Recently in Windows Category

Yup. I just said it: Windows is a perfect platform.

Obvious counter argument: go out there and search for "windows virus scanner" and check that out: 1.38 million results on Google. 53,000 if you include the quotes.

Either I'm wrong, or Google is lying to me. That's a lot of results for a virus scanner. "Windows virus" turns up 134 million. Clearly, Windows is anything but the perfect platform. My reasons as to why it is regarded as an imperfect, shoddy, spyware-ridden platform are very clearly written in a packet I got ahold of recently, concerning a website which is used extensively at work. The website in question will be launching with a new version soon, and to inform their customers of the upcoming changes and needed alterations to your OS (read: Windows and Internet Explorer) in order for this website to work.

Quoted directly from this thirty page packet: ... "you will need to download a new control from the [XX] site, this requires that you be administrator of your machines for that 1st export only. Unless it is a big company with an IT department, you are likely administrator already."

Let's put this in linux terms. "You are required to run as root in order to get this piece of software to work. You are already running as root, so don't worry about it."
The problem with Windows isn't Windows. The problem with Windows is the absurd number of poorly written software packages, all of which require administrator rights. This is a website, not a system reconfiguration utility. "I know! And, so, I only require administrator rights the first round!" One of these days, I'm going to go find out why it requires administrator rights at all.

This packet then proceeds to outline all of the needed steps to get this new website up and running on the individual computers. This process must be repeated for every user on every computer. For me, this means driving between three buildings, located in Sandy, Salt Lake, and Bountiful. For the curious, that's a half-hour drive. The total machine count is 37. Total miles driven will be just over 50. Time spent in transit will be roughly an hour and a half, all things considered. Once I hit the first building, however, the real work begins. This packet outlines that the following changes need to be made:

1. Adjust the settings of the popup blocker to whitelist said website.
2. Ensure that the cache settings are set to check for new versions of pages automatically (and then clean the cache out).
3. Add the website to the "Trusted Sites" security zone.
4. Adjust the security settings for the "Trusted Sites" zone to allow/do the following: Enable automatic prompting of ActiveX controls, enable binary and script behaviors, download signed ActiveX controls, download unsigned ActiveX controls, initialize and script ActiveX controls not marked as safe, run ActiveX controls and plugins, script ActiveX controls marked safe for scripting, enable automatic prompting for file downloads, enable file downloads, and enable font downloads. (These are the instructions for IE6. IE7 also includes enabling Loose XAML, XAML browser applications, XPS documents, allowing previously unused ActiveX controls to run without prompting, and oddly, disabling video and animation on a webpage that does not use them.)
5. Go ahead and re-read point number four there. I even put the relevant points in bold for you, so by all means, have at it.
6. Check the computer for any of the following toolbars, and if they are found, reconfigure them all individually to also allow popups from the website in question: Google, Yahoo, AOL, MSN, "or anything besides Standard Buttons, Address Bar or Links."
7. The remaining pages are dedicated to disabling or reconfiguring any other possible popup blockers.

It should be noted that not one of those steps included instructions that told me how to download and install said unsigned, marked not safe for scripting, "I need admin rights to continue" ActiveX control.

So, come the Monday morning that this launches, I get to drive around more than I care to, tweaking more settings that need tweaked, decreasing the default system security, installing ActiveX controls as administrator.

There is nothing wrong with Windows; there is everything wrong with the average software package (and/or website, as is this case). Because of this, Windows doesn't even have a fighting chance. If a website you loaded up suddenly popped up a box stating that it wanted your root password to continue, what would you do?

Why don't you do the same thing on Windows though?

Oh, right, the software requires it.

The operating system isn't broken, just all of the third-party software is.

Microsoft Windows Vista was recently released. To be honest, I'm excited for it. It brings countless good things to the windows world, and to be blunt, XP is beginning to show it's age. (Windows 2000 is timeless though, in my opinion. Maybe I'll post my thoughts of Win2k vs WinXP vs Vista eventually, we'll see.) Let me say that one more time:

I am glad that Vista was released. It is an upgrade. It is worth purchasing. There are too many advantages, both in terms of the technical side of Vista, and user interface side of Vista, to think otherwise. Once again: Vista is good.

I run a network for small business. It's a Windows network, through and through. Pair of Win2k3 servers in two locations, a copy of MSSQL, and two point to point T1 lines linking three buildings together. It's all built on Windows Server technology, and I'll be dead honest here: I haven't found a better, easier to use, scalable server system than that of Windows Server. Let's do this in bold too: Windows Server is good. Windows Server makes me happy, and it makes all of the employees happy (even though they could care less, they just want to work.).

So what did I do the day Vista was released to the public?

Blow away my last copy of WinXP. Destroy it. That was also my last copy of anything Microsoft that I use for my own personal computing. Hear that? No more WinXP in my blood. No more XP on anything that I personally use, be it at home or at school. Bye WinXP. Vista is out, and I don't care what the critics and journalists say: Vista is worth purchasing.
So, I replaced my copy of XP with Linux.

And it feels good. So very good.

My number one complaint about Vista is two-fold: versions, and limited features/too many features. I run networks, I build networks. My primary computer has five different NICs in it, three of them are 1000mbit and two of them are 100mbit. Further, I have a PCI wifi card in there, and my router is a soekris box with a hand-rolled distro running on a CompactFlash card. I like my networks, and I like them a lot.

Know what I like MOST about networks? Networking. You know, intra-device communication. The flexibility that networking provides. File is on another computer? So what, just click click, bam, your file is in front of you, even if you're on the opposing side of the globe. Networking is fun.

Networking with Vista is not. Now, don't get me wrong: new TCP/IP stack? Re-worked IPSEC support? Hate to break it to you people, but with about seven clicks (with Vista) I can literally move three buildings from open TCP/IP to straight IPSEC communications between ALL computers, using SSL certificates. Seven clicks, and I have a network that runs IPSEC flawlessly, and effortlessly. And no, the IPSEC implementation isn't broken: it works, and it works well. I'm not trying to say that Vista has horrible networking with that earlier line. The network stack, the possibilities... I love.

What I hate is the arbitrary limitations imposed upon the different versions of Vista. For example, lower end versions of Vista cap the number of connections you can have to any specific computer at five. Let's count.. my desktop, my other desktop, my laptop, my brother's computer, the family computer, my sister's computer, and my xbox. Oops, seven. Vista Home Basic is out of the running.

Also, Remote Desktop (aka 'RDP') has been essentially removed from Vista Home editions. I can't bring up the computer's display at will anymore, I have to install VNC or something similar.
It's these little things that get at me. Want feature X? Gotta spend more money. More connections to a computer than Y? Yeah, spend more money, but note that you're capped at 10 period unless you drop several thousand on a copy of Windows Server, and oh, we don't have Vista Server out yet, it'll be another year or so.

This is the biggest reason I switched to Linux: there are no arbitrary limitations imposed. Anywhere. I can connect thousands of machines to this one, and I can type a single line to bring a window from a desktop to my laptop, in a secure fashion, from anywhere in the world.

Let me give you a scenario here, from my everyday work. At school, I use my laptop for everything. Notes, research, papers, reading, the works. All of my work is kept in a subversion repository. Because of this, I can access my up to date notes from pretty much any computer and any OS anywhere.

I get home, and turn my laptop on. It boots up, and I place it in the dock. The laptop automatically detects that it has been docked, and brings up the wired ethernet interface. As a part of this process, it also registers with my LAN DNS server as it obtains an IP, and then commits my most recent set of school notes to the subversion repository. At this point in time, I can type a line into my desktop, and update my desktop's copy of my notes with the most recent version.

Further, because it has registered with my LAN DNS server, I don't need to worry about assigning static IPs. This can be taken one step further: whenever anyone brings over their laptop, they get the same treatment (I should mention that I run an iTunes server on my desktop also. Not apple software, but linux software providing the same functions).

Because I run linux on my laptop and desktops, I can type one more line and bring up windows from my laptop on to my desktop. If I have a bookmark I want to grab, I just run firefox on my laptop and watch the window appear on my desktop.

Earlier up, I mentioned I have an xbox connected to my network, and counted it as a computer connecting to my other computers. Why? It's a modded xbox, running a copy of XBMC. XBMC uses libsmb from samba to give it networking with other windows computers, in addition to having UPnP support, and the ability to browse for iTunes shares on the network.

You know those mockups that Microsoft and Apple have every so often, where it shows the "house of the future"? Where someone walks in with a laptop and wirelessly collaborates with the people in the home? How the music is there to be listened to, the videos to be watched, and work just "gets done" because of the transparent technology powering it?

Hate to break it to you, Microsoft and Apple, but I've already got all of that and then some. It didn't cost me a dime, it works flawlessly, and I can bring as many networked devices I please into the fold without paying more to get around an arbitrary limitation. I've got an xbox that can play any assortment of video and audio at 1080i resolutions in 5.1 surround, laptops plug in (or wifi in) and mystically "just work," and then "just work" with the desktops in a beautiful unison.
I should also note that the Windows Server network I run has its bits moved around by linux routers. Sure, Windows Server powers the desktops, but the bits don't move from site A to B to C on their own, and quite frankly, I wouldn't want anything Microsoft doing that for me.

I love open networking. As a direct result of networking with open technologies, I already have the home of the future. Plus, all of my private networking is encrypted, transparently. Anything that's "open to the public" is, well, just that: open. It's a beautiful thing.

Sorry Vista, you don't fit that bill at all.

About two weeks ago, my sister was hit by an IM worm. "hey - i've got pictures of the group" from a good friend. Clickey clickey, bam, trojan'd. This happened relatively late at night, so the following evening she came down and asked me to fix it. A recap of what I found:

• Eight programs that phone home, download binaries, and run them
• Seven trojans/backdoors
• Eleven random viruses
• One spambot
  

Note the italics.

As I was cleaning the system out (before I knew of the spambot), I noticed the wireless connection was in heavy use. I didn't think too much about it, as it had several viruses on it then, but I also needed the networking in order to properly clean the system. It wasn't until I tried Trend Micro's Housecall service that I really looked into the networking problem, and noticed four packets sent for every one recieved.

Oops.

I grabbed a laptop, fired up an SSH session to my router, and then started the tcpdump. I must admit, while I hate spam, it was sending a seriously impressive volume of spam per minute. I reset tcpdump to only output data headed to :25/tcp remote, and it was connecting to a good fifty different servers per minute. Fifty different servers per minute. That's a ton of spam, and it was all going over my home cable connection.

I decided I had better fix that little problem quickly, and that meant an iptables rule. Behold the results:

pkts bytes target     prot opt in     out     source               destination>

5488  263K DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:25

5488 different connection attempts in a matter of minutes. That's a lot of spam.

What scares me is that this was just one computer on a home residential computer. If my sister was hit with this worm, that means her friend also has it. And due to the nature of the IM networks, that likely means everyone my sister knows, and everyone of them and all of their contacts, also have this spambot churning out e-mail to the public as a whole.

Did I mention that's a lot of spam?

So, internet, sorry for not selectively blocking :25/tcp outbound in the first place. Sorry for sending out more spam in minutes than I get legit e-mail in three weeks. Oh, and sorry for having family members that don't know *nix. On the flip side, I have yet to see a good MSN client for *nix that features audio and video chat too, so until you can get me (or rather, my sister) that...

I recently installed a jabber server for my small office(s). We recently expanded to three separate buildings, one in Sandy, one in Salt Lake City, and another in Bountiful. Likewise, suddenly the ability to communicate was limited by phones and e-mail, and for the large majority (80%) of the needed communication, both of those options were either overkill (one-line e-mail?) or impractical (staying on hold for 30 minutes, tieing up a phone line, to ask a single six-word question).

It's funny how little we value the ability to easily communicate until it's suddenly not so easy.

I started out trying to install ejabberd, but failed miserably. In both the Sandy and Salt Lake offices, I have a modest linux router installed, doing all routing/firewalling/networking in general. Likewise, throw in the DNS SRV records on a per-site basis, in theory I would have been able to point all clients to the same host, but end result have them all wind up connecting to their local instance of ejabberd.

For those of you who don't know, ejabberd is famous for it's ability to cluster and fail/fault-over abilities. It uses a database that is essentially distributed by default. Further, it has a very nice web interface for management, along with a shared roster (list of people on the service) built-in. Sadly, I never was able to get the distributed part of it (the reason to use it) working. I would add a user on one side, and magically, that user would never appear on the other. Huh, oh well.

I wound up reverting back to the tried and true method (for me, anyways) of getting a jabber server up and running: jabberd2. Jabberd2 is not distributed like ejabberd, but it also typically uses MySQL as the backend (granted, ejabberd can also, and I've never tried to do so either, but I also know how to make jabberd2 work, and that's what I wanted here), which I'm rather familiar with.

So, about twenty minutes after I gave up on ejabberd, I had a functional jabberd2 server, up and ready to go. (For those of you curious, I have a 1.2TB RAID5 array, on which the database server is running. Overkill, yes, but I don't want to burden the router down with a database server.) Now for the fun part: the client, the program that everyone will actually be using.

All of the clients are running Windows XP, along with two or three Windows 2000 boxes. jabber.org has an impressive list of jabber clients, for pretty much any OS under the sun. In the end, I chose Miranda IM, for several reasons:

• Final distributed file size: I wound up with a 556kb .msi installer that I built for it (more on that later).
• Runtime size: I'm pretty sure that everyone lost maybe a megabyte of RAM from running this, if that. Small, light, and fast are all words that I'd use to describe this.
• Ability to customize: at it's core, it's a small executable with a large army of plugins (DLLs), providing additional functions. Likewise, I just cut out everything except the jabber components, and hey, I have a perfect IM client for jabber and jabber only.
• mirandaboot.ini: A little-known feature of Miranda. Drop this file into the install directory, and you can change program defaults. In this case, it's set to automatically create a user profile in their own user's directory, named after their domain logon name.
• Looks for DNS SRV records and uses them (Hey, gaim, where are you? Oh, right, you're STILL LACKING THIS HORRIBLY SIMPLE FEATURE. What's so hard about a DNS lookup, really?).
• Easy to use, simplistic.

All in all, this is pretty much a perfect client for people. It's simple enough to use, effective, small, and to top it all off, free. The only thing it was missing was a .msi installer package (it is being installed on a windows domain after all), and the official stance from the Miranda devs consists of, "you have a .zip and a .exe installer, and what we provide works. If you want a .msi package, feel free to build it yourself." As a result, I did, and I used Wix to do it. Yay for open source and free Microsoft programs that get the job done, and get it done well. The posts I saw on the Miranda forums included a lot of users wanting a .msi installer, so once I polish it off, I'll post both the Wix .xml file, along with the final .msi for people to abuse. For now, I'll link to the .msi which I'm using here. This includes jabber components only, and installs without prompting to Program Files. This file is suitable for usage anywhere, as it saves all settings in places where anyone can write to, and it is multi-user sane (in the sense that user A can't see user B's settings and contacts).

Earlier, I mentioned that ejabberd has shared rosters, where basically everyone can see the same group of people. Sadly, jabberd2 lacks this feature, but makes up for it in another way: it has MySQL as it's backend. This makes is horribly easy to write a small script which clears the existing roster table, and re-populates it with everyone else who is registered with the service. This makes it pretty easy to accomplish a similar "shared roster", and it bypasses the semi-complicated process to add a user, consisting of:

• Finding the person to talk to,
• Adding the person to talk to,
• Waiting for the the person on the other end to both sign in, and click allow,
• Waiting for the person on the other end to add you themselves,
• Finally allowing that user access to talk to you.

For people who only know how to use computers as far as clicking File, Print goes, the automatic addition of new users to their lists saves time and effort all the way around. Not to mention the new person doesn't have to go and add thirty other people, and then wait for all thirty people to add and authorize the new person.

In the end, I wound up with a setup that's as close to perfect as it can get. Shared rosters, easy to use client, and a client that works perfectly and easily.

I'm rather liking this whole "run your own IM server" idea now that I'm using it on a scale larger than two users. And hey, so are all of the employees.
Links:

• miranda-0.5.1-1st.msi (.msi installer, jabber components only)
• miranda-1st.xml (Wix .xml file, used to create your own .msi, jabber components only)
• miranda.xml (Wix .xml file used to create your own .msi, all Miranda IM components)

Once again, these files do not include a GUI installer of any sort, but rather will install the program automatically without prompting. There's your warning.

It's pretty much every day that I run across a program on windows that wasn't coded correctly to function in a multi-user enviroment as a good program should. It's not every day, however, that I come across a program that is so horribly coded I decide to create a "Hall of Shame" consisting JUST of that ONE application.

I'm not talking just "bad", I'm talking HORRIBLE. There's a line, and this single application crosses that line in multiple ways at once.

I work for a small law firm, and we recieve massive PDFs of legal documents all day, in any one of a good ten different file viewers and file formats with different file extensions (although I have yet to find a single format that wasn't either a PDF or PCL doc with just that: a different extension and a differently branded viewer). I just had to help a user get their document package to print, and let me tell you, it was a doozy.
First off, I present you with DesertDocs. This is the offender's website, but the website is half the problem. More on that later.

The e-mail in question had nothing more than a document number and a link to this website. If you click on the "WebPost General Inbox" on the side, it'll bring you to a rather confusing page. The nature of the documents include personal information (likely SSIDs, names, addresses, etc.). Nothing that we would knowingly spread around, in other words. So, we picked the "Private Inbox Login" button. Username and password? Not in the e-mail. So, we go back, and pick the "Download Docs" button.

... to be presented with an EULA. Scroll down, click agree... hmm. Now it wants me to install a document viewer for this. Why I need a seperate viewer to view these docs is beyond me, but I've also grown used to it over time (refer to the previous paragraphs). So, I install it (the user in question has guest priviliges, I had to install it personally as the administrator), and try the website again.

Only to be prompted to download the viewer again.

*twitch*

At this point, the user I'm helping has to get this done now, and further, has a migraine. She also had the winning idea: call them. So, we find the toll free number, and call them up.

After explaining the problem to the person who answered, I could tell instantly that they had encountered this problem before. Their solution? "Delete your temporary internet files and cookies, that is what is preventing you from getting the docs you need."

"Okay, done, and it's still not working."

Upon hearing this news, he directed me to the application's Program Files directory, and instructed me to start the "wpcookie.exe" application. (Side note: he directed me to the directory in question by having me right-click the doc viewer shortcut, hit properties, and then 'Find Target'. This is actually ingenious, and probably the only correct thing that I got out of the entire call.) I ran it and it seemingly did nothing. He then told me to open the website up and try again. Tada, it worked.

"So, what did that just do?"

"Place a cookie in Internet Explorer."

Problem one: when enough users call in and whine that it doesn't work, causing you to package a seperate program just to set a cookie on the computer, you have issues.

As pissed off as I was then at how horribly broken their program was, I continued on with the guy, because plain and simple, we needed it to work. I was able to then get to the link to download the documents. I click the link, and naturally, it opens in a popup (which is blocked).

Problem two: when your tech support takes it in stride to tell you to allow the popup that was just blocked, take a clue yourself, 'developers': stop using popup windows.

"Hey! That's what I need!" the user exclaims. "Good," I'm thinking to myself, "I'm almost done." (Hint: I wasn't.)

I was then told to click on 'Print', 'All', and then 'Okay', and I would then be asked a printer to print the docs on. Sure enough, I was, only instead of printing, a 500kb file downloaded, and the viewer program that I had downloaded launched. Only to error out in a horrible way: "Permission denied." I then read the error message.

Problem three: the %TEMP% dir exists for a reason. Quit thinking you can write to Program Files\Your Stupid App\temp, because you can't. Copying the downloaded file from the Temporary Internet Files directory to a temporary directory in Program Files is just plain stupid. Use the %TEMP% dir, that's what it exists for. By doing this, not only are you assuming that the user is running on Windows 95/98, or that they have Administrator rights (which they don't, not on my grounds!), but you're adding multiple security holes into your application and breaking all forms of file system quotas automatically. Oops.

At this point in time, I was laughing to myself, and just blindly following the guy's instructions. Two more attempts were made to fix this. One of these included copying the file from the Temporary Internet Files directory to somewhere else, and then opening the utility to click File --> Open ("Double clicking on the file will not work."). I forget the other.

At this point in time, he said something that was honestly quite amazing: "Huh. Well that's weird."

Someone has never used a windows computer as a guest, have they?

At this point in time, I just told the guy to hang on while I tried something of my own. That something involved giving the user permission to write to the application's own temporary directory. Guess what? It worked.

Guess what else? That little 500kb file? Was an archive. In the archive, was a .pdf and a .html.

Problem four: quit re-inventing the wheel with applications that don't work. I just spent the last 15 minutes on the phone with you trying to fix this, only to find out that you just as likely could have given me a link to the .pdf (the .html wasn't really needed in this case), or, thought of all thoughts, a link to a .zip.

Luckily, this can easily be rectified.

1. Stop pretending that the user WILL had Administrator rights.
2. Stop breaking file system quotas by thinking you're better off using your own personal %TEMP% dir.
3. Stop making up your own file types, and
4. Start using existing ones (no, your way is NOT better in ANY fashion).
5. You could make me eternally grateful by firing your programmers and just giving me a link to the .pdf on the website. Really.