Microsoft, keep your hands off my keyboard!

The keyboards connected to our computers are essential to controlling every aspect of our computer experience, and to our communications with everybody we communicate with. A very basic aspect of the keyboard, and of our personal choice (it is really a major aspect of our national identity), is the layout of the keys. In my case, I am using a keyboard with a Norwegian layout, which is essential when writing text in my native Norwegian language.

What happens when someone, or something, changes how the keyboard is working?

About a year and a half ago I started working on a Windows 10 machine at work (having used Windows 7 until then), but after I while I started running into a particularly obnoxious problem: The keyboard layout would, occasionally, automatically be changed to the US layout, instead of my Norwegian layout.

For somebody who is reasonably competent at typing without looking on a Norwegian keyboard (aka. the “Touch” method), that is rather irritating, because keys like “<“, “:”, “-“, “æ”, “ø”, and “å” suddenly produce completely different characters. The result is a disruption of my current activities.

After some searching I discovered this thread about it, started in 2016 (and still active), and there are indications in the thread’s references that the problem first appeared in Windows 8, at least as early as 2012, maybe 2011.

Based on information in the thread and its references, what seems to be happening is that Windows 10, being “concerned” that the user’s configuration might not be correct in the context of his or her environment, scans the other Windows 10 machines on the network, or obtains information from computers it connect to, and possibly other information, such as the machine’s geographical location, and automatically reconfigures the enabled keyboard layout based on this information.

I do not know if this is correct, but the name of a registry value mentioned in this information, “IgnoreRemoteKeyboardLayout”, indicates that there may be something to it.

This problem seems to have been affecting many users from non-English
speaking countries, especially those working in multilingual, global companies, or those having moved to a different country.

In Vivaldi, I work with colleagues from many countries and we are all using different keyboard layouts, including German, Icelandic, and US layouts.

The thread I found discusses various workarounds, some of them requiring
you to edit the registry (one of which I used to fix my problems), which is something the average user should never be required to do.

Recently, though, I have run into this again with my personal laptop, and as far as I can tell the workarounds are not just not working anymore, it seems
that the workarounds I did apply earlier were removed somehow, possibly by the recent major Windows 10 update.

The keyboard layout of my laptop keeps changing to the US layout several times a day, even several times an hour. In fact, I have had it happen in the middle of writing emails!

And what is happening to my laptop is not an isolated case: One of my colleagues has reported the same thing has started happening to his laptop, too.

So, I think Microsoft is being too “helpful” in this case.

I have configured my PCs the way I want them configured, with the UI language I want, and the keyboard layout I want to use, and I did so when I installed Windows on the PC, and I have no plans to change them.

Microsoft, keep your hands off my keyboard!

 

Update June 24: The jury is still out on this, but a couple of days ago I decided to try two changes: I removed all the extra languages and keyboard layout combinations (again), and also disabled the keyboard shortcuts for switching between these settings.

If this continues to work, it may have “solved” my problem.

However, it is still a “solution” for a problem that should never have existed, the automagic addition of languages and keyboard layouts, and it may be that the workaround only hides the issue.

It also points to what I think is a bad design choice by Microsoft: The choices for the keyboard shortcuts are Ctrl+Shift and Left Alt+Shift (never mind that Norwegian keyboards only have one Alt key, the left one; the other is the AltGr key that is an alias for Alt+Ctrl, used to type various characters like “@”, “{“, and “€”). Both of these shortcuts are used as part of various keyboard shortcuts, and the Alt+Shift key variation is part of the “Switch to previous Application” shortcut Alt+Shift+Tab. What happens if you start to press this shortcut, and decides to not change application after the first two keys are pressed? That’s right: The keyboard layout changes!

And even if these two actions “solved” the problem, it should never have been an issue for my systems, since I never added extra languages or keyboards. Microsoft added them without asking, then a bad choice of keyboard shortcuts exacerbated the problem.

And users that, for various reasons, do have multiple languages and/or layouts enabled, may still be having problems.

Update June 27: After rebooting the laptop, the US layout returned, despite having been manually removed, and the keyboard shortcuts being disabled.

What is tls-testing.tlsprober.net?

Executive summary: The TLS Prober is a tool that gathers information and statistics about the state of the SSL/TLS protocol security features and vulnerabilities across the internet. It does nothing that will harm your server.

The TLS Prober is a tool I developed while I worked I worked at Opera Software, originally to track the progress of the TLS Renego problem, and which I was allowed to take with me when I left Opera in early 2013. It is primarily used to scan a set of 23 million hostnames, most of the names derived from Alexa top million domain names, resulting in tests of about 500000 unique servers, for their support of SSL and TLS features, as well as checking for various interoperability issues and vulnerabilities.

Similar tools are also in use by others, such as the Qualys SSL Labs prober. Continue reading “What is tls-testing.tlsprober.net?”

Vivaldi.net now showing EV-green in browsers

Friday evening (20 December) those who keep an eye on the browser UI would have observed a small but significant change take effect at Vivaldi.net: The browser turned on the Extended Validation “Green Bar” for us, indicating that the identity of our website was now better assured than it has been, though the encryption is just as good as before.

Previously, while we were developing the site and during the first days of it being live, we used a Domain Validated SSL/TLS certificate for our sites that indicated that we had control over the domain, but not who we are. This is a useful level of web site identity verification for smaller sites that only need to present information securely and without any major collection of personal information. 

For users of a web site that collects or manages personal and payment information, it is not just important to know that the people managing the web site are in control of the domain. It is even more important to know, or be able find out, who they are, legally speaking, in case there is a problem.

This need for verifiable identity information was why a group of Certificate Authorities, such as Verisign and Entrust, and Browsers, such as Microsoft, Mozilla and Opera (including yours truly), gathered to found the CA/Browser Forum so that we could define what eventually became the Extended Validation (EV) Guidelines for CAs, and the associated “Green Bar” in browsers.

When Jon decided to start the Vivaldi.net social web site project, one of my suggestions was to have an encrypted site. Given recent revelations (e.g., NSA) it is now, or should be, unthinkable to have a social web site that is unencrypted. While many sites have been using a hybrid approach where the login, account management, and sometimes authoring, is encrypted, there are just too many ways to sniff information that way, so the whole site needs to be encrypted. Another of my suggestions was to use EV certificates on the sites, to provide better identity information and assurances to our users.

While I would have wished to have unveiled Vivaldi.net on Wednesday with an EV certificate, the process of obtaining one was intentionally designed to include a lot of paperwork that has to be completed before the certificate can be issued, and that paperwork was not completed by our CA, GlobalSign, until early evening Friday.

So, go ahead and enjoy Vivaldi.net, assured that it is Jon’s company, Vivaldi Technologies AS, that is operating it.