How to get updates for Windows 7, long after Windows 10 came out

Like many Windows users, I had Windows 7 on my machine and was perfectly satisfied with it before Microsoft “encouraged” me to upgrade to Windows 10. This “encouragement” included some tactics I consider aggressive, such as making the normal Windows Update utility — necessary to get security patches — install Windows 10 by default.

If you are a Windows 7 user who chose not to upgrade to Windows 10, I have good news! You can still get routine system updates, including security patches, without migrating to Windows 10. Here’s how:

1. Open Internet Explorer
2. Go to
3. You may get a response saying your browser is out of date. If you do, follow Microsoft’s advice and install Internet Explorer 10, then come back to

From there, you will see the familiar Windows Update interface.

I tried this today to set up a test machine at work, and it worked great.

I learned the method today from WikiHow (it’s Method 2).

Shewstone Publishing

ShewstonePublishingLogo I’m aware that it’s been more than 2 years since I’ve posted to this blog. This long, quiet period coincided with the launch of 5th Edition D&D at Gen Con 2014. 🙂 2014 was my first Gen Con. Since then my engagement with roleplaying games has been reinvigorated and I’ve been putting my time into world-building, adventure planning, and roleplaying with my friends (plus more than a little Fallout 4).

Another new pastime is my new (tiny) company to publish roleplaying games. Our first product is still a long way off but I have a very clear idea what it will be, and it will be great.

Henceforward, I’ll be posting most of my roleplaying-related articles on my company blog, Shewstone Publishing. Please check out that site for teasers and (eventually) news about my upcoming game.

Why Programming Sucks

I came across an amusing blog post about why programming sucks. I actually like my job, but I have to say, this author really nailed what’s annoying about it.

Understanding Heartbleed

Train wreck at Montparnasse 1895

From a software engineer’s point of view, Heartbleed is a complete train wreck.

This week, a major security bug called Heartbleed was discovered. Technology sites for programmers, system administrators, and security experts have been abuzz about it all week, but I haven’t seen much coverage of it in the mainstream press. I was able to find this article at

In a nutshell, Heartbleed affects a large fraction of the Web sites on the Internet. It enables an attacker to observe any supposedly-encrypted information that goes into or out of an affected Web site. You’ll notice that is pretty much the opposite of what encryption is supposed to do. Any data you send to an affected Web site — including your password, your financial information, Social Security number, anything — could have been seen and recorded by the Russian mob or those Nigerian scammers: anyone. There is no way to know who has been eavesdropping for how long, or what they’ve overheard. The bug existed, undetected, for over two years before it was discovered this week.

This is a big deal. It is potentially much more serious than the Target security breach that made front-page headlines last winter. In the case of Target, we know what data was disclosed (credit card information) and we even know the affected account holders, so we can start to repair the damage and move on. With Heartbleed, we don’t know what data was disclosed, so we don’t even know what the damage was, yet. I expect the aftershocks of this crisis will be felt for a long time to come. I suspect the reason mainstream media aren’t running with the story yet is they lack the imagination to immediately see its importance.

Security expert Bruce Schneier said of Heartbleed, “‘”Catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”

What You Need to Do

On affected Web sites, your secure Internet connection wasn’t secure: any data moving between your computer and that Web site could have been seen by an attacker. Since the Heartbleed bug is now known to approximately every black hat in the world, there’s a good chance someone eavesdropped on any site that had the bug, but didn’t fix it fast enough.

Account passwords are a high-value target and it is likely that many username/password pairs have been intercepted. The only way to rule out yours being among them is if you know how the Web server was configured. Most user’s don’t know that and most companies don’t tell.

This means you need to change all your passwords — but there is no point in doing that till after companies have fixed the Heartbleed bug. A fix is already available so it is just a matter of time until all the company’s servers are upgraded with the fix. According to this article from CNN/Money (posted yesterday, April 11), Yahoo, Amazon, Google, and OKCupid have finished rolling out their fixes and are now secure. You can change your passwords there immediately. For other sites, it’s hard to say: banks and financial companies are probably fixed by now, and the rest will have time to catch up over the weekend. So you should stay off secure Web sites until about Monday, and then change your passwords.

Since you have to change your passwords anyway, now is a good opportunity to improve your password practices.

Understanding Heartbleed continued »

Today we’re having another winter storm here in New England. I was getting tired of all the advertising (and third-party tracking cookies) at the Weather Channel web site, It finally occurred to me that all the weather alerts was sending to my cell phone come from the U.S. National Weather Service, and the National Weather Service has its own web site:

You can get all the same up-to-date weather information there, without the glitz and flummery of the Web site, and without the advertising and tracking. Somehow it took me years to realize this, so I thought I would share.

The Day We Fight Back Against Dragnet Surveillance

The Day We Fight Back banner from the Electronic Frontier Foundation

Feb. 11, 2014 is the day we fight back against illegal, unconstitutional government surveillance.

Today is the day we use the democratic process and our right of free speech to fight back against unconstitutional government surveillance. Please join me, the Electronic Frontier Foundation, the American Civil Liberties Union, and other technology and civil-rights groups in contacting your elected officials and demanding they restore the right to privacy.

If you come across this post and Feb. 11 is already over, it’s not really too late. Call or email your elected representative anyway. 🙂

If you live outside the United States, demand your government stand up for your rights and refuse to cooperate with US intelligence programs, data-sharing agreements, and telecommunications treaties.

Lawsuit Accuses Gmail of Wiretapping

Right after my post yesterday about an anonymous search engine, I found a headline that a class-action lawsuit accusing Gmail of violating anti-wiretapping and privacy laws is set to go forward.

It’s better if you read the article for details, but the gist of the case is that Google uses software to scan, profile, and track email sent and received by Gmail users for purposes of advertising. Non-Gmail users who send to a Gmail address never agreed to have their messages scanned by a Google, the plaintiffs allege. Google’s lawyers moved to have the case dismissed, and the judge refused the motion. So, evidently, there will be a trial.

Stop Your Search Engine from Spying on You

DuckDuckGo: Better Instant Answers, Less Spam & Clutter, Real Privacy

I’ve started using DuckDuckGo instead of Google, because DuckDuckGo doesn’t track users or tamper with their search results.

I quit using Google for Internet searches a couple of months ago.

I did that because of yet another story in the tech press about Google customizing search results to each user. In a nutshell, what Google does — and has been doing for years — is build a detailed profile of each user’s search history, and try very hard to prioritize search results based on what it thinks that user likes. Why Google thinks this is a good idea is deeply unclear to me — the whole point of searching for information is to find things I didn’t know and haven’t seen before.

In fact, I would go so far as to say that tampering with search results to show different things to different people is manipulative. It offends me and makes me suspicious of Google’s motives.

Futhermore, Google (and the other tech giants, Apple, Yahoo, Microsoft, and most especially Facebook) make a great deal of their money by tracking and profiling their users. As my favorite security expert, Bruce Schneier, put it, “[t]he primary business model of the Internet is built on mass surveillance…” A lot of people seem concerned about the NSA spying on innocent citizens, yet many fewer people seem concerned when Google and Facebook do the same thing. I am puzzled by that reaction, because in my experience corporations are generally not more trustworthy than the government. And, the same Bruce Schneier article I quoted previously points out that a lot of the government spying is done by obtaining users’ profile data from tech companies. Google, Facebook, and Yahoo are handing over those detailed profiles they’ve built to the government on demand, even though it would be illegal for the government to collect that data itself.

In the Internet age, I firmly believe that we users should defend our privacy as much as possible. Anything we read can be used against us — to charge us higher prices and harass us with annoying advertisements, certainly. But think about the power that Google has. Tampering with search results is like changing the books on the library shelves before a patron walks in. It reminds me of the novel Fahrenheit 451, but much more subtle and insidious. Remember the power newspaper moguls of the early twentieth century wielded, and ask yourself: are Google and the other tech giants better citizens than that?

To replace the empty space where Google used to be, I’ve found DuckDuckGo. It’s a search engine whose business model is not based on mass surveillance, and who doesn’t tamper with your search results — it shows the same results to everyone. DuckDuckGo’s Web site does a much better job of explaining this than I have time to do. It explains why it’s against our interests to be tracked and why customized search results are a detriment, not a benefit. It also explains how they can possibly make money while bucking the surveillance trend. You can add it to your browser as a search plugin: here’s the one for Firefox.

Another alternative is to just use Wikipedia as your search engine of first recourse, and use the external sites linked on the Wikipedia page to get to authoritative sources. This works pretty well for finding hard, factual information. Back in the 1990s, this was called “surfing the web,” and it’s what everybody did to find everything before Google came along. There were search engines then, but they were terrible: they gave different results every time you searched, and always left out a lot of relevant pages. The more things change, the more they stay the same.

I’m on a Podcast!

Actually, I’m on two. CJ Romer graciously invited me to appear on his Ars Magica fan podcast, Arcane Connection. I’m on Episode 9, which is about a type of Ars Magica character called grogs, and on Episode 10, which is about House Flambeau.

Both of these podcasts are aimed at Ars Magica fans so they’re a little, well, arcane for a general audience. If you’re new to Ars Magica, you’ll find Episode 1 a better starting point.

D&D Platest Update

A few months ago, I wrote about my experience with the D&D public playtest. There have been two updates to the rules since then, and they look to be heading in approximately the right direction again. The designers have dropped the concept of skill dice and they’ve straightened out the design of the rogue that gave us so much trouble back in January.

At the same time, I am not getting a sense that the design team has a clear agenda. They seem to be muddling along from survey to survey. Two weeks ago, Mike Mearls (lead designer) wrote a column pondering what the concept of hit points should mean. Mr. Mearls did take a reasonable stance on the question, but the fact that he’s still devoting his column to such a basic design question makes me wonder when and whether we are going to see the design team really commit to anything.

That is why I’m dropping out of the playtest process. When I’ve playtested in the past, it was for the Ars Magica system. Their playtest process is conceptually very different from the way the D&D playtest process is unfolding. An Ars Magica playtest is like an editorial review process: the author commits to a design and the playtesters try it out and report back with how they liked it, what worked, and what didn’t. The author then revises based on the diverse feedback from the different playtesters. The D&D playtest appears to work differently: it seems to be more of a focus group (my cynical side would call it a “popularity contest”) where the designers throw out a different, competing idea each iteration and run a survey to see which one caught on.

That leaves me cold for a couple of reasons. Most importantly, I think designers should have their own vision and try to adapt it to the market based on feedback, rather than expecting the market to make all the major decisions for them. Imagine if George R.R. Martin tried to write the next Game of Thrones novel by sending around a couple of different versions of each chapter and running a survey to see which one was most popular. That would be ridiculous — the reason people read Mr. Martin’s books is that he has his own style and his own master plan for the plot. People value that (even if, like me, they don’t like every creative decision the author makes). So, I think the design-by-committee approach lacks integrity and will ultimately be a disservice to the customer by producing a mediocre product. It’s an understandable over-reaction the the “edition wars.” The designers seem to be bending over backward to please everyone, without realizing that in so doing, they’ve lost track of the designer’s role.

On a more practical level, it also means that each iteration of the playtest is going to be different from the last, and will not necessarily bear much resemblance to the final product. To stay in the playtest, my group would have to re-learn the rules every time we sit down to play. Now that I know that’s the expectation, I’m not interested in paying that cost. I can’t get a group together as often as I’d like to. To spend a lot of time learning each version of the playtest rules, only to have them change in extensive and arbitrary ways next time around, does not appeal to me.

So, now that I’ve figured out what Wizards of the Coast actually wants from the playtesters, they can count me out. I no longer believe the game is necessarily going to be bad. I have no idea what the final game is going to be like. The playtest drafts don’t really tell me: anything could change at any time. Maybe the next edition of D&D will be as great as my first playtest experience, or maybe it will be as lousy as my second. I’ll take a look at it when the design team have finally made up their minds.