So, what exactly happened Friday night?

This is an accurate representation of our kitchen area circa Saturday morning at about 10am. Anyone walking in and viewing this scene would probably wonder just what exactly transpired.

For the past week or so, my roommates and friends have been in exam mode. I’ve been spared the same indignity this fall, since I’m presently on co-op and resuming school in January next year. In any event, a decision was made to blow off some steam on Friday and purchase some Bacardi 151. This liquor’s claim to fame is its flammability, owing to its higher than average alcohol content.

The back label, as threatened:

“Inflammable means flammable? What a country!”

In the interest of not offering evidence to a future jury or prejudicing potential employers, we won’t go into any specific details here. 151 certainly puts everyone in an interesting mood though. I can’t say I personally had the nerve to try any – that will have to be next weekend.

Another common domestic picture results when people are in the vise grip of midterms – they often choose cheap fast food and leave it all around. This is the set of cardboard I took out to the recycle bin on Saturday morning:

I must admit if that pizza place was open right now I’d be over there to grab one. 🙂

Asus P5Q-E and Splashtop/Express Gate

This Friday I received a box with several new computer components from our supplier NXSource, the business end of NCIX. I’m currently in the process of performing several new system builds and overwhelmingly chose the Asus P5Q series, in both -VM and -E based configurations.

As per its extension, the P5Q-VM will be going in an office/lower end configuration with no need for a discrete graphics card. It’s replacing a Sempron 2400+ configuration; the MSI Socket 462 board blew two or three capacitors last week and there’s not really a point in finding a replacement motherboard now. The onboard video from the Intel chipset should be sufficient for its purpose in life, and the board has a DVI-D port unlike similar systems with integrated graphics.

Eventually the machine may be repurposed with media center-type functionality, so all it should need is a DVI to HDMI conversion cable to connect to a HDTV. I did slightly overspec the processor (a Core 2 Duo E7200 at 2.53GHz) so that it could run 720p video without issues; in general, at least a 2.4GHz dual core is the baseline for decent playback of most popular MKV’s.

One nice thing about the new Asus microATX configurations is that they include an x16 PCI-Express slot for potential future expansion, as well as four DDR2 SDRAM slots instead of just two. This makes the configuration incredibly useful in the future when it comes time for a RAM upgrade.

I’ve replaced the P5B Deluxe pictured above and taken the new P5Q-E for my main workstation. The new board is now essentially the same platform as the file/media server upstairs. I’d originally chosen the board for its three PCI-E x16 slots, which makes powering a video card and two PCI-E RAID addon boards a possibility. One feature that I’d neglected to investigate is the instant-on “Splashtop/Express Gate”, which is basically a stripped down version of Linux partially embedded on a flash chip on the board. I can see this feature being really useful, but it has a few drawbacks:

  • Installation is performed through Windows. You have to have a hard drive for the initial installation, which doesn’t really make sense when it comes to grabbing drivers or BIOS updates. Ideally, the motherboard utilities DVD would allow you to boot a read-only version or install the environment to a USB thumb drive. From there you could pull the latest BIOS, upgrade, and grab new drivers even before Windows enters the picture.
  • I’d like to see more motherboard utilities included in the package. A temperature gauge, overclock tweaking utility and network cable tester would all be excellent additions.
  • While on that subject, tools similar to SpeedFan, Orthos and Prime95 are sorely lacking.
  • Where’s the music support? You’ve initialized the sound card, now get to business with it. Embedded Linux with a jukebox – even XMMS – would be really neat.
  • Hard drives with NTFS show up in the Picture Browser, but there’s no way to even view their contents through the conventional USB drive explorer.
  • Also, give us a command line and non-gimped web browser! The lack of console support in an OS that’s so obviously Linux hurts me.

All in all, the features of the stripped-down distribution make me want to try out Ubuntu again outside of a VM.

Visual Studio 2005 SP1 on Windows 2003

I had some time last week to get to the root of a recent installation problem. On my work system running Server 2003, the installation package for Visual Studio 2005 SP1 would fail repeatedly. This was the case using either the Microsoft Update or standalone MSI download. Since service packs for Visual Studio are generally a Good Idea, this was a seriously annoying inconvenience – not the least of which was seeing the “one remaining update” icon in the system tray.

In any event, I managed to pick the correct answer out of the Web from Egghead Cafe, which pointed to KB925336 from Microsoft’s site. There are packages for Server 2003 in 32-bit, x64 and Itanium versions. Since I know a number of developers run the server OS (through MSDN usually), this seems to be a worthwhile fix.

Note that the package does require a reboot before Service Pack 1 will install properly.

Digg is full of vapid, listmongering idiots

This is an angry post written in uncov style. I may submit it over there if it’s sufficiently full of bile and vitriol.

Digg: the little news aggregator and home for moronic comments that could. I’m finally giving up on it, yet not for some presumed lack of Kevin Rose fanboy love. This particular train has fallen off the mountain and into a septic tank for people’s pet issues of the day. Issues generally include the legalization of pot, minor political scandals or community butthurt over restricted Ubuntu drivers.

All of these elements essentially distill YouTube with a focus on poor-ass headlines, misleading summaries, and a PageRank whoring link pointed to some Blogspot drivel that some high school kid thinks is hot crackers. Recently popular stories just parrot content produced by Gawker Media or Weblogs Inc. (an AOL production!) properties. As much as you may disagree with Denton’s practices, there’s a key difference: both of these companies pay people to write, and it’s certainly a different quality standard.

One of the best investments I’ve ever made with a half hour has been the Digg Stupidity Filter, which is basically an inbred regular expression that’s hosted on somebody else’s ~$13 per share server. Unfortunately, even this bastardized contraption is unable to cope with people that insist on pushing out “Top Three Hundred and Twelve+ Ways to Enable Beryl and Cry Yourself to Sleep” to the front page. Lists of absolutely stupid Firefox tweaks are the prime offenders here, but you might see similar content from Mashable!!!!omglolone authors. What ever happened to people reading informed reviews and opinions, instead of regurgitating bullet points? If I wanted that, I’d go sit through an executive slide deck – one created in PowerPoint and not Zoho Office.

The main problem I have with Digg is not the blind subservience to the brilliant economic policies of Ron Paul. It’s the encouragement of a brain-dead social networking community of conspiracy theorists, and the resulting mass media coverage only gives these halfwits some semblance of legitimacy. Deep down, every “power user” is really a 4chan bandwagoner whose love for cannabis knows no bounds. If you can’t be a real hacker, come to Digg where the next best thing is to be a script kiddie. You, too, can crack WEP with the assistance of Google Video.

Where were these idiots on the Internet before the advent of easily-accessible comment boxes? I mean, Geocities had its fair share of numptees back in the day, but I continue to be astonished at new lows of mouth-breathing twits. As the ease of vomiting into a <textarea> increases, it’s probably inevitable that we’ll see more and more loser-generated content. I just wish there was a production version of StupidFilter available that didn’t require tweaking makefiles. While I’m perfectly competent at compiling and running a C++ app, you won’t get major traction from the Rails evangelist crowd until you make a plugin.

Digg’s biggest problem, bar none, isn’t the roving masses of morons continuing to patronize its impeccably validated HTML. The Digg audience are dangerous because they’re just smart enough to use something like Firefox with AdBlock. They’re just trendy enough to try and run Linux, even if they don’t understand what the command GreyWizard54 posted actually does. So when you’re a Web2 company whose primary income is based on people clicking on ads, you can’t go with a conventional Microsoft package. The lucrative “text JOKE to 99999” ads festooning the borders of MySpace won’t work either. Digg is the perfect target market for mail-order Russian brides; it’s just too bad nobody there will ever see your wares.

UW and Rogers bring you weaksauce device pricing

UW’s CampusTechShop outlet has become an authorized Rogers Wireless dealer, and lately they’ve been trumpeting the $25 and $45 student packages. Every carrier in Canada has similar student deals to try and bump new subscribers and ARPU in the fourth quarter.

What I don’t understand is how such an outlet expects to attract new signups through this ridiculous device pricing. (Yes, these prices are on three year contracts.) I’m assuming this is what they’re charging without a data plan… that’s really the only way I think Rogers could justify selling a Pearl for $300.

  • Blackberry Pearl 8120 – $299.99
  • Blackberry Curve Red – $399.99
  • Blackberry Bold – $599.99

Yeah… no thanks. If this is their idea of a special promotional price worthy of an email blast, forget it.

Windows Live Messenger 9 beta on Server 2003

To install the final version of Windows Live Messenger 9 (14.0.8089.726) on Server 2003 and XP Pro 64-bit, please visit Steven’s instructions at pyro.eu.org/how-to/windows-live-messenger-2009-msi/. The instructions below are provided for historical curiosity only – they’re now out of date since Microsoft blocks this beta version of WLM from connecting.

There is no good reason this shouldn’t work out of the box, but I run 2K3 Server as my primary machine at work and can’t try out Microsoft’s fruity new Messenger app. The MSI is hardcoded to block server OSes, which is complete and utter shenanigans.

The instructions in this post from Techspot work well for Windows Live Messenger 8.5, but you’ll have to dredge through the comments to find a working version of WLM 9. Since it’s hosted on one of those free file sharing services, I figured I’d mirror the .msi and try and dredge up some search engine hits. I’ve scanned it with Symantec Endpoint Protection and it came up clean. Thanks to Quasim for the original file.

The installer should work on any ‘unsupported’ OS, such as XP x64, Server 2003 and Server 2008.

Download Windows Live Messenger 9 Beta – MSI

Force remove a message stuck in an Outlook outbox

I’m writing these instructions up for posterity, since this is now the second time this incident has happened and I wanted to preserve the instructions for the MDBVU32 tool. The first time, it was a bad read receipt causing an annoying popup for every sent message; an outstanding client can’t send or receive any messages. (Original instructions are at howto-outlook.com.)

This situation can occur on most versions of Outlook and requires a repair utility from Microsoft to fix. To avoid completely trashing the mailstore, grab a copy of MDBVU32 (the Microsoft Exchange Server Information Store Viewer) from Microsoft or from here.

Start the utility, then click OK to the first dialog. Then,

    • Click MDB > OpenMessageStore, select the item with the “D” next to it for the default PST file.
  • The message will be in either MDB > Open Root Folder or MDB > Open IPM Outbox.
  • Select the stuck message in the middle column and select lpMDB->AbortSubmit(), then Call Function.
  • Select OK, then log out by MDB > Store Logoff > OK > OK
  • Close the application by Session > Session Logoff, then close any remaining windows.

 Updated April 2014 to replace self-hosted link to tool.

ADODB for PHP and MySQL – a few ‘fun’ facts

I nearly burned up my entire afternoon today troubleshooting a few annoying inconveniences with the ADODB database layer, plus the design decisions of MySQL. Here’s what I’ve found out in a few ‘fun’ facts. This post is reasonably heavy on the technical content, so be warned.


You may be tempted to use the MySQL “REPLACE INTO” function for your own code. A sort of hybrid between INSERT or UPDATE operations, MySQL will seek the primary key in your query and check if it matches a database row. A match results in an UPDATE operation, while no match results in an INSERT query being run. Unfortunately, reading the documentation reveals an enraging drawback:

…except that if an old row in the table has the same value as a new row for a PRIMARY KEY or a UNIQUE index, the old row is deleted before the new row is inserted.

This is a poor showing from an optimization perspective, but consider a typical business application: we’re not going for any kind of ridiculous efficiency, and the overhead of a DELETE operation is minimal. The real gain achieved by going through a REPLACE statement is on the development side, where no longer are two code paths or separate queries required for add and edit operations.

Except this isn’t the case.

My specific condition was the standard implementation of a users table: a PRIMARY KEY with an auto-incrementing user identifier, username, a few other fields, and a password storage column. Unlike the chumps at MySpace, I don’t store passwords in reversible encryption/plaintext or make a habit of sending the field contents for account reset emails.

By default, an UPDATE operation only changes the requested fields in a table – so if I left out the password column, the contents would stay the same for that user. Yet somehow, even when I didn’t specify a password change for a user, their password field became blank.

Lo and behold: because of the ridiculous DELETE behaviour present behind the scenes in a REPLACE query, you lose all other contents of that row if you don’t store and specify their values again.

Strike one for REPLACE. The fact that silent data loss can occur is what I’d consider a severity one problem, and if you’re planning on using REPLACE in one of your own programs, ensure that you’ve retrieved all columns from that table first. Not only is it weak from a performance standpoint, but its ability to nuke perfectly legitimate hashed data makes it dangerous.


The second such entertaining point was what happened when I tried to use ADODB’s “AutoExecute” function. This method provides a database-agnostic call to run an insert or update statement based simply on a key/value array:

AutoExecute($table, $arrFields, $mode, $where=false, $forceUpdate=true,$magicq=false)

AutoExecute() inserts or updates $table given an array of $arrFields, where the keys are the field names and the array values are the field values to store. Note that there is some overhead because the table is first queried to extract key information before the SQL is generated. We generate an INSERT or UPDATE based on $mode (see below).

This seems like an incredibly lazy and awesome feature when you think about it: the advantages of the REPLACE INTO statement, with only one minor if/then code block based on insertion or update. However, in the infinite wisdom of ADODB, all strings end up being quoted automatically. This means that you can’t use CURRENT_TIMESTAMP to update columns, nor can you easily use DBTimeStamp since the result of that function has already been escaped. For some reason, ”2008-09-24 20:36” won’t parse inside SQL.

As a result, I’ve dropped back to writing my own parameterized queries for this application. This provides the sanitization features of escaping potentially malicious user input, while preserving the ability to run timestamp updates for rows.

Thoughts? How would you go about ensuring an optimal database interaction?

Rogers’ DNS shenanigans: screwing with VPNs (and alternate servers)

While it may seem like all I write about these days is Rogers, it’s really the only thing I’ve been dealing with on the service provider front. All my other corporate relations have been going well: I pay people money and they provide a service without bothering me unduly. (I must congratulate the wireless business for their 6GB data plan extension and forthcoming reasonably priced data packages, although one could make the case that Telus and Bell really forced them into it.) This time, it’s about the Internet side of the equation.

Beginning July 18th, Rogers began implementing a provider-wide SiteFinder-style service, where users are redirected to a “search” page with sponsored results for mistyped and nonexistent domains. On a technical level, I fundamentally disagree with this change: it breaks the concept of NXDOMAIN (a useful “domain does not exist” response) and makes things much more difficult to troubleshoot with respect to network architecture. The only reason I haven’t bitched and whined about this much earlier is that I’ve been using OpenDNS for completely unrelated reasons. It was only when my roommate Alex complained about VPN connectivity that I actually looked into the issue.

It turns out that Rogers’ marketing effort completely bricks internal domain resolution for a lot of common VPN clients, including the default Windows XP offering. So if your company, like many others, has internal domains such as corpweb.example.com, Rogers’ search will open up with the terms “corpweb example” at the minimum. This practice has data exposure implications: not only does Rogers now know about an internal domain you’re trying to access, but a third party provider like Yahoo now knows.

If you were an employee of a competing search engine and trying to VPN from home, Yahoo would now know something about your internal network structure; this is bad news all around. Hitting a favourite or quick launch link to corpweb.example.com/livelink/llsapi.exe?doc=Network_Security_Breach_Sept0408.doc would reveal the choice of LiveLink as a corporate CMS, a dependence on Microsoft Word and a document detailing a potentially classified incident.

OpenDNS isn’t any better by default, either. They redirect search results and mistyped domains, and in the process intercept VPN traffic. To get around this, you have to create an account and blacklist corporate VPN connections from “helpful results” on a per-domain basis. The solution also involves downloading and maintaining a dynamic IP address update client, or setting a Tomato-enabled router to perform the same task.

What I’ve done for now is listened to the accurate advice on trevoro.ca and changed my primary Rogers DNS server to an unadvertised IP address: altdns.rnc.net.cable.rogers.com, or 64.71.255.202. This server seems reasonably quick for name resolution and returns proper responses when a domain is not found, allowing VPN software to resolve internal addresses.