November’s two dozen or so non-security Office patches won’t raise any eyebrows: A bad antivirus scanning sequence problem (KB 4011188, 4011229, 3162081, 4011138), an upgrade from Lynch 2013 to Skype for Business (KB 4011255), and lots of miscellaneous bug fixes. Two patches caught my eye.
First, I’m surprised that the antivirus scanning problem is characterized as non-security:
If Windows Defender is enabled and registered for IOfficeAntivirus scanning, Office applications still run registry key scanning first instead of using Windows Defender for documents scanning. After you install this update, Office applications will use Windows Defender instead.
The description’s more than a little hard to parse, but it certainly sounds like a security problem to me.
This update fixes the following issue:
When you edit a title bar in a newsletter in Office Publisher 2007, and then you deselect the title bar by clicking away from the text box, Publisher crashes.
… which strikes me as an egregious bug to suddenly appear in a ten-year-old program. It would be interesting to know if some recent patch introduced the bug, or if it’s been hiding there all along. Either way, none of the possible antecedents instill much confidence.
While the patching world was concentrating on the laundry list of non-security Office patches, two old, detested patches made a reappearance. KB 2952664, the Compatibility update for keeping Windows up to date in Windows 7 patch, is now up to version 13, and KB 2976978, the Compatibility update for keeping Windows up to date in Windows 8.1 and Windows 8, appeared in its version 10.
Oddly, both patches were released yesterday, Nov. 7, but the KB articles say they were updated on Oct. 31. The digital signatures for the Win7 patch are Oct. 20. Those for the Win8/8.1 patch are Oct. 12. Microsoft’s been waiting a while to push these puppies out.
As I explained more than a year ago, it’s an update to the scanning system used by Windows Update. Microsoft says:
This KB article is related to the Windows Update and the appraiser systems that enables us to continue to deliver servicing updates to Windows 7 and Windows 8.1 devices, as well as ensure device and application compatibility.
I’ll note in passing that last year, the Win7 patch was dated Oct. 4, 2016, at revision 25. Now it’s listed as Oct. 31, 2017 at revision 13. Sequential numbering must be a hard computer science problem.
I see no pressing reason to install any of the patches, unless you’re having problems crashing Publisher 2007 while switching away from the title bar. Let’s wait and see what bugs may surface in these patches — and, more importantly, wait for the crescendo following Patch Tuesday.
Find a bug in one of the patches? Join the night watch on the AskWoody Lounge.
IT consultant pilot fish is brought in to help overhaul a big financial firm’s mobile app — new features, new look, pretty much a complete rework.
“I was the lead backend engineer,” says fish. “We had a meeting with the project owner, the project management team — from a different company — and the design firm. Then we received mockups and began to dig in.”
It’s not long before it becomes obvious to fish that there are more than a few things requested that weren’t fully thought through. He raises the issues — but he’s told to keep working on it.
But that’s not the only issue. The mockups of the app are essentially being used as a requirements document, and the project suffers from some poorly executed management processes. Still, fish and his team do their best.
Eventually the project gets to QA and — no surprise — things fall apart.
“A business team from the company was called in to discuss the problems,” fish says. “On the conference call, the question was asked: Who from the business team met with the design firm?
“The answer: ‘No one.'”
Turns out the design firm was in the process of losing their contract, and knew it. It appears that team took what the project owner asked for and created mockups with as little effort as possible.
And the designers never once talked to the business team about what the actual processes should be, or if the systems worked that way.
To make matters worse, the project management team never kept track of any of the discussions over the year of development, so on the conference call fish has to answer the business team’s questions from memory and his notes — which aren’t heavy on who-made-what-decision details.
“Flash forward a couple of years, and several hundred hours of development,” says fish. “The project never was completed successfully, and was quietly scrapped under the guise of ‘we need to think over…'”
Sharky needs you to think about sending your true tale of IT life to me at firstname.lastname@example.org. You’ll get a stylish Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.
Get Sharky’s outtakes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.
Blockchain is poised to change IT in much the same way open-source software did a quarter of a century ago. And in the same way that Linux took more than a decade to become a cornerstone in modern application development, Blockchain will take years to become a lower cost, more efficient way to share information between open and private networks.
But the hype around this seemingly new, secure electronic ledger is real. In essence, blockchain represents a new paradigm for the way information is shared and tech vendors and companies are rushing to figure out how they can use the distributed ledger technology to save time and admin costs. Numerous companies this year have been rolling out pilot programs and real-world projects across a variety of industries – everything from financial services to healthcare to mobile payments.
It’s unlikely to be a wholly disruptive technology that attacks traditional business models with a lower-cost solution that overtakes other networking technology quickly, according to Karim Lakhani, a professor of business administration at the Harvard Business School. Instead, Blockchain is a foundational technology, with the potential to create new foundations for economic and social systems, Lakhani said in The Truth About Blockchain, which he co-authored.
Blockchain adoption is expected be slow and steady, as the changes it brings gain momentum, according Lakhani, a principal investigator of the Crowd Innovation Lab and NASA Tournament Lab at the Harvard Institute for Quantitative Social Science. “Conceptionally, this is TCP/IP applied to the world of business and transactions,” Lakhani said in an interview. “In the ’70s and ’80s, TCP/IP was not imaginable to be as robust and scalable as it was. Now, we know that TCP/IP allows us all this modern functionality that we take for granted on the web.
“Blockchain has the same potential.”
What is blockchain?
First and foremost, Blockchain is a public electronic ledger – similar to a relational database – that can be openly shared among disparate users and that creates an unchangeable record of their transactions, each one time-stamped and linked to the previous one. Each digital record or transaction in the thread is called a block (hence the name), and it allows either an open or controlled set of users to participate in the electronic ledger. Each block is linked to a specific participant.
Blockchain can only be updated by consensus between participants in the system, and when new data is entered, it can never be erased. The blockchain contains a true and verifiable record of each and every transaction ever made in the system.
The Linux Foundation has created tools for building out blockchain collaboration networks. And in July, the open-source developer unveiled Hyperledger Fabric 1.0, a collaboration tool for building blockchain distributed ledger business networks, such as smart contracts.
Why is blockchain now getting so much buzz? In a word, Bitcoin. Bitcoin is the wildly hyped cryptocurrency, a method of transacting payments over an open network using digital bits and encryption. It was the first ever decentralized one when it was created in 2009. Other forms of cryptocurrency or virtual money, such as Ether (based on the Ethereum blockchain application platform), have also sprung up and have opened new venues for cross-border monetary exchanges.
The term bitcoin was first… well, coined in 2008 when Satoshi Nakamoto (likely a pseudonym for one or more developers) wrote a paper about a “peer-to-peer version of electronic cash that would allow online payments to be sent directly from one party to another without going through a financial institution.”
What does blockchain do?
As a peer-to-peer network, combined with a distributed time-stamping server, blockchain databases can be managed autonomously to exchange information between disparate parties. There’s no need for an administrator. In effect, the blockchain users are the administrator.
Additionally, blockchain networks can be used for “smart contracts,” or scripts that automatically execute when certain conditions are met. For example, users of Ethereum’s Ether exchange must meet pre-determined conditions that prove someone owns the cryptocurrency and have authority to send the money they claim to own. In addition, multiple blockchain users can create contracts that require more than one set of inputs to trigger a transaction.
One example: real estate transactions require sign offs between buyers, sellers and their financial institutions.
How is blockchain secure?
While no system is “unhackable,” blockchain’s simple topology is the most secure today, according to Alex Tapscott, the CEO and founder of Northwest Passage Ventures, a venture capital firm that invests in blockchain technology companies.
“In order to move anything of value over any kind of blockchain, the network [of nodes] must first agree that that transaction is valid, which means no single entity can go in and say one way or the other whether or not a transaction happened,” Tapscott said. “To hack it, you wouldn’t just have to hack one system like in a bank…, you’d have to hack every single computer on that network, which is fighting against you doing that.”
The computing resources of most blockchains are tremendous, Tapscott said, because it’s not just one computer but many. For example, the Bitcoin blockchain harnesses anywhere between 10 and 100 times as much computing power compared to all of Google’s serving farms put together.
“So again, [it’s] not un-hackable, but significantly better than anything we’ve come up with today,” Tapscott said.
Public vs. private blockchains
There are a variety of blockchain permutations, and they fall mainly into one of two categories – public or private. Public blockchains allow anyone to see or send transactions as long as they’re part of the consensus process. There are also consortium blockchains, where only a pre-selected number of nodes are authorized to use the ledger. For example, a group of banks and their clearinghouse might use blockchain as part of the trade-clearing, where each node is associated with a step in the verification process.
Private blockchains, in contrast, restrict the ability to write to a distributed ledger to one organization, such as a group of employees within a corporation, or between a set number of organizations, such as a number of banks that agree to a network partnership.
Along the way, blockchain – because of its self-policing security – eliminates huge amounts of record keeping, which can get very confusing when multiple parties are involved in a transaction, according to Saurabh Gupta, vice president of strategy at IT services company Genpact.
What industries use blockchain?
Shipping. Fintech. Healthcare. Blockchains are being put to a wide variety of uses in several industries. In shipping, for example, a bill of lading for cargo shipments has traditionally been paper based, which requires multiple sign-offs by inspectors and receivers before goods can be delivered. Even when the system is electronic, it still requires multiple parties to sign off on cargo shipments, creating a lengthy administrative process. To try and streamline that cumbersome process, the world’s largest container shipment operator, Maersk, recently announced it is using a blockchain-based ledger to manage and track the paper trail of tens of millions of shipping containers by digitizing the supply chain.
Each participant in the shipping supply chain can view the progress of goods through the blockchain ledger, understanding where a container is in transit. They can also see the status of customs documents, or view bills of lading and other data in real time. And, because it creates an immutable record, no one party can modify, delete or even append any one of the blocks without the consensus from others on the network.
“Blockchain and distributed ledgers may eventually be the method for integrating the entire commercial world’s record keeping,” Gupta said.
Genpact, for example, announced a service for finance and accounting that leverages blockchain-based smart contracts to capture all terms and conditions between a customer and an organization for an order.
Blockchain in FinTech
Accenture recently released a report claiming blockchain technology could reduce infrastructure costs for eight of the world’s 10 largest investment banks by an average of 30%, “translating to $8 billion to $12 billion in annual cost savings for those banks.”
In the case of cross-border payments, processing is often complex and includes multiple layers of communication among payment participants to verify transactions – an operation known as payment and settlement.
Payments, clearance and settlement in the financial services industry – including stock markets – is rife with inefficiencies because each organization in the process maintains its own data and must communicate with the others through electronic messaging about where it is in the process. As a result, settlements typically take two days. Those delays in settlements force banks to set aside money that could otherwise be invested.
Because it can instantly share data with each organization involved in a blockchain database or ledger, the technology reduces or eliminates the need for reconciliation, confirmation and trade break analysis. That helps yield a more efficient and effective clearance and settlement process, according to Accenture.
J.P. Morgan has created what is arguably one of the largest blockchain payments networks to date: the Interbank Information Network (IIN). The financial services company announced that the Royal Bank of Canada and Australia and New Zealand Banking Group Ltd. have joined INN, “representing significant cross-border payment volumes.”
J.P. Morgan created the blockchain network to significantly reduce the number of participants needed to respond to compliance and other data-related inquiries that can delay payments.
“IIN will enhance the client experience, decreasing the amount of time – from weeks to hours – and costs associated with resolving payment delays,” said Emma Loftus, Head of Global Payments and FX at J.P. Morgan Treasury Services. “Blockchain capabilities have allowed us to rethink how critical information can be sourced and exchanged between global banks.”
Mastercard, meanwhile, is launching its own blockchain network to enable partner banks and merchants to make cross-border payments faster and more securely. The Mastercard blockchain service can be used to clear credit card transactions and eliminate administration tasks using smart contract rules, thus, speeding up transaction settlement.
Blockchain and mobile payments
Prior to rolling out a blockchain-based electronic exchange, peer-to-peer foreign exchange provider KlickEx was limited in scale by the company’s own infrastructure; it served about 1 million users per day across eight countries, or about 80% of households in its Pacific region. Today, the monetary exchange handles about 90% to 95% of all electronic payments for the region that are for $200 or less. When not overtaxed, the old KlickEx exchange system was able to clear payments in between 90 and 200 seconds. But a common processing issue often slowed the process: payments received would outpace payments issued, forcing the exchange to use batch processing. That caused payments to enter queues and created a delay that could take days.
A new blockchain-based payment system that KlickEx has created can process cross-border payments in seconds.
The Polynesian payments system provider partnered with IBM to create an open-source payment network as a new international exchange based on a blockchain electronic ledger. The new network uses IBM’s Blockchain Platform, a cloud service, to enable the electronic exchange of 12 different currencies across Pacific Islands as well as in Australia, New Zealand and the United Kingdom.
“In bringing IBM in to mature the technology, we think we’re pushing something like 8 million…payments per day capacity, which is a long way up from where we started,” KlickEx CEO Robert Bell said. “So the new real-time system based on blockchain means payment happens immediately, rather than in batch files.”
Blockchain in healthcare
Blockchain can also act as a collaboration network, enabling varying parties to exchange and add to information, such as a patient’s electronic healthcare record, in real time. The blockchain acts as a verification tool, ensuring only those authorized users — such as a physician, insurance provider or patient — to make changes to the ledger.
MintHealth, a portable, personal health record, was recently announced as a mobile platform based on a blockchain exchange. MintHealth will be rolling out the platform to commercial health insurance plans to help patients with chronic conditions, such as heart failure, diabetes, hypertension, and other conditions that account for more than 90% of healthcare costs today. In addition, patients at risk for, but not yet suffering from, chronic conditions will also benefit by having access to their medical records and control of their own health data by entering data such as vital signs or blood glucose levels.
You distractedly type in a whole series of labels, then realize that you meant them to go across a row, and not down a column. Rather than cut and paste them one at a time to their correct position, why not flip the column of data through 90 degrees using the Paste Special/Transpose option?
Start by selecting the column of labels or other data you want to transpose. You can click and drag or, if the column is very long, try this: Select the first cell in the column, hold down the shift key, and double-click on the lower border of the selected cell: Excel will extend the selection downward until it encounters an empty cell. Copy the selection, then select the leftmost of the cells where you would like the transposed labels to appear.
Now, for the magic: Call up the Paste Special dialog with Ctrl+Alt+V (or command+control+V in macOS); hit E to select the Transpose option, bottom right, then Enter. As long as the source and destination areas don’t overlap, you should see your cell entries spread across the sheet rather than down it.
Excel will only let you perform this trick using Copy, not Cut, so to delete the data from its original position, click once again in the first cell of the column, hold Shift and double-click the lower border of the cell to extend the selection, then hit Ctrl+Delete (just delete in macOS) to empty the cells.
Note: This trick also works the other way, for transposing a horizontal block of cells into a vertical one.
I’ve written a lot about Android security over the years — and more often than not, it’s the same ol’ story time and time again:
A company that sells mobile security software finds some theoretical threat — something that (a) hasn’t affected any actual users in the real world and (b) couldn’t affect any actual users in the real world, outside of a highly improbable scenario in which all native security measures are disabled and the user goes out of his way to download a questionable-looking app from some shady porn forum.
Those critical points then become footnotes in a fear-inducing narrative, complete with a carefully crafted memorable name for the Big, Bad Virus™ and a strongly worded reminder about how only such-and-such security software can possibly keep you safe.
It’s an effective form of marketing — that’s for damn sure. But it’s also about as sensational as can be.
If you’ve read this column for long, you know about the long-standing realities of Android security and why these sorts of highly publicized hype campaigns are generally best taken with a grain of salt. Lately, though, we’ve seen a handful of genuine malware situations that don’t fall into that same category of silliness — things like the headline-making WireX botnet, in which a few hundred internet-traffic-generating-apps made their way into the Play Store and onto users’ devices, or the more recent phony WhatsApp incident, in which an app pretended to be WhatsApp and then just served up ads to anyone who installed it.
Those were both the real deal, and the native Google Play Protect security system absolutely failed to recognize the breaches and stop them before they affected a fair number of Android device owners. Even if the level of direct harm to end-users was ultimately pretty minimal — basically just having their devices send out web traffic or show some stupid ads, behaviors that’d stop as soon as the offending app was uninstalled — these types of programs clearly have no place in the Play Store and shouldn’t be getting past Google’s gates.
You know what, though? There’s still no reason to panic. And, as I wrote for CSO.com this week, you still don’t need a third-party security app to stay safe. There’s a strong argument, in fact, that installing one is pointless at best — and at worst, could actually be counterproductive to your personal and/or company-oriented interests.
I’ll direct you to CSO for the full context on that point, because there are quite a few layers to it. Here, I want to delve a bit more deeply into what actually happens in a situation like WireX, when Google Play Protect fails, and how such missteps can take place on a practical level — all directly from the perspective of the company that controls the platform.
I had the chance to ask Google’s director of Android security, Adrian Ludwig, about this very area. And while the discussion proved to be a bit superfluous to my main story, I thought it made for an interesting little sidebar that’d be worth sharing here.
Here’s what Ludwig had to say:
On how these types of apps get through the gates and go undetected for as long as they occasionally do, given the layers of protection in place:
“The challenge that all detection technology runs into, inclusive of Google Play Protect, is when we see a completely new family coming from a different environment — especially if [the apps] are on the borderline of behavior that might be considered to be potentially harmful and not quite potentially harmful.”
On the success vs. failure rate:
“Most of the time when we see those variations, our automated systems are able to detect them and take action on them very quickly. In fact, the improvements that we’ve been making in machine learning over the past six months to a year have been primarily focused on — and very effective at — finding new variations on existing families.”
And on the perception of successes vs. failures:
“We have an extraordinarily high bar in terms of the expectations of what [our] protections will provide, which is being able to scan all the applications, being able to discover every potential bad behavior, and never making a mistake — and we come very, very close to that. Our goal is to get to a point where there’s fewer than one in a million apps that make it through Google Play Protect that represent a risk to the user. We’re not there yet, but we’re well above 99.9% in terms of our ability to detect things, and we’re continuing to get stronger.”
On the challenges of detecting patterns that don’t immediately raise red flags:
“It’s not necessarily a type of app we’ve seen in the past. It might [involve] relatively low-risk abusive ads, for example, or [something that] makes network connections that are not obviously harmful but that on further inspection, we’re able to track down and see that there’s an issue.”
And how working with partners, as in the WireX investigation, can be crucial to the discovery process:
“They have visibility a lot of times to what’s happening on the server side of some of these malware networks, and so sometimes it’s only in partnership with the data they have through their installations in those environments that the actual bad behavior is visible. On the Android side, there’s [sometimes] nothing about the traffic that is obviously harmful to the user.”
Finally, on the curious timing of Android malware publicity campaigns:
“Certainly by the time there’s publicity around one of these [malware] families, it’s already gonna have been cleaned up — so the publicity around the families tends to be a way to draw attention to security vendors and the products that they make available. By the time something becomes public, Google Play Protect already has rolled out its protections, [and] the applications have been taken down and removed.”
For a more detailed dive into the current state of Android security, click over to my full feature story:
Apple must by now be close to launching its promised Apple Pay Cash service, and when it does, it will be taking a big step toward building its own kind of multinational cryptocurrency.
Money, money, money
While it’s only funny in a rich man’s world, the chasm between money as a tangible asset and cash as an item on a digital balance sheet isn’t hard to see.
From the trillions spent by future generations to bail out the banking system to the eye-watering cost of property loans, so much of this cash is invented by itself in a closed-loop system and then traded by consent.
The fintech industry is making billions by trading digital assets, and the need to protect and internationalize those numbers is driving a growing number of traditional financial service providers to move toward adopting blockchain-based accounting systems.
I imagine there may also be investment firms that have designs on using cryptocurrencies to run rings round government tax authorities, particularly as so many voters now seem to think the very rich should shoulder more of the tax burden.
The pressing need to enable more fluid cash flows across borders to service increasingly internationalized industries is also driving demand for new digital payment systems. At the same time, many consumers are learning to appreciate the added security of mobile payment systems.
Elsewhere, entrepreneurs are working to extend such systems to some of the 2 billion people worldwide that the U.N. recognizes as being effectively stateless, without birth records or bank accounts. In the future, it may be that virtual currency becomes the first way many at the bottom of the global wealth chain get to experience the convenience of something like cash.
Money is history. History shows continuous evolution in the means of exchange, from gold to banknotes, credit cards to Bitcoin, Ethereum and (in Apple’s case) Apple Pay.
Apple’s cash machine
The Apple cash machine is a popular topic for debate. In part, this debate underlines the need to develop suitable taxation systems for a digital age, but given many with the power to develop these systems probably profit from the current one, I don’t expect rapid change.
Apple Pay is Apple’s foot in the cryptocurrency water.
There is an irony in that just like any cryptocurrency, it has a root in traditional financial payment systems. Just as you link Apple Pay up to your credit/payment cards, you must link most cryptocurrency services to the same.
Apple Pay Cash has the potential to change that, as money you receive (via Apple Messages) from others is added to your Apple Pay Cash card that will live in your Wallet app.
While you can transfer this cash to your bank account if you want, you will also be able to use it directly to make purchases using Apple Pay in stores, in apps, on the web, or anywhere else that may eventually support the payment system.
Apple Pay Cash
That’s important because it means Apple has taken a fairly large step toward creating its own take on cryptocurrency.
This is real money, after all, that exists only in Apple space until you turn it into something else — a purchase, a service or “real” money in your account. You’ll also be able to share it with other people.
While the service will be U.S.-only on launch, it will extend, and it will be interesting to see how Apple supports person-to-person payments across borders. To enable the service, Apple is working with Green Dot Bank.
The partners will need to unravel complex questions, such as: If someone in Ireland chooses to use Apple Pay Cash to send money earned in Ireland to someone who works at an iPhone factory in China, in what location is the “value of that exchange created”?
I’m not a tax lawyer — I have other demons to keep me up at night — but questions around such accountability like these will become increasingly important as the financial system becomes increasingly virtual, international and semi-stateless.
Momentum favors change
It seems foolish to underestimate the importance of Apple Pay to the company’s future service provision plans.
While I continue to read some reports that dismiss Apple Pay, they don’t seem to reflect a reality in which the service’s active user base doubled in the last 12 months and transactions climbed 330 percent.
As I see it, be it consciously or unconsciously, Apple is creating a global platform-based payment ecosystem that could evolve as an international virtual currency iPhone, iPad and Mac owners may use to purchase and trade products, services and more.
Given the wider momentum around cryptocurrency, it seems more foolish to ignore that potential than to embrace it.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?
Got a story? Please drop me a line via Twitter and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.
The ThermoPro TP03A is an effective solution to achieve the most accurate temperature in a matter of seconds. With a simplistic yet practical design, and at the push of the button, the foldaway probe will pop open for quick an easy temperature reading, and when you’re done taking the temperature measurement you can fold the probe back into the holding to ensure the probe is kept safe and clean. Stop overcooking or under-cooking your meat and perfect meat temperatures like a professional, ensuring the perfect temp every time you’re grilling or cooking. It typically lists for $29.99 and is being discounted 65%, down to $10.49. Learn more or purchase the discounted ThermoPro TP03A Thermometer at Amazon.
This story, “67% off ThermoPro TP03A Digital Food Cooking Thermometer Instant Read Meat Thermometer – Deal Alert” was originally published by TechConnect.
Apple last week said it sold a record number of Macs for a September quarter.
“The Mac…had its best year ever, with the highest annual Mac revenue in Apple’s history,” said CEO Tim Cook in prepared remarks during a Nov. 2 call with Wall Street analysts. Apple recorded revenue of $25.8 billion from Mac sales in its fiscal 2017, which ended Sept. 30.
Mac unit sales of nearly 5.4 million bested both industry and financial analysts’ expectations. Before Apple released its data, research firm IDC had pegged Apple’s number at 4.9 million, while rival Gartner offered an even lower estimate: 4.6 million. And according to Philip Elmer-DeWitt, who regularly polls Wall Street for quarterly forecasts, every analyst from a group of more than two dozen undershot Mac sales, some by over half a million machines.
Unit sales were up 10.2% over the same quarter in 2016, and the Mac’s ASP, or “average selling price,” jumped to $1,331, a year-over-year rise of $156, for an increase of 13.3%.
According to IDC, the 5.4 million Macs represented almost exactly 8% of the 67.2 million personal computers shipped worldwide in the September quarter.
Apple executives explained the bonanza in different ways when they spoke with financial experts last week.
“This performance was fueled primarily by great demand for MacBook Pro,” said Luca Maestri, Apple’s CFO. “[And] we are also seeing great traction for Mac in the enterprise market, with all-time record customer purchases in fiscal year 2017.”
“Mac revenue growth…was driven by notebook refreshes we launched in June and a strong back-to-school season,” asserted Cook.
When asked why the Mac beat outsiders’ sales predictions, IDC Research Director Linn Huang concurred with Cook that back-to-school sales had been strong. But he had another idea. “To understand 2017, you have to go back to 2016, which was a very poor year for Apple,” said Huang. “It ended a very long stretch where Apple consistently beat the [PC] market.”
True. During a four-quarter span – from the December 2015 quarter to the September 2016 quarter – Mac sales declined compared to the same period in the year prior, with three of those quarters recording double-digit contractions.
“The biggest grievances were that Apple had allowed their product line to get stale,” Huang said of the sales slump. “The notebooks had been refreshed six or seven years earlier, but then just an Intel [processor] refresh every single year.
Those soft quarters and the lack of a product line reboot led many in the industry to question Apple’s commitment to the Mac, a reasonable inquiry when the iPhone accounted for as much as 68% of the company’s revenues during that time.
“A lot of that was an over-reaction. But it muted expectations. So, when Apple refreshed their MacBook line-up, it did well, but not alarmingly well,” Huang said, referring to the October 2016 revamp, which included price increases to account for the new TouchBar.
The immediate response to that refresh was subdued, with the following quarter showing just a 1.2% year-over-year increase in unit sales. Huang counted himself among those who thought that the new MacBooks were getting a mixed reception.
“Now I think what’s happened is that [Apple’s Macs have] been building momentum, and that’s finally started to translate into sales,” Huang said.
Enterprise sales do account for a greater share of Macs, Huang also said, confirming one of Maestri’s reasons for the brisk business in the September quarter. But while Apple did not quantify the sales-to-enterprise, IDC’s estimates portray them as only a slightly larger piece of the pie.
Five years ago, Huang noted, IDC figured non-commercial Mac sales represented 67% of the total. That number has since slipped to 63%, maybe 64%.
But the biggest take-away from the Mac’s surprising surge, Huang argued, is that the traditional, and nearly immediate, “bump” to Apple sales after a refresh is part of the past.
“After a Windows launch, growth rates for PC sales would skyrocket,” said Huang. “Over time, sales have become a lot more muted. The same thing holds for Apple and its refreshes.
“The PC is no longer the personal device in the household. The PC is a utilitarian device,” Huang continued. Customers don’t push for a new personal computer simply because another version of Windows hits the market or Apple revises its MacBook Pro.
“People wait until [the PC] breaks,” Huang said.
Apple sold 5.4 million Macs in the September quarter, handily beating industry projections. (Data: Apple.)
Last month we had no end of problems with Microsoft’s Windows and Office patches. If your machine was attached to a corporate Windows Update server, and your admin approved Windows patches for immediate distribution, your PC may have joined a sea of blue screens. There were lots and lots of additional gotchas.
This month, we already know that KB 4041686, the 2017-10 Win7 Preview of a Monthly Rollup, has a retrograde bug in it that clobbers SFC scans. It’s not at all clear if Microsoft is going to fix that bug before the Preview becomes the for-real Monthly Rollup.
We also know that last Thursday’s attempt to fix a bug introduced in the October security patches failed miserably, with Microsoft surreptitiously pulling KB 4052233, 4052234, and 4052235 and erasing them from the KB list, the catalog, and even the update histories. Heaven only knows if the next iteration of that abomination will succumb to a similar fate.
Later today, we should see a dozen or more non-security patches for Office. You don’t need any of them right away. A week from now, the security fixes should roll out. As I’ve argued many times before, it just makes sense to hold off installing Windows and Office updates until the major first-round bugs get shaken out. Let the unpaid beta testers sacrifice their machines first.
If your PC is attached to a Windows Update server, buy your admin a cup o’ coffee and gently make sure they don’t have WSUS or SCCM set to automatically approve updates as soon as Microsoft dishes them out.
If you’re running Win7 or 8.1, the method for blocking updates isn’t difficult. See AKB1000004: Disable Automatic Update in Vista, Win7 or 8.1 on the AskWoody site.
If you’re running Windows 10 Pro Creators Update (version 1703) or Fall Creators Update (1709), the method’s even easier: telling Auto Update to back off just takes a couple of clicks. See Steps 7 and 8 in 8 steps to install Windows 10 patches like a pro.
But if you have any other version of Win10, you aren’t so lucky. Win10 Home users, and those with earlier versions of Pro, are considered fair fodder for the unpaid beta-testing cannons. To protect yourself, follow the nostrums in Woody’s Win10Tip: Block forced Windows updates.
Take a minute right now and make sure Automatic Update is turned off. Then follow along here at Computerworld, or on your favorite Windows bug-reporting site, to see what the beta testers have to say. You need to update sooner or later, but you don’t need to update on Microsoft’s timeline.
I’ve set the MS-DEFCON level to 2 on AskWoody.com.
This data center has had problems with its database servers for most of a decade, reports a pilot fish on the inside.
“A few years ago, one of the cluster servers failed completely, so the disaster recovery cluster became the production servers,” fish says.
“Less than a year after that, those servers started having problems. One server started showing a corrupted hard disk. Database program files went missing, and replacing the disk didn’t stop the disk problems.
“I thought anyone with any hardware experience would know what that means.
“Well, it finally happened one afternoon — the server failed.
“Let that sink in: The disaster recovery server that we were using as production failed because the main production server failed a year before that.
“Luckily they found an old ‘replacement part’ to get the server back up the next day.”
Sharky needs fresh true tales of IT life every day. Send me your story at email@example.com. You’ll score a sharp Shark shirt if I use it. Comment on today’s tale at Sharky’s Google+ community, and read thousands of great old tales in the Sharkives.
Get Sharky’s outtakes from the IT Theater of the Absurd delivered directly to your Inbox. Subscribe now to the Daily Shark Newsletter.