Category Archives: Thoughts & concerns

Insider stuff, Recent Activity, Thoughts & concerns, WED Blog, Windows 11

Ongoing Win11 DISM WinSxS Cleanup Issues

October 28, 2024 Ed Tittel Leave a comment

I’ve been writing about this since late 2021 or early 2022 — within months of the initial preview release for Windows 11. Something in the update environment produces ongoing Win11 DISM WinSxS cleanup issues. That is, running /analyzecomponentstore keeps popping up reclaimable packages even after /startcomponentcleanup reports cleanup success. Right now, I see this in almost every version of Windows 11 I have running, which includes:

Windows 11 23H2 Production (Build 22635.4435: 13 items)
Windows 11 24H2 Production (Build 26100.2161: 2 items)
Windows 11 Beta Channel (Build 222635.4435: 13 items)
Windows 11 Canary Channel (Build 277729.1000: 0 items)
Windows 11 24H2 Copilot+ PCs (26100.2033: 2 items)

You can see this at work in the lead-in graphic. Notice the initial reclaimables count is 16 at the top of that screencap. After running cleanup, then analyzing again, that count drops to lucky 13 instead of zero as one might expect. (Note: you may need to right-click the image and open it in its own tab to see that 13 value.) I’ve seen that count as high as 14 and as low as 1 or 2 in various Windows 11 builds over the past 3 years.

Fixing Ongoing Win11 DISM WinSxS Cleanup Issues

As Windows 11 issues go, this one is quite benign. I’m pretty sure that’s why it has been allowed to pop in and out of various Windows versions pretty much since the get-go. That said, one can fix this if one must (and you OCD types know who I mean). How do I know? I’ve done it myself…

You can perform an in-place upgrade repair install to make this issue go away. But it takes time (30 minutes and counting on my Windows 11 PCs) and the issue keeps coming back after you apply upcoming Cumulative Updates. That’s why I don’t bother with fixing this myself (except when I need pristine screencaps for writing work) anymore. If you must zero this out, use Settings > System > Recovery, then click the “Reinstall now” button under the “Fix problems using Windows Update” heading. Easy-peasey!

There is a spot of forward-looking cheer, too. The current Canary Channel build (277729.1000) does NOT have this issue. Maybe when production catches up that far, it won’t continue. Fingers crossed…

Copilot+ PCs, Insider stuff, Recent Activity, Thoughts & concerns, WED Blog

Snapdragon X DevKit Is Cancelled

October 22, 2024 Ed Tittel Leave a comment

In hindsight, it’s no surprise. I signed up — and paid ~US$975 (including sales tax) — for the Qualcomm Copilot+ PC package they offered to the public in mid-July. Initial ship date was late August. Then, it slipped to late September. Finally, it was promised for mid-January, 2025. That’s when I asked kitmaker OEM (Arrow Electronics) for a refund. Last week, Qualcomm sent email cancelling the project and refunding all orders. Ouch: the Snapdragon X DevKit is cancelled. Over. Kaput. No refund yet, either.

Why Snapdragon X DevKit Is Cancelled

For more info, read this October 18 Windows Central story Qualcomm cancels Snapdragon X Elite devkit… In an email, Qualcomm said the kit failed its “usual standards of excellence.” It cancelled the project and promised refunds for all. But gosh: they used my money and that of thousands of other would-be kit buyers for a long, long time before they killed the golden goose.

I’m not just disappointed that my planned purchase evaporated. It’s frustrating that they waited so long to cancel. I’m also ticked off that they’re still holding my money. When I cancelled my order on October 11 (see this X (Tweet) item), they promised a refund in 10 days. That’s today, generously allowing an extra day for order database updates. It’s not yet the end of the day, so it still might show up. But it hasn’t hit PayPal yet, as I write this.

I’m not holding my breath. I’m not happy, either. But that’s the way things go for those who, like me, want to stay on the edge and buy into emerging computing platforms and technologies. In the meantime, life goes on here in Windows-World, one day at a time. Sigh again…

Cool Tools, Insider stuff, Recent Activity, Thoughts & concerns, WED Blog

Halfway Chrome Update Foxes Downloads

August 13, 2024 Ed Tittel 2 Comments

Here’s a new one on me. I was trying to grab an email attachment last night from my webmail client and got stuck in a twist. These items normally take an ICS (Internet Calendaring and Scheduling) extension. Repeated downloads included same, but ended with the CRDOWNLOAD. I slowly figured out Chrome couldn’t correctly conclude its normal download process. Further, it seems a halfway Chrome update foxes downloads until it’s complete. Let me explain…

Why say: Halfway Chrome Update Foxes Downloads

If Chrome is running while it auto-updates, it requires user intervention (permission, really) to relaunch. That’s when it finishes its update process. This is depicted in the lead-in graphic, where the user must click “ReLaunch” (weird intercap, BTW) to finish things up. I guess this prevents losing user data on unsubmitted input pages or forms.

As fate would have it, the Chrome instance I was running was waiting for me to ReLaunch to complete its update process. Until that happened, every download failed to complete and ended in the CRDOWNLOAD file extension. As soon as I finished the update, those files disappeared from my download folder and left only a single, correct, valid and working ICS file for my use in Outlook.

Before this happened, I had no inkling this kind of thing was possible. Now I know, and understand that it’s yet another interesting side-effect of self-update behavior. In Windows, things can get a little strange when programs have to change themselves, and then need to transition from “previous version” to “current version” status. This is just another odd and indicative case in point.

Note: Report on recent missed posts

Those of you who follow this blog will note I’ve missed some days lately. Last Thursday, I took the day off to celebrate my birthday. Yesterday, I had a medical appointment occasioned (at least, in part) by all those accumulated birthdays. Indeed, in the months ahead I’ll be missing more days, as I go in for lens replacement surgery to “fix” my cataracts. I’ll keep writing around those little bumps in the road, but wanted to explain recent and upcoming interruptions in my usual daily output. Your good thoughts and wishes will also be gratefully accepted!

Cool Tools, Device drivers, Insider stuff, Remote Desktop (RDP), Security, Thoughts & concerns, WED Blog

Getting Past Crowdstruck Requires Access

July 24, 2024 Ed Tittel 3 Comments

Last Friday (July 19), cybersecurity firm Crowdstrike pushed an update to its threat sensors. Ultimately, that ended up with over 8 million Windows PC unable to boot, stuck on a BSOD for invalid references in a kernel-mode driver. Behind the scenes, all kinds of companies from hospitals, to government agencies, to airlines, and more, found themselves unable to use updates machines after a post-update reboot. What really caused the heartburn? Getting past Crowdstruck requires access to affected machines on a one-at-a-time basis.

If you look at the BSOD screencap at the head of this blog post, you’ll see a driver named csagent.sys. This is the CrowdStrike Agent driver which runs at kernel mode by design. That ensures it can’t be easily accessed or tampered with by hackers. But when something runs as a kernel mode driver it must be rigorously and thoroughly tested and vetted, or it can crash any PC on which it runs. Errors, in short, cannot be tolerated. Oops!

Why Getting Past Crowdstruck Requires Access

Part of the Crowdstrike software run as a Windows kernel-mode driver. That means it has the same level of access as privileged parts of the OS itself. If any of this code throws an error — as Crowdstrike has publicly admitted its update did — Windows crashes itself. That’s by design, out of an abundance of caution to avoid loss of data or other damage to affected systems.

Here’s where things get interesting. Windows can’t boot and run until the offending driver is removed. In turn, the affected PCs must boot into safe mode or a recovery image. Either can operate on the damaged Windows image, remove the bad driver, and stand Windows back up again. This is easy when admins or IT pros have physical access to affected PCs. Indeed, Copilot recommends using the “three strikes” method to get into Windows recovery. (Three consecutive boot failures autoomatically triggers Windows alternate boot.) Then, using WinRE (or Windows itself in safe mode, from the Advanced Boot Options), repairs can go forward.

The problem is that many, if not virtually all, of the affected machines stayed down, stuck in a “boot loop.” They remained that way because their operators DIDN’T have physical access to those PCs. I’ll bet that most of them had to be teleoperated through a KVM device that can work around PC problems that extend all the way down to the hardware level (outside the scope of normal remote access and RDP). This kind of thing doesn’t scale well, either, so it takes time to work through hundreds to thousands of remote PCs (think of the PC behind the counter at AA or Delta, where the gate or ticket agent is completely clueless about boot-level Windows repairs).

An “Interesting” Problem, Indeed!

Far too many cybersecurity and IT pros found themselves in the grip of the old Chinese curse (“May you live in interesting times”) after the *291* driver for Crowdstrike tried to run on Friday. Organizations that prepare and drill for these kinds of outages were doubtless at an advantage in already knowing how to broker and run boot repairs remotely. I can only imagine the hair-pulling that went on at other outfits less well-equipped to handle this outage.

Here’s a moral to ponder for those who run remote Windows PCs where physical access is impossible, difficult or impractical: Can your remote management infrastructure and automation work with a Windows PC that’s not booting, and won’t boot until it’s restarted in some special way? If your answer is “yes,” you’re probably over the Crowdstruck hump already. If your answer is “no,” you’ll probably make that a top priority as soon as you can kick-start and repair all remaining affected Windows nodes. In the meantime, my deepest sympathies…

Networking, Recent Activity, Thoughts & concerns, Troubleshooting, WED Blog

Pondering Post-Hurricane Internet Outages

July 11, 2024 Ed Tittel Leave a comment

The old saying in my home state of Texas is “If you don’t like the weather, wait 5 minutes. It’ll change.” Things took a turn for the worse on Monday and Tuesday, when Hurricane Beryl tore through the Gulf cost then Houston. At one point, over 2M locations (households or businesses) had no electricity. That number is still about 1.2M as I write this screed according to PowerOutage.us. One unexpected effect caused most Internet Service in Austin, Dallas, Houston and San Antonio to fail from about noon Tuesday until after 7PM that day. As a member of an affected household, it has me pondering post-hurricane Internet outages.

Fortunately, our 5G service stayed up and continued to provide Internet access. So I was able to limp along during the outage, using my iPhone 12 as a hotspot for minimal connectivity. Failing over from a nominal GbE link to something that delivers 5 MBps if we’re lucky stings, though.

If Pondering Post-Hurricane Internet Outages, Think Failover

Until last year, I had a Inseego MiFi M2100 mobile hotspot through my Verizon account. I kept it around as a fallback when the pandemic hit, because we had to have Internet access, guaranteed, while my son was attending high school remotely. He’s off to college now, and we’re doing our best to cut recurring expenses — like most American families nowadays. So we dropped the hotspot when we switched over from Verizon to Spectrum for cellphone service last year. The iPhone isn’t quite as robust as the MiFi device, but it does the job in a pinch.

Looking at news coverage of Tuesday’s Internet outage, Spectrum is quoted as saying it arose from “a third-party infrastructure issue caused by the impact of Hurricane Beryl.” My guess is that an Internet POP/peering location got flooded, or lost power, and backup generators couldn’t or didn’t pick up the slack. The afore-linked story also tells me that the affected area also included Laredo, San Antonio, the Rio Grande Valley, and Corpus Christi.

Resilience Matters

As somebody who makes his living at least partly thanks to Internet access — I use it for research and learning, for business communications, to obtain and deliver work assignments, and a whole lot more — ongoing access is essential. I’m glad I could use the iPhone as a failover device, but it definitely battered my productivity.

It’s enough to get me thinking about doubling up on fiber-optic coverage, and bringing in the AT&T Uverse fiber service alongside Spectrum’s CATV-based GbE service for redundancy’s sake. The question then becomes: it it worth the extra expense? I’ll have to think on that…

Insider stuff, Security, Thoughts & concerns, WED Blog

WordPress Link Access API Hack

June 6, 2024 Ed Tittel Leave a comment

Whoa! I just got messages from a colleague on LinkedIn, and have confirmed for both that social media platform and Facebook, that something wicked this way comes. That is, it seems there’s a WordPress link access API hack that enables malicious redirection whenever a link compaction program calls my site for link info. You can see what this looks like in the lead-in graphic. To mangle Talking Heads my reaction is “That’s not my beautiful site! Those aren’t my URLs.” Ai-yi-yi!

Fixing WordPress Link Access API Hack

Scan, remove bad references. remove any suspect WordPress elements. Put a security scan service in place to prevent recurrences. That’s what my Web guy is working on right now. For whatever odd and obviously invalid reason, I thought my WP service already covered all these bases. Now that I know that’s untrue, it will get fixed as soon as that work gets done.

Wow! What an astonishing PITA for something so modest and focused. It seems that several configuration files got modified through a vulnerable plug-in and included references to malicious URLs as of 5/21. We’re changing all the passwords, fixing what’s wrong, and cleaning up the mess. I’m hopeful things will be back to normal by tomorrow.

Going forward, we’ve added explicit ongoing security scans, and regular reviews of software selections, patch levels, and protective software to the mix. Hopefully, this won’t happen again. But if you see something odd any time you access one of my posts or Web pages, do like MS MVP Simon Allison did, and let me know right away that something seems funny or broken. Every little bit of insight and info helps!

Note Added 6/5 2:40 PM

The URL/API portion of the site has been replaced, and no more malicious or suspect URLs get generated. The issue is apparently fixed, but we’re still scanning all files in the entire site to make sure no other unwanted content/malicious payloads are lurking anywhere. All’s well that ends well, but the road goes on forever and the party never ends…

Insider stuff, Recent Activity, Thoughts & concerns, WED Blog

Default Browser Reset Rankles

May 24, 2024 Ed Tittel Leave a comment

It just happened again. I clicked a (safe) URL in an email message and found myself inside Microsoft Edge. Because my personal practice and preference is to run Chrome as the default, this was a back-handed way of telling me that my default browser had been reset. It probably came from some new VM I set up and filtered back into my MSA via OneDrive. Or I could’ve agreed to something in Edge to make that happen. However this change occurred, any surprise default browser reset rankles when it happens. I don’t like it.

Here’s Why a Default Browser Reset Rankles

I get used to things working a certain way on my desktop. When an update or a settings change affects that same old, same old, I get a little disturbed. Upon investigation, such things are mostly my own doing. I think what bit me this time I that I set up a VM a couple of days ago and just let all the standard defaults — including Edge for the browser — go through unaltered. It didn’t hit me in the chops, though, until I clicked a URL In an Outlook email yesterday after which it opened in Edge. Ouch!

The right thing to do, obviously, is for me to use one MSA for work, and another MSA for testing and experimentation. I think I can avoid the issue through proper practices going forward. But it still rankles when a change in one place trickles down into the same change somewhere else.

Work Away from Unwanted Surprises
IS Working Smarter

As the old saying goes “Work smarter, not harder.” I will do my best to take that old saw to heart and make sure to steer clear going forward. Just another day here in Windows-World, and another case of IDKYCDT via OneDrive. Sigh.

Insider stuff, Recent Activity, Thoughts & concerns, WED Blog, Windows 11

RenamePC + Date&Time Move Into Settings

May 21, 2024 Ed Tittel Leave a comment

I’ve been paying a lot more attention to Microsoft’s sometimes slow and scattered migration of functions and features from Control Panel to Settings lately. Why? Because I’m in the midst of a series of stories on Control Panel, Settings and Consoles in Windows 11 for AskWoody.com. That’s why I picked up quickly on Canary Build 26217.5000. In that release, renamePC and date&time move into Settings.

You can see the new “Rename your PC” window in the lead-in graphic. It echoes the current Windows 11 theme. It also shows rounded corners and other modern UI hallmarks.

What RenamePC + Date&Time Move Into Settings Means

More functionality keeps making its way from the older Control Panel interface into the newer, dynamic Settings environment. Indeed, the Sync capability is now fully integrated into Settings > Time & language > Date & time:

It’s no longer necessary to jump from Settings into Control Panel to sync a PC’s clock with some standard time server. Mine is time.windows.com. (Look near the bottom of the preceding screencap.)

MS: When Will You Make an End?

Like the Pope to Michelangelo in working on the Sistine Chapel ceiling frescoes, the question more or less begs itself. Because of all the separate development groups involved across the whole OS, I’m afraid the answer is “Nobody knows!” No doubt the old rejoinder “When it’s finished” applies as well to transitioning from Control Panel to Settings as it did to the 1965 Hollywood epic that’s the source of this cheesy dialog. Hopefully it, too, leaves a legacy for the ages…

AI, Hardware Reviews, Insider stuff, Recent Activity, Thoughts & concerns, WED Blog

Pondering AI PCs Means TOPS

May 1, 2024 Ed Tittel Leave a comment

Since last Friday (April 26) I’ve been working with the Lenovo Yoga Pro 9 laptop. It’s also called a Yoga Pro 9i. I’m a little mystified by the “i” that comes and goes for this device name. If you look at the lead-in graphic you can see the User Guide calls it “Pro 9i” while Lenovo Vantage calls it “Pro 9.” It’s an early AI PC from Lenovo, which means it has a Copilot key and a built-in AI processor, aka NPU (Neural Processing Unit). As I’m now learning, pondering AI PCs means TOPS (trillions of AI or “tera” operations per second) matter — a lot!

If Pondering AI PCs Means TOPS Matters, What’s the 9(i) Got?

According to Intel Ark the name of the NPU integrated into the Intel Ultra Core i9 185H CPU is “Intel AI boost.” Otherwise, there’s precious little info available about its capabilities except for the frameworks it support. For the record, those are Intel’s own Open VINO, WindowsML, DirectML and OMNX RT.

I had to turn to Copilot to get more information about the 185H NPU. Here’s what it told me:

Intel’s Core Ultra “Meteor Lake” offers an AI Boost NPU with 10 TOPS

Since I’ve learned to verify whatever Copilot tells me, I found this stat verified at Tom’s Hardware in an April 9 story. When I asked Copilot directly “What’s the TOPS rating for the AI Boost NPU in the Intel i9 185H?” it came back with a higher number that I couldn’t verify. Here’s what it said:

The Intel Core Ultra 9 185H processor features an AI Boost NPU that can perform approximately 34 trillion operations per second, which translates to 34 TOPS (Tera Operations Per Second)¹ 2.

The second source it cites may explain this apparent discrepancy, though: the 10 TOPS is what the NPU itself contributes. But Arc and NVIDIA GPUs can also support the same AI frameworks mentioned above, and can thus add to a unit’s overall TOPS rating.

Put this into more Copilot context that asks if it itself can use NPU resources:

Microsoft Copilot is now set to run locally on AI PCs with at least 40 TOPS (Tera Operations Per Second) of NPU (Neural Processing Unit) performance.

Given that the Yoga 9(i) comes close to that number, I’m still wondering if it qualifies or not. So far, I can’t find any details that lead me definitively to an unequivocal “Yes” or “No.” Sigh.

The Next Generation Gets It, For Sure?

Another Tom’s story, also dated April 9, says the next “Lunar Lake” generation will include an NPU rated at 45 TOPS. Further it also asserts that PCs with such chips will offer 100+ TOPS overall when they become available. AMD likewise says it will play in that same ballpark, as will the Snapdragon X Elite chips.

I’m still unsure as to whether or not my current review unit — that is, the Lenovo Yoga 9(i) has enough AI oomph to run Copilot workloads locally. I’ll keep banging away at this, though. Eventually, I’ll figure it out. At this point, I’m still at the start of the learning curve…

Rereading Tom’s Hardware I See This…

The Tom’s Copilot Locally story relies mostly on quotes from Intel to set things up — namely, from Todd Lewellen, VP of Intel Client Computing Group. He says:

“[..]And as we go to that next gen, it’s just going to enable us to run more things locally, just like they will run Copilot with more elements of Copilot running locally on the client. That may not mean that everything in Copilot is running local, but you’ll get a lot of key capabilities that will show up running on the NPU.”

This seems pretty clear that the current generation — including the Core Ultra i9 185H in the Lenovo Pro 9i — does NOT fall under this umbrella. That said, I think it leaves open whether or not it will make any difference for other AI workloads. Should be interesting to get to the bottom of this!

Cool Tools, Hardware Reviews, Insider stuff, Recent Activity, Thoughts & concerns, WED Blog

Is ARM In Your PC’s Future?

March 26, 2024 Ed Tittel Leave a comment

I just saw an interesting story over at Windows Latest. It’s entitled Microsoft; Industry considers Windows on ARM as the future of computing. We’ve seen Windows on ARM for 3-plus years now. But so far, the user experience has been more under- than over- whelming. Nevertheless, I’m inclined to agree that ARM has revolutionary PC potential going forward. Thus IMO it IS reasonable to ask: Is ARM in your PC’s future? Let me explain… as you look at the CPU package in the lead-in graphic (Image Credit: AnfraShop.com).

Why say: Is ARM In Your PC’s Future?

I’ve been writing ongoing tech briefs for HPE, around the ProLiant server family since last December. Much of my research, analysis and reporting has centered around ARM CPUs. Specifically, I’ve been exploring benefits they confer on cloud-based servers vis-a-vis top-of-the-line x86 Intel and AMD processors :

Energy efficiency: ARM CPUs routinely deliver the same or better performance as the other CPUs, but consume 50-70% less power.
Footprint: ARM CPU-based servers require only 1/3 the physical space (and volume) of their intel or AMD counterparts. That means either major savings on rack space, cooling, cabling and yada-yada, or 3 times as much capability in the same space.
Predictable and improved performance: ARM (Ampere Altra and Altra Max) CPUs use a single constant clock speed and lots of cores to keep things in synch and running smoothly. They can handle higher loads, faster and more predictably (with less jitter, too) than the competition.
High core-count ARM CPUs (Ampere Altra and Altra Max) can handle AI workloads without needing supplementary GPUs to offload or assist with such processing. Considering that the latest high-end Blackwell NVIDIA GPU is expected to cost US$30-40K, that’s HUGE (the current spot price for the top-of-the-line Ampere Altra Max M128-30 is US$2,305).

Pretty amazing, eh? It’s already shaking up the cloud and data center server market in a big, big way.

What Does This Have to Do with End-User PCs and Laptops?

Right now, not much. But in general, the ARM processors all share the smaller footprint and improved energy efficiency characteristics that help set the high-end ARM server CPUs apart from intel and AMD. They won’t offer anywhere near the same number of cores, and they’re also likely to use multiple core types (Ampere Altra uses only single-threaded cores, all identical, all in lock-step).

A March 13 MS announcement about worldwide availability of an “ARM advisory service for developers” had this to say about ARM silicon:

This is no surprise, as many across the industry consider Windows on Arm devices as the future of computing, with unparalleled speed, battery life, and connectivity.

Like me, MS apparently sees the uptake of the advantages that ARM architecture brings to computing having a significant impact at the end-user level. This is going to be interesting to watch unfold. It’s going to be even more fun to play with and test, to see if the running gear lives up to the breathless hype. If the benchmarks that Ampere and HPE are publishing are any indication, this could very well shake up desktops and laptops over the next year or two, as it’s already doing so for the rack-mounted server market right now.

Will the next PC/laptop I test have an ARM CPU? Gosh, I hope so. Will the next PC/laptop I BUY have an ARM CPU? Jury’s still out, but it’s looking at least possible, if not downright likely…