Rant
I don't get upset often, but sometimes something is just too stupid not to comment on.
I attended a lot of sessions at DevTeach in Vancouver last week. It’s one of my favorite conferences because it is relatively small and therefore intimate, yet it attracts some amazing speakers, including some fine speakers from Microsoft.
Unlike some conferences, all speakers deliver their sessions from their own laptops instead of from a desktop machine provided by the conference. Not surprisingly, most speakers are running Vista since it is Microsoft’s latest and greatest client OS.
But it struck me at how many problems speakers were having with Vista. I’m not sure I attended a single session where some problem didn’t arise (but maybe I’ve blanked the good experiences out of my memory). One speaker couldn’t get the projector to work with Vista without technical help from the A/V support staff, then the magnifier was so small as to be worthless, making it hard to see important stuff. Many machines were slowed to a crawl, presumably from the combined performance-sucking power from PowerPoint and Vista’s Aero interface, not to mention Visual Studio or SQL Server Management Studio.
The carnage was impressive. It seems that Vista pushes the limits of laptop technology. Apparently the OS demands not only a new laptop but a top of the line version of the laptop with all the processor and memory you can throw at it.
And me? No problems at all. I had one issue with Diskkeeper kicking in during a session but I shut that off and problem was over. PowerPoint, Visual Studio, and whatever else I had to run, no problem.
I’m running Windows XP. I think I’ll stick with it for a while longer, maybe even after I replace my three-year-old laptop. Sorry, Microsoft!
Oh Microsoft, please teach me! I want to know and learn!
How, oh how, do I shut down Outlook 2007 so that when I restart it doesn’t have to check the data file?
Is it the red X in the upper right corner of the window? No, grasshopper. Is it File | Exit? No, not even close. Is it Start Task Manager | Kill Process, tempting as that option is? Is it Entourage on the Mac?
What is the secret? I implore thee, let me in on the divine secret!
Heck, I’ll be in nirvana if just occasionally it doesn’t have to check the data file!
Update: Dave Dustin suggested that I undock any synchronization devices before I shut down Outlook. Thanks, but that’s not it. I don’t use any PDAs or smart phones or any other device that I’m sync’g up with Outlook.
An old problem has suddenly reared its ugly head again. Why would some controls move on the form design surface at compile time?
Below are two views of a portion of a Windows Form. The left image shows the controls once I’ve moved them to where I want them. Notice that the combo boxes are horizontally aligned with the numeric up downs, and that the “Inches” label is nicely spaced between the border of the panel and the numeric up downs.
Then I hit F5 to compile and run the app. AS SOON AS it is finished compiling and the splash screen appears, the controls on the design surface in the VS IDE move. Notice in the right image how the combo boxes and Inches labels have moved down three pixels. Notice too that the numeric up downs aren’t moving. This behavior occurs whether or not I have locked the controls on the forms. And it happens every time I run from the IDE.
It gets worse and weirder. The combo boxes and numeric up downs continue to migrate downward three pixels three more times each time I hit F5 and then immediately quit the app. So after running the app a total of four times, the controls look like this:
Then it stops! No matter how many times I hit F5, the controls stay in the same position shown in the last image above.
I’m not running any resizing code at all; everything is done through the Anchor properties of the various controls. This happens to be on an inherited user control, but I’ve seen the behaviour on a regular form as well.
Nothing I do helps the problem, and none of the lists I post it to have a solution. So I grudgingly break out one of my technical support incidents from MSDN Universal, which hooks me up with May Ji, a support rep at Microsoft. To make a long story long, May tenaciously works on the problem, getting my code and duplicating my environment. Fortunately, although this is a fairly complex application that accesses databases and other resources, the problem is rearing its ugly head at compile time. That means she just needs all the referenced DLLs so she can compile; she doesn’t need to run it.
The problem didn’t appear on the first machine she tried it on, but she was finally able, after much dogged determination on her part, to reproduce the problem on another machine. After a lot more work trying to figure out what was wrong, and to get the WinForms team involved, she came up with two similar work arounds:
- Set the Anchor property for the moving controls back to the default Top, Left. Put code in the Form’s Load event to put the controls back where they belong. This means writing code that looks like this, for each control that is moving:
Me.cboInsulatingSheathing.Anchor = _
CType(((System.Windows.Forms.AnchorStyles.Top Or System.Windows.Forms.AnchorStyles.Left) _
Or System.Windows.Forms.AnchorStyles.Right), System.Windows.Forms.AnchorStyles)
- Move the equivalent code to set the Anchor from the WinForms designer-generated code to the Load event. All this option really does is save me from typing long, nasty lines of code, but I still have to hunt down and move the code for each control. And there are actually eight controls on this user control that move. I have literally hundreds of controls on forms and user controls throughout the application.
Bleech. What’s really disturbing is that the controls move even if I don’t have the form or user control open in the WinForms designer when I compile. Which means that any or all of those controls could be moving. (Well, apparently only controls that don’t have the default Top, Left set are at risk, but in this app that’s a lot of them.) So every time I compile, or at least every time I send an update, I have to check dozens of forms and user controls, looking within each tab, to see if anything has moved. I supposed I can set up an automated way of doing this, such as through source control, but I haven’t gotten that far yet.
That’s all that May could do. The only right way to fix this is for the WinForms team to develop a fix. But they’re in the final push for Whidbey as well as already working on Orcas. VS 2003 is old stuff now, and not a priority, even though it is the currently shipping version of Microsoft’s permier development tool. Aargh.
Oh well, at least I can hope that this blog post will save someone else the grief I’ve gone through on this.
Sheesh. Once again Microsoft is determined to inconvenience legitimate users without giving hackers a pause with their now-mandatory Windows Genuine Advantage program. I was just trying to download the new SyncToy Power Tool for Windows XP and had to go through the rigamarole of validating that I have a legitimate copy of Windows. Isn’t once enough?
So, what Microsoft is saying is that to download anything but non-critical security patches I have to do this validation every single time? The ActiveX control method of validation doesn’t seem to work for me, presumably because I’m running as a non-admin user or because I have IE reasonably locked down. So I have to download and run the 400K tool every time I do a download, then copy and paste the code into the Web page??? Or will this be another example of something that Microsoft tells me I have to loosen my security to enable?
Bah!
Geez. Once again Congress is monkeying with stupidities. They pass an Energy Bill that is bad for conservation and great for polluting energy sources, doing virtually nothing to encourage the development of clean or energy saving technologies. At least they're not opening the Arctic National Wildlife Refuge in this bill. No, that will wait for the budget nonsense in September.
Okay, that is grating enough. But they pass a bill that encourages more energy development and usage, then includes this section (Section 111):
Amends the Uniform Time Act of 1966 to extend standard daylight time from March to November (currently from April to October). Requires the Secretary to report to Congress on the impact of this extension upon energy consumption in the United States.
Set aside for the moment that it is ridiculous for us to use Daylight Savings Time (DST) here in Alaska, where we have precious little sun in winter and nearly fulltime sun in summer. We're going to put the country through the disruption of changing the months we're in DST. They keep monkeying with this, the first time in my memory back in the 70s during the energy crisis that started it all. People didn't like it then and won't again now, and they'll change it back again in a year or two. History repeats itself.
Oh, and we'd better hope that all the major operating system vendors get their patches done in time, and that everyone installs them. Otherwise a lot of people will be on the wrong schedules for a month or so!
Bah! Congress, quit disrupting our lives just so you can claim to be doing your job. Do something real for a change!
On Friday, Microsoft released a security advisory about a new nasty floating around that targets IE: A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit. It should be no surprise that it has to do with the fact that IE runs ActiveX/COM components.
The fun part, of course, is that among the workarounds recommended is that you set your security settings for the Internet and Intranet zones to High. Good advice, except that disables the ability to read the advisory since then you are no longer able to click on the links that expand the text to read the different parts of the advisory. Sigh. Oh, and things like Windows Update and lots of stuff on MSDN no longer works. Aargh.
The advisory also lists the workarounds as though you should do them all, even though they are redundant and conflicting, such as these (both of which breaks apps that use the Microsoft Java VM):
- Unregister the Javaprxy.dll COM Object
- Modify the Access Control List on Javaprxy.dll to be more restrictive
Sigh. Once again Microsoft is telling us that we have to break many of its IE apps and make its sites unusable in order to be protected against threats. Granted, this is a first reaction advisory, and hopefully a more satisfactory fix will be available soon. Too bad we won't be able to get it from Windows Update when it is available!
The solution is to fix IE. Hopefully the upcoming IE 7 will fix this kind of problem once and for all.
Update: Oops! And with security set to High I also cannot validate that my Windows is Genuine Microsoft Software when I download something from a Microsoft site. So, to validate Windows I have to lower my security settings. Now that makes a lot of sense! Not.
Update: Oh, never mind. It's all still broken, but at least I'm not frustrated about it any more! And my apologies to Issam Elbaytam for renaming him. Sheesh.
Unless you've been living under a rock--or maybe hate Microsoft and don't use its technologies (in which case, why are you reading this?)--you've no doubt been invited about a gajillion times in recent months to watch a Webcast focused on technologies that won't be available for months. Right, VS and SQL Server 2005.
Rant warning! Even a couple of naughty words thrown in!
Well, some of these Webcasts are quite good and are worth watching. The only beef I've had with content has been that the presenters usually spend way too much time on background material before getting to the meat of the topic. (I just looked at one set of PPT slides from such a webcast, and it took until slide 19 to get to the topic. Slides 5 through 18 were an agenda item called Review. C'mon guys, I can go back and watch the other Webcasts on the topic!) As a conference presenter, I know how hard this is to avoid, to make sure that the audience is good on the prerequisites. But more than a dozen slides in an hour-long presentation???
Anyway, that's not my beef. My real problem is that the whole Webcase infrastructure is seriously broken. For the last few days I've been trying to watch a Webcast, recorded a few weeks ago, about SQL Server 2005. For starters, as Issam has observed, downloading a Webcast is a ridiculous exercise in frustration, requiring all the steps needed to register for a live event.
People, I just want to download the damn thing. You want me to watch it. Require me to login with Passport if you must, but just give me a link to download it.
Okay, I want this Webcast bad enough to go through the hoops to register (and because I've been trying to do this for a couple of days, this is about the third time I've had to do all those clicks to run through the process). There are three big problems. The first is that when I finally jump through all the hoops, I get the page shown below. When I fill in the info (all I have to do is add my name; the other data is already there), there is an error on the page.
[SQLJunkies is having some kind of technical problems. I'll add the image later.]
When I click on the error icon in the lower left it shows this:
[SQLJunkies is having some kind of technical problems. I'll add the image later.]
A permissions problem????? YOU had me jump through the hoops! Why is there a permissions problem???
Second big problem is that this figures prominently in the course description (the green is even their color):
Register to view this on-demand webcast and download a .wmv of the webcast now. By registering, you will also receive a confirmation email the following day with a link to the PPT download.
Okay, so if it is available for download, why are you making me view the recording? Where is the link where I can download it? The download link in the top menu takes me to a Live Meeting download, which at this point I sure as hell don't want (and I already have the client installed).
Finally, at the bottom of most of the preliminary pages has a link that says Questions? Feedback? Use Webcast Contact Us. Clicking the link causes an HTTP 500 error, Internal server error. Aargh.
There have also been some “technical difficulties” that have affected the Webcasts. I was supposed to attend Event ID: 1032267317, Digital Blackbelt Series: Beating the Hacker: Don't Let Them Steal Your Code, on Friday but it was cancelled for some uncertain future date because of technical difficulties. This has become common. Live Meeting is clearly not ready for prime time. Why did they release it???
Apparently this weekend they are doing maintenance, Due to scheduled maintenance, the Live Meeting service is currently unavailable. But if that is the source of my problems, why not tell me rather than have me curse Microsoft???? Just put up a Down for Maintenance page and stop wasting my time!
Worst of all, this is the company so desperate to have us use their technologies, particularly for Web applications. Yet they are so aptly demonstrating that even they can't competantly put them to use. How the hell are we supposed to???
I just reverted my working machine's login to be a mere User, after adding myself to the Administrators group for a little while to do some maintenance. Among other things, I installed Webroot's Spy Sweeper, the latest adware prevention tool that seems to hold top honors with those who evaluate such products. (I use multiple such tools, but only one at a time for real time protection. Fights between adware protection software I don't need!)
After removing my Administrators membership I rebooted and was warmly greeted with this dialog:
My initial reaction was that, well, this is a system-level program that need to be pertty intimate with the system, so okay, this isn't so bad. But configure it “to run using the credentials of the local administrative account“? Do they mean RunAs? What am I as a typical user supposed to find in the Windows help system to do this?
But it gets worse. Clicking the Help button gives this information. Note the juicy tidbits that I've emphasized:
Understanding the Error about User Accounts
To access Spy Sweeper using Windows 2000 or XP, you must have Administrator privileges for the user account that you use to log in to your computer. If you do not have Administrator privileges, you will not be able to start Spy Sweeper.
If your user account does not have Administrator privileges, you will see the following error when you try to start Spy Sweeper.
To resolve the problem, contact your system administrator to see if your user account can have Administrator privileges.
I beg your pardon? To use your product that protects my system from adware you're telling me I have to make my system more susceptible to both adware attacks and many other attacks? Hell-LOOOOOO!
Spy Sweeper: Uninstalled.
There's a very nice article that went up on MSDN last month about security: Guidance on Patterns & Practices: Security by Keith Pleas. Several security-minded bloggers have written about it, so this hopefully is not news. But I'd like to share a few observations.
Keith is not a Microsoft employee, but he has been a contractor to them in various capacities for years, lately with the Patterns & Practices group that tells we who implement Microsoft technologies how to do things the best way, or at least the Microsoft way.
What I really found interesting in the article is not so much the technical information--it's a fairly high-level view--but the admission that Microsoft doesn't always release sample code that shows okay practices, much less best practices, for security. Keith talks about two specific examples, the widely discussed, used, and studied Duwamish Books and Fitch & Mather Stocks. At best, the two apps include some minor security comments in the docs that indicate that in a “real” application you surely wouldn't do such an unsafe, insecure implementation. But there are a lot of real world apps out there that do just that, either because they are extensions of one of the sample apps or because the samples were used for the basis for another app.
This is generally Good News. Even though a 'Softie didn't write it, Microsoft published it. One of the promises Microsoft has made for the 2005 edition of its development tools is to improve communications about secure practices, including how it does its sample apps. This is going to make it harder to set up the samples because you'll have a few security-related hoops to jump through; gone are the days of xcopy deployment to play with code.
The article is an interesting read as Keith puts the sample apps through a mini security review. While there isn't much depth there--the article would be many times longer if there were--it's a good exercise and a good warning about using Microsoft sample code blindly without carefully examining and analyzing it. (In fairness to the samples, some were written outside Microsoft and in more innocent times. But those are lame excuses in today's security environment, particularly some of the flaws were well-known when the samples were created or last updated. The company should pull them when they are discovered to have security flaws.)
Alas, appearance of this article doesn't mean that all is well with security in Microsoft-land. Keith's Patterns & Practices group just released their Enterprise Library 2005 with seven newly updated application blocks. The problem is that if you install it to the default location, under c:\Program Files, when you try to use them you get an error saying that you can't write to a file. (Thanks to Robert Hurlbut for first bringing this to my attention.) Which shows that the folks that developed EntLib aren't running with lesser privileges, and these tools didn't get a decent security review. Will Microsoft ever learn???? Or will they keep shipping software with these kinds of problems, even while preaching that the rest of the world use good security practices? Aargh!
Anyway, check out Keith's article. It's a worthwhile read.
I hate to do this, but until .Text and/or the 'Junkies folks do something to rein in comment spam, I've turned comments off. I love feedback from everyone and some great discussions, but dealing with spam just takes too much time.