEO Flubs Interview With Apology Tour Off to Rocky Start (BusinessWeek)

  • VW CEO: U.S. Is a Core Market
  • Mueller says German carmaker `didn't lie' to U.S. regulators
  • VW's Mueller faces meetings Wednesday with EPA and lawmakers

Volkswagen AG Chief Executive Officer Matthias Mueller is struggling to find the right tone on his first official U.S. visit, where he’s under pressure to placate lawmakers and regulators to emerge from the emissions-cheating scandal.

In an interview with National Public Radio at the North American International Auto Show in Detroit, Mueller said the German carmaker “didn’t lie” to regulators when first asked about irregularities between test and real-life emissions in its diesel cars.

The issue, related to rigging engines to cheat on emissions tests, was instead caused by “a technical problem” and stemmed from a misinterpretation of U.S. law, the CEO said, appearing to downplay the company’s role in actively deceiving regulators. He then questioned the reporter’s assertion that Americans believe there are ethical issues within the company: “I cannot understand why you say that.”

The German carmaker asked for a second chance after the public radio network aired the comments, which were made at a VW event Sunday evening, on its “Morning Edition” program, a staple of the commute for many U.S. professionals. Mueller apologized in the follow-up interview on Monday, citing noisy surroundings in the first conversation. 

“We fully accept the violation,” he said. “There is no doubt about it,” and the company is doing its “utmost” to resolve the issue.

Opera Ball

The to-and-fro is indicative of Volkswagen’s response to the scandal, which is being steered largely by company veterans while customers have had to wait as the carmaker figures out what to do with the affected vehicles. The public-relations gaffe was the latest in a series by Mueller, who has come under criticism for waiting nearly four months to meet U.S. regulators while at times giving the impression that the crisis wasn’t his top priority.

The 62-year-old Volkswagen veteran, who previously ran the Porsche sports car brand, was photographed with a bottle of champagne at the Leipzig Opera Ball shortly after he took over as CEO in the wake of the scandal. He then turned up a few weeks later smiling on the sidelines of a car race in Bahrain. He also cut short his appearance on Volkswagen’s third-quarter earnings call to join German Chancellor Angela Merkel on a trade trip to China.

Connecticut Attorney General George Jepsen, who is helping to lead a multistate investigation into the automaker, called Mueller’s comments "disturbing" and criticized Volkswagen for not cooperating with the probe.

"In an apparent moment of candor in Detroit, we now learn that the company’s newly appointed and most senior leader doesn’t believe Volkswagen lied, which is undisputable, and cannot say when it plans to deliver its solution to a problem that is affecting millions of Americans, which is unacceptable," Jepsen said in a statement.

Causing Stir

It’s not the first time Mueller has caused a stir with media comments. Last year he suggested to a group of journalists in Stuttgart, Germany, that he was too old to succeed then-CEO Martin Winterkorn. He later said he’d been misunderstood. Then during Porsche’s annual earnings press conference he let slip plans for an all-electric vehicle. Though he evaded follow-up questions, the unit showed the car months later at the Frankfurt motor show.

Volkswagen defended Mueller, saying this week’s comments were a misunderstanding stemming from the chaotic environment at the Detroit event.

“This was a very extreme situation in which this interview took place,” spokesman Claus-Peter Tiemann said by phone. “Mueller was standing in a crowd of journalists with questions being shouted at him in different languages. One question obviously was misinterpreted, taken out of context maybe, so the interview was redone.”

With meetings looming Wednesday in Washington D.C. with lawmakers and Environmental Protection Agency head Gina McCarthy, Mueller must now convince authorities that he’s taking them seriously and their concerns are being addressed, said Stefan Bratzel, director of the Center of Automotive Management at the University of Applied Sciences in Bergisch Gladbach, Germany.

“Not all has gone smoothly since he took the scepter, especially with the U.S. authorities,” Bratzel said. “It’s important to admit that there actually were untruthful answers, that there was deception.” 

‘Night and Day’

Volkswagen obfuscated for nearly a year before admitting to regulators that it had installed software to bypass pollution tests in its diesel cars, the EPA said in September. Its relations with the agency have been strained since then, and there’s still no confirmed solution for how to fix about 480,000 cars with 2-liter diesel engines in the U.S.

Mueller has cultivated a relaxed image in Germany, a stark departure from the stern presence of his predecessor. In October, he encouraged Volkswagen employees to be more open and cooperative, with the goal of making the company “more fun to work for.”

The company might be able to fix about 430,000 of the vehicles by adding a newly-developed component to neutralize the smog-inducing nitrogen oxides in the emissions, Mueller said on Sunday. Still, the actual number could vary and depends on the EPA’s approval, he said.

“We have worked night and day to find solutions. Not only technical solutions,” Mueller said in the followup interview with NPR. “It’s a lot of work for the lawyers and also for the press department.”

Tuesday, January 12, 2016

Juniper Networks to rip out NSA-developed code amid new backdoor security concerns

Juniper Networks recently announced it will be dropping the NSA-developed Dual EC from its ScreenOS platform. Here's what you need to know.

One of the biggest fears of any company is that a hacker or outside organization is utilizing a backdoor to spy on them. For customers of Juniper Networks, as it turns out, the NSA could have been eavesdropping for quite some time.

On Friday, January 8, Juniper Networks' Derrick Scholl penned a blog post detailing steps the company had taken to mitigate some recent security issues. In the post, the company also noted that it would be replacing ANSI X9.31 and Dual EC DRBG in its in ScreenOS 6.3. The issue with this is that Dual EC DRBG is believed to have developed, in part, by the NSA.

For those unfamiliar, Dual EC DRBG stands for Dual Elliptic Curve Deterministic Random Bit Generator. According to the internal documents leaked by Edward Snowden, the Dual EC DRBG standard was published by the National Institute of Standards and Technology (NIST), with contributions from the NSA and contains a backdoor for the NSA as well.

According to a Juniper Networks press release, the changes were made to "enhance the robustness of the ScreenOS random number generation subsystem."

Random number generation is essential to security, and the company said it would be replacing Dual EC and ANSI X9.31 with the same number generation technology it is using in its other products sometime in the first half of this year. However, the question becomes why the company was using it to begin with.

Security consultant John Pironti said that the integrity of Dual Elliptic Curve has been questioned since 2007 by cryptographers, especially given its potential connection to the NSA.

"It is unfortunate that it has taken Juniper so long to remove this code," Pironti said. "One reason may be the significant amount of business that Juniper does with the US Government and its interest in preserving this business."

Whatever their reasons for using the code, companies such as Juniper's involvement with organizations like the NSA creates problems beyond just privacy concerns.

"Government involvement, especially from intelligence agencies creating backdoors into security products, can inflict distrust across the entire industry," said Ondrej Krehel, founder of security firm LIFARS.

The Dual EC news comes a mere day after University of California, San Diego researchers presented on a 2008 backdoor vulnerability in a Juniper product that gave access to VPN sessions, and a month or so after Rapid7 noted a default backdoor password in ScreenOS.

Disclosures like the one presented by Juniper can obviously be a serious concern to enterprise IT professionals. Anyone who discovers these backdoors can exploit them to attack an organization. And, if a vulnerability is detected in a vendor product and an organization avoids corrective action for too long, then they could be on the hook for any damage incurred.

For example, according to Shodan founder John Matherly, more than 200,000 devices were still vulnerable to OpenSSL's HeartBleed toward the end of 2015, more than a year after it was initially detected. At that point, the blame will often fall on the enterprise itself rather than the vendor.

To protect themselves, and better make informed decisions, Pironti suggests that enterprises should take a greater interest in the code and algorithms powering their favorite products.

"It is suggested that they require vendors to provide an inventory of all of the code libraries and algorithms used in the development of their products as part of the product/code procurement and acceptance process," Pironti said.

Additionally, he said, they should hold vendors and third parties accountable for the steps they take following a breach or attack.

TechRepublic columnist Michael Kassner said that another way organizations can protect themselves from potential threats and vulnerabilities is by setting up a verifiable chain of custody for critical networking gear.

"Experts state more often than not, security hardware and software companies subcontract parts of the software package or device assembly to third-party vendors," Kassner said. "Anywhere in that chain, malicious hardware and or software can be inserted into the component, assembly, or device."