June 2004 - Posts - Jon Galloway

June 2004 - Posts

Who does the actual work?

Pop Quiz - You send your Toshiba laptop in for repairs. Who does the actual work?

  1. Federal prisoners
  2. HP
  3. Independent contractors
  4. Best Buy
  5. Toshiba volunteers
  6. U.S. Military trainees
  7. UPS workers

[click for quiz answer]
Posted by Jon Galloway | with no comments
Filed under:

"Windows cannot find 'http://www.google.com.' Make sure you typed the name correctly, and then try again."

Well, I've done it. I've gone and made Firefox my default browser on my home computer. One of the first things I noticed is that opening a URL as a “Start / Run” command pops up the following error before correctly loading the page:

This is a bug in Firefox 0.9 that was supposed to have been fixed in 0.9.1, but still seems to be broken:
Bug 246078: Firefox does a lousy job of making itself the default browser (Funny bug description, no?)

Luke Hutteman describes a manual fix here.

John Haller goes one better with a reg file fix: [description] [ firefox_bug_246078.reg ]

[OT] LCD Projector << Tax Refund

We just ordered a BenQ PB6200 LCD Projector.

They have a $200 rebate through 6/30, which brought the price down to $1180 - that's a pretty good deal for a 1700 Lumen XGA (1024x768 native resolution) projector. Most bargain projectors are SVGA (800x600) native resolution, which makes them not as good for computer display and HDTV.
BenQ PB6200

We're planning to make our own 100" diagonal screen with a picture frame border (painted with Goo Systems, based partly on Sylvain Duford's recommendation. I've heard great things about Goo Systems, and their gallery is pretty impressive. They use this stuff in Las Vegas casinos and NASA facilities, so it'll prolly be fine for us.

I'm fired up about this for several reasons:
1. Good deal. I'm all about the deals.
2. Home theatre setup for a little over $1000.
3. Gets the big bulky TV and TV stand out of the family room, freeing up floor space.[1]
4. Paves the way for a computer based entertainment system, probably using an MSI MEGA 180 Mini-PC. The MSI MEGA Mini-PC is a nice bargain digital entertainment system option - it's a barebones AMD system for around $300. You have to buy and install the CPU, memory, hard drive, and OS, but even so you end up with a nice looking, good quality entertainment PC for $600ish.[2]

[1] Living room floor space to be reclaimed by dolls, stuffed animals, and the odd Cheerio.
[2] Entertaiment PC is strictly for educational purposes, and will under no circumstances be used for playing Half-Life 2. Well, maybe just a little.

Posted by Jon Galloway | with no comments
Filed under:

RE: Web Graphics Exploit Marching Across Internet

Sounds like Snow Crash - view an image, get infected.

This one sounds like bad news - installs a keylogger, contacts two IP's in Russia and downloads some other files. All from viewing an image, which could be put in an eBay posting, for instance.

It works by attaching Javascript to an image file - more technical info here

It's classified as low threat by Symantec, but just that it can be done is pretty scary.

A new malware has appeared Thursday on several Windows machines. It uses a novel vector (code in web pages). All a user has to do is view a page with this malicious graphic, then the code automatically downloads onto the machine. Once downloaded the program will unpack itself as a keystroke logger. This is an Internet Explorer vulnerability.

Security experts are tracking a new piece of malware that appears to be compromising large numbers of Windows PCs and may be laying the groundwork for the creation of a large spamming network or a major attack in the future. Analysts at NetSec Inc., a managed security services provider, began seeing indications of the compromises early Thursday morning and have since seen a large number of identical attacks on their customers' networks. The attack uses a novel vector: embedded code hidden in graphics on Web pages.

When visitors to a few particular Web sites—including popular auction, shopping and price-comparison sites—request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC. NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer. The code then forces the machine to contact two IP addresses—one in Russia and one in the United States. The Russian site is hosted on a broadband connection and is part of a network known for spamming and other transgressions. After contacting these sites, the tool then downloads some other files to the compromised machine. NetSec officials said they are still analyzing the code and are unsure what the exact purpose of the new attack is.

[Via NeoWin - ExPress News [RSS feed]]
Posted by Jon Galloway | with no comments
Filed under:

Reverse Reverse Enum Lookup, or GetName

Noah posts about how to look up an enum to a string. If you've got an enum and you want the value as a string, you'd use Enum.GetName , as in:

GetNames returns a string array of Enum values, which is also useful.

Sometimes you may have the string name of an enumeration identifier, and want its enum type. For example, you write a enum identifier as a string to a file and want to read it back and obtain the original enumeration type. This takes place when you serialize a class to an XML file and deserialize it back using XmlSerializer.

private enum Direction {North, South, East, West}; private Direction ParseDirection(string name) { return (Direction) Enum.Parse(typeof(Direction), name, true); }

[Via Coad's Code Block]
Posted by Jon Galloway | with no comments
Filed under:

IE Market Share... and Why It Matters

The world was stunned this past week by reports that the Internet Explorer development team was finally caught in a "spider hole" near an unassuming farmhouse in Redmond. They're actually continuing development on IE, and are interested in what people think. [see IE Storm Watch for the sordid details]

Good news. I think IE was in greater danger than a lot of folks realize.

Exhibit A: Market Share

Take a look at IE total usage from March 2003 to June 2004 - it dropped almost 7%. Take a look at Mozilla usage over that same period - it rose roughly 7%.

Year Month IE 6 IE 5 IE 5 & 6 O 7 Moz NN 3 NN 4 NN 7
2004 June 72.80% 8.60% 81.40% 2.30% 11.40% 0.30% 0.30% 1.40%
2004 May 72.60% 9.20% 81.80% 2.20% 11.00% 0.30% 0.30% 1.40%
2004 April 72.40% 10.10% 82.50% 2.10% 10.30% 0.30% 0.30% 1.40%
2004 March 72.10% 10.70% 82.80% 2.10% 9.60% 0.40% 0.40% 1.40%
2004 February 71.50% 11.50% 83.00% 2.20% 9.00% 0.40% 0.40% 1.50%
2004 January 71.30% 12.80% 84.10% 2.10% 8.20% 0.40% 0.50% 1.50%
2003 November 71.20% 13.70% 84.90% 1.90% 7.20% 0.50% 0.50% 1.60%
2003 September 69.70% 16.90% 86.60% 1.80% 6.20% 0.60% 0.60% 1.50%
2003 July 66.90% 20.30% 87.20% 1.70% 5.70% 0.60% 0.60% 1.50%
2003 May 65.00% 22.70% 87.70% 1.40% 4.60% 1.00% 0.90% 1.40%
2003 March 63.40% 24.60% 88.00% 1.20% 4.20% 0.90% 1.10% 1.40%

source: http://www.w3schools.com/browsers/browsers_stats.asp, IE 5&6 total column and emphasis added

Note that this is not accounted for by a shift to non-Windows platforms:

Year Month Win XP W2000 Win 98 Win NT Win 95 Windows Total Linux Mac
2004 June 51.20% 29.60% 8.00% 2.00% 0.30% 91.10% 2.90% 2.50%
2004 May 51.00% 29.60% 8.20% 2.00% 0.30% 91.10% 2.90% 2.50%
2004 April 49.70% 30.20% 8.70% 2.20% 0.30% 91.10% 2.70% 2.50%
2004 March 48.00% 31.10% 9.40% 2.40% 0.40% 91.30% 2.60% 2.40%
2004 February 46.00% 32.80% 9.50% 2.90% 0.40% 91.60% 2.60% 2.50%
2004 January 44.10% 33.60% 10.40% 3.00% 0.40% 91.50% 2.70% 2.40%
2003 December 42.60% 35.20% 10.50% 3.40% 0.40% 92.10% 2.70% 2.30%
2003 November 42.60% 36.30% 10.90% 3.50% 0.40% 93.70% 2.60% 2.20%
2003 October 39.40% 37.80% 11.50% 4.00% 0.50% 93.20% 2.50% 2.10%
2003 September 38.00% 37.90% 12.10% 4.10% 0.50% 92.60% 2.40% 2.00%
2003 August 36.30% 39.90% 12.60% 4.60% 0.50% 93.90% 2.40% 2.00%
2003 July 33.90% 40.60% 12.60% 5.30% 0.60% 93.00% 2.30% 1.90%
2003 June 32.80% 40.40% 13.40% 5.40% 0.60% 92.60% 2.30% 1.80%
2003 May 31.40% 41.00% 13.90% 5.80% 0.70% 92.80% 2.20% 1.80%
2003 April 30.80% 40.90% 14.70% 6.00% 0.70% 93.10% 2.10% 1.80%
2003 March 29.10% 41.90% 14.80% 6.60% 0.80% 93.20% 2.20% 1.80%

source: http://www.w3schools.com/browsers/browsers_stats.asp, Windows total column and emphasis added

This is significant because it shows Windows userage staying relatively constant, but IE usage dropping - mostly shifting to Mozilla.

Exhibit B: The Nerd Vote


Now, I know weblogs.asp.net isn't 100% Microsoft cultists, but it's about as Microsoft friendly as Slashdot is Linux-prone, right? When you see developers who like developing against the latest and greatest Microsoft has to offer talking about how cool Firefox is, you need to worry about more than numbers. These folks are representative of the technology influencers who should be pushing IE for their projects, supporting it on their friends' computers, etc. That's not the case. When my friend had trouble with IE 5.5 (Mac), I told him he should dump it and move to Firefox - MS isn't even releasing IE 6 for Mac.

Why is this happening?
1. It's not Microsoft, it's something new to play with, etc.
Nothing you can do there, but this is a small percentage of folks who probably would play with Lynx if it wasn't Mozilla

2. Usability enhancements like tabbed browsing, etc.

If they work and are useful long term, features like this get end users to click the "Okay, you can be my default browser" button, but they probably won't try it out unless the techie influencers are pushing them to try it out. Which leads to...

3. Standards support
It's not just a slogan. Really. Most developers are happy to stay with what works, but when you're the one making their lives difficult they get vindictive. Remember back when Netscape was the pariah browser we had to support, and we couldn't wait for it to just die so we could stop dealing with it's annoyances? I think a lot of folks do.

Look around at some of the cool HTML / web design sites - http://www.alistapart.com/, http://www.mezzoblue.com/, http://www.zeldman.com/, http://www.k10k.net/, http://www.skyzyx.com/, http://www.csszengarden.com... you start to pick up on the fact that IE is making it hard to design nice looking and usable websites. IE is becoming Netscape 4.7.

It's no secret - web developers are unhappy with IE:

Why should Microsoft care?
Microsoft doesn't make any money off IE, right? Well, no. And yet, public perception of IE is very important to Microsoft's bottom line. Consider:

1. IE is one of the most frequently used Microsoft applications
It's one of the few applications that even runs on other operating systems. It's one of the first programs computer users get familiar with. That means that it has the opportunity to form opinions of Microsoft quality which users will carry forward to future software attitudes and purchases

2. It just looks bad for Microsoft to crush the competition and then stop developing
Enough said.

3. It could precipitate the kind of Open Source badness Microsoft doesn't want to think about
If you're mostly browsing the internet and doing simple document editing, you could easily get by on Firefox, Thunderbird, and OpenOffice.org. You really could. Most people don't because they're running Windows already, and it's easy enough to use the Windows applications if you're running Windows.

But imagine that a user's shifted browsers because the tabls look cool and hip websites are telling them that sites will look better in Firefox. Then, hey, OpenOffice.org's not that big a leap. Pretty soon you're just waiting for Linux to be usable by non-nerds and the jump's pretty easy.

In otherwords, the browser is the gateway drug, and Microsoft needs to treat its junkies a little better.

What should happen to IE?
1. Mac IE 6... or none at all
Either pick up support for Mac or politely push users off IE onto Safari / Firefox. There's no benefit to having Mac users running a clunky Microsoft browser, it's bad business. Lead or get out of the way.
2. Standards and Technical Parity with Mozilla browsers
PNG transparency, CSS support, SVG support, etc. Others have spelled it out in greater detail, so I'm not gonna rehash it. I'll summarize it - make web developers happy, because they are the influencers you want on your side. (A personal request - inline images - Mozilla supports it...).
3. Security
Sure, goes without saying. Needs the same attention Microsoft's been giving all their products on security. I think this has been the only real positive thing here lately, though - security doesn't seem to be as huge issue for IE as it has been in the past. (wherein I invoke the wrath of my largely theoretical user base and they comment flame me to death).
4. A Roadmap
Microsoft's abandoned IE before, so they need to show us this isn't a bouquet and a peck on the cheek. We don't want you back for a weekend, not back for a day (no no no), I said IE I just want you back, and I want you to stay.... We know Longhorn's coming some day, but a lot of folks are going to be on XP or something else for several years to come. Tell them why they sould stay with IE before they feel the need to leave.

No, I wasn't aware of that...

did you know...
(from MySQL Maestro)


What a glorious 100th post, no? I promise the same quality in the next hundred, give or take a bit.

Posted by Jon Galloway | with no comments
Filed under:

POP access to web e-mail

The major web based e-mail providers have been cranking up their spam filtering, which is great, but I still have to slog through it to catch the false positives - mail I'd like to see that got incorrectly marked as spam. For instance, I would have missed a GMail invite yesterday if I'd just dumped the spam, but going through it invloves checking 300+ likely spams a day. That seems to a common problem, from talking to friends and scanning blogs.

POP email clients have a lot more control over spam filtering - for instance, SpamPal and others allow custom black / whitelists, baysian filters, regular expression matches, etc.

There's a pretty good comparison of different spam filtering systems here, by the way.

I've been testing a POP interface to Yahoo e-mail, YahooPops. It does a pretty good job, but has one quirk - if you elect to leave messages on server (so I can download at work and at home) and empty my deleted mail, it gets downloaded again. So I don't empty my deleted e-mail, which is no big deal. They're at a .6 release and cranking out pretty quickly.

I got a GMail invite - thanks, Marcie! - and found Pop Goes The GMail (PGtGm) yesterday. Stefano Demiliani blogged about it today, so it's gotta be good. It's a .NET app, which is kinda cool.

So now I'm planning to set up a GMail account with a crazy name, and setting up a forwarder to send my e-mail to it. If the forwarder gets too much spam I can migrate over to a new one with not too much trouble. That's kind of what SneakeMail does. I was thinking about Mailblocks, but Omar's review indicates I'd likely be right back in the same boat - scanning my “probably spams“ folder every day.

Posted by Jon Galloway | with no comments
Filed under:

Hiding that "Server Application Unavailable" error message

Sometimes custom HTTP messages don't work. Especially with ASP.NET.

Let me step back and give a real life example. We have a nice looking application that has custom error pages (404, 500) defined. Defined twice, since the ones in web.config only apply to file types ASP.NET knows about, so they also have to be set up in IIS in case we get a link to default.asxp. Fine.

And the exec's like it.

Then, out of the blue, UGLY RED LETTER ERROR MESSAGE:

Server Application Unavailable

The web application you are attempting to access on this web server is currently unavailable.  Please hit the "Refresh" button in your web browser to retry your request.

Administrator Note: An error message detailing the cause of this specific request failure can be found in the application event log of the web server. Please review this log entry to discover what caused this error to occur.

Now, sure, this tells us to head on over to the event log and fix the problem. It also makes our website look looks slightly worse than if it had been hit by Code Red:

HELLO! Welcome to http://www.worm.com!
Hacked By Chinese!!!

And the exec's don't like it.

So I have an "Issue" - make sure we never get that error message again. It's tempting to misinterpret that request as "Fix the root causes that would cause that error message to be displayed", but the actual request is "I don't care what goes wrong on the servers, COM objects, permissions, etc., make sure that no one will ever see those ugly red letters again.

Step 1) Reproduce the error. One easy way to do this is edit machine.config and change the processModel/password to "DoNotAutoGenerate".
Step 2) Find out who's creating that ugly message and intercept it.

I'm on Step 2.

I'm pretty confident that this isn't coming from aspnet_wp.exe (or anywhere else in the ASP.NET / .NET world, for that matter) since this error usually occurs when the ASP.NET worker process chokes. Moving back a bit, I figured I'd catch it at the IIS level with a custom 500, but that didn't work.

So, getting a bit crazier, how about an ISAPI filter[1]? Did you know .NET bows out when it comes to ISAPI filters (at least in managed c#)? You can do HTTP Handlers and HTTP Modules, but both depend on aspnet_wp.dll, which is already dead at this point.

For context, I'd rather be thrown up on than mix it up with C++ again. Then again I've got a 9 month old so getting thrown up on is no big thing. But, I'd rather not mess with a C++ ISAPI filter if either:

1) Someone's already done this sorta thing
2) It's doomed to fail

Having looked further into exactly who is generating this message, I'm less confident that the ISAPI filter can work. Going through c:\WINDOWS\system32\inetsrv (w3svc.dll, inetinfo.dll, etc.) with ResHacker showed these files contain error message strings with html tags in them, and opening them with a text editor showed quite a few more (string constants, not resources). This leads me to believe IIS hits an error in a child process, barfs up an ugly "red letter error", and writes it directly out to the poor end user's browser.

So my hunch is that these error message are a byproduct of IIS, and there's no way to guarantee they'll never be shown. Can any smart folks give me some guidance here?

[1] ISAPI filters are also a potential performance problem, since all the traffic on the server goes through them.

Posted by Jon Galloway | 2 comment(s)
Filed under: ,

Cool solution to the "Ugly RSS Link Issue"

I was just struggling with "Ugly RSS Link Issue" this weekend - you want the little orange XML link, but you know that a lot of folks are gonna click on it and see naked XML and think it's time to reboot or possibly even get a new computer... one with a lot more megapixels.

So here's the obvious solution that would make me feel dumb if it weren't for the fact that nobody seems to be doing it (Via Scott via Leon):

Really nice technique to solve the 'users seeing ugly RSS feed' issue.

Just noticed this at secretGeek's site, on his RSS feed he specifies an xslt and css file for the feed page - result, his users only see a nicely formatted page instead of the nasty XML view you're usually see...I'll put this on mine tonight, it's always annoyed me that some visitors here just see the horror of XML...

Posted by Jon Galloway | with no comments
Filed under:
More Posts Next page »