United States federal government bans use of Kaspersky software: What should firms and households do?

A leading maker of antivirus and internet security software has been blacklisted by the United States federal government over fears that it has ties to Vladimir Putin’s regime in Russia. Here’s the first two paragraphs of The Washington Post’s story about the decision:

The U.S. government on Wednesday banned the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities, according to U.S. officials.

Acting Homeland Security secretary Elaine Duke ordered that Kaspersky Lab software be barred from federal civilian government networks, giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.

And here is a copy of the statement issued by the Department of Homeland Security regarding DHS Binding Operational Directive 17-01.

Kaspersky Lab (which has an American division headquartered in Woburn, Massachusetts) responded with this strongly-worded statement:

Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded.

No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.

In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development.

Regarding the Russian polices and laws being misinterpreted, the laws and tools in question are applicable to telecom companies and Internet Service Providers (ISPs), and contrary to the inaccurate reports, Kaspersky Lab is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM), since the company doesn’t provide communication services.

Also, it’s important to note that the information received by the company, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates and more.

Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.

Kaspersky’s software has repeatedly come out ahead of the competition in tests performed by independent labs, which is a key reason why many cybersecurity professionals like it and recommend it.

But now the company is being blacklisted by the federal government and agencies are under orders to remove and uninstall any Kaspersky products they may have purchased licenses for. Best Buy has already severed ties. What about households and firms that use Kaspersky: what should they do?

My advice is, don’t panic. There is no need to purge Kaspersky from your systems if you use it. No evidence has been presented that Kaspersky’s software is malicious.

And it sounds like the government just doesn’t have any.

Rob Joyce, the White House cyber security coordinator, said Wednesday at the Billington CyberSecurity Summit that the Trump administration made a “risk-based decision” to order Kaspersky Lab’s products removed from federal agencies.

Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied: ”As we evaluated the technology, we decided it was a risk we couldn’t accept.”

Emphasis is mine.

Despite the issuance of this order, the Department of Homeland Security has said there will be “an opportunity for Kaspersky to submit a written response addressing the Department’s concerns or to mitigate those concerns”.

“The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant,” says the statement accompanying the order.

In a recent New York Times op-ed, Senator Jeanne Shaheen of New Hampshire advocated for today’s action by referencing briefings from the intelligence community.

At a public hearing of the Senate Intelligence Committee in May, six top intelligence officials, including the heads of the F.B.I., C.I.A. and National Security Agency, were asked if they would be comfortable with Kaspersky Lab software on their agencies’ computers. Each answered with an unequivocal no. I cannot disclose the classified assessments that prompted the intelligence chiefs’ response. But it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials.

When someone says they’ve got evidence to back up a course of action they want to take, but won’t show it to you, then you’re left with just their word.

That’s not good enough.

Shaheen goes on to say:

Fortunately, there is ample publicly available information to help Americans understand the reasons Congress has serious doubts about the company.

She then goes on to talk about how the company’s founder Eugene Kaspersky graduated from an elite cryptology institute (something that is public knowledge and which I’ve known since before I started using the company’s products), and news reports that discuss the possibility and probability that Kaspersky has been collaborating with Russian intelligence, such as this one from Bloomberg.

But even that Bloomberg article noted, “The U.S. government hasn’t identified any evidence connecting Kaspersky Lab to Russia’s spy agencies.”

(Kaspersky has responded both to Shaheen’s op-ed and also to the Bloomberg story).

Writing for Wired, in a piece published on Labor Day (Why the U.S. Government Shouldn’t Ban Kaspersky Security Software), Philip Chertoff noted that most of Kaspersky’s rivals in the cybersecurity industry are also foreign companies that may have ties to the intelligence agencies of their own home countries.

It is not unreasonable to think that Kaspersky Lab may have ties with Russian intelligence. The company employs former intelligence officers, and Russia’s relationship-based business climate means that it’s unlikely Kaspersky Lab could have succeeded without relationships with senior government officials.

However, it’s a charge that could be levied at many technology companies, especially cybersecurity firms. As the digital economy has grown, international intelligence agencies and technology firms have formed a sort of intelligence-industrial complex. After exiting US intelligence services, many former officers and cryptographers transition to jobs with big tech firms, hired for those skills they learned in the service or specifically for their strong personal relationships with government officials.

For instance, Bitdefender — which is currently trying to poach Kaspersky’s business with ads like these — is based in Romania. (Bitdefender is the other company that routinely gets the highest marks in independent third party testing of antivirus and security software).

If we can’t trust Kaspersky because they’re foreign, then arguably the same logic applies across the industry.

Kaspersky is a multinational company that has servers all over the world, in many countries, including the United States as well as Russia. Again, that’s no different than other cybersecurity companies.

It must be noted that there are a lot of American firms handing over precious trade secrets so they can do business in China, or complying with Chinese laws so they can gain access to the market there.

The New York Times recently published a story about this. Shouldn’t that behavior be equally concerning to us?

It is to me, at least. And these are American firms.

Senator Shaheen claims to have seen information which is prompting her to call for a ban of Kaspersky software — but says she can’t share this information. That’s of no help, then, because it means those of us who understand these issues can’t weigh the evidence for ourselves to reach our own conclusions.

The U.S. intelligence community is very secretive and agencies like the NSA have a history of having violated federal law and the Fourth Amendment to the United States Constitution to spy on Americans.

The NSA has also reportedly spied on companies like Bitdefender and Kaspersky (surprise, surprise).

We have a growing body of evidence that Vladimir Putin and the Russian Federation interfered in last year’s elections here in the United States. We are all right to be concerned about that. We do not have evidence that Kaspersky’s software is a danger to our national security.

The Internet may have begun as a U.S. defense research project, but it’s a global medium now. Combating bad actors requires global cooperation, because the bad guys can operate from anywhere with an Internet connection, as Eugene Kaspersky notes in a piece today at Forbes:

When did it become OK to declare a company is guilty without one shred of public evidence? In addition, while the U.S. has talented cybersecurity experts, smart people, who are dedicated to fighting cybercriminals, are born and educated all around the world. If the most sophisticated cyber threats are coming from countries outside of the U.S., don’t you think using cyberthreat data and technologies from experts located in those countries might be the most effective at protecting your valuable data, especially given that they are fighting against those local threat actors every day?

It is time to separate geopolitics from cybersecurity. We need to work together globally. Kaspersky Lab has good relationships and regularly helps law enforcement agencies all over the world fight cybercrime, and we hope the U.S. will also consider learning more about us, and who we truly are, versus the rhetoric and false assumptions. We’re ready to demonstrate that we have nothing to hide, and that we only want to help defeat cybercriminals and prevent cyberattacks.

With that said, I previously offered to meet with Senators, Representatives, Committees, and federal agencies, publicly or privately, to answer any questions regarding my company or me. The offer still stands.

If those of us using Kaspersky were to ditch it, and wanted to replace it with something comparable, we’d probably go with Bitdefender, which (as mentioned) is the other company that scores the best in independent testing for antivirus effectiveness. Again, as mentioned, Bitdefender is Romanian. So we’d still be in a relationship with a foreign company and our computers would still potentially be transmitting data to servers outside of the United States, including servers based in eastern Europe.

One final point: Kaspersky’s software may be proprietary (closed source), but so are the operating systems distributed by Microsoft and Apple — which most people use for their desktop computing. Microsoft happens to be one of Kaspersky’s partners; they make use of the Kaspersky Antivirus SDK.

Seattle-based Amazon is also a Kaspersky partner.

When any of us uses proprietary software, we’re making a decision to trust the company we’re getting it from, because the source code cannot be audited by anybody in the same way that free software can be.

At this juncture, I have no reason to believe Kaspersky’s software is risky, malicious, or a threat to national security. I will therefore continue to use it to protect the proprietary systems that I run.

I actually prefer to do the majority of my computing with free software, notably the GNU toolchain, Linux kernel, KDE applications, and WordPress, all of which are distributed under licenses that allow anyone to see the source code, distribute it, and modify it.

Force Kubuntu to let you install new login themes

Problem: You’re tired of the default Kubuntu login theme and want to install a new one. But when you try to add new themes by going to System Settings > Login Screen (under the category System Administration) > Theme, nothing happens.

Cause: A flaw in KDE

Solution: Open Konsole and type:

kdesudo kcmshell4 kdm

This will open the Login Screen module, but as root. Now try installing a login theme. You should be able to see the newly installed theme in the list once you install, and be able to specify it as the default.

Help Thunderbird display emoticons in messages sent from Microsoft Outlook

Problem: Mozilla Thunderbird (running on a GNU/Linux machine) doesn’t display emoticons in messages that were sent using Microsoft Outlook. Instead, emoticons appear as the letter “J”.

Cause: Microsoft’s lack of concern for web and email standards

Solution: Install the “Wingdings” font so that Thunderbird can actually render the emoticons. On the latest versions of Ubuntu, this is as simple as clicking on the wingding.ttf file and then clicking Install. You can get Wingdings from your Windows computer. Just go to C:WindowsFonts and look for wingding.ttf. It should be near the end. Copy this file to your GNU/Linux machine and install it. Next time you start Thunderbird, you should be able to see emoticons in any message sent by a friend using Microsoft Outlook.

What to do when GParted crashes on your Live CD

Problem: GParted crashes while starting up when launched from the Ubuntu 10.10 Maverick Meerkat Live CD, or from a Maverick USB installation. Restarting the computer and beginning another live session fails to help matters.

Solution: There’s actually a pretty simple solution for this very annoying problem: Upgrade GParted. A user dealing with this problem could, of course, fall back on an older Live CD with an older version of GParted. But older versions may run into “unknown errors” if a newer version of GParted has been used to configure a drive. Furthermore, it makes sense to just grab the latest and greatest version.

If you’re running Maverick on a USB stick, just open a terminal and type:

sudo apt-get install gparted

Ubuntu will upgrade GParted. Next time you try to start it, it should come up okay and not crash.

If you’re running a live session from a CD or DVD, use the disc to make a USB stick that can save data. Then upgrade GParted using the command above.

What to do when Flash audio stops working on Ubuntu/Kubuntu

The situation: You’re trying to watch a Flash movie in Firefox and you can see video just fine, but the audio is stuttering like a broken record, making it impossible to hear the sound. Audio does not stutter in non-Flash applications. You have the latest version of Flash from the Ubuntu repositories.

What’s going on? This appears to be a bug that many Ubuntu/Kubuntu users are experiencing. It looks like it’s a glitch with Flash. Messing around with your sound architecture is unlikely to help matters, so don’t do that.

Solution: There is a fairly simple workaround. Go to Tools > Add-ons. Select “Plugins”. Disable your Flash plugin. Restart Firefox. Then, go back to Add-ons and enable the plugin. Try playing a Flash video again and see if the audio works. Repeat this workaround if the problem occurs again.

In some (but not all) other browsers, this problem can be alleviated by simply restarting the browser.

Comment: If you’ve found this post, I hope the above troubleshooting advice helps. I can’t wait for the day when proprietary software is no longer required to view video on the Web. Flash sucks. The advent of HTML5 will hopefully make Flash problems irrelevant and a thing of the past.

Recovering a lost blog post: What to do when you’ve tried everything

The situation: You’ve just spent the last few hours writing a post for your blog or newsletter, using the editor built into your blogging or mailing platform, which you access inside of a web browser. You go to hit Publish, and you get prompted to login (because it auto-logged you out for some reason). Or you see an error message, maybe something like, We’re sorry, we couldn’t process or request. Or you see a blank web page.

You login again (or go back) and discover that all that’s left of your blog post or newsletter is an incomplete fragment…. or worse, nothing! You curse your blogging tool and wonder if there is anything you can do to retrieve your lost draft.

As it so happens, there is.

The solution: Assuming your data is not saved in a cookie or in a cache file, and can’t be retrieved using a tool like Lazarus Form Recovery (which you MUST install if you are a Firefox or Chromium user, after you are done following the steps outlined below), your only recourse is to dump the browser’s memory and search for the draft.

I have successfully recovered a draft using this method (which was pioneered by Thomas Strömberg) more than once, either when Lazarus failed me, or I was running a browser that did not have Lazarus installed. So can you… but only if you are capable of reading carefully and following directions!

This tutorial assumes you are running Windows, because that’s the operating system most people have on their desktop or laptop.

Prerequisite: For this method to work, the browser you were/are working in needs to be kept open and undisturbed. Do NOT close your browser and do NOT close the browser tab your data was lost in! Leave it open. Don’t touch it. Open a different browser and proceed with these instructions in that browser.

Ready? Let’s go!

  1. Determine whether the browser you were working in is multi-process or single-process. If it was Internet Explorer 8 or Chromium (i.e. the spyware-infested Google Chrome – yuck, or ChromePlus – free of Google’s spyware), then the browser is multi-process. If it was Firefox or a previous version of Internet Explorer, the browser is single-process. If you use some other browser, search for the answer on Bing.
  2. If you use a single-process browser, proceed to the next step. If you were using a multi-process browser like IE8, maximize that browser now and begin counting how many tabs are currently open, beginning at left. Stop counting when you get to the tab you were working in, where your draft was eaten. Write this number down.
  3. Next you need to download two tools: pmdump and strings. These tools will permit you to dump the browser’s memory into a text file for examination so you can look for the contents of that lost draft. Go here to download pmdump. Then, go here to download the Sysinternals strings utility. Download these files to your Desktop.
  4. Click the Start button. Choose “Run” and type “cmd”, then hit Enter. (Vista/Win7 users: Just type “cmd” into your search box and hit Enter).
  5. A black screen will appear and will display a copyright message, then it will show a command prompt, like this: C:Documents and SettingsYour Username>
  6. Navigate to the folder where you downloaded pmdump and strings (should be Desktop), by typing the following and hitting Enter:
    • cd Desktop
  7. Now it should say C:Documents and SettingsYour UsernameDesktop> Type the following and hit Enter:
    • pmdump -list
  8. You should see a list of currently running processes ending in .exe with numbers to the left of them.
  9. Now it’s time to dump the memory. First, however, we have to narrow down which process contains that lost draft. (If you were using a single-process browser, skip to the next step). To do this, we’ll isolate all processes related to the browser. So, for instance:
    • pmdump -list | find "chrome" OR
    • pmdump -list | find "ieexplore"

    Once you have executed this command (again, by hitting Enter), you’ll see a smaller list of processes. They will all have the same name, but different numbers preceding them. Start counting the number of processes, beginning at the top of the list. When you reach the number you wrote down earlier (of the tab you were working in), stop.

  10. Now write down the four-digit number of the line you’re on.
  11. To dump, type the following and hit enter, where “XXXX” is replaced by the number of the browser process. This command may take some time to run. Let it finish.
    • pmdump XXXX recoverdraft.dmp
  12. Now you’ll get rid of all the non-text data from the memory dump you just made using the strings utility. Type the following, hit Enter, and then be patient while it finishes:
      strings recoverdraft.dmp > recoverdraft.txt
  13. Leave the command prompt window open.
  14. In the folder where you downloaded pmdump and strings, you should now see recoverdraft.dmp and recoverdraft.txt. Right click on recoverdraft.txt and choose Open With > WordPad. The file may take a while to open, so be patient. If you were using Firefox and had many tabs open, the file will be huge.
  15. When the file finishes loading (assuming WordPad doesn’t crash) hit Ctrl+F to open the search box. Type a unique phrase from your draft and hit enter. If all goes well, you’ll stumble across decently-sized fragments of your draft, or maybe even the draft in its near entirety. If you find nothing, try another phrase, and then another.
  16. If you don’t find any fragments at all after several tries, it could be that you dumped the wrong process. Go back to the command prompt window and verify which process you dumped.
  17. If you miscounted, dump the correct process.
  18. For multi-process browser users: If you didn’t miscount and suspect the list of processes top-to-bottom does not correlate with the tabs open in your browser left-to-right, try dumping and running strings on each one of them. Obviously, this could be time consuming, but trial and error usually is!

Ideally, after following the steps above, you’ll succeed in recovering most or all of your lost draft. If your draft has been separated into a great many fragments, piecing it all back together will be tough. You are more likely to encounter fragments if you were switching back and forth between writing and doing something else (like researching) while you were composing the draft. If all you were doing was typing your post or newsletter for an uninterrupted bloc of time, you are likely to find your draft mostly intact.

You can close your browser and the command prompt after you are all done, and have successfully recovered your draft… or given up 🙁

In the future, save yourself a lot of time by installing Lazarus Form Recovery. This add-on is available for Firefox and Chromium (if you want to use Chromium, I recommend ChromePlus, not the spyware-infested Google Chrome).

Lazarus securely saves all the data you type into forms, so in the event of a crash, disconnection, or other mishap, you can get your input back with just a couple clicks. Lazarus works more reliably in Firefox. It may not save your bacon if you’re a Chromium user, because it is still in early development.

Remove Google Analytics from OpenVBX

If you’ve installed OpenVBX on your server to provide an administrative backend for your virtual phone system, then you may have noticed that Twilio, Inc. – the company that released OpenVBX – has slipped a Google Analytics tracking script into the package’s source code. I consider this unethical, because they don’t state upfront that they’ve done this. They can embed Google Analytics in their own website if they want, but it’s wrong of them to put it in the software that they’re distributing.

Essentially what Twilio is doing is spying on their customers without their consent. That Google Analytics tracking script is sending information to their Google Analytics account, by default!

I make a point of avoiding doing business with Google because Google is obsessed with destroying the whole idea of user privacy, which is sacred to me. I pay good money for full-fledged webhosting partly so I don’t have to rely on any of Google’s products.

So naturally, when I discovered that there was a Google Analytics tracking script hidden inside of OpenVBX, I wasn’t happy. I set about removing the tracking code as soon as I had a spare moment. If you’d like to do the same, here’s what you do:

  1. In the shell (or your FTP client) navigate to where you have OpenVBX installed, i.e. /home/user/example.com/myopenvbxinstall/
  2. In your OpenVBX installation, there will be a folder called OpenVBX. You want to navigate into this folder, then “views”, then “layout”. (Example path: /home/user/example.com/myopenvbxinstall/OpenVBX/views/layout/)
  3. Navigate into the content subfolder. You’ll see a file called analytics.php. Open this file. Replace the entire contents with <!-- --> or, alternatively, tracking code provided by your Piwik installation. (Piwik is the open source alternative to Google Analytics, which you can run on your own server).
  4. Save the file. Now navigate back up to the “layout” folder and into the “flow-editor” folder. Again, you’ll see a file called analytics.php. Repeat the last step with this file.
  5. Save and you’re all done.

You have just removed Google Analytics from your OpenVBX installation. Privacy assured!

Bluetooth to the rescue

As anyone who has spent enough time with electronics knows, computers and mobile phones are delicate, fragile devices that are prone to malfunctioning or breaking. And often it takes just the loss of one essential component to render an entire device useless.

That’s what happened to me at the beginning of the month when I discovered, to my chagrin, that my BlackBerry would no longer charge when it was plugged in. I took the phone to the Verizon Store to find out what was wrong with it. Lo and behold, the USB port that allows the phone to charge and exchange data with other devices was broken. The only way to get it fixed, according to the Verizon employee I talked to, was to replace the whole phone.

Fortunately, the phone was still under warranty, so I was offered a free replacement. Taking the replacement, however, would have meant surrendering my old BlackBerry to Verizon, along with all of my settings, messages, and other data which I didn’t want to lose.

I ended up declining the replacement initially, so that I could figure out a way to back up my BlackBerry’s data first. I knew I could use my micro SD card to transfer off the pictures and music that were on the phone, but wasn’t sure how to save anything else. Neither were the unimaginative folks at the Verizon Store…  they had no ideas or suggestions to give me. The most they could offer was to simply go ahead and replace my phone.

I decided to leave my phone at the store so I could at least get the battery charged (it was almost completely dead when I brought the phone in).

When I got home I started researching the problem. I soon found a potential solution while browsing the CrackBerry forums. It turns out that BlackBerries can be backed up wirelessly using Bluetooth – no cables required. It sounded like Bluetooth could come to my rescue.

So I headed back to the Verizon Store. On my way there I stopped at Best Buy to purchase a Bluetooth desktop adapter for my notebook computer, which doesn’t have one built in. I had misgivings about going to Best Buy but didn’t want to drive all the way to Fry’s in Renton to get what I needed.

Turns out I should have.

The “Rocketfish” Bluetooth adapter I got from Best Buy refused to work, even after I had installed the drivers. I kept getting an error message telling me “Bluetooth license check failed. Please make sure that the bluetooth device you are using is licensed”.

As a result, I was unable to connect to my phone to back it up. But at least I was able to take my phone home with me, freshly charged, to keep trying. Unfortunately, I couldn’t get the Rocketfish adapter to work (Rocketfish, incidentally, is one of Best Buy’s house brands. Figures).

So the next morning, I returned it to Best Buy and did what I should have done in the first place: go to Fry’s.

At Fry’s I found a Belkin adapter that was less expensive than the Rocketfish adapter, and better supported. (The Rocketfish website is awful, there’s almost nothing there. No drivers, no real support).

I installed the Belkin adapter successfully but was unable to connect my BlackBerry. I returned to CrackBerry to find out why and found out that BlackBerry Desktop Manager only works with the native Windows drivers. I followed the instructions to register the Belkin adapter with Windows and then uninstalled the third party Broadcom drivers.

When I restarted my computer, the Found New Hardware screen came up. This situation wasn’t addressed in the CrackBerry instructions so I wasn’t sure what to do. I chose Install from a list or specific location (Advanced) and clicked Next. At the next screen I decided to try Option Number Three: Don’t search. I will choose the driver to install. I clicked Next.

To my amazement, Windows detected its own drivers and promptly finished the hardware configuration correctly.

I set my BlackBerry to listen for a Bluetooth connection and initiated the Add Device wizard in Windows. Sure enough, it came up. After creating a passkey, I was able to successfully connect. I then opened BlackBerry Desktop Manager. Thankfully, the Bluetooth options in the Connection Type selector were no longer grayed out. I checked the boxes to use Bluetooth and then Yes when the Desktop Manager asked me if I wanted to connect now.

Then, at long last, I was able to back up my BlackBerry.

Less than forty eight hours I had restored the backup onto the new replacement BlackBerry, plugged in my micro SD card, and I was back in business, with all my data intact. That is, except for applications, which I quickly was able to reload with the help of App World. And I now have a charging cradle to further reduce the wear and tear on my BlackBerry’s USB port. (It charges the battery via the gold contacts on the bottom of the phone).

Moral of the story: Just because someone tells you something is hopeless doesn’t mean it really is. I was able to save my data and save myself from a lot of trouble because I was persistent.

Safari for Windows: it just doesn’t work

When Apple announced it would offer Safari for Windows last June, I was curious to see how the browser would compare to Mozilla Firefox and Internet Explorer…so I downloaded it and tried it out. I was quite surprised to find that the browser functioned like an alpha product. It was buggy, slow, and extremely unpleasant to use. I related this experience to a friend of mine who practically worships Apple (yet chooses to live in Microsoft’s backyard), and I was assured Safari would improve, because it was just the first public beta.

Well, almost seven months later, Safari for Windows is still in “beta” (version 3.04) and it’s just as horrible as the day I first tried it. It boots up slowly, stupidly attempts to mimic the font rendering of its Mac OS X brother, has trouble processing Javascript and can’t open files in protected folders. (It will return the error Safari can’t connect to the server). Apple boasts on its website that Safari is “the fastest web browser on any platform” stating specifically:

Safari loads pages up to 2 times faster than Internet Explorer 7 and up to 1.7 times faster than Firefox 2.

And it executes JavaScript up to 3 times faster than Internet Explorer 7 and up to 2 times faster than Firefox 2.What does all that mean for you? Less time loading pages and more time enjoying them.

This is complete bogus. On my Windows XP SP2 machine, Safari struggles just to render web pages, let alone attempt to best Firefox, Opera, or IE in a speed competition. And it fails to execute Javascript consistently. It’s not in the same ballpark as the many mature browsers available for Windows.

I don’t know how Apple achieved the results it brags about in its own testing environment. Maybe there’s something on my machine that’s interfering with Safari, but I keep my system in good order, and other non-Microsoft browsers (Opera, Firefox) work well. But regardless, Safari’s performance in an Apple testing environment is a useless benchmark for end users. What matters is how well the browser works for the user, and that’s not the measurement the company is using in its marketing.

Even if Safari is improved, I doubt users of other browsers will switch to it. There’s no reason for them to do so. As far as I’m concerned, Mozilla Firefox remains the best browser available – for Windows, Mac, or Linux.

HP MediaSmart Server software and support far from stellar

A couple of weeks ago, after waiting nearly a month, I finally took delivery of HP’s MediaSmart ex475 Server, which I’ve been wanting to try out ever since I heard about it in early 2007.

The system, which is based on Microsoft’s Windows Home Server, comes with a terabyte of storage, a 1.8 GHz processor (an AMD Sempron 64 bit) and 512 MB of RAM. While I’ve found the product to be very useful (centralized data storage, automatic backups, cool add-ins) HP’s software and support has left a lot to be desired.

I had reasonable expectations for the product, and I’ve been mostly happy with it.

What I did not expect, however, was that I would encounter a major error after using the product for only fourteen days.

This morning, while logging in to my Windows Home Server, I was greeted by this error:

Input string was not in a correct format. At system.Number.StringToNumber(String st, NumberStyles options, NumberBuffer & number, NumberFormat.Info.info, Boolean parseDecimal)
At System.Number.ParseInt64(String value, NumberStyles options, NumberFormatInto numfmt)
At HPConfiguration.IniFile.GetLong(String key, Int64 defaultVal)
At MediaSmartUpdate.MediaSmartUpdate.GetiniConfig()
At MediaSmartUpdate.MediaSmartUpdater.GetSettingsValues()
At Microsoft.HomeServer.HomeServerConsoleTab.HPSU. HomeServerSettingsExtender.initializeMembers(IConsoleServices.svc)

The console loaded after I clicked okay, but under “HP MediaSmart Software Updates”, where I’ve previously seen the date of the last update, there were instead six Xs:

MediaSmart Server - HP Update Blanks

It seems the error is a malfunction in HP’s own software, which essentially runs on top of the Windows Home Server platform. The problem seem to be affecting the performance of the operating system, fortunately, but it is certainly annoying.

Thinking I should report the problem, I went to the ex475’s support page, and was surprised to find that email and live chat support for the MediaSmart server are not available:

E-mail HP

Support E-mail not available
» E-mail questions before you buy

So I called HP instead – the only provided option for contacting the company in regards to the ex475. The representative that I spoke with had not heard of the problem, and all he could suggest was doing a server recovery, which would result in losing operating system settings, including user accounts. I suggested that HP take the opportunity to investigate the problem, and he fortunately saw the wisdom in that, so I have sent a copy of the error message to HP.

It’s frustrating, though, that HP’s bundled software should just abruptly stop working. I certainly appreciate not having any bloatware on the system (trial offers, third party products, and the like) but why not just ship a clean version of Windows Home Server on a compact and sleek package of hardware, and let customers download the optional extras (like iTunes synchronization across home PCs, or the photo Webshare) only if they want them?

(There are great alternatives to HP’s offerings – if I want to easily share photos, for example, I could install the Windows Home Server Flickr synchronization plugin, and not bother with the Webshare).

My call to HP was the second time I had called the company about the ex475. The first time I called, I was curious to see if HP could tell me how to get into the desktop of my home server. (The ex475 doesn’t come with any peripherals, and the provided console software doesn’t have any kind of shortcut for desktop access).

After going through two people, including what sounded like someone at an outsourced Indian call center, I was told by the third that my simple question was “outside of his support boundary” and that if I wanted an answer, I would have to pay to talk to a product support specialist. Incredulously, I said no thanks. I managed to configure my router to support a Remote Desktop connection to the server on my own. I was able to run the .exe installer for Avast! Windows Home Server edition. (As far as I know, Avast! is the only vendor to be offering a security solution specifically for WHS).

There was of course nothing in the product’s manual that relates to the error I saw, although when I was flipping through, I noticed that HP had failed to properly proof the document before sending it to the printer. Take a look at this excerpt, Table 15 from the “Troubleshooting Tips for DRM” section of the manual:

Question/Issue: Why can I play and stream DRM content [from] my home computer but I can not stream it from my HP MediaSmart Server?

Answer/Resolution: The HP MediaSmart Server includes a media server for streaming iTunes music to PCs running iTunes through[out] the hous. See the section in the User’s Guide on iTunes.

For Windows Media DRM (WMDRM) content (protected .wma music and .wmv videos) the HP MediaSmart server does not support streaming of this content to DMAs at this time [do we want the “at this time”? we will support it after the February update; should we say that?]. Playing (and streaming) of WMDRM protected content requires that the device that is playing the content have a license for that content. When you downloaded the content to your PC, you also received a license to play that content on the PC. If you copy the files to the HP MediaSmart Server, you cannot copy or transfer the license to the server. The server must obtain its own license, and we do not provide for this feature in the current product.

As you can see from the bolded sentence in brackets above – which appears verbatim in the table! – somebody at HP forgot to remove a comment from the draft out of the copy that was sent to the printer. Oops. Pretty funny, too.

Perhaps more importantly, the paragraph above shows one of the fundamental flaws of digital restrictions management (DRM) – crippling a user’s freedom to move and back up their own legally acquired content (like a music library). HP’s MediaSmart Server cannot (yet) play or stream .wmas for people who have faithfully followed the encouragement of Microsoft and the RIAA and paid money for crippled digital music. You’re punished if you do what the record industry executives want you to do…funny how that works. I’m glad my music is DRM free.

Bottom line: if you’re thinking about spending several hundred bucks on a MediaSmart server, you want might want to consider another product preinstalled with the Windows Home Server OS, because HP’s MediaSmart Server software and its technical support have a good likelihood of giving you a headache, unless you’re really patient and enjoy solving computer problems.