Supporting Outlook with G Suite

Where I’m at, we use Google Apps (G Suite) for e-mail, but still rely on Active Directory for individual accounts and use MS Office rather than Google Docs most of the time. One situation to come up in the last few years is Google no longer supports MS Outlook out of the box. If you want to use Outlook, you must first enable “Less Secure Apps”. 

I know, I know. Why would you ever use Outlook when the Gmail web client and apps are so much better? I hear you. I use the web browser for day to day work. But there are still those who prefer Outlook, and there are a few things Outlook can do that Gmail does not do, or does not do well. Mail merges are an important one.

So, I need a way to support Outlook for some of my users without seriously undermining their security. I think I may finally have a path forward.

One mitigation against allowing Less Secure Apps is enabling two-factor authentication. As much as I’d like to mandate that here from a security standpoint, as a practical matter I know that’s not gonna fly with our user base, especially as our campus is in a rural area and we have a small number of students who do not have reliable cell phone service for receiving two-factor keys. What I could do, however, is offer users a trade-off.

The idea is to enforce that Less Secure Apps are disabled by default. However, if someone wants to use Outlook or other Less Secure App, I can move their account to a different OU within Google where Less Secure Apps are allowed, but two-factor authentication is enforced. I also see this as way to encourage two-factor adoption among my user base.

Note that this is not the ideal solution. Needing to manually move an account to a different OU adds friction on both the IT and user sides of the equation. It’s also not discoverable; users won’t automatically know why they can’t enable Less Secure Apps by themselves, or if they do understand it’s an IT policy they may not realize we have a work-around available. A better option would be for Google to support this automatically, and prompt the user to turn on two-factor at the time they try to enable Less Secure Apps. Sadly, this is not possible.

Also note that I have not yet implemented this scheme. I have historical users who may already have one feature enabled but not the other, and I’ll need to identify and clean up these accounts. This idea also does not currently mesh well with our sync process from Active Directory. It will be a significant project to align the two.

Nevertheless, I may at last have a path forward.

What are “Less Secure Apps” in Google?

If you’ve tried to use Outlook or another traditional e-mail client with GMail, you may have run into this requirement to enable “Less Secure Apps”. There are other situations that may prompt you to turn this on, as well. What does that mean? Why does it matter? I think I can explain.

Google, by default, uses an authentication protocol known as OAuth (specifically, OAuth 2). When you sign in with OAuth, you sign in to Google’s system directly. This is true even when you sign for a third party app. With a correct OAuth implementation, an app will redirect you to Google’s sign-in page, and you never put your password into a place the app can see directly. Once you have signed in, Google issues you a special OAuth token, and the app can then validate and trust from the token that you have signed in properly.

There are several reasons this is important:

  1. By controlling the login form, Google can limit and monitor attacks attempting to discover passwords via brute-force login attempts.
  2. Controlling the login form also allows Google to protect you against a malicious or incompetent app that might not handle your password in an appropriate way.
  3. By tracking tokens, Google allows you to revoke tokens for compromised devices or applications.

Let me give you a couple scenarios where this matters. First, say you have a desktop computer at home. This desktop never leaves your house. Like many people, you re-use the same password with multiple services. Now one of those services is breached. Because Less Secure apps are disabled, knowing that password alone is not enough for attackers to access your Gmail account. This might be extra important if, say, that Gmail account is where confirmation messages are sent when someone tries to change the password at your bank’s web site.

In another scenario, you use a laptop or smart phone, and the device is stolen. With just username and password authentication, the thief now has full access to your Gmail account. With OAuth, you can revoke the token issued for that device, and the most the thief can see are the messages stored on the device locally.

If it’s such a big deal to enable Less Secure apps, the question now is why Google allows it all? Aside from the cynical view that it would cost them too many Outlook users, there are some legitimate uses for this ability. Where I’m at, we occasionally need to do a mail merge that cannot easily be done through Google’s own service, but is very easy through Outlook. In this case, I will enable Less Secure apps, do the mail merge, and then disable Less Secure apps again. This works for us because the situation only comes up a few times per year. Additionally, you can significantly mitigate (but not fully eliminate) the risk by using two-factor authentication.

In practice, I strongly recommend disabling Less Secure apps unless you are also able to turn on two-factor authentication (which you really should do anyway).

3 ways to improve the cheese on your pasta

When I was in high school in Wisconsin, I worked for a time at a fancy Italian restaurant. I worked in the pizzeria kitchen, which was in a different place and served a different dining room than the main kitchen for the nice side of the business. Nevertheless, I learned some things from the chefs, especially regarding cheese. Some of it, as you’ll see, comes from growing up in the Cheese State. Some of it I figured out on my own. I want to share the three ways I believe we can get better cheese on our pasta:

1. We typically don’t put nearly enough cheese on pasta. If you’re gonna add cheese, add enough that you can taste it.
2. Go for the asiago. Of the big three Italian cheeses (Parmesan, Romano, and Asiago), Americans like their parmesan, and occasionally romano. For myself, I’ve found asiago to be much more flavorful, and it was often the cheese used with the really nice dishes in the restaurant.
3. Given the option, add the cheese before adding the sauce. I know this isn’t always possible, especially in restaurants. However, when you can, add the cheese to the pasta first, and do it while the pasta is still as hot as possible, so that the cheese melts and adheres somewhat to the pasta directly.

Doing all three of those can really enhance your meal.

Sci-Fi Setting Idea – Buildings in Space

I’ve had this idea for a sci-fi story setting kicking around the back of my head for a while, and I want to get it down somewhere. It’s not really an idea for the story so much as the just background setting, but I still think it’s pretty cool.

Backstory

The background begins with a near-future Earth, where the environment has gotten worse. Temperatures have risen, ice has melted, and the West Coast has practically disappeared up to the Rockies. The Great Plains are starting to resemble a desert, but Canada is still able to pick up the slack in food production. There are no more doubters or deniers, and everyone is fervently looking for a breakthrough, with no success. Until.

It finally happens. Someone creates a cheap, clean, easy, compact, and — above all — abundant new energy source. The how/what of this new energy source don’t matter, and I’d avoid talking about it too much, except to say it involves Thermodynamics, and the total and efficient conversion of any matter into energy, where any common rock, dirt, trash, water, whatever, can be an energy source even better than plutonium.

Suddenly everyone has more energy to play with than they ever thought possible before. Use of fossil fuels for anything disappears practically overnight. New technologies that rely on this energy begin to develop. It has a profound effect on society. Space exploration is suddenly much cheaper and safer, though still (at first) too slow. Warfare begins to shift towards energy weapons, with the counter of the development of any energy shield.

And you’d better believe there is warfare. The sudden lack of steady income into certain religiously charged areas, coinciding with the simple construction of new energy weapons that put them at a level with superpowers weakened by environmental deterioration, and things really break down just as space travel has it’s own energy drive breakthrough. The energy drive is also straightforward and simple, and once explained any competent engineer can build one, just like the with the energy production, and it’s unfortunate that the war and other events disrupts more concerted and coordinated exploration efforts.

More than this, it turns out that even clean energy is not such a panacea. There’s still the fundamental laws of thermodynamics to contend with. Energy cannot be created from nothing, and neither can it be destroyed. The used energy remains; it’s merely converted to a different form. That form is heat. Global warming is worse than ever, even without fossil fuels or greenhouse gasses. The environment is failing even faster, society is approaching collapse from war, but suddenly space travel is easier than ever, if a bit blind.

Prologue

It happens. Evacuation. Earth is mere decades from no longer supporting life. In order to get people off planet in quantity, mankind turns again to it’s favorite new invention. Common buildings are outfitted with an energy machine, discrete shield generator, oxygen/carbon scrubber, makeshift hydroponics area that often amounts just to raised gardening beds and sunlamp, and an energy drive, which is an offshoot of earlier weapons research with the new energy source. The shield generator is set to project fields that almost exactly match the exterior of the building, such that once in space you have, for all intents and purposes, and common building just floating there, with very little in the way of visible accommodations for the hazards of space.

When a building is ready, it just leaves. There are buildings of all types, ranging from sheds for one all the way up to skyscrapers. Mostly it’s larger buildings that are already equipped with cafeterias, exercise facilities, dormitories, and common entertainment areas, like schools, hospitals, and some hotels, but any larger building can be converted, so warehouses and factories are common, too, and some families will make a go of it in their own homes. Looking at it in space, you might just see a normal house float by.

But that doesn’t stop the fighting. There is no easy access to grow food or obtain raw materials or products. Resources are scarce. There is no government up there. Piracy is an immediate problem, and so the building-ships scatter in a great dispersion. Many are destroyed, and mankind is left with a remnant travelling the stars in their building-ships.

For a more visual story, pirates seized most the great buildings during the initial escape. A skyscraper would become a symbol of evil; a school or hospital a symbol of good.

Story Opening

The opening of this story would take place at least a number of years later. Long enough that many of the building ships have failed. Either the tech was botched in their building, or they were not able to establish a sustainable routine for producing food. Those that remain have reasonably reliable tech powering their building, and probably at least one person who knows how to maintain it. By now they have found a way to survive for longer periods without aid, but they are always on the verge of exhausting their resources. No one is well off.

It’s far enough along that most building-ships are scattered and isolated but no so far in the future that buildings have dwindled and spread to where encounters are statistical anomalies. Encounters with other building-ships are not common, but not rare, either. Every building hopes to encounter another friendly building; every building dreads seeing a skyscraper. There are still older people who remember Earth, and active adults where were born there but left too young and lived a different life for too long to remember how things were. The young have known nothing but space.

Eight Principles for Good Ad Blocking

I’ve seen a lot lately about Ad Blockers used on web sites: how sites and publishers are responding to more Ad Blocker use, the rising numbers of ads on a page, malicious ads, etc. It’s been in the tech news. I myself even (reluctantly) installed an Ad Blocker recently.

Here’s the thing: I don’t mind ads anymore. I used to absolutely hate them, but back in late 2008 I had a revelation. I was using this new-fangled programming question and answer site called Stack Overflow, which aimed to compete with the notorious Experts Exchange. Both sites used ads, but Experts Exchange purported to be mainly subscription based, while Stack Overflow was going to be fully ad supported. I’ll give you one guess which site actually had a better experience. This stark contrast caused me to rethink my position on web advertising. Since then I’ve avoided using Ad Blockers, at least for the most part.

Things have been changing, though. As I said, I was recently forced… yes, forced… to install Ad Blocker. Something is different now about the way ads are served on the web. Ad networks have been unable to adequately police their inventory, resulting in the frequent situation where legitimate and respected sites serve malicious content to users. This leaves the use of Ad Blockers as the only recourse for many of us.

But I’d like to avoid this. I remember the old web, before small sites could pay the bills from ads. I don’t want to go back to that. I don’t want to go back to Experts Exchange. Instead, I want a new kind of Ad Blocker… one that actually allows ads by default, and only blocks ads as a penalty to sites or networks that aren’t behaving. My suggestion is for this new Ad Blocker to only take actions when one or more of these eight principles are violated:

  1. An ad blocker shall block all ads from any site for one year if that site serves a malicious ad. Even just one confirmed malicious ad shall trigger this penalty.
  2. An ad blocker shall monitor ad networks and shall block all ads originating from a network for one year if that network serves even one confirmed malicious ad to users. A network that is unable to police its inventory should be penalized.
  3. An ad blocker shall block ads that use plugins including but not limited to Flash, Silverlight, or Java. Perhaps some day interactive ads will find their place, but this is not that day.
  4. An ad blocker shall block ads that play audio or video without action by the user. A hover is not an action by the user. An ad blocker may extend this to eventually block all ads on a page, site, or ad network for repeat offenses.
  5. An ad blocker shall block all ads on a page if the ad content on the page is > 25% of the total page size in bytes. This may be determined as an aggregate across all of the ad block service’s users and impressions for the page, as some ad networks may occasionally legitimately place a larger ad on a smaller page. An ad blocker may extend this to eventually block all ads on a page, site or ad network for repeat offenses.
  6. An ad blocker shall block all ads on a page if the page prioritizes loading ad content ahead of loading non-ad page content.
  7. An ad blocker shall block all ads on a site if ads from any page on the site interfere with using a page or substantially confuse users, such as pushing content down off the page while a user is trying to read, or filling in an ad near a link or button that a user may want to click. An ad blocker may rely on end-user reporting to identify these pages and sites, rather than determine this on the fly.
  8. An ad blocker shall block tracking data reported to ad networks which extends beyond the current actual url of the page where the ad is displayed, which specific ad was served, and whether the user clicks the ad. Right now, this is most tracking, but I believe an effective blocking strategy can influence advertisers to improve behavior, or at least be less obtrusive about it, such that this principle might be relaxed in the future.

I’ll add one bonus principle that’s really more of a feature option: users should have the option of blocking categories of objectionable content in ads, such as pornographic (or even mildly explicit), gambling, politics, etc. However, I have some previous experience with content categorization engines, and this may be a much more difficult feature than it gets credit for up front.

Some of these principles may seem like death sentences to a site or ad network, but remember that not everyone uses ad blocking services.  Rather than stopping all ads, this would be merely a modest penalty for even the worst offenders. Nevertheless, it **is** a penalty, and therefore should help incent ad networks and sites to better police their content. I think enough people using an Ad Blocker that follows these principles could have a strongly positive effect on the internet as a whole. I also believe it would actually INCREASE revenue for sites and ad networks alike, by improving user trust and confidence in the ads they see (thereby increasing the value of each impression) and by shaking some of the more irresponsible players out of the industry, thereby leaving a higher share for those who remain.

The Missing DHCP snap-in for Windows 10 Remote Server Administration Tools

If you’re used to managing Windows Servers, you’re likely familiar with the Windows Server Remote Administration Tools. These tools are packaged as a download for each client (not server) version of Windows. They provide the same set of MMC snap-ins you’ll find on a server, such as Active Directory Users and Computers, DNS, or Group Policy, but for your desktop. You can connect the tools from your desktop to whichever server you need.

Unfortunately, the Windows 10 version of these tools left something out. There is no DHCP snap-in. Instead, Microsoft included a set of Powershell Commandlets for managing a Windows DHCP server.

Now, Powershell is fine for many things. It’s even probably the best way to make changes to your DHCP configuration. In a perfect world, ALL changes to a server happen via command line scripts that were first tested outside of production, and then stored in order in a tool like Puppet or Chef, so that a server can be rebuilt from stock just by running the stored scripts.

However, day to day work sometimes requires quick access to dhcp lease information, where I may want to do things like sort by lease expiration, IP address, or
MAC address. The command-line Powershell tools simply didn’t appeal to me for those times when I just want to get some quick information, and perhaps copy it to the clipboard.

So I built my own viewer for Windows DHCP server scope and lease information. It’s on GitHub. Go take a look.

Steam Controller Review part 2 – Game Play

Continuing from part 1 of my Steam Controller review.

The first thing I need to get off my chest is Steam’s In-Home Streaming feature. Most of my time with the Steam Controller involves In-Home Streaming, and this is also my first experience with that technology. I want to focus mainly on the Controller, but in order to do that I need to clear the air on In-Home Streaming.

All in all, In-Home Streaming has worked much better than anticipated. My experience showed it is actually possible to play low-latency games like Counter-Strike and Portal via In-Home Streaming. The responsiveness and picture were both good, as long as you’re willing to explore the settings available.

However, adding this extra moving cog into the mix did introduce some new struggles. I had to troubleshoot several things, and so far have not been able to get the Steam Controller to play Portal or Portal 2 via In-Home Streaming, even though Counter-Strike: Source, which has a very similar setup and engine, worked just fine.
Update Oct 20: Valve has released an update to address the issue with Portal and Portal 2.

Now, about the Steam Controller.

I spent enough time playing Counter-Strike to get a few kills; with this controller, it took a while. If a person who scored 15 kills in a round with a mouse and keyboard would only score 4 or 5 with dual analogs (and yes, I believe there is that much difference), the same person could probably do 6 to 7, maybe 8, with the Steam Controller. The Steam Controller is a definite improvement over dual-analog options, but not, in my opinion, to the level where it can replace a mouse and keyboard.

It may be possible with practice to get pretty good, and there may be new configurations or better support for this class of game coming, but as it stands it’s just too hard to aim well at close range at someone moving across the screen. While this isn’t great for the Steam Controller, it’s not out of line for my expectations coming in, and if anything it still exceeds them.

First person shooters like Halo that were born on consoles tend to take this into account in their level designs, and I may look to try a few of those in the future. I may also put in more time with the Controller when I get the Portal games working. With time, I may get good enough to make another attempt in a team game versus real people. However, I’m competitive enough to cringe at the idea of going into a game like this with that kind of handicap.

Where I am most interested in this controller is for more “casual” games, and here it worked great.

I had given up on Lego Marvel Superhero after I first purchased the game. It’s not the kind of game I want to play sitting at my desk, but it didn’t play well at all with the wireless keyboard/touchpad combo I have for the computer. It just wasn’t fun. The Steam Controller makes this game fun again.

Final Fantasy XIII worked pretty well, too. There were some glitches involving In-Home Streaming, but overall I prefer playing this game from my couch, with the Controller, on my TV over playing it at my desk, as well.

I played several hours of Civilization V, and it was good. I needed the keyboard handy at time just to adjust amounts of Gold when bartering with other nations, but that’s something I do rarely. The only other problem is not related to the Steam Controller: the text was just too small in many places. I often found myself standing in front of the TV so that I could clearly read information. I doubt the publisher ever fixes this game, but I’d look for future releases to be sensitive to that issue. Overall, I think I prefer this experience to playing the game at my desk.

The controller worked well for browsing and watching Netflix. I especially found it easier to manage for browsing than the bulkier keyboard. I could improve things further with some custom button binds, but I haven’t explored that yet.

I do have a few real complaints. Something in the driver for the Controller seems to conflict with the wireless keyboard/touchpad combo I use. Sometimes one device or the other will not function, while the other device has taken precedence. In this case, I’ll point the reader back to the last article, where Valve is very explicit that this is still beta, and they are watching for this kind of issue. I’ll be surprised if a firmware update in the next few weeks doesn’t fix this for me.

I also promised an update on battery life. After 14 hours over three days using the controller, Steam still reports 100% battery life remaining when I check it’s settings. Doubtless this is another issue, possibly due to standard instead of rechargeable batteries, but so far battery life seems to be at least reasonable.

One area where I could see the Steam Controller doing real, but did not get a chance to try, is in an MMO like World of Warcraft, Star Wars Old Republic, or Perfect World. If someone tries one of those games, I’d love to hear about how it worked for you.

In conclusion, I’m very pleased overall. There are some things I’d like to do with the Steam Controller that I can’t do well, such as play Counter-Strike, but within the expectations I set for the device, it’s performing admirably.

Steam Controller Review part 1 – Expectations and Unboxing

To start this review, I need to come clean: I hate game controllers. I mean, really hate them. My game of choice is the first person shooter, and my platform of choice is a PC. Give me a keyboard/mouse or give me death! Literally. My character is probably gonna die a lot if I’m forced to use a controller instead of my beloved mouse and keyboard.

In the Steam Controller, Valve is attempting to bring some of that mouse and keyboard precision to your living couch and TV, but you’ll have to color me skeptical. I think the key words in that previous sentence are, “some of”. I’ll be very surprised indeed if the device sitting next to me is able to deliver.

Thankfully, I can use the power of reasonable expectations to still come out of this with a positive experience for the controller. While shooters are my preferred game, I’ve been known to play the occasional Final Fantasy, Lego Star Wars, or real-time strategy. I’m looking for the Steam Controller to up my experience in these areas. I’m also hoping to use the Steam Controller as an improvement over my current setup for controlling Netflix playback via the computer behind my TV.

About that. I have a computer behind my TV. It’s a 2010 Mac Mini that I got for free and resurrected from the dead by putting a spare laptop hard drive inside to dual boot Windows 10 and OS X. A gaming PC this is not. However, it’s adequate for Netflix playback, and should suffice for Steam In-Home Streaming. Again, color me skeptical that In-Home Streaming will be responsive enough for shooters. However, this won’t be a problem as long as I limit my expectation to the kinds of games where millisecond adjustments aren’t needed. The Steam Controller can succeed in getting a 5-star review by excelling in those areas. If it works for shooters, too (and I will at least try this a few times), that’s just a bonus.

Let’s move on to the unboxing. Here, I have to give Valve full marks. I wasn’t really expecting to see my controller until later this month or early next, but they did right by their pre-orders. I received a notice with tracking info when the controller shipped, as well as a follow-up notice just ahead of it’s arrival that I believe is worth re-printing here:

The first Steam Link and Steam Controller pre-order units are scheduled to arrive over the next few days.

We’re eager to hear your feedback as we continue to make changes and improvements leading up to the full retail launch on November 10th. For the next few weeks, we recommend that you opt in to the Steam client beta (through the System settings panel in the Big Picture UI) so that you’ll be running the most current fixes and functionality.

We’ll be keeping an eye on forums everywhere, but we’ve also set up a contact email address for everyone on the team: SteamHardwareFeedback@valvesoftware.com. Whether you’re having a great time or running into issues, we want to know.

I believe that was beautifully executed. Well done, Valve.

The device itself looks and feels great. Here is the box:

Steam Controller Box

Opened up:

Steam Controller Opened Box

Further contents:

Steam Controller

Also in the box were a Product Guide and Quick-Start Guide. You can see that controller ships with a set of AA batteries. I have no idea what the battery life will be, but I have an ample supply of rechargeable AA’s at home. I am a little disappointed that it doesn’t use something more like a cell phone battery, but I imagine this helped keep costs down, which I also appreciate.

The feel of the controller is pretty good overall. The right trackpad fits under my thumb much better than expected. Left and right motions are actually more of a diagonal axis across the pad, so I hope this is either adjustable or pre-tuned correctly (I will report this after some time in actual game play). The handle buttons under my ring finger and little fingers feel good. I’m not so sure about the upper trigger buttons yet.

My biggest concern right now is that my thumb has to leave the trackpad to use the XYAB buttons. I have to choose one part of the controller or the other. However, this is more on game designers using layouts and mechanics that don’t require this, or on me to work around it through customizing the layout.

That’s all for now. Stay tuned for part 2 in a couple days, where I’ll talk about the actual playing experience with the controller.

Technology vs Magic

In honor of the death of Terry Pratchett I’ve been re-reading a few of his books. One in particular is “Maurice and his Educated Rodents“. The premise of the book is that a cat and some rats come across some magical debris that gives them human-like intelligence and speech.

Something in that got me thinking about the difference between magic and technology. People do research all the time to examine and improve the intelligence of rats and other mammals. Imagine what a wondrous technological advancement it would be to create a drug that could give human-like intelligence to a colony of rats! But the cat and rats in the book could also speak. Not just that, but they used human language. That’s magic. Not only do we have the intelligence increase, but the knowledge transfer as well. That’s clearly magic. There’s just something there that knows what you need for the advance to be practical.

Issues with HTC 8x 8.1 Upgrade

I have an HTC 8x phone on a Verizon MVNO (Page Plus). Today, I was excited to see that the Windows Phone 8.1 update was finally available for my device. That excitement was to be short-lived.

As the update finished installing, the final step is to reboot the phone into the new OS. Unfortunately, this didn’t go so well. My phone now continuously restarts in a never ending cycle. It reboots in a loop that I can’t get out of.

After consulting Google, I learned that my only recourse is a full factory reset. Unfortunately, the normal procedure for this does not work for my phone. What you are supposed to do is hold down the volume down button while the phone is off, and after turning it on tap the power button again at just the right time. Unfortunately, after many many attempts, I gave up and determined that this would not work for my phone.

Using the online chat features for HTC, Page Plus, Microsoft Windows Phone Support, and Verizon also got me nowhere (I would have called, but, well…). Page Plus particularly was unhelpful, which was disappointing. After 5 straight hours of work on this problem, I am still without a phone.

Early on in the process I was able to get to the screen with the ! icon on two occasions, but was not able to complete the hardware reset, nor was I able to reproduce the steps that produced that screen. I was also able on three occasions to get the lightning bolt/gear screen, but I wasn’t able to find any useful information on the purpose of that screen.

The good news is that I can force the phone to shut down and stay shut down. That’s really why I made this post: I haven’t seen that information anywhere yet. To do this, hold down both the volume up and volume down buttons at the same time. This will bring you to a new screen with three bar codes. From here, you can turn the phone off by holding down the camera button. Unfortunately, as soon as you connect the phone to a charger, it will start up again and re-enter the reboot cycle. The other thing you can do from this screen is connect the phone to a computer. You can make it work with Vista and XP, but Windows 7 and Windows 8 will have drivers out of the box. You can’t really do anything normal with the link, but later on this link may be required to replace the system ROM.

I have a theory as to what went wrong. I believe that the update botched the battery calibration, such that it believes that the battery is nearly empty (clearly is not, or the phone would be dead now). When the phone starts, it reads the battery state and believes that the battery is too low to boot into the OS, or even reset screen, and instead restarts itself. One other thing I was asked to do was to charge the phone for 10 minutes, and then hold down the volume down, volume up, and power buttons for 2 minutes. This is another item that I haven’t seen recorded anywhere else yet. They never said what this was supposed to do, but I have a suspicion that it was intended to reset the battery calibration.

Perhaps allowing the phone to fully discharge will make the battery calibration more accurate, allowing me to charge it somewhat and enter the factory reset screen, or even avoid the need to do the factory reset at all, if that is enough to allow the phone to finish booting (I’m not holding my breath here). Before I let that happen, though, I have one other option.

At this point what I believe I really need is to restore the original ROM. My time on chat with HTC and Microsoft leads me to understand that, for this product at least, Microsoft supplies materials to make a stock ROM to HTC. HTC much customize it for the phone’s specific hardware, and in turn provide materials for the customized ROM to Verizon. Verizon then customizes it further for their network and produces the final ROM update to distribute. Therefore, in this case, the only place to get the ROM that I need is Verizon. As I am not a direct Verizon customer, I was unable to communicate with them on the issue. I had to go through Page Plus, who seriously dropped the ball here in supporting me. They may have lost a customer over this issue.

Page Plus did suggest I try bringing the phone to a dealer, but I am an online customer and the nearest dealer is, shall we say, less than convenient. What I will do instead is try to bring the phone to a Verizon retail store, and see if they can help. I may be able to bypass the barrier in person that I could not over the web (seriously Verizon: if you’re going to allow MVNOs, accept the MVNO phone numbers as valid for creating support accounts). If that doesn’t work, I’ll have to let the phone drain and start looking on shady bittorrent sites for a download with the software I need (and am licensed for).