Registry Hack to Keep Updating Windows XP

The End of Windows XP

Microsoft announced back in April 2013 that, as of April the 8th this year, their Windows XP operating system will no longer be supported. What this basically means is that fixes, patches and updates will no longer be made available for what has been, arguably, Microsoft’s most successful operating system.

Microsoft’s solution to the problem of end users continuing to run this (now) obsolete piece of software is to either upgrade their operating system to a more recent version or buy a new computer. The cynics out there would point out that this is the expected response; “we’re no longer supporting a product that you’ve been happily using for up to 12 years now so pay us more for the inconvenience”. In an age of technology-based mistrust over the likes of Google, mobile Apps and various government departments, Microsoft paved the way for cynicism in technology vendors in the way that they pushed everyone to upgrade to their latest systems, allegedly for profit alone (something brazenly parodied in the Bond movie “Tomorrow Never Dies”).

The alternative solution is to do what the British government have done. They’ve merged the two solutions of keeping Windows XP in operation while still paying Microsoft (reported to be £5.5m for the first 12 months) for updates to the operating system.

 

The Other Way – Hack XP

For those unable, unwilling or who simply can’t afford to upgrade an XP PC to Windows 7, 8 or 8.1 (and wonder what the latest developments are with the on / off nature of Microsoft’s relationship with the Windows Start Menu), there is a registry hack going around the internet at the moment. This involves creating a text file on your desktop, pasting in the text below, renaming the file’s extension to ‘.reg’ and then double-clicking it.

The contents of the file are:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
“Installed”=dword:00000001

This is for the 32-bit version of Windows XP, by the way (check your version by right-clicking ‘My Computer’ on your desktop). There is an alternative for 64-bit versions but it’s a little more complicated and involves downloading the update files individually first.

Just for the purpose of covering myself, I do not in any way advocate either of these solutions to enable updates on Windows XP. I’ve not used either myself and there are dangers in carrying this sort of thing out (see below).

What this solution does is to convince Microsoft that your PC is running the Point Of Sale (POS) edition which, I’d imagine for security purposes, continues to be supported.

 

Job Done?

Well, no. While there will be systems that are stuck on XP, at least for the moment, such as cash machines / ATMs and legacy software packages that will only run on this operating system, this solution isn’t without its dangers. Messing around with a computer’s registry is inherently dangerous in any case because if you don’t know what you’re doing and / if it goes wrong you essentially “brick” your PC (I don’t think I’ve mapped a mobile phone term back to a PC before). Beyond that, you need to ask the question “what’s higher risk – running a PC with no security updates or running one with security updates that is hasn’t been tested for?“. There is no way of knowing the answer to that question until it’s too late.

Finally, Microsoft are already aware of this hack so it may well only be a short-term solution anyway.

Facebook to Share your Television and Radio Viewing / Watching

The Power of the Hashtag

Facebook to Share your Television and Radio Viewing / WatchingSomething that Twitter does well is the #hashtag, and amongst other things it enables Twitter to become the social network when it comes to realtime events. Hashtags, for those who don’t know, are a way of grouping messages together by pre-pending them them with a hash (#) symbol. In a world of a huge amount of short messages, hashtags are a very useful way to navigate your way through all of that data. Despite other social networks such as Facebook and Google+ following suit with hashtags, it’s Twitter that’s known for them and when hashtags are used in a setting outside of a social network it’s assumed that everyone’s referring to Twitter. I was given a stat this week that tweets on Twitter only have a lifetime of six minutes and perhaps this is why the platform is so well suited to realtime events.

Increasingly users of social networks have been using Twitter’s hashtags to “enhance” (as I imagine TV marketing executives term it) television viewing. At just about any point in time, a list of trending topics on Twitter includes what’s popular at that moment on TV.

bbc-hashtag

Back in 2010, BBC’s ‘Have I Got News For You’ started showing a hashtag before the show began

 

The Hashtag Arms Race

Facebook now wants in on this lead that Twitter have and, in an attempt to take the title for themselves, have announced that they’re stepping up their efforts by allowing mobile apps to recognise the TV or radio show you’re tuned into. The idea being that it will help Facebook users to post statuses by already recognising what they’re engaged with and adding that information to the post before the Facebook poster needs to.

 

Facebook Listening In on Me?

The security implications, assuming that Facebook are telling the truth and don’t alter their approach in the future, are minimised as this functionality will be fully controlled by the end user. They will turn it on and off, and by default the social network won’t be listening in 0n everything you do. Interestingly, Facebook have obviously felt the need to emphasise this point.

 

How Are They Going to Do This?

The Facebook apps for mobile devices (phones and tablets) will use the built-in microphones on these devices to listen in and recognise what the user’s listening to. This is the bit that fascinates me as it must be quite a feat in order to achieve this. Turning on the microphone is the easy bit; the difficulty probably comes in after that;

  1. Taking a soundbite of a certain length of time using the microphone as an input
  2. Uploading it to Facebook’s servers
  3. Clearing out the background noise of other things happening in the room (people chatting, children playing, etc.)
  4. Clearing out the inevitable “white noise” between device and TV / radio
  5. Matching it up with a TV show

This last point, especially, must take a huge amount of data processing. The number of users on Facebook, at the time of their 10th anniversary in February this year, was somewhere around the 1.23 billion (that’s currently active users). Stretched out all over the world means that a lot of TV and radio channels to check against; Sky TV’s basic package in the UK has just short of 300 of them.

Perhaps Facebook can utilise geo-location data to narrow down their search. On the flip side to that saving, though, they’ll also need to take into account the delay from transmission to receiving on a TV, to a Facebook user recording a clip on a Facebook app to Facebook analysing that clip on their systems.

The logistics on this are huge!

A Beginners’ Guide to Responsive Websites

What Are Responsive Websites?

A Beginners' Guide to Responsive WebsitesResponsive websites are, put very simply, those sites that scale to different screen sizes. A responsive website should appear, in some form or another, on a mobile screen, a tablet, a desktop screen and all dimensions in between without the need for the user to scroll / pan around the site to use it as they would if they were using a desktop version of a site on a mobile. This is termed an “optimal viewing experience” and means that the end user needs to do less work to access parts of the site or web application because it’s already served up and ready for them to use. As an example, take a look at the following two favourite sites of mine, either on different devices or in a desktop internet browser that you’ve resized once you’ve loaded the site;

You could also take a look at this site too, as another example!

At no point do these sites, despite you having a small screen or a smaller, resized browser window, show you horizontal scrollbars (within reason). Compare that to the resizing of a browser window with the BBC (desktop) news site loaded up; on a smaller screen you have to scroll both horizontally and vertically to view the entire page. This is what responsiveness designs remove; on a responsive site you only need to scroll vertically and the user can easily find what they’re looking for on the one scroll-axis as they would on the desktop site.

 

When is a mobile-ready site not responsive?

The BBC News website is a good example to use actually, as they have an entirely different solution for providing mobile-ready content. They take a note of the user’s device (mobile, tablet, desktop, etc.) when they arrive on the desktop site and then direct the user to a different version / site completely. The BBC News website directs mobile users visiting http://www.bbc.co.uk/news/ to the different URL / website address of http://m.bbc.co.uk/news/, and this latter one caters for these devices by utilising a design that doesn’t use scroll bars;

Each solution, either this way or by implementing a responsive design, in order to achieve a mobile-ready website has its compromises of course, but as is usually the way there is always more than way to solve the problem.

 

Why have a website that’s mobile ready?

This all comes down to usability. If you’re catering to the end user’s needs then they’re more likely to feel engaged with your internet offering and therefore use it. If your desktop website is difficult to use and navigate then the end user will lose patience and go elsewhere; the same applies to a mobile site. If your website’s easy to use for a mobile user then they will be more likely to engage with it and use it. With the advent of mobile internet access and the rise in tablet ownership and mobile internet use, you could be alienating a fair proportion of your potential audience by not offering this. Some of the sites that I maintain now see desktop users in the minority so why assume that your users will always be on a desktop? If your competition’s solution caters for the end user, no matter which sort of device they’re using, as opposed to your own site which makes them scroll / pan around, zoom in and out, etc. and generally make them work harder to achieve what they need to on a mobile or tablet device, then you are more likely to lose that traffic – and therefore leads, sales or however you measure the success of your site – to your competitors.

 

What about sites that aren’t mobile-ready?

A website that isn’t mobile-ready is one that serves up the exact same content regardless of the users’ screen dimensions, so the desktop and mobile sites look the same and means that the user has to move around the entire site to use it (zooming in and out, and scrolling around). Responsive website design is a relatively new practice while technologies such as mobile phones accessing the internet and the use of tablets to surf have also not been around all that long, so many websites simply won’t be up to speed with the idea of serving up mobile-ready solutions.

Having a site that doesn’t cater specifically for non-desktop devices may not be a bad thing, of course, depending upon what the website owner’s trying to achieve and there will be cases where mobile users aren’t expected to use a website or web application, or where there simply isn’t an easy way to offer a mobile solution.

 

Other Usability Changes

It isn’t simply a case of presenting a website to users that doesn’t scroll; there are other aspects to mobile-ready websites that need to be considered. Mobile and tablet screens utilise touch-screen technology so their users don’t have the ability to hover a cursor over a link, like desktop users do with their mouse, so drop-down menus that are triggered by hovering are a definite no. This, on the vast majority of websites, will therefore lead to considerable changes to be made on a website’s navigation.

Other considerations are scalable images that need to be employed so that pictures used on your site don’t break out of the constraints of the horizontal boundary, defeating the point of a responsive design. Images also come into play on page load time; users on mobile devices are likely to be on a mobile operator’s roaming network as opposed to a direct broadband connection so any time saved in downloading the page including optimising images, caching, etc. (which arguably should be done in any case on your site) as well as making only the calls for resources that are required will all improve the user’s experience and could save them time and money. If your user is on a mobile phone, you can take advantage of the environment by allowing the facility to click-and-call.

 

The way forward

From a user perspective if I’m on a mobile device and the site I’m browsing doesn’t cater for this, I won’t spend too long on there unless I really can’t avoid it. I don’t want to spend my time trying to use drop-down menus by clicking on links within the microseconds that I can see them, or moving around and zooming in and out of a large website. In this case I will either return to the site using a desktop browser later (which always risks me forgetting to do so) or try someone else’s. I’m not going to be the only one either and as more and more different devices access the internet and some websites cater for this, the ones that don’t will always be left behind.

Heartbleed – What You Need to be Doing Now

Background to Heartbleed

Heartbleed – What You Need to be Doing NowThe heartbleed bug is a vulnerability found in OpenSSL, an open source library of code that provides cryptographic services to some websites that use SSL. SSL (Secure Sockets Layer) is the underlying technology on websites that use secure certificates and show you a padlock icon in your internet browser’s address bar if it’s being used. It’s the way in which you can be sure that the data travelling from your device to the website, should it be intercepted, is secure from being read by anyone else and is the reason why organisations such as banks, shopping sites and other companies using your sensitive data employ them.

 

What was the Heartbleed bug?

What the heartbleed bug did was to allow that information to be read in an unencrypted form due to a programming error in the library. This is obviously bad news on a number of fronts including such bugs being out in the wild for long periods of time but, as far as most website users are concerned, it was the equivalent of putting your financial details into a website without the protection of a secure certificate / padlock (which I’d very much hope you wouldn’t do!) or having your PIN number written on the side of your credit card.

Heartbleed is unlike anything else that’s happened before on the internet. Websites and other software have bugs in them all of the time, but this is the first known occurrence of an issue that covers the underlying security of so many websites, web applications and web services across the internet. What’s more, it went undetected for so long meaning that large parts of the internet have effectively been going under the misapprehension that they’re secure for over two years.

It’s very important to point out at this stage that not every secure website was affected by this issue. While SSL technology is an industry standard, there is more than one way of implementing it and the OpenSSL library wasn’t / isn’t used by everyone who secures the data to and from their site. Organisations such as banks and building societies, for example, use a much stronger method to ensure encryption.

What’s been fascinating to me is the general response to this bug, away from the industry. The fallout from Heartbleed was only ever going to go one of two ways; a major outcry and a huge drop in confidence when using the internet for sensitive data transactions or complete apathy. Sadly it appears to be the latter with a report earlier this week suggesting that only 39% of internet users have reacted in any way at all in order to protect themselves and their data.

 

 

So am I now safe from Heartbleed?

A fix for the Heartbleed bug was released in a version of the OpenSSL on April the 7th, 2014. That doesn’t mean that every website using OpenSSL was immediately alright again, of course, but on the whole it’s thought that companies have responded well to the threat and patched the problem on their systems. Aside from those organisations yet to respond to the threat this only means that, from this point in time onwards and as far as anyone can be certain of it, the issue is now resolved and you can feel confident that your data is secure. Every transaction that you make with your credit card, whether it be online, in a shop, on a train, etc. carries with it an element of risk that your details will be intercepted one way or another; the only way you can be truly safe is to not use these systems at all but that’s not a practical solution.

So as of now, just short of a month on from the release of the fix, you should be alright on most websites but take a look at the lists on some of the links below for more information on individual cases. Most organisations have also released information on their own sites about this bug.

What about the past though, up until the fix was released….?

 

What should I be doing now?

You have effectively been using apparently secure services on the internet without any protection for over two years prior to this fix being put in place on a per-site / per-service basis (and just to reiterate, it isn’t every single website). Therefore your login credentials and other data could have been picked up and read by people that you don’t want to – or expect to – see them.

That your login credentials are most likely secure now is good news, but if they’re the same as they were when this problem was still ongoing you’re no more secure now than you were back then if someone already knows your login details. Therefore what you need to be doing now is reacting to this Heartbleed bug;

  • identify which websites, that you use, have been identified as vulnerable to this bug (see links below)
  • find out whether they’ve fixed the issue already
  • if they have, change your login credentials as a matter of urgency (and if not then keep checking)

 

Could Heartbleed happen again?

A bug such as Heartbleed could very easily happen again. As Heartbleed happened once and was out in the wild for over two years, there’s absolutely no reason to suggest that it – or something similar to it – couldn’t happen again. The definition of a bug, after all, is simply a known issue and it could well be that other issues yet to be identified are already out there. Hopefully this issue has been a real eye-opener for the industry and similar problems can be avoided in the future but in either case we, as individuals, should always take our online security seriously.

As a broad set of rules you should carry the following out as a matter of course when online;

  • Use complex passwords
  • Don’t re-use passwords for different sites / services
  • Don’t use a recognisable pattern for passwords
  • Don’t use passwords that could easily be guessed (dog’s name, etc.)
  • Change your passwords periodically
  • Store your passwords securely (if your own brain alone doesn’t suffice!)
  • Don’t assume that your existing security practices make you impervious to attack
  • Realise that if someone gets access to your e-mail account, they can reset your passwords for other services and then gain access by verifying the receipt of an e-mail to your account

 

More information on Heartbleed

Wikipedia has a list of services and sites that were affected by Heartbleed.

 

Other sources

One User, One Tech Brand?

It’s all caused, of course, by the Marketers of the technology industry and, all credit to them, they’ve done a particularly brilliant job at it. The issue is that tech brands are now so “cool” as to create their own cult following, leading to a possible reliance on a single vendor.

Not so long ago, back in the 1990s, mainstream tech-company leaders were seen as nerds; I’m talking about the likes of Bill Gates at Microsoft. The image of the stereotypical computer nerd who lacks social skills but is very good with technology is still an image that resonates today and you can see that in the way that this image is the basis of fictional characters such as in Moss in The IT Crowd and Vector in Despicable Me. At the time at which this image was well and truly formed in people’s minds, desktop computers were mainstream in the home and workplace but the world of computing still seemed to most to be the domain of the nerd.

At this point in time Apple had become the provider of niche products to the industry. Designers, architects and anyone else who needed mass amounts of memory (and could afford it) loved their Macs but the majority were working on Windows PCs that gave more affordable ways to check their e-mails in a marketplace that gave a greater variety of hardware manufacturers.

Then in the early 2000s Apple broke away from high-end computers and launched the iPod. The product was so good, and was marketed so well, that it really brought Apple back into the mainstream. On the back of that the iPad and iPhone products were launched and Apple hasn’t looked back since.

As a lesson in how to manage and advertise a brand this is a lesson to anyone in how to do it properly. However, the downside (to me at least!) is that it’s also created the “Apple Aficionado”. These are people who…

I’m not using this post to knock Apple lovers though the logic in paying a premium, because Apple do charge more than their competitors for similar products, for a device that you can’t make your own (in terms of customising it, etc.) is lost on me. Having said that I don’t answer ‘yes’ to any of the points in the above list. The bottom line is that people are happy to do that.

The advent of the Apple cult, in the numbers involved, has meant that there is an inevitable swing the other way as people purposely try to not follow the crowd. Though not in the same mass movement, you now have people who will increasingly answer ‘yes’ to the above products for technology giants such as Microsoft, Amazon, Facebook and Google. Really it’s incredible and it’s been caused solely by the brilliant marketers at Apple.

Apple, though not alone, is known for nailing down the user experience of their devices, to the point where there is only one experience of it. There is little customisation and the ability to do anything beyond the strict boundaries of what they permit you to do simply doesn’t exist. iTunes on an Android device, anyone? Google apps on Amazon’s Kindle Fire? This is all designed to keep you on a specific vendor and, once again, is a part of the marketing of the product in order to get you to buy that vendor once more when you next go out to add to your stockpile of devices.

What happens, though, if the technology giants get their way with this and start to monopolise individuals, the result of end users having to keep to one brand to have all of their data and like-for-like functionality available on all of their devices? Would this inevitably lead to Apple-households v. Microsoft-households v. Google households, etc.? This situation is exasperated by technology giants no longer keeping to one area (or few areas) of the industry; data giants Google and Facebook are involved in the phone markets, as is Microsoft who are traditionally a software vendor. Amazon, initially an online book store, now have e-readers, tablets and are rumoured to have a phone out soon as well.

 

My View

Personally I find all of this quite worrying for the future. While market forces, and increased competition between brands, are no doubt a good thing I don’t think it does anything for technology in general to push users solely into one brand.

I like to think that I’m a brand atheist. This term, coined as a result of Apple Aficionados seeing Apple and Steve Jobs as deities, means that no matter which brand of technology I’m using it doesn’t restrict what I can do with it.

I have, at present, an Apple iPod, a Microsoft Windows phone, an Amazon Kindle Fire tablet and a Microsoft Windows laptop. I also use a Microsoft Windows PC at work. What I like about this setup is that, aside from the iPod which is an older model, I can generally get the data I need on all of these devices. My Google calendar and contacts are available, one way or another – though some methods are a little hacky, on all three. My synchronised internet bookmarks and password manager is available on each device. Apps such as Pocket and Evernote mean that content I access on my phone, for example, is available on my Kindle when I get home.

The lack of separation between platform and data has the potential to pigeonhole us all into one-brand end users.