Upgrading to Windows 10 for Free is Still Possible

Windows 10 is not perfect, but it’s a significant improvement on everything that’s gone before, mainly thanks to the three massive upgrades it’s received: the Anniversary Update, Creators Update, and the Fall Creators Update.


Unfortunately, if you’re still using Windows 7 or 8, you’ve missed the initial free update period and you’re now cursed to be stuck in the past forever… Or are you? Actually, no! It turns out you can still grab a free upgrade to Windows 10 using your old product key.

Yes, the Trick Still Works!

Technically, the period for free upgrades closed more than 12 months ago. However, throughout 2017, it was possible to upgrade to Windows 10 by using an old Windows 7 or 8 product key.

It was never clear whether this was by design or due to a loophole. Either way, Microsoft was happy to let the feature remain intact. After all, the company wants as many people as possible to upgrade to the newest version of the operating system, and it’s the reason the upgrade process was so aggressive when Windows 10 launched.

Alas, as 2017 drew to a close, Microsoft told users the loophole would be closed on December 31. Yet, here we are, mid-way through January, and the trick still works!

How to Upgrade to Windows 10 for Free

First, make sure you’ve got the product key of your copy of Windows 7/8 in hand. If you can’t find it, give third parts apps like “recover keys” or “License Crawler” a try  to extract it from your machine.

You Can Still Upgrade to Windows 10 for Free! licensecrawler 670x408

Next, download a copy of Windows 10 from the Microsoft site and work through the installation process. A clean install is recommended, but it could take several hours.

Finally, when the installation process is complete and Windows asks for your product key, just enter your old Windows 7/8 code that you extracted earlier. It will work perfectly. Now you have a legitimate copy of Windows 10 installed.

Share This:

Microsoft Responds to Meltdown & Spectre

It’s been nearly a week since the disclosure of Spectre and Meltdown, two major processor exploits that, between them, were revealed to impact nearly all modern processors.

Microsoft and other companies have been quick to issue patches to address the exploits on their systems, but one of the major concerns that still remains is, due to how they work, how much those patches might affect performance. In a new blog post, Microsoft’s Windows and Devices chief, Terry Myerson, has offered a preliminary take on what we can expect to see.


In short, if you’re using a PC running Windows 10 on newer CPUs (Skylake, Kabylake, and newer), you likely won’t notice much of a slowdown. Where the impact will be most felt is on Windows 8 and 7 machines on older CPUs and with Windows Server. Myerson explains:

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

Most companies have already issued some form of a fix for the issues, and Microsoft reports that it has patched 41 of the 45 Windows editions that it currently supports, with patches for the remaining editions to be released soon. That said, the process hasn’t been without issues. Microsoft opted to pause the patch rollout for some older AMD systems after reports flooded in that the patch was making some Athlon-based PCs unbootable.

Going forward, Microsoft says it plans to perform benchmarks and publish them when available “in the weeks ahead.” We should see a more granular look at exact performance impacts once all patches are out and comprehensive benchmarks are available.


Share This:

Checking How Slow Your iPhone Is

Apple slowing down iPhones has become common knowledge by now. iPhone owners are being advised to get a new battery for their older devices to fix the problem and Apple has discounted a new battery to $29 as part of its iPhone battery replacementprogram. If you have a slow iPhone, you can get a new battery for $29 all through 2018. Of course, some users are wondering how slow is too slow for an iPhone. Apple is replacing batteries regardless of a battery’s life state but if you want to know how bad the problem is, SlowApple is a free web app that can tell you just how slow your iPhone is thanks to Apple’s throttling ‘feature’.


SlowApple is for the layman who doesn’t have time to run or interpret the results of a proper bench marking tool like GeekBench.

Check Slow iPhone

Visit SlowApple on your iPhone. The app doesn’t require it but we recommend you use Safari on your phone to run the test instead of any other browser that you routinely use. Also, you must turn Low Power Mode off. Open the Settings app and go to Batter>Low Power Mode. Turn the switch off, and then visit the app.

Tap the Go button to begin the test. It takes less than one minute to complete. The results shown below are for an iPhone 6 running iOS 11.21, and for an iPhone 6S running iOS 10.3.3.

Reading The Results

The app tells you how long it took, in seconds, to complete a test. The longer it takes, the slower your iPhone is. For an iPhone 6, you can see that it can be as slow as 12 seconds as per the meter and our results were similar with the test taking 11.354 seconds to complete. That’s almost 12 seconds.

The iPhone 6S fares better however it’s running iOS 10.3.3 and not iOS 11.2.1 which is full of bugs and slows devices down even more. Neither of the two devices are in the ‘safe’ green zone which means they both need a new battery to return to their original or better performance states. If you were wondering whether or not the new battery would make a difference or just how slow your iPhone is, this is simple proof. If you want more details, consider using Geekbench.

I should mention that batteries don’t wear out at the same pace for everyone so your results will not be the same as those for our test devices. In fact, I ran this test on another iPhone 6 running iOS 11.2.1 and it took 9.283 seconds to complete which is better than the 11.354 seconds on the original test device.

Share This:

Microsoft Pauses Patch After Bricking PCs

Microsoft has suspended the release of its fixes for the catastrophic Meltdown and Spectre bugs, after they reportedly bricked computers running AMDs processors. Certain customers who installed Microsoft’s fix for the scary CPU bug found their PCs unable to boot.

Microsoft pauses patches for AMD devices after bricking people’s computers

The software giant has confirmed the existence of the problem, and is laying the blame at AMD’s door. According to Microsoft, AMD’s shonky documentation is at fault, with the company saying:

“Microsoft has reports of customers with some AMD devices getting into an unbootable state after installing recent Windows operating system security updates. After investigating, Microsoft has determined that some AMD chipsets do not conform to the documentation previously provided to Microsoft to develop the Windows operating system mitigations to protect against the chipset vulnerabilities known as Spectre and Meltdown.”

That’s scant comfort to those affected though, with social media and Microsoft’s support forums both filled with the caterwauling and gnashing of teeth from those affected.

Share This:

2 New Secruity Threats Plague Apple Devices

This has been a bad month for Apple. First there was BatteryGate now we are told about a widespread security threat with Apple devices – across the board.


Apple confirmed the existence of two vulnerabilities – Spectre and the worryingly-titled Meltdown – in a blog earlier this week but insisted that users are not currently affected.

The tech giant explained that “nearly all computing devices and operating systems”, so not just Apple’s, are affected by the security issues, and it is working on a resolution.

“All Mac systems and iOS devices are affected, but there are no known exploits impacting customers at this time,” it reassured users.

“Since exploiting many of these issues requires a malicious app to be loaded on your Mac or iOS device, we recommend downloading software only from trusted sources such as the App Store.”

It’s not all bad news, though, as Apple has also confirmed that Apple Watches are not believed to be affected by either Spectre or Meltdown at the moment.

Hey at least my Apple Watch is secure!

In a bid to protect users’ devices, Apple has released mitigations in its latest software updates, and promises to release similar fixes in Safari to tackle Spectre.

News of a security threat comes after Apple was forced to apologize for intentionally slowing down operating systems on older handsets in a bid to combat ageing batteries.

Share This:

Apple’s BatteryGate Leads to Cheaper Battery Replacements

Apple doesn’t issue apologies lightly. And the company doesn’t like missing an opportunity to make money. However, Apple ended 2017 offering a begrudging apology, and reducing the price of replacement iPhone batteries. Bringing Batterygate to a satisfying conclusion.


In December 2017, Apple finally admitted to what many people had suspected for a long time. Namely, that the company was slowing down old iPhones. This was intentional, not to force users to upgrade, but to prevent old iPhones from shutting down when they were overworked.

While Apple’s intentions were pure, some users weren’t happy with what they saw as a feature intended to reduce performance. Especially as Apple chose not to inform users of the feature, let alone give them control over its deployment. And Apple has now responded to the backlash.

Apple Actually Apologioes for BatteryGate

Apple has apologized for the confusion over the way older iPhone batteries are managed. In the apology, Apple rejects the notion of planned obsolescence, saying it would “[never] intentionally shorten the life of any Apple product, or degrade the user experience to drive customer upgrades.”


The company then explains how old batteries affect performance, and further explains the software update it added to iOS 10.2.1 to help prevent iPhones shutting down unexpectedly. Apple then details the things it’s doing to help address customers’ concerns over older iPhones.

Replacing Battery at a Low Cost

The big news is Apple is reducing the price of replacing an out-of-warranty iPhone battery from $79 to $29. This is available worldwide to “anyone with an iPhone 6 or later” until December 2018. And who knows, maybe Apple will permanently reduce the price as a gesture of goodwill.

Apple is also promising to release an iOS update in early 2018 that gives users “more visibility into the health of their iPhone’s battery”. Which is all most people annoyed by the news Apple was slowing down older iPhones really wanted. Because being upfront with customers is the key.

While the apology comes across as passive aggressive, any apology is better than no apology, especially from Aple. And reducing the costs associated with replacing an iPhone battery is a welcome resolution to the problem.

Share This:

2017’s Worst Passwords

It’s probably safe to say that everyone on the internet knows by now that using easy-to-guess, insecure passwords like “123456” or “password” is a bad idea. But as it turns out, many still don’t care.


Password management application provider SplashData on Tuesday released a list of the 100 Worst Passwords of 2017, compiled from more than 5 million passwords leaked during the year. For a fourth consecutive year, “123456” and “password” took the top two spots on the list.

The list included plenty of other usual suspects like “qwerty” (No. 4), “football” (No. 9), “iloveyou” (No. 10) and “admin” (No. 11), along with some new additions, including “starwars,” which ranked as the 16th worst password of 2017.

Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use. Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

Other new additions to the list this year included “letmein” (No. 7), “monkey” (No. 13), “123123” (No. 17), “hello” (No. 21), “freedom” (No. 22), “whatever” (No. 23) and “trustno1” (No. 25). It should be clear that using any of the passwords on the top 100 list will place you in grave risk of identity theft.

We reccomend using passphrases instead of simple passwords. Passphrases should include at least 12 characters and a mix of characters, including upper and lower cases. Unique passwords should be used for each website and manged through a password manager, like LastPass.

Without further ado, here’s SplashData’s list of the top 25 worst passwords of 2017. To see the full 100, click here.

1 – 123456
2 – password
3 – 12345678
4 – qwerty
5 – 12345
6 – 123456789
7 – letmein
8 – 1234567
9 – football
10 – iloveyou
11 – admin
12 – welcome
13 – monkey
14 – login
15 – abc123
16 – starwars
17 – 123123
18 – dragon
19 – passw0rd
20 – master
21 – hello
22 – freedom
23 – whatever
24 – qazwsx
25 – trustno1

Share This:

Apple’s “Slowdown Gate” Emerges

Apple has confirmed what many people have suspected for a while… that it slows down old iPhones on purpose. However, Apple insists this isn’t an attempt to force you to buy a new iPhone. Instead, it’s to help old iPhone batteries carry on working properly despite their advancing years.


Lately, people have been complaining that their old iPhones were slowing down. Which led to this Reddit post. Which led to this benchmark comparison by John Poole. This shows that Apple has indeed introduced something designed to artificially limit the performance of old iPhones.

The Smoking Gun for Planned Obsolescence?

There has been a common belief for years that Apple employs planned obsolescence, which means limiting the life of a product in order to sell newer versions. However, Apple has never admitted as much, and it’s difficult to find hard evidence. Is this the smoking gun we needed?

In a word, no. Yes, older iPhones will slow down over time, but no, this isn’t a ploy to make you go out and buy a new one. Instead, this was a fix to stop old iPhones unexpectedly shutting down when the demands being placed on the battery were too great. At least that’s Apple’s explanation.

This does actually make sense. What would you prefer? An iPhone that plods along at a slower pace or an iPhone that crashes every time you try to play a game? Apple obviously does want you to upgrade every two years, but it’s unlikely that this feature was a way of encouraging that.

Additional Questions Apple Needs to Answer

I can’t be alone in thinking Apple needs to answer some additional questions here.

  1. Shouldn’t you have informed users of this feature?
  2. Shouldn’t this be optional for each individual user with an old iPhone?
  3. Shouldn’t it be easier to change iPhone batteries? We doubt we’ll get answers, which means this will annoy owners of old iPhones. Even if it is for their own good.

It will be interesting to see how Apple continues to respond to this growing problem as their credibility struggles to rebound.

Share This:

Snoozing Friends on Facebook

We all have that one Facebook friend. You know the one I mean — they post oodles of updates on one particular topic, usually one which doesn’t interest you, or might if they weren’t saturating your entire Newsfeed with the stuff. (I plead the fifth when it comes to my own friends.)

You don’t want to unfriend them, or even unfollow them. You just, you know … need a break. Facebook today introduced Snooze with exactly that idea in mind. If you hit Snooze on a friend’s profile, you won’t see any of their updates in your Newsfeed for 30 days.

The feature has been in testing for a few months. There are certain social media features I look at and think, “Who could possibly use that?” But this one I’m pretty sure could see widespread use.

The feature rolls out to everyone today.

Share This:

What The Net Neutraility Vote Means To You

What Was Net Neutraility?

Net neutrality is a term used to describe a set of regulations that ensure all information flowing over the internet is treated equally. It means companies cannot block websites or offer certain companies faster loading speeds for money.

For example, internet services providers like Verizon and Comcast are currently prohibited from charging you more money to visit sites such as Netflix and Youtube. Verizon and Comcast are also prohibited from charging Netflix and YouTube to prioritize their traffic over other websites or services.

Until now, the internet mostly evolved under net neutrality principles. This meant that the internet was something of a meritocracy. The best idea would conceivably win out, even something like two guys starting a search engine out of a garage.

Without net neutrality, this could change, opening up the door to corporate domination of the internet.

What Happened Yesterday

The Federal Communications Commission (FCC) voted on a party line vote today to rescind the net neutrality rules passed by the agency under President Obama. Two Republican-appointed commissioners joined agency Chairman Ajit Pai in a 3-2 vote to rescind the order and return to a standard that closely resembles the way the internet has been regulated for most of its existence. The vote was briefly delayed after security cleared the hearing room in the middle of Pai’s remarks in order to conduct a search.


The Obama era rules reclassified internet service from a Title I information service to a more heavily regulated Title II telecommunications service, essentially treating it as an early 20th century utility, like the phone system.

The Problem Deifined

The rules generally required internet service providers to treat most pieces of information that flowed over the internet equally, effectively setting up a non-discrimination standard for network management, content, and pricing. These requirements will no longer be in force. 

Instead, the FCC will require ISPs to be transparent about their services, meaning that bandwidth throttling or other network management practices, which have sometimes been opaque to consumers, would have to be clearly labeled. The Federal Trade Commission (FTC), meanwhile, would be empowered to regulate anti-competitive or anti-consumer behavior, stepping in when internet companies make promises to provide a service that they do not keep.

As a result the federal government will stop managing the Internet leaving consumers at the mercy of their internet providers.

The regulatory rollback has been the subject of intense criticism from Democrats and activists, and even a small number of Republican lawmakers.

The shift in strategy is telling: Netflix favored net neutrality rules as a way to preserve a business advantage. As it has grown, it no longer needs that advantage. The debate over net neutrality was always, in part, a tug-of-war over regulatory advantage between tech industry giants. Today, the FCC took steps to stay out of the fight — and remain a neutral regulator over the net.

How This Can Effect Everyone Who Uses the Internet

Imagine having to pay an extra $10 per month so that Netflix streams fast enough to watch movies. Or that an app creator needs to pay AT&T millions of dollars so that new customers can actually access it on the company’s wireless network.


These accessibility issues are the kinds of things that net neutrality proponents theorize could happen without regulations. Once major companies are able to start negotiating with each other over how data flows across the internet, there’s no shortage of ways to pass higher costs on to consumers while scuttling innovation.

There is Hope

The FCC will face a volley of lawsuits as a result of their vdecesion yesterday. These lawsuits will argue that the FCC did not make this change on the merit of the facts and that the move itself is a violation of what the FCC is mandated to do.

Those legal challenges bear a decent chance of overturning the FCC’s actions, though it’s far from a sure thing.

Previous court rulings have essentially laid out why the FCC could and should regulate internet providers as done under the Obama administration. And courts have generally upheld those rules since then.

It’s a silver lining on an otherwise very dark cloud.

Java security sandbox tricked into
granting full computer access to Applet

(September 4, 2013; VU#810566; S0391991; other vulnerabilities)

New JAR file attributes: The release notes for Java 7 update 25 talk about new permissionsand codebase attributes in the MANIFEST.MF JAR file. According to Oracle, “These attributes are used to verify that the application is requesting the correct permissions level and is accessed from the correct location.”

The security problem: Java 7 update 25 (1.7.0_25) will enforce permissions and codebaseMANIFEST.MF attributes only when an Applet is run from a web server, but Java will ignore permissions and codebase MANIFEST.MF attributes when the applet is run locally from any local file system.

The implications: A Java applet, code-signed to only run in the Java security sandbox, and run on one very particular web site — can be repurposed and run with all-permissions from the local file system.

The security risk: Unknown. It all depends upon the repurposed Java applet.

Example ONE: Running an all-permissions applet in a sandbox: Take Oracle’s JavaDetection.jar applet (run from that is code-signed by Oracle with:

Permissions: all-permissions

So, signed for full access to the computer, and may only be run on And sure enough, when run from a web server, the security popup (immediately right) clearly shows that the applet wants all-permissions to run.

However, create a folder on your local computer, for example c:\javatest\, and place Oracle’s Applet inside the folder, and this index.html:

<applet archive=JavaDetection.jar code=JavaDetection.class width=1 height=1>
<param name="permissions" value="sandbox">

Now open up the index.html, and notice that the security popup is now running the applet inside a sandbox (see popup above right).

Example TWO: Running a sandboxed applet with all-permissions: Take Duckware’s javahelp.jar (view web page). It is code-signed to only run inside the security sandbox

Permissions: sandbox

And sure enough, when run from a web server, the applet says that it will be run in the security sandbox (see security popup right).

However, place the following index.html and into c:\javatest\:

<applet archive=javahelp.jar code=javahelp.class width=800 height=600>

Notice that there is no permissions param in the applet tag. The result is that Java will gladly attempt to run the applet with all-permissions, totally ignoring the Permissions: sandbox that is inside the code-signed JAR (see security popup right).

SOLUTION: When there is a Permissions tag in a code-signed MANIFEST.MF file that MUST be used (and can not be changed by an applet param). Oracle needs to get serious about Java security. Since a MANIFEST.MF should contains a permissions setting, the permissions applet param MUST be deprecated (because it is not code-signed).

Oracle REALLY needs to get serious about code signing JAR files. The code signing process MUST PRODUCE AN ERROR message if PermissionsCodebase, orApplication-Name are missing from the MANIFEST.MF file.

The intent of the publisher must be clear, unambiguous, and code-signed.

And of course, Oracle can enforce this at run-time because signed JAR’s should (must!) also have a timestamp. So, any JAR produced after a time deadline that Oracle sets, must have those MANIFEST.MF settings. Otherwise the Java VM should refuse the run the JAR, because Publisher intent is ambiguous.






You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *