Paul Thurrott's Short Takes: January 5
Because it’s the end of the world as we know it, this edition of Short Takes looks at the many issues swirling around the Spectre and Meltdown security vulnerabilities. TDLR: We’re doomed.
Of Intel lies and tech blogger stupidity
Oh, what a week. First, two major chipset vulnerabilities, called Spectre and Meltdown, were leaked by a tech blog just days before Intel and the entire PC industry were set to release patches to mitigate the problems. Then Intel said the issues were minor and, within hours, was found to have lied about that. Given this dismal state of affairs, Microsoft and others pushed out the security patches, which they had been planning for weeks, a few days early. And now the entire planet is worried that we’re all doomed because one of these flaws, as it turns out, can’t be completely eradicated and the fixes that have shipped could harm performance—especially in the cloud—by as much as 30 percent. So yeah. A great start to 2018, for sure.
“How to protect your PC against the major ‘Meltdown’ CPU security flaw”
Nothing. It keeps itself up-to-date.
Tech industry works to mitigate impact of security flaws
With the spectre of a meltdown looming—OK, sorry—the tech industry is rallying this week to perform the same sort of “security theater” we see at airports these days. Which is to say, address yesterday’s problems with a great deal of huffing and puffing. There’s a new announcement every day, basically, and by all accounts, it appears that the first wave of updates—which span basically every personal computing, server, and cloud-based processor chipset known to man—should be rolled out completely by next week. But the bad news—other than the obvious—is that we’ll probably be dealing with this problem for months, if not years, with Intel promising that future waves of fixes should successfully mitigate—not eradicate—impact from these flaws. Basically, the car doesn’t have brakes, but the feeling is that if you downshift enough, you’ll eventually stop. Or at least mitigate the speeding, if you catch my drift.
“Microsoft issues an emergency fix for Windows 10 to address processor bug”
No. Microsoft issued a cumulative update a few days early; it was long planned for next Tuesday.
One (small) wrinkle that Windows 10 users should know about
While it’s fair to say that all Windows 10 users will get the updates that Microsoft issued to protect against this week’s security vulnerabilities, there is one gotcha to know about: If you’re running certain incompatible third-party AV programs, you won’t get the update immediately. The issue here is that old-fashioned AV programs that are using undocumented API calls are now triggering the Blue Screen Of Death (BSOD), so Microsoft can’t deliver the patch if you’re using one of these products. So how do you know? This online spreadsheet, created by security researcher Kevin Beaumont, details which AV products are working and which are not. The good news? It looks like most mainstream AV solutions are all set as of this writing.
The Galaxy S9 chip that will let Samsung copy the iPhone X is official
Also official, that Apple already copied the iPhone X design from Samsung’s year-old flagships.
What about the cloud?
The biggest issue with Spectre and/or Meltdown is the cloud: The impact there is greater than on personal computing devices like PCs because the flaws can’t be completely contained, exploits could theoretically allow malicious code to steal user data, and any fixes that are deployed could harm the performance of cloud services by up to 30 percent. If there’s a silver lining in this, … Actually, there’s no silver lining, it’s all bad news. That said, both Microsoft and Intel offered some cheery news about this week. “The majority of Azure customers should not see a noticeable performance impact,” Microsoft noted, referring to the patch it had just deployed. And Intel, this week’s big loser from a trustworthiness perspective, claimed that any exploits of these flaws would not be able to “corrupt, modify or delete data.” Right. The issue is that exploits could steal the data. Sigh.
“What to expect at this year’s CES”
Consumer electronics. Just like every year.
Microsoft touts Edge battery life benefits, but no one cares, Microsoft
For the fourth time in 18 months, Microsoft is claiming that its Edge web browser delivers dramatically better battery life than competing browsers like Chrome and Firefox. And for the fourth time in 18 months, I feel obligated to point out that this one advantage has done nothing to overcome Edge’s many flaws in the eyes of users. And that Edge, today, is responsible for just 2 to 4 percent (depending on the market researcher) of all desktop-based web browsing. With Chrome, the market leader, accountable for two-thirds of that usage. So, great news on the battery life, guys. It just doesn’t matter.
“Why Microsoft’s Groove Music app is the forgotten MP3 player you still need”
If you really cared, you would have written this story three years ago.
Apple sets record with app store sales
Apple reported this week that it paid out $26.5 billion to mobile app developers in 2017, an increase of 30 percent over the prior year and a new record. And that customers spent almost $900 million on apps and other store purchases in the final week of 2017, with News Year Day 2018 being the store’s best day yet, with $300 million in purchases. That is an insane amount of money. To put this in perspective, Microsoft’s total net income over the four quarters ending in October 2017 was a bit over $22 billion. So Apple paid more to developers than Microsoft earned (roughly; these aren’t the exact equivalent time periods) over a year. Yikes.
“Losing Jimmy Iovine would be a blow for Apple — but maybe his work there is done”
Or, he’s been mailing it in the whole time he’s been at Apple, just waiting for his stock to vest.