Sunday, March 22, 2015

Windows 10: Free or Freemium?


Hurrah!

Finally, Microsoft has come to their senses and Windows will be free from now to evermore...

Kinda...

Ok, so the bottom line is this.   The way we'll get a new version of Windows will forever be changed once Windows 10 launches this summer.  From now on Windows should cost you nothing more than a bit of time and a slight hit on your bandwidth cap.

Maybe...

Sometime in the near future you're going to find a very large update in your monthly batch of Windows patches.  It will be Windows 10 and it's coming free of charge to anyone with Windows 7 and above. 

Better yet, it's been suggested that Microsoft doesn't even care if you've got a pirated version.  Could this possibly mean the scourge of "Microsoft Genuine Advantage" will finally be ending?  That would be nice but considering the huge investment Microsoft has put into licensing technologies it's hard to believe that they'd completely abandon them.

Originally, Microsoft claimed that upgrades to 10 would come free to users of all "consumer" versions of Windows 7 and above except for Enterprise versions (labeled Enterprise or Enterprise N.)  That means everything from Windows "Home" to "Ultimate" should be eligible.  In case you don't know, "Enterprise" versions are only available via a volume license agreement offering the rough equivalent of a stripped down  "Pro" version.

What we don't know is if that word "consumer" is just an adjective or a label.  For one thing, will you suddenly find your "Professional" version downgraded to some anemic "Home" version of 10 that can barely browse a web page or will you get the equivalent to what you have now?

If, for example, I suddenly can't connect to my home NAS box or my small office's domain services then we're going to have a serious problem.  I don't say this often but it's true nonetheless.  I'd rather install Linux on an end user's work PC than any combination of the words "Windows" and "Home."

It seems to me there's a hole in Microsoft's strategy in the way its segregating the "enterprise" and "consumer" versions of Windows.  Most small to mid-sized businesses are not running "enterprise" versions meaning whatever it is they are running is considered a "consumer" version.

If Windows 10 is going to be free to "consumers" then what's to stop the next round of hardware upgrades in someone's "enterprise" (as in Fortune 500) just being a bunch of Dell's with free versions of Windows 10 Pro? 

I don't believe Microsoft is going to let that happen since they still make the bulk of their money off corporate volume licensing programs and Windows is a big part of that.

Which makes the use of the word "consumer" suspicious.  Are we going to again fork Windows versions much like the days before Windows XP so that Enterprise grade tools like SCCM can no longer manage a "consumer" version?  Not likely unless the enterprise is getting left out of the whole "unified desktop" thing.

Right now I can push an SCCM package to Windows (7 or 8) Pro and Ultimate.  If I try to do the same to  our theoretical "home" version of Windows 10 I'd have to believe it would fail.   In short, a crippled version of 10 would be little more than a refresh of the much hated Windows Starter Edition. 

With current available information, I don't see how Microsoft could protect the corporate honey pot any other way. That is, unless they really do believe that they can get by on Office 365 license revenues or they're going to be like Red Hat Enterprise Linux and charge for "premium" support.

Regardless of whatever conspiracies are floating around my head, the goal is obvious.  Where Windows 8 was Microsoft's initial attempt to push the idea of "one OS to rule them all."  This next iteration is meant to finally bring that goal to fruition on any device.  The best way to do that is to literally give it away and make your money off services and support. 

While still being closed source, giving away Windows is a very Linux way of getting an operating system into the hands of users.  However, that begs the question of whether the giveaway is really just another revenue stream.  Even Linux can cost you dearly if you can't find the answer in a support forum.

Let's also remember that Microsoft is about making money not social change.

Back in the 90's there was a PC maker called Free-PC who built their business by literally giving away computers. They did that by encapsulating the entire user experience in a horrific advertising shell (or Hell) that you couldn't escape.  You were forced to look at ads, participate in surveys and consent to have your every action monitored.

What price freedom indeed.  Thankfully that model died as quickly as the low grade hardware in those machines.  The question is, much like free apps on smartphones could we find something similar in the form of spontaneous ads or diminished functionality unless we subscribe to "premium" functionality?

So as consumers we have to ask ourselves if "free" is worth a diminished experience if that's indeed what Windows 10 turns out to be.  Unfortunately, we won't know till the OS is launched.  Yes, there are millions of preview builds out there right now but that doesn't really mean much.  Preview builds are generally unrestricted versions analogous to a "Pro" or "Ultimate" retail product. 

Meaning we really don't know what we're going to get for free and Microsoft is apparently content to  keep us all guessing.

Of course all of this grows out of a history of bad faith with Microsoft.  From legitimate copies of Windows being bricked by an update or Genuine Advantage running amok, it's hard to take anything the company says at face value. 

But we are in the age of subscriptions aren't we.  Paying for an operating system is akin to buying a new car and being charged an extra $500 for the ignition key.  Making money off platforms goes against all marketing principles.  

Nobody buys products anymore, they buy an experience.  It's why people pay twice as much for an Iphone when its hardware is frequently inferior to even the cheapest Android phone.

Most normal people could care less about how advanced your operating system is.  They're far more interested in what kind of software can run on it.  If you're proprietary, like Microsoft, you'd rather sell 100 Office 365 licenses than 1000 copies of Windows.  Mostly because you'll sell the Office licenses faster and be back in a year when it's time to "renew."  Nobody is going to pay to renew an OS.  In fact it's amazing that anyone ever paid upwards of $200 for an operating system in the first place.


In a freemium world a "free" OS is de rigeur.  The question is how far does that philosophy seep into Windows 10.

Friday, March 13, 2015

Are you FREAKed out yet?


So maybe you heard about the latest round of security nightmares that plague what everyone thought was secure web traffic.

A few months back it was a serious security flaw in OpenSSL known as HeartBleed that sent webmasters scrambling.  Then came a left field sucker punch when it was discovered that all an attacker needed to do to compromise your entire server (not just a website) was to insert some code that a BASH prompt would respond to. 

Encryption be damned if you have root access to the server!

Which brings us to the latest security gaffe, otherwise known as a Freak attack...

This one has its roots in the earliest implementations of web security.  Back in the days when the U.S. government was so paranoid about not being able to clandestinely snoop on your encrypted communications that they enforced a ban on strong encryption ( aka: stuff they couldn't break.) It was deemed "export-grade" encryption which was just a fancy name for "weak."

They did it by forcing SSL to downgrade its encryption bit strength when traffic left the U.S. thus allowing easy surveillance of all "suspicious" (meaning all) traffic.

Well, as we know from the Snowden leaks there's not much need to worry about borders anymore.  The U.S. has monitoring bases worldwide now.  Besides, the juicy fruit of of the spy game is gathered from far less hardened sources these days.  Just bug a German chancellor's phone and you've got all the dirt you need on the EU.

But let's get back to the problem at hand. 

There are still remnants of this "backdoor" in SSL and because of it millions of websites are vulnerable to compromise using relatively simple "man in the middle" attacks that utilize the facilities of weak encryption still present in SSL implementations.

The worst part is that the problem exists on both the client (aka: your browser) and server sides.  A compromised client and a compromised server are a marriage made in heaven. 

So what's the solution?  Pretty much the same as always.  Keep abreast of security news and patch, patch, patch!  Which is why there were so many Internet Explorer security patches this week.  Open SSL will have a patch available too.

If you'd like to dig a little deeper the following site will let you test both your browser and your favorite SSL secured websites.



Do it now.