JON HONEYBALL
Jon Honeyball channels his inner Dickens as he shares his thoughts about Windows 11, the iPad Pro memory limitation and wireless jammers
Jon channels his inner Dickens as he shares his thoughts about Windows 11, the iPad Pro memory limitation and wireless jammers in schools.
“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of light, it was the season of darkness, it was the spring of hope, it was the winter of despair.” So wrote Charles Dickens of the grand announcement of Windows 11, by the team bosses and The Big Cheese Nadella himself. Let’s cover the worst of times first.
What went wrong? A lot. The live stream from Microsoft was an unmitigated disaster of stalling video, disconnections and technical issues. The very thing that a demonstration of your world-leading competence in cloud services should not do. “Scale out! Scale up!” has been the common rallying cry. It didn’t, and didn’t.
Fortunately, I found a feed on YouTube that gave me access to the ongoing event. We’ll skip over the over-wrought emotional nonsense, about how Windows is all about bringing together *croaking throat* loved ones and their dogs. Instead, let’s dive into the beta that’s now available for all to play with. You have to sign up to be a Windows Insider build tester ( insider.windows.com), but this is easy enough. Once you’ve done this, the new build trundles down onto your computer and the upgrade is done for you.
Well, that’s the theory. Let’s get on to the real “worst of times” about all of this. Of all the things that Microsoft could have got wrong, detailing the hardware requirements would be pretty high on the list. Ruling out a bunch of recent hardware because of their CPU would be one. Not talking to the Microsoft Surface group about which ones were “in” and which ones were “out” would be careless. Not checking that the current and very expensive Surface Desktop product is “out” is doubly careless. Stating that you need to have a TPM 2 security chip is fine, but then having others like AMD saying that TPM 1.x will do too is not fine.
And if it requires TPM, how come it will happily install into a virtual machine that doesn’t have TPM (but could if required)?
Having a compatibility checking tool is a good idea ( aka.ms/ GetPCHealthCheckApp). What’s not such a good idea is it to reject your computer without telling you what’s wrong. What’s doubly not so good is then issuing a new version of the tool within 24 hours.
Having a hardware compatibility list is good. Revising it, almost by the hour, looks sloppy.
I could go on and on. If ever there was a demonstration of how one part of a company is so stuck in its own silo and didn’t think of the big picture, let alone its customers, this is it.
Maybe the decision came together in a big rush. Maybe it wasn’t supposed to be this way, and Windows 10X was still a contender until even a few months ago. Who knows? What is clear is that this mess is unusually poor, even by the often disconnected and disjointed standards of messaging by Microsoft.
So let’s get down to the shipping beta. Which is exactly what you would expect, now that Microsoft has come clean about what it intends to do with Windows 11: Windows 10 with a new paint job. A big refresh, lots of little tweaks and adjustments. A bunch of stuff that could have been slipstreamed into Windows 10, had the will been there. Some stuff, such as the tarted-up user interface, that could easily been a Plus Pack, for those who remember back to the Windows 95 days.
As Mr Dickens’ report indicates, however, there is much to like here. The new user interface has a crispness to it that Windows 10 was lacking. There was nothing wrong with 10, but it had become like a pair of well-worn slippers.
Although I can rant and moan about the historical debris that litters Windows 11, right down to the old Microsoft Management Console, the reality is that most home and SME
users will rarely, if ever, have to dig that deep. Corporates won’t care – they know and love this stuff, because it’s very much a known quantity. And in corporates remote-managed computers are now the norm.
Still, I would have liked more for my 11. I would have liked to have seen really deep application runtime protection. I would have liked to have seen a Windows that didn’t require antivirus software because it had been hardened. I would have liked to have seen a method of running important legacy code in a way that kept it locked away in its own private space. And for unknown code to be properly handled, possibly even in a fully hardened virtual machine.
Much of this was promised for Windows 10X. Maybe it will come with 11 at some point in the future.
In the meantime, there is a lot of New Shiny to look at in Windows 11 beta. My favourite new thing? Microsoft has finally integrated all the command line technologies into one window – PowerShell, Command Prompt and Azure Cloud Shell. And about time too.
As for Windows Update, it has just informed me that there’s an update to this new beta. Apparently it’s for “Windows 10 Version Next”. Maybe the Windows team hasn’t quite embraced its inner Nigel Tufnel from
This Is Spinal Tap yet?
TPM in VM
The question of TPM hardware is interesting, especially when it comes to a virtual machine environment. Do you need to have a TPM when the physical device is disconnected from the operating system runtime by a hypervisor?
A good VM environment such as Parallels supports TPM 2 if you add in the TPM software solution to the hardware definition of a VM. To prove this, I just took a full copy of my Windows 11 VM. And yes, I love being able to take a full copy of Windows installations in less than a second, and treat it as a scratch environment. Do things that make it blow up and die? Who cares? Just copy another version back in and I’m up and running.
Having got the TPM module working, I fired up the Windows 11 session in the virtual machine and went to the Bitlocker settings. Here I was able to confirm that the TPM platform was indeed version 2. And that I could encrypt the local hard disk with Bitlocker. Of course, I wasn’t encrypting the underlying
Mac storage – I was encrypting the file that contains the virtual file system for that VM. After a few seconds, it was done and I had TPM 2.
I could ponder out loud how it is that I managed to get the Windows 11 beta working with no TPM installed, given that Microsoft is proclaiming TPM 2 to be a requirement. But I leave that as an exercise for the reader.
TPM does throw up an interesting thought, which I haven’t really managed to get to the bottom of. In a VM environment, the TPM module is a software wrapper in the VM to the underlying hardware. Parallels rightly points out that the underlying TPM keys are obviously locked to the security infrastructure of the Mac on which the VM is running. You can’t take a TPM-encrypted VM and move it straight to another Mac because the keys won’t align, and so the system can’t unlock the encrypted file system.
So how is this going to work in the future? I’ve avoided TPM in VMs because of this issue; I want to be able to fire up a Parallels-hosted VM on any of my Intel Mac boxes, including the old but still hugely impressive Mac Pro, my 2020 Mac mini and my 2020 MacBook Pro. I can move VMs around between them with no issues. Add TPM into the mix and, according to Parallels, this gets a lot more complicated. If Windows 11 is really going to mandate the use of TPM, how are we going to manage the movement of VMs running Windows 11? I don’t know the answer to that – and I suspect nor does Microsoft.
“Maybe the Windows team hasn’t quite embraced its inner Nigel Tufnel yet?”
Big memory on big iPads
Remember I expressed concerns about my shiny new iPad Pro 12.9in with 2TB of storage? That it has
16GB of memory on the M1 processor, and yet the iPadOS platform is still architected for the older “A” iPad platform, which is limited to around 5GB of RAM for an app? This came about because the original iPad Pro shipped with 6GB of RAM.
My concern was that my new iPad Pro’s expansion to 16GB might not actually be useful to an app. Well, it seems that Apple pre-empted this: in the latest betas of iPadOS 15, there’s a developer feature that lets any app request access to more RAM. It’s a property list entitlement called “com.apple. developer.kernel. increased-memorylimit”.
Apple goes on to say: “Add this entitlement to your app to inform the system that some of your app’s core features may perform better by exceeding the default app memory limit on supported devices. If you use this entitlement, make sure your app still behaves correctly if additional memory isn’t available.”
In essence, the app is still limited to its 5GB allocation as before, but it can politely ask the operating system if it can have some more via this entitlement value. This is the iPadOS equivalent of a certain author’s Oliver Twist saying: “Please sir, I want some more?” And iPadOS saying: “MORE?”
This sort of “ask nicely and you might get what you want” is typical of iOS and iPadOS. If you remember, when the iPhone shipped and then enabled the App Store, it wasn’t possible for an app to run in the background. Apple was paranoid that badly written apps from third-party developers would kill the battery life by churning away in the background and so the operating system automatically paused them when they didn’t have focus. When Apple determined that it was probably okay for apps to run in the background, it allowed developers to set a flag requesting this capability on the app. Exactly the same thing is happening here – an app can ask for more RAM. It might get it and it might not, but it has to work well without the additional memory.
It’s going to be interesting to see which apps take advantage of this.
Wi-Fi heat maps on Macs
Doing a survey of Wi-Fi around a building is not an easy task. Ideally, you’ll walk around taking samplings of the Wi-Fi signals, and then the software can build up a heat map of the quality of the signal, creating a coloured gradient map that’s based on the underlying data but fills in the gaps.
I still use VisiWave ( visiwave.com) on Windows 10. I have a hardened Dell laptop with a shoulder strap, and I can trundle around impervious to the odd British summer shower. It’s not a particularly nice piece of software to use, landlocked in old UI design and operation, but it does a good job.
I use NetSpot ( netspotapp.com) too on a MacBook Air M1. This has the advantage of being able to do full round-trip speed testing of both TCP and UDP using a local iPerf3 server. Again, it creates heat maps that can provide a strong visualisation of the likely throughput across an office or a larger home.
Both of these tools aren’t exactly cheap, so it was nice to come across a new tool called AirSurvey that sells for the princely sum of £14 in the Mac App Store.
Like most of these tools, it allows you to import a diagram of the building; any cheap CAD or drawing program will work for this. And then to wander around taking measurement samples. It doesn’t support iPerf, meaning that the graphing is limited to signal-to-noise ratio. However, the signal level of Wi-Fi is a reasonably good predictor of likely efficacy. For the money, it’s certainly worth a punt: you might find out al l sorts of things regarding your home or office Wi-Fi that weren’t obvious before.
Over the past few days, there has been a lot of public chatter in the newspapers about the use of mobile phones in schools. Their use is being linked to all sorts of unpleasant behaviour, whether it’s “upskirting”, online chatting behind others’ backs, or just all the sort of various unpleasant things that happen.
Grown-up schoolboy-turnededucation-minister Gavin
Williamson has proposed that schools should be a phone-free environment. How one would manage this, without getting each child to drop off their phone in the morning and collect at the end of the day, is really not clear to me. I know that schools have robust policies in place over phone use, acceptable-use policies and so forth, but policing them is never going to be easy.
Some have suggested that schools should instead have “phone-blocking technology” to prevent children making use of their phone. It was at this point that my bile began to rise. There’s no such thing as a phoneblocking tech, a radio equivalent of a “black hole” into which all signals can disappear.
“There’s no such thing as a radio equivalent of a ‘black hole’ into which all signals disappear”
Well, to be strictly correct, you could do this: you could install a 3G/4G transmitter in the school that appeared to be on the Vodafone, EE and so forth networks, and the phone would automatically switch to the “nearest cell tower”. Which would then conveniently cut them off from the network.
Now you might think that this isn’t possible, but I have strong reason to believe it can work. And work very well, and is relied upon by those who handle state-level matters in a, shall we say, covert manner. The problem is that no school could afford this sort of technology, nor will the telcos ever entertain the idea.
Worse still, there is always the problem with radio: how do you contain the footprint? If you made a school into a phone-no-connect zone by having a local cell, what about the nearby neighbours? And how will parents react at the thought of a mast within the school itself? I can sense the apoplexy from here.
The other suggestion is that schools use blockers. A blocker in this sense is essentially a noise generator that blasts out radio noise across the relevant parts of the radio spectrum. But there are many excellent reasons why this is illegal under section 68 of the Wireless Telegraphy Act: to quote Ofcom, “at best a radio frequency jammer could cause you to miss a call; at worst, it could facilitate crime or put life at risk”. Head to pcpro.link/324jam for more details.
You can buy such jammers on various online sales platforms. I confess I have been tempted to get one, to put inside our Faraday cage, and then to see just what horrible noise they squirt out across the airways. It’s one thing to do this within the confines of a lab Faraday cage, but it’s quite another thing to do this by buying some unknown black box and turning it on within a school canteen.
So if anyone suggests that fixing the problems that mobile phones have undoubtedly created within schools requires the roll-out of phone jammers, or some other magical phone-blocking technology, please explain to them that this is a very bad idea indeed.