SQL Server 2008: Self-Destructing Databases

Using SQL Server 2008?  There’s a little something you should know about to avoid losing data.  Earlier, I wrote:

Certain previously-innocent actions create new (often empty) database files, without warning, and (by default) in the Program Files folder.  If you lose these files, your database goes straight to the bit bucket.  So, if you attach your 15GB database by copying the .MDF and .LDF files, enable full-text indexing, detach your database, and take your 15GB home with you, you’re now the proud owner of 15 GB of uselessness.  Your database is gone forever because you didn’t also grab that 2 KB file SQL Server generated automatically and placed in your Program Files folder.  Whoops.

Well, here’s a bit more detail.

When working with databases in SQL Server 2008, it’s very easy to unknowingly create additional database files.  A great example of this is working with full-text indexing.  In SQL Server 2005, full-text indexes were saved outside of the standard database files, in a separate directory.  Losing this directory wasn’t too big a deal, because re-indexing a database is usually a trivial process.  Even if the full-text files were lost, it was easy to restore or attach the database itself and then recreate the full-text index.

In SQL Server 2008, full-text indexes are now stored in the database itself.  This is a great improvement for managing databases; it means the full-text index is part of the actual database itself, and is included in backups.  Wonderful!  The only problem is that the index is actually placed in a separate data file.  SQL Server experts fully understand that one SQL Server database can contain several database files; there are lots of great reasons for doing this.  In fact, putting the full-text data in a separate file is probably a good architectural decision.  But people working with more simple SQL Server deployments might not realize this.  To these people, a SQL Server database consists of an .MDF file (the data), an .LDF file (the log), and perhaps an extra folder of full-text data.  The only file that was really needed to save or copy the database was the .MDF file; the log and full-text index could easily be recreated.  Now, though, the database file containing the full-text index will be in a separate .NDF file, placed by default in the Program Files folder, and the primary .MDF file is entirely useless without this new .NDF file.

So, what’s the point of all this?  Know the following:

  • Before copying a SQL Server 2008 database’s files, make sure you know exactly which files are used to store the database, and make sure you copy all of them.
  • Making an SQL Server backup, copying the backup file, and restoring from this backup is a much safer way of saving and moving databases.
  • Now, more than ever, it’s important to specify locations for all database files.  Program Files is not a good place to be saving data.

Overall, this is a good change, but you really have to know what’s going on.  There’s nothing complicated here, but if you’re not aware of these changes, they can easily catch you by surprise.

Internet Explorer: Why It Crashes And How To Fix It

Ah, Internet Explorer… the browser everyone loves to hate but can’t live without.

Why the hatred?  Well, it’s by Microsoft.  That alone is enough for some people.  It’s slow.  Not that it’s really that bad, it’s just that pretty much every other browser out there is faster.  It’s a pain in the ass to develop for: IE6, IE7, IE8, Quirks Mode, IE7 Standards Mode, IE8 Standards Mode, Compatibility View… I’m a developer, and I can’t even keep track of all the different modes IE renders in.  And of course, none of them are exactly right.

But it does have a few things going for it.  Amazingly, it’s probably the most secure browser out there right now – not because it was developed particularly well, but because after years upon years of bugs and security flaws, most problems have been found and fixed.  It has all the features a reasonable person would use, and (starting with IE8), has a great set of developer tools as well, nicely tucked away until you need them.  Oh… and it’s installed on every damn Windows PC on the planet.  That also helps.

So if it’s so well-tested and secure, why the inevitable crashes?  Simple: third party code.  Say what you will about Microsoft, but Microsoft code is a hell of a lot better than random third party code.  Microsoft has a vested interest in making their code rock-solid: they want it to work.  When it doesn’t, people get pissed off and go buy Macs.  Third party developers don’t have quite the same incentive: when third party code crashes, people usually still blame Microsoft, especially when it’s not obvious that third party code is running.

Want proof?  Read this entry on the IE team’s blog.  The key piece of information is that pretty graph.  The blue bars represent crashes caused by third party code – ActiveX controls, toolbars, and other plug-ins.  The red bars represent crashes IE is responsible for.  A mere 17 bugs are responsible for half of all IE crashes.  The top four, and 12 of the top 17, are caused by third party code.  Microsoft itself is only responsible for about 20% of these crashes.

While Microsoft can’t say this outright, there are plenty of clues pointing to the biggest culprits here: Adobe Flash and Adobe Reader.  These are two of the most common plug-ins out there, and they’re horribly written: just have a look at how much memory and CPU these programs use to perform relatively simple operations.  Flash, particularly, is absolutely fucking ridiculous for this.  There’s also an endless stream of security vulnerabilities caused by these plug-ins.  As I write this, there’s yet another flaw in Adobe Reader that allows a your system to become infected with a virus simply by opening a PDF file (or clicking on a PDF link) – and yes, viruses exploiting this are spreading like Australian wildfire.  Adobe won’t have a patch out for weeks at the earliest, despite this guy publishing his own patch without even having access to the source code.

So, next time IE crashes, don’t blame Microsoft.  Blame Adobe.  Want to fix it?  Here are some good starting points:

  • Use Foxit Reader instead of Adobe Reader.  It’s faster, it’s smaller, it’s probably more secure (or at least less targeted), and it doesn’t crash IE. Kill Adobe Reader.
  • Avoid Flash if at all possible.  Or, keep IE ‘clean’ and use Firefox for websites that require Flash.
  • Keep your computer up to date.  Seems obvious, but so many people don’t do this, even those who know they should.  Run IE7 and check Windows Update.  When IE8 is out, get it.  Run the latest service pack for your OS.
  • Uninstall or disable as many plug-ins as possible – preferably all of them.  Under later versions of IE, you can do this under Tools, Manage Add-ons.  Look on your Start menu for “Internet Explorer (No Add-ons)”.
  • Running Windows 7?  Keep in mind you’re running a beta version of IE on top of a beta version of Windows.  Crashes come with the territory.  That said, Microsoft just released some updates that take care of quite a few problems; make sure you have these installed.

Hopefully this helps.

Google Chrome on Windows 7

Google Chrome is the Notepad of browsers.  It lacks even the most basic features available on all other modern browsers.  There’s no support for RSS, bookmark and history features are rudimentary at best, and there are very few options to configure.  There is no way of managing third party add-ins.  It’s not even possible to disable JavaScript.

But sometimes, simplicity is exactly what you want.  There’s no denying that Google Chrome is beautiful, and it’s fast, too.  It’s full of nice touches, like the ability to drag tabs into new windows and a status bar that gets out of your way when it’s not needed.  All style, little substance, and great attention to detail: if only it were grossly overpriced, I’d swear it was an Apple product.

I really don’t recommend Chrome for most people: there are just too many problems and shortcomings.  It feels like a proof of concept, not an finished product.  Overall market share would seem to agree with me.  But for those who have been won over by Google’s elegant design, or for those who like to run a variety of browsers, you’re going to get a nasty little surprise when you try Chrome on Windows 7:

image

The Program Compatibility Assistant does a very good job of warning users when there is a problem.  When is says “This program has known compatibility issues”, it’s a good idea to listen.  Sometimes the problems are minor and easily ignored.  Sometimes the problems will destroy your system.  But the problems are always there.

In this case, nothing will break your system.  But Chrome won’t work.  Instead, it displays a snarky “Aw, Snap!” error message when you try to browse to a site and notes that “Something went wrong while displaying this webpage.”  If you massage it a bit, you can get other types of errors and crashes, but it still won’t work.

image

Now, I know Google likes simplicity, but when things go sour, simplicity is a horrible idea.  Not only does Google Chrome fuck up, but it doesn't even have the courtesy to explain what happened.  If you loan a friend your car for the weekend, you want him to take care of all the little details for you.  You don’t need to hear about exactly what routes he drove, where he bought gas, and so on.  But if he returns your car as a mangled heap of steel and blood, you damn well want a bit more of an explanation than “Something went wrong” and a cutesy sad face.

I have plenty more I could rant about, but perhaps for now I’ll just shut the hell up and tell you how to fix this.  It’s simple, really: you just have to run chrome.exe like this:

chrome.exe -in-process-plugins

Note that the only space is before the first hyphen; this is one argument, not three.  I’m assuming this argument tells Chrome to run plug-ins – such as Adobe Flash – in the same process as the browser.  This is not a great design as far as security is concerned, so hopefully Google will fix this soon.

This helps on the command line, but to actually make Chrome work when you start it normally, you’ll have to change the properties of its shortcut.  Right click on the Google Chrome link on your desktop or Start menu and click Properties.  For the taskbar shortcut, right-clicking opens a jump list; just right-click on the Google Chrome link in that jump list to find your Properties option.  Then, add “ -in-process-plugins” to the end of the text in the Target textbox.  You’ll have to do this for each shortcut.

When you run Chrome, you’ll still get the compatibility warning.  In fact, you’ll get the warning each time you open a new tab in Chrome.  To get rid of this warning, just check the “Don’t show this message again” checkbox and click “Run Program”.

If you want Chrome to work as your default browser, you have even more work to do.  It looks like some people have had limited success by following the instructions at http://www.sevenforums.com/software/930-chrome-chromium-windows-7-64bit.html, but not without problems.  Also, Google Chrome installs on a per-user basis, and this is a per-machine fix, so if you use multiple profiles, things will get messy.  Really, I strongly recommend against using Chrome as your default browser.

You might also have trouble getting Flash to work.  If so, browse to http://get.adobe.com/flashplayer/ and follow the instructions there.  The installation is a bit wonky; you may have better luck you if save the Flash setup file, close Chrome, and then run the setup file you just downloaded.

Or, you could ignore all this bullshit and just click Internet Explorer.

Num Lock on at Boot

“Who the hell cares about Num Lock being enabled by default?”  That was my first thought when I was first asked to make this happen. I mean, seriously, who cares, right?

Well, I work with a lot of accountants, and guess what, they do. I had never really thought this was an issue, but with the number pad for accountants being the equivalent of Burger King to a Sumo wrestler, it matters.

A lot of people out there seem to think that they have this already figured out. A lot of people are already screaming – it’s a BIOS setting…It’s a BIOS setting…It’s a BIOS setting….FUCK.. I hear you all already, but it’s not just the BIOS.  There is a little more to it than that.

In fact, you’ll notice on computer where the BIOS setting is enabled, that the Num Lock Key actually stays on right up until the point where Windows takes over. Then it will flash a couple of times, and Poof…it’s gone.

The following tutorial will show you how to change that default behaviour in the windows registry and you will be fast on your way to have your very own auto-enabled Num Lock ….whooo..wow….

The following fix involves modifying the windows registry, so the usual advice about backing up your registry applies. IF you don’t know how to modify the registry, maybe ask a buddy to do the following for you as you could end up with more than just a Num Lock key not working if you mess up. But, that being said, this registry entry is a snap and I am sure that with a little confidence you will have this finished in no time at all.

Your first step involves opening up the Windows registry.

Simply push the Windows key and R at the same time, and type the word regedit in the box. This will start up the windows registry editor.

Then migrate to the HKEY_USERS\.DEFAULT\Control Panel\Keyboard\InitialKeyboardIndicators key, right click on it and select “modify”.

Finally, change the value from 0 to 2 and voila, you are done. Close the key, and the registry and reboot to check it out.

Now, I know some of you don’t like registry changes, so there is an alternate way to do this through scripting.

set up a script by using notepad with the following, name it “numlock.vbs” and save it into your startup file.

set WshShell = CreateObject("WScript.Shell")
WshShell.SendKeys "{NUMLOCK}"

All of the above works on Windows 2000/XP/2003 but is untested in Windows Vista and will not work in Windows 7 – Windows 7 must be configured with the same settings, but under the HKEY Current Users key. .

Enjoy!

SQL Server 2008: Betrayal and Broken Dreams

I was excited when SQL Server 2008 first came out.  A new version!  While it didn’t promise to change the world (“New Form Of Energy” marketing campaign aside), it did offer a few significant upgrades:

  • Compression, for tables, indexes, and backups, is available.  No more zipping backups!
  • New Spatial data types. No more weird math converting latitude and longitude to distances!
  • Full text indexes are (finally) saved in database files.  That means they’ll be included in backups, and moving databases should be much easier: no more rebuilding full text indexes all the time!
  • New FILESTREAM data type.  Store large binary streams in the file system, but let SQL Server manage it.  Finally, using SQL Server as a storage engine for serious content is feasible.  This is basically the best of both words… almost a developers-only version of WinFS.
  • XML Improvements.  If you work with XML columns, there’s some candy here for you.
  • Reporting Services can export to Word files.  Finally!  I’ll avoid the obvious criticism that this should have been there from day one and just be grateful we have it now.  Exporting to Excel is better, too.
  • Reporting Services no longer requires IIS.  Thank God!  But you can still do it this way if you want.
  • Evolutionary improvements to all the management and development tools.
  • Another few dozen bullet points that I’m sure matter to some people.  But Partition Aligned Indexed Views just don’t make me hard these days.

So, we should be happy, right?  New toys to play with, improvements right across the board, and all that?

HELL, NO.

There are at least three huge problems with this new release.  Each one of them has fucked me over good and hard when I least expected it.  If you can get around these problems, it’s a great release.  Don’t get me wrong: I’m not saying it’s all bad.  I’m not saying you should run from it like Yersinia pestis.  I’m not saying I’d rather fondle stinky hooker feet all night than wrestle with this piece of shit for just one more hour.  And I’m sure as hell not saying any competing product is better.  It’s a definite step forward.  But why, oh, why, Microsoft, must you bust my balls so?  I just wanted to love you!

I have too much hatred for one entry.  I must pace myself, and let my rage out over several days.  Only this manner will I truly be at peace.  So for now, know the unholy triad of monstrosities lurking in this delightful new offering by gist alone:

  1. Installation is a horror of over-engineering, redundancy (the bad kind), and practical humour.  Allocate 6-8 hours.  And pray to Zeus you have a fast Internet connection, because you’re gonna need it!
  2. SQL Server 2008 is completely backwards-incompatible with SQL Server 2005.  You can move up, but not down.  Moving a database from SQL2008 to SQL2005 is impossible.  There is no way to accomplish this task; you must rebuild your database.  Attaching your SQL2005 database to SQL2008 will bork it instantly and without warning.  If you have SQL Server 2008, and your client has SQL Server 2005, you might as well be running MySQL.
  3. Certain previously-innocent actions create new (often empty) database files, without warning, and (by default) in the Program Files folder.  If you lose these files, your database goes straight to the bit bucket.  So, if you attach your 15GB database by copying the .MDF and .LDF files, enable full-text indexing, detach your database, and take your 15GB home with you, you’re now the proud owner of 15 GB of uselessness.  Your database is gone forever because you didn’t also grab that 2 KB file SQL Server generated automatically and placed in your Program Files folder.  Whoops.

I’ll have more to say about these three issues later, including the best ways to work around them.  So long as you know what you’re getting into, nothing here is all that bad.  But please, Microsoft, don’t ever, ever do this again.  Neither my heart nor my balls could take it.

WCF: Using IIS and Windows Authentication to Secure WCF Services

If you try to get Windows Authentication working in IIS for a WCF service (including the one I showed you earlier), you may get the following error:

Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.

The problem here is that IIS and WCF are fighting over security. You’ve told IIS to prevent Anonymous access and use Windows Authentication instead. WCF, however, knows nothing about this. The answer is simple. Change your web.config file like so:

<?xml version="1.0"?> 
<configuration> 
 
  <system.serviceModel> 
    <services> 
      <service behaviorConfiguration="basicBehavior" name="WCFTest.Test"> 
        <endpoint address="" binding="basicHttpBinding" contract="WCFTest.Test" bindingConfiguration="basicBinding" /> 
        <endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="basicBinding" /> 
      </service> 
    </services> 
    <behaviors> 
      <serviceBehaviors> 
        <behavior name="basicBehavior"> 
          <serviceMetadata httpGetEnabled="true" /> 
        </behavior> 
      </serviceBehaviors> 
    </behaviors> 
    <bindings> 
      <basicHttpBinding> 
        <binding name="basicBinding"> 
          <security mode="TransportCredentialOnly"> 
            <transport clientCredentialType="Windows"/> 
          </security> 
        </binding> 
      </basicHttpBinding> 
    </bindings> 

  </system.serviceModel> 

The key change here is a new binding configuration called basicBinding. Have a look at the <security> and <transport> nodes. These tell WCF that security will be handled by the transport layer, that only credentials will be confirmed, and that it should quit worrying and get back to work.

Tech Trends..Sony's New Box....

I don't usually bother embedding videos like this, but this one had me rolling on the floor laughing!

What did it do?

The registry – that dumping ground for Windows software developers and the nesting grounds of so many malware packages out there. At times, it may seem hopelessly cluttered and virtually unintelligible, especially if you are trying to actually figure out what has gone wrong deep within and why your production server refuses to boot after uninstalling AVG or some other equally well-written software package.

But don’t despair, in server 2008, troubleshooting the registry is actually fairly simple – especially if you have performed due diligence and exported the registry file before the change.  In fact, it is very easy to compare two registry files and visually see the changes that have been made using the venerable File Comparison Tool (fc.exe).

This is especially handy in test environments where you may have several VMs set up with the identical copies of Server 2008 and want to see the effects of several different versions of a software package under review.

Let’s take a look at how to use this tool….

So, the first step is to export the unaltered registry. There are several ways this can be accomplished, but the hands-down fastest way of dumping this to a file is to do it from the command line.  It isn’t strictly necessary to run with elevated privileges to perform this, but I find that often this prevents a lot of unpredictable results, so I have made it a bit of a habit.

Here’s the command:  regedit /e <path with file name> 

For instance, if you want to create a file called  pre-shitty-av-install.reg on your C: drive your command would look like this:

 regedit /e C:\pre-shitty-av-install.reg 

Now go ahead and install or make the changes to the system that you are curious about and immediately afterward export the registry in the same fashion as above with your new file name.  For example:

regedit /e C:\post-shitty-av-install.reg  

Now, simply run the File Comparison Tool (fc.exe) and pipe the output to a text file for easy reading.  The command that we would use is

fc /u pre-shitty-av-install.reg post-shitty-av-install.reg > changes.txt 

Simply open the file in notepad, and you will see exactly what changes were made in the registry and how they might be affecting your Windows Server 2008 box.  Easy, simple and extremely useful….enjoy!

WCF: Calling a Basic WCF Service

So, you’ve build a WCF service and you’ve hosted it in IIS. Now you want to access this service. How? We’ll, we’re back to things being easy!

Using Visual Studio 2008, just go to Project, Add Service Reference. Type of URL of the service you built and choose a name for your new reference:

image

Once you click OK, you’ll be able to use your service just as though it was a class in your project:

Dim wcfTest As New svcTest.TestClient
Dim sTime As String = wcfTest.GetLocalTime(True)

If you’re still using .NET 2.0, you can also add a Web Service Reference, and consume your WCF service just as though it were a traditional ASP.NET Web Service using the ?wsdl metadata that’s generated.

As you can see, WCF Services are very easy to build and use. Configuring them takes a bit of learning, but the beauty of WCF is that you can write your service in one place, consume your service somewhere else, write code as though everything was happening in one program, and then use configuration files to connect them however you need.

Yes, it’s new. No, it’s not perfect. But it is very much a step in the right direction.

The Time is 1234567890

Millions of computers around the world know this instant as 1234567890.

Unix-based systems store time as the number of seconds elapsed since January 1, 1970.  This is called the Unix Epoch Date.  Do the math, and at 23:31:30 UTC today that works out to 1,234,567,890 seconds.  Pretty neat!

Of course, there’s danger lurking here: generally, we use 32-bit signed integers to store the number of seconds.  A 32-bit signed integer can only store numbers up to 2,147,483,647 or so.  Do the math again, and you’ll arrive at another neat date: January 19, 2038.  On this day, shortly after 3:14 AM UTC (conspiracy theorists take note: why is this Pi?), the world ends.  Planes drop from the sky, bank machines spit out cash non-stop, and nuclear bombs detonate, just like they did at midnight on January 1st, 2000.  Awesome!

January 1, 1970 isn’t just the Epoch Date for UNIX.  A few other trivial systems use this date, as well.  You may have heard of some of them:

  • Linux
  • Mac OS X
  • Java / JavaScript
  • PHP

Man, oh man, will that a good day to be a Windows guy.  Of course, exactly ten years later DOS, FAT16, FAT32, and OS/2 all explode.  Hopefully by then we’ll all be using managed code: .NET bases dates around January 1, 1.  That’s 1 AD.  Presumably, they have this 32-bit unsigned integer problem sorted out.

WCF: Hosting a Basic WCF Service in IIS

Okay, so you’ve made a wonderful WCF Service. It tells the time and everything! But how do you use it? Well, that’s where things get a bit complicated.

There are many ways you can host this service, and many ways clients can access it. You can host the service in a stand-alone application, or in a Windows Service you’ve written. You can use something called Windows Process Activation Service. Or, you can use good old IIS. Using IIS has a few nice advantages: you get to use all the power and configuration of IIS, it’s easy for people to understand what’s happening, even if they don’t know WCF, and it’s easy for other applications to use the service – even if they’re not built with .NET.

You also have to choose a binding. A binding is essentially a means of communication, and there are many to choose from. You can choose HTTP (in many flavours), TCP, named pipes, MSMQ, and so on. We’re going to look at basicHttpBinding, which is nice and simple to work with and highly compatible.

So, if we’re hosting in IIS, we clearly need a virtual application folder in which to run our service. Let’s call this web WCFTest. Then, use IIS Manager to allow anonymous authentication so we don’t have to worry about security concerns for the time being.

We’ll need to add three files to our web. First, we need the assembly containing the service you wrote. I’ll assume you created the service I showed you last time, and you put it in a class library (DLL project) called WCFTest. When you compiled that project, you made a file called WCFTest.dll. Create a folder called ‘bin’ in your web, and copy this file there.

Second, we need to add a .svc file to the web. This file represents the address that clients will use to access the service, and it tells IIS where to find the service to use. Let’s call this file Test.svc. It needs to contain the following:

<%@ ServiceHost Service="WCFTest.Test" %>
ServiceHost tells the server that this URL represents a WCF Service. Service="WCFTest.Test" tells the server what class to use to run the service. Because we put our .dll file in the /bin folder, the server will automatically find the class and be able to use it. There are other ways of organizing this, but this is perhaps the simplest to understand.

Finally, we need a web.config file placed in the web’s root to tell the server how to configure the service. Here’s what you need:

<?xml version="1.0"?> 
<configuration> 
 
  <system.serviceModel> 
    <services> 
      <service  name="WCFTest.Test"> 
        <endpoint address="" binding="basicHttpBinding" contract="WCFTest.Test" /> 
      </service> 
    </services> 
  </system.serviceModel> 
</configuration>

You can see that we’ve configured one service, called WCFTest.Test, and we’ve created one endpoint using basicHttpBinding. You can see that for the contract we’re using the same class as the actual service itself, but if you want, you could define the service contract (as an Interface) in one assembly and then implement the service itself (as a class that implements your interface) in another class or assembly.

Now, when you browse to http://localhost/WCFTest/Test.svc, you’ll see a web page that states you’ve accessed a WCF service. The rest of the page talks about metadata. Right now, your service is up and running. If you had any clients using the service, they’d be working.

But: you don’t have any clients using this service. And without metadata, you’re going to find it tough to build one. Metadata tells other programs how your service works and how to use it. Once they know this, they don’t need the metadata anymore, but to get there, we’re going to expose the metadata through IIS. To do this, we’ll change our web.config file to add another endpoint. This endpoint will use mexHttpBinding, which is a metadata exchange format. We’ll set the address to /mex, and we’ll also define and set a serviceBehavior, which allows you to specify more detailed options about how your service works. Here’s how your new web.config file should look:

<?xml version="1.0"?> 
<configuration> 
 
  <system.serviceModel> 
    <services> 
      <service behaviorConfiguration="basicBehavior" name="WCFTest.Test"> 
        <endpoint address="" binding="basicHttpBinding" contract="WCFTest.Test" /> 
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 
      </service> 
    </services> 
    <behaviors> 
      <serviceBehaviors> 
        <behavior name="basicBehavior"> 
          <serviceMetadata httpGetEnabled="true" /> 
        </behavior> 
      </serviceBehaviors> 
    </behaviors> 
  </system.serviceModel> 
</configuration>

Now, metadata about your WCF service is available at http://localhost/WCFTest/Test.svc/mex. You won’t be able to browse it with Internet Explorer, though; it’s not meant to be used by a web browser. You can, however, browse to http://localhost/WCFTest/Test.svc?wsdl to see an XML version of your metadata.

At this point, your service is up and running in IIS, and metadata about your service is available so other programs will know how to access and use it.

IT Ethics

Medical professionals, lawyers, accountants, and even taxi drivers are all bound by organizations, which monitor their members’ conduct and set out explicit rules and disciplinary procedures for violating these. These occupations are entrusted with the public’s personal property, their personal security, and in some cases even their lives. It therefore only makes sense that there would be some sort of professional body looking after the public’s best interest.

But what about in IT? What does the public stand to lose? Well, arguably, all of the above, but yet IT as an industry still lacks regulation, guidance, and most importantly a real, binding, professional body overseeing the profession. The “Wild West” is all around us in terms of IT professionals, and the number of “Cowboy Techs” is growing every day. It is becoming a real problem – especially when techs hold a client’s domain names, passwords, MX records, and data hostage with impunity. Undeniably, we are in NEED of some regulation.

Until then, however, we must rely on the kind folks at places like the SANS Institute who care deeply about everything IT. They have done a fantastic job at trying to educate the IT industry about industry best practices, standards and ethics. In fact, they actually have a full code of ethics that IT professionals should adhere to and this can be viewed at http://www.sans.org/resources/ethics.php?ref=3781 . It is definitely worth a read, despite some of the blatant obviousness of some of the points.

For fun, let’s dissect some of the more interesting ones. Please feel free to add comments at the end of this blog as I would like as much feedback as possible.

Here’s the first one……

“When possible I will demonstrate my performance capability with my skills via projects, leadership, and/or accredited educational programs and will encourage others to do so as well.”

I find this point intriguing. The SANS institute actually codified both showing performance and the transmission of knowledge. At first glance, I wasn’t sure whether I agreed that this should be in a code of ethics, but, after some careful reflection I think this is great. Let’s face it, we all know a lazy tech out there that is just scraping along, never reads anything, and never makes an effort to ensure that his clients are getting the best service for their money. At some level, this is taking advantage of the client as they are paying to have a professional make their workflow better – after all, how would you like to go see a specialist for some knee surgery only to find out months later that they gave you the 30-year-old solution that just doesn’t really work. This would be unacceptable in medicine and should be unacceptable in our industry too!

I have always encouraged others to excel in their IT careers and now that I have actually given this some thought will continue to do so even more.

Second point……

“I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals' advice and learn from their experiences and mistakes. I will treat this as an opportunity to learn new techniques and approaches. When the situation arises that my assistance is called upon, I will respond willingly to share my knowledge with others.”

Ostensibly, it is only pride and one’s ego that gets in the way of doing something right and making the client happy and doing something totally wrong and tarnishing the reputation of both the employer and the tech himself. I mean seriously, if you really don’t know how to do something and you know someone else does, get some advice. Getting advice only ever becomes a problem if you are not genuinely trying to learn from the experience and apply it elsewhere. There is no place in IT for pride-except when it comes from a job well done!

Final point……

“I distinguish between advocacy and engineering. I will not present analysis and opinion as fact.”

This particular point could really be controversial, but, I unconditionally accept it as a valuable point and I understand why the SANS Institute has included it. There are too many techs out there, that tell clients things about their OS, or a particular brand of printer, or even a software package without being totally forthcoming that this is in fact an OPINION. In fact, we should all accept that there are many engineers out there that, YES (I mean really), INDEED, do know more than us. They designed the software package and often understand at a much deeper level why certain implementation and/or configurations are there in the first place.

Opinions are good, but let’s not let an opinion get in the way of getting a better solution for a client. Let’s not let opinions hinder progress. If we go with proven engineering, and modest opinions on how to implement such, everyone benefits – and you will be the one that dared to put Vista into the 70-year-old hands of your number one client’s CEO….well OK… You got me…that IS A STRETCH! HA HA HA

Anyway, I hope you enjoyed the discussion and once again I encourage you to actually log on to the SANS Institute page and go through the code!

Matt

WCF: Building a Basic WCF Service

WCF is good. Perhaps great. It fixes a bunch of problems we never knew existed, and adds a bunch more brand new, exciting ones. If you use Web Services, .NET Remoting, or any other wacky scheme to have a program communicate with another program (or application tier or server or process or whatever), WCF is for you.

It’s very powerful. It’s very flexible. Unfortunately, this also means it’s very difficult to find simple answers on how it works. I’m going to show you, as quickly and simply as possible, how to get up and running with WCF under a common and useful scenario. Understand, though, that I’m showing you one thing you can do with WCF; I’m not showing you how all of WCF works.

WCF is based around the idea of Services. A Service is essentially a class that you can access from outside of the application where the class lives, even across the Internet. Let’s have a look at a simple WCF service:

Imports System.ServiceModel

<ServiceContract()> _
Public Class Test

    <OperationContract()> _
    Public Function GetLocalTime(ByVal includeDate As Boolean) As String

        If includeDate Then
            Return Now.ToString
        Else
            Return Now.TimeOfDay.ToString
        End If

    End Function

End Class
As you can see, it’s really just an ordinary class. <ServiceContract()> marks the class as a WCF service, and <OperationContract()> marks the function as an operation of the service, so that you can access it outside of its application. In many samples, you’ll see this class split between an interface (the contract) and a class (the service). This is probably a good idea, but it’s not required.

If that code won’t compile, you probably need to add a reference to System.ServiceModel.

Believe it or not, that’s it. You’ve made a service. Easy!

Windows Mobile Push Mail

Unfortunately, this has to be a bit of a rant.

Honestly, how would Microsoft ever expect compete with Blackberries, Iphones, or any other Mobile platform if they continue to put simple clean usable functionality behind some crappy unneeded security regime.

Last week, I finally bit the bullet and decided to get push mail running on my HTC Touch. Despite owning the phone for six months, I had never bothered to get it talking to exchange because the mere thought of dealing with all of the clunky menus was enough to get me on the bottle. But, I thought, "It can't be that bad?"

Well, after figuring out that it was actually through active sync that I configure this, and completely unrelated to "email settings", I entered in the pre-requisite information - you know - server name, email address, items to sync ya da ya da .... and, much to my surprise...within seconds actually, it started to sync.

That was easy......right? Well, it really was....until the damn thing stopped working about 12 hours later. Suddenly, active sync is now demanding that I install a personal certificate and refusing to sync. Again, this is not a problem, I can get the cert easily...after all, I work in an IT consultancy...this is a piece of cake.

Here's where the yelling, swearing, and finally, the frantic googling began. 2 certificates later, and a lot of error messages, it still wasn't working. I was at the end of my rope until finally, I find the answer. Hidden deep within the depths of Microsoft's Knowledge Base is an article describing the procedure required to make this work. It seems that all of the well-placed certificates and super strict security is just smoke and mirrors - Microsoft actually instructs users to have IIS and exchange server disregard client certificates to get this working. I won't detail the whole process in this blog as it is well documented in http://support.microsoft.com/kb/927467 but ...WOW .

Anyway, I guess the bigger point is, how many people would have just given up by this point? Should average Windows Mobile Owners have to contact their server admins to have client certificates disabled? Should they even have to know what a certificate is? I really like my Windows Mobile device, but the answer to those questions is obviously NO!.

Microsoft has hereforth been put on probation, let's hope Windows Mobile 7 is able to deliver right out of the box!

Internet Explorer: Enable Intranet Settings

On newer versions of Windows, you’ll see a message in IE’s Information Bar (the yellow thing at the top that pops down) talking about Intranet Settings.  Most people just click ‘Don’t Show Me this Again’ as they try to get rid of the endless pop-ups and questions IE presents upon its first few runs.  But what does this do, and what happens if you choose the wrong option?

Internet Explorer manages security through Zones.  Most pages you visit will be in the ‘Internet’ zone.  Other zones include Trusted Sites and Restricted Sites, and IE will adjust security settings accordingly.  Finally, there’s the Intranet zone.  This zone enables a few features that wouldn’t be used on the Internet, but are often used inside corporate networks and by software developers and network administrators.  Perhaps most importantly, Windows Authentication is enabled in the Intranet zone.  If you don’t need these features for anything, you’re better off leaving them disabled.  This is the default configuration, and this is how things are left if you choose ‘Don’t Show Me this Again’ from the Information Bar.

Without Intranet settings, though, you’ll find some things might not work properly.  ActiveX controls are handled differently, pages can be rendered differently, and Windows Authentication won’t work.  This means that if you browse to a web server that you should have access to through Windows Security or Active Directory, you’ll be denied access (or prompted for a password).  This will even happen if you’re running as an Administrator trying to access a web server running on your own machine.

To fix this, you need to enable Intranet settings.  If you’re running IE for the first time, you can just click ‘Enable Internet Settings’ from the pop-up.  If you’ve already chosen ‘Don’t Show Me this Again’, you’ll have to go elsewhere to make this change.  Go to Tools, Options, Security.  Select Local Intranet, and then click Sites:

image

Clear the ‘Automatically detect intranet network’ checkbox – you read that right, you want the box unchecked to enable Intranet settings – and review the other settings on that window:

image

You may have to restart IE for your changes to take effect.

At any time, you can check the zone of the site you’re browsing by looking at the status bar.  If it says ‘Internet’, you’re either on a site that’s not on your Intranet or you have Intranet settings disabled.  If it says ‘Local intranet’, Windows Authentication should work.

Internet Explorer: Improving Load Times

Often, Internet Explorer will freeze for a few seconds before loading.  This can also happen when opening a new tab.  You’ll see this on Windows XP, Windows Vista, and even Windows 7.  It will happen under IE6, IE7, and IE8.  Occasionally, these delays can even be minutes long, giving the impression that IE has frozen.  Often, you’ll see IE sit and do nothing while it says ‘Connecting…’.

It’s at this time you typically start screaming and throwing things, saying “Fucking IE is entirely unusable.  Why the hell aren’t I using Firefox?'”.  Of course, with IE still frozen, you can’t download Firefox, so you’re stuck there muttering to yourself until IE decides to quick screwing around, at which point you forget about Firefox and just go do your work.

There’s a simple fix.  In Internet Explorer (once it actually loads), go to Tools, Options, Connections:

image

Click LAN Settings, then clear the ‘Automatically detect settings’ checkbox:

image

That should do it.

If you’re still having trouble, your problem is almost certainly caused by an add-on (Adobe Flash, a toolbar, the Office Research add-on, anti-virus add-ons, etc.).  To check this, try running Internet Explorer with No Add-ons.  You’ll find a shortcut for this on your Start menu.  IE8 has a great Manage Add-ons feature that you might want to play with, too; you can enable and disable add-ons here; even if you’re not having problems, disabling add-ons you don’t use can improve performance dramatically:

image

Unfortunately, one of the biggest causes of crashes, hangs, poor performance, and security vulnerabilities when it comes to web browsers is an Add-on that’s pretty tough to live without: Adobe Flash.  Until Adobe gets their act together, there’s not much you can do about this one.

Publishing to Blogger

Well, I didn’t have to look too far for inspiration on this one.  I’m sure it isn’t original, so I’ll keep this one short.

I hate web applications.  Yes, they’re wonderful and hip and the supposed ‘way of the future’, and yes, they have a long list of real advantages over traditional applications.  But I still hate them.  And if I’m posting to this blog on a regular basis, I’ll be damned if I do all that work through a web browser.

So I tried Microsoft Word.  Word 2007 has a great new feature that lets you write blog posts right from within Word.  Just choose ‘New Blog Post’ from the list of templates that comes up with you click New from the Application Menu (the big round button):

image

 

Word will walk you through adding your account.  It’s slick, it’s easy, and it’s powerful.  And really, there is no finer application for writing than Microsoft Word:

image

Unfortunately, Blogger isn’t one of the services that supports image uploading from Word

So I tried Windows Live Writer.  It’s slick, it’s easy, and it’s powerful.  I’m happy.  The support for managing the blog itself is better than Word because it’s designed specifically for that purpose.  The actual editing features are more like WordPad than Word, but that’s probably sufficient for most people.  It also has some nice features I’ll never use, like adding an entire folder of photos at once and inserting interactive maps.  Anyone still using Blogger’s web interface really owes it to themselves to give it a try; you don’t know what you’re missing:

image

One thing that took a bit of extra research was code formatting.  Often, I’ll need to include source code, XML, configuration scripts, and other text that needs to be presented exactly as it was written.  Blogger doesn’t let you do that very easily.  Windows Live Writer on its own isn’t much better, but there happens to be a great plug-in for it that does the trick beautifully.  It’s called Code Snippet, and you can find it in Windows Live Gallery or straight from the author, Leo Vildosola.

I’ll probably have more to say about this once I’m an expert in this subject (give me a week or two), but for now, that’s the sum of all my wisdom regarding posting entries to Blogger.

…And So It Begins.

I hated the whole 'blogging' phenomenon right from day one. I hated the concept, I hated the people who read them, I hated the people who write them, and I especially hated the word ‘blog’.

But times change: there’s actually useful content in blogs these days. More often than not, I’ll find the fix to a problem I’m struggling with in a blog post somewhere. So, if I can help a few other people out there by writing about my own problems and solutions (and earn a few AdSense dollars while doing so), I guess I can douse my hatred towards the concept of and people behind blogs.

I’ll try to keep each post useful, with as little bullshit as possible – a rarity in technical documentation, and perhaps part of the reason why technical blogs have become so successful. Because this is my writing, I get to rant, rave, change the rules, and say ‘fuck’ whenever I want. Don’t like it? Go somewhere else. Have a question for me, or a topic you’d like me to write about? Drop a comment, and I’ll do what I can. Want me to personally help you with something that’s been driving you crazy recently? Click the ‘Call Me’ button and see what happens (I’ve been pressed into trying this fancy new ‘Ether’ thing a try; we’ll see how it goes).

What am I good at? Well, I’m primarily a .NET developer, but I run my own company, support what I build, and generally deal with the worst of what this godforsaken industry has to offer, so I see a bit of everything.

So, that’s that. Now I have a blog. Great. Wonderful.

But I still hate the word ‘blog’.

Stored Passwords and User Accounts

So, today I just want to bring to attention a fairly obscure, but, interesting problem that I ran into recently.

I had a client that had several desktop and laptops joined to a Windows Server 2003 domain. All of the computers were running Windows XP Sp2 and for the most part things were fairly smooth. However, one user, started experiencing intermittent failures where his mapped drives were not being setup. Needless to say, he was becoming quite frustrated.

All of the usual troubleshooting of the login scripts was performed, and at one point, some of my colleagues even re-wrote the login scripts from scratch. All of these could be manually executed under our credentials and the drives were successfully mapped, but would mostly fail when ran under the user's own login credentials. It was really odd.

The key point above, however, is that the script would "mostly fail" when run under that users credentials. Soon, it became apparent that anything that was supposed to be mapped from drives located on one particular server wouldn't work and would error out with "System 53" messages etc. Really odd indeed.

We started suspect larger issues were at play and that the domain controllers were not properly replicating. But this begged the question "Why only this one particular user?" Slow link problems might be stopping the login script from running then, we mused...but, on a gigabit connection? Nope, this doesn't make sense. The culprit?...something very obscure and virtually unthought of when dealing with computers in a domain.

What had happened was that the user had cached a blank password for a valid domain user account on his local laptop. The difference between this password and the valid password on the domain controller was causing "Kerebros errors" to appear in the event viewer but yet, would still allow him to log on and use the computer as normal. However, with this wrong password stored, the computer was essentially unable to connect to the domain controller until a valid password was supplied which, of course, would happen long after any login scripts (located on the domain controller he couldn't connect to) would have run and also explained why drives on other servers could be successfully mapped when the login script was manually run on the local machine.

So, where are these passwords stored? On a windows XP machine simply go to the control panel and click on user accounts, then click on advanced, and click on manage passwords. It is in this box where you can cache passwords for logging on to IT resources. Obviously, this feature might be really handy for home computer systems, but can wreak havoc on a machine joined to the domain.

I was thrilled that I had solved the problem and now I am equally excited to share this unusual scenario with my readers. If I can save any of you even 5 minutes in troubleshooting a strange issue like this - I am satisfied.

Cheers!

First Post.....

Welcome to my blog spot.

Through working with computers and users on a daily basis, I have come to appreciate what a giant pain in the *butt* these machines, their operating systems, and their applications can be. Everyday, I see people struggling to use these programs performing tasks that should be mundane -yet often these simple tasks fail.

I love IT and have been working in the IT industry for basically the last 5 years. Supporting that IT career is at least 10 solid years of building, repairing, and using computers as a hobbyist. And now I am here to do something about those simple tasks that fail.

This blog is may be about the complex, it may be about the obscure, and it may even be about the obvious, but, it is all IT.

Overwhelmingly, as the title suggests, this blog is about IT Made Easy by giving quick tips, tricks, and sharing stories to help each and every one of you on your journey to having a smooth efficient IT regime in place.

Welcome to my blog, and I look forward to interacting with my new readership!

Check back often for new posts.


Copyright © 2010 Paul Guenette and Matthew Sleno.