Elegant Simplicity

Microsoft, you really need to get a clue here.  You’re alienating your core user base.

I purchased a new Lenovo T61p a few moths ago with Vista Ultimate.  Of course, the machine came with 4GB of RAM, but Vista 32, so I could only use 3GB of RAM.  I called Microsoft to ask how to switch to 64 bit, and they told me to call Lenovo, who told me to call Microsoft.  Argh.  Microsoft was kind enough to inform me that the Vista 32 license could be used with Vista 64, but I had to either purchase a Vista 64 disk from the store at $300+, or borrow one from a neighbor.  Yes, that’s right, Microsoft was telling me to use my neighbors software.

I found a great forum post stating that I could just purchase a Vista Anytime Upgrade DVD ($5 from Amazon) and use it to install Vista 64 on my computer using my existing OEM key.  I installed the new OS on the machine and that went without a hitch.  I then entered the OEM key which didn’t work (as expected), and called into the product activation center to activate my OEM key for use with Vista 64.  I spoke with someone who was very nice but had a horrible accent and my copy of Vista was activated in about 5 minutes.  Perfect.

Lenovo has an automated software and driver updater called the ThinkPad System Update.  That pulled down all kinds of new drivers and my machine was running at 100% for a month or two.  Then it pulled down a new driver called the Intel Storage Matrix Driver that is newer hard drive controller drivers.  They installed fine, but when Windows came up after the reboot, it had deactivated itself and I had to call back in to the activation center once more.

Just now, a new version of the Intel Storage Matrix Driver was released and I installed it.  Once again, Windows is telling me that my copy of Vista is not activated.  I had to call back in to the activation center yet again.

Microsoft, you really need to read this.  I’m a long-time Windows user.  I don’t copy your software.  Your software has now come up on my machine TWICE and insinuated that I’m a criminal.  I do not appreciate it.  It makes me want to go get the Vista hack and turn off that damn activation window so I don’t have to waste my time repeating myself over and over.

Microsoft, you should also know that I have successfully installed Ubuntu on my T61p, and besides a few minor tweaks, the system came up and ran beautifully.  And not once did it ask for activation.

I finally got off my ass and took the Cisco CCNA exam. I passed with a 960/1000 score, which isn’t phenomenal, but does mean that I get to use CCNA ® Certified after my name now. I love letters.

I was upgrading the firmware on my WRT54GL router today, when I encountered one of those errors you just have to screenshot and post to the world.  Engrish strikes again.

I had the need to view a DWG file, so I downloaded the latest version of AutoDesk DWG TrueView.  The installer went through its routine and copied a bunch of files, and plopped an icon on my desktop.  As usual, that was too easy.

I tried double-clicking the icon on the desktop.  No errors came up, but TrueView didn’t come up either.  It’s like I didn’t click the icon at all.  I tried double-clicking the DWG file, and received an error from Windows Explorer stating “Windows cannot find ‘…myfile.dwg’.  Make sure you typed the name correctly, and then try again.”  Of course the file was there, I clicked on it.

I tried a few things and finally installed Process Monitor to see what was going on.  When I followed the DWGVIEWR.EXE process, I saw it do a whole bunch of things (1,623 events) successfully before the process exited with an error code -1073741819 (0xc0000005).  I did some digging and found the source of the problem: DEP.

It seems that DEP was causing the process to exit because it was preventing something inside TrueView from happening as expected.  The AutoDesk programmers didn’t trap this condition, so no error message was presented to the user.  Adding DWGVIEWR.EXE to the list of DEP exclusions worked perfectly.

I found this error code in a few other places as well: Java, Rosetta@home, and InstallShield.  I wonder if any of those problems were related to DEP as well?

Greetings Mr. Brownback,

My name is Eric Hill.  I was born and raised in Wichita (technically Garden Plain, but same locale) and currently live in Wichita with my family.  I have worked in the computer field for over a decade, and am the lead technology person for Pioneer Balloon Co, also headquartered in Wichita.

I am writing you today in an effort to give you a possible alternative to the Real ID Act (http://en.wikipedia.org/wiki/REAL_ID_Act) that may have far less thorny side-effects than the current plan.  Much of what people are complaining about (http://www.realnightmare.org) stems from a few simple principals.  First, a centralized database is a prime target for fraud, attack, and denial of service.  Second, just one single wrong entry in a centralized database becomes a massive headache very quickly since it is a single point of failure.  Lastly, it feeds the fire of conspiracy theorists that the government has ultimate control over a citizens life, rather than the citizen controlling their own destiny.

I have an idea that may let the US be a shining example of the rest of the world at how a true democracy can work.

The problem with Real ID comes down to trust and authority, and the delecate balance between the two.  Users of the system (citizens) do not have complete trust in the system, and the system is built specifically because it doesn’t trust the users.  We have EXACTLY the same problems in the computer world.  You have servers that must serve client requests, but need to ensure that a rogue client doesn’t gain access to privileged resources.  This problem is ALREADY SOLVED, and has been for many years now.  By the people at MIT no less.

Bear with me, for the next few paragraphs get a little technical.

The solution in the computer world is called Kerberos, named after the Greek mythological three-headed gueard dog of Hades.  It is amazingly elegant, and a global standard for security.  It’s purpose is not to be an all-knowing master to all other clients on the network, but rather to be a secured coordinator of communication.  The elegance and simplicity of this system is its’ biggest strength.  Instead of trying to be all things to all clients, it is a clearinghouse for connecting two independent parties together.

Imagine a scenario where you would like to communicate a simple message to the President.  Imagine yourself writing a secret letter and placing it into a lockbox.  To communicate securely, both you and the President would need a key to the lockbox.  This is called a pre-shared key.  Simple, right?  What if you needed to communicate securely with each member of the House of Representatives.  Now you have to maintain pre-shared keys with 435 different people.  Secured communication just became a nightmare.

Enter Kerberos.  Kerberos acts as a secured communication coordinator.  Now, imagine that you have a single pre-shared key with the Kerberos server.  The President has a single pre-shared key with the Kerberos server.  All 435 members of the House have a single pre-shared key each.

We have reached the “magic” of Kerberos.  Lets go back to the example of you communicating securely with the President.  First, you send a message to the Kerberos system that says “I (Sam Brownback) would like to communicate with George Bush”.  The Kerberos system looks in it’s system and finds George’s pre-shared key.  It then creates what is called a ticket that says “I, Kerberos, say that this message will come from the real Sam Brownback” along with the current date and time.  It takes this ticket, puts it into a lock-box secured with George’s pre-shared key, then puts that box into a lockbox secured with your pre-shared key and hands the whole thing to you.  You unlock that box to remove the inner box (which you cannot open), and you send it to George saying “I would like to send you a message, and here is proof that really am who I say I am”.  Only George can open the inner box, and the message contained within proves that you are who you say you are.  We call this a “session” in the computer world.  You have just proven to George that you really are Sam Brownback without sharing any private information with each other.  You accomplished this task through a key-clearinghouse called Kerberos.

Here is my solution.  The problem of identification can be broken into two pieces.  First, you have the trust aspect of whether or not the identification is valid or not.  Secondly, you have the credentials of what the identification provides access to.  Instead of trying to create a single, national identification system that tries to solve both problems, we need a government-run system that is simply a pre-shared key clearinghouse and no more.  This clearinghouse should do NOTHING more than act as a trusted key authority.  It should NOT maintain user names, bank account information, drivers licenses, or any other identifying piece of information about an individual, only a “user number” and pre-shared key.  It should be a separate section of government (not affiliated with the FBI, NSA, CIA, etc.) and conduct operational affairs in the public forum.  In addition, this body should be open to foreign key servers as well (known in the computer world as a cross-realm trust) so that we can openly share keys with other governments and they can run their own key servers without fear that the US is trying to take control of the system.

Next, other entities (government, business, organization, etc) register with this clearinghouse to get pre-shared keys.  This means that the Kansas State Department of Motor Vehicles (KS DMV) would have a pre-shared key.  Business, such as banks, that so choose would also get pre-shared keys.

Lastly, each citizen would get two cards.  The first card would be a pre-shared key with the master key database.  It would be the citizens responsibility to keep this card secured, just as they would any other important documents.  The second card would be a global “session card” that has a second pre-shared key bound to the user account, and a validity period just like drivers licenses have (good for a year or two).  It is this “session card” that would be carried in a wallet and presented as the master form of identification.

With this infrastructure in place, lets set up an example transaction.  Eric Hill in Wichita would like to buy a car from Joe Self Chevrolet.  Joe Self first needs proof that this “Eric” character is really who he says he is.  Joe Self requires a government identification be present, so Eric presents his session card and Joe Self is able to confirm that the KS DMV has a record on file for Eric, along with a photo.  The brilliance of this scheme is that Eric never has access to Joe Self’s pre-shared key, and Joe Self never has access to Eric’s pre-shared key.  If a session card is lost or stolen, a single call from the victim to the key clearinghouse immediately voids (expires) the session card and a new one is issued.

I can go on for hours about this solution (I am a geek after all), but it lends itself to the next generation of cooperative trust between businesses, the government, and citizens without being overly draconian.  It provides a high level of trusted security, has been available for nearly two decades, and you’re already using the technique without even knowing it as it’s been a part of the Windows operating system since Windows 2000.

I would love to take the time to sit down with you and help you draft a simple and elegant solution to the problematic Real ID system.  Please don’t hesitate to contact me.

My email address is eric [at] ijack [dot] net, and my cell phone number is xxx-xxx-xxxx.

I look forward to your response,
Eric

We took a trip to Marshall, TX over the weekend. Here is a copy of the letter I sent to LaQuinta through their contact-us page. I am not happy.

We arrived at the La Quinta in Marshall around 9:00 on Friday evening. We were assigned hotel rooms 251 and 263. The problems started there…

I stood behind a couple that were given a room key to an already-occupied room. I made sure that I locked my door with both locks that night.

I went to get ice, and there was only a single ice machine in the entire hotel that was working, and it was on the opposite side of the complex. There were obvious locations where the machines could be, but two of them were completely empty (upstairs and downstairs). The upstairs ice machine across the campus was out of order, so the only ice machine working was the one closest to the front desk.

As we were getting ready for bed, a cockroach crawled up the bathroom door, and we found two or three more cockroaches in the bathroom under the sink. Simply disgusting.

On Saturday night, we got back to the hotel around 9:00 to find the parking lot nearly full because the convention center next door was having a huge party. They had a huge stereo as well, and we could hear the bass throughout the hotel until midnight. Once that stopped, we could hear several couples in adjoining rooms coming in drunk from the party, and the couple in the next room over decided it would be a good idea to have sex for the next 30 to 45 minutes. At least the air-conditioner was loud enough to drown that out.

Lastly, I went down to the front desk to complain about the whole ordeal on Sunday while I was checking out, and there were 6 or 8 people waiting at the front desk and the poor guy working the front desk was frazzled because the one printer under the counter wasn’t printing invoices. By this point, I was so frustrated that I just left.

All in all, I had a very poor experience with your hotel, and I doubt that I will stay there again. There are some serious problems that need to be addressed, and I’m not sure the current management staff is up to the job.

Next year, I will most defnitely not be staying anywhere near the LaQuinta hotel. That’s ridiculous.

Update 6/15/2007: I received a call from the hotel manager this morning.  He apologised several times for the problems I had with the hotel and reassured me that’s not the way he runs his hotel.  He said he was willing to refund the price of the rooms, however since I had booked my trip through American Express travel services, he was unable to do so since he had not charged me directly.  Instead, he is going to send me two free room gift certificates for the next time I stay there.

I’m glad that he took the time to try and make things right, but it’s going to be a while before I convince myself to stay there again…

There is a huge amount of buzz around the leaked master DVD decryption code running about the ‘net right now. The RIAA is horrified that the number got out, and threatening lawsuits because it is protected content. I totally agree. You thieves need to stay the hell out of the RIAA’s pockets.

Oh, and the combination to my luggage is 09f9.1102.9d74.e35b.d841.56c5.6356.88c0.

As of April 14th at 12:39PM, I am proud to announce that we just had a new little baby girl! Mom and baby are doing just fine. As of yet, we haven’t named her, so she’s simply “baby Hill” for the time being. She weighs 8lb 1oz, and is a little over 19″ long. I’ll post another update with her name and any other details as they arise… For now, here’s a picture of her favorite thing to do so far.

edit – 4/16/2007 9:54pm

We now have a name thanks to my cousin Julie!  Our new baby girl is named Lainey Elizabeth.

I received a voicemail this morning and when I did the usual “push and hold 1″ to get into voicemail, I got a very non-descript error message that said “Invalid phone number”.  This has worked flawlessly for months, so I figured some update had happened overnight.  I called technical support.  The overly chipper CSR had me power-cycle the phone via battery removal and, after that didn’t work, told me to just dial 123 to access my voicemail.

I got off the phone with her slightly miffed that I didn’t have a better solution to that, so I dug around on the internet and found several people with the same problem.  One person suggested sending an OTA to the phone which seemed like a pretty good idea, so I called support back.  They put me into level 2 Blackberry support and the CSR sent me an OTA as requested.  It took a minute to come through, but it failed to solve the problem.  A few more attempts at changing the voicemail access number and some test calls led the CSR to believe that the phone’s software had somehow become corrupted, and that I needed to use the application loader to re-shove the settings onto the phone.

While I’m sure that would have worked, I ran across another post describing my very problem.  The solution was rather simple, albeit extremely non-obvious:

1. Go into the Call Log
2. Press Menu
3. Go to View Speed Dial List
4. Highlight the #1 entry and Delete it
5. Power off the phone
6. Remove the battery

As the phone comes back up, it will put the system voicemail setting back into the speed dial slot 1, and the problem goes away.

I’m working on an application to map data in Microsoft MapPoint and ran into a very generic COM subsystem error message of “The parameter is incorrect”. This beautifully nondescript error message seems to be a big thorn in the side of MapPoint developers everywhere, including myself. The function I was trying to use was DisplayDataMap, which is the only API call that MapPoint exposes to map imported data. I was calling this function from within a C++ application, and no matter what I tried, I always seemed to get the error message when mapping data using the geoDataMapTypeMultipleSymbol map type. This error message doesn’t indicate which parameter is incorrect, which made troubleshooting it that much more frustrating, since the function has 13 (ironic?) different parameters.

I’ve been working with Eric Frost of mp2kmag fame over the last few weeks, and he was able to supply me with a C# snippit of code that worked. I trimmed it down to the bare essentials and figured out the main parameter that I was having problems with was ArrayOfCustomValues. This seemed to be rather straight forward in that I just needed to pass in an array of numbers. But Eric’s code was a bit different.

object[] customValues = { 1, 2, 3, 4, 5 };

The array was defined as an object array, not an int or long array as I would have expected. Sure enough, changing the declaration to the following caused MapPoint to throw the error.

long[] customValues = { 1, 2, 3, 4, 5 };

So now that I knew what caused the error message I was seeing, I went about figuring out how to fix it in the Visual C++ world. Variants and variant arrays (safearrays) are a crude beast to get your mind around, and there are quite a few code samples scattered across the internet that deal with them. When it came right down to it, the difference between these two code segments lies in how the .Net framework packages up the values to pass as a variant parameter. The long array is packaged up as a variant safearray containing type VT_I4, whereas the object array is packaged up as a variant safearray of variants, with each variant set to a type VT_I4. This additional level of indirection makes all the difference in the world.

I changed my code to create the array of type VT_VARIANT instead of VT_I4, then added variant records containing the values to the array, and MapPoint happily plotted the data as expected.