As a newsreader, Windows Mail sucks worse than Outlook Express

First, let me explain briefly what a newsreader is – specifically, in this case, I mean a Usenet newsreader. Usenet is a community of systems that have chosen to exchange messages in ‘newsgroups’ organised and named as a hierarchy of topics – for instance, if you want to read about cats as pets, you’d head to the newsgroup “rec.pets.cats” – recreational, pets, cats. If you wanted to read about the biology of felines, you’d probably find a group something like sci.bio.feline – scientific, biology, feline.


If you’re not into Usenet newsgroups, you should know that they are an excellent source of information – where blogs and RSS feeds are more controlled by the individual blog author, Usenet newsgroups (or “newsfroups” as they are often called) can be added to by absolutely anyone, either to create a completely new thread of articles with a new subject under an existing topic, or to add your own comments or questions to an existing thread. [Adding a new topic – a new newsgroup – is a little harder, because Usenet doesn’t like to see multiple newsgroups on the same newsgroup]


So anyway, I’m a hard-core newsgroup reader, like most of the MVPs – it’s a great quick way to exchange information – asking and answering questions, and keeping track of topics you’ve already addressed.


For a long time, I used NewsXpress as my favourite newsgroup reader. It still is my favourite newsgroup reader, but has dropped out of my use for a couple of reasons – first, it crashes a lot; second, it doesn’t handle multiple Usenet servers / accounts well; third, it’s not on every system I’m going to use.


Outlook Express is better at handling multiple Usenet servers / accounts, and it’s on every system I use. It doesn’t crash – quite as often as NewsXpress.


Since I have the source to NewsXpress, I keep thinking I should fix it, but I simply haven’t had the time. So I stay with Outlook Express (originally, “Microsoft Internet Mail and News”, which is why the executable is called msimn.exe).


In Vista, Outlook Express is gone – replaced with “Windows Mail”.


Windows Mail sucks in a number of ways. Here are just a few of my complaints:



  1. It should be possible (in my humble opinion) to start up a newsreader from scratch, and use the space bar to read all the way through from the start to the end of all your newsgroups. Outlook Express allowed you to select an article in the list of articles, and then space through from there – Windows Mail requires you to select the article, then set the focus to the article preview window, at which point the space bar will work.

  2. Windows Mail attempts to import all your newsgroups from Outlook Express – and all the saved articles. It doesn’t handle the possibility that you might not have cleaned out your Outlook Express folders before installing Vista, and when it runs out of space, it abandons the import, with no clear way to make it start up again.

  3. Windows Mail does not import your newsgroup account settings from Outlook Express – it imports everything except the username and password. I’ve got several accounts whose username and password I’ve completely forgotten. Now I have to contact those Usenet server owners, one by one, until I get all my accounts back.

  4. Even when I do have a record of account names and passwords, when the password is a cryptic ten character string, I can’t actually copy the string from Notepad and paste it into the dialog box that prompts for my credentials. I can understand a password box not allowing Copy, but this dialog box prevents Paste into both the User name and Password fields – crazy!

  5. When prompting for your credentials, it doesn’t remember the user name you tried last time – so if your user name is long, and you want to try a couple of possible passwords, you have to type that user name over and over again (because, after all, you can’t paste into the box).

It seems almost as if Microsoft has given me reason to find the time to resurrect NewsXpress.

ReadyBoost – swap space on a stick.

 


So, I’ve finally upgraded my laptop from Windows XP SP2 to Windows Vista.

The upgrade process itself took over three hours – the first fifteen minutes of which was basically me uninstalling the applications that the Vista installation told me would interfere with the upgrade to Windows Vista – they were the Digital Persona application that comes with Microsoft’s Fingerprint Reader, Ahead’s Nero CD/DVD burning software, and something else that I can’t remember right now, and obviously am not going to miss.

One of the neatest features of Vista that I’ve seen so far is the addition of “ReadyBoost”. Microsoft describes it as follows:

Windows Vista introduces a new concept in adding memory to a system. Windows ReadyBoost lets users use a removable flash memory device, such as a USB thumb drive, to improve system performance without opening the box.

Me, I prefer to think of it (somewhat inaccurately) as “swap space on a stick”. In programmer terms, swap space is a portion of your hard drive that is reserved for saving copies of information from memory while it isn’t needed. At the expense of a small delay when reading it back in, this allows your machine to appear to have more memory than it really does – program subroutines and user data that you aren’t using right now don’t have to hang around in memory, so you have more physical memory left for the subroutines and data that you are using right now.

Early implementations swapped any kinds of data into and out of memory – later implementations (and certainly this was true at least by Windows 3.1, back in the early ’90s) marked sections of memory as “discardable” – meaning that they could be swapped in from other areas of the disk, rather than having to be stored in the swap space.

ReadyBoost could easily have been implemented as simply an external backing store for this discardable memory – that would make it “swap space on a stick” in a very real sense.

What ReadyBoost actually does is to work with SuperFetch to provide something slightly more – when a program (or other read-only data) is loaded from disk, SuperFetch can often anticipate this demand, and use idle cycles to pull the information up ahead of time – and when it does this, it also copies the read-only data to the ReadyBoost-enabled thumb drive so that it’s available quickly after it’s been swapped out – far more quickly than from the hard drive inside your machine.

Because this is data that can be rebuilt from the hard drive anyway, it’s no loss to your reliability if you unplug the thumb drive – you just slow down a little again, as you go back to the original swap space and memory relationship.

Finally, it’s even been built with security in mind. The data stored on the ReadyBoost drive is automatically encrypted with AES-128 encryption (this is an acceptable trade-off of fast versus strong). That way, even if you remove your thumb drive in the middle of working on your system, and you drop it into some malfeasant’s lap, he won’t be able to read the read-only file you were looking at, or internal details of your code.

And, of course, you can remove the ReadyBoost cache file – it’s just an ordinary file – any time that you want to use the USB stick as an ordinary disk.

So, wait for the next office supply store sale, pick up a cheap USB 2.0 storage device, insert it into your Vista PC, accept the prompt to enable it for speeding up your PC, and see how much your performance improves. [In my case, just enough to make it enjoyable.]

A good man who made a mistake?

According to the “Great Falls Tribune” (covering Great Falls and northern Montana), Todd Shriber is “a good person who made a real big mistake” – okay, so that’s actually a quote from Erik Iverson, chief of staff to US Representative Denny Rehberg. A more detailed report is here.


What’s the “real big mistake” made by this “good person”? Did he accidentally order a few too many reams of paper for the copy machine? Did he back into a road sign? Did he cross the road without looking both ways first? Did he send in his tax return without signing it? These are all mistakes that good people make.


No, what Todd did is to attempt, over the course of a month, to hire a hacker to break into the computers at Texas Christian University, in order to change Todd’s GPA (that’s “Grade Point Average”, a measure of how well you did on average throughout your college career). The email exchange is here, including signs that the hackers approached by Shriber told him early on that what he was requesting them to do would be a felony.


The cynic in me wonders if “a real big mistake” actually describes the ineptness with which Todd undertook the task of approaching and hiring the two ‘hackers’, and if perhaps the definition of “good person” in the speaker’s mind relates to “good to have should we engage in a campaign of skullduggery and misrepresentation”.


I really can’t stress this highly enough – honesty is one of the bases on which you can build good security and trust.


Hire a hacker to put your GPA up, and you may be exposed as a fraud like this – or, more likely, given the way criminal hackers operate, you may find your GPA is lowered, and the hacker is blackmailing you for more money to raise it, now that he’s proven he can mess with your numbers.


It’s often remarked that “you can’t con an honest man” – and while this isn’t strictly true, it’s a whole lot easier to con someone who’s willing to engage in a little dishonesty to get ahead. If you’ve engaged in dishonesty trying to achieve personal gain, and your ‘partner’ in dishonesty fools you, you’re less likely to seek (or be able to get) legal redress.


To bring this back to the topic of security, start your security policies and practices with a requirement on your users that they do what they believe to be honest and right, and that disciplinary action will be taken as a reaction to dishonesty, whether by omission or commission.


Enjoy the rest of the holidays, and be good next year.

Microsoft gets opener every day

Wow – who would have thought that Microsoft and Novell were partnering up to offer not just technical interoperability but licence and legal interoperability between Windows and Linux?

Ray Noorda's only been dead a month – is he turning in his grave already?

The technical parts of this agreement cover virtualisation – to run Linux apps on Windows, and Windows apps on Linux; Management by Web Services – so you don't have to have a pair of machines just to manage your server room; and Document Format Compatibility, so you can use whatever Office Suite floats your particular boat, and share documents with the guy down the hall who uses the stuff from the other religion.

The legal part of this agreement is probably the one that's going to cause most excitement (because the technical parts were fairly readily available already), in that Microsoft promises not to sue SUSE Linux users, and Novell promises not to sue Windows users, for any patent violations between Windows and Linux.

Also, Microsoft will not assert its patents against individual noncommercial open source developers, or against individual contributors to SUSE Linux. How cool is that?

My Take: I think this comes as a relatively obvious result of the battles between Microsoft and Linux with cries of "we might just sue your customers, so people better not buy your software" – if you scare everyone away from the field, nobody benefits. This way, two rivals get to boost each other's sales.

Co-opetition.

You have to love it.

And you want to be the first in your field to think of it.

What is an MVP?

As a Microsoft MVP (Most Valuable Professional), I’ve occasionally found that people have no idea what that means.

Here are some of the suggestions I’ve heard from others:

  • A corporate ‘shill’, paid secretly in order to say good things about Microsoft.
  • An ‘evangelist’ for Microsoft.
  • Someone who’s crazy enough to work for Microsoft on their spare time for free.
  • A person seduced by free trinkets and toys to market on behalf of Microsoft.
  • An ‘astroturf’ campaign (an artificial ‘grassroots’ campaign) designed to persuade people that ordinary users support Microsoft.
  • It’s a test you can take, like MCP or MCSE.
  • It’s a programme you buy into, like the Microsoft Certified Partner programme.

Well, it’s none of these things, but it can look like any number of them.

If it’s confusing, don’t worry – many times, even Microsoft staff get it wrong, and act as if we’re on some kind of retainer.

MVP is an award. As such, it is given for past behaviour.

MVPs are not slavishly devoted to Microsoft – one of them is, to my knowledge, a Linux / Unix fan, and got his MVP award based partly on displaying his knowledge of interoperating those systems with Windows.

There’s no test to be an MVP – and no criteria.

The general requirements are this:

  • Be neutral-to-positive towards Microsoft overall (I mean, really, would you award anyone who consistently slags off your products?)
  • Demonstrate a persistent ability to voluntarily help the community of Microsoft customers.

That’s pretty much it.

Oh, and you have to be over 18, because some of the award is access to NDA material, so you have to be legally able to sign the NDA.

I’ve heard of only a handful of people who have “tried to become an MVP” and succeeded, and they generally were not re-awarded.

More common by far, and the way most MVPs feel, is that you would be doing this stuff anyway, because you enjoy helping others and learning from the experience.

The award makes you feel less like ditching the “helping the community” hat the first time someone calls you in the middle of the night demanding free support because they don’t want to pay Microsoft for a support call, and by the way, their entire corporate structure is about to collapse unless you can fix their problem.

The award also puts you in contact with numerous other people who feel and act the same way you do – learning by teaching, helping yourself by helping others.

It’s by no means a recompense for the service that MVPs do, nor is it a bribe to make us talk nice (MVPs are often the most accurately targeted and vocal critics of Microsoft’s failings).

It’s a recognition that we are helpful to you.

Converting from AD time to Excel time

Here's a little formula that works to convert times and dates from Active Directory (or other LDAP servers) to Excel – really useful to use if you've exported a number of entries from Active Directory to an Excel spreadsheet or CSV, and want to see them as dates:

=(B1-94353120004495000)/864000000000

Clearly, 864000000000 refers to the number of 100-nanosecond intervals in a day. It's possible that the offset value of 94353120004495000 is not going to be correct for your environment, so don't forget to test this – time zones may affect the accuracy of this value.

Insufficient Resources to Complete API – part 3

In part 2 of this series, I promised to let you know how I'd been doing with my hotfix solution to this problem.

[History: After increasing my laptop's memory past 1GB, in Windows XP SP2, I find that the laptop will occasionally refuse to hibernate, with the cryptic message "Insufficient System Resources to Complete API". A Microsoft Knowledge Base article makes it clear that this is a known bug, and offers a hotfix. After going through the simple procedure of getting the hotfix sent to me, it's now even simpler, because the hotfix is available to anyone to download, without having to call Microsoft.]

I'm happy to say that this has been going really well. My laptop, with 1.5GB of memory, now hibernates wonderfully well all the time, and I no longer fear that I will be pulling a red-hot laptop out of my bag after I've closed the lid in a hurry.

I do still hit the problem that if I press the power button, then close the lid, it hibernates once, and then a second time immediately after I turn it back on. Not a big problem – certainly not as big a problem as running the laptop's processor and fans at full tilt inside a sealed laptop bag because it didn't hibernate.

Lessons for those watching:

  1. Always search the Knowledge Base – go to http://support.microsoft.com, and type in either the full error message, or select words that are liable to be unique in reference to your problems. If your first search produces too many, or too few, matches, simply choose a different set of search words. Imagine how you'd write up the article yourself, what key words you'd put in there.
  2. If there's a hotfix available, don't get irritated that you have to call someone on the telephone in order to get the hotfix. It's a ten-minute process, you don't have to give your credit card number, you just say you want the hotfix related to article number such-and-such, and they send you the password to use in downloading it.
  3. Revisit a previous problem after a couple of months – someone else may have reported and fixed it.

I always thought Preston Gralla was an idiot

Right from the first moment he gave my software, WFTPD, a negative review whose contents indicated he was confusing it with a completely different piece of software, I knew Preston Gralla was an idiot.

Every so often, I forget about him, because he's at least a relatively inconsequential idiot. He's not Steve Gibson, whose legions of fans hang on his every word, no matter how hyperbolic, contrived, unoriginal (unoriginal, yet claimed to be "unique" and "brand new") or incorrect.

Then again, every so often, I am reminded.

Last time was his "6 Steps To Protect Your Wireless Network", which, as I pointed out in "Wireless Security", overlaps significantly with "The six dumbest ways to secure a wireless LAN".

Today's is "", in which he states (as the whole basis for his article):

In Internet Explorer 6, you are able to customize your toolbar by adding buttons, removing buttons, changing their appearance, and so on.

Don’t look for that feature in Internet Explorer 7. It’s not there any more.

Uh… yeah.

So, when you select "Tools", then "Toolbars", and finally "Customize…", what you are looking at is a mirage. The apparent ability to remove, add, move all those toolbar buttons around is completely absent.

Maybe Preston's confused because it's no longer on the View menu. A "Power User" who can't cope with the possibility that a feature has moved from one menu (which is now hidden) to a different one? That's like turning up your guitar amp, smacking your head against the strings, and calling it a "Power Chord". With power must come sophistication, or you're nothing more than an oafish brute.

In another part of his article, Preston says:

Internally, Microsoft has created a mythical typical user it calls “Abby” who knows very little about computers. It now targets the operating system and browser at this imaginary Abby, potentially leaving the rest of us out in the cold.

Clearly, Microsoft needs to create a new mythical user called "Preston". Abby could teach Preston a thing or two.

IE7 – the security update that isn’t

First, the big news – IE7 is now available for direct download.

I cannot recommend this update strongly enough. Go and get it.

My wife’s not into the security stuff as much as I am, so she recommends it purely on the basis that it’s a far improved user experience over IE6.

Me, I see how much it adds to your security – how many attacks have been simply stopped (or, at the very least gave me a prompt) by the IE7 beta versions.

A lot of press statements have said that this will be pushed as a security update. That’s not correct. It will be pushed as a high-priority update, but not as a security update.  That means it isn’t going to wait for the second Tuesday of the month, and it doesn’t have to be made available on the download pages at the same time as the automatic update is pushed out.

Download and test IE7 in your usual operations – if an app fails in IE7, you can spend some time getting it to work, or remove it and use IE6 again. While you do that, of course, you want to be pestering the vendor to get their app to work.

Your users who run with Automatic Updates enabled will be getting IE7 on November 1 (All Souls’ Day, or the Dia de los Muertos), by the current schedule. So, update in advance to prepare for this.

Even though a number of vendors (hello, Intuit!) have stated that they will not support IE7, many of their applications just plain work anyway.

Way to "not remain silent", George!

We won’t remain silent as Microsoft imposes unnecessary security risks,” wrote George Samenuk, just days before resigning from McAfee, apparently because of a back-dated stock-options scandal that started in 1996, lasting through Samenuk's reign as CEO and into the recent appointment (last March) of Kevin Weiss as company President.

Speaking of Kevin Weiss, he has been fired from the company, apparently.

I'll confess I don't understand much about the SEC and the point of this investigation, but it seems like Weiss (who came up through Sales, not Finance) is taking the fall and allowing Samenuk to bow out somewhat more gracefully.  I know if I was in that kind of lofty position, I'd be happier to resign than to be publicly terminated – unless, of course, I could point to the termination as a bone-headed or political move that was obviously unrelated to my ability at performing the job, and more related to the timing of an investigation, and the need to put a head on a pike.

Maybe Microsoft should release Vista quickly, while their detractors in the security field are playing "Who's the Boss?"