Category Archives: Tech Nonsense

Horror stories from the field.

How to save 78% on your business software

Sounds like spam from a software pirate or some other flighty come-on, doesn’t it?

I’ve been looking at Novell’s new SuSE Linux Enterprise software and thought I would do a little cost comparison between Novell’s Open Workgroup Server and Microsoft’s latest Small Business Server.

Check the how to buy page for yourself for pricing.

Now, consider that OWS replaces the windows server with exchange, windows on the desktop AND Office on the desktop for $110 per user. For five users plus the server, M$ charges:

5 User Standard SBS Server with Exchange
$1473.69 (best price on froogle)

Windows XP Pro OEM (Can’t login to domains with Home Edition).
Search PN# E85-00086
5x $129.95 = $649.75 (you have to skip past the non-licenses and ebay auctions to see the real price.

Windows Office 2003 Small Business OEM
Search PN# 588-02636
5x $204.97 = $824.85

M$ total: $2,948.29
OWS total: $660.00

That is just shy of 78% savings for very comparable, if not superior, functionality.

Maintenance and upgrade protection are cheaper too at $75/year/seat for OWS.

Microsoft still doesn’t have anything at that level to compare to Zen either. Consider the built-in XEN virtualization and you’ve really got something to address compatibility for legacy software. You can run your existing Windows XP license in a Xen Virtual machine and continue to run your Quickbooks or other legacy applications that you think you can’t live without.

eBay Javascript Injection

Most of the phishing emails I get for eBay are pretty obvious. Besides the typos and poor english, they usually link directly to arcane websites. Today I got one that took me to a listing on eBay which contained a login intercept. The script presents a reasonable looking signin form, obfuscates your login and the destination url using rot-24 and sends it on to http://proxy.cheersfilms.com.tw/426006317/66728472 before submitting it to ebay.

I only find it noteworthy because I couldn’t find any public information about xss flaws or other bugs allowing js injection into ebay auction listings and a slightly more sophisticated attack would be pretty hard to detect.

There were several flags that made me cautious. First, the email (which was forged) started with:

eBay sent this message to billh2.
Your registered name is included to show this message originated from eBay.

My eBay user id is not billh2.

The second thing to tingle my spidey sense was the actual message, “hello, i want this item, i’ll pay extra just to be sure we will got a good deal, can you ship to zip code 19146? if all is ok respond me ASAP.” Sheesh! Who offers to pay extra without expecting special handling or something unusual?

The final clues were obvious after I clicked through the link to view my auction. The URL was so long, I couldn’t see the auction number in the link, but it was obviously not the same number presented in my email. At the page, the javascript hides the actual auction item description and substitutes a fake login form. I knew it was fake because it wasn’t a secure page, it didn’t already have my user id and the page wasn’t exactly like it looks when you’re actually logged in to eBay. Despite all that, it was pretty convincing, particularly since I was actually on an eBay webpage.

The javascript was able to hide everything on the page and it could conceivably been made to look much more realistic. Furthermore, since it was actually running from eBay, I imagine it could conceivably have been able to get my userid from the cookie eBay stashes in my browser. Other than the missing letter S in the after http, it could have been flawless. Frankly, that’s pretty scary.

If you want to see the script, it’s still up at

http://cgi.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=ViewItem&Item=5875281930

I neutered the URL so you’ll need to view source to see the javascript.

To see the fake signin page, you can link to http://tinyurl.com/r8ecv

which takes you to

http://cgi.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=ViewItem
&=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=
&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=
&migrateVisitor=&Item=5875281930&aiu=rtqz{0ejggtuhknou0eqo0vy164822853718894:694
&jsc=sig&jsv=1&jsem=vqrruqhvB{cjqq0eqo

(remove white space to link)

aiu is the URL which captures your login (rot-24)

Here’s the part that truly sucks.. If you enter a username and password that passes the script validation, it then prompts you to enter enough information to steal your credit card and most likely your identity. To whit,

	var user=Decript(GetURLVar('jsu'));
	var pass=Decript(GetURLVar('jsp'));
	var firstname=form.firstname.value;
	var lastname=form.lastname.value;
	var address1=form.address1.value;
	var address2=form.address2.value;
	var city=form.city.value;
	var State=form.State.value;
	var zip=form.zip.value;
	var countryId=form.countryId.value;
	var dayphone1=form.dayphone1.value;
	var dayphone2=form.dayphone2.value;
	var dayphone3=form.dayphone3.value;
	var dayphone4=form.dayphone4.value;
	var nightphone1=form.nightphone1.value;
	var nightphone2=form.nightphone2.value;
	var nightphone3=form.nightphone3.value;
	var nightphone4=form.nightphone4.value;
	var cardnumber=form.cardnumber.value;
	var ExpiryMonth=form.ExpiryMonth.value;
	var ExpiryYear=form.ExpiryYear.value;
	var verificationnumber=form.verificationnumber.value;

The javascript looks like it was built using library functions by some script kiddy. Considering how nicely the edits on the form submission are coded, I would have expected the spoof to be a bit more sophisticated.

Sucks to be coloradopackrat today.

The Route To Hell…

A year ago, I finally got a new
laptop
to replace my aging
Fujitsu LifeBook 420D
. By aging I mean decrepid. By decrepid, I mean
Pentium 120 with no USB, a broken CD-ROM and a misaligned floppy drive. The
kind of laptop that makes me cringe when I show up at a customer’s site and
they ask, “Can you fix it?”

The question that needs to be asked is, “Is it worth fixing?” In this case, it
didn’t take me long to decide, “Hell no!” I got a good deal on the new laptop,
although it wasn’t a high end system, I think I got a good value for my money.
So far, my only complaints were the need to upgrade the RAM (a cheap fix) and the
left button on the touchpad. It has a mind of its own. Mostly, when I click it,
it ignores me. When it decides to respond, it makes up for lost time and clicks
twice. I’m under warranty, but I’ve already been told, “It might be a driver
problem and you’ll need to wipe the hard disk and install the recovery CD
before we can accept the warranty.” Yeah, I’ll get right on that. For now, I
have a little mouse I plug in when I need it. Soon, I’ll be upgrading the hard
disk. When I do, I’ll clone it, do the factory refresh and deal with the
warranty issue. Until then, I won’t be recommending the manufacturer or the
retailer to my customers.

The one thing I do love about my laptop is the freedom that comes with the
included 802.11g Wifi adapter. Along with my fancy, new D-Link DI-624 broadband
router
, I can freely roam the house and even sit on the patio and enjoy the
sunset view over the lake while I merrily answer email and poke around online.
Usually.

When I first put in the router, I started having problems with interference. My
cordless phone is also 2.4 GHz and everytime the phone rang, my router would
reset. My desktop system would tell me that the ethernet signal disappeared and
I’d watch the interface cycle. Any data transfers I had going, remote shells,
and IRC would all bomb out. I lived with this for a few weeks until I got to
talking to one of my buddies online. He suggested I force the wireless radio to
use a different channel and avoid the interference. Lo and behold, it worked!
My router ceased its dance of death with my telephone and I thought all was
well.

Unfortunately, I won the battle, but the war was far from over. Although the
regular disconnects were over, I was still experiencing random, intermittent
disconnects. These disconnects would occur anywhere from two to twenty times
per day. I also had problems with large data transfers. Anytime I fired up
bittorrent or any other P2P applications, my connection would start dropping
every five to ten minutes and stay gone for around five minutes. The only way
to hasten the recovery would be to release and renew my IP address from the
command line. Believe it or not, I lived with this for almost a year. The straw
that broke the proverbial camel’s back was a sudden and immediate need to run a
VPN connection to one of my clients. After establishing the tunnel, the
connection was so slow, it was unusable. In fact, I couldn’t even get
Enterprise Manager to connect to the remote SQL Server database.

I ended up taking the router completely out of play and plugging my PC directly into
my cable modem. This worked great for my desktop, but it left my wireless
laptop feeling lonely and neglected. Of course, all the other annoying problems
went away as soon as I bypassed the router.

Last I checked, D-Link offered a three year warranty on their products. Since I
needed a new router for use in my office, I decided I would purchase a new
router, take the old to the office and get it replaced under warranty. Having a
definite plan of action, I proceeded to purchase a new router. As it happened,
Office Depot had the same model router on sale for about $40 (after mail-in
rebates). With my $15 bonus coupon from the rewards program, I would be out of
there spending less than $30 net on the router.

I installed the new router only to discover that it suffered the same problem
as my previous, allegedly defective router. I guess I had a premonition this
would happen, because I hadn’t yet carved up the box for the UPC symbol or sent
in my rebate forms. I resolved to return the router and purchase a completely
different brand. Since it was the weekend and gas was still close to $3/gal, I
suffered until Monday. Connecting and disconnecting cables from the
cable modem and my PC was getting a bit old, so I tried logging into the
router’s web interface and turning off the wireless radio. Without the wireless
function, the router worked nearly perfectly. I say nearly because I was still
getting a couple of disconnects daily.

Yesterday, I exchanged the D-Link for a Linksys WRT54G router. I chose this one
because I anticipated great fun playing with the open source firmware. Not that
I intended to write my own Linux build for the box, but I knew a few people had
enhanced the stock build considerably and thought it would be fun to play.
Installing the router took only a few moments. I flashed the router with the
latest official firmware build and my connection has been flawless. I even
downloaded a 350 MB torrent last night and never once did my connection to IRC
cycle.

Postscript: My new router appears to be TOO new to use third party firmware.
The router uses revision 4 hardware (my serial number starts with CDFA) and the
likes of Sveasoft’s Alchemy refused to load. They promise support in version 1.1. I can’t wait.

Hacked Off

The other day, one of my websites was defaced by a scripted hack. I’m still not sure exactly how they got in, but I assume I can thank the recently identified SQL Injection exploits such as this one since the hack was accomplished by replacing the footer values in my PHP-Nuke configuration database.

During the course of a normal day, my PC tends to stay logged into IRC. Unfortunately, I’ve been working on a project lately that requires me to login to a remote network using a VPN and the client security policy forces all my internet traffic through the VPN connection which is nicely firewalled. When I log in to upload my work and test, I have to disconnect all the little utilities and applications I use that constantly access my Internet connection.

This is important because had I not been offline working, I could have dealt with my problem a bit quicker. As it was, I only found out about it because one of my online buddies dug out my phone number from whois and called me.

I’m not going to glorify the hack or the hacker by any direct mention. The defacement looked like this. As far as I can tell, the intrusion was complete scripted. My guess is that the script googles a string that somehow identifies vulnerable systems and then runs the exploit against one of the unpatched entry forms.

Sadly, the latest public release of PHP-Nuke still hasn’t fixed the bug. I think I’ll be motivated soon to migrate that site off of Nuke and onto another CMS.

Universally FUBARed

For the second time since they opened in 1990, I was talked into going to Universal Studios in Orlando. It took all of 10 minutes to remember why I hadn’t been back.

(cue flashback fog) The two things that stood out from my last visit were the pointless herding of visitors by employees and the lines. When I go to a theme park, I expect to wait to get on rides. Fifteen years ago, no one had invented the likes of Disney’s FastPass system and access to specific attractions was the closest thing to a communist utopia you’d find in the free world – that is to say, everyone had an equal opportunity to stand in long lines. What aggravated me most was how the lines were managed. Mostly, they weren’t. The lines consisted of endless zigzags of chains winding a twisting path through some area with nothing to do except eavesdrop on your immediate neighbors and whine about how hot it is. Unlike the megalithic competition, Universal offered nothing in the way of distraction to make you forget how annoying bored eight year olds can possibly get after 60 minutes of imitating cattle on the way to the slaughterhouse.

I’m sure some efficiency engineer was paid a handsome sum to design the layout of the public areas to maximize traffic flow. For instance, in the name of efficiency, this person (or group of persons if anyone else wants in on the credit) figured out the optimal way to cram cars onto a fixed slab of pavement. Measured in cars/acre and rate of parking, I’m willing to bet they got a hefty bonus. Too bad they neglected to consider that people may not want to drive past a half mile of empty pavement to park in the spot physically furthest from the theme park entrance. Even to my untrained eye, I could see where they could have routed the traffic differently without making cars and pedestrians battle for right of way.

So, it was with great apprehension that I learned my wife had scored a pair of “Star Tickets” for admission to the park. Realizing that fifteen years had passed and that things surely had changed, I decided to give it a go. Besides, the tickets were free, so what did we have to lose? Someday, I’ll learn that unbridled optimism is for suckers. Clearly, that day was not here yet.

We had two tickets, we needed three, so we were going to spend some money on the third ticket plus parking. I figured $60 plus a tank of gas, so at $83/gallon, we’d have some fun for under a grand. I know… gas didn’t quite make it to $83/gallon, but one can’t be sure about these things when Exxon/Mobile has record quarterly profits to exceed. Looking on Universal’s website (screenshot), I see that they’re open until 7pm, so we’ll have about six hours to play once we get there.

Getting there was easy considering the entire route is along I-4 where they’ve conveniently replicated Tampa’s Malfunction Junction at regular intervals so that we won’t miss it when the fix is completed sometime next year.

The lines at the parking booths were encouragingly short with no more than two cars per gate. The price went up a buck from the last time we visited Margaritaville earlier in the year, but such is life. Since our last visit, Universal replaced the asphalt parking lots with a series of enormous parking decks. It took about ten minutes to navigate past the traffic cones and bored attendants before we got to the deck and level that was actively being filled. I was starting to feel optimistic about the trip when I noticed that they had setup two lanes of traffic feeding a single lane around a 90 degree turn. Most people politely lined up and behaved, but inevitably, some Type A tourist in a rented luxury sedan would decide his time was much more important than everyone elses and would jump into the empty lane to cut in line. Let me pause briefly to give kudos to the Florida crackers in the old Chevy pickup who decided to straddle both lanes after the second Andretti wannabe attempted passing while under caution flags. Naturally, after the turn, we had two lanes again and suffered from deja vu as yet another set of the self-appointed elite tried their luck against the dually.

Parking matters aside, the walk to the front gates was somehow longer than the walk from the back 9 at my local duffer course. Universal does provide moving sidewalks, which is nice. Oddly, they had at least one completely turned off for each segment of the walk. I blame either human error or the Return Of The Efficiency Expert (coming soon to a themepark near you).

Sheesh, I’m getting wordy and I haven’t even talked about how badly they implemented what little technology they had. Ticket booth – second in line. The one window we waited at was staffed by an employee who types about 12 char/min. That’s right, characters. I’ve seen people fill out tax returns faster than this lady could enter the bare essentials for two people buying annual passes. Hey Universal! How about basic training for your frontline staff if you’re going to require more background information than my mortgage banker. It honestly took over 20 minutes to take care of one customer. I finally jumped lines and finished my transaction about the same time as the people buying the passes.

Had we bought tickets, they would have been $60/person for one person/one day. I mistakenly thought that the Florida resident special was adding a second day for free. Turns out, it’s adding the second park, but no extra days. Furthermore, the Star Tickets were only good for Universal, not Islands of Adventure, so that bonus was useless. To add insult to injury, on that day, Universal closed at 6pm instead of 7pm as stated on their website. Every employee I asked (there were four total) insisted I was mistaken and looked at the wrong park’s hours on their website. Not one bothered to check. How wrong they were.

All told, we lost about half an hour and got into the park about 1:30. We decided against the “added value” options ($20 per head for all you can eat all day in three separate restaurants – excluding beverages and $15 for the express option which lets you skip most of the lines). Inside the park, there weren’t many people. We knew it wouldn’t last. At 4pm, they would be allowing 32,000 Christian rockers through the gates for Rock The Universe.

Let me just summarize my annoyances with the rides we had time to experience:

Jimmy Neutron’s Nicktoon Blast. Are the misters that come off the big fans supposed to spray you with a volume of water equivalent to a light rain? I’m guessing not and suspect they were ready for adjustment. The holding cell where the audience is queued prior to the actual ride had one big screen for everyone to watch. My daughter (one would think she is the primary audience for this attraction) could only see the screen after I hoisted her onto my shoulders. Why not place a few monitors around the room? Oh, and turn the volume up a bit so we can hear it over the majority of people who wouldn’t shut up.

Shrek 4-D. Same complaint about the holding cell. Note to future theme park designers – if you there is ANY chance your audience will be stuck in the holding cell longer than anticipated, please find an audio track longer than 20 seconds to loop while you stall for time. In addition, being the last person left in the entire United States who hasn’t seen the movie, I found the teenagers with the scripted attitudes and insults to be intensely annoying. Once we were seated, we got just past the donkey sneeze and the show stopped. After two minutes of tolerating yet more scripted insults, they started over. At least the second time, I knew to cover my face before getting it sprayed with simulated donkey snot. The water in the face thing seems to be the only immersive element Universal mastered throughout the park.

Revenge of the Mummy. The ride itself was fun. As a bonus, I noticed they replaced the chains in the queues with fixed sections of stainless steel railings. I’m not sure, but I guess that’s progress. I’ll have to check with an efficiency expert on that and get back to you. The actual queue – still boring. I think they need to fire the efficiency experts and hire some Imagineers to work on ways to keep people occupied as they shuffle through the neverending lines. Thankfully, the park was pretty empty and none of the waits were more than 15 minutes (for now).

Another interesting point.. they provide free lockers for your bags while you are on the ride. For this ride, the lockers are free for up to 2.5 hours at which point you pay $2 per half hour. The lockers are controlled by a fingerprint scanner. It takes two scans of your thumb and assigns you a locker. When you are ready to retrieve your bag, you enter your locker number into a keypad and then let it scan your thumb again. Here’s the rub – there are two stations on each bank of lockers and they aren’t networked! You can only go to the station you originally used to retrieve your belongings. Stupid.

E.T. Adventure. This one annoyed the crap out of me. The ride was fun. It is reminiscent of the Peter Pan ride at the Magic Kingdom. Getting onto the ride required obtaining a “badge” from two employees. This bottleneck turned out to be merely an unnecessary waste of time. To get the badge, you have to give them your first name and they then hand you a vinyl card with a barcode on it. When I got the card, I’m thinking this might be cool.. Maybe E.T. will say my name or something on the ride. *BZZZZT!* Wrong! Before getting on the ride, another employee collected the badges and dropped them into a bin where they remained unscanned. WTF is up with that?

Twister. Huge outdoor line but they at least provided video. The video clips are scarier than the ride.

I’m actually pretty settled down at this point because, although we are short on time, things are moving along pretty well and my daughter is having a good time. We’ve now been in the park about 90 minutes and done five rides. We decide to head over to Hollywood and grab a couple of frosty lemonades on the way. Here’s where things went south. Next stop..

Back To The Future -The Ride. After we got in line, we hit the first checkpoint. An employee directed us to a path and told us to go that way. I think it took longer to scale the ramps we walked up than it took to experience this ride. The ramps were all in full sun and we had no shade. At this point, I was wishing someone would throw more water in my face.

<digression>Universal has been open for over fifteen years now. Why didn’t they plant some shade trees along the major walkways? Everywhere you walk, you are in the sun. And it is HOT in Florida eight months of the year. I blame efficiency engineers.</digression>

BTTF:TR was fun once we got going. It’s your basic motion simulator and the ride is hosted by the esteemed Dr. Emmett Brown. It’s not terribly high tech, but that might explain why it didn’t malfunction.

Men In Black: Alien Attack. This ride looked like it would be the most fun of all. You ride around in a vehicle along a track and shoot at aliens. Sort of like Buzz Lightyear at MK but not cartoonish. The aliens are all animatronic and you have an LED scorecard at your seat to tell you how you’re doing. Because of the nature of the ride, all bags are again to be stored in free lockers. The trouble with this plan is that these lockers are only free for 45 minutes. The ride takes about 10 minutes and we were told the wait would be 30 minutes. We went for it and it turned out the line was only 20 minutes. We decided to go again, so I waited in line to retrieve my stuff figuring I would redeposit it into another locker for another 45 minutes. My wife’s thumb sufficed and I didn’t try my thumb on a second go, so don’t ask if they check.

We got back in line and were again told the line was 30 minutes long. The line was substantially longer this time, so I was a bit nervous about the time. I asked the attendant why the time limit was so restrictive. Rather than answer, he told me to come find him if the line ran long and he’d help me retrieve my things. Back in line, we moved about 20 feet in 20 minutes. I’m about to start getting agitated when word trickles back from the front of the line that the ride was down. It crashed and there was no ETA for when it would be back. The attendant confirmed this, so I waiting another ten minutes to get my things from the locker and we decided to catch the final T2:3D show.

I should point out that at this point, we managed to get through two rides in about two hours. It was now well after 4pm and hordes of marauding pubescent teenagers were streaming into the park at an alarming rate. Rock The Universe was starting to look like the Crusades as performed by Attilla and the Huns. That is to say, these kids were charged up and pretty much running roughshod over anyone between them and wherever they were headed.

Terminator 2:3D Battle Across Time. We got back to the line for this one about 20 minutes before the show which starts on the half hour. The show was listed on the program as the last show of the day. 20 minutes was what the attendants told us to plan around to ensure a seat. As it was, the line was already extremely long and they cut it off just behind us. This attraction looked like it was going to top MIB in terms of fun and we were all excited to see it. Think of it as a 3D movie with live action role playing. The show actually started in the holding tank where a live actor introduced the theme and we were treated to a commercial for Skynet and Cyberdyne, the fictitious company who creates the homicidal weapons systems and robots. The commercial is interrupted by rebels from the future… you get the picture. It was fun.

After the introduction, semi-automatic doors open into the theater and it’s a free for all for seating. We ended up with some center seats near the front and settled in to finish the show. It goes along smoothly for about three or four minutes and then it stops. Suddenly. Without warning. I’m secretly hoping that this is another “interruption” by the rebels, but alas, my optimism is shredded when drone #2 announces that the attraction has broken and we are to immediately exit the theater. Oh, and by the way, come back later for priority seating for your inconvenience. Needless to say, we’re horribly disappointed.

More insult to compound the injury – outside the attraction, they are already loading the next herd into the holding cell. The show wasn’t broken, they just decided to unload us to keep their schedule rather than restart it. I’m beyond speechless by this realization. Because of the broken rides, we have done nothing but wait in lines for the last two hours. Yes, it’s 6pm and we have to leave. We finished our one turn on MIB precisely at 4pm.

I hope they improve things a bit before I come back again in 2020.

What the F

Today, I had to build a computer for delivery on Tuesday for a very good customer of mine. He really likes using zip drives, so I offered to move his existing Zip 250 into his new computer. I was ripping the old computer apart anyway to copy the old hard drive onto a partition in the new computer, so it really took no appreciable effort to do so – or so I thought.

<digression>The old computer inexplicably started locking up without warning. The only way to bring it back to life was to let it sit for a while. My first thought was that one of the fans was dead or dying and the problem was heat related. I booted the system into the CMOS to look at the hardware monitor. The CPU fan was moving along at a steady 3042 rpm and the CPU maintained a constant temperature of 46-49C. So much for my heat theory. While I was in there, I also noted that the voltages coming off the power supply were right in line with what I expected and rock steady.

I went ahead and booted the system into windows figuring there might be a corrupted swap file or garbage in the temp directory. Both of those circumstances have occurred for me in the past, so I thought I’d start there. I deleted the temp files and jumped into a command prompt to look for spyware and viruses in the windows and system32 folders when the computer locked up on me without warning. The keyboard was completely dead. I couldn’t even get an LED toggle on the numlock key. The old three finger salute was unavailable as well. My only recourse was to hold the power button down for the requisite four seconds or use the reset key. I tried both. Even though the screen blanked, nothing ever came back.

So… scratch the “blame windows” theory. Clearly, I was dealing with a hardware issue. Now this particular customer doesn’t like a lot of downtime and trial and error. Given that there were no obvious symptoms that led me to any specific component, I gave him the option of either allowing me to troubleshoot the problem by swapping components until we found the culprit or allowing me to cut to the chase and just replace the motherboard, CPU, RAM and power supply. I hate tossing out good parts like that, but for the price of hardware, it’s often cheaper to just go ahead with what amounts to a partial upgrade.

It turns out, this fellow had even less of a tolerance for partial solutions than I expected and he requested I just replace the entire computer. It allowed him to move up to Windows XP from 2000 and taking the time to do a clean install of his software was something he had been planning for me to do anyway.</digression>

Fast forward to this evening. I’ve assembled the new computer, moved the zip drive over and I have to say, I’m quite pleased with the new setup. Here’s what I put in:

  • AOpen QF50 Midtower Enclosure
  • Gigabyte GA-8I945P Motherboard
  • Pentium 4 3.4 GHz with the LGA775 socket form factor
  • A gig of RAM
  • AGP 8x GeForce 4 video
  • 250 GB Maxtor SATA Hard Disk
  • DVD-/+RW
  • 52x CD-RW

All in all, a decent system. I loaded Windows XP Professional, installed Norton Antivirus and then realized the onboard gigabit LAN adapter wasn’t active because the driver wasn’t native. I inserted Gigabyte’s driver CD to activate and install the motherboard drivers. Gigabyte has a pretty nifty solution. You pick all the drivers you want/need from the initial splash screen and it installs them all, even if it needs to reboot in the middle, without any further user intervention. I went ahead and selected all four drivers (Intel chipset, USB 2.0, Marvell Gigabit LAN, and audio) and set it loose. The downside of their nifty driver is that it doesn’t really tell you what it’s doing. Basically, there is a little red line near the bottom left that serves as a progress indicator. For some reason, it stalled somewhere between 10 and 15 percent and refused to budge. I cancelled the install tried restarting it but had no further luck.

After rebooting, the driver installation automatically restarted but it remained stuck in the same place. I tried a few things, including going into the CD-ROM and installing the drivers one at a time, but I couldn’t get the one I really needed without their installer. Windows claimed the .INF file for the gigabit LAN adapter was in an ‘unexpected format’ – whatever that means.

I decided to explore the hard drive to see if cleaning temp files might help unstick the installer (can you tell I loathe stray temp files?). What I found was that windows had arbitrarily assigned the zip drive to use letter C and the hard drive I was booting from was assigned Drive letter F. Priority interrupt! I went into disk manager and moved the zip drive over to drive G and then discovered that Windows will not allow you to reletter the partition you booted from.

It looked like I was going to be stuck with Drive F as my boot drive. Now, my brain started imagining the various circumstances I should expect to begin dealing with when things go wrong on this system. Not to mention my existing problem installing drivers. I decided to repartition the hard drive and reinstall windows. This time, I would do it without the zip drive connected thereby avoiding the problem.

I booted the system back up using the XP Pro CD, deleted the existing partition and recreated it for a fresh installation. After 40 minutes of watching Windows Installer do its thing without an IDE zip drive to confuse it, Windows did indeed assign letter C to my hard disk. Furthermore, the motherboard driver installation went beautifully and completed in under five minutes sailing in blissful ignorance past the formerly troublesome spot.

Since I had the system up and it looked stable, I went ahead and ran the activation sequence for Windows. This turned out to be a mistake. On my next reboot, I reconnected the zip drive before powering the system back up. At this point, Windows decided to inform me that I’ve made “substantial changes” to my operating hardware and I would have to redo the activation. Grrr!

Beyond that, the rest of the job went smoothly. I installed a bevy of applications and utilities and copied the contents of the old hard drive over to the new system and life is now good. I’ll deliver it on Tuesday and can now enjoy my Labor Day weekend.

Voicemail Hell

Today’s job involves rebuilding a PC based voice mail system that was struck by lightning. I was hoping to get lucky and find merely a bad power supply, but Thor was not smiling when he smote this old box and it looks like the mobo took the hit too. This is going to be so much fun! I don’t even know what software they’re running.

Here’s what I know:

  • The computer is running DOS
  • It has a four port Bicom modem card
  • There are three ISA slots in use
  • The hard drive spins up

I’ve had to put this job off from last week because it required digging into my hardware museum to find appropriate parts. After an hour of searching, I located a never used Epox EP-61BXA-M motherboard, 32 MB of PC100 RAM, and a Celeron 333 CPU. I tossed these into my cauldron, added a touch of AGP video and hit the power. Miraculously, the system booted and I was able to navigate the CMOS. I put an old hard disk on it and booted into Win98 with errors.

I decided to go ahead and burn the system in overnight to ensure all the parts were good, so I rebooted from my handy burn-in boot floppy and left it running. By morning, I had 200 error free passes.

I carried the parts into the office and finished reassembling the system. Along with the Bicom board, I had two jumperless ISA modems to install. I also moved the existing hard disk and floppy from the old system. 20 minutes with my screwdriver and I had her ready to boot.

When I fired the system back up, the first message I received was a CMOS checksum error. Fortunately, I keep a ready supply of CR2032 batteries for this little gotcha. I replaced the battery, booted in setup and reconfigured the CMOS to meet my needs. Most notably, I turned off PnP, and all onboard devices, including IRQs for the USB and VGA. No sense leaving something running that might conflict with the mystery modems from the original system.

One more reboot. I fondly watched MS-DOS load and then watched the voice mail system enable the Bicom board. It detected the board and configured it successfully, so I’m hoping I’ll have dialtone on all four ports. Without warning, I get the following message:

PANIC: [lpt.c:72]: prt_install
AX = 009F BX = 0048 CX = 0000 DX = 812B
SI = 0087 DI = FC46 DS = 8C13 ES = DDE0
IP = 0AB6 CS = 389E
Current Task = 05DE:02ED (-MAIN-)
System Halted

I didn’t need google to make the reasonable guess this software was expecting to find a parallel port active in the PC. I powered her down and entered the CMOS again to turn on the parallel port in SPP mode.

Sixty seconds later, I’m looking at the monitoring screen for the “pairtree Call Processing System Version 5.33f/2.27”. Rock.

Outlook and Open Standards

I spent some time this morning chasing down an odd problem. I got a call from one of my customers regarding a puzzling email issue. For at least a month, he’s had no luck sending email from Outlook. The send dialog would sit forever trying to deliver a stack of phantom messages (i.e. not from the Outbox) and eventually timeout.

When he called on Friday, we decided to conference in his webhost and see what was going on at the smtp server. The admin for his domain checked the logs and discovered that every five minutes, there were stacks of errors being generated from these phantom emails. All of the emails were going to the inbox for a former employee. Since the inbox on the server no longer exists, the SMTP server was rejecting the message.

I telnetted into the server just to see what it was running and found Exim 4.52. I’m by no means an expert on the inner workings of ESMTP, but I assumed at this point that since the email was destined for a local domain, Exim was smart enough to recognize that the message was undeliverable and rejected it upon receipt of the message header.

Outlook 2002, being not so smart (or too smart if you prefer), valiantly kept attempting delivery. The real email messages my client needed to send remained queued up behind this phantom traffic and never made it out the door.

After a short discussion, we decided to recreate the user account to collect this email traffic and see what happens. As soon as we did, the test message my customer sent me went through. We scheduled an appointment for this morning to figure out where the phantom traffic was coming from so that the problem could be properly fixed. No sense waiting for the inbox to fill up or something equally occurs.

I arrived onsite and gave Outlook a once over to see where the traffic might be coming from. Checking the mailbox we created on Friday, I saw stacks of return receipts that were delivered on Friday. I searched for the return address in Outlook and in the registry to see if there was some setting amiss. I found nothing unusual.

Return receipts to an email account that hasn’t existed in over three months made no sense to me at all. I wondered if the former employee (who left on not such good terms and who has a modicum of skills) might be spoofing messages or left behind some sort of spyware that was grabbing her boss’s email. It seemed farfetched, but nothing else made sense.

When she left the company, I reloaded everything on the PC she used. I did a nuke and pave on Windows and performed a fresh installation of needed applications because the system had become so junked up by personal software and bootleg audio utilities. So I was pretty sure that her old computer wasn’t doing anything unexpected. We had also gone through the ritual of changing every password in the office at the time and I had performed a cursory review of their internal security too. Nevertheless, I doublechecked the other PC in the front office just to be sure it was clean.

Looking back at my customer’s Outlook, I noticed his calendar was pretty full. I asked the receptionist how he entered his appointments because I knew that he didn’t do it himself. The receptionist showed me how she created the appointment in her own calendar and then forwarded it as an iCalendar attachment to the boss. Interestingly, the staff at this office love the return receipt feature in email and have it turned on by default in Outlook. They also have automatic approval of read receipts set in Outlook.

I went back to the afflicted Outlook desktop and reopened the calendar. I then changed the view to show a list of appointments instead of the default calendar format. Interestingly, I discovered a huge list of birthday, anniversary, and payday reminders on the calendar. All of them were set as recurring appointments and some of them weren’t even scheduled to start until 2015. Those that populated dates in this year’s calendar had start dates that predated the employee swap in the front office.

Very interesting indeed. I asked how important the reminders were and the staff told me they were redundant since the boss got verbal and email reminders from the receptionist anyway. They told me to delete the recurring appointments which I gladly did. I’m sure that as each recurring appointment was scheduled automatically by Outlook, it generated the read receipts back to the old email address.

I’m scheduled to go back Thursday, so I’ll know then if the outbound email flood has been stemmed. I’m pretty sure I’ll be celebrating success when I check.

The most fascinating part of this for me was learning that iCalendar exists. And only seven years after its inception! According to wikipedia, Microsoft’s implementation is relatively stable as of Outlook 2002 and the standard has been implemented in a number of popular calendaring apps. There are also a few sites that let you publish your calendar online for free or you can do it yourself along with an RSS feed of upcoming events for news aggregators. Pretty darn spiffy.

Digiwhat?

Back to tackling the recalcitrant VM/386 system for me. I went back into the warzone with a primary plan and three backup plans. In that I was still unsure of the health of the dumb terminals and the complete lack of response to anything plugged into the Digiboard, I decided I needed to cover my bases. My plan was as follows.

  1. Update VMINTS and retry my connectivity tests
  2. Install free upgrade to VM/386 to see if problem clears itself up
  3. Reconfigure VM/386 to use serial ports and retest with PC
    • If successful, put a terminal on the cable and troubleshoot terminal settings
    • Otherwise, call IGC (VM/386 guys) and pay for some support
  4. Retry working terminal on Digiboard

All in all, I figured I had enough choices to get something going presuming the cables I used previously were still intact and functional.

My tools:

  • VM/386 5.01 to 5.02 upgrade diskette
  • an inline DB25 diagnostic plug with 25 LEDs to show me what’s happening on the wire
  • an inline DB25 null modem adapter
  • a DB25 loopback plug
  • my laptop with PCTerm (freebie DOS terminal emulator from IGC) preloaded
  • various gender benders and DB9-DB25 adapters

All in all, I felt well armed for success. For starters, I booted the server from the upgrade disk and updated the VMINTS file. Naturally, even this step had its difficulties. The front panel of the server has a bezel that doesn’t mate well with the eject lever for the floppy drive, so the diskette was stuck. I went into the CMOS and removed the floppy from the boot sequence. After numerous reboots, I finally cracked open the case and loosened the floppy drive retaining screws so I could force it to eject diskettes as needed.

Anyway, I rebooted VM/386 and verified the VMINTS file had been updated. It had a current date/time stamp, so I figure it did. Having had the foresight to backup the existing VMINTS file, I decided to run FC VMINTS VMINTS.OLD. Byte for byte, they were identical :/ . So much for that perceived obstacle. I went ahead and retested the terminal connections just for grins and they quite predictably remained broken.

Following my plan, I confirmed the backup of the \VM386 directory and root of C were still intact and then rebooted the upgrade diskette to commence upgrading the server software. Imagine my lack of surprise when the upgrade started copying the necessary zip files from the floppy to a temp directory and up pops a disk read error. I decided that if the file was indeed corrupted, the zip file wouldn’t extract anyway and I could restore my backup, I valiantly retried. After the third retry, the files finished copying and the upgrade proceeded without any further errors.

I popped the diskette out and rebooted the server. Being a 32 bit operating system, VM/386 works by launching a group of predefined virtual machines on startup. The first VM is the management console and another one starts for application access on the main computer (in this setup anyway). Upon restart, the management console came up successfully but the local application VM was totally corrupted on screen. The menu was visually trashed. I rebooted the application VM and got a normal looking menu. Switching to the management console, however, locked the computer up deader than a bug on a windshield. I couldn’t even toggle the numlock LED. After a few reboots with similar results, I decided to restore the backup and get the system back to a known working (I use that term somewhat loosely at this point) state.

Once I had the system stabilized and back to how I found it, I shut down VM/386 and fired up VMSYSDEF to reconfigure the serial devices. I added boards for both COM1 and COM2. On one, I told it I was connecting a WYSE 60 terminal, on the other, I told it I was running a PC with PCTerm.

I restarted VM/386, created profiles for my new settings, and then created two new VMs for testing. Since I was limited to five users, I had to shutdown some unused VMs. I connected my laptop via the serial cable and and put the diagnostic plug and loopback plug on the far end of the cable. I was able to get jibberish on the screen when typing and figured my baud rate was set incorrectly, but everywhere I checked, I had it set to 19,200 which matched the config in VM/386. I decided to guts it out and plugged the serial cable into the COM port on the back of the server. BOOM! Suddenly, I’m looking at the menu in VM3 on my laptop. It was the most beautiful thing I’d seen all morning. My customer was looking over my shoulder and started grinning from ear to ear.

Now that I knew I had a working connection, I decided to reconfigure the same port to accept a Wyse 60 terminal and try it AS IS with the dumb terminal to see if I could get one of those working. First, I tried the same loopback test on the terminal and was able to echo text back to the screen. I then put the terminal on the system and…. nothing.

I knew something simple was interfering. My connection was good and the serial port was working on the terminal. I could also see the dataline blinking on my diagnostic plug as I typed, so I knew the characters were going somewhere. I went into setup mode on the terminal (shift-Select on the keyboard) and checked the settings. I confirmed they matched the original settings (which presumably worked). I began wondering if I had problems with handshaking on either the transmit or receive lines. The transmit was set to XSP (I still don’t know what that is) and the receive was set to XON/XOFF. I tried a couple of different choices but still had no luck. On a lark, I changed the terminal emulation from Wyse-60 to PCTerm and… BOOM again! I was looking at the menu. I navigated around and started some programs to verify it was indeed working and must say, I was pleased.

Since I had two dumb terminals to reinstall, I quickly unplugged the current one and connected the second. I reset everything to match and gave it a go. Nothing. Furthermore, I wasn’t getting any blinky goodness on my diagnostic plug nor was I able to loopback the serial port. I decided this terminal was quite dead. On my previous visits, I had little success with either terminal, but I used this particular one more than the other and that may account for my previous lack of success. Nothing like multiple failures to frustrate troubleshooting.

I decided to see if I could get the working terminal up on the Digiboard. To make a long story short, it didn’t work. Diagnostics I downloaded from Digi International told me the replacement board was good, but I still couldn’t get anything to happen with it on any of several nodes. I now believe that the octopus cable was damaged along with the other Digiboard, but I didn’t have a spare to test with.

I realized I hadn’t tested printing yet. I brought the system back up with two working COM ports and reattached the working terminal. Par for the course, nothing came out of the printer from the application, a print screen, or by hitting Ctrl-P. I jumped back into the terminal setup and discovered the printer port was disabled. Clearly, this terminal lost its brains at some point and must have reset to factory settings or someone else had tinkered. After enabling the parallel port, everything printed as expected.

I conducted one more test using the RS-232 surge protectors the customer had on hand (even though they obviously didn’t provide protection) and then tested again with only the hardware I would use in the final connection just to be sure all the parts worked, I then headed downstairs to redeploy the terminal where it belongs. The cabling in the walls was unlabelled (of course), but I only had two to choose from, so I figured 50/50 odds weren’t too bad. Again, par for the course, I guessed wrong. To ensure I didn’t have other cabling issues, I plugged my diagnostic plug into the other cable to confirm I was getting a signal from the terminal downstairs and happily saw appropriate LEDs light. Making the connection with the correct cable, I had the most critical terminal back online!

It took about 15 minutes of searching to find the other serial cable I needed. The second connection was in the same office and the cable was installed by running it around the room along the baseboard. When they repainted and recarpeted the previous week, the contractors took the cable out and stashed it somewhere. I found the cable, installed Winterm on the computer at the other desk and ran the cable back around the room.

Pulling the computer out to connect the cable, I realize I’m short a connector. I used my DB9F-DB25F adapter at the server to plug into COM1. Oh, and of course, it wouldn’t physically fit with both serial ports stacked vertically at the back of the server, so I had to remove the power supply and move the 9 pin port to another spot on the back of the case. Regardless, I was short one adapter. I had to MacGuyver the existing adapter because Radioshack decide the 9 pin side needs those little hexagonal screw retainers which won’t mate with identical retainers on the port at the PC. To make it work, I used pliers and physically ripped the retainers from the adapter (no, they were not screwed on, they were welded to the ground plate). It was ugly, but it worked.

I ran to RadioShack and bought two adapters. To avoid the problem, I bought an adapter with a male 9 pin and then purchased a 9 pin F-F gender bender to provide some spacing at the PC connection. Back onsite, I got it all connected and pretty easily got a terminal session going in a window under Windows XP.

Printing proved to be a bit of a challenge. This PC has a parallel connected inkjet but their old application needs to print to this monstrous DataProducts 8820 wide-carriage dot matrix printer. I successfully printed a small report to the inkjet, but I knew it wouldn’t work for some of those 160 column reports. I checked the inkjet and realized it supported USB, so we robbed a USB cable from a computer down the hall and I reconfigured the printer to use USB. I then used the parallel port to connect the dot matrix. Windows didn’t have an appropriate print driver and I couldn’t find one through google, so I installed the printer as a generic text printer and let Windows send a test print job. So far so good.

I fired up the application and tried to send the same report to the dot matrix. Winterm gives me something like Unable to print to LPT1. retry/discard output. I give up. Opening a dos window, I’m able to copy a text file to the printer without errors. I suspect the problem is buried in how the application addresses LPT1, but I’m pretty confused since I printed succesfully to the inkjet earlier.

I clean up the windows printer list a bit by removing about six unused printer configs and reboot to confirm the problem didn’t clear up. Sadly, it didn’t. I mentioned before I used to program heavily in Clarion For DOS and I know it pretty well and have dealt with many of its foibles running under various versions of Windows. I figured I could eventually get it working, but I decided to recommend a product I’ve used sucessfully before. I told my customer what the circumstances were and recommended they drop $25 on DOSPrinter, a very useful program that can either grab text files and properly send them to any windows printer or intercept LPT1 and send it to any windows printer. Basically, $25 is less than they’d be paying me for additional labor to troubleshoot, so they agreed to try the software.

I reconfigured Winterm to send all printer output to c:\winterm\print.me and installed DOSPrinter. After a really brief configuration, DOSprinter grabbed the output and printed it to the correct printer. Success! Before I finished, I decided to edit the LPT port in device manager and changed it to LPT2. I didn’t want any future tinkering with DOSPrinter to break anything, so I wanted it safely away from LPT1 and potential capturing/redirecting activity.

All in all, the customer was VERY happy to have their system up and running again. The final casualty list was one dumb terminal, one Digiboard Com/8i, probably one Digiboard DB25 8 port octopus cable, and some minor bruising to my ego for not leaving the hardware side technically perfect. Life goes on.

Dropper Agent

Two weeks ago, I finally quit procrastinating about updating my Antivirus software. I’d been running Norton Systemworks 2002 for a while and the updates expired in late June. My intentions were to remove Systemworks and install the latest release of Norton Antivirus. I’ve been holding back only because it seems that about a third of the time I attempt to reinstall NAV for customers, I have problems.

Most recently, I ran into a situation where the installation would rollback after getting about 90% of the way done. I diligently followed the instructions and then more instructions and never got it working. I never received a tangible error message and I couldn’t find any logging of the installation to troubleshoot the problem. I finally switched the customer to another product and moved on. Mostly, I can get the installation to work by running the uninstallers, removing all references to SYMANTEC and NORTON from the registry and then purging any lingering files from the file system, but it shouldn’t be that hard to upgrade.

I’ve had more than a few bad experiences with McAfee as well, so I decided I needed to try something new. I uninstalled most of Systemworks and decided to try AVG Free Edition by Grisoft. The installation went smoothly, I updated and ran a full system scan. AVG doesn’t include an integrated scanner for Thunderbird, but the default email scanner that hooks port 110 seems to work just fine. As a bonus, I discovered that my PC now runs about 2-3x faster than it did before. I attributed this to AVG being a bit leaner than Norton and patted myself on the back for being so smart.

The only oddity I discovered is that AVG remains convinced my 11 year old DOS program for processing credit cards is infected with an unknown virus. I don’t even use the program any longer, but I’m loathe to delete it. Sadly, the free version of AVG doesn’t allow me to exclude that file from the scan. Ah well, the price was right and AVG isn’t interfering with it.

Today, I decided to look at my logs to see what else I might have missed and I notice that AVG quarantined a file allegedly infected with Trojan horse Dropper.Agent.8.B. I expect infected files to pop up occasionally because not all of my email addresses have built in AV filtering, but this particular file was C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe. I’m wondering how the hell an infected file made it so far into my system. On my home computer, I have the connection firewalled, behind a NAT interface and I’m very conservative about what programs I install and run.

First, I google the file itself to see what it does. MSDN says it is an Indexing Component for the Indexing service. I decide to google the bug to see what it does. I immediate find dozens of hits all pointing to this post basically saying the problem is a false positive by AVG rather than an actual Trojan.

The file has now been restored and I suffered no ill effects. From the posts I read, I saw that others detected the file in the DLL cache, the system restore cache and in other places. A quick search of my hard disk turned up 4 copies of the file. Now I’m worried that AVG isn’t doing a thorough job. If it found one copy, shouldn’t it have found the others? More things to research I guess.