Logan Buesching

I have been wanting to get back into developing my big project I did in my college years, which was basically a LAMP application.  This time, I wanted to set it up as a WIMP environment (har har harrrr, wimp).  All went pretty well until I tried to install SQL Server 2008 Express Edition.

Prerequisites

When I started the installation, I was informed that I needed .net 3.5 SP1.  So I went and got it, rebooted my machine, then re-ran the installation.  Then I was told I needed Windows Installer 4.5.  Once again, I got the installation, rebooted, and started the installation.  A third time, during the installation, I was notified that I needed PowerShell!  Although the UI for showing me I needed PowerShell was much nicer, it was extremely annoying to have to run the installer three times and reboot my machine twice before I finally had all of the prerequisites.

Installing

My machine is running out of space on my C:\ drive, so I wanted to install on my D:\ drive.  So I change the drive and find the following errors:

What the hell are these errors? I mean, I realize that when I told the installer to create a directory it may not have the attributes the installer wants, but can’t the installer set those attributes?  And INSTANCESHAREDWOWDIR? Wow, that’s an ambiguous error.  So I decide to bite the bullet and install in the default directory.  I cancel out and low and behold!

The installation link has become disabled!  So now I have to close the entire installer and reopen it, how fun!  But wait, there’s more!  When I attempt to reopen the installer, I get another friendly error!

I assume it has something to do with the eight setup processes that are running, consuming over 250MB of RAM

I finally get to run the installer, I give up and let it try to install on the C:\ drive, so finally I am at “Server Configuration” where I am told to enter my service accounts.  Again, I get another error

For some reason it says I have invalid credentials, but let’s take a look at the install window. (My emphasis highlighted in the below picture)

Very nicely done SQL Server 2008.  Tell me to click help for more information… WHEN THERE IS NO HELP LINK.  Apparently I had to set up the account in the upper dialog, and not the lower one.

So now I’m just one step away from “ready to install”.  My nightmare will be over!  And guess what happens? You guessed it, ANOTHER ERROR!

Apparently, there was another prerequisite that I needed to install that it failed to tell me about!

In the end, I just ended up installing MySQL.

I spent (most) of the day at work today trying to figure out why my IHTMLDocument2’s hyperlinks were opening in new windows, instead of the current window it was in. Finally, I stumbled upon this:
Resolving Hyperlinks.

By the time anyone reads this, MSDN will probably have changed the link structure, so I’ll also explain it here:
If a user clicks a link within an HTML page viewed in MSHTML, MSHTML calls the HlinkNavigate function (after implementing an IHlink interface). If the host does not implement IHlinkFrame, this function launches a separate application to follow the hyperlink.

Wow, that was frustrating!

A work-around to a bug in Windows Live Messenger 2009 was recently brought to my attention.  If somehow the background picture in your Groups conversation window has changed, and you want it to be removed, here’s how.

1. Open the Background picker in the 1:1 conversation window
2. Click "Show all…"
 
3. Select the blank background
4. Click the "Set default" button

Without a doubt, reading Secure Coding in C and C++ made me quite scared of coding securely.  In particular, all the ways you can mess up integer security.  Ever since I had read that book, it has given me a whole new perspective on things to look out for and security problems that can arise.  Lets take a look at what’s going to be a future interview question I’m going to ask people.

// Returns true if set, false if not set
bool ToDecimal(char* string, unsigned long* pdw)
{
    char* end = NULL;
    unsigned long dw = strtol(string, &end, 10);
    if ( dw == LONG_MAX || dw == LONG_MIN
     || (dw == 0 && wzEnd=string) )
    {
        return false;
    }
    *pdw = dw;
    return true;
}

Find the bug!

So what’s wrong with this code? Hint: many things are wrong (which is why I like it), but I’m speaking of what’s relevant to my post. Well, strtol happens to return a signed integer, not an unsigned integer.  What happens if –1 is passed in?  Well, strtol will return –1 (and on most machines it’s represented as 0xffffffff).  The compiler will then stick it into the unsigned long and away they go!

int main()
{
    //Sploits!
    unsigned long age = 25;
    unsigned long brosAge = 0;
    char* theInput = "-1000" //Nasty input
    if (ToDecimal(theInput, &brosAge))
    {
        printf("My age + my brothers age = %d",
		(age+brosAge)); //4294966320
    }
}

In my theoretical program, it’s hardly a problem, but what happens if I reserved a buffer, was doing pointer arithmetic, or something else that could cause serious damage?  This could have just become an entry point into a security hole.  So please, check your signs!

Over the past six months, I have been working on the Windows Live Installer, and I thought some readers of my blog would like to know some of the technical details that are involved in creating our installer.

View Full Album

Overview

For those that use Linux, our installer is similar to a package manager. Each product team creates a package (usually installed via MSI), and a collection of packages is described in the catalog.

Some of the cooler features include the following:

• Completely data driven by the catalog and configuration.
• Full rule engine to exclude or include packages and products given a condition (os, service pack, specific software version installed, etc…)
• Robust downloading of packages.
• Transactional installation of packages and dependencies.
• Reducing the number of reboot’s necessary.

Catalog, Configuration, and Rule Processing

What I have worked on the most was the catalog, configuration and rule processing.  When the installer starts up, the first thing that it does is process the catalog and determine which products are applicable for installation or upgrade.  Rules are processed which determine weather or not a product can be installed.

Part of the catalog processing is to load the configuration.  This was the first thing that I worked on when I started.  If you look at the resources inside of the executable, you will notice items such as CONFIG0, CONFIG1, etc… Each of these configurations will be loaded at runtime in the order listed, with newer configuration files overriding the previous settings.  This allows us to easily change some settings for different languages or builds, without having to change anything in the code.  These may include reversing the text for right-to-left languages, choosing which products from the catalog to be displayed, or not having a checkbox checked by default due to privacy laws.

For the beta, users of Windows XP may see long startup times.  This is due to one of the products needing to find out if a certain hotfix is installed.  In order to check and see if these hotfixes are installed, we must make a WMI query, which for some reason or another is very, very slow on certain machines.  For the final release, the product was able to check for this information itself and we were able to remove the queries.

Part of our installer was to introduce a robust downloader that can download packages in the background and be resistant to network connectivity issues.  We also wanted to make sure that if we have partially downloaded a product, we can resume from where we left off.  Although the number of 56k users has dwindled in the US, there are still many people with slow connections, or pay per-kilobyte that we need to create a good user experience.

Transactional Installation

Part of the installation of the products includes a feature that allows us to install packages using transactions.  In the past (and in early internal releases of the installer), if a user had cancelled the installation, then we could only rollback the current package that is being installed.  So for Windows Live Messenger, if it installed a dependency and then started to install messenger, then the user cancelled it, we would only rollback the installation of messenger and leave the dependency.  With our transactional installer, we are able to have the rollback chain go as many packages back as we need to for the transaction.  This ensures that the user does not have incompatible dependencies after installation.

Reboot Reduction

Everybody hates to reboot their computer after installing a product.  Unfortunately in a lot of cases and the current state of Windows, we must live with the fact that reboots are necessary.  One of the items we worked on in this release was to reduce the number of people who needed to reboot their computer.  Through closing certain applications while installing the Windows Live products, we are able to prevent reboot’s.

One major change to this feature between the beta and the final release was the UI associated with it.  For the beta, the installer would check for files in use when the user selected the applications to install.  This may have lead to a long pause where the user would believe that the applications was frozen.

After checking for files in use, the installer did not give the option for users to leave their applications open, it only showed a list of applications it was going to close.

For the final release, we implemented a progress bar while checking for files in use (with the option to skip the check), and allowed the user to manually close the applications which have files in use.

Questions?

That’s about all that I can think of to cover.  What do you want to know about the installer? Any features you want to see implemented?

When looking on Facebook the other day, I noticed something peculiar.

That is NOT me.  Seriously, how many Logan Buesching’s are there on the internet?  Windows Live tells only knows about one.

I just hope that some day he never becomes famous.

I am usually a fan of open source software, but the latest two that I have downloaded are sore on my eyes and a real pain to use!  The first is Media Coder, while the second is JJ MP3 Renamer.  It has been my findings that open source software in general is much more difficult to use than their commercial counterparts.  Maybe someday I will do a comparison of open source to commercial software and the usability between them.

Background

I recently purchased a 120gb Zune player when I used to have an Apple IPod.  I want to transfer all of my IPod stuff over to my Zune player.  I was able to get songs I ripped from CD to work properly, but songs I purchased on ITunes don’t work.  I am currently working on stripping the DRM from those purchased songs to add to my Zune.  I realize this is illegal, but hey, I legally paid for these in the first place, so I don’t feel bad about doing it.

Media Coder

Lets start with the program (that I hope?) can convert the DRM laden files to non-DRM formats.  I haven’t quite used the program yet, but on the first look I immediately said WTF.  This is UI hell.

1.) I’m given a transcode option in the menu bar.  I could pretend like I’m not an idiot, and say that my grandma won’t know what “transcode” means, but in reality I don’t know what it means. I will assume that “Convert” would have been a better choice. (Hell, even Windows Live Writer doesn’t have transcode in its dictionary!)

2.) They have some weird icons to show, one of which being the “Skip” icon which looks like someone is getting ready to soccer kick something.  This reminded me of wanting to physically kick the software, which is what you see my little stick figure doing!

3.) Why is there a “…” and an “Open” button next to the folder? This is confusing.

4.) Why the hell are there so many tabs?

5.) WHY THE HELL ARE THERE SO MANY TABS!!???

6.) Why would I want to refresh rss? Do you really think I keep this application open for long enough for you to post something new? And even if I did, do you think I would want to refresh the rss feed to find out new information?

7.) WHY THE HELL ARE THERE SO MANY TABS?!?!?!

JJ MP3 Renamer

As if the first UI design wasn’t bad enough, here is another gem.  This was used to rename and move around files from my IPod’s crazy directory layout into a more human readable format.  Overall this wasn’t as bad as the last one, but it did take me about 5 minutes to actually figure it out.

1.) The item that has “click” next to it is actually clickable! Wow, who would know that?  There is absolutely no indication that it can be clicked.  In fact, there are no visual indications that anything on the screen can be clicked.

2.) Why do I have to be shown the difference between idv2 and idv3? Is there really any reason why I would still want idv2?

Please note, although I work for a large corporation, these views are entirely my own and do not reflect the views of my employer.  Some of this information may be incorrect, but I have tried to be as thorough as possible with my investigation.  If you find any errors that need correcting, please leave a comment!

While investigating why Adobe Air doesn’t launch my default browser, I noticed that Google Chrome isn’t as aggressive as IE is when it sets the default browser settings.

Make Google Chrome My Default Browser

What happens when you say “Make Google Chrome my default browser”?  Well, from the looks of it, all it does is registers itself as the default program for only the Windows Explorer shell.  In theory, every application that needs launched should go through Windows Explorer (via shellexecute), which will check for the user set defaults and launch the appropriate program.  What Google Chrome does not do though, is set itself up as the default handler in the HKLM\Software\Classes\htmlfile registry key.  This makes it so applications that only check this key completely bypasses Google Chrome as the default browser.

Make Internet Explorer My Default Browser

When you set IE as your default browser, not only does it set itself up as the default browser for the Windows Explorer, but it also makes sure that it is the default handler for HKLM\Software\Classes\htmlfile.  Therefore, for the applications that only look at this key they will see that IE is the default browser and launch it.

Why Do Some Apps Behave Differently

There has been a standard way to launch the default browser in Windows for a long time, and that has always been by passing the URL into ShellExecute.  For .Net applications there is Process.Start which will do the same thing, and just introduced in Java is Desktop.Action.browse.  All of these will go through Windows Explorer, find the default program, and launch it.

Why Adobe Air Not Honor The Default Browser

From looking at where Adobe Air looks to launch a browser, it appears that it uses none of the methods above.  When navigateToUrl looks for the default browser, it just checks the HKCU\Software\Classes\htmlfile* registry key, and loads the default handle that is in this key.  Since Google Chrome does not set this and IE does, IE is launched.

Why Does Firefox Launch if IE is My Default Browser

Firefox goes even one step further! If you see above, I mentioned that IE sets HKLM, but not HKCU!  So when Firefox sets HKCU, and Adobe Air looks there, it says Firefox is the default browser, then launches it.  To set IE as the default browser, you can either set it from the defaults**, or delete the registry key.

* As someone may note, it actually looks for HKCU\Software\Classes\.htm, which by default is htmlfile.  What Firefox does is changes this to FirefoxHTML.

**When you set the default programs for web browsers, what it does is sets the HK*\Software\Classes\[extensions] keys to point to htmlfile.  The reason why if you use set Google Chrome or Firefox as the default browser there and it is not honored is because neither Google Chrome nor Firefox set the htmlfile class.  For Firefox, just go through it’s menu system to make it the default browser and this will be fixed.

I have recently found out that Adobe Air does not honor the default browser.  I am using IE8 as my default browser right now, and AIR products open up Firefox.  Mike Chambers mentions the issue and links to a fix, but I have a simpler one. 

I assume Adobe Air checks the HKCU registry entry first, which may not be set by other programs (which may set only HKLM).  So just delete the entry in: HKCU/Software/Classes/.htm (I also deleted the one in .html).  Bam! Fixes the issue.

Update! (9/3/08): If you are curious why this is, please check out my explanation.

I have been an avid fan of Mozilla Firefox for a long time, but since I got a new job, I have been trying to exclusively use Microsoft products (at least at work).  One of the things that I have been able to try out is Internet Explorer 8, Beta 2.  From a first impression, I have really enjoyed it.

Faster Tabs

If you’ve ever heard me gripe about IE, it’s that it has slow tabs.  When I open up a new tab in Firefox, it’s blazing fast and I’m already typing in the address bar before I know it.  For IE 7, it had such a slow implementation for its tabs.  It would literally take 2 full seconds from when I create a new tab to when I could use it.  With IE 8, tabs open much more quickly.  Although the tabs aren’t as fast as Firefox, it’s not going to be my huge gripe.

Privacy and Safety Feature

A new feature called InPrivate browsing allows me to browse the web without worrying about tracker cookies or saving my history.  I’m not exactly sure what all this entails, but it seems to have gotten media attention.

Another helpful feature is that in the address bar, they have made the domain name stick out more to help avoid phishing attacks.

Add-On’s Welcome

Microsoft has a new site dedicated to providing Add On’s.  With all older generations of IE, nobody really cared about having plug in’s for the web browsers.  When Firefox came along, the whole game changed.  Firefox gave developers a lot of flexibility for extending the browsers functionality.  IE has finally caught wind of this and I am excited to see some of the additional add on’s that are going to come out.

Accelerators

When I first saw this feature, I wasn’t very excited at all.  I thought it was going to become another toolbar helper that just gets in my way.  After using it for a little while, I have stopped noticing when the little icon pops up.  It is very non-invasive and there when I need it.  I think the best thing about the accelerator is that it doesn’t take me to a new page to find a map or define a term, it’s all right there in the same page.

Web Slices

This feature is seems like it could be really cool, but still needs polishing up for the final release of IE8.  I started out getting the Digg and Facebook web slice.  Neither one of these slices worked as expected.  The Digg slice didn’t quite show the full news when I clicked it.

And the facebook slice BROKE FACEBOOK! 

Not exactly sure how that managed, but after deleting the slice I was able to get Facebook to work again.

Smiles Sprinkled All Over The Browser

In my opinion, those are the most major new features that are in IE8, but there are a few last items that I though deserved attention.

In IE7, searching was horrific.  I hated the popup dialog that always showed up, but now in IE8, it has become a lot more like Firefox in that the search is integrated into the window.

Firefox 3.0 introduced a new type of address bar that searches as you type, and IE8 also introduced this.  I have to say that IE8’s implementation is a little bit better because not only does it show me my web history, it also shows my feeds that I have saved, and also suggestions based on my web browsing history!  +1 for IE!

Even the search bar got it’s own suggestions and history that can be shown!

Final Thoughts

I believe that IE 7 showed the world that Microsoft is giving IE the attention that it deserves.  With IE 8, I believe that they have finally caught up with Firefox in terms of baseline browser ability.  I still have to give the edge to Firefox for now as the better browser because of it’s extensions, but if Microsoft can make as dramatic of push from IE 7 to IE 8 when it goes from IE 8 to IE 9, wow, look out!  I am excited to see the future of browsing the web!