Microsoft is strengthening its mandatory arbitration provision as of May 1, 2018

Once upon a time, consumers could band together in class actions against big companies when they were collectively aggrieved. Often, the injury to each person on her own was small — but the cumulative effect was a wrong on the business’s part. So, for example, Microsoft had been sued for various competition law abuses — class actions that the company expected to cost it $1.9–2.0 billion to resolve.[1] But those class actions are a thing of the past — as Microsoft and other companies have been making consumers surrender the ability to participate in one.

Arbitration agreements do more harm to consumers than merely prevent class actions, even if arbitrators are as fair to plaintiffs as judges would be; arbitration can make it more difficult to assert a meritorious claim on one’s own as compared to going to court. Procedural rules differ in arbitration, and the ability to conduct discovery — to force the other side, under pain of contempt, to cough up incriminating documents — may be more limited than the broad scope allowed under the Federal Rules of Civil Procedure. And as the #MeToo movement has revealed in employment-related arbitration agreements used to keep a lid on sexual harassment claims, the rules of arbitration could require you to keep quiet, even if you win — as contrasted to open dockets, public trials, and published judicial opinions in a real court system. So even if the consumer wins, the company wins tenfold more: first, they don’t have to deal with negative PR; second, in the aggregate, other plaintiffs could be discouraged from pursuing their claims because they don’t know that other similarly situated consumers have already prevailed.

Continue reading “Microsoft is strengthening its mandatory arbitration provision as of May 1, 2018”

Footnotes   [ + ]

1. See 2011 Annual Report — Contingencies, Microsoft Corp., https://www.microsoft.com/investor/reports/ar11/financial_review/contingencies.html (“A large number of antitrust and unfair competition class action lawsuits were filed against us in various state, federal, and Canadian courts on behalf of various classes of direct and indirect purchasers of our PC operating system and certain other software products. . . . We estimate the total cost to resolve all of the state overcharge class action cases will range between $1.9 billion and $2.0 billion. At June 30, 2011, we have recorded a liability related to these claims of approximately $568 million, which reflects our estimated exposure of $1.9 billion less payments made to date of approximately $1.3 billion mostly for vouchers, legal fees, and administrative expenses.”).

Removing useless Windows 10 preinstalled apps

Based on https://community.spiceworks.com/topic/1408834-removing-windows-10-apps-gpo, with the additional refinement of a filter that removes only Store apps and not system apps or frameworks, using PowerShell:

1. List the apps that would be uninstalled.

The -AllUsers flag requires an elevated PowerShell run on an administrator account. Omit the -AllUsers flag if running as a nonadministrator for the current user.

Get-AppxPackage -AllUsers | where-object {$_.IsFramework -eq $false -And $_.name -notlike "*store*" -And $_.name -notlike "*calc*" -And $_.SignatureKind -eq "Store"} | select Name

On a 1711 newly installed VM, this resulted in this list:

Name
----
Microsoft.MicrosoftOfficeHub
Microsoft.Microsoft3DViewer
Microsoft.ZuneVideo
Microsoft.WindowsMaps
Microsoft.WindowsFeedbackHub
Microsoft.BingWeather
Microsoft.Messaging
Microsoft.MicrosoftStickyNotes
Microsoft.XboxIdentityProvider
Microsoft.XboxSpeechToTextOverlay
Microsoft.Print3D
Microsoft.GetHelp
Microsoft.WindowsSoundRecorder
Microsoft.Getstarted
Microsoft.WindowsCamera
Microsoft.3DBuilder
Microsoft.Xbox.TCUI
Microsoft.People
Microsoft.RemoteDesktop
Microsoft.XboxGameOverlay
Microsoft.Office.Sway
Microsoft.Windows.Photos
Microsoft.MSPaint
Microsoft.SkypeApp
Microsoft.XboxApp
Microsoft.DesktopAppInstaller
Microsoft.WindowsAlarms
Microsoft.OneConnect
Microsoft.Wallet
Microsoft.ZuneMusic
Microsoft.Office.OneNote
microsoft.windowscommunicationsapps
Microsoft.MicrosoftSolitaireCollection

2. Actually uninstall them.

Get-AppxPackage -AllUsers | where-object {$_.IsFramework -eq $false -And $_.name -notlike "*store*" -And $_.name -notlike "*calc*" -And $_.SignatureKind -eq "Store"} | Remove-AppxPackage

Certain apps that cannot be uninstalled might be listed in the output.

Microsoft derps on Excel ad

Original resolution of Excel ad showing treemap chart

Microsoft’s Facebook ad for new features in Excel highlights the Treemap visualization, but gets it totally wrong.

Ad for Excel visualization features

A treemap is supposed to visualize relative size in a hierarchy. But in the illustration here, the data don’t fit this type of visualization (it’s a time series of one flat variable—without hierarchy).

Original resolution of Excel ad showing treemap chart

But it’s even worse than that. The relative sizes don’t make sense! Why would the 31 MPG box for January be so much larger than the 32 MPG box for May?

This seems like a great illustration of why math/statistical education should be required for everyone—even visual designers and marketers. Or at least, the people selling the product should understand what the software actually does.

New fonts in Windows 10

Arial Nova in Windows 10?

Did anybody else notice this?

Update: Rockwell Nova also.

They’re hidden away in the optional features (“Pan-European Supplemental Fonts”), but easily installable from Settings -> System -> Apps & features -> Manage optional features.

Pan-European Supplemental Fonts in Windows 10

Most of these are a refresh on classic Windows fonts like Arial, Georgia, and Verdana, but they should come as a welcome surprise!

Georgia Pro Condensed Italic
Georgia Pro Condensed Italic

Happy prerelease testing!

Update: upon request, here are side-by-side comparisons of the new fonts. A subset of available weights/variants is shown in each case. Note that, in most cases, the “Pro” versions add new variants (e.g. Condensed, Light, Semibold, etc) but do not differ significantly in the Regular/Bold/Italic/Bold Italic weights from their ancestors.

Arial vs. Arial Nova
Arial vs. Arial Nova
Georgia vs. Georgia Pro
Georgia vs. Georgia Pro
Gill Sans MT vs. Gill Sans Nova
Gill Sans MT vs. Gill Sans Nova
Verdana vs. Verdana Pro
Verdana vs. Verdana Pro
Rockwell vs. Rockwell Nova
Rockwell vs. Rockwell Nova; in this case, the Nova font also has different metrics
Arial vs. Neue Haas Grotesk Text Pro
Arial vs. Neue Haas Grotesk Text Pro

Windows Live Hotmail is now authenticating DKIM

Hotmail inbox screenshot

I haven’t seen anything published about this yet, but I noticed today that Windows Live Hotmail seems to be authenticating incoming e-mail using DKIM in addition to Sender ID.

Background

In the past, Hotmail has verified the authenticity of incoming e-mail through Microsoft’s proprietary version of Sender Policy Framework called Sender ID. Both of these projects were designed to verify that the computer sending the message, as identified by the originating IP address, is authorized to send e-mail on behalf of the named sender.

A typical SPF policy, specified through a TXT record in DNS, might say

v=spf1 ip4:208.97.132.0/24 -all

This means that only IP addresses in the 208.97.132.1–208.97.132.254 range are allowed to send e-mail on behalf of this domain. (The Sender ID policy would look similar, but starting with spf2.0/pra.)

Hotmail’s policy has been to verify all incoming e-mail using the Sender ID framework. This theoretically reassures users that authenticated e-mail definitely comes from the named sender, reducing the likelihood of header forgery. If an e-mail does not pass Sender ID verification (softfail) and has other signs of being forged, it will likely be classified as junk.

A valid e-mail is marked with these headers:

X-SID-Result: Pass
X-AUTH-Result: PASS

If the organization’s policy uses the strictest policy (-all), and the message does not pass Sender ID validation, and the organization has submitted its Sender ID records to Microsoft, invalid e-mail sent to @live.ca and @live.com domains are rejected. As far as I am aware, this protection is not applied to @hotmail.com accounts.

From SPF to DKIM

The problem with SPF is that it doesn’t verify much. All it tells us is that an e-mail comes from the right computer—not that an intermediate server hasn’t tampered with it. In addition, SPF only really validates the From: or Sender: headers.

Besides, many large service providers cannot implement a strict SPF/Sender ID policy because users may be sending e-mail through other servers. (For example, I might use my ISP’s SMTP servers to send e-mail from my Windows Live Hotmail address; a strict SPF/Sender ID policy would mark those e-mails as junk.)

DKIM, however, encompasses the contents of the message body, in addition to the headers. It does not necessarily require the e-mail to come from a certain IP address. Using public key cryptography, it allows organizations to take responsibility for sent e-mails by verifying that the e-mail came from an authorized source, similar to the way secure servers connect over TLS/SSL.

Implementing DKIM means that all outgoing e-mails are signed using a private key; the signatures are then checked by compatible software against the public keys published in DNS. Each domain can have multiple DKIM keys, allowing multiple sending systems to sign outgoing e-mails independently.

A sample DKIM signature looks like this:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=frederickding.com; s=google;
        h=domainkey-signature:mime-version:from:date:message-id:subject:to
         :content-type;
        bh=b3wR4p4G21l92tc0ahioopi7atMwDp2wkaQb/uOL65E=;
        b=YJ6nD3Nx5hgwRhYppb/n2g5lQxA5jzFvYEJ0dR4dtkRFv14GVJWStQXwwZryGuujC/
         v4ve5ZE3ZAEAtv5hCj99ZLAfR52rskpbitso+106M8uQvryLyuLSnX1mrk6JaDFLMr8V
         qHmCEZUF5+cnWEYSwlLo1T8hntgN28hj8OyJY=

DKIM actually requires a lot more work for organizations to implement, as it requires additional DNS lookups and (perhaps) expensive cryptographic calculations. A decade ago, it would have been unfeasible to implement this on an organization as large as Windows Live Hotmail.

Hotmail today

Today, the inexpensive cost of processing power makes it possible for Hotmail to validate DKIM. Yahoo! has been doing this since the beginning, as it was the source of this technology. Gmail, too, has been validating DKIM for some time. (Both Yahoo! and Gmail sign outgoing e-mail with DKIM signatures, and Google has made this possible through its Google Apps service for companies as well.)

While Windows Live Hotmail has always validated Sender ID, today I noticed the addition of a new e-mail header:

X-DKIM-Result: Pass

This is good news.

Conclusion

To summarize a post’s worth of babbling, this means that Windows Live Hotmail is taking additional steps to combat e-mail forgery, phishing and spam. A step forward for everybody.

Windows Live Essentials Wave 4 — Messenger

Happy New Year!

It’s the end of another year and the end of a ground-breaking decade. Let’s look back at what’s been accomplished in the years of 2000–2009, focusing on technology.

Technology

Windows has entered a new era

The decade—indeed, the century—began with Windows 2000, which I consider the first great version of the operating system. XP was the version that brought widespread success, and people just seem to refuse to upgrade; even today, almost three quarters of the computers on the net are on XP.

Despite the dismal failure of Windows Vista, it too brought change, which was followed by the enhancements of Windows 7. Compare my desktop today to the ugly screens of a decade ago:


Microsoft Store
Windows 98 desktop screenshot

Apple deserves an honourable mention for the ground-breaking work they’ve done on the Mac, elevating it to a newly trendy status.

Portable media players have completely changed

A decade ago, CD players and tape-based Walkmans were still the norm for ‘portable’ audio players. The iPod, launched in 2001, entirely changed the game. (I suppose this and the iPhone were the “comeback of the decade”.) It was no longer a device that played removable media. That was followed by thousands of other portable media players, to which the public generally refers inaccurately as “MP3 players”, reflecting the popularity of the 15-year-old MP3 format that has also been notorious for illegal file sharing (see below).

Cell phones and mobile devices have become ubiquitous

These devices used to be ugly, huge and heavy objects. As we move into 2010, cell phones have become more compact (usually this means thinner and lighter) and more powerful.

In China, about 739 million people have cell phones; that’s more than there are Internet users in China (which is about 360 million).

Mobile devices have become truly powerful. The iPhone, purportedly the most popular cell phone of 2009, is one of the biggest platforms for software development. And it has a touch screen. RIM’s BlackBerry, initially launched in 1999, is the most popular smartphone among business users.

Ordinary people begin to embrace ultra-portable netbooks for lightweight computing. The move to mobile is probably the most noticeable trend in end-user gadgetry in this decade.
Continue reading “Happy New Year!”