Visual Studio 2005 SP1 on Windows 2003

I had some time last week to get to the root of a recent installation problem. On my work system running Server 2003, the installation package for Visual Studio 2005 SP1 would fail repeatedly. This was the case using either the Microsoft Update or standalone MSI download. Since service packs for Visual Studio are generally a Good Idea, this was a seriously annoying inconvenience – not the least of which was seeing the “one remaining update” icon in the system tray.

In any event, I managed to pick the correct answer out of the Web from Egghead Cafe, which pointed to KB925336 from Microsoft’s site. There are packages for Server 2003 in 32-bit, x64 and Itanium versions. Since I know a number of developers run the server OS (through MSDN usually), this seems to be a worthwhile fix.

Note that the package does require a reboot before Service Pack 1 will install properly.

Digg is full of vapid, listmongering idiots

This is an angry post written in uncov style. I may submit it over there if it’s sufficiently full of bile and vitriol.

Digg: the little news aggregator and home for moronic comments that could. I’m finally giving up on it, yet not for some presumed lack of Kevin Rose fanboy love. This particular train has fallen off the mountain and into a septic tank for people’s pet issues of the day. Issues generally include the legalization of pot, minor political scandals or community butthurt over restricted Ubuntu drivers.

All of these elements essentially distill YouTube with a focus on poor-ass headlines, misleading summaries, and a PageRank whoring link pointed to some Blogspot drivel that some high school kid thinks is hot crackers. Recently popular stories just parrot content produced by Gawker Media or Weblogs Inc. (an AOL production!) properties. As much as you may disagree with Denton’s practices, there’s a key difference: both of these companies pay people to write, and it’s certainly a different quality standard.

One of the best investments I’ve ever made with a half hour has been the Digg Stupidity Filter, which is basically an inbred regular expression that’s hosted on somebody else’s ~$13 per share server. Unfortunately, even this bastardized contraption is unable to cope with people that insist on pushing out “Top Three Hundred and Twelve+ Ways to Enable Beryl and Cry Yourself to Sleep” to the front page. Lists of absolutely stupid Firefox tweaks are the prime offenders here, but you might see similar content from Mashable!!!!omglolone authors. What ever happened to people reading informed reviews and opinions, instead of regurgitating bullet points? If I wanted that, I’d go sit through an executive slide deck – one created in PowerPoint and not Zoho Office.

The main problem I have with Digg is not the blind subservience to the brilliant economic policies of Ron Paul. It’s the encouragement of a brain-dead social networking community of conspiracy theorists, and the resulting mass media coverage only gives these halfwits some semblance of legitimacy. Deep down, every “power user” is really a 4chan bandwagoner whose love for cannabis knows no bounds. If you can’t be a real hacker, come to Digg where the next best thing is to be a script kiddie. You, too, can crack WEP with the assistance of Google Video.

Where were these idiots on the Internet before the advent of easily-accessible comment boxes? I mean, Geocities had its fair share of numptees back in the day, but I continue to be astonished at new lows of mouth-breathing twits. As the ease of vomiting into a <textarea> increases, it’s probably inevitable that we’ll see more and more loser-generated content. I just wish there was a production version of StupidFilter available that didn’t require tweaking makefiles. While I’m perfectly competent at compiling and running a C++ app, you won’t get major traction from the Rails evangelist crowd until you make a plugin.

Digg’s biggest problem, bar none, isn’t the roving masses of morons continuing to patronize its impeccably validated HTML. The Digg audience are dangerous because they’re just smart enough to use something like Firefox with AdBlock. They’re just trendy enough to try and run Linux, even if they don’t understand what the command GreyWizard54 posted actually does. So when you’re a Web2 company whose primary income is based on people clicking on ads, you can’t go with a conventional Microsoft package. The lucrative “text JOKE to 99999” ads festooning the borders of MySpace won’t work either. Digg is the perfect target market for mail-order Russian brides; it’s just too bad nobody there will ever see your wares.

UW and Rogers bring you weaksauce device pricing

UW’s CampusTechShop outlet has become an authorized Rogers Wireless dealer, and lately they’ve been trumpeting the $25 and $45 student packages. Every carrier in Canada has similar student deals to try and bump new subscribers and ARPU in the fourth quarter.

What I don’t understand is how such an outlet expects to attract new signups through this ridiculous device pricing. (Yes, these prices are on three year contracts.) I’m assuming this is what they’re charging without a data plan… that’s really the only way I think Rogers could justify selling a Pearl for $300.

  • Blackberry Pearl 8120 – $299.99
  • Blackberry Curve Red – $399.99
  • Blackberry Bold – $599.99

Yeah… no thanks. If this is their idea of a special promotional price worthy of an email blast, forget it.

Windows Live Messenger 9 beta on Server 2003

To install the final version of Windows Live Messenger 9 (14.0.8089.726) on Server 2003 and XP Pro 64-bit, please visit Steven’s instructions at pyro.eu.org/how-to/windows-live-messenger-2009-msi/. The instructions below are provided for historical curiosity only – they’re now out of date since Microsoft blocks this beta version of WLM from connecting.

There is no good reason this shouldn’t work out of the box, but I run 2K3 Server as my primary machine at work and can’t try out Microsoft’s fruity new Messenger app. The MSI is hardcoded to block server OSes, which is complete and utter shenanigans.

The instructions in this post from Techspot work well for Windows Live Messenger 8.5, but you’ll have to dredge through the comments to find a working version of WLM 9. Since it’s hosted on one of those free file sharing services, I figured I’d mirror the .msi and try and dredge up some search engine hits. I’ve scanned it with Symantec Endpoint Protection and it came up clean. Thanks to Quasim for the original file.

The installer should work on any ‘unsupported’ OS, such as XP x64, Server 2003 and Server 2008.

Download Windows Live Messenger 9 Beta – MSI

Force remove a message stuck in an Outlook outbox

I’m writing these instructions up for posterity, since this is now the second time this incident has happened and I wanted to preserve the instructions for the MDBVU32 tool. The first time, it was a bad read receipt causing an annoying popup for every sent message; an outstanding client can’t send or receive any messages. (Original instructions are at howto-outlook.com.)

This situation can occur on most versions of Outlook and requires a repair utility from Microsoft to fix. To avoid completely trashing the mailstore, grab a copy of MDBVU32 (the Microsoft Exchange Server Information Store Viewer) from Microsoft or from here.

Start the utility, then click OK to the first dialog. Then,

    • Click MDB > OpenMessageStore, select the item with the “D” next to it for the default PST file.
  • The message will be in either MDB > Open Root Folder or MDB > Open IPM Outbox.
  • Select the stuck message in the middle column and select lpMDB->AbortSubmit(), then Call Function.
  • Select OK, then log out by MDB > Store Logoff > OK > OK
  • Close the application by Session > Session Logoff, then close any remaining windows.

 Updated April 2014 to replace self-hosted link to tool.

ADODB for PHP and MySQL – a few ‘fun’ facts

I nearly burned up my entire afternoon today troubleshooting a few annoying inconveniences with the ADODB database layer, plus the design decisions of MySQL. Here’s what I’ve found out in a few ‘fun’ facts. This post is reasonably heavy on the technical content, so be warned.


You may be tempted to use the MySQL “REPLACE INTO” function for your own code. A sort of hybrid between INSERT or UPDATE operations, MySQL will seek the primary key in your query and check if it matches a database row. A match results in an UPDATE operation, while no match results in an INSERT query being run. Unfortunately, reading the documentation reveals an enraging drawback:

…except that if an old row in the table has the same value as a new row for a PRIMARY KEY or a UNIQUE index, the old row is deleted before the new row is inserted.

This is a poor showing from an optimization perspective, but consider a typical business application: we’re not going for any kind of ridiculous efficiency, and the overhead of a DELETE operation is minimal. The real gain achieved by going through a REPLACE statement is on the development side, where no longer are two code paths or separate queries required for add and edit operations.

Except this isn’t the case.

My specific condition was the standard implementation of a users table: a PRIMARY KEY with an auto-incrementing user identifier, username, a few other fields, and a password storage column. Unlike the chumps at MySpace, I don’t store passwords in reversible encryption/plaintext or make a habit of sending the field contents for account reset emails.

By default, an UPDATE operation only changes the requested fields in a table – so if I left out the password column, the contents would stay the same for that user. Yet somehow, even when I didn’t specify a password change for a user, their password field became blank.

Lo and behold: because of the ridiculous DELETE behaviour present behind the scenes in a REPLACE query, you lose all other contents of that row if you don’t store and specify their values again.

Strike one for REPLACE. The fact that silent data loss can occur is what I’d consider a severity one problem, and if you’re planning on using REPLACE in one of your own programs, ensure that you’ve retrieved all columns from that table first. Not only is it weak from a performance standpoint, but its ability to nuke perfectly legitimate hashed data makes it dangerous.


The second such entertaining point was what happened when I tried to use ADODB’s “AutoExecute” function. This method provides a database-agnostic call to run an insert or update statement based simply on a key/value array:

AutoExecute($table, $arrFields, $mode, $where=false, $forceUpdate=true,$magicq=false)

AutoExecute() inserts or updates $table given an array of $arrFields, where the keys are the field names and the array values are the field values to store. Note that there is some overhead because the table is first queried to extract key information before the SQL is generated. We generate an INSERT or UPDATE based on $mode (see below).

This seems like an incredibly lazy and awesome feature when you think about it: the advantages of the REPLACE INTO statement, with only one minor if/then code block based on insertion or update. However, in the infinite wisdom of ADODB, all strings end up being quoted automatically. This means that you can’t use CURRENT_TIMESTAMP to update columns, nor can you easily use DBTimeStamp since the result of that function has already been escaped. For some reason, ”2008-09-24 20:36” won’t parse inside SQL.

As a result, I’ve dropped back to writing my own parameterized queries for this application. This provides the sanitization features of escaping potentially malicious user input, while preserving the ability to run timestamp updates for rows.

Thoughts? How would you go about ensuring an optimal database interaction?

Rogers’ DNS shenanigans: screwing with VPNs (and alternate servers)

While it may seem like all I write about these days is Rogers, it’s really the only thing I’ve been dealing with on the service provider front. All my other corporate relations have been going well: I pay people money and they provide a service without bothering me unduly. (I must congratulate the wireless business for their 6GB data plan extension and forthcoming reasonably priced data packages, although one could make the case that Telus and Bell really forced them into it.) This time, it’s about the Internet side of the equation.

Beginning July 18th, Rogers began implementing a provider-wide SiteFinder-style service, where users are redirected to a “search” page with sponsored results for mistyped and nonexistent domains. On a technical level, I fundamentally disagree with this change: it breaks the concept of NXDOMAIN (a useful “domain does not exist” response) and makes things much more difficult to troubleshoot with respect to network architecture. The only reason I haven’t bitched and whined about this much earlier is that I’ve been using OpenDNS for completely unrelated reasons. It was only when my roommate Alex complained about VPN connectivity that I actually looked into the issue.

It turns out that Rogers’ marketing effort completely bricks internal domain resolution for a lot of common VPN clients, including the default Windows XP offering. So if your company, like many others, has internal domains such as corpweb.example.com, Rogers’ search will open up with the terms “corpweb example” at the minimum. This practice has data exposure implications: not only does Rogers now know about an internal domain you’re trying to access, but a third party provider like Yahoo now knows.

If you were an employee of a competing search engine and trying to VPN from home, Yahoo would now know something about your internal network structure; this is bad news all around. Hitting a favourite or quick launch link to corpweb.example.com/livelink/llsapi.exe?doc=Network_Security_Breach_Sept0408.doc would reveal the choice of LiveLink as a corporate CMS, a dependence on Microsoft Word and a document detailing a potentially classified incident.

OpenDNS isn’t any better by default, either. They redirect search results and mistyped domains, and in the process intercept VPN traffic. To get around this, you have to create an account and blacklist corporate VPN connections from “helpful results” on a per-domain basis. The solution also involves downloading and maintaining a dynamic IP address update client, or setting a Tomato-enabled router to perform the same task.

What I’ve done for now is listened to the accurate advice on trevoro.ca and changed my primary Rogers DNS server to an unadvertised IP address: altdns.rnc.net.cable.rogers.com, or 64.71.255.202. This server seems reasonably quick for name resolution and returns proper responses when a domain is not found, allowing VPN software to resolve internal addresses.

Rogers 6GB data plan extended to September 30th

As per CNet News.com:

Canadian cell phone carrier Rogers Communications is extending its iPhone data plan promotion another month, as it tries to figure out how best to price data plans for smartphone users, CBC reported Thursday.

[…]

A Rogers representative the company told the CBC the offer is being extending through September to allow buyers of the new BlackBerry Bold to take advantage of it. The Bold was introduced only week ago.

What’s interesting is the new data packages scheduled to be offered after this date: a $25/500MB and $30/1GB plan should show up sometime in October. I know at least one friend doesn’t want the $30 hit per month for his BlackBerry, so he sticks with the $15 email-only package. $5 can actually make the world of difference to some price-sensitive customers, especially the student audience being targeted in the coming months. Going down to an admittedly quite reasonable $25 plan might convince more people to pick up these devices. There will also be more plans available: $60/3GB and $80/8GB, along with a low-end $15/2MB offering to fool the really cheap customers into overages. 😉

Additionally, even the lowest tier Rogers voice package ($20) paired with a $25 data plan would push ARPU to the magical $45/month required by business decisions and most data device hardware upgrades.

Of course, our voice plans are still gimped compared to the States, but colour me slightly more impressed.

Rrrrroundup of school, work and hardware upgrades

And here’s the wrapup.

  • Spring 2008 term has officially ended. For the past few days I’ve been trying to relax; as opposed to creating content for the Web, there’s been a lot of Halo 3 and other video games going on.
  • I start again at RIM on September 2nd. Things haven’t changed much from when I was there last, which should make for a smooth transition.
  • Hardware upgraded to a BlackBerry Bold as I’m a consumer whore with company loyalty. The screen is really sharp and the new processor gives a really responsive UI. The iPhone 3G was admittedly an attractive option but had two major buzzkills: no physical keyboard, and gimped push email. I had to trade my weaselled retentions plan in for something a bit more conventional, but I’ve now got a monthly plan encompassing some text messaging capabilities.
  • Warren also purchased me an Invisible Shield for the device. I highly recommend this product. Resale value will be much higher and any new iPods will definitely get one of these.
  • It’s move-in time for our neighbours, which means the landlord feels the need to test out his new bowling ball by dropping it down next door’s flight of stairs repeatedly. (In all reality, he’s probably using a hammer on something, but it sounds suspiciously like my initial description.) I’m hoping that this term, there’ll be some attractive girls in the same complex – but that’s probably a long shot. 😉

Synergy and my new setup

Here’s what my workstation setup now looks like after just under four months in the new place.

To manage my systems, I’m using a utility called Synergy with an OS X extension called SynergyKM. The MacBook Pro acts as the server: the display on the left is hooked up to the DVI port on the laptop, and the display on the right is connected to my Vista box.

When I mouse to the right side of the left monitor, the keyboard and mouse focus changes to the PC. (Synergy is running as a client under Vista.)

Finally, here’s a shot of my main PC workstation in its current opened state: