BootVis and bithead

One of the new features Windows XP introduced was the ability for the operating system to record how fast it was at booting, then to optimise itself to boot faster. It does this by measuring the times taken to load all the device drivers and initialise them, then working out all their dependencies; by doing this big calculation, it’s possible to shuffle drivers around in the boot order to make the process complete quicker. How XP achieves this, and how often, has so far been something of a mystery. We knew that the first few boots of a fresh XP system performed such optimisation, but it wasn’t clear what happened after that. Did it ever run again automatically and, if so, how often?

Well, BootVis is a tool from Microsoft that allows you to see exactly what’s going on. When you first run BootVis, you’ll need to acquire some data, so choose File | New | Next Boot+Drivers Trace to make it collect all the information, then do a reboot and restart and wait for BootVis to automatically load the results. You get a lot of information from BootVis once it’s done an analysis run: there’s a set of horizontal time-based graphs, and each one focuses on a specific area of your system.

The first graph is an overall block diagram, giving you a bird’s-eye view of the boot process. The next graph is of CPU usage, and as you’d expect this graph clangs around between idling and 100 per cent, depending on whether it’s waiting for the disk to complete a read. Then come the Disk I/O and Disk Utilization graphs that indicate the amount of disk work that’s happening. Lastly, you get Driver Delay, indicating how much waiting time there is, and a graphical view of Process Creation, which shows when in the sequence services and applications load up.

I have a session running here in a Virtual PC (I prefer that when testing such boot-time applications, so it doesn’t matter if everything goes horribly wrong), and it shows that first the BIOS does its work, then the NT boot loader takes over and the OS goes into its proper boot sequence, starting with about two seconds of disk IO, during which the very core of XP gets loaded – the kernel, the memory management code and so forth. There’s a brief gap of around a second or so, during which the memory and basic hardware on the motherboard are checked out, then the loading sequence starts in earnest, consisting of some 12 seconds of driver loading and ten seconds of driver pre-fetching. Once this is complete, the Registry is loaded and then the video driver system. Finally, the login and server services are started up, beginning at about 20 seconds, with shell initialisation happening at around 35 seconds. (These figures are slowish because I’m running XP in a Virtual PC environment.) It demonstrates just how processor-intensive the boot sequence is and that, after the initial blast load of all the drivers and pre-fetch, disk speed doesn’t matter all that much.

There’s an option on the Trace menu to optimise the system, so I selected this and the system automatically rebooted to do some more work. With the reboot over, a dialog box came up telling me it was optimising the system: ‘Please wait while the boot files are laid out on the disk for faster system startup. This operation might take several minutes’.

Is this all worthwhile? It’s clear that BootVis is an interesting tool that tells you a lot about how your machine is actually starting up, where the bottlenecks are and so on (and it can tell you this for suspend/hibernate too). From an educational point of view, it’s definitely something worth trying, but whether it’s worth running everyday is entirely a different matter. You see, Microsoft has pulled BootVis off its website, saying that XP does all the necessary optimisations every few days and that BootVis adds nothing to the party.
Whether this is the whole truth behind its removal is hard to judge. It’s possible that a tool such as BootVis could occasionally get things so wrong you’d end up with an unbootable system, in which case putting it in the hands of the public wouldn’t be terribly wise. Nevertheless, you’re all seasoned IT professionals who shrug your shoulders at the prospect of an unbootable machine – that’s what your tried-and-tested disaster-recovery solution is for, isn’t it? Obviously then, I have no compunction about recommending that the power users among you ignore Microsoft’s warnings and take an interesting poke around the innards of XP using BootVis. A quick web search will locate a download site holding the file, even if you can no longer get it from Microsoft.

As for whether XP really does the work of BootVis all by itself, and silently too, is something I find hard to believe. I don’t recall XP ever telling me it was reorganising things on the disk and to wait several minutes.

AV integration with Security Center

I’ve been looking at some anti-virus applications recently, and I’m a little concerned that several of them have an unhealthy desire to shut down the XP Security Center and take over its workload themselves, replacing Security Center with their own application. While I’d have no problem with a vendor writing a better Security Center for their own application support needs, I can’t help feeling that this might be two steps forward and one step backwards. I think I’d be happier leaving the Security Center in place and making the AV/Firewall application work properly within the new security framework that Microsoft has provided. How can I be sure that some third-party vendor has implemented everything I need? I can’t, and it’s hard to tell by poking them with a pointy stick.

This reminds me a little of the early days of Windows printing, when some vendors decided to ignore the new printing subsystem and install their own attempts. Some of these were reasonable, but some were so dire it didn’t take long for them to realise the folly of their ways and fall into line by using the then-new Microsoft frameworks. I wonder if the same is happening today – they tell you to use their application because they haven’t got around to working cleanly with the XP SP 2 frameworks yet. Given that SP 2 is now nearly two years old, at least from a beta tester and coder’s point of view, I wonder if sheer laziness is at work?

Sony Rootkit Rant

It’s rare that I get really angry, but it happened this week over the controversy about Sony BMG putting a rootkit application onto a music CD. The news came to me from the excellent www.sysinterals.com website, where Mark Russinovich pontificates on the very advanced, deep and dirty parts of Windows. I’ve recommended this site many times before for its excellent utilities and tools, many of which are clearly best of breed.

So it was with some shock that I read how Sony BMG had stooped to unimaginable levels of irresponsibility when putting a new type of copy protection onto a music CD to prevent you from ripping it. If you attempt to play this disc on a Windows machine, it will insist you install a special Sony media player that lets you listen to pre-ripped tracks, which also enforces DRM (digital rights management) and won’t let you copy the disc. I don’t have any problem with properly thought-out DRM, provided it doesn’t get in the way of my day-to-day work and pleasure – iTunes Music Store works very well for me, although I’d be less happy if I used, for example, the most excellent Roku media extenders because these can’t play ITMS-encrypted material.
But Sony has gone way, way too far. Its new media player and DRM solution installs a rootkit application deep into the guts of your Windows installation, then patches the OS in memory on-the-fly to hide its tracks. It does this by naming its files to start with $sys$, then patching the OS so that any file, driver, application or memory process starting with $sys$ is rendered invisible. That means it’s gone, you can’t see it’s there, and even your AV product can’t locate it, which makes it the perfect place for some malfeasor to hide a trojan or other nasty on your system: just name the file $sys$nastybomb.exe and the user will have no idea it’s there, running in the background.

Worse still, there’s no uninstaller for this horror, and attempts by Mark to dig it out of his system ended up by breaking the system. (Did I mention that Sony makes this nonsense work even in Safe mode, so you can’t dig it out that way?) I’m totally appalled at this and I absolutely won’t allow such behaviour anywhere near any machine I own.

Naturally, you can get around the whole issue by ripping the album on some other platform such as a Mac or a Linux box, and I understand that the title in question is happily being traded on the file-sharing peer-to-peer networks in this way. So here you have a DRM solution that screws up the Windows systems of its honest users, while doing nothing to prevent the dishonest from illegitimate copying it. Well done. Sony, you should be ashamed of yourself for this one.

I note, as I type these words, that Sony has now backed down by releasing a patch that stops the $sys$ cloaking, a pathetically small step in the right direction that’s nowhere near enough. I’m sure Akio Morita would be appalled and is spinning in his grave.

Media Center

I decided recently that it was time to bring myself up to speed with the latest version of Windows Media Center (WMC). The first versions were so sucky and incomplete it was hard to see why anyone would want to use them in anger, and the hardware was pretty unpleasant too. However, Microsoft has just made a big revision to WMC, so the time is ripe for another look.

Getting hold of WMC is actually quite easy (and cheap too). You can’t buy it as a shrinkwrap down at your local emporium, as it’s only available as an OEM hardware bundle, but fortunately some enterprising vendors are selling it along with the Microsoft WMC infrared remote-control unit and sensor. This combination is apparently quite legitimate as ‘an OEM hardware bundle’ in Microsoft’s eyes, so quite why it won’t sell the remote with a WMC upgrade CD in the box is truly beyond my limited imagination.

Installing WMC is a breeze, provided you remember that you can’t do an upgrade – this has to be a clean new installation of the WMC version of Windows XP. And you need to have as much of the hardware plugged into your computer as possible at initial installation, as otherwise WMC will do unhelpful things like not finding the infrared sensor for the remote control and then be fussy about enabling it afterwards.

One of the biggest changes in the new version is the support for multiple TV tuner cards in the same machine, so it’s possible to have two terrestrial digital tuner cards fitted to your PC and watch live TV while the other one is recording to disk. I’m still not wholly convinced by the way the WMC software works: it still runs as a standalone monolithic application, normally running full screen on your Desktop. Everything to do with WMC happens within this application space. Yes, you can shrink down this WMC window so that you can check your email or IM while watching TV, but if the TV window is already minimised within the WMC framework it all ends up scaling down in size and becoming unwatchable. And does it really make sense that I can start and stop the whole WMC system just by running one application? Wouldn’t it make more sense for the TV application to be properly integrated into the Desktop alongside everything else? Then I could decide what I wanted to watch full-screen.
Therein lies the dilemma: when you’re inside WMC you’ll normally be using the Microsoft remote control, which is very similar to countless other TV/video remotes. You’re inside the WMC ‘world’ at that point and so your UI control is via the remote. But go back to the Windows Desktop and the remote control is no longer relevant to any applications outside of WMC. I can see why it was developed this way – they wanted the WMC machine to be a PC ‘appliance’ that runs full-screen on your flat panel, and for Windows-ness and Desktop integration to be something you don’t do on that system. And it’s so much easier to write a private application that runs its own internal world than try to modify the base OS to make it friendly to video, TV and other assorted media.

Maybe I’ve just become too used to running a mixed TV/DVD/application mode Desktop on my bedroom Mac, which has the Elgato TV tuners connected to it. I can run full-screen TV and use a TV-style remote control. Or I can run TV at any size on the Desktop, while also playing DVD, a few web browsers and an IM chat client. Given that most television content today would barely hold the attention of a gerbil, being able to do other things at the same time makes it a very efficient ‘media centre’ for me. With WMC, I’d be hopping in and out of the application to make this happen, whether it be full-screen or windowed on the Desktop. Hopefully, the Vista version of WMC will be much more integrated into the overall Desktop experience, will make good use of the power of the 3D-composited Desktop for video rendering, and the Sidebar for channel selection and programming. I live in hope.

MyPublisher Bookmaker

There’s an application I use all the time on my Mac; namely, the built-in iPhoto tool, a photo-organising, categorising and management tool into which you pour your digital photos – I’m sure you’ve seen the equivalents from vendors such as Adobe. I don’t particularly like iPhoto, because it’s too lacking in power, but the forthcoming Aperture application will be right up my street for professional-quality image editing and management.

The one bit of iPhoto I do use is its ability to put together fantastic books of photographs, lovingly laid out on pages that I can control and edit. It even allows me to specify the front cover, which can be in hard-bound cloth binding, for example. It’s extremely simple to use and a graphical delight. Once I’ve laid everything out and made all the design choices, a few button pushes will send it up my Internet connection to some remote printing site where it’s printed, bound and then sent back via the post within a week or so. I’ve had a number of books built this way, including one of some 90 pages containing 260 photos taken of friends racing at Brands Hatch.

I’ve been looking for a Windows equivalent of this software for friends who don’t have a Mac, and I think I may have found it after being tipped off that Apple was basically incorporating the technology of a third-party company into iPhoto. These hints suggested I should look at www.mypublisher.com and there I found a free-download application that offers much the same editing and compositional functions that I’d enjoyed in iPhoto. The user interface is a little different, but the features on offer are just the same. Obviously, I can’t say for sure it’s identical until I’ve used the MyPublisher site to compare like-with-like, but it certainly looks like the same beast and even offers some capabilities that aren’t available in the Apple equivalent. If you’re looking for book printing of photographs, I recommend giving these people a go. They certainly ship to the UK and their prices are reasonable for what you get back. Hard-bound books full of high-quality photos make wonderful gifts – give it a try!