Recently in Rants Category

Yup. I just said it: Windows is a perfect platform.

Obvious counter argument: go out there and search for "windows virus scanner" and check that out: 1.38 million results on Google. 53,000 if you include the quotes.

Either I'm wrong, or Google is lying to me. That's a lot of results for a virus scanner. "Windows virus" turns up 134 million. Clearly, Windows is anything but the perfect platform. My reasons as to why it is regarded as an imperfect, shoddy, spyware-ridden platform are very clearly written in a packet I got ahold of recently, concerning a website which is used extensively at work. The website in question will be launching with a new version soon, and to inform their customers of the upcoming changes and needed alterations to your OS (read: Windows and Internet Explorer) in order for this website to work.

Quoted directly from this thirty page packet: ... "you will need to download a new control from the [XX] site, this requires that you be administrator of your machines for that 1st export only. Unless it is a big company with an IT department, you are likely administrator already."

Let's put this in linux terms. "You are required to run as root in order to get this piece of software to work. You are already running as root, so don't worry about it."
The problem with Windows isn't Windows. The problem with Windows is the absurd number of poorly written software packages, all of which require administrator rights. This is a website, not a system reconfiguration utility. "I know! And, so, I only require administrator rights the first round!" One of these days, I'm going to go find out why it requires administrator rights at all.

This packet then proceeds to outline all of the needed steps to get this new website up and running on the individual computers. This process must be repeated for every user on every computer. For me, this means driving between three buildings, located in Sandy, Salt Lake, and Bountiful. For the curious, that's a half-hour drive. The total machine count is 37. Total miles driven will be just over 50. Time spent in transit will be roughly an hour and a half, all things considered. Once I hit the first building, however, the real work begins. This packet outlines that the following changes need to be made:

1. Adjust the settings of the popup blocker to whitelist said website.
2. Ensure that the cache settings are set to check for new versions of pages automatically (and then clean the cache out).
3. Add the website to the "Trusted Sites" security zone.
4. Adjust the security settings for the "Trusted Sites" zone to allow/do the following: Enable automatic prompting of ActiveX controls, enable binary and script behaviors, download signed ActiveX controls, download unsigned ActiveX controls, initialize and script ActiveX controls not marked as safe, run ActiveX controls and plugins, script ActiveX controls marked safe for scripting, enable automatic prompting for file downloads, enable file downloads, and enable font downloads. (These are the instructions for IE6. IE7 also includes enabling Loose XAML, XAML browser applications, XPS documents, allowing previously unused ActiveX controls to run without prompting, and oddly, disabling video and animation on a webpage that does not use them.)
5. Go ahead and re-read point number four there. I even put the relevant points in bold for you, so by all means, have at it.
6. Check the computer for any of the following toolbars, and if they are found, reconfigure them all individually to also allow popups from the website in question: Google, Yahoo, AOL, MSN, "or anything besides Standard Buttons, Address Bar or Links."
7. The remaining pages are dedicated to disabling or reconfiguring any other possible popup blockers.

It should be noted that not one of those steps included instructions that told me how to download and install said unsigned, marked not safe for scripting, "I need admin rights to continue" ActiveX control.

So, come the Monday morning that this launches, I get to drive around more than I care to, tweaking more settings that need tweaked, decreasing the default system security, installing ActiveX controls as administrator.

There is nothing wrong with Windows; there is everything wrong with the average software package (and/or website, as is this case). Because of this, Windows doesn't even have a fighting chance. If a website you loaded up suddenly popped up a box stating that it wanted your root password to continue, what would you do?

Why don't you do the same thing on Windows though?

Oh, right, the software requires it.

The operating system isn't broken, just all of the third-party software is.

Ah, digg. You came around some time ago, right as "Web 2.0" was getting really big. Throw in the "show/hide" comment javascript magic and you were a perfect fit for web 2.0 and AJAX (which you really are not, despite the fancy "show/hode" comment javascript... oh right, 2001 tricks).

Let's review a recent "digg": "World of Warcraft scans player's Internet Explorer browsing history".

GASP! A GAME! SCANNING MY HISTORY! INVASION OF PRIVACY AND I'M GOING TO BOYCOTT AND SUE!

For the linked picture, aka "proof" to all of you digg users, go here. For those of you who don't care to click (I'd be one of them in your shoes, I am rather boring), it's a screenshot of one of the best windows programs of all times: Process Explorer. In this screenshot, it shows a running copy of World of Warcraft (WoW.exe), and then it lists every file opened by WoW.exe. Semi-surprisingly, listed, is the poster's Internet Explorer history. C:\Document and Settings\Greg\Local Settings\Temporary Internet Files\Content.IE5\index.dat. Yup, that's the history all right.

For those of you who don't know, and I'd assume that number to be many, World of Warcraft employs a nice little thing called "The Warden." The Warden is WoW's anti-cheat. But, not really. That's yet another misconception. The Warden runs every 10 or 15 seconds, searches out every running process, takes a hash of the process name, and compares it against a list of "known bad" (read: botting, hacking, etc.) programs. Yup, that's it. Compared to things like PunkBuster, the Warden is amazingly tame. It does basically nothing.

But never underestimate the power of stupidity, especially when it numbers in the seven million users range. Their anti-cheat has been accused of sending Social Security numbers, bank account numbers and PINs, e-mail addresses, and other "private information that I don't want Blizzard to have." None of this is true, of course, but again: stupidity comes with numbers. Will said anti-cheat read your Quicken title bar and grab your bank account number? Sure will. Will it send it off to Blizzard? Nope. Remember: it hashes the process name and then compares that hash to a list of known botting programs.

Average digg.com user: "So why in the world," (no pun intended) "is this game reading my history? I know you have an anti-cheat, and I know that it's rather invasive: BLIZZARD IS SCANNING MY WEB BROWSING ACTIVITY AND SENDING IT ALL BACK TO THE MOTHERSHIP!" Word for word? No. But do read the comments to the above link, and you'll find several people stating that.

The screenshot proves that WoW.exe can read your history. Nothing more. It does not prove anything more than that, period. "But the screenshot..! The open files!" In the words of the digg.com post:

"The linked screenshot provides proof that WoW developer Blizzard is actively scanning players' browsing history and cookies. Early speculation is that this is a countermeasure against cheaters, but players are arguing that Blizzard has no right to access this highly private data."

Hate to disappoint you, diggers: WoW uses Internet Explorer as part of the in-game engine. No wonder it has access to the history, it's using the browser! No joke? No joke, and no kidding. Want some proof? Here you go. Some more? More proof for you! One last bit? Sure! Even more proof? Here's the HTTP header that the launcher sends: "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)". Check that stuff out. Blizzard has a reason to be in your history! Even though they aren't. Shock.

"But the second link you gave there is just the launcher which runs before you start the game, and the last one is just a blank page!" Yeah, you got me there. That's because there aren't any alerts at the time of posting. And further, it's the "alerts" that are displayed in game when you login. Seriously. You know - that box you see sometimes when you login, that reads: "These realms are down/will be down! Enjoy your stay in WoW, and we're deeply sorry." Yup, that's a webpage, and yup, WoW.exe uses Internet Explorer to render it.

Which brings me to my (*ahem*) point. Digg users are lemmings. Here I thought the the slashdot moderation system encouraged "group think", but that's capped from -1 to +5. Digg is probably capped to 2^32, allowing for stupidity and group think to the scale of 4294967296. Because one person posted a screenshot and said, "here, proof that they WATCH ALL OF YOUR BROWSING HABITS," several hundred people hopped on the bandwagon of "lemming," walked on over to the World of Warcraft forums, and began spamming. They don't know any better: they're just another lemming.

Digg, while "cool," "popular," "web 2.0-ie," and "high traffic," has also become a synonym for "sheer and utter stupidity on a grand scale." It has one or two cool or funny links every so often, but the huge majority of anything on there is just sheer stupidity. Do I care about some guy's experience at a Taco Bell? Or a list of proxies? Maybe a really annoying, incredibly simple game? An idiot suing Amazon?

I believe a very good (not) description of the site is the one found if you google "digg": "Technology focused news site where the stories are chosen by community members rather than editors."

Lemmings, I tell you.

It's pretty much every day that I run across a program on windows that wasn't coded correctly to function in a multi-user enviroment as a good program should. It's not every day, however, that I come across a program that is so horribly coded I decide to create a "Hall of Shame" consisting JUST of that ONE application.

I'm not talking just "bad", I'm talking HORRIBLE. There's a line, and this single application crosses that line in multiple ways at once.

I work for a small law firm, and we recieve massive PDFs of legal documents all day, in any one of a good ten different file viewers and file formats with different file extensions (although I have yet to find a single format that wasn't either a PDF or PCL doc with just that: a different extension and a differently branded viewer). I just had to help a user get their document package to print, and let me tell you, it was a doozy.
First off, I present you with DesertDocs. This is the offender's website, but the website is half the problem. More on that later.

The e-mail in question had nothing more than a document number and a link to this website. If you click on the "WebPost General Inbox" on the side, it'll bring you to a rather confusing page. The nature of the documents include personal information (likely SSIDs, names, addresses, etc.). Nothing that we would knowingly spread around, in other words. So, we picked the "Private Inbox Login" button. Username and password? Not in the e-mail. So, we go back, and pick the "Download Docs" button.

... to be presented with an EULA. Scroll down, click agree... hmm. Now it wants me to install a document viewer for this. Why I need a seperate viewer to view these docs is beyond me, but I've also grown used to it over time (refer to the previous paragraphs). So, I install it (the user in question has guest priviliges, I had to install it personally as the administrator), and try the website again.

Only to be prompted to download the viewer again.

*twitch*

At this point, the user I'm helping has to get this done now, and further, has a migraine. She also had the winning idea: call them. So, we find the toll free number, and call them up.

After explaining the problem to the person who answered, I could tell instantly that they had encountered this problem before. Their solution? "Delete your temporary internet files and cookies, that is what is preventing you from getting the docs you need."

"Okay, done, and it's still not working."

Upon hearing this news, he directed me to the application's Program Files directory, and instructed me to start the "wpcookie.exe" application. (Side note: he directed me to the directory in question by having me right-click the doc viewer shortcut, hit properties, and then 'Find Target'. This is actually ingenious, and probably the only correct thing that I got out of the entire call.) I ran it and it seemingly did nothing. He then told me to open the website up and try again. Tada, it worked.

"So, what did that just do?"

"Place a cookie in Internet Explorer."

Problem one: when enough users call in and whine that it doesn't work, causing you to package a seperate program just to set a cookie on the computer, you have issues.

As pissed off as I was then at how horribly broken their program was, I continued on with the guy, because plain and simple, we needed it to work. I was able to then get to the link to download the documents. I click the link, and naturally, it opens in a popup (which is blocked).

Problem two: when your tech support takes it in stride to tell you to allow the popup that was just blocked, take a clue yourself, 'developers': stop using popup windows.

"Hey! That's what I need!" the user exclaims. "Good," I'm thinking to myself, "I'm almost done." (Hint: I wasn't.)

I was then told to click on 'Print', 'All', and then 'Okay', and I would then be asked a printer to print the docs on. Sure enough, I was, only instead of printing, a 500kb file downloaded, and the viewer program that I had downloaded launched. Only to error out in a horrible way: "Permission denied." I then read the error message.

Problem three: the %TEMP% dir exists for a reason. Quit thinking you can write to Program Files\Your Stupid App\temp, because you can't. Copying the downloaded file from the Temporary Internet Files directory to a temporary directory in Program Files is just plain stupid. Use the %TEMP% dir, that's what it exists for. By doing this, not only are you assuming that the user is running on Windows 95/98, or that they have Administrator rights (which they don't, not on my grounds!), but you're adding multiple security holes into your application and breaking all forms of file system quotas automatically. Oops.

At this point in time, I was laughing to myself, and just blindly following the guy's instructions. Two more attempts were made to fix this. One of these included copying the file from the Temporary Internet Files directory to somewhere else, and then opening the utility to click File --> Open ("Double clicking on the file will not work."). I forget the other.

At this point in time, he said something that was honestly quite amazing: "Huh. Well that's weird."

Someone has never used a windows computer as a guest, have they?

At this point in time, I just told the guy to hang on while I tried something of my own. That something involved giving the user permission to write to the application's own temporary directory. Guess what? It worked.

Guess what else? That little 500kb file? Was an archive. In the archive, was a .pdf and a .html.

Problem four: quit re-inventing the wheel with applications that don't work. I just spent the last 15 minutes on the phone with you trying to fix this, only to find out that you just as likely could have given me a link to the .pdf (the .html wasn't really needed in this case), or, thought of all thoughts, a link to a .zip.

Luckily, this can easily be rectified.

1. Stop pretending that the user WILL had Administrator rights.
2. Stop breaking file system quotas by thinking you're better off using your own personal %TEMP% dir.
3. Stop making up your own file types, and
4. Start using existing ones (no, your way is NOT better in ANY fashion).
5. You could make me eternally grateful by firing your programmers and just giving me a link to the .pdf on the website. Really.

This post isn't about what it did to the web as far as standards go, actually. That's been beaten and beaten again. "Leave the poor horse alone, you're down to a few bloody ribs." That kind of a thing.

Let's pretend for a moment. Let's pretend that IE rendered everything 100% to the existing web standards, and always had.

But uh, that still leaves a few small things of concern, namely the ability to use JScript, VBScript, and ActiveX control on the public internet.

Don't get me wrong: it's amazingly easy to design web pages. Half-Life 2, an incredibly popular (and well-done game) actually uses IE's rendering engine in game to display some things. No, really, it does.

Wait a second. I went from designing on the web to something completly unrelated to the web.

That's the problem. Despite it's name, "Internet Explorer," IE can be used outside of the internet. For things such as game menus, autorun menus, basically anything you please. And, hey, it's a lot easier to write a menu as HTML than it is in C. Hence, IE is used in applications, in combination with JScript, VBScript, and ActiveX. What's more, this is a perfectly legit use of such technologies.

Utilizing VBScript, JScript, and ActiveX, any programmer with any degree of ability (not talent, knowledge, common sense, or brain, but ability) to create a webpage, could easily (for certain terms of "easily") impliment Office in a web browser. Or a game like Half-Life 2. Or Doom 3. AutoCAD. Photoshop, WinFAX, or any program that you can install on a windows box, could be brought over the web with those technologies.

Ignore security (and other OSs) for a moment. That's a really impressive feat. It really is. The ability to do anything at all in a web browser would be very nice. Windows Update is a decent example of this, because through a web page, anyone can update their software. Sure, you could just ship your OS with a client that would pull the files down itself, but really? Compare the workload. It's easier to do it over the internet with a bit of scripting and ActiveX.

I'm also pretty sure that's the only use of ActiveX out there today that's done properly.

But then, you have to mention the end result of ActiveX, JScript, and VBScript being included in a browser. Click a link, format your hard drive. "Oops." In all truth, an ad on a website could completly erase your hard drive without even "asking" you.

Yet, people still persist in using ActiveX on the public internet. That's the bad that was done. That's why I'm sitting here, banging my head on my desk time and time again. I work for a small law (real estate) firm. They use several websites to get the job done, and rightly so.

I hate (strong word!) two websites that they must "use" in particular. Why do I hate these websites? Because they require that a user has both administrator rights and ActiveX + JScript + VBScript enabled. Read as: "I, website, do hereby require full access to your hardrive, other devices in your computer, and access to anything on your network, in order to give you... a picture."

*bangs* *head* *against* *desk*

I tried. No, really, I tried. I tried to put forth a post about Microsoft that illuminated the good points. I really did. The amount... no, I take that back. The quality (OpenClueUT) of the bashing that occurs here is second to none. Take that as you please.

One computer. One license key. Said license key is physically attached to said computer. Said key is unique to said computer, and said computer alone.

So do tell me why, after seven attempts, my product activation was still denied. Tell me why, after speaking with four customer service reps, attempting to use the automated system three times (I even managed to use two seperate systems), I was still denied activation on a legit product license, and told to "please reinstall your product and call again later."

I have no problem at all installing and using Windows Server 2003 and Active Directory. I'll be honest, it's a joy to work with. It makes my life easy, and unlike Windows 98, it has yet to fail me over three years.

But so help me, "preventing piracy" just cost a fellow employee all of her personal email. Because of product activation locking me out of the computer, and from what I can tell, access to said computer over the network, in the name of piracy prevention you have set a business back $1,000 and removed an employee's items of personal value.

Thanks.