Is Windows 7 the Last Microsoft PC OS?

The Technology Review has an interesting guest blog post by Robert X. Cringely on the future outlook for Microsoft’s operating system business.  Cringely has been covering the PC business, as a journalist and author, for many years; he wrote a regular column for InfoWorld magazine, wrote and hosted several PBS documentaries on technology, and is the author of the book, Accidental Empires: How the Boys of Silicon Valley Make Their Millions, Battle Foreign Competition, and Still Can’t Get a Date.  I’ve read his work since the late 1990s, and have always found his ideas thought-provoking, though I have not always agreed with them.

His latest idea, expressed in this essay, is that Windows 7 may be the last “traditional” PC operating system that Microsoft releases.  The reason is simple: there is basically no more growth in the traditional desktop PC market in the developed world.

Microsoft, the largest and richest software company in the world, has to play catch-up in the exploding mobile device market presently dominated by Google’s Android operating system and Apple’s iOS for iPhones and iPads.  …  PC sales in the developed world are declining while smart phone and tablet computer sales—particularly for Apple—have been exploding.

As Cringely points out, although Microsoft has sold some 350 million Windows 7 licenses since the system was introduced, most of these have been  for replacement PCs, not for new users.  Microsoft’s smartphone operating system, Windows Phone 7 , has not been a huge success in the market.

Windows Phone 7, Microsoft’s current mobile operating system, ranked a dismal fifth at the end of 2010, with 4.7 percent market share, according to the research firm Gartner.

Windows Phone 7 has also had a number of  problems in handling software updates since earlier this year

Based on hints he has gleaned from two leaked alpha versions of Windows 8 code (as it is being called in the absence of a formal name from Microsoft), Cringely thinks that Microsoft will try to make that next version of Windows one that will work across a wide range of devices, from traditional desktop PCs. to smartphones, tablets, and other mobile gadgets.  Microsoft has also entered into an alliance with Nokia, the Finnish mobile phone manufacturer, to supply Windows operating systems for Nokia’s phones, replacing the Symbian system originally developed by Nokia.  Nokia has been losing market share, and Microsoft’s effort to buy market share via an exclusive deal, though consistent with its past practice in the PC market, may not work.

Microsoft, in turn, is accepting financial responsibility for Nokia’s software development, buying what it hopes will be big market share in the process. To be a major player in the mobile transition, Microsoft has to be the number one or two player rather than a distant fifth.

I have written here a couple of times before about some of the problems that Microsoft has had in the mobile device market, even though they have been trying to promote tablet computers for years.   Though they have not advertised the fact, for obvious reasons, Microsoft has been trying to “slim down” Windows for several years, with mixed results.  This is a critical issue in the mobile device market, where modest hardware requirements and battery life are of great importance.    There is also some question about the suitability of the Windows GUI interface to a mobile device.

Technology transitions are always a time of opportunity for new market players, and a time of risk for established firms.  It will be interesting to see how this all unfolds.

Mozilla Updates Thunderbird to 3.1.10

In addition to the Firefox release I mentioned in the previous post, Mozilla has also released a new version, 3.1.10, of its Thunderbird E-mail client, for all platforms (Mac OS X, Linux, and Windows).   This release includes fixes for several security and stability bugs; more information is in the Release Notes.

You can get the new version using the built-in update mechanism (Help -> Check for Updates); alternatively, you can download an installation package (in a variety of natural languages) here.   Because of the security fixes included, I recommend installing the new version as soon as you  conveniently can.

Mozilla Releases Firefox 4.0.1

Mozilla has released a new version, 4.0.1, of its Firefox Web browser for Mac OS X, Linux, and Windows.  The new version fixes some bugs that affected the browser’s stability; it also fixes two serious security vulnerabilities.  More information about the changes is available in the Release Notes.

Because of the security fixes in this release, I recommend that you update as soon as you conveniently can.  You can get the new version via the built-in update mechanism (Help -> About Mozilla Firefox -> Check for Updates), or you can download an installation package here.

For those users who are still running Firefox 3.6.x, Mozilla has also released a new version 3.6.17 with security and stability updates, which is available here.  Since Mozilla intends to discontinue support for the 3.6.x browsers later this year, I do encourage you to update to version 4 as soon as you can.

Google Releases Chrome 11

Google has released a new major version, 11·0·696·57, of its Chrome Web browser, for all platforms (Windows, Linux, Mac OS X, and Chrome Frame).  The most significant change in this version is the inclusion of speech input via HTML.  The new version also fixes 27 identified security vulnerabilities.  More detail is available in the release announcement on the Chrome Releases blog.   The Google Chrome Blog has an article on the new speech input capability, including an example of its use for language translation.

Because of its security content, I recommend installing this update as soon as you conveniently can. Windows users can obtain the new version via the built-in update mechanism (Help / About Google Chrome).  Linux users should be able to get the new version using standard package update tools (e.g., apt-get, synaptic).

Eruption Disruption, Revisited

It was just about a year ago that the Eyjafjallajokull volcano in Iceland erupted, leading to the widespread disruption of air traffic in Europe.  Because of concerns that airborne volcanic ash might damage jet engines, most air routes in and through Europe were shut down for several days.  Naturally, airlines and other travel companies were not best pleased, since they stood to lose large amounts of revenue.  There was some suggestion that the blanket restrictions on air travel were too sweeping, but there was not much hard evidence presented either way.

The New Scientist site has an article reporting on some new research [abstract], published in the Proceedings of the National Academy of Sciences,  that suggests that there actually was cause for considerable concern.   (This is not to say that the original decision was based on the kind of evidence presented in the paper.)  A group of researchers from the University of Iceland and the University of Copenhagen found that the ash from this eruption was unusually fine, and unusually sharp-edged.

They found that ash released in the first few days of the eruption contained unusually high levels of particles smaller than 300 micrometres across. These particles are most likely to become trapped in jet engines and melt, causing the engines to stall. The particles were also hard and sharp, making them more likely to sandblast aircraft windows, obscuring pilots’ view.

Perhaps the most useful product of the research is a set of testing protocols and methods that can be carried out as an eruption occurs.   Using such a methodology would potentially allow regulatory authorities, equipped with a more up-to-date and higher resolution analysis, to tailor flight restrictions so that areas with dangerous amounts of ash could be avoided, while still allowing travel via safer routes.

Hidden in Plain Sight

From time to time, I’ve talked about looking after the security of data stored on portable devices (like laptops), and have suggested that disk encryption is one tool that can help with this.  Encryption, though, is no panacea for security problems.  Judging by the track records of numerous vendors, encryption is easier to get wrong than to get right; and even when encryption  is done correctly, the data may still be vulnerable to  attacks like the Evil Housekeeper.

Another problem with encryption comes up when one wants not only to conceal the content of the data, but also its existence.  (Consider, for example, the situation of a dissident in a country with an extremely repressive regime.)  It is not difficult to draw a fairly strong inference that an encrypted file is present, because encrypted files typically exhibit much higher entropy than normal files (that is, the sequence of bits in an encrypted file appears “more random” than that in,say, a text file).  Once the authorities conclude that there is encrypted data present, they may be able to resort to measures, legal or otherwise, to obtain the decryption keys.  In some countries, just using encryption may be illegal.

The most common technique for resolving this problem is steganography, meaning concealed writing. A message written in invisible ink, between the lines of an innocuous letter, is a classic example. Another steganographic technique is to embed the bits of a message in the pixel data for an image.  The idea is that, unless someone knows exactly where to look, the presence of a message is unlikely to be noticed.  (The idea of hiding something in plain sight is far from a new one, of course.  It was the central plot device in Poe’s The Purloined Letter, for example.)

The New Scientist has an article about a clever new steganographic method, described in a paper [PDF download available] by four researchers from the US and Pakistan.  The authors have  developed a method of encoding a message that requires no extra data to be stored.

Their technique exploits the way hard drives store file data in numerous small chunks, called clusters. The operating system stores these clusters all over the disc, wherever there is free space between fragments of other files.

The paper discusses implementation of the idea in a FAT file system (the filesystem used by MS-DOS and still usable by Windows and Linux machines, at least), but it can potentially be used with other filesystem types.

Here is a very simple example of the technique.  Suppose we have a message to be hidden that is N bits long.  We also have an innocuous “cover file” which occupies at least N disk clusters.  We find a block of free space on the device that is at least N clusters in length, beginning with an even cluster number if the first bit of the message is 0, and an odd number if the first is 1.  The first cluster of the cover file is written to that cluster.   For the subsequent clusters:

If the next bit in the message is the same as the previous bit, write the next cluster of the cover file in the next sequential cluster; otherwise, skip one cluster, and then write the next cluster of the cover file.

The recipient, who knows the name of the cover file, can then extract the hidden message by looking at the list of cluster allocated to the file.

Different types of files will vary in their suitability as cover files; the more “natural” fragmentation, the better.  The paper describes some statistics gleaned from an actual sample of disk drives (from Windows systems).  As one might expect, files that are generally written all at once, such as executables (.exe) or libraries (.dll or .lib) tend to have relatively few fragments; files like log files tend to have many more fragments, so are potentially better as cover files. Anyone who wants to use the technique will want to study the space allocation algorithms of the filesystem in use, as well.  The paper contains some additional suggestions for variations on the basic technique to adapt it to different environments.

This is an ingenious idea, because it doesn’t write any extra data to the device, providing what the authors call “plausible deniability” that there is anything there at all.  A drawback of the technique is that sending a message requires sending either the physical device, or a disk image copy, to the recipient.  In some circumstances, those actions might in themselves arouse suspicion.  Nonetheless, it’s a potentially useful tool, and another step in the ongoing arms race between those who want to keep secrets, and those who want to uncover them.