Why — and when — net neutrality is important

Why — and when — net neutrality is important

Netflix and Comcast now have an agreement allowing Netflix to link directly to Comcast’s servers. Similar agreements are in the works, involving Verizon and many other ISPs.

Proponents of net neutrality believe all should have equal access to the Net, but the debate isn’t nearly as cut-and-dried as you think.

Netflix streamlines its video-delivery process

Among Web-based services, Netflix isn’t just huge — it’s ginormous. During peak hours — weekday evenings — Netflix accounts for about one-third of all Web activity, according to Web-monitoring company Sandvine, as reported in an All Things Digital article. Toss in Google-owned YouTube, and the two together suck up about 50 percent of prime-time downstream bandwidth. That’s consumption on a mind-boggling scale.

By comparison, Amazon takes up 1.6 percent of prime-time Internet bandwidth, Facebook and Hulu use about 1.3 percent each, and even BitTorrent downloads account for only 4 percent.

Add to that, Comcast and other ISPs provide their own video content. Comcast’s xfinity TV (site), for example, offers movies, TV shows, and many other products that compete directly with Netflix. If your Internet connection comes over a Comcast cable (as mine does), the company that’s actually delivering those Netflix movies to your home makes a lot more money if it sells you an xfinity TV subscription — a situation that has conflict of interest written all over it.

When, according to an Ars Technica story, Netflix’s streaming speed started dropping in late 2013 on Comcast and Verizon, some accused Comcast of throttling Netflix — specifically so Comcast could sell more xfinity TV. From what we now know, that most likely wasn’t the case. But the explanation is, uh, a bit complex.

Even before Comcast and Netflix ironed out their deal last month, Netflix would put its own streaming servers inside ISPs’ server farms. Netflix servers would sit — logically and often physically — inside a Content Delivery Network (CDN) provider’s area, which in turn sat in the ISP’s server area.

In the case of Comcast, Netflix had lots of server horsepower inside Comcast’s server rooms, but it could not connect directly to Comcast servers. Netflix paid third-party CDN providers — primarily Cogent and Level 3 — to make the logical and physical connection between Netflix and Comcast servers.

Most Internet users assume that ISPs such as Comcast must provide equal access to their servers from any other online source. In other words, Comcast is required to give Netflix, YouTube, and all other Web-service providers — including Windows Secrets — all the bandwidth they need.

But bandwidth is finite; there’s only so much to go around. (I always used to assume that, when an 800-pound Internet gorilla such as Netflix started soaking up bandwidth, WindowsSecrets.com — along with other smaller sites — got bogged down.) As detailed in Dan Rayburn’s StreamingMediaBlog Feb. 27 post, the concept of equal access for all simply isn’t the case — and never has been.

Here’s how Rayburn explains the situation:

“ISPs have something called a peering policy (Comcast page), which are rules that govern how networks connect with one another and exchange traffic. ISPs like Comcast will allow CDN providers like Cogent to connect to their network, for free, in what’s called settlement-free peering. However, once the transit provider sends more traffic to the ISP than they are allowed to, per the ISP’s peering policy, the transit provider pays the ISP for more capacity to get additional traffic into their network.”

That’s where things started breaking down for Netflix. When Netflix needed bigger data pipes to Comcast servers, Cogent wasn’t willing to pay Comcast’s price. In short, the agreement between Netflix and Comcast eliminated the transit-provider middlemen — Cogent, Level 3, and others.

Net-neutrality defenders immediately cry foul

When the Comcast/Netflix deal was announced, it quickly caught the attention of net-neutrality advocates. How can Comcast play favorites with Netflix at the expense of — oh, YouTube, WindowsSecrets.com, and others?

That’s an excellent question. To answer it, let’s start with the problem of defining “net neutrality.” The term has been bandied about a lot, but in fact it doesn’t really have a single definition. Ben Thompson explained the situation in his Feb. 27 stratēchery blog

“For most people, particularly those of us in the tech industry, net neutrality means non-discrimination against packets from origin to destination. A packet from Netflix or YouTube or PornHub or the New York Times is treated and priced exactly the same from server to client and back again.

“The FCC’s Open Internet rules, which were [recently] ruled as overreaching by the U.S. Court of Appeals in Washington … [apply only ] to traffic within an ISP’s network; in other words, once data is within Comcast’s or Verizon’s network, they can’t discriminate, delivering some data faster or slower.

“Netflix has a subtly different view, best articulated by [Netflix CEO] Reed Hastings … : ‘If I watch last night’s SNL episode on my Xbox through the Hulu app, it eats up about 1GB of my cap; but if I watch that same episode through the xfinity Xbox app, it doesn’t use up my cap at all. The same device, the same IP address, the same Wi-Fi, the same Internet connection, but totally different cap treatment. In what way is this neutral?'”

Those are three very different — and very valid — points of view. If you’re concerned about the net-neutrality implications of the Comcast/Netflix deal (and many people are, especially in the tech press and increasingly on Capitol Hill), you need to point to a definition of net neutrality and explain how the Comcast/Netflix deal invades on your specific vision of net neutrality.

That’s harder than you might think.

The specifics of the Comcast/Netflix deal

One of my favorite tech writers, Lance Ulanoff, explained the Comcast/Netflix agreement in his Feb. 26 Mashable post:

“Some are calling the Comcast-Netflix deal the first ‘pay-to-play deal,’ as it tiptoed in over the weekend, much to the dismay of net neutrality fans. It comes just one month after a court struck down the Federal Communication Commission’s net neutrality rules and only days since the FCC proposed a new set of regulations. The problem is that this isn’t a net neutrality issue. It’s not pay-to-play, either. In reality, it’s just business as usual.”

Again, think of it as Netflix cutting out the middlemen in the delivery of its bits to an ISP. (There’s no question that similar deals will be coming down the pike with other ISPs. And it’s highly likely there will be similar deals with other video providers.) What’s changing behind the scenes is the role of the Content Delivery Network — especially for bandwidth-hogging video delivery.

Rayburn describes the internal workings in his Feb. 27 blog:

“When Netflix was using third-party CDN providers Akamai, Level 3, and Limelight for 100 percent of their video delivery, there were no quality issues. … Those CDNs already have their servers connected to ISPs like Comcast and have put in place all the necessary links, both free and paid, to guarantee, via a Service Level Agreement, that they can deliver Netflix’s video. … Anyone who is on Comcast and using Apple TV to stream Netflix wasn’t having quality problems [because] Netflix is using Level 3 and Limelight to stream their content specifically to the Apple TV device.

“Comcast has a total of 18 national locations (public info), and Netflix and Comcast will initially connect in about 10 of those locations to start. … Netflix gets a guaranteed level of service from Comcast, but as the two companies have announced, Netflix does not get any prioritization in the last mile. … That would be paid prioritization, which Comcast cannot do and does not offer.

According to tests conducted by Netflix and reported by Ars Technica, Netflix speeds on Comcast got “a little better” as the new direct connections between Netflix and Comcast servers started to come online.

Not surprisingly, that same report shows that Netflix over Google Fiber runs very quickly indeed. Netflix connects directly to the Google servers.

The true net-neutrality implications for us all

There are legitimate threats to net neutrality and we need to take them seriously. But the Comcast/Netflix agreement falls outside most definitions of “net neutrality.”

As mentioned in my March 20 Top Story, “Comcast and Time Warner Cable: The upshot for us,” Comcast’s reprehensible (!) bandwidth caps might carry over to Time Warner Cable, should the deal be upheld by a well-greased Congress. With download limits in place, Comcast could win either way — you either pay for an xfinity TV subscription (ka-ching!) or you pay overage charges for watching “too much” Netflix. Sweet!

There’s a proposal on the table that Congress really should consider. I know it’s an impossible dream, but cloud guru Paul Venezia suggests that the U.S. take steps to make Web access fast, reliable, and cheap for everybody. “Here in the U.S., we’re doing the exact opposite, as fast as we possibly can.” Paul’s proposal, published in an InfoWorld story, is to classify ISPs as common carriers — just as are phone companies. We then commoditize broadband, with “true, free-market competition.” He — and many, many others — suggests we treat Internet access like electricity, water, and sewer. The devil’s in the details, but it sure sounds like a great first step to me.

For those of us who just want a fast, reliable, cheap, content-independent Internet connection (as is already available in many areas outside the U.S.), the Comcast/Time Warner Cable deal raises all sorts of red flags. But once you have the facts, the Comcast/Netflix deal doesn’t.

If you’re concerned about true net neutrality, here’s a simple place to start. Find out how your congresscritter stands on the Comcast/Time Warner Cable deal. It’ll be worth your while to find out. Then let him or her know where you stand.

Evaluating ISP's security recommendations

Lounge member Not Brightest Bulb wondered about the motives of his new ISP, Frontier, when it sent an email advising him to upgrade his email security settings. He hates scare messages. What kind of outfit is Frontier, anyway?

Not Brightest Bulb’s fellow Lounge members didn’t share his suspicions of the suggested changes but did suggest several means of verifying both Frontier and its requests. You can verify them, too.

The following links are this week’s most interesting Lounge threads, including several new questions for which you might have answers:

Office Applications
General Productivity	Any way to send fax for free?
Word Processing	Microsoft reveals zero-day attacks against Word
Spreadsheets	Set up Outlook calendar reminders from Excel
Databases	Message: Error 3085 Undefined function ‘Environ’ in expression
Presentation Apps	Ditch PowerPoint
Visual Basic for Apps	VBA 6.5 to VBA 7.0
Microsoft Outlook	Outlook 2007: Can’t shut down auto-archive?
Non-Outlook E-mail	Email not configured
Other MS Apps	Excel on mobile phone
Windows
General Windows	Bypassing downloader versions of programs
Windows 8	Uninstalling phantom program
Windows 7	HDD questions
Windows Vista	Clean up system files in Vista
Windows XP	How to limit XP to two websites
Windows Servers	Upgrading Server 2003 Standard DC to 2008 version
Internet/Connectivity
Internet Explorer	IE10 crashes when saving webpage in Win7 Pro
Third-Party Browsers	Gmail not working in Firefox
Networking	D-Link router: Guests can’t connect devices
Software Development
Windows Programming	If start time, run PowerShell script
Web Design & Development	Website-viewing problems with IE
Other Technologies
Non-Microsoft OSes	Printing from Chromebook to Windows printer
Security & Scams	Frontier curious
Maintenance	Macrium Free: How do I verify?
Hardware	MS wireless keyboard: Can’t find USB key
Graphics/Multimedia	Adjust aspect ratio and size of website videos?
Other Applications	Secunia 3.0 advice

starred posts: particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

Don't have to be batty to like bat babies

The Australian Bat Clinic and Wildlife Trauma Centre in southeast Queensland, Australia, stays busy most of the year rescuing orphaned and injured bats. Most people hope never to encounter the spooky creatures, but Trish Wimberley, who looks after hundreds of baby bats year after year, can carry armloads of them at feeding time. She’s also willing to dispense general comfort and affection to the tiny flying foxes. In Australia, people like to keep bats alive because these animals are ecologically important in Australia’s stressed environment. After you see this video, you might find other reasons to like them yourself. Click below or go to the original YouTube video.

What to do when a CAPTCHA verification fails

The CAPTCHA “type the words you see” verification boxes sometimes seemingly fail, trapping you in an endless loop. Here’s the fix.

Plus: Using Sandboxie to run XP apps in Win8, using TeraByte Unlimited imaging tools on newer operating systems, and incremental versus all-at-once BIOS updates.

Problems downloading/installing the Android .iso

Several readers had trouble downloading the .iso file mentioned in the March 13 Top Story, “How to run Google’s Android OS on a Windows PC.”

Some readers were thwarted by the download page’s CAPTCHA verification box; others lost track of where the downloaded file went.

Although that specific article prompted the questions, the answers might apply to similar issues with CAPTCHAs and downloads.

CAPTCHA issues: Here’s a note from Brian Marsden that illustrates trouble getting past the CAPTCHA verification box. His note was succinct.

• “What happens when the verification box goes into a loop and I can’t download the .iso file?”

The CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart; more info) process is designed to ensure that humans — and not bots — are using the page’s resources: in this case, downloading the offered .iso file.

Although CAPTCHAs usually work fine, coding errors can cause browser-specific problems. Even if you enter the CAPTCHA text perfectly, the page just reloads in a perpetual loop.

If this happens, your best bet is to use another browser. A CAPTCHA that fails with one of the big-three browsers will typically work with at least one of the other two.

Webpages don’t always display correctly on every major browser. If you have only one browser installed, Chrome, Firefox, and Internet Explorer are all free and easy to obtain. So there’s really no reason not to have a second or third browser installed as a backup.

ISO issues: Another group of readers had trouble finding the .iso file after the download. Len Staley’s note serves as an example.

• “Where do you find the .iso file you refer to in Step 10? When I navigate to where I downloaded the file, it’s not there.”

That sounds like the file didn’t actually download — or didn’t download to the location you thought it would.

Try using Windows’ Search function or a third-party search tool such as Agent Ransack (free/pro; site) to see whether the file ended up someplace unexpected.

If you can’t find it, you might try downloading it again, but let Windows use its default location (usually something similar to C:\Users\Fred\Downloads). Or if your browser lets you use Save as, download the file to a place you can find it easily — such as the desktop.

It’s also possible that some security tool or setting on your system killed or deleted the download to “protect” you from the file. I don’t know what apps you’re using, but you might try temporarily disabling your security apps for the couple of minutes the download will take. If you don’t do anything else while the download is taking place — don’t surf elsewhere, open email, etc. — the risks will be minimal.

And, of course, remember to re-enable your security apps when the download finishes!

Use Sandboxie to run XP apps in Win8?

Like many readers, Steve Walker is seeking to preserve a few XP-era apps on newer systems.

• “My wife has asked me to set up a version of Windows XP on her new Win8.1 machine. She has a number of legacy craft programs she uses frequently.

  “Bearing in mind the future security risks of using XP, is it worth the effort — or even possible — to set up a virtual PC inside a sandbox such as Sandboxie?”

Sandboxie (free/paid; site) is security software that can help prevent programs from altering your PC’s operating system. For your application, it’s unnecessary.

To safely run those legacy applications, I suggest two approaches:

First, try installing and running the XP apps natively in Win8.1, using the Win8 compatibility mode. It usually works, and you’ll be using the same security tools that are protecting the entire system.

If you need more information about Win8’s compatibility modes, see the MS Windows help page, “Make older programs compatible with this version of Windows.”

If that doesn’t work — some XP-era apps simply can’t be made compatible — then using a virtual PC (VPC) such as VirtualBox (site) is the next-best solution. A good VPC will isolate whatever OS it’s running. If the guest OS crashes or is infected, there’s no real threat to the host system. In other words, a good VPC provides both compatibility and sandboxing in one step.

For a fuller discussion, see the Nov. 28, 2013, LangaList Plus item, “Running Windows XP–era software in Win8.”

Using old TeraByte system-imaging tools

Lawrence Richards wonders about the continued use of some old partitioning/system-imaging tools I’ve mentioned in the past.

• “Fred, I still use the TeraByte Unlimited programs (site) that you used to recommend, years ago.

  “You’ve not mentioned them for a long time in your articles. Do you still use and recommend them for image backups?”

I liked the low-level TeraByte tools (site) because they were entirely self-contained. They booted and ran their own, tiny, special-purpose, DOS-like operating system. That meant you could run the tools on essentially any working hardware. You could, for example, use the tools to fully restore system images to bare, unpartitioned, unformatted discs.

But two things changed over time. First, Windows’ own recovery tools have improved. For example, Win7 includes a perfectly fine, built-in imaging tool. And Win8 has its built-in Recovery Media Creator. It lets you produce a recovery USB flash drive that works with Win8’s native custom recovery images, letting you easily return to life, and restore, even severely crashed PCs.

(Need more info? For Win7, see the May 12, 2011, Top Story, “Build a complete Windows 7 safety net”; for Win8, see the Oct. 10, 2013, Top Story, “Creating customized recovery images for Win8.” Also check out the Windows help page, “Create a USB recovery drive,” for information on the Win8 Recovery Media Creator.)

Next, starting around 2005, PCs began using the Unified Extensible Firmware Interface (UEFI) BIOSes, which offered new, more advanced, and more secure control of the boot-up process.

The UEFI BIOS is now used in most new PCs. And Windows 8’s Secure Boot feature uses UEFI to help guard against low-level malware such as rootkits and bootkits.

That’s good, but there’s a side effect: it’s much harder to boot a Win8 PC from standalone, self-contained, bootable CDs and DVDs. In order to use self-booting tools such as TeraByte Unlimited, you have to set up your Win8 system to bypass Secure Boot.

It can be done — but it’s a bit of a hassle. For more on that topic, see the Oct. 3, 2013, LangaList Plus article, “The pitfalls of Windows 8’s Secure Boot.” Of course, you also have to accept the slight additional security risk that comes with disabling Secure Boot.

I still use TeraByte Unlimited on some of my very old PCs. But on Win7 and Win8, I find the native Windows tools work just as well — and they’re much easier to use. They’re also free; the TeraByte tools cost U.S. $30 and up.

For me, using the tools Microsoft built into Windows 7, and later versions, simply makes more sense.

BIOS updates: Incremental or all at once?

Herbert Hirsch wonders about the best way to update a PC’s BIOS.

• “Hi, Fred. Perhaps you can shed some light on a discussion I’m having with a fellow support tech. When updating the BIOS, should the updates be installed in order? Or does the latest update include all previous updates?

  “Neither of us has seen a definitive answer on this subject, so we’d like you to weigh in.”

I hope you don’t have a bet on the answer, because there’s no universal, completely accurate answer to your question. There’s no formal standard for BIOS update methodology — different manufacturers can do things the way they want. You should always follow the specific vendor instructions for a particular make and model of PC.

That said, most BIOS updates rewrite the entire BIOS — all at once. The process doesn’t append new code or insert a patch into existing code.

Because the entire BIOS is rewritten from scratch, you don’t have to install interim patches. You simply install the latest-available code for your PC. That should bring your BIOS fully up to date, in one shot.

Gadgets fill in mobile computing's missing links

Desktop computer sales continue to plummet as tablets, smart phones, and ultra-thin laptops become ubiquitous in the home and office, and on the road.

But moving to smaller devices means losing the convenient components and ports we take for granted on standard PCs. Here’s how to get some of that convenience back.

There’s no end of after-market gadgets designed to replace the USB ports, keyboards, wireless connections, and even power capacity that are typically missing on our mobile devices. Here are five cross-platform products that let you get more out of your portable electronics.

Give missing I/O ports to mobile devices

The small form factor of the latest ultra-thin laptops is both a blessing and a curse. What you gain in lighter weight and smaller size, you lose in connectivity — there’s a conspicuous lack of ports. When you’re working at your desk, the relatively inexpensive solution is to add a docking station — such as the Kanex simpleDock (site) for Windows and Mac OS X devices.

Billed as a docking and charging station, the U.S. $120 box takes up minimal desktop real estate. It’s outfitted with three USB 3.0 ports; a dedicated 2.1 amp, USB charging port; and gigabit Ethernet. A charging cradle on top is obviously designed to fit an iPhone, but just about any cell phone can comfortably nest there for recharging.

I attached the simpleDock to my Lenovo UltraBook, which is severely I/O-port deficient. The dock’s three USB 3.0 ports let me connect both my printer and my external backup drive to the laptop — and still have one port open for plugging in a thumb drive when needed. The Lenovo does not include an Ethernet port, leaving me dependent on slower Wi-Fi. But by connecting an Ethernet cable to the dock, I now have a faster, hard-wired Internet connection.

Figure 1. Kanex's simpleDock gives back the I/O ports you typically lose with ultra-portable computers.

The simpleDock connects to any Windows or Mac laptop via a single USB 3.0 cable. Taking my laptop out of the office is a simple process of disconnecting two cables: power and the USB connection to the simpleDock. And I know that my cell phone is fully charged, too.

No ultra-portable laptop user should live without a docking station. The simpleDock is justly named — simple to set up and use. For a couple of docking-station alternatives, see Lincoln Spector’s March 20 story, “Making a Win8 laplet into a Win7-ish workstation.”

Get Wi-Fi where there’s no Wi-Fi — with MiFi

MiFi — trademarked by Novatel Wireless — converts cellular networks to local Wi-Fi, giving up to 10 Wi-Fi–enabled devices simultaneous access to the Internet. MiFi 2 is a 4G LTE mobile-hotspot box that includes additional sharing and streaming capabilities. It’s available from several wireless carriers.

The MiFi 2 version I took for a spin is AT&T’s Mobile Hotspot MiFi Liberate (site). With its bright, easy-to-read, 2.8-inch color touchscreen, it took half a minute to connect my laptop and iPad to the Web while I was sitting in San Francisco’s Golden Gate Park. (I picked a spot where there were no available Wi-Fi signals.)

The touchscreen’s ten icons provide quick access to connection information such as settings, currently connected devices, and data usage — important information when using data-limited cell plans. Possibly unique to the MiFi 2 is a microSD card slot, which allows file sharing with connected devices. The Media Center icon let me access movies, music, and photos I’d transferred to the microSD card from my MiFi/Wi-Fi-attached iPad, iPhone, and laptop.

Figure 2. The compact AT&T Mobile Hotspot MiFi Liberate provides simultaneous Internet access to as many as 10 Wi-Fi-enabled devices via a cellular connection.

Setting up local Wi-Fi connections to the MiFi was quick and easy: I simply typed a URL into each device’s browser and entered the MiFi’s admin password. The box has a limited Wi-Fi range of up to 30 feet — as was proven when I moved my iPad beyond that distance. Sure enough, my signal dropped to one unusable bar. Within the 30-foot circle, however, I could stream video blip- and hiccup-free to my laptop, phone, and tablet — simultaneously.

The MiFi’s rechargeable battery is rated for up to 12 hours of in-use time. But the more devices connected to it at the same time, the sooner it’ll wear down. Standby time, according to Novatel Wireless, is up to 57 hours.

Obviously, the primary benefit of MiFi is the ability to set up a local Wi-Fi hotspot anywhere you can get solid cell service. I think MiFi hotspots are particularly useful at any location with dubious Wi-Fi security: cafés, libraries, and — especially — hotels that charge extra for Internet connectivity. Instead of using public Internet, connect to the Web with the security of a personal network.

Keep in mind, however, that connecting to the Web via Wi-Fi and cellular will typically be noticeably slower than through normal Wi-Fi — sometimes painfully so, if the local cell tower is busy.

The MiFi Liberate weighs just 4.26 ounces and will easily slide into almost any travel bag. With a two-year service contract, AT&T currently charges $29 for the box; cellular plans start at around $50 a month for 5GB of data. Okay, it’s not cheap. But if you need Wi-Fi where there’s no Wi-Fi, it’s a fair price.

ZAGG’s Universal Keyboard: Data entry on the go

One of the pitfalls of most mobile devices is the keyboard. On-screen entry is often inaccurate, and full-sized keyboards are typically heavy and awkward to carry. But the ZAGGkeys Universal Keyboard (site) is a versatile chameleon. Designed to work with just about any Bluetooth-enabled Windows, iOS, or Android device, it weighs a mere seven ounces and comes housed in a protective, plastic, clamshell case that converts into a convenient stand for your selected device.

The keyboard’s power requirements are so low, ZAGG claims up to three months of use on a single charge, assuming about two hours of daily activity. Fully charging the lithium-polymer battery should take a couple of hours.

Figure 3. ZAGG's light, Bluetooth-enabled keyboard is well suited for entering text into mobile devices — whether in the office or on the road.

I found typing on the evenly spaced, island-style (aka chiclet) keys mostly typo-free. I have big hands and I touch-type, so for me that’s a big thumbs-up (no pun intended). Accurate data entry is helped by the Universal’s curved, ergonomic design that slopes up to the top row.

The keyboard layout was egalitarian — it includes both a Windows (Start) key and the analogous Apple Command key, both placed to the left of the space bar. One key to the right of the space bar combines both the PC Alt and Mac Option keys. The Escape key doubles as a Home key — handy when you are using the keyboard with a tablet.

Bluetooth pairing was brain-dead simple and fast: simply enable Bluetooth on your mobile device and push a switch on the side of the keyboard. Although the ZAGGkeys Universal Keyboard lists at $70, I found it online for as low as $40.

Sherpa 100: Power pack for recharging everything

There’s a slew — make that a legion — of portable battery packs in every shape, size, and capacity for charging low-power, digital devices such as smartphones and tablets. But few of the power packs have the capacity to fully charge a laptop PC, too. One versatile unit that can do so with ease is Goal Zero’s Sherpa 100 Power Pack (info).

And I do mean versatile. The Sherpa 100 sports two USB ports for phones, tablets, and similar devices; a 12V port; and a port specifically designed for laptops. Two optional, detachable AC inverters let you power 110-volt or 220-volt equipment that uses 100 watts or less — useful when you have a recharging adapter that requires an AC outlet. Flipping a switch turns on a bright LED flashlight that operates even when the rest of the unit is switched off.

The battery pack has a capacity of approximately 26,400mAh at 3.7 volts — more than double what most other compact power packs offer.

The Sherpa’s ability to deliver backup power was put to the test when my 15.6-inch Dell laptop desperately needed a recharge while far from AC power. The Sherpa kit includes four common laptop power tips. It fully charged the Dell’s battery and still had nearly 50 percent capacity left over. The system is fully fuse-protected to prevent damage to your devices from overcharging.

Figure 4. The compact but pricey Sherpa 100 typically provides enough power to recharge a laptop twice.

What distinguishes Goal Zero from many of its competitors is a diverse approach to battery charging. The company offers several models of portable solar panels, plus you can connect its battery packs to AC or to a car’s 12-volt outlet. According to Goal Zero, the Sherpa 100 takes about three hours to charge from AC, about four hours from a car, and roughly seven to 30 hours from a solar panel (depending on the solar panel’s size and the amount of sun).

Unfortunately, Goal Zero products don’t come cheap. The Sherpa 100 kit lists for $350; the option AC inverter will set you back another $50. The optional Nomad 20 Solar Panel sent with my test Sherpa costs $200. But Goal Zero offers smaller solar panels that start at $125. You can also purchase Sherpa 50 for $200 — it has one USB port and sufficient capacity for one laptop charge.

However, this might be a case of “you get what you pay for.” The Sherpas use lithium-nickel-manganese-cobalt chemistry for higher power output and longer life. Lithium-ion batteries are also easier to recycle at their end of life. And the Sherpas have a rugged case that’s designed for travel.

Green Screen cleans windows — the PC’s variety

Most of the cleaners we use — whether for the kitchen and bathroom, the computer monitor, or even your eyeglasses — contain possibly harmful chemicals. For example, the spray I’d been using to clean my glasses and laptop screen had some chemical that made me sneeze seconds after I sprayed it.

So I wanted a cleaner that used only naturally occurring ingredients. Better Life’s Green Screen (info) safely wipes away dust and fingerprints from all my electronic displays: HDTV, computer monitors, tablets, camera lenses, smartphones, printer flatbed glass, and — yes — even my eyeglasses. It leaves no streaks or static; and with no dyes, alcohol, fragrance, or petroleum-based cleaning agents, it leaves me sneeze-free.

I apply the cleaner with a microfiber cloth because cotton-based fabrics can leave scratches. (The spray’s directions say not to apply it directly to the devices.) An 8-ounce bottle sells for $8. Be like Kermit the Frog — all green!

Revisiting nonsecurity fixes, plus XP's countdown

Redmond must be focused on its April 2 Build 2014 developers’ conference and the release of Windows 8.1.1 — there are no new updates this week.

Use this reprieve from patching to follow up on some lingering update problems and a new Word zero-day threat.

2953095

MS releases fixit for new Word vulnerability

On Monday, March 24, Microsoft released Security Advisory 2953095, which warns of active zero-day attacks directed at Word 2010 users. The threat comes from malicious RTF files that are opened in Word or — potentially — previewed in Office.

While we wait for an official update, a Microsoft Security Research and Defense Blog post offers the following suggestions:

• If you have the latest Enhanced Mitigation Experience Toolkit (EMET; site) installed in its default configuration, you’re protected.
• If you can’t install EMET or want still more protection, MS Support article 2953095 includes a fixit that will block RTF files from being opened in Word.
• Network administrators can use the Windows Trust Center to make their own custom File Block settings (more info) to block RTF files.

And I’ll add one of my own. Consider installing PocketKnife Peek (site), a tool that lets you preview your email as plain text before opening it. It works on 32-bit versions of Office 2000 to 2013.

Brian Krebs noted in his security blog that merely previewing the file in Outlook could allow an attack. But I’m not sure that’s exactly true. The aforementioned SRD blog states, “There is a theoretical Outlook attack vector for RTF vulnerabilities through the preview pane. The reduced functionality of the preview pane makes this attack vector extremely hard to carry, and, to date, we have never seen exploits leveraging this mechanism.”

What to do: I recommend installing EMET 4.1 (site) rather than relying on the fixit. But if you’re not comfortable installing EMET or you run into problems after installation, then the fixit (site) mentioned above is the next-best bet for now. Again, there are already a few reports of active attacks.

2863908, 2863911

Nonsecurity Office updates turn app tiles blank

Two nonsecurity Office 2013 updates for Lync and Outlook have odd side effects. When they’re installed on Windows 8 machines that don’t have Office 2013 SP1, the Start screen tiles for the two programs go blank (see Figure 1).

Figure 1. The possible consequence of installing two Office 2013 updates: blank or nearly blank tiles for Lync and Outlook.

Both patches are cumulative updates with various fixes.

Currently the only workaround for the broken-tile problem is to install Office 2013 SP1 (KB 2817430). Simply uninstalling these updates might not restore the tiles to their proper appearance. The flaw is only cosmetic, but it’s still really annoying.

What to do: In Windows Update, uncheck KB 2863908 for Lync 2013 and KB 2863911 for Outlook 2013 and then install Office 2013 SP1. When that’s done, reselect the Lync and Outlook patches in Windows Update and install.

If you already have broken Lync and Outlook tiles, installing Office 2013 SP1 should fix them.

More Outlook problems — with Office 2013 SP1

Office 2013 SP1 might be needed to fix the blank-tile problem, but it has at least one issue of its own. After installing the service pack, some users are unable to open Outlook 2013. The root cause is graphics-card compatibility. Office 2013 relies on DirectX and hardware-based graphics acceleration. So you might need to update your graphic-card drivers to the latest version. In Windows 7, an alternative solution is to disable Aero or hardware-based graphics acceleration, as noted in an AskVG.com blog post.

Office 2013 SP1 doesn’t introduce any new color schemes, so I don’t understand why the suite is so graphics-dependent. (Perhaps it takes more work to do shades of white than I thought.)

What to do: Check your video-card drivers if you can’t open Outlook 2013 after installing Office 2013 SP1.

Time to catch up on nonsecurity updates

Microsoft might have developed the bad habit of releasing bunches of nonsecurity updates on Patch Tuesday, but I prefer to put them aside until the end of the month. The following updates should be safe to install:

• 2894853 – Updates Windows Defender for Windows 8.x and Windows RT
• 2904266 – Cumulative time-zone update for Windows; applies to Mid-Atlantic, Morocco, Libya, and Fiji time zones
• 2913760 – Driver and firmware update failures in Windows 8.1 and Server 2012 R2
• 2918077 – View Available Networks UI freezes after installing KB 2813956 in Win7
• 2919442 – Servicing stack update for Windows RT 8.1, Win8.1, and Server 2012 R2: March 2014W
• 2920540 – Stop error occurs when Win8.1 or Server 2012 R2 restarts via the Sysprep.exe process
• 2922717 – Time zone changes for Jordan, Brazil, and Fiji
• 2927811 – Passwords won’t change in Server 2003 SP2 domain
• 2928678 – March rollup update for Windows RT, Win8, Server 2012
• 2928680 – March rollup update for Windows RT 8.1, Windows 8.1, and Server 2012 R2
• 2929733 – Windows Error Reporting SSL encryption extended to first stage
• 2929755 – After installing KB 2670838, out-of-memory error when loading image resources into an application; applies to Win7, Win8, Windows RT, and Windows Servers 2008 R2 and 2012
• 2930157 – March compatibility update for Win8.1, Windows RT 8.1, and Windows Server 2012 R2
• 2930168 – Dynamic update for Windows RT 8.1, Win8.1, and Server 2012 R2
• 2930169 – March compatibility update for Web, Store, and Media-upgrade Experience; applies to Win8.1 and Windows Server 2012 R2
• 2930294 – System-image backup fails after upgrading to Win8.1 and Windows Server 2012 R2

Office nonsecurity updates include the following:

• 2837594 – Microsoft Filter Pack 2.0
• 2863818 – Office 2010
• 2863912 – MS SharePoint Server 2010
• 2863941 – Web Applications 2010
• 2878225 – Office 2010
• 2878227 – Visio 2010

What to do: Install these updates if offered.

Major update for Windows 8.1 coming soon

At next week’s Build 2014 developers’ conference in San Francisco, Microsoft will reportedly release its update to Windows 8.1. Apparently, Windows 8.1.1 (as it’s unofficially called) will arrive via Windows Update and not the Windows Store. (Windows 8.1 could be downloaded only from the Store.)

Based on previews, the update will be smarter about the type of computer it’s on. It’ll boot directly to the Desktop on those computers that don’t have touch screens.

Whenever there’s a major change to an OS, it’s always safest to wait and see whether there are reports of problems. I plan to test Win8.1.1 when it shows up, and I’ll report what I find in Patch Watch.

What to do: Win8.1 users should keep an eye out in Windows Update for the next iteration of Windows 8 — and uncheck it for now.

MS14-015 (2930275), MS13-081 (2862330)

One Windows kernel patch gets an all-clear

The end of the month is also when I catch up on kernel updates, which often have conflicts with apps such as antivirus software. Now that we’ve had time to look at it, KB 2930275 appears to have no significant problems.

On the other hand, I still haven’t changed my mind about KB 2862330. It’s had just too many issues with USB devices and audio drivers — and it’s rated just important. If you’ve already installed it and haven’t seen any USB, audio, or other problems, leave it installed.

Typically, if you run into trouble with a kernel update, the best workaround is to temporarily disable any real-time antivirus software — the most likely source of conflicts.

What to do: Install KB 2930275, but continue to keep KB 2862330 on hold.

Counting down the days for XP support

We’re fewer than 30 days away from Windows XP’s official end of life. (Unofficially, XP’s end of life is still a long way off for many users.) It’s also the official end of life for Office 2003 and Exchange 2003. All three platforms will receive their last security updates on April 8, the next Patch Tuesday.

For XP users, it’s important to remember that they can continue to get previously released updates via Windows Update and new virus definitions for Microsoft Security Essentials. You can also continue to reactivate XP if you have to do a reinstall.

What you won’t get are new security and nonsecurity fixes.

While Microsoft is pushing XP users to upgrade to Windows 8 (or at least off XP), WindowsSecrets will continue to update you on new exploits that are targeting XP systems. XP shares similar code with Windows Server 2003, which will receive updates for one more year. Those updates will give us a clue to newly revealed XP vulnerabilities.

According to a recent TechNet blog, Microsoft has heard from many individuals and small businesses that they won’t upgrade from XP any time soon. But I’ve heard that many large companies will also stick with XP for as long as possible for their line-of-business requirements.

That said, there’s no dispute that Windows XP is a riskier platform to use when connected to the Internet. You should seriously look for alternative ways to browse the Web and check email.

What to do: After the final April 8 security updates, stay safe by disconnecting your XP systems from Internet access.

2917508, 2917522

Exchange 2007 and 2010 update rollups released

When Microsoft releases Exchange fixes on Microsoft Update and Windows Server Update Services, I always check out comments posted to the Exchange Team blog. It’s where server administrators often post problems they encounter with updates. Historically, Exchange fixes have not had a good track record.

Because these are nonsecurity updates, there’s no need for server admins to install them immediately. In fact, I recommend you review the underlying Knowledge Base articles to see whether you even need to install these updates.

What to do: For Exchange 2010, review KB 2917508; for Exchange 2007, review KB 2917522.

Regularly updated problem-patch chart

This table provides the status of recent Windows and Microsoft application security updates. Patches listed below as safe to install will typically be removed from the table about a month after they appear. Status changes are highlighted in bold.

For Microsoft’s list of recently released patches, go to the MS Security TechCenter page. See our “Windows Secrets master Patch Watch chart” post for a more extensive list of recent updates.

Status recommendations: Skip — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply.