Author: M3 Sweatt

Categories
Uncategorized

New Time Zones are Uncommon, but Not Unheard Of

Over the last few days I saw some reactions to the post in the post to Microsoft’s Daylight Saving Time & Time Zone Blog noting that Microsoft may accommodate North Korea’s new time zone. As highlighted, the Windows team is currently investigating the creation of a new time zone to address this change, and the update as well as the change details will be available later this month or the beginning of September. This post was in response to the widely reported announcement by the Korean Central News Agency, indicating that the DPRK will move to a time zone of its own time zone on August 15. The new time zone will have an offset of UTC +08:30, putting North Korea 30 minutes behind South Korea.

As some in the press have noted, such changes are uncommon in general, but not necessarily for Microsoft. We’ve seen this happen in the past, as countries moved their time zone in a similar fashion. (I received an informative article on “Why nations switch time zones” from a friend, which includes look at other past changes as well as this change. )

I recall working in the Windows group as we tracked the move to implement a new time zone in Venezuela back in December of 2007. We first had information on the change a few months prior to the move, and then followed the machinations as the country attempted to determine the exact date of the change. As countries and sovereign nations implement new time zones that don’t correspond to an existing time zone, we have the option of adding a new one to our products and services.

Even if you didn’t live in Venezuela, there were many reasons for ensuring your devices reflected the time zone update. As we called out during the change in Russia’s daylight saving time in 2011, while such changes directly affects those living in the country, there can be global ramifications on trade, commerce, travel, communications and other factors. If you wanted to know the correct time in a country, ensuring your device is up to date and accurate is essential. The same is true for other places, given that many customers around the world use Windows-based products and may have a need for knowing the correct time in another location.

Most applications and services reference the underlying Windows operating system for their date and time related rules, with some exceptions. As the team in Windows and our Trustworthy Computing group monitor the DST and TZ changes around the world, they outline various software updates to select Microsoft products (including various releases of the Microsoft Windows operating systems, Microsoft Office and other applications) for various products and services in support.

Categories
Uncategorized

Be careful out there: Windows 10 upgrade scams

Earlier this month, I read on the Cisco Security blog that the Talos Security Group outlined “a spam campaign that was taking advantage of a different type of current event.”

In this case, the launch of Windows 10 upgrades.

A good resource is the new post on email and phone scams claiming to be the Windows 10 upgrade.

“If you have received an email with an attachment that claims to be the Windows 10 upgrade, or have received a call offering to help walk you through the Windows 10 upgrade, please do not open the attachment or follow their instructions.

“Unfortunately, cybercriminals are trying to capitalize on the great momentum of Windows 10, with nefarious email, web, and phone scams directing our customers to install ransomware and other malware.

“Windows 10 is a free upgrade offered by Microsoft which you can take advantage of by reserving your free copy online, or by visiting a Microsoft Store near you to secure free upgrade services.

“Microsoft does not initiate calls to customers to assist with Windows 10 installation or technical support, nor do we send emails with installation files attached.  If you have been contacted by telephone or if you have received such emails with attached installation files, consider these fraudulent and do not share your personal information or open the attachment.”

What should you do?

First and foremost, know that Windows 10 will not be delivered through any links in emails. As you’ve probably read, the free upgrade to Windows 10 is being made available in stages, so you may not be able to get it yet. At the office, most of my machines have been upgraded to Windows 10 (given I’m part of a managed, enterprise network).

If your PC is qualified (you can find out more about that here), you will be able to make the move to Windows 10 soon.  Visit http://www.windows.com/windows10upgrade to learn more about Windows 10 and how to upgrade your device for free. (There’s an app for that, too: here’s how to install the “Get Windows 10” app.) A few of my PCs at home haven’t received the upgrade yet: that’s normal. Just like the shoe maker’s children, it reminds me I need to make the time to back up those PCs and then update the machines with installation media on a USB flash drive as available here.

Next, learn what a fraudulent email message looks like, and be wary of phishing attempts. And share this with your less technical friends and family. As called out on our Security site, criminals do their darndest to get you to click on or respond to a phishing email, fraudulent websites, and nefarious phone calls all designed to steal your identity, data and ultimately your money. They’ll also use social engineering techniques to get you to do things that would put your Personal Identifying Information (aka PII) at risk. On our security glossary, we explain that this is…

“A method of attack that targets people rather than software. Social engineering is designed to trick you into doing something that benefits the malicious hacker, such as opening or downloading a malware file or giving away your personal information. It can be online, such as an email that tricks you into opening an attachment, or offline, such as a phone call from with someone pretending to be from your bank. However social engineering happens, its purpose is the same – to get you to do something that a malicious hacker wants you to do.“

And be sure to report these scams:

Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, be cautious! Read the 11 tips for social networking safety. If you need support, contact one of our technical support experts on the Microsoft Answer Desk or call us (in the States) at 1-800-426-9400 or on one of our customer service phone numbers around the world.

Categories
Uncategorized

Your questions on the upcoming leap second

Just back in the office from a trip, I found several questions in my email box in regard to the upcoming leap second. I thought that I’d take a moment or three to answer several of the questions there, some not covered in past posts.

The first question on everyone’s mind could be summarized best as…

“Is there anything special I need to do to my computer or tablet?” (related questions included: Is there a hotfix for this leap second? When will I see the update applied? Will most average computer users notice the leap second? Is there anything they should do to prepare?)

Generally, as a Windows computer user, there’s nothing in particular to do – no special updates or hotfixes to apply. As I covered in this earlier post (and also summarized here), current supported versions of the Windows OS are plumbed to deal with such additional leap second. It’s recommended that you set your PC to sync with an Internet time server via the Control Panel in Windows 7 (as noted here), or in the PC Settings for “Time and Language” on Windows 8.1 (as shown here). With that done, you should be good to go. (If you’re device is part of a domain – such as PC provided by your company for business – then your clock sync is likely managed by your IT administrator.)

As called out on the Windows site with instructions on How to Set the Clock, you can sync your device clock with an Internet time server of your choice to help ensure your device’s clock is accurate. Typically time is updated once a week when your device is connected to the Internet, or the clock sync may be managed by your administrator (with domain joined devices). As a user, you probably won’t notice the extra second nor see any impact to your Windows devices.

Next was on the impact of the leap second on devices…

“Will this leap second cause any problems on my system?”

Generally, no, as my associate Matt Johnson noted. Usually leap seconds don’t cause a problem unless you are timing things less than a second in duration, or if you are re-sorting events that occur in high frequency. As Matt called out, most software applications and services have to cope with minute time adjustments to the system clock for a variety of other reasons anyway, and leap seconds are no different. I say “generally” as folks who need highly accurate time sources should refer to the detailed post on high accuracy W32time requirements on how to configure the Windows Time service for high accuracy environments and Kerberos standards. (NIST’s Physical Measurement Laboratory provides a list of several high accuracy manufacturers of time and frequency hardware receivers and software providers.)

Next was on the hype around this new leap second contributing to a Y2K event…

“I heard that the last time we had a leap second, the Internet melted down.” (Related: [Some have] compared this to the Y2K problem. Is that an accurate comparison? Will there be a massive disruption of computers and services? )

First, that’s not really a question but a statement I have heard a number of times, and not a true statement at that, as I noted in this appropriately titled post. Some reports (like this one in USA Today) were quick to associate the addition of a leap second in 2012 to the bug that “took down much of the Internet.” Generally, consumers have nothing to worry about when it comes to this non Y2K event: the timing of the 2012 leap second happened to unfortunately coincide with a power outage that impacted their service provider (as noted by the BBC). Yes, there were some reported impacts as noted by Robert McMillan at Wired in his post “The Leap Second Is About to Rattle the Internet. But There’s a Plot to Kill It”. But when the last leap second adjustment was made (back on June 30, 2012), I don’t believe we at Microsoft had any reports of leap second related issues for any of our products including Windows and Azure (or any customer applications running on Azure).

Then there’s a question about services…

“What about online services?”

Similar to connected devices that rely on NTP, various cloud systems also obtain NTP sync in similar ways, keeping in mind that cloud services aren’t just fluffy concentrations of water vapour but (in our case) more than 100 global datacenters supported by a multi-terabit global network. How leap seconds are applied to and appears on a local machine clock may be different from an online service but share many of the same traits as documented and understood in Windows, upon which Microsoft Azure has its origins. In speaking with the Azure team, I learned the service has been designed to be resilient to clock discrepancies across our numerous infrastructure components and regions. Azure has proven application compatibility for handling leap seconds given it uses the Windows time-synchronization protocol, which is used by all Windows systems.

And then this question about when to adjust your watch…

“Should I set my watch at midnight?” (related: Is this similar to New Year’s or the adjustment for daylight saving time?)

Unless your watch is accurate to the second, or you happen to live in an area like Casablanca, Morocco, no. Contrary to some media reports, the change does not happen at midnight local time in each time zone, unless that time zone currently has a zero offset from Coordinated Universal Time or UTC (en Francais, temps universel coordonné) meaning the country uses the UTC+0 offset (like Morocco). For me and my compatriots in Redmond (which is UTC -7:00), the leap second will be added on June 30, 2015 at what essentially will be 4:59:60PM local time. And it doesn’t hit everywhere on June 30: some time zones will see the leap second added on July 1: folks in London will see a leap second added on July 1, 2015 at 12:59:60AM, and Paris (to which my watch is still set) at just before 2:00AM local time.

Further, unless you’re managing a satellite or a space mission, leave the update to your system: there’s no need to ping the time server manually. If everyone in the world called the Internet time servers at the same time, there could be a strain on the server. 

[063015: I saw another example of the above error on NBC’s “Today Show“, whereas their competitor over on ABC got it right.]

I also received questions on the various approaches of how system providers plan to accommodate the a leap second. Aside from how Microsoft syncs the system clock to the accurate time, I’ll leave the explanations of the benefits and potential drawbacks of the approach to those companies.

 

Also available at https://aka.ms/leapsecqna

Categories
Uncategorized

Another look at the impact of the coming 2015 leap second on Microsoft products (not much)

Drawing of a man holding back the hands of a clock with the caption "You can't stop time"A month from now, we should be looking back at the press that decried the coming Leap Second (caps my own) as a veritable Y2K and wondering “what was all that about?” As I’ve shared previously (see “What’s all this about the Leap Second”) I’ve learned quite a bit about how Microsoft products and services address the addition of a new leap second. Most often, issues of time and date are addressed by the groups involved in managing the Windows OS, plus in this instance by the team managing the Windows Time service. Many of our products and services rely on the underlying OS for time and date, much like the support for daylight saving time and time zone support. There’s a great TechNet post that covers How the Windows Time Service Works.

What you likely need to know: On the Windows Client, current supported versions of Windows are plumbed to deal with such leap second changes via an NTP ping in the Windows Time service (a.k.a. W32Time), as I summarized here. As you may know, W32Time handles regular clock sync, and as root time sources are updated, changes propagate through NTP and adjust network synched clocks. I outlined much about what you may want to know in my post on the story around Leap Seconds and Windows. Essentially, set your PC to sync with an Internet time server via the Control Panel in Windows 7 (as noted here), or in the PC Settings for “Time and Language” in the Control Panel on Windows 8.1 (as shown here), and you’re good to go. (If you’re device is part of a domain – such as PC provided by your company for business – then your clock sync is likely managed by your IT administrator, so again, you should be good to go.)

Background on how a leap second is added: When a leap second is to be added, a notification is broadcast on the day of the event (sometimes in the hour prior) via an NTP flag from the NTP server to all NTP clients. Time services (e.g., time.windows.com) sync with authoritative, atomic clock time servers such as those maintained by the National Institute of Standards and Technology (a.k.a. NIST, at bldrdoc.gov). These facilitate regular clock sync, and as the root time sources are updated, changes propagate through NTP and adjust network synched clocks as well. Technically, IIRC, the leap second is applied by NIST on NTP as a second iteration (a repeat, actually, in binary) of the final second of the day, and would look something like this: “23:59:58… 23:59:59… 23:59:59… 00:00:00UTC”. (BTW, some systems interpret this last second as 23:59:60.) Think an abbreviated, one second version of the issue Emily Blunt faced in Edge of Tomorrow, but without all the bloodthirsty aliens and general mayhem.

How a leap second is reflected in Windows: Contrary to one post I recently read, Microsoft doesn’t implement a leap second time zone by time zone – in other words, in a rolling fashion, like the way we watch new year celebrations count down around the world. Essentially, the leap second occurs at the same time everywhere. Just when your individual device syncs with NTP will likely be different from others. Windows devices that are joined to a domain will attempt to sync with the domain hierarchy. Consumer devices that are not domain joined, sync time less frequently or have intermittent network connections sync the clock most commonly to the Microsoft NTP server, time.windows.com. As these systems do not sync the clock frequently, we’ve stated that “it is impossible to guarantee time accuracy on computers that have intermittent or no network connections.”

Devices that are synched with time.windows.com will eventually sync to the current, accurate time reflecting the leap second. As time.windows.com syncs with NIST time servers, Windows devices are generally accurate and in sync subsequent to the addition of the leap second. Many devices will sync within the first few seconds of 00:00:00 UTC (which some may refer to as “midnight UTC”) on June 30, 2015 / July 1, 2015 as they ping the service. But of course, not all systems sync at or close to 00:00:00 UTC. Microsoft has outlined that W32Time service is not a full-featured NTP solution that meets time-sensitive application needs (see Microsoft KB 939322, Support boundary to configure the Windows Time service for high-accuracy environments). Companies that require critical timing systems usually implement a specific reference clocks that provide highly accurate hardware clock, which when used with Windows, use their own incredibly accurate clock drivers. Whereas Windows is supported to be accurate within something like 3 seconds, these clocks are accurate to within <1s. (If you want to get all nerdy, my friend, Matt, reminded me of my desire for a Meinberg clock, and a great summer project you can DIY with your kids.)

How the leap second is reflected in services:  Various cloud systems obtain NTP sync in much the same way. How leap seconds are applied to and appears on a local machine clock may be different, but this is well documented and understood in Windows, upon which Azure has its origins. (More on that in a second – see also the info in Microsoft KB 909614, How the Windows Time service treats a leap second, and KB 939322, Configuring the Windows Time service for high-accuracy environments.)

In speaking with the Azure team, I learned the service has been designed to be resilient to clock discrepancies across our numerous infrastructure components and regions. Azure has proven application compatibility for handling leap seconds given it uses the Windows time-synchronization protocol, which is used by all Windows systems including the Windows client OS, Windows Server, Windows Phone, and Hyper-V. When the last leap second adjustment was made (back on June 30, 2012) we had no reports of leap second issues for any of our products across Windows, Azure, or the customer applications running on Azure. Similarly, I understand that other Microsoft services, including as Office 365, Dynamics CRM Online, Intune and Azure RemoteApp services, aren’t affected by a  leap second change. I’ll add additional information here as I come across it.

Generally, Microsoft products (e.g., Exchange, Office) and most/all third party apps rely upon W32Time to provide an authoritative view of time, using UTC rather than local time (the time you see displayed by your Clock app and in the Date & Time display). As long as the OS is able to manage the leap second change, dependent applications should generally be fine: there could be implications for apps or services that do not follow standard clock implementations. If an app or service uses another time sync method or has other time dependencies then there could be an impact (e.g., presenting an app with a time reference of 23:59:60 when it doesn’t expect to see seconds greater than :59). More info on some of these concepts with appropriate links here.

Article also available at http://bit.ly/leapsecinfo

[edit: added information in ¶2 on domain-joined devices; added detail in ¶3 on the binary nature of the leap second via NIST]

Categories
Uncategorized

Implications of Proposed Changes to Daylight Saving Time in the United States

This past week, I’ve contacted and spoken with several legislators on the plethora of proposed changes to use of daylight saving time around the States. I even had a call from my friend, Rich Kaplan, the new CEO over at the Microsoft Alumni Network, reminiscing over a few of these recent moves. The efforts fall under two main proposals: to move their state to perpetual daylight saving time, as is the case in Florida, Mississippi (died in committee) and New Mexico*; or, to move to permanent standard time, as proposed in Alaska, Oregon, South Dakota, Texas, Utah** and Washington. (I recently heard that the bill to adopt daylight saving time in Arizona has been held up by the House leadership, effectively dead in committee.) I’m not sure what will happen in Florida and New Mexico, given that the United Sates Code (15 U.S.C. §6(IX)(260-7)) stipulates that states shall either implement the semiannual daylight saving time changes or remain on standard time throughout the year.

Asked what I worry about this now, I recalled Winston Churchill’s quote:

“Let our advance worrying become advance thinking and planning.”

I appreciate that the legislators in several states have thoughtfully called for such changes to take effect in 2017 or later (2021, in Oregon). But a few, like Texas and Washington, would have the changes as early as fall of 2015. Without adequate time to react, such changes can be challenging for individuals to manage and for companies to support. Not a very united effort in the States as a whole.

That’s why Microsoft has recommended (via the tab “Microsoft Policy in Response to DST/TZ Requests” in the left nav of the page) that governments take at least one year from the time the proposals are enacted into law for the change to occur. As an example, I look to the timeline provided in the Energy Policy Act of 2005, outlining sweeping changes to daylight saving time in the United States, that allowed for nearly a year and a half before the change was implemented.

But just as important as the time needed to implement these changes, also consider the technical implications of moving to permanent daylight saving time rather than moving solely to standard time.

imageAs noted in my last post, a few states have proposed to move to year-round standard time and drop daylight saving altogether, a fairly straight forward approach. Given that many devices (PCs, phones, tablets and services) allow you to select whether or not products use a daylight saving time offset, shifting the device between daylight saving and standard time twice a year is fairly simple, and turning off the automated change is quite simple. In Windows, you may check the option for the device to “Automatically adjust clock for Daylight Saving Time” if your time zone observes daylight saving time and you want your computer’s clock to be adjusted automatically when daylight saving time changes. (In the States, that’s on March 8, 2015.)

But moving to permanent daylight saving time may not be easily implemented on devices that are no longer supported and don’t receive updated rules: this includes computers, mobile phones, embedded devices, connected systems and services. For instance, older operating systems that are out of support (such as the venerable Windows XP) no longer receive updates which include the updated set of worldwide time zones and daylight saving offsets.

More information than you’ll care to remember is available in KB 914387, How to configure daylight saving time for Microsoft Windows operating systems.

 

* – an added twist: New Mexico, today in the Mountain time zone, would move in the current proposed legislation to the central time zone and be known as “mountain daylight savings time.”

** – Feb 9, 2015: Latest reports indicate Senate Resolution 1 died in committee.

 

Also available via http://bit.ly/DSTtech