Author Archives: Darren

Fixing a component install error in Visual Studio Community 2017 (hint: It’s really easy)

I recently noticed in the notification window of Visual Studio Community ’17 that there were some Azure-related updates available. Normally these updates lead to an uneventful experience in which I approve the updates, VS takes a loooong time to download install said updates, then everything moves forward as planned. This time, however, was slightly different so I thought I’d bring you all on my journey of discovery and illustrate why Visual Studio’s attempt to help me figure out what went wrong was so unhelpful. Even so, it’s an easy fix that I’m guessing many of you could figure out anyway. Indeed, my approach takes the slightly longer way round.

The story begins with the update notifications. This is a very common thing to happen with this particular Integrated Development Environment (IDE), and now that I think about it, I can’t recall a time there weren’t updates to be had. Anyway, as I mentioned they’re normally uneventful, and these two were for components I don’t use too terribly much – Azure Data Lake and Stream Analytics Tools, and Azure Functions and Web Jobs Tools. The former are tools to aid and assist with the streaming, gathering, and analysis of the massive amounts of data gathered from IoT connected devices, and that is an area in which I have significant interest, so these tools will be useful for me soon (I hope). Azure Functions and Web Jobs Tools are of less interest to me, but I can’t have an incomplete update hanging in the air above me. So, without thinking too much about it I clicked the notification, clicked on [Update], and went about my business.

No problem

No problem

As expected, the process began without much of a hitch.

Good so far

Good so far

Still good

Still good

I should mention that when it comes to Visual Studio, you don’t ‘update’ or ‘patch,’ you instead ‘Modify.’ All just a big semantics issue. Anyway, although things had gone well up to this point, that was about to change.

Uh Oh

Uh Oh

So the Data Lake and Stream Analytics tools installed fine, but the functions and Web Jobs tools was another story. I don’t even need those, and I probably should have let it go, but I just couldn’t. That red X would have haunted my dreams.

The obvious next step was to check the install log, as the Installer so helpfully suggested. Speaking of the installer, and if you’re interested, VSIX is a method of deploying updates to Visual Studio, and does so in the right place with the right components and so on. It’s a compressed file, and you can even rename a VSIX file to .zip and extract it. Just wanted to get that out of the way.

I clicked on “View Install Log,’ and the result was a log that was a breezy 865 lines long, and mainly, but not entirely, comprised of stuff that looked like this:

Thanks for the help, install log

Thanks for the help, install log

This log punches you in the gut twice, because A) You have to find the part that identifies the problem in those 800+ lines all on your own, and B) the part that identified this particular problem was all the way at the very end. Luckily, ctrl-F helped out significantly here.

There you are

There you are

Luckily, I knew, or at least suspected, that from here it would be easy. That the update task didn’t exist and the setup instance was not in a launchable state indicated to me that there was a disagreement between the installer and Visual Studio, and not that some fatal, unrecoverable error had happened. Fortunately, my suspicions turned out to be correct and it was really easy to fix. In fact, I could have just done it from within Visual Studio, but this is more illustrative. At least I think it is. Maybe it’s not.

I didn’t even need to go full control panel on it. I simply went in to the apps section of settings, scrolled down to Visual Studio, and selected ‘Modify.’

That brought up the Modification window with the ‘Workloads’ tab highlighted, but we want ‘Individual Components.’

Workload tab in modification window

Workload tab in modification window

Individual Components tab in modification window

Individual Components tab in modification window

You’ll notice that ‘Microsoft Azure WebJobs Tools’ isn’t highlighted, so easy fix. That’s also the reason I mentioned earlier that it could easily be repaired from within VS itself. Clicking that checkbox caused almost all the other checkboxes to become selected, and after clicking [Modify] there in the lower right-hand corner, the long, slow update process began anew!

It was at zero percent for a long time, but that’s normal for Visual Studio. Its updates are never a quick thing. After it chugged along for a while, success!

Success!

Success!

Remember, I don’t actually need these components, but I was not going to let the VSIX installer win, and now I could raise my head in triumph. Plus, I can experience – for a brief moment anyway, if I know Visual Studio – the blissful Zen of the empty notifications window.

Ahh...

Ahh…

When it comes to a failed component update, I have seen others suggest uninstalling and reinstalling Visual Studio, clearing caches, even making changes to the registry! I have never needed to do any of that for any kind of installation or update hiccup. I don’t know why people think that, especially when a straight repair or modify, as shown here, always works. This is not an advanced technique or a hidden trick Microsoft doesn’t want you to know about; it’s a standard, Occam’s Razor approach that should always be the first line of defense and action for this kind of thing.

If this helps anyone out there avoid all those unnecessary machinations, then I’ve done my part.

How to kill windows tasks, even those that just won’t die

I recently created a video that shows how to kill tasks via the command line, and if that doesn’t work, how to kill them via Process Explorer, and if that doesn’t work how to disable them using the Services window. It’s embedded just below, but if you’re not in a video mood, fear not! I have summed up its contents, although the video shows you the steps and comes complete with witty commentary.

If you’re running Windows, any version of Windows, you know there are what seems like thousands of things going on in the background. All you have to do is bring up the Task Manager ([Ctrl]-[Shift]-[Esc], or the well-known [Ctrl]-[Alt]-[Delete] if you’re old-school and enjoy the extra steps) and you’ll come face-to-face with the process party happening inside your machine.

Task Manager - Hello, running tasks!

Task Manager – Hello, running tasks!

As you may also know, each of those running tasks requires some of your machine’s resources; sometimes a little, sometimes a lot, and you can see in Task Manager how much of each resource each process is using. If the process is something you don’t use or don’t need, then it’s not a bad idea to stop the process and recover whatever amount of system resources it’s hogging to itself, and it even turns out that while taking the above screenshot I happened to notice Windows’ Photo App, Movies & TV app, and Messaging app were taking up a lot, so away they went! Right-clicking brings up a menu that allows you to ‘End Task.’

But that’s also where an insidious problem lies. Sometimes, when you right click and select End Task, the task just doesn’t end. This can manifest in a couple of ways: The task may continue to run, mocking and taunting you to click End Task again, reveling in your failure to stop it. It might stop for a moment, only to reappear a second later, better, stronger, faster (not really better or stronger or faster, but it will reappear).

This even happens when using the command line to kill tasks. Normally this is done by listing the running tasks using tasklist, then, once the Process ID (PID) is known, using taskkill /PID actualPID, however even here that doesn’t guarantee a termination, with a similarly mocking response from your system.

Damn

Damn

Why does that happen? The main but not necessarily only reason is that it is actually part of a complex hierarchy of tasks that prevent it from being shut down. Either it is a child spawned from a parent process and upon being stopped, the parent just restarts it, or it’s a parent process that can’t be terminated because we can’t have orphaned tasks.

To determine which of these is the case, I am a big fan of Process Explorer, part of Microsoft’s SysInternals software suite that helps maintain and monitor Windows. If you click on the link, you can see in the left-hand sidebar the other packages available; They’re quite comprehensive.

Process explorer shows you everything that is going on, how many resources are being used by each process including specific and shared memory, the Process ID (PID), the name of the company that developed the software, it color codes by category, it’s a great program that shows a lot and really gives an idea of not just what is going on but how it all relates.

Process Explorer

Process Explorer

You can see that some processes are child processes and some are parent processes and whether you can or can’t kill a process is very dependent on the nature of that hierarchy. Trying to stop a task even here will prove futile as the hierarchy is the same. Interestingly, in Task Manager right clicking gives the option to End Task, while in Process Explorer it gives the option to Kill Task. Hmm. The deeper we go, the more violent we get.

Ultimately, if you really want a process to not run, you should first make sure it’s not something you need. Google, even Bing, is your friend. If you are certain the process is just leeching resources, then you’ll have to go into services.msc, which you can run by typing it in to the search bar there by the start menu, and disable the service by right-clicking the service and selecting Properties, then Startup Type. Don’t set it to Automatic, obviously, or even Automatic Delayed Start, but also don’t set it to Manual, because then it will just start up again if the system decides it’s needed. Be sure to set it to Disabled.

Services.msc

Services.msc

Set Startup Type to 'Disabled'

Set Startup Type to ‘Disabled’

That will stop the process from starting up, even if the system thinks it should. Remember, though, that if you *do* end up needing the service, you’ll have to go back into Services.msc and start it up yourself again, as this shuts it down completely. And I have to say it again: be careful about disabling processes. If you disable one that you need, or worse, the system needs, you may find your device acting very strangely, or in a worst-case scenario, software or even hardware not working at all. Even if you don’t disable anything, this is a good way and a good opportunity to learn what your system is actually doing.

Russian botnet master nabbed in Spain, extradited to US

This is a story that has been ongoing for some time. Pyotr Levashov, a well-known and well-established Russian cybercriminal who was arrested in April of last year (2017 if you’re reading this in the distant future – welcome alien overlords!) while vacationing in Spain, has finally been extradited to the U.S. Apparently cybercriminaling does pay well sometimes. The arrest was based on a formal U.S. Department of Justice indictment against him for, among other things, operating the Kelihos Botnet, a long-running, expansive, global botnet that bombarded the world with all kinds of spam for nonsense like get-rich-quick schemes and enhancement medications; if you’re interested, and you should be, you can read the DOJ press release about the indictment and the actual search warrant that allowed for their infiltration of the botnet.

Before we continue, let’s talk about what a botnet is. When malware, or bad software (get it? Mal ware?), is surreptitiously installed on your machine, either through a drive-by attack in which it’s embedded in a Flash ad, or you click on a link or file from a rogue email, or one of many other attack vectors, it will use your machine to carry out tasks without your permission, involvement, or even knowledge. And just to be sure, those tasks it’s carrying out are bad. It can use your machine to send spam, participate in DDoS attacks, store harmful or illegal files, and many other unethical / criminal activities, all without you ever being privy to what’s going on. When that happens, your machine is what’s known as a zombie computer, or more commonly, a bot. Now, imagine hundreds of thousands of these infected machines all acting in unison, for a common goal or under a central control authority. That’s a botnet. Here’s an effective graphic from Reuters that illustrates the architecture of a botnet.

Typical botnet architecture (Source: Reuters)

Typical botnet architecture (Source: Reuters)

I wanted to embed an interactive map from Arbor Networks that shows real time attacks happening right now, and provides historical data, but their embed code which uses iframes doesn’t work on WordPress. I find it strange a security firm would still be supplying iframe embed codes, but who am I to judge? No matter; there are other sites that provide similar information using their own honeypot networks, such as Kaspersky’s real-time threat map and the well-known Norsecorp map. Actually, I had intended to use Norsecorp’s IPViking map, however it is now run under HP’s banner, although powered by Norse, and I simply couldn’t get it to work in any browser. Their map linked above works beautifully, though.

Kaspersky's Threat Map

Kaspersky’s Threat Map

Norsecorp's Threat Map

Norsecorp’s Threat Map

There are several interesting facets to this case: The first is, this guy has been around a long time and was one of the bad actors behind the Storm botnet that first manifested all the way back in 2007. That botnet was eventually dismantled by the combined efforts of Microsoft, malware firms, and the feds, a partnership and collaboration that continues to this day. We’ll come back to this particular botnet soon, because the architecture of these things is going to become important.

By soon, I mean right now! Another interesting aspect to this case is that the botnet was very sophisticated. It used a hybrid structure that is unusual for this kind of thing. Botnets are typically peer-to-peer, in which all the infected machines communicate with each other to coordinate and carry out their nefarious activities, or they use what’s known as a C&C, or Command and Control server, that oversees the whole thing and controls the botnet form a more centralized location. That allows better control and oversight of the bots.

Kelihos, however, was a hybrid, in which there was a C&C server, but there was also a peer-to-peer aspect as there was some autonomy in the architecture that allowed the bots to continuously update among themselves a list of secondary control servers to which they would report, and those would be directly overseen by the main C&C. This is in direct contrast to the Storm botnet mentioned earlier, which was pure peer to peer. A hybrid network also allows for rapid updates to, and distribution of, associated malware.

That leads to the next neat(?) thing about the botnet: It was aggressively and frequently updated. In fact, when a live sinkholing, in which the bots are redirected to to different targets that can then help track the bots or even deactivate them, took place at a 2013 RSA security conference, a new version of the botnet rapidly took its place which indicated that the creators were prepared for just such an emergency and had pre-planned a contingency.

And this was not just a spamming botnet. Along with pushing spam of both the email and desktop pop-up kind, it also stole bitcoin and targeted banks and other large industry outlets with industry specific malware that could rake in millions of dollars while running undetected. For botnet software, this had a wide range of functionalities, both general and specific, although for all it could do it was not hard to track.

The next interesting aspect of this case is Russia fought vigorously against Levashov’s extradition. Not by attempting to block it, but rather by filing an extradition request of their own based on crimes they say he committed in Russia itself. A smart move, regardless of whether the Russian charges are true or an attempt to protect one of their own, that is a clever way of approaching it. It didn’t work, ultimately, and Levashov is now in U.S. custody, but it was an interesting tactic to counter the original extradition request. Not only that, it has happened before.

A really interesting story all the way around, and I’m curious to see how it concludes. In the meantime, be careful, ensure your OS is up to date and fully patched, be sure you are running up-to-date anti-virus and anti-malware protection, try not to visit questionable sites, don’t activate or respond to emails from unknown sources, use an ad-blocker (uBlock Origin is my preferred choice, and I have no connection to them; purely my own opinion), and just generally practice safe computing.

OpenOffice Writer: Good, better, but not yet great

OpenOffice Logo

People are always looking for a free alternative to costly productivity software, and never has that been more true than with Microsoft’s Office Suite. While they now have their subscription-based, $99/year Office365 Software as a Service offering, it used to be that regular updates to Office could cost hundreds of dollars, especially if you were including Access in the package. People didn’t like the repeated substantial costs associated with new versions of software, and that was not a sentiment limited to Microsoft.

The thing is, while free options, substitutes, are often available, they are also often simply not as good as the software they’re attempting to replace. Consider GIMP (GNU Image Manipulation program).  Intended to be a free option for those who don’t want to purchase Photoshop, as well as for those who would like to experiment with image manipulation and the like, it’s also much more cumbersome to use. Not that Photoshop is easy, but in terms of usability GIMP isn’t an ideal. Simply drawing a straight line is a process, dragging handles is awkward, finding the right tool dock can be confusing, and if you’re just experimenting with it to get a taste of what image manipulation software is like, that taste will be bitter. Even the name itself is difficult, with GIMP being an acronym for “GNU Image Manipulation Program,” and GNU itself being the awkward acronym “GNU’s Not Linux.” It used to be the General Image Manipulation Program, and I’m not actually sure when the name change took place.

Not that isn’t effective – it is. In fact, I often use it myself for the images on this very site that require some touchup, such as adding text or combining multiple images into one or adding illustrations to name a few, and I even have an academic license for Photoshop! Quick and dirty manipulations are easier with GIMP, but as a functional, full-featured piece of software it’s functionality, not so much usability, that drives the development of GIMP. For very simple things like batch resizing / converting, pixeling out info, or cropping, I just use the IrfanView image viewer, which is much more effective and easy to use for that type of thing. But not adding text. it’s terrible for that.

This is how GIMP starts up on my machine

This is how GIMP starts up on my machine

So why do I mention all of this? A friend who recently lost her job needed to get her resume updated and out to potential employers fast. However, as she doesn’t make boatloads of money she had an older laptop and no Microsoft Office installed or available to her. She was trying to edit said resume in a reader, not realizing it doesn’t work like that, and without having the finances to acquire Office, she asked me for help.

My first bit of advice was to use Zoho online, a remarkably feature-packed online office suite that deserves its own, dedicated post, so I will add a followup soon with screenshots, samples and impressions.  The problem is, they don’t offer a locally-installed solution and she doesn’t have Internet access, so that solution was out. I then suggested OpenOffice, a free Office alternative that has been around for a long time, and that I hadn’t tried out in years and years. I guess I should refer to it by its proper name, Apache OpenOffice, as the original OpenOffice, originally developed by a company called StarDivision, which was acquired by Sun, which was acquired by Oracle, no longer exists. Did you follow all that? It’s like a software soap opera. Anyway, OpenOffice was turned over to the Apache Foundation, which is dedicated to community-built open-sourced projects, and it has a staggering number of them.  Their web server is, and has been for a long time, the most widely-used web-server on earth.

When I last used OpenOffice, long before it was taken over by the Apache Foundation, it was bad. This would have been back in the late 90s, and even then it couldn’t hold a candle to Office. The icons were unintuitive, the functionality limited, the compatibility wonky, it just wasn’t a good alternative. I’m glad to say that after twenty years it’s better than it was, it’s good, but it’s still not great and has one glaring flaw that really holds it back.

First, the good: The interface is much closer to what one would expect from a standard word processor. You can see in the image below the standard toolbar, which is also replicated in the ‘Properties’ dialog located in the sidebar. While the icons are much better, meaning much more standardized, the duplication of them across the top and side can cause issues. Functional and graphical replication is poor interface design, one you often see on webpages. And while the icons are generally much better, they’re not completely standardized. The top menu, however, uses the standard “File | Edit | View | etc.” menu with expected submenus under each entry (see ‘text boundaries’ image at end of post). You can also see in the below image(s) the icon for ‘Properties,’ one of four down the far right side, is a green and blue cube, bespoke for this program, while underneath it are the icons for ‘Styles,’ ‘Gallery,’ and ‘Navigator,’ which is ultimately used to move through the document itself via various elements. All of these are unique in function and design to OpenOffice.

Open Office Properties

OpenOffice Properties

Open Office Styles

OpenOffice Styles

Open Office Gallery

OpenOffice Gallery

Open Office Navigator

OpenOffice Navigator

It also has an extensive array of settings that covers every aspect of the program you could hope for, even how you allocate memory and VBA integration.

OpenOffice Settings

OpenOffice Settings

Using a sample resume I downloaded from the Internet, I tested how well it handled inserting elements, specifically an image and a table. This is something that can even trip up Word itself, but I am happy to say it handled both swimmingly, accurately integrating, aligning and formatting both with ease. The text adapted to any changes in size or position easily and the results were always pleasing. It also pops up a task-relevant toolbar to help further with fine tuning or further formatting the element being inserted.

OpenOffice Insert Picture

OpenOffice Insert Picture

OpenOffice Insert Table

OpenOffice Insert Table

Again, after insertion both of them were easy to adjust and format, and the rest of the document was very responsive to those changes. While this post doesn’t cover all you can do with Writer (you can imagine how long a post covering everything you can do in Word would be, and it’s the same here), you can get an idea from the images, specifically the ‘Navigator’ image included above.

I’m also not a big fan of the text boundaries that are shown by default; they make the whole document look as though it is too small on the page. I get that they are trying to illustrate the margins as well as provide a quick and dirty print preview, but ultimately I find them distracting. Fortunately, they can be turned off completely (which makes it look more like Word, and the familiarity is welcome).

OpenOffice Text Boundaries

OpenOffice Text Boundaries

The two big problems with OpenOffice are, unfortunately, major issues that prevent me from recommending it completely, especially as there are other programs and online options that don’t have these concerns.

The first is an issue primarily if you are importing a .docx (Word 2007 – present) file to work on a document. If you create your document from scratch in OpenOffice, it works quite well and is feature rich enough to complete even if you are doing fancy stuff. On the other hand, if you’re importing in Word’s latest format, forget it – processing hidden Word formatting codes is not Writer’s forte. Writer will destroy enough of the formating that fixing it is not worth the effort, and copy – pasting without formatting and re-formatting is likely, but not always, the only viable option. Even so, the common outcome is that no amount of tweaking will right the formatting ship: You can recenter and re-format and unbullet and rebullet and tab all over the place all you like, but it will never get back to the way it was; it will simply not play nice with undoing damage from an import.

Building on that is the most glaring issue of all: Writer simply doesn’t recognize the .docx extension. You can’t save using that extension, only .doc, a format that hasn’t been used for about ten years. Writer has its own format, .odt, that is unique enough that trying to go the other way, and opening a Writer file in Word will also yield unfortunate formatting issues. Other alternatives like the aforementioned Zoho handle them easily, but not OpenOffice. In fact, when creating a new document in Writer, it asks if you want to create a new Text document, which in Windows or Mac has a specific meaning, and it’s not a fully formatted, functional, professional document.

OpenOffice Save As

OpenOffice Save As

This post only covered OpenOffice’s word processor, Writer, although the other applications exhibit similar behaviors and limitations. They work well if you are working solely within OpenOffice, but not if importing or exporting.

I want to see OpenOffice succeed, especially under the Apache umbrella, but as of now I simply can’t recommend it as it is. That’s distressing, since I haven’t been able to ever recommend it over the last twenty years, although it’s always been very, very close. It works well on its own and with its sister programs, and has incredible potential, but the fact is it doesn’t play well with others, and until it does it simply won’t be a viable alternative.

And now it’s Opera’s turn

Opera logo

In a recent post, I lauded the new release of Firefox, known as Firefox Quantum, or Firefox 57.0 if you’re in to numbers. The release introduced new features and fixed many issues that have plagued it, in some cases, for years (memory leaks, I’m looking at you). One of the things I really appreciated was the ability to take a full-page screenshot that would capture the whole page, regardless of how much of it was off-screen. For someone like me who uses screenshots in class and on this blog frequently, it’s a godsend.

Having said all that, I also mentioned right at the beginning of that linked post that I’m an Opera guy even though the new Firefox has really narrowed the gap, and since Opera just released version 50.0 with some features of note, I thought it would be only prudent to mention a couple of them here. It won’t get the same coverage as Firefox because it’s not as significant of an upgrade.

Indeed, I’m only going to mention a couple of its features: full-page PDF capture and anti-Bitcoin mining technology.

As I mentioned, Firefox allows for a full-page screencap of a webpage, even if you can’t see it all in the browser window, and the cap is then saved as a .jpg image. As I mentioned, since I use screenshots extensively in my classes and on this very site, that’s invaluable. Now, Opera has the ability to do the same thing except it captures the page as a pdf. It works perfectly, I’ve had no trouble at all, and I can see how it would be useful, especially as opposed to a .jpg. If you wanted a hardcopy version of a recipe, or a series of lessons, or set of instructions then it’s ideal. If you wanted to have a permanent copy of a webpage, or send a copy of it that could be used at a meeting or for whatever reason can’t send a link then it would be very useful there as well, as it would certainly be easier to read then an image. I’m quite impressed with its functionality, and it offers a nice other option alongside Firefox’s full-page .jpg image capture. Both options are fantastic, work flawlessly, and definitely have their own specific use cases. The image below shows a multiple-page post from this site that was saved as a pdf and how it appears; it’s exactly like reading the site itself, but without links. I should also add that Firefox has an advanced ability to select page regions for capture and editing features, a feature not shared by Opera.

Reading a full, multiple-page post as a pdf

Reading a full, multiple-page post as a pdf

The other interesting feature Opera has developed is anti-Bitcoin mining technology. Bitcoins are obviously all the rage, and whether that’s because of the nature of buzzwords or legitimate hype, mining them (a topic far beyond the scope of this post but you can read about at this obvious site) requires extensive use of a PCs resources, somewhere in the neighborhood of one hundred percent, and while smart people will simply build dedicated machines for the task, other smart but misguided people instead want to use yours, and will hijack it through scripts to do so. The obvious downside is that your machine will slow to a crawl and use up insane amounts of power while it tries to mine Bitcoin for someone else. Never fear though, Opera to the rescue. According to their blog, simply turning on their built-in adblocker – another nice feature by the way along with their built-in VPN – will prevent drive-by Bitcoin-mining hijackers.

By the way, I say Bitcoin as a proprietary eponym, like Q-tip or Kleenex, however it’s any type of cryptocurrency mining that gets blocked, and Bitcoin is hardly the only one out there. I should just start saying cryptocurrency as it’s the better, general term, and I’m sure someday I will. Just know that there are many viable brands of this digital currency, but that’s a post for a later time.

So the eternal tug-of-war between Opera and Firefox continues, at least for me, and I couldn’t be happier. I’m thrilled at the way they’ve developed and hope they both keep pushing browsers forward.

Intel processors revealed to have major flaw, only addressable by OS updates

Intel

UPDATE: I’ve been trying to find out more, but Intel is now claiming it has a fix for the vulnerabilities affecting its chips that it will be rolling out by the end of next week. Details are slim, and I will hold off final judgment of course, but I’ll be surprised if it’s completely effective; these microcode patches can be tricky – it’s not a straight firmware update as it impacts the fundamental operation of the CPU. Additionally, it appears the fixes only address the last five year’s worth of processors. Better than nothing if it works.

Original post follows:

This is bad. It has been announced that Intel processors going back approximately ten years have a major flaw in how they separate the system and software. The details have not been released, but the general idea of the problem is already understood for the most part. To give a very high-level overview of what is going on and the impact of how it needs to be addressed, there is a component of every operating system known as a kernel, that separates the hardware from the software. When a program needs to open a port or save a file to disk or access a printer, or utilize hardware in any other way, it hands off that request to the kernel using what’s known as a system call, and the kernel completes the request (user mode to system mode). The catch is, the kernel is hidden from the program, even distributed in various memory locations to further hide it so that it can’t be exploited by malicious actors; it has to be loaded at system boot, however, in order for programs to use it.

Intel processors, though, use a kind of predictive processing, similar to client side prediction in games, in which a guess is made as to what will most likely happen next. In the case of Intel processors, they try to guess what code will be run next and load it up in the queue, however they apparently do this without any security procedures. The kernel is kept separate because it can contain confidential information such as passwords (which is why you can’t even get your own passwords back and there is no way to recover them if lost), however if the CPU provides no security check when loading up predictive code, it could, theoretically, run code that would ordinarily be blocked, which could then give savvy attackers access to low-level system processes and data.

But wait, there’s more bad news! Because this can’t be fixed with a firmware update or anything similar, OSs have to be written to address the problem. Linux, Windows, and OSX will all require updates that relocate the kernel in memory. Normally, it’s available to each program in their own process, but that will no longer be the case, and having to go back and forth between user mode and system mode in this manner will incur a possibly-significant performance hit on a PC after these updates, estimated by some to be as high as 30 percent.

Again, the details aren’t yet fully known, and the impact isn’t either, but if proven true it could be the worst design flaw I have ever seen. I’ll update when more is known.

Almost all HP laptops have a dormant keylogger

HP security

If you have an HP laptop like me, you’ll want to read this. For the second time this year, it turns out that (almost) all HP laptops have a deactivated keylogger hidden in their innards. Before, it was a component of the Conexant audio driver and was actually logging keystrokes, while this time it is part of a debugging component for the Synaptics TouchPad software, something most laptops – not just HP – have, so you might want to take a look or inquire with your manufacturer anyway. HP even states on their patch site, linked below, that the driver affects all Synaptics OEM partners, which means there will be a lot more than just HP laptops affected.

While the keylogger is not activated by default, it could be if someone has administrator privileges and knows which specific registry key to edit, a task that is itself no small matter, as anyone who has done registry edits will know. Interestingly, in an odd take on the situation, some in the security field have noted that if someone has administrator access to a machine, they won’t need to modify a registry key to activate a dormant debugger-based keylogger as they could simply install an actual keylogger. The counterpoint is that the driver-based keylogger, because it’s actually part of an integrated debugging / tracing function, would be harder to detect and leave less of a trace than a full-blown logger, so it would be a less intrusive and more opportune choice for those looking to listen in; there’s a built-in excuse for why it might be doing what it’s doing.

That’s assuming it’s detected, of course. The fact is, detecting them is notoriously difficult. Things have gotten better, but even the best antivirus program has trouble identifying them, and that’s even more true of one that’s operating at the system level – you might want to try a scanner that looks for keyloggers specifically. Since nothing is easy, those types of programs are few and far between because of the difficulty in detecting the logger in the first place. The one most often recommended is KL-Detector, but I’m not convinced of its effectiveness and definitely uncertain of the last time it was updated, which is critical in security software. While it will run on Windows 10, the only systems it explicitly confirms are Windows 2000 and XP, not something that gives me confidence as to its currency. Plus, it’s not a removal tool, only a detector. I don’t know why it’s so often recommended.

Physical keyloggers are easy – check where your keyboard plugs into its port. No additional device, no keylogger. Honestly, these are practically obsolete and were mainly used when keyboards still plugged into PS/2 ports, but don’t be fooled – USB physical keyloggers are out there, but are not commonly used because the chance of discovery is high.

It must also be noted that while there are obvious nefarious uses for keyloggers and that is why we generally hear about them, they have valid uses as well. If you are a parent who’s concerned about what your kids are doing online, a keylogger might be one option, especially these days. If you’re conducting a legitimate investigation, a keylogger is an option and has been used in the courtroom, both successfully and unsuccessfully. And, as alluded to above, they have valid testing and debugging uses. It’s similar to peer-to-peer sharing software; we mainly hear about how it’s bad, but it can also be very useful.

In a way it’s better than the previous time this happened because the keylogger is not active, but it’s worse because so many more models are impacted.  HP acted right away and issued a patch, although if you received a Windows Update in the last couple of days you should be fine as well. If you’d like to be doubly sure, you can check HP’s patch site to download a patch for your model. There are a lot of links, so you’ll need to know your exact model.

Another outstanding Computer Game Development showcase!

Computer Game Development showcase

The quarter has finally ended, and with that comes this year’s Computer Game Development (CS 113 / INF 125) showcase, open to everyone – all faculty, staff, students, and others interested in game development. As always, the titles on display were, overall, of very high quality. Some were absolutely incredible, and I’ll highlight one of them at the end of this post, but I am always incredibly impressed with the range of concepts, ideas, and designs students come up with. From a potato trying to escape a kitchen, to an engineer who can hop back and forth between our world and the spirit world, to a game where you play as one of several geometric shapes each with their own ability, to a VR game – our first ever – to teach people musical intervals, all the games on display were incredibly unique. Along with having our first VR project, this was also the first time ever that anyone in the class used the Unreal Engine; I’ve been trying to get that to happen for years, and this quarter two groups, including the VR group, used it!

VR Project

VR Project

The standard is still Unity, of course, which is perfectly fine. Hey, if there was no Unity, there’d be no Rocket League, and we can’t have that.

Even more than the games that are incredibly polished and advanced, I come away most impressed with the groups who began the quarter with no knowledge whatsoever of game design or the tools to create something interactive and playable, and in a mere ten weeks created a game that could be played and that was even enjoyable is the most rewarding part of the class. They are the most proud of what they accomplished, and deservedly so.

There is always a game that stands out among the rest, and this time was no exception. Before I mention them, however, I need to say this is no way a denigration of the other projects. Everyone did a great job, presented creative ideas, put in a lot of effort, scrambled to learn new technologies, and they all deserve praise and credit. That being said, there is always one project that is all but ready for public release, and this quarter’s winner in that category is a visual and storytelling triumph, The Taking of the SS Amusement. Did I mention I suggested that name in a nod to The Taking of Pelham One Two Three?

Crayon Fire Games

Crayon Fire Games

The team named themselves CrayonFire games. The story behind that is a perfect example of the way all names should be decided; in a completely accidental and organic manner. During a Slack chat, someone mentioned a canyon fire that was happening here in SoCal, and another group member misread ‘canyon fire’ as ‘crayon fire’ and became understandable confused. And that, my friend, is how great company (and band) names are born.

The group was also lucky in that everyone involved was a gamer, and passionately so, and double lucky in that one of their group members had extensive Unity experience and coded games as a hobby, and triply lucky in that his roommate was an art major who agreed to the pixel art for them and created multiple masterpieces, as least as far as pixel art goes. The animations and behaviors of each enemy, which are robot chefs and stewards, by the way, is absolutely perfect, with my favorite being the food cart-pushing robots who charge the player then stop to wipe their brow even though they’re robots, and the final boss who presses the appropriate colored button to launch an attach which drains a battery meter. There are also parallax stars visible through windows,  and a subtle before and after in the title screen. The game is challenging, expertly designed, and beautiful. Again, this is not to take away from other projects, I was happy with them all. But this game is special.

Their website is crayonfiregames.wordpress.com (they had to create a website as part of the course requirements), and I have embedded their promotional video below. I’ll see if I can make the game available for download – it’s definitely worth a play.

But again, congratulations to everyone in the class, there was so much good stuff on display it took longer than the two-hour showcase to go around and evaluate them all. I look forward to it every year, and for all the hard work the students have put in over the course of the quarter I know they really appreciate the opportunity to show off their achievements and accomplishments to everyone, and the feedback, both internal and external, was very positive all around.

Outside the showcase

Outside the showcase

On a relevant side note: I am trying to set up a repository of all the games that groups created for the class, however that is still in planning stages so it’s just a sidenote for now, however I have high hopes we can use it as a central hub to highlight all the games created in this class over all quarters. If it happens, there will definitely be an announcement made here.

The new oculus home and store experience

Oculus logo

Facebook-owned Oculus released their Rift Core 2.0 software a couple of days ago, completely revamping the out-of-app experience users have when they don their Rift headset. It’s a vastly improved experience over the original Oculus home (which wasn’t all that bad, to be honest); much more feature-rich, streamlined, and user-friendly, however it is still clearly in beta, which is a good thing because it is also still, bafflingly, missing some foundational functionality. According to the Oculus developer blog, there is much more coming and I am very much looking forward to it.

I have made a video, embedded at the end of this post, however that was not without some strange difficulty. You see, when you are in a VR app, the app is automatically mirrored to a window on the desktop, but not when you are in Home or the store. For reasons we may never know, the developers made that window a hidden window, and it required a third-party app, cleverly named HomeUnhider, to make it visible. I would have used the more popular OculusMirror.exe, supplied with the Oculus software itself, however unlike everyone else on earth, my Oculus program folder was empty, with none of the software that was supposed to be installed along with the core experience, and it’s not available for download.

“No problem,” I thought confidently, “I’ll just use HomeUnhider.” Great idea, except HomeUnhider doesn’t work with the new beta experience, giving an error that reads ‘Oculus Home not found.’ It required a complete uninstall and reinstall of the Oculus software, but I did then get the mirror program that allowed me to capture the video (for those interested, the complete path is C:\Program Files\Oculus\Support\oculus-diagnostics\OculusMirror.exe). Camtasia then proceeded to cut off the bottom bit of the video so you can’t see the dashboard as much as I’d hoped. It’s also a weirdly low-res video, which is strange as I use Camtasia a lot and don’t normally have that issue. Here’s a pic of the original Oculus home, lifted from the Windows Central forums, to set a baseline.

Original Oculus Home

Original Oculus Home

As you can see, it’s not bad. It has a nifty, pseudo-futuristic-while-simultaneously-rustic vibe going on, and the home and store functionality is combined into a single interface. You can see yourself, your friends (yeah, right), highlights from the store, and recently accessed apps. The image is actually an older version of home; it had been upgraded from the design you see in the image above, with additional navigation, categories, and so on. It looked generally the same, but with some additional functionality.  Of course, you could look around your home if you just wanted to chill, as the kids say.

In the just released beta, however, it has been completely revamped. Your house now sits on what appears to be the cliffs of a…Mediterranean, perhaps, or maybe Spanish inlet, part of a larger coastal village, with your balcony looking out over the water, which also happens to have some pirate ships.  Can’t argue with the view!

My new (virtual) view

My new (virtual) view

There are also some activities you can do, such as shoot a bow and arrow at nothing in particular, shoot what appears to be a virtual incarnation of the Sega Master System Light Phaser (which could be dangerous in the wrong hands) at similarly 8-bit targets, or lob golf balls into the water. For being such simple activities, they’re oddly fun. You can navigate around your house, something you couldn’t do before, and you can now do some limited decorating. By selecting different patterns you can change the look of the ceiling and walls, and other accouterments can be placed around as well. The carrot here is that by playing games and using apps, or simply spending time in Home, you’ll earn additional items and decorations that you can use to further spice up your space. And don’t worry, there are no lootboxes here.

Shooting 8-bit targets

Shooting 8-bit targets

I suspect that there will eventually be many more ‘homes’ from which one may choose: On the developer blog linked earlier, there is what appears to be a house in outer space as opposed to the seaside location it’s in currently, and my guess is there will be more than that. The blog states they’ll be rolling out content over the course of the next year, and I suspect further on past that. Hey, Sony’s Playstation Home may not have been a hit, but the homes you could buy were spectacular, and it never came out of beta! I can only imagine what it will be like if we can get homes like that in VR – I’d buy every single one. They even had one that was completely underwater with whales and whatnot swimming outside massive windows…Now I’m nostalgic and I can’t find a single picture of that house, so instead here’s a picture of an underwater, Bioshock-themed apartment you could get. Still pretty impressive, and apparently there’s some weird version of Playstation Home that still exists on the PS4.

Bioshock Apartment from Playstation Home

Bioshock Apartment from Playstation Home

GLORIOUS UPDATE: It turns out the environments are already available! I wasn’t aware you could scroll through decoration options within categories, however I began to suspect something was up earlier today when it said I had 78 objects but was only showing a few. After figuring out how to scroll, guess what appeared! That’s right: A space environment, and my new favorite, a city environment called ‘Vertigo.’ I made an additional video just to show them. They’re very impressive, and now I can’t wait to see the others that I’m certain will be available in the future – fingers crossed for an underwater theme!

So back to Oculus – there is the new dashboard, which I think is a huge, and much needed, improvement. It now curves around you like a futuristic control panel, offering access to settings, recently used apps, some status info, the store, and social info. It’s easier to use, especially if you’re standing up; using it while sitting requires you do some contortions with your wrists to get the pointers in the proper place. There is also a Desktop button that mirrors your monitor right there in VR, and if you have multiple monitors it will ask which one you’d like to see. The insanely nifty thing about that is that you can pin programs to the curved dash just like you can with the Windows or Mac taskbar, and even pull windows off of your desktop and pin them right in the air in your virtual house! They’ll follow you around – you can watch YouTube videos, play a game, browse the web, all as you mosey through your virtual environment. It’s an incredibly useful feature, however you can’t pin them, say, to the wall like a picture, which I think would push it over the edge into unparalleled awesomeness. Rather, they hover right next to you, although they can even overlay over an app you’re using, so you never have to be away from that admittedly very important video that finally proved the existence of life on another planet.

Oculus Dash (from Oculus - notice the different home in the background)

Oculus Dash (from Oculus – notice the different home in the background)

The store has been separated out as its own location, designed as a post-modern, I don’t know, office lobby? There’s a very natural theme to it with an Oculus-branded waterfall, wooden curved steps on either side of the round room, metal balls rolling along tracks under a glass floor, and you can even see silhouettes wandering around behind the upstairs windows. Oddly, and at the same time pretty awesomely, if you turn around you’ll see a very futuristic, yet also immersion-ruining unanimated cityscape. No blinking lights in windows, animated billboards, blinking stars, nothing. But it is an interesting contrast between what’s in front of you and what’s behind, one you can see below.

The new store location

The new store location

Looking behind you in the store

Looking behind you in the store

The store functionality is generally the same as it was before, which is a problem. They have finally added video previews of apps you’re viewing, something the Gear, the mobile version of the Rift, has had forever – the fact it’s been added to Rift now is just playing catch-up. Additionally, although it’s not an addition at all, it’s a maddening omission, there is still no search function, which is as basic a usability function as there is, especially when the list of apps can, in some categories, go for 100 pages! While apps are normally listed six at a time, their ‘Gallery’ titles, which are described only with the very vague ‘A broad, less-filtered collection from VR creators,’ are for some reason listed three at a time, and there a hundreds of them! I also have no idea what ‘less-filtered’ means, and when I clicked on ‘Learn More,’ Oculus crashed and wouldn’t restart without a reboot or taskkill because its background process simply wouldn’t quit, even from TaskManager. Anyway, you can sort, but you may still have to scroll through pages and pages and pages and pages of apps to get to the one you want.

There is also no browser, something its little brother the Gear has had for a good while now. It’s very strange; these improvements to Home and new environments for Home and Store are great, but it still lags behind the version that you use by plugging in a phone. The Gear version of home also has voice search, and other things like events, highlighted videos and better social integration, something that even I, with no friends on this or any other game platform, can see is much better on the Gear. That the Rift still lacks the basic functionality that its phone-based counterpart has enjoyed for so long is unforgivable. I’m overjoyed at this new Rift experience, and I have very high hopes, not only for its continued future development and what that will bring us, but also that it can simply be brought on par with what you would expect would be its much less capable sibling.

It’s important to also add that regardless of my complaints and concerns, Oculus is light years ahead of Valve / HTC and their Vive in terms of the interface. The Vive interface, a Frankenstein-like mashup of three, maybe four, maybe as many as seven separate interfaces (it’s hard to tell, it’s so badly designed), is overpoweringly difficult, cumbersome and unintuitive to use. So awful is the Vive interface, and impossible to navigate, that it may be, and I say this in complete seriousness and without hyperbole, the single worst interface I have ever used. In my line of work I use a lot of terrible interfaces, so Vive has really accomplished something here. Not only that, Steam VR incorporates beautifully into Oculus, so there’s no need to use the Vive at all, at least not in my household.

Below are two videos from Oculus, one highlighting the new Home and its potential options for customization, the other introducing the new interface which they call ‘Dash.’ The third video is the one I took on my own Rift in Home and the store.

 

State legislator sets up YouTube channel covering his fight against predatory videogame practices

Vadear (get it?)

I hope, I mean I really hope, that Electronic Arts has finally gone too far. First, let’s not forget that when they were first formed by Trip Hawkins back in 1982, their approach was that developers were artists and they treated them that way. But things changed. They have been developing disgusting, money-grabbing pseudo-games for a long time now, and doing so with relative impunity.  From the atrocious, insulting release of Dungeon Keeper mobile, a grotesque violation of the groundbreaking original series, the remake of which requires you to either wait for extended periods of time before your imps could continue to break down walls or buy crystals for real money so you can continue playing, to their more recent release of Need for Speed Payback which has you apply cards to cars in order to spec them out, however the cards are limited to only one car and they appear as a slot machine gameplay mechanic, the results of which are supposedly random. Never mind the idea that using cards as a means to upgrade cars makes no sense in the first place, nor does the random acquisition – those aren’t how upgrades work: remember the concept of ludonarrative dissonance? Racing games usually have you earn money by winning races and using that money to buy upgrades that you choose to fit your driving / playing style, which makes perfect sense. Just listing these two examples makes my blood boil, for many reasons. I have been a fan of Need for Speed for a long time (especially the police chases), and Dungeon Keeper, a game in which you design a dungeon to attract monsters who defend against invading heroes, originally released in 1997, is a game I spent many hours with and whose brilliance shines to this day. You could even possess the monsters who made their way into your dungeon and see it in a first person perspective.

Dungeon Keeper 2

Dungeon Keeper 2

And that’s the core of the issue. It used to be that when you bought a game, you bought the whole game. Games were designed as complete, compelling experiences meant to tell a story or provide an experience. You played the game, and either that was it or you played it again, perhaps trying new tactics or exploring new areas. Now, however, games are simply vehicles for monetization; It is determined how a property can be monetized, in other words how can it be developed so that once people buy the game they will need to continue to pay to fully experience it, and then a game is developed around that. They are not designed to be a game, to be fun, they are designed from the ground up to get you to keep paying. Look at this loading screen tip from Madden mobile for further proof: They outright tell you to buy ‘item packs’ to improve your game!

Thanks for the advice, EA

Thanks for the advice, EA (found on Reddit)

So back to Dungeon Keeper and Need for Speed. Both of these were once great franchises that EA destroyed by developing for the purposes of pushing lootboxes or their equivalent as opposed to compelling gameplay, but they had been doing this kind of thing for so long that I guess they felt they could do whatever they wanted. Speaking of which, it is important to note that EA is by no means the only company doing this – not by a long shot.

Need for Speed: Hot Pursuit (2010)

Need for Speed: Hot Pursuit (2010)

And then, Star Wars Battlefront II happened. I’ll  bet EA never saw it coming, and from what I can tell they didn’t. I hope they didn’t, because their surprise and confusion over the backlash would make the whole thing that much better.

You see, EA decided that many of the characters and items in their new release of Battlefront II, itself a long-lived and beloved franchise, would be only attainable via lootboxes that contained random content, which may or may not be the ‘thing’ you as the player are looking for. If you didn’t want to grind away for who knows how long – Days? Weeks? – to get the stuff, you could pay real money instead. You could also buy lootboxes to get game-changing benefits that severely unbalance the game in your favor, and against everyone else’s: In one video I saw, a player paid real money and got the ability to lock on to targets 200 percent faster than others. The environments in that video really look nice, too, which makes the whole thing that much more troubling – it looks like there could be a good game in there.

Although there has always been backlash against this nonsense, what EA tried to do with Battlefront – remember, Battlefront is a long-running and revered franchise originally developed by Pandemic and published by Lucasfilm – unleashed the rage of countless gamers and has begun a snowball reaction that has even surprised us. First came the Reddit rage. Lots of rage comes from Reddit, but this was different: It was loud, and it was sustained. So severe was the response that EA backpedaled and made some changes, however they also stated they were not removing the lootboxes altogether.

Original Battlefront II

Original Battlefront II

Again, I think EA was blindsided by the response because this practice is nothing new to them. But never mind EA Spouse, or them having the most downvoted post in Reddit history, which itself was in response to a Reddit user who created a spreadsheet showing that unlocking high-level characters in Battlefront II would take about forty real hours, or even being named worst company in America two years in a row; what happened next is where this story really takes off.

The uproar was so loud that government agencies around the world started looking at whether the very concept of lootboxes should be considered gambling. The argument is, if you are paying real money in the hopes of getting something of value in return, then it should be classified as such. I am not taking a side on whether it can formally be defined as gambling, I’m just saying that designing games as revenue streams first and games second is a putrid, vile practice.

It seems some agree. Belgium is on the edge of classifying them as gambling (the linked article erroneously states they have, but they haven’t yet), Australia is also investigating as is France, while Denmark has said they don’t meet official gaming (read; gambling) criteria.

Here in the States, and what inspired this post in the first place, representative Chris Lee from Hawaii has taken it a step further and is not only considering lootboxes but the larger issue of predatory business practices in games. He is clearly a gamer himself, he even cited the standard, old-school business model mentioned above, and chimed in on a Reddit thread regarding the topic. He put out an initial video putting forth his opinions on the topic, and it became so popular that he then added a much more intimate, personal take on the controversy, which he intends to be an ongoing video blog covering his dealings with this issue and progress made. It was then that I knew this whole thing has taken on a life of its own. It is, I’m hoping, out of EA’s hands now, and about to be addressed on a much larger and more enforceable scale.

I’m hoping all this attention finally gets game companies back to making games. Not things that look and feel like games at a very low level while requiring the player to continue to buy to continue to play. I’ve been against it for a long time, even going so far as to say some ‘games’ aren’t games at all; they possess no elements of gameplay but want you to keep paying in order to see all the ‘game’ has to offer. One of the worst offenders, a ‘game’ I despise but everyone else loves is The Simpsons: Tapped Out. I love The Simpsons as a TV show, but with the app, what no one seems to realize is that there’s no freaking game! There’s a narrative, but that’s it. You don’t actually *do* anything. Tap on this character, they go into a building. Tap on that character, they deliver a line of dialogue then go in to a building. Tap the money floating above the buildings. If you can afford it, tap here to build a building (which builds over time, unless you pay to build it). Can’t afford it with in-game currency? Or want one of the items only available through a real-money transaction? You know what to do. There’s no skill involved, no character building; I suppose a minimal argument could be made for planning, although even that’s excpetionally limited, and storytelling, which is its strongest point, but there’s no game to go along with it. The Simpsons is not alone, considering in-app purchases are common, indeed rampant, in the mobile space, and even more insidiously they are often aimed directly at kids. That’s why things like this and this and this happen. Remember Joe Camel? He was banned too, for very similar reasons.

The Simpsons: Tapped Out

The Simpsons: Tapped Out

Fingers crossed. If I may invoke the names of one of my most beloved franchises that was also ruined (you can imagine by whom), I’d like to think maybe we can get back to making games that are more like Dead Space 1 and 2, and less like Dead Space 3. Wait, what happened to the company that made those first two masterpieces? Oh, that’s right. EA happened. And the second paragraph in the linked article is why we’re where we are right now. Here’s hoping for deliverance from what EA wrought.

UPDATE: Look what I found about three hours after writing this post! US lawmaker who called out Star Wars Battlefront 2 lays out plans for anti-loot box law.