Geeks and Guinea Pigs
Anybody who’s talked to me in recent months might be surprised to hear that I recently splashed out for a copy Windows 8, as I’ve not been a great fan of it – particularly the new Metro interface[1]. The £25 upgrade from the release preview I was running seemed like a bargain though, particularly as the Microserver I’m using it on didn’t come with any OS.
TL,DR version
Microsoft were supposed to be getting off their feature release followed by fixing it approach with Windows 8, but the Metro desktop throws a spanner into the works. If they keep Metro then I can’t see Windows 8 being deployed by many enterprises – it will be yet another ‘geeks and guinea pigs’ release – maybe not even that. If on the other hand Microsoft can backtrack a little, and allow people (consumer and enterprise users) to use the familiar desktop, then it’s a much more incremental upgrade to Windows 7, and will be more easy to adopt – and thus more popular (and successful). It’s possible that Steven Sinofsky’s departure will allow Microsoft to do this. Whatever happens though, it looks like the Windows cash cow is a lot less healthy – MS simply aren’t extracting as much money for their product any more.
Background, and the original promise
Intel has it’s ‘tick-tock‘ roadmap where it upgrades the features of its CPUs and then shrinks the fabrication process to make the CPUs smaller, cheaper to make and more power efficient. Microsoft has for many years followed a similar pattern – feature releases every other time; the difference is that the builds between feature releases can’t be shrinks as there’s no physical process – they are instead fixes, as there have usually been issues with the feature releases that have stood in the way of mass adoption:
| Feature release | Fixed Release |
| NT3.x | NT4 |
| 2000 | XP |
| Vista | 7 |
| 8 | ? |
The geeks and guinea pigs title for this post refers to the users that get the feature releases – people in IT who like trying out cutting edge stuff, and maybe a pilot group in ‘the business’.
When I first heard about Windows 8 it was when I was part of a Customer Advisory Council (and Windows 7 wasn’t even out of the door). We were told that having fixed the issues in Vista with Windows 7 there would be no more major changes, just incremental updates. No more tick tock, no more feature – fix it, just a nice gradual roll out of of improved functionality.
And then some genius decided to throw a spanner into the works, and have a consistent UI metaphor across smartphone, tablet, games console and desktop – Metro – the UI originally featured on the Zune. Once again we have a release that’s defined by a new feature – a feature that doesn’t seem to be well received outside of Redmond.
Why Metro is a disaster on the desktop
The Metro interface works great on smaller devices where the screen is used for one application at the time, and it’s clearly designed for touch screens. On the desktop though it doesn’t fit well with the keyboard and mouse. The whole point of the windows in Windows was to be able to have multiple applications open on a larger screen (or screens).
In over a year of using it myself I’ve always gone straight to the old desktop, and pinned all of the apps I use frequently so that I don’t miss the start menu. On the consumer and release previews I’ve found myself lost pretty much every time I’ve had to use the new interface, though it looks like the final release has at least sorted out the Control Panel (by going back to how it was).
Metro is right up there with the Office ribbon and Mr Paperclip in the competition for worst user experience, and it’s no surprise that the most popular app for Windows 8 is Start8 – an app to bring back the start menu.
The Enterprise angle
The general aim of Enterprise IT is to keep things going as cheaply as possible, and that means change is bad. Many organisations are still using Windows XP, and are only now upgrading to Windows 7 (as Microsoft has a gun to their head with support ending for XP). There is hence almost zero appetite for doing any more change to the environment (particularly as Windows 7 has involved costly hardware refreshes and application compatibility testing).
If Windows 8 had been the incremental update that was promised (more like Windows 7.1 perhaps) then it would have been relatively simple for organisations to move straight to it. Things might be different if MS had provided an option to avoid Metro in the Enterprise Edition; but the way things are Windows 8 is definitely one for the geeks and guinea pigs.
A word on editions
Windows 7 came with a bunch of different editions – Starter, Home Basic, Home Premium, Professional, Enterprise and Ultimate. I quite liked the Ultimate edition[2], but MS made it too expensive and too hard to get, so I expect that approximately nobody who didn’t work for MS or have an MSDN subscription ever saw it – even the most deep pocketed PC fan would only get Pro from their OEM.
Windows 8 has far fewer editions – vanilla, Pro and Enterprise. So for the consumer the choice is pretty simple. Pricing makes it even more simple. With the Pro upgrades available for £25/$40, and no option to upgrade to basic Windows 8, it seems that pretty much everybody that buys Windows 8 will buy Pro.
The cash cow stops milking
The £25/$40 upgrade pricing to Pro is supposedly time limited, and it seems to have had the desired effect in driving early adoption with 40m licenses sold so far, but there are a couple of important things going on here:
- The gap between ‘upgrade’ and ‘full’ has disappeared, as MS has allowed upgrades from the preview releases (that it hadn’t charged for).
- The price expectation for a Windows license has been set, and set low.
Even if Windows 8 doesn’t damage the PC market (and I think it will[3]) then MS is going to make less money per unit that it was before.
Conclusion
Windows 8 wasn’t supposed to be a geeks and guinea pigs release, but that’s what it is. MS are going to struggle in the consumer space because of Metro, and it will likely stop them getting anywhere in the Enterprise. Meanwhile the price point they can charge has moved against them.
I did put some money in Microsoft’s pocket for Windows 8, but only so that I could continue to have a working license for a particular machine. I have no plans to upgrade any of my Windows 7 machines – even at £25 – it simply isn’t worth the trouble, never mind the money.
It’s not too late for MS. They could easily roll the features of Start8 into a patch on Windows Update and give users (particularly corporate ones) what they want – a nice incremental upgrade rather than a feature release. It’s too soon to call that Windows 9.
Notes
[1] Which isn’t even called Metro any more due to a legal dispute, though everybody seems to still call it Metro anyway.
[2] I was able to get this via an MSDN subscription.
[3] The data I’m waiting for is how many Windows 8 PCs and laptops bought over the Black Friday weekend go back to the shop because people don’t like it. I’m told that many PC purchases happen simply because existing PCs get into poor shape (often due to malware) and it’s easier to buy a new one than to sort out the old one. MS have unfortunately moved the pivot point in a way that’s not in its favour – the pain of getting on with Metro will now balance against the pain of sorting out an old PC.
Filed under: technology | Leave a Comment
Tags: editions, upgrade, windows 7, Windows 8
The wrong sort of radio, redux
Almost a couple of years ago (shortly before taking a role that put me back under the yolk of corporate web filtering) I wrote the wrong sort of radio to describe how ridiculous and counter-productive such things are. It simply doesn’t make much sense to cut off the Internet at the desktop when everybody has it in their pocket anyway. I was reminded of this by a tweet from Sean Park over the weekend:
TL;DR version
For the last year or so I worked around the corporate web filters by having a PC on my desk connected to the real world via a VPN – an immobile version of bring your own device (BYOD). The VPN moves the point of origination for my web traffic (and the liability that goes with it) from my employer to me, so this was a compromise that everybody could be comfortable with. It was however technically challenging to set up, and performance/reliability was often poor. With a few simple tweaks the whole setup could have been made much more accessible for others, and that would be a good thing.
The Law
SEC Rules 17a-3 and 17a-4 oblige brokers and dealers to keep archives of electronic communication for trading staff, and similar rules have been enacted in most jurisdictions. It’s fairly easy for organisations to keep a regulatory archive of their own email using various bolt on solutions to their mail servers. Private (web)mail was however seen as a way to circumvent archiving[1], and hence had to be blocked. At the same time private webmail was being blamed for malware finding its way onto corporate desktops, so it seemed to make sense to block webmail for everybody, not just trading users (and anyway it seemed like it was too hard to keep track of who should be archived/blocked and who shouldn’t – so much easier to just cast the net over everybody[2]).
The law didn’t tell Wall St. to shut down webmail, but that’s what happened.
The Lore
Once webmail had been blocked on corporate networks it then became part of security and risk management culture that anything that allowed an employee to access webmail (or social networks with similar communications capabilities) must be banned. It was by this perverse logic that when guest and employee wifi were introduced (to allow people to work as effectively as they might in a local coffee shop) those services were then subjected to the same filters as the corporate network.
I used to have this written at the top of the whiteboard behind my desk:
The Lore != The Law
It was there to remind me that pretty much everything evil done in Enterprise IT is done at the behest of ‘compliance’, and it’s part of our job to push back as hard as possible to get a good experience for the users.
The liability argument
Corporate liability was a frequently touched upon issue in discussions about filtering networks. The argument runs something like this:
If we’re providing a service (like employee or guest WiFi) then we’re liable for what’s done with it
It’s a fair point, and the best answer is to get out of the business of providing the service. Get a telco to do it instead. The whole point of ‘wrong sort of radio’ is that telcos aren’t expected to be liable for traffic across their networks in the same way.
In many other cases the liability issue is dealt with using an acceptable use policy, and we pretty much all click through such agreements when accessing the Internet from a hotel, coffee shop, airport, train or whatever. That doesn’t work for Wall St. though. Wall St. has (internal) auditors to ensure that things are done properly. It isn’t good enough to have policy (ask nicely for people to do the right thing). There must be technical measures – make sure that people do the right thing – by actively stopping them from doing the wrong thing.
This is when The Lore kicks in badly. Employee WiFi must have the same filters as the corporate network, otherwise employees will use it to dodge controls; and guest WiFi must have the same filters too, because employees will cheat and create guest access codes for their own use. All that filtering means that traffic can’t just escape out onto the Internet, it needs to be routed through to the filtering place, meaning more hops, more expense and less performance.
VPNs to the rescue?
Virtual Private Networks (VPNs) move the point of egress to the Internet (and hence the perceived point of liability) from the WiFi service provider to the VPN provider. VPNs therefore provide a strong technical argument to the issues around liability; guests and employees should be allowed to use VPNs, because what they do on the Internet tracks back to them, not the company providing WiFi.
If only it was that easy.
The trouble is that the filters can only work on a narrow stream of traffic, and the expectation is that people are just surfing the web; so things get locked down to port 80 (HTTP) and port 443 (HTTPS). Whilst it is possible to run SSH and OpenVPN over port 443 it’s a none standard configuration; and web filters range from actively hostile to simply not designed to work well for such a setup.
VPNs therefore can be useful for moving the point of liability, but things only work well if the network is configured to allow VPNs (rather than VPNs being a workaround).
The gory technical details
The PC on my desk (and the iPad in my bag) were able to connect to virtual private servers I had using SSH and OpenVPN. Most SSH clients (including iSSH on iOS) can work as a SOCKS proxy, though of course this means that the SSH session must be established before surfing begins (which is a nuisance on the desktop and a downright pain on a SmartPhone or Tablet). Not everything gracefully pays attention to proxy rules, which is where OpenVPN can be helpful, but you can’t run SSH and OpenVPN on port 443 at the same time – so I needed two VPS boxes[3].
Call to action
Firms that are making widespread use of web filters[4] for guest and employee WiFi should actively support the use of VPNs by opening the appropriate ports and advertising the VPN capability (maybe even suggesting some services that people can use if they don’t have a VPN already).
Conclusion
Web filters at work get in the way of doing business in a (socially) networked society. I found ways to deal with these that worked for me, but they only worked for me because I was able to deploy resources and expertise that aren’t at everybody’s disposal. Virtual Private Networks provide a sensible workaround for the perceived liability issues, and should be technically facilitated and encouraged.
Notes
[1] Solutions at the time weren’t sophisticated enough. That has changed, but the approach pretty much everybody takes hasn’t.
[2] This is the same logic that gets us full disk encryption.
[3] Though I could have got by with a single VPS and an extra IP address.
[4] It would be remiss of me to finish without mentioning that the rule management for those filters is a nightmare. The default filer rules are normally created for oppressive regimes in the Middle East, and commercial users then need an exception process for stuff they don’t want to filter (because filtering harms their business). Exceptions are normally granted on a firm wide or individual basis. Exceptions are normally only managed for the corporate network (not guest or employee WiFi), leading to much fun getting exceptional exceptions for new services.
Filed under: technology | 1 Comment
Tags: BYOD, censorship, filter, vpn, web
The best conference bag
I get to go along to a lot of industry conferences, and goody bags are pretty standard fair. I expect that most of them quickly find their way to landfill, which is always a shame. A couple of years ago I was visiting somebody who I’d met at a conference, and I had one of my old bags with me and he commented ‘oh yeah – that one was a keeper’. I’m travelling again, and like a faithful companion it’s with me once more. So what makes a good conference bag?
- Light weight. Most people will have come with their own bag anyway, so they don’t want to carry much extra stuff back with them. This applies doubly so if people have travelled by air and face the ever more stingy check in and carry on allowances.
- Pack flat. If the bag can be put on top of other stuff in some carry on then it’s more likely to make it home. This means no padding.
- Large capacity. A useful bag should be able to hold a laptop, chargers, a couple of tablets, a bottle of water, an umbrella, sundries like boxes of tea and a coat (i.e. the minimum viable leave the hotel for the day kit).
- Robust. It’s no good if it falls apart.
- Shoulder and hand straps.
- Business card holder (so that it can find its way home if lost).
My old faithful was made by Leeds and given away by Burton Group at their 2004 Catalyst Europe conference – I think the sponsors on the other side have got more than their money’s worth by (somebody) choosing a good quality product. I’ve managed to break one of end pouches, which turned out to be not quite strong enough to hold a 500ml bottle of water, but it’s otherwise held up well to years of travel, and often gets thrown into my carry on empty (so I can bring home some extra stuff) or with the gadgets I want on a flight (so I don’t have to mess around with my luggage too much). I’ve also held onto a few 24esque ‘Jack pack‘ bags I got from QCon as they’re great for holding shotgun cartridges and other shooting paraphernalia.
Filed under: did_do_better, travel, wibble | Leave a Comment
Tags: bag, conference, travel
Tablets for Christmas
I remember a Christmas in the late 90s where it seemed like everybody got a mobile phone. This year it’s looking like we’re going to see the tablet equivalent, so I thought I’d do a quick round up of what I’m expecting to see.
The home front
If I include my in-laws then there will be at least three Nexus 7 devices coming for (or before) Christmas. My wife was quite taken by the advertising for the Kindle Fire HD, but when my brother showed her his Nexus 7 she was sold on the Google alternative[1]. I was personally something of a Nexus 7 sceptic when it launched, feeling that the lack of memory and 3G options made it weaker than my existing (original) Galaxy Tab, but both of those issues have now been fixed[2].
For the kids
I got an email from a friend this morning saying he was getting iPad minis for his two daughters (and asking if that made him an Android traitor[3]). This makes sense to me, as iOS still has the lead on games, which is one of the main things that kids use these devices for. I’ve got my own daughter one of the new iPod Touches for exactly the same reason.
Differentiation and market sizing
The iPad has had a good run as the main attraction in the tablet marketplace, but I see this coming to an end. I expect the iOS ecosystem to continue differentiation in two ways:
- As a premium product, in the same way that Macs were during the PC era. It’s clear that Apple is still going for a marketing based approach to the devices themselves, with a line up that starts with the iPod Touch, and goes up in size via the iPad Mini to the full size iPad. There’s still big margin in each of these. Google and Amazon on the other hand are going with very thin margins on the devices, so any price differentiation in the line up comes pretty much straight from the bill of materials. This will likely be the area where Apple will continue to differentiate in the long term.
- As the preferred gaming platform. Developers in general will go where the numbers are, and whilst iOS has had the lead on sales it’s also been the develop for first platform for games. This is less of an issue for many (older or first time) tablet users who just want to surf the web and read emails and ebooks, but remains a big deal for people that want games, particularly if they’ve already bought a bunch of stuff in the AppStore.
The contrast between the Apple approach and Google/Amazon is on device premium. Apple (at least for now) get to make money on the device and on the rent payer they get in the AppStore, whilst Google and Amazon are clearly willing to give up the device premium to attract rent to their ecosystems. This almost certainly plays out as Android having a major growth spurt into 2013, and it’s then only a matter of time before the balance tilts for gaming etc.
What about Microsoft?
The Surface looks like (yet another) brave try, but the reviews I’m reading suggest that it’s too expensive and the software’s too flaky to justify the price tag. If this really is MS showing their OEMs how it’s supposed to be done then I’m not expecting too much from the rest of the field.
The wider tablet with keyboard category[4] looks to me like a well intentioned attempt to close the gap between tablets and laptops from a functional perspective, but it’s important to look at how people spend their time. If 90% is consumption of content and 9% is curation of content then that leaves the creation gap at 1%, and 1% does not a healthy market segment make.
Conclusion
This Christmas is going to be the turning point for Android based tablets, and the gaming and enterprise markets will need to react accordingly in the New Year. Apple is going to have a great Christmas too, as they get to double dip by making money on devices as well as content. I fear a bad New Year hangover for MS and anybody getting a product from their stable over the holiday season.
Notes
[1] I had previously suggested that the Nexus 7 might be a better choice than the Kindle Fire HD, but holding one in your hand can make all the difference. In practice the differentiation is less about the devices and more about whether you want a shopping cart from Jeff Bezos or Larry Page parked in front of you.
[2] I use my Galaxy Tab a lot on the train when in the UK, and it’s often my main source of connectivity when I’m in the US (courtesy of the AT&T SIM that came with it) so 3G connectivity is pretty important to me. If I was buying something for myself this Christmas then it would be a 3G version of the Nexus 7. I’m not buying because although the Nexus 7 is all three of better/faster/cheaper the original Galaxy Tab is still perfectly adequate for my needs. There might be some important inferences here for tablet upgrade cycles.
[3] He has been an Android smartphone user since the early days, and more recently got himself an ePad Transformer tablet.
[4] Intel seem to have labelled this ‘Ultrabook Convertible’, though it’s not clear to me that there’s a rigorous base specification for this like there is with the Ultrabook branding. I’ve seen at least 6 different physical approaches illustrated, which suggests to me that nobody has yet figured out what customers actually want.
Filed under: technology | 3 Comments
Tags: amazon, android, Christmas, convertible, Fire, google, HD, iPad, kindle, Microsoft, Nexus 7, Surface, tablet, ultrabook
When I first created an automated build system for OpenELEC I had two reasons:
- Official releases from the OpenELEC team were infrequent
- There were no official SD card images (just .bz2 release bundles)
Looking now at sources.openelec.tv I don’t think point 1 is true any more. I’m going to keep my own system going for the time being, but in parallel I’ll try to provide images based on the official builds. I will also continue to provide release bundles with media_build for those using DVB receivers that aren’t properly supported with existing drivers.
Filed under: Raspberry Pi | 14 Comments
Tags: build, card, image, media_build, official, openelec, Raspberry Pi, Raspi, release, RPi, SD
Broken netbook media player
The screen on my wife’s Lenovo s10e gave up the ghost last week. I thought it might be just a loose connector and that I could fix it, and an initial attempt at strip down and rebuild seemed to work. Sadly my fix didn’t hold.
I’ve been using my own s10e mostly to play videos on a bedroom TV[1], so I switched over the hard drives. This got my wife working again, and also gave me the opportunity for a project that I’ve had in mind for some time (in anticipation of this eventuality).
With the broken screen removed from the netbook I mounted it, its power supply and the TV power supply onto the back of the TV with velco pads:
This got the netbook and tangle of wires out of the way, but left the challenge of how to control it. I dealt with that by getting a Kogan Wireless Keyboard and Trackpad. It’s about the size of a regular TV remote, but is surprisingly easy to use.
So now I have a very tidy setup that I can control from bed.
Notes:
[1] Sadly the bedroom TV I bought a little while ago didn’t come with HDMI, so I can’t just use a Raspberry Pi with OpenELEC.
Filed under: making | 2 Comments
Tags: keyboard, Kogan, netbook, remote, trackpad, tv, wireless
OpenELEC with media_build
Update (13 Nov 2012): Since OpenELEC is now on a recent kernel there’s no point to media_build any more, and I won’t be doing any further builds. Some DVB drivers aren’t enabled, but this is easy to rectify (it didn’t take very long to get CE6230 support mentioned below sorted out).
Update (10 Nov 2012): Since newer kernels were included in OpenELEC at the end of October I’ve not been able to create new releases with media_build. The good news is that it913x DVB adaptors (like mine) now work just fine with regular OpenELEC. The bad news is that various other DVB adaptors (e.g. CE6230) are missing from regular OpenELEC. If I figure out some other way of including missing drivers I’ll create some new builds – but don’t hold your breath.
A lot of people have been having issues with driver support for digital TV devices that can be fixed with the media_build drivers. I’m pleased to announce that I’m now publishing release bundles that include media_build using the same automated mechanism that I put together for regular release bundles and SD card images (NB I have no plans to do SD card images for media_build as it’s relatively trivial to copy a release bundle onto an SD card).
Filed under: Raspberry Pi | 10 Comments
Tags: build, ce6230, driver, dvb, image, it913x, media, media_build, openelec, PiChimney, PVR, Raspberry Pi, Raspi, RPi, SD
Moving house
For a few months now I’ve been offering OpenELEC release bundles and SD card images at openelec.thestateofme.com, and more recently I set up resources.pichimney.com to host a broader range of Raspberry Pi related downloads. The servers that I’ve been using were part of the BigV.io beta, so I’ve not been picking up the tab for VMs and bandwidth.
BigV has been great. Fast servers, expandable disks and plenty of bandwidth. Unfortunately it would cost me too much to stay there now that they’re starting billing (bandwidth alone would be around £40/month), so I’ll shortly be moving the URLs over to a new virtual private server in the US that I found via LowEndBox offering 3TB/month inclusive bandwidth.
The new server comes with 60GB of disk space, so I’m not going to fill things up by moving over the entire back catalogue of builds and images. I’m also going to have to prune things as the storage fills up.
No loop devices on OpenVZ
The one gotcha that’s already caught me out is that loop devices don’t work (due to security issues) on the OpenVZ platform that my VPS is hosted on (I knew there would be something to justify the premium for KVM or Xen). This means that I can’t make release images on the server itself. For that reason I’m going to keep a VM on BigV for the time being and make the images there (shipping them over to the main web server with rsync).
Filed under: Raspberry Pi, technology | Leave a Comment
Tags: bandwidth, BigV, build, device, hosting, image, loop, openelec, OpenVZ, Raspberry Pi, Raspi, release, RPi, rsync, SD, VM, VPS
Wales ape and monkey sanctuary
Our family holiday this summer was in Wales, and one of the great attractions that we visited whilst we were there was the Wales ape and monkey sanctuary. I had a bit of trouble finding it online, so I thought I’d give it a bit of link/tag love here. I also had a struggle finding it on my satnav, so the coordinates are:
Latitude: N 51° 47′ 47.4317″
Longitude: W 3° 41′ 25.4675″
OS Grid Ref: SN834122
We called in at the sanctuary after a visit to the nearby show caves, which made for an excellent all round day out.
Filed under: travel | 1 Comment
Tags: ape, centre, monkey, primate, rescue, sanctuary, Wales, Welsh
One of the great disappointments for me in last week’s launch of the iPhone 5 is that it doesn’t come with near field communications (NFC) capabilities. This was explained in an interview with Senior VP Phil Schiller:
It’s not clear that NFC is the solution to any current problem, Schiller said. “Passbook does the kinds of things customers need today.”
Phone as token
This comment seems to concentrate on using a phone as an NFC token, which is typically used for low value applications like buying a lunch or taking a short train ride. In this case the phone is used as the key to somebody else’s lock. Where NFC like payments systems are already popular (e.g. Octopus in Hong Kong) then many people achieve this already by putting a card (or the electronics from it) inside a phone case/cover.
Phone as terminal
It’s quite right that using a phone as an NFC token adds little value (maybe you get to have a transaction record on the device). The real missed opportunity is using the phone as a terminal – the lock for somebody else’s key. This opens up a number of additional possibilities:
- The phone can be touched against an NFC card to authenticate an individual or a transaction they’re carrying out (rather than clumsy hardware based two factor authentication systems that might be fine with desktop PCs but don’t work well in a mobile environment). This allows very high value transactions to be addressed.
- The phone can be used as a point of sale terminal – think something like Square, but without the need for a magnetic stripe reader. This would of course be the route to solving the problem of NFC point of sale equipment being expensive to roll out.
Conclusion
Apple seems fixated on phone as token use cases and how these can be tackled with software only based approaches like its Passbook. This means that it’s missing the opportunity to grow the ecosystem for phone as terminal applications (and that ecosystem is far more fragile with Apple keeping outside).
Filed under: could_do_better, technology | 1 Comment
Tags: apple, authentication, NFC, payments, terminal, token
Chris Swan's Weblog 