Monthly Archives: November 2013

Rant: Why can’t Microsoft provide actually useful titles on their updates?

Computing, Pontificating, Suggestions, Windows, Windows 7

Windows Updates have improved dramatically over the last few years.  With Windows 7, the integrated updates install smoothly and without much fuss (apart from the occasional EULA or Internet Explorer Upgrade to throw a spanner in the works).

There’s just one thing.  In general, the update titles are useless.  Completely useless. “Security Update for Windows 7”? Why else would I be running Windows Update?

update-2

Furthermore, the detailed description is also useless — it doesn’t actually provide any details!  It’s even more ambiguous than the title! “A security issue has been identified in a Microsoft software product that could affect your system.”

update-1

Let’s look at what’s wrong with “Update for Windows 7 for x64-based Systems (KB2830477)”:

  • It doesn’t tell us what the update actually provides
  • We already know it’s for Windows 7 — that’s in the group title.
  • We don’t need to know it’s for x64-based Systems — Windows Update won’t serve us updates for the wrong system type

We couldn’t we see “Update for RemoteApp and Desktop Connections features is available for Windows (KB2830477)”, instead? So which sleeve did I pull that descriptive and useful title from?

Well, the thing is, Microsoft already do know exactly what the update is providing.  They have even taken the time to write a succinct title for the update: it’s the title of the Knowledge Base article associated with the update, and it’s even linked to from the update. For example, instead of “Update for Windows 7 (KB2852386)”, we could have “Update: Disk Cleanup Wizard addon lets users delete outdated Windows updates on Windows 7 SP1 (KB2852386)”

Now it’s even worse when using WSUS — you now have to trawl through hundreds of nearly identically titled updates, with only a KB article number to differentiate.  So easy to accidentally approve the wrong update.  Why, Microsoft, why?  Is it so you don’t scare consumers who don’t understand what the update provides?  They just press the big “Automatic Updates” button anyway!

update-4

Admittedly, Microsoft have taken a big step in the right direction with Visual Studio updates: the description for Visual Studio updates generally gives you some information about what is being updated:

update-3

But even that could be improved. We’ve got a lot of repeated information: “Visual Studio 2010” is referenced 4 times: in the group title, in the update title, in the update title in the preview pane, and in the description of the update, again in the preview pane! Surely we don’t need to know that 4 times! And why don’t we go with a title of “Update fixes coded UI test issues for Visual Studio 2010 SP1 in IE9 or IE10 when KB 2870699 is installed (KB2890573)”. Sure it’s a little bit long, but it’s better than “Update for Microsoft Visual Studio 2010 Service Pack 1 (KB2890573)”.

So in conclusion, may I ask you, Microsoft, please, fix these update titles? Just start giving us titles that mean something? And if you are feeling particularly generous, you could even update the description of the update to add more meaning, not less!

The farce of security challenge questions (yes, ANZ, I’m talking about you!)

Computing, Griping, Pontificating, silly ideas

My bank has decided that I have to have some security challenge questions, and gave me a fixed set of questions to add answers to.

They had some simple instructions: “Keep them secret and don’t disclose them to anyone.  Don’t write down or record them anywhere.”  And added a little threat as icing on the cake: “If you don’t follow these instructions, you may be liable for any loss arising from an unauthorised transaction.”

Security Questions 1 Security Questions 2 Security Questions 3If I actually attempt to give honest answers to the questions, any determined and reasonably intelligent hacker could find the answers to all the questions that I actually know the answer to, within a minute or two, online, tops.

So what if I opt to use 1-Password or another password management tool to generate secure and random “password” style answers to these questions?  These would not be readily memorisable and so I’d have to save them in the tool.  But according to their little threat, I can’t do that!  That’s called recording the answers to the questions and I could be liable if an unauthorised transfer occurs.

The real problem with questions like this is that too much of this information is recorded online, already.  It adds a layer of complexity to the security model, without actually improving security much, if at all.

Then another question arises.  If an acquaintance does happen to ask me where I got married, am I now liable to ANZ if I tell them?  It sounds ridiculous but lawyers be lawyers.  Mind you, given that I have no way of not agreeing to the terms, perhaps it’s unenforceable.  The whole thing is really badly thought out.

Update 9:46am: Blizzard and insecurity questions: My father’s middle name is vR2Ut1VNj is a really good read for more detail!

Hobart 10,000 Day 1, 2013 Report

Cycling, Strava

8am at sea level we gathered, 11 riders in all.  The hills loomed above us, but we were not daunted.  Climb them we would, and nothing would stop us.  And when we had climbed them, we would descend to the depths of the valleys, and again we would ascend their lofty heights.

‘Twas a pleasant dream.  And yet we prevailed.  Eight and nine tenths of us completed the course, a 2600m extravaganza of climbing following a tortuous and tangled route around the foothills of Mount Wellington.  One tenth of a rider?  Well, Dan descended the mountain in the support vehicle.  But he did complete all the climbing that was on the menu.  The other Dan pled broken ribs in his early abandon.  And one other rider — his name now lost to my ken — pled afternoon criterium.

Our organisers had fled.  Barry had a touch of the man flu.  And Mark seemed to think it would be more fun to play with awesome slag-destroying remote control robots!

Mark's Slag Destroying Robot
Mark’s Slag Destroying Robot

But we knew we could make it on our own.

The full route, annotated

IMG_5641

The morning started with a warm up on Napoleon St.

Napoleon St, 100m @ 16.1%. So short Mesmeride has trouble drawing it!

Then Lynton Ave.

Lynton Ave, 200m @ 12.5%

And Washington St.

Washington St. 400m @ 11.7%. But what a finish!
Washington St
Washington St

Followed closely by Hillborough Rd.

Hillborough Rd, 700m @ 13.6%

Lots of steep climbs.  Even Sam was forced to swap into the little ring on some of those hills.  After Hillborough Dan farewelled us, as we made our way to Waterworks, and then huffed and puffed our way to the top.

Waterworks, 1200m @ 11.8%

IMG_9239

A welcome break was had there, as our intrepid and trusty support driver Stephen awaited with food and drink.  Made the day so much better!

Back down the hill.  A good sensible gradient this time, Huon Rd.

Huon Rd, 4.5km @ 6%

But back to the silly climbs with Old Farm Rd shortly thereafter!

Old Farm Rd, 1.8km @ 8.9%

That was the last of the crazy short steep climbs.  Now we just had 2 climbs left: Strickland and Longley – Wellington.

IMG_9293

Strickland we cruised, slightly quicker than I thought we would be able to.

Strickland, 3.0km @ 5.6%

But when we arrived at Longley, another rider noticed that I had broken a spoke on my rear wheel.  Yay!  A quick text message to our support driver, and he turned up within mere seconds, we had the wheel swapped out and ready to ride in moments.  So it seemed.

Longley Wheel Replacement
Longley Wheel Replacement

Up and up again!  Longley – Neika.  Neika – Fern Tree turnoff.

Neika, 5.6km @ 5.2%

And Fern Tree to the summit of Mt Wellington.  At this point, my legs were telling me ‘enough’!  I dropped back from the front group, and found a more comfortable pace with Chris, and we made our way to the top at a much more survivable pace.  Kudos to all the riders — Tim, Piers, Sam, and others — who finished with PRs up the final climb!

Mt Wellington, 11.2km @ 7.2%

IMG_9300

The weather was good, still but not hot.  Cloudy, just a fraction too cold on the descents, but not overly unpleasant.  The company was excellent!  Our support driver was great, and appreciated by all!

Sam did climb Wellington in the Big Ring. Kudos!

IMG_9340

And the hills?  Well, I was not quite defeated but I was surely sore at the end.  My Wellington time was certainly not impressive, and while my heart and lungs were ready to give, my legs were not! And the next morning I could barely move, groaning my way out of bed and around the house.  The forecast rain, sleet, hail and wind, together with my evident lack of form, were enough motive for me to pull out of day 2 🙁  I hope they had a good day!

Updated 5 Nov 2013: Photos added to the story. Full set of photos by our support driver Stephen are now available on Flickr

Delphi’s TJSONString.ToString is broken, and how to fix it

Bugs, Computing, Delphi, Development, Suggestions, Unicode

As per several QC reports, Data.DBXJSON.TJSONString.ToString is still very broken. Which means, for all intents and purposes, TJSONAnything.ToString is also broken. Fortunately, you can just use TJSONAnything.ToBytes for a happy JSON outcome.

The following function will take any Delphi JSON object and convert it to a string:

function JSONToString(obj: TJSONAncestor): string;
var
  bytes: TBytes;
  len: Integer;
begin
  SetLength(bytes, obj.EstimatedByteSize);
  len := obj.ToBytes(bytes, 0);
  Result := TEncoding.ANSI.GetString(bytes, 0, len);
end;

Because TJSONString.ToBytes escapes all characters outside U+0020-U+007F, we can assume that the end result is 7-bit clean, so we can use TEncoding.ANSI.  You could instead stream the TBytes to a file or do other groovy things with it.