« July 2005 | Main | September 2005 »

August 30, 2005

Monad and WMI

Abhishek did talk about the get-wmiobject cmdlet on the team blog, but I wanted to expand on it a bit more.

The basic use of the cmdlet is what you would expect:

MSH> get-wmiobject Win32_BIOS
SMBIOSBIOSVersion : Version 1.10
Manufacturer : TOSHIBA
Name : v1.10

But the command can do much more than that. WMI queries are built with WQL, a SQL-like query language. They look just like SQL queries, of the form:

select PROPERTY from CLASS where FILTER

and get-wmiobject surfaces those through the -property, -class, and -filter parameters. -class is a positional parameter, in position 0, so the previous command was actually:

MSH> get-wmiobject -class Win32_BIOS

You can use -property and -class as you would expect (I'm not going to include the output because I'm lazy, but trust me it works):

MSH> get-wmiobject Win32_LogicalDisk -property DeviceId,DriveType
MSH> get-wmiobject Win32_LogicalDisk -filter "DriveType = 3"

But because the objects that get-wmiobject outputs can be accessed like anything else in Monad, you can instead do these as:

MSH> get-wmiobject Win32_LogicalDisk | select-object DeviceId,DriveType
MSH> get-wmiobject Win32_LogicalDisk | where-object { $_.DriveType -eq 3 }

(Filtering via select-object instead of get-wmiobject -property actually gives slightly different output. There are property sets defined for many WMI objects in the default types.mshxml files (search for "Win32_" in the file to see them), which controls the set of properties displayed; for some reason when you use -property it changes the type name slightly in the output objects, which causes it to display more properties. I'm not sure if this is a bug or by design).

Now you might think the following would work:

MSH> get-wmiobject Win32_NetworkAdapterConfiguration -filter "IpEnabled = True and IpAddress != ''"

but it doesn't, because IpAddress returned by WMI is actually an array, and WQL doesn't handle arrays. Luckily MSH can filter that just fine, since -ne of a scalar vs. an array is true if the scalar is not in the array:

MSH> get-wmiobject Win32_NetworkAdapterConfiguration | where-object { $_.IpEnabled -and $_.IpAddress -ne "" }

But you can get even fancier if you have the proper WMI steez...WMI namespaces have a class called "meta_class" which lists all classes in a namespace. And WQL has an ISA operator which can test for class inheritance. You can do any WQL query if you remember how the get-wmiobject parameters map to the WQL select statement. So a statement like:

select __class from meta_class where __this isa 'Win32_CurrentTime'


MSH> get-wmiobject meta_class -filter "__this isa 'Win32_CurrentTime'" | select-object __class

which will return Win32_CurrentTime, Win32_LocalTime, and Win32_UTCTime (I'm using select-object instead of get-wmiobject -property because of the formatting issue I mentioned above).

You can also use the -namespace parameter to search other namespaces beyond the default (which is "root\cimv2"); I won't get too into details, but if you want to explore, the command

MSH> get-wmiobject -namespace "root" -class "__namespace" | select-object Name

will return all the child namespaces of "root", and you can then investigate further with commands like:

MSH> get-wmiobject -namespace "root\WMI" -class meta_class | select-object __class

Posted by AdamBa at 09:16 AM | Comments (2) | TrackBack

August 27, 2005

The Relevance of Relevance

A lot of talk in the search engine world these days is about relevance. Meaning how relevant the results are to the query you entered.

Now relevance is nice. But is relevance what drives people to switch search engines (like, say, from Google to MSN Search)?

I don't think too many people remember what the search engine world was like when Google arrived. I recall preferring Google to other search engines (AltaVista was the previous favorite) because of three things:

  1. Google showed an excerpt from the page that had the section of text right around the search terms; other sites showed no excerpts, or showed the beginning of the page.
  2. Google had a cache of pages which you could directly view, instead of being hidden away for use only by the search engine itself.
  3. Google did a great job of finding official sites. Meaning if you wanted the site for the Seattle Aquarium and typed in "Seattle Aquarium" as your search text, Google had a much better chance of returning the official site as the first item.

The third item is not trivial, and it showcases Google's technique of treating inbounds links as "votes". Many people may write about an Aquarium in Seattle, but the most linked-to site will almost certainly be the official site.

But I listed those three features above in what I feel is order of importance. Yes it was nice to be able to find official sites, but in many cases you were searching for information, and in that case the inbound link counting was not guaranteed to give you the best result. This is where the first two features came in. What they did was allow the user to have a holistically better experience with Google. It wasn't so much that Google returned the best results at #1, it was that the user's overall experience with Google was that they found the page they wanted faster. This was because the way Google excerpted text made the results page easier for a human to scan, and the cache made it easier to check out the linked-to page itself (because it would tend to load faster out of Google's cache than from the real site). So the user came away from Google happier, but it was because Google's had two features that leveraged the user's brain to provide the "last mile" of searching.

Note that neither of those two features had anything to do with the actual relevance of the searches; Google just had to get the right site on the first couple of pages of results and the user would do the rest.

Of course Google has improved tremendously in the interim, and has gone far beyond merely counting inbound links (if its algorithm even ever was that simple). Google now does a much better job with searches for information. Meanwhile every other search engine has adopted Google's excerpting and caching features, and they can all find the Seattle Aquarium if asked. Everyone is plugging away at relevance. But my point is that in order to actually pass Google--to draw users away from Google-- a search engine is going to have to go beyond relevance. It's going to have to something fundamentally different in how it presents the results that allows the user to have a faster, more successful search experience than they do with Google.

I don't have any silver bullet ideas on how to solve this. Actually I did have a notion that it would help if the search engines returned a thumbnail image of each site along with the results. What's that you say...it would take up too much bandwidth? Bah, spare me your resource limitery. I want a new pony NOW!!

Posted by AdamBa at 11:01 PM | Comments (5) | TrackBack

August 26, 2005

Monad Team Blog!

Monad now has a team blog. Some good stuff up there already. It does bring up a question when I want to blog about Monad, should I post it here, or on the team site?

For the moment the question is moot since the next thing I was planning on blogging about was WMI access and Abhishek just blogged the squittle-dee-doo out of that.

Posted by AdamBa at 09:11 PM | Comments (0) | TrackBack

Strange Article on Slashdot

Today there was a Slashdot article about the Microsoft employee who contracted the measles. The strange thing was that it was played somewhat gleefully, as an anti-Microsoft thing, and ended with "Somehow I do not think that Microsoft included in their cost-benefit analysis of offshoring the potential wide-spread infection of their company. Perhaps they should include that risk in the future."

Now Slashdot has had some dubious articles in the past, and Microsoft-bashing is nothing new. And of course the site is free to publish what they want. But this is the first article that really left a bad taste in my mouth. Someone got the measles...har de har, serves them right for working for a company like Microsoft? Imagine if he infected five people and they all died...boy wouldn't THAT be freaking hilarious.

And what's up with that part at the end. First of all its factually wrong, since the employee got sick in France. But the implication is that offshoring is done in places that are grubby and dirty and us civilized Westerners take our lives in our hands just by breathing the air. Do people really think that? Yeeeccchhh.

Posted by AdamBa at 08:52 PM | Comments (5) | TrackBack

August 25, 2005

Find the Bug in this "Virus"

I was looking at the code for the alleged Monad viruses, which I discussed here and has been kicked around elsewhere. This is the first of the five, that simply copies itself on top of every other .msh file in the same directory. This is the verbatim code from RRLF:

$name_array=get-childitem *.msh
foreach ($name in $name_array)
  if ($name.Length -eq 249)

foreach ($victim in $name_array)
  if ($name.Length -ne 249)
    copy-item $my_file $name.Name

So I was looking at this code and I noticed that it had a bug in it!! In fact it's precisely the kind of bugs I have in Find the Bug...it's a short snippet of code, that looks reasonable and is syntactically correct, but it doesn't work as expected. It even fits nicely into the bug type classification scheme...but I won't reveal the type since that makes it easier to spot.

Can you find the bug? Can you explain in which situations it would manifest itself, and how it would cause the program to behave?

Incidentally on the virus scare itself, Terry Myerson, GM of Exchange Server, has a good post that talks about the quote-unquote virus, but also gives a glimpse into the power of Monad/Exchange integration.

Posted by AdamBa at 02:33 PM | Comments (9) | TrackBack

August 22, 2005

The Answer

There has been some speculation about who will succeed Bill and Steve at Microsoft (some of the speculation was on this blog). A few days ago I had an epiphany...I was hit with a blinding flash of genius and I just had to share it with all of you. So pull up a chair, relax, swap the schwag for green, and listen up.

The problem is that it's hard to imagine Microsoft without Bill and Steve, and it's hard to imagine whoever succeeded them having enough respect from employees to impose their vision on the company.

So my solution to who will replace Bill and Steve is...nobody will replace Bill and Steve.

See, there's another problem. Microsoft is becoming a huge company, and it's not clear that any person, even Bill or Steve, can really keep it all in their heads, and use the size of the company to its advantage. There's something like 120 vice presidents, which means 120 people who can pursue their own agenda, while also being able to jump up and complain about each other's agenda. Is Xbox content delivery in sync with Media Center. Does the Smartphone support .Net. Can MSN use Linux for its servers. That sort of thing.

Plus, I'm not sure that Bill and Steve have a natural affinity for the parts of the company that go beyond its roots -- the ones other than languages and operating systems. Bill and Steve are super-duper smart guys, but the people running MSN and Office are also super-duper smart. Does having Bill and Steve review all their plans help them, or does it just add two extra pairs of super-duper smart eyeballs that introduce an extra level of review (and delay) before proceeding with what was planned anyway?

In recognition of the difficulty of coordinating among 60,000 employees, Microsoft has already divided the company into seven "P&Ls" (as in profit and loss) -- business solutions, server and tools, mobile and embedded devices, home and entertainment, MSN, client (meaning Windows Client), and information worker (aka Office). Each of these have their own CFO and in ways function like independent companies, but they all report back to Bill and Steve.

So my idea is that when Bill and Steve retire, they do so together, and at that moment Microsoft is split into seven companies. Actually six companies, because client and server and tools are too intermingled to separate. Microsoft Research either sticks with one of the six, or else gets spun off into a separate company owned by the other six, everything cross-patented to the hilt. Shareholders in Microsoft get shares in all the companies, and then it's up to the stock market to decide.

Some would suggest this should happen now, with Bill and Steve taking the client and server and tools part (producing a nice echo of proto-Microsoft, circa 1983). But hey, Bill and Steve have earned the right to stick around and kibbitz as long as they want. But once they're gone...time for the Big Bang.

Posted by AdamBa at 09:32 PM | Comments (5) | TrackBack

Vacation in Beautiful Redmond, WA

Saturday morning we were sitting around the house and realized we had nothing much planned this weekend. So on a whim we decided to decamp for a couple of nights at the Redmond Mariott Town Center. This is a hotel located in the Redmond Town Center shopping mall in downtown Redmond. I suppose many visitors to Microsoft stay there. It's also about a mile from our house.

The hotel was nice, although the air conditioning in the rooms was very loud (strange for a hotel that is only a year old). We swam in the pool, wandered around the mall (which is outdoors), and ate in the restaurants. It's the same mall-wandering and restaurant-eating we usually do, but it seemed neater when we were walking from the hotel. We also discovered that the hotel has a nice restaurant called Meritage that has a reasonable wine list and good kids' meals. We probably never would have discovered the restaurant if we hadn't been staying at the hotel.

Posted by AdamBa at 08:13 PM | Comments (4) | TrackBack

August 19, 2005

Goin' to the PDC

Hey, I'm going to the Professional Developers Conference in L.A. next month. Monad has a talk, some hands-on labs, and I'll be spending time in the "Track Lounge" (hope I don't have to wear polyester).

I have not been to a PDC since the very first PDC, back in July 1992 (I guess before that Windows conferences were for amateurs only). This was where NT had its big coming out party. Back then I gave a talk on NDIS 3.0, the interface for network card drivers. I'm looking forward to it, should be a good time, lots of bloggers there, and I get to show off my product.

Jeffrey Snover is giving the main Monad talk, along with Jim Truher, one of the other PMs on the team. Jeffrey gives a great talk--the definition of the phrase "infectious enthusiasm". This is some feedback from a recent talk he gave: "Jeffrey did a great job presenting the information" "Brilliant session. Exciting stuff. Great presenter with great content." "The demos were very effective in getting folks jazzed about the future of scripting on the windows platform. His demos should be voted '"Most Likely to get folks to go out and play with this stuff!'"

In fact, if any UFO Aliens are reading this on their intergalactic browsers, planning their inevitable invasion of Earth, I suggest they set the date, time, and location to September 13th, 2:45 to 4:00 PM, LA Convention Center Room 404 AB. Stop by, learn about the future of scripting, munch on some snax, and then go lay waste to the planet. The PDC is sold out, but if you give my name at the door they'll let you in.

Posted by AdamBa at 10:47 PM | Comments (1) | TrackBack

August 17, 2005


When the Monad team moved to building 44 last fall, we discovered that there was a ping-pong table in a common area on the 2nd floor (it's in the "breezeway" between the two halfs of the building, for anyone who knows what that means). There was also a pool table on the third floor, which never got much use; but the ping-pong table caught on. Now it tends to be occupied at all hours of the day. Walking to the bathroom you may spy an orange ping-pong ball bounce into the hall in front of you, followed quickly by a sweaty Monad tester bent on retrieving it. A quick search of any office is likely to reveal a ping-pong paddle hidden among the .Net manuals and empty soda cans.

To have some fun and build team morale, my boss had the idea of holding a ping-pong tournament for AXP (AXP is the product group consisting of the MMC and Monad teams). He tasked himself with organizing the tournament, but wasn't quite getting around to doing it. We have a PM intern on our team this summer and I 85%-jokingly suggested one day that we assign the intern the task of organizing it. My boss immediately left my office, evil gleam in eye, and 30 seconds later came back to announce that the deed was done.

Once the project had a committed owner it got off the ground, complete with fancy double-elimination chart posted on the window. I got bounced out after two games (comment from one of my opponents: "You were easy to beat once I figured out you couldn't hit a forehand"), but the tournament is still going on, with the final sometime next week. We also took the important step of ensuring the event would be forever commemorated in Microsoft history, namely, we ordered t-shirts for all participants (I've commented in the past that the Monad project has been somewhat lacking in t-shirts).

Posted by AdamBa at 01:31 PM | Comments (1) | TrackBack

August 16, 2005

The Phenom

Last night I went and saw Felix Hernandex pitch for the Mariners. Hernandez is a 19-year-old rookie. As it happens, I also saw him pitch Tuesday, which was his first home start.

On Tuesday he threw eight shutout innings and the Mariners won 1-0. The entire game lasted 2 hours and 1 minute, the shortest game in Safeco field history.

Last night looked like more of the same. The first 4 1/2 innings took exactly one hour; Hernandez had 9 strikeouts, no walks, and only one hit; the Royals had hit 2 balls out of the infield. Literally I think he was behind on the count to only one batter, who got to 2-1 before striking out two pitches later. He topped out at 98 mph, nice easy overhand motion. He's listed at 6-3, 170 but if he weighs 170 then I weigh about 155. 200 would be more like it. He does the Freddy Garcia "hop over the foul line" walking out, which scares me that he is going to twist his ankle.

In the bottom of the 5th the Mariners scored 3 runs and Hernandez had to sit for 18 minutes. When he came back out for the 6th he was less effective. "Less effective" meaning he actually walked a batter and it was the first inning he didn't get at least one strikeout. In the 7th the Royals got a single and then hit three straight balls in the vicinity of the shortstop, any one of which could have been a double play, but instead they were an infield hit and two force outs at second, so they scratched out a run. By then he had thrown 90 pitches and the Mariners scored 2 more in the bottom of the 7th, another long inning at the plate.

So I was somewhat appalled when Hargrove sent Hernandez out to pitch the 8th. Luckily he got 3 quick outs and no harm was done. Finally in the 9th they brough in Jeff Nelson to give up a couple of runs and preserve the 11-3 victory.

These are his ball/strike totals by inning:

 1  6  9 12 17 25 29 32
10 17 23 32 43 50 61 67

The Mariners are pretty terrible this year, but at least guys like this give you hope for the future.

Posted by AdamBa at 07:11 PM | Comments (1) | TrackBack

August 14, 2005

Paper Anniversary

It's been a year since my first post here (Proudly Serving as a Movable Type blog). As I wrote when I started back at Microsoft, "It is tempting to start writing down my thoughts on Microsoft, Monad, public transit, standardized testing, highway signage, long-span bridge aesthetics, etc, etc for all the world to see." In the end I was tempted, and the result is before you. 293 posts and counting.

Posted by AdamBa at 10:42 AM | Comments (4) | TrackBack

August 13, 2005

J-Wlk Bog Lin Expriment

Follow the link to see what this is about. I changed the title just a bit to not make it too easy to find.

A few years ago John Walkenbach and I actually did a small-scale version of the same experiment he is doing now. If you look at my old site, you'll see that on 1.17.03 I noticed him linking to me, and on 1.24.03 I noticed that he had noticed my link and commented on it. As I said then, "The interesting thing is that I did not email that info to him, I only posted it here. So does he scan the Web for links to his site the way I scan the Web for links to mine? Only one way to find out, and you're reading it." And he saw that also! Except the links I had are now stale. This is his original discussion of Microsoft Purchase Circles (scroll down a bit), his correction based on my post, and then his reference to my reference to his reference to my reference.

Posted by AdamBa at 09:28 AM | Comments (0) | TrackBack

August 12, 2005

Old-Skool Web

Slashdot has an Awards link in its navigation area. Fueled by a dangerous mix of boredom and curiosity, today I clicked on it. Instant flashback! The first award shown is on Nov. 26, 1997 when they won the "Project Cool's Cool Sighting award", followed by a mention from USA Today as a "Hot New Site" on Dec. 2, 1997. The last award listed is from April 2000 (just around when the dot-coms imploded).

All the Slashdot awards are links, so you can see which sites are still around. Project Cool is long gone, as are Dynamite Site of the Nite, Cool.com's Site of the Day, and WebTrips Rocking Computing Site of the Week; but USA Today still apparently keeps its Hot Site list active, as does the Original Cool Site of the Day.

It's a reminder of how the web started. Remember that Yahoo! began as a list of websites, individually selected and categorized (and it wasn't the only such site; the Y-A in Yahoo! are short for "yet another"). Now you find websites by searching, or by RSS, or ads...but back then people would actually go and poke around and find new sites.

So I started reminiscing about the "good old days", but instead of those, for some reason I remembered the infamous Rob Toups and his Babes on the Web site. Just imagine that; it wasn't just finding cool sites, it was so rare for a woman to have any website at all that Toupsie could actually go around, find all female web sites, link to them, and even rate them on a scale of one to four (by the quality of their HTML, no doubt). As of Feb. 24, 1996 (when I grabbed that link from the Wayback Machine; the original toupsie.com is long gone) there were over 400 women with websites! This is not porn or women with pictures or anything; just any female with a website of any sort. And if you start clicking through the links to the various websites, it's like 1996 all over again.

Posted by AdamBa at 09:28 PM | Comments (0) | TrackBack

August 11, 2005

Monad Tidbits

  • The 2 Monad webcasts are now available for on-demand viewing. Part 1 and Part 2.
  • Thomas Lee has a sample script collection. He also has a general Monad page and a Monad-y blog.
  • Peter Provost wrote a vim syntax file for Monad.
  • A question that seems to re-occur a lot is "how do I show the possible values of an enum". The answer is:
    However, in current builds there is a bug in Monad where this doesn't work for nested types. In that case, you can do

Posted by AdamBa at 10:21 AM | Comments (2) | TrackBack

August 08, 2005

More Monad Image Manipulation

Following up on my previous script that would rotate images and save them in a file with "rot." prepended to the name, here are two more similar ones.

The first one scales images down by 50%, and saves them in a file with "_scale" appended to the name (before the file extension). The basic structure is similar to the earlier one:

[System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") | out-null

foreach ($f in resolve-path *) {
    trap [OutOfMemoryException] {
        write-host "Error processing" $f
    . {
        $img = [System.Drawing.Image]::FromFile($f)
        $format = $img.RawFormat
        $bmp = new-object System.Drawing.Bitmap ([int]($img.width/2)),([int]($img.height/2))
        $g = [System.Drawing.Graphics]::FromImage($bmp)
        $g.InterpolationMode = [System.Drawing.Drawing2D.InterpolationMode]"HighQualityBicubic"
        $g.DrawImage($img,$(new-object System.Drawing.Point 0,0))
        $fi = get-childitem $f
        $fn = $fi.FullName
        $ex = $fi.extension
        $newname = $fn.Substring(0,$fn.Length-$ex.Length) + "_scale" + $ex

(I think technically I should call the Dispose() method on my Image, Bitmap, and Graphics objects, but for the sake of brevity I removed that).

Then this one watermarks pictures, overwriting the word "Adam" in 30% transparent gray text. For variety, it saves the new images with the same name but in a subdirectory called "watermark":

[System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") | out-null

if (!$(test-path "./watermark")) {
    new-item -type directory "./watermark" | out-null

foreach ($f in resolve-path *) {
    trap [OutOfMemoryException] {
        write-host "Error processing" $f
    . {
        $img = [System.Drawing.Image]::FromFile($f)
        $format = $img.RawFormat
        $bmp = new-object System.Drawing.Bitmap $img.width,$img.height
        $g = [System.Drawing.Graphics]::FromImage($bmp)
        $g.DrawImage($img,$(new-object System.Drawing.Point 0,0))
        $color = [System.Drawing.Color]::FromArgb(30,[System.Drawing.Color]"Gray")
        $brush = new-object System.Drawing.SolidBrush $color
        $font = new-object System.Drawing.Font "Arial",([int]($img.height/3))
        $point = new-object System.Drawing.PointF ([int]($img.width/2)),([int]($img.height/3))
        $sf = new-object System.Drawing.StringFormat
        $sf.Alignment = [System.Drawing.StringAlignment]"Center"
        $fi = get-childitem $f
        $newname = combine-path ($fi.DirectoryName) "watermark"
        $newname = combine-path $newname $fi.Name

The Graphics class has all kinds of functions you can use to draw on your images; this is just an example of two of them.

Posted by AdamBa at 12:05 PM | Comments (0) | TrackBack

August 07, 2005

Response to the Response

There has been a fair bit of discussion on the Microsoft bloggers alias (which I was actually unaware of until Friday, when I got cc'ed on the whole email thread) about the recent "Vista virus" fire drill. Lee Holmes discussed it, as did Robert Scoble. (I've decided I should stop referring to him as "Scoble", last name only. It makes him sound like Scoble Inc., a company or an organization or some other faceless thing that you are anthropomorphizing, like when people say "Microsoft did this...". Or when people talk about celebrities having a dual nature, "Bono the star" and "Paul Hewson the real person". I want to avoid thinking about him as "Scoble the A-List Blogger" and start thinking about him as "Robert Scoble the person". Blogs are anonymous enough already, we can dispense with the extra baggage that an aura brings. He's an individual, I've met him, his name is Robert, I should use his name.)

Anyhoo...what the %$^#$ was I talking about...oh right, the virus dealie. Accusations of astro-turfing have been made, in regards to our response on Slashdot. Actually the accusations have only been made internally. I don't think anyone has publicly accused us of astro-turfing; I would assume most people approach a Slashdot post the way I do, with the skeptic-o-meter on maximum.

To me the key point about astro-turfing is that it is done in some official way. People are instructed to go pretend to be something they are not to try to influence a discussion. What Lee and I did was of our own volition. Neither of us hide the fact that we work at Microsoft, it is prominently displayed near the top of our blogs.

However, this incident did make me realize one somewhat amusing thing. When the story broke it never occurred to me to go contact our PR department internally to work on this. For one thing, I had no idea how to (I now know how to). But mainly it was that my instinctive reaction was to blog about it. It was the same with Steve Ballmer and the anti-discrimination bill. I could have responsed to it initially by sending Steve email, and I could have thanked him for changing his mind by sending email. But I didn't. In both cases I only blogged about it. In fact, right here, right now, with this blog post, I am abandoning an email discussion I am having with someone about this meta-issue, and instead blogging about it.

I don't know if overall this is good, bad, or indifferent. But I think that is the reason blogs are helping change the perception of Microsoft. People see what goes on inside the mind of a Microsoft person and that creates empathy. And from a PR point of view, you have to take the crunchy with the smooth. Blogs can't simultaneously be the independent view of non-borg-ified Microsoft employees, and also be required to hew to the official PR message. Because THAT would be astro-turfing.

UPDATE: Fixed the link to Lee's post after he changed the title.

Posted by AdamBa at 11:06 PM | Comments (3) | TrackBack

August 05, 2005

Preparing for Slashdot

Yesterday morning the rumblings began about the alleged Vista virus based on Monad. It quickly became clear that labelling it a Vista virus was bogus: Monad isn't in beta 1, any scripting language can be used this way, etc.

But Lee and I and some other Monad people were discussing this at lunch and we knew it was going to go up on Slashdot pretty soon. We could see the ZDNet UK story that talked about "the first examples of malicious code targeting an expected feature of Microsoft's Windows Vista operating system" get superseded by the PC World article talking about "Microsoft's newest operating system in beta only a week, but already leaky" and then on to an article at Macsimum News titled "Windows Vista shows Mac OS X like features -- and viruses" and an article at vnunet.com titled "Hackers Crack DOS Replacement". I could picture Windows executives tearing their hair out as the long-awaited Windows Vista Beta 1 got tarred with the virus brush, on Slashdot, a week after release. And we were pretty sure there wasn't going to be any official PR message before it happened.

Since it was going to get out anyway, we figured we should try to get out ahead of it. So Lee posted a blog entry and I posted a blog entry. And to try to guide the Slashdot discussion even further, I submitted the story myself, putting my own spin on it. My submission was:

Is it possible that the press has gone a bit overboard in trying to scare people about viruses? Here's a story claiming that Windows Vista Beta 1 is vulnerable to viruses that take advantage of the Monad command shell. Only problem is that Monad is not included in Windows Vista Beta 1, thus it is highly doubtful it is exploitable in it. Anyway, like any scripting language it can cause harm to your machine if you execute untrusted scripts; is it even worth bothering to describe this as a virus? Slightly less hysterical report here; Monad blogger response here.

We knew that Slashdot gets many submissions on a story like this and probably wouldn't pick mine, and in fact they didn't; they chose one titled "Windows Vista Tool Targeted By Virus Writers". So Lee resolved to keep refreshing Slashdot over and over, and jump in when he saw it appear. And he did; his first comment appeared only 2 minutes after the story went up, and his second comment only 7 minutes after that. Luckily they got modded up to 5 pretty quick. I also threw in some comments, as did Leonard, a PM on the team. To the credit of the slashdot community, besides the people who replied with "No surprise Windows sux", the tone of the discussion was overwhelmingly "It's a scripting language, this is expected."

Now, today, we are getting some more reasonable press like this from Microsoft Watch. The angle is still "Monad is not in Windows Vista Beta 1 so this is not a threat", which is consoling in the short term but still makes it sound like the world will end whenever we DO ship; we have more work to do to explain to everyone the safeguards we have put in place. Still I think our experiment in DIY PR was a success.

Posted by AdamBa at 11:30 AM | Comments (9) | TrackBack

August 04, 2005

Alleged Monad "Virus", But Not Really

A posting on the F-Secure website claims First "Vista Virus" found. It was written up in issue six of RRLF Magazine. The story has now made it to ZDNet UK and will presumably osmose around the Internet. Basically it's some scripts that do sneaky things, so if you run the scripts on your machine then sneaky things get done on your machine. This is NOT a remote exploit or any widening of the Windows attack surface.

So the key defense is not to run those scripts. Lee Holmes has an excellent discussion of this, including some of the measures taken in the design of Monad to prevent script-based attacks (support script signing, don't create a file association for .msh, etc). But basically the quote-viruses-unquote depend on you running an untrusted script. Once you have done that, you are open to all sorts of attacks -- the same as if you ran an untrusted .CMD batch file. For example this is the first of the five viruses shown in the RRLL article:

$name_array=get-childitem *.msh
foreach ($name in $name_array)
  if ($name.Length -eq 249)

foreach ($victim in $name_array)
  if ($name.Length -ne 249)
    copy-item $my_file $name.Name

It takes all the .msh files in the current directory and replaces their code with itself. That's all. The other versions get more sophisticated and by the end you wind up with a script that inserts itself in a random spot in another script. It's interesting to see virus polymorphism techniques played out in MSH code, but fundamentally any attack would depend on first getting the user to run malware on their system.

Posted by AdamBa at 03:51 PM | Comments (11) | TrackBack

August 03, 2005


When I was in college, someone told me about an assignment they had been given in a history class. The professor had handed out 6 different descriptions of the same battle. The students had to come up with their best estimate of what really happened, balancing out the differences in terms of who could have been expected to know what, how feasible different accounts were, who would be expected to exaggerate or lie, and so on. For some reason I thought this kind of info-forensics sounded like just the coolest thing ever. Not just the process, but the notion of the unknowable fact. This was a historical event, so everything either happened or didn’t. But actually finding this truth was tricky and perhaps impossible. Yet the trust did exist! This problem is one of the reasons I liked Orson Scott Card's book Pastwatch, even though it's only peripheral to the story.

The color of dinosaurs is another one. Nobody knows what color dinosaurs were, because none of their skin has survived. People make guesses for the purposes of drawings, based on the current-day color of lizards and who knows what-all; but nobody really knows. But there's an answer! Dinosaurs were certain colors. The answer is out there, but it's unknowable.

So, on Monday I posted a story about a historical investigation. Upon reading it, Larry predicted that it would get Slashdotted. I was somewhat dubious but also curious, since I have felt the magic touch only a few times. Sure enough, it was picked up about 7 pm yesterday.

Bill James, the baseball historian, would occasionally investigate stories about old baseball players. Somebody would given an interview and recall how one day in 1937 against Chicago they struck out the side in two straight innings. James (or Rob Neyer or somebody) would actually go back and investigate this. And usually he would find the source of the story, except it would turn out it was in 1938, and it was against Cleveland, and the guy only struck out 5 in two innings. But there would be some germ of truth to the recollection.

When doing fact checking for my first book, I would sometimes be trying to nail down a fact. Say the year that Compaq shipped its first portable computer. I would find one reference stating with complete confidence that it was 1982, and another stating with complete confidence that it was 1983. Which was it? Now, of course, I was being lazy, trying to find it all with Google (or Altavista or whatever I used back then). If I had got in touch with Compaq, or read back issues of a Texas business magazine, or something, I could have found the definitive answer. Bill James would actually go read old issues of the "Spalding Guide" to figure out what had happened on the baseball diamond half a century before. So he got a definitive answer to his question by going back to original source material.

Another way to find out facts is to ask a bunch of people for their recollections, and then try to piece together the truth. This is like the college history assignment; with enough input, weighing everyone's bias, you may achieve reasonable confidence in the facts. What's missing is the original source material.

If you're looking for the facts about something that happened 20 years ago in the computer industry, a Slashdot posting is about as good as you're going to get. People are still around, the story has as good a chance as anything of reaching them, and people with first-hand information may post it.

It's different with more recent information. For example someone asked about the "Blue Ninja Clan", which referred to Lee Reiswig from IBM. No problem; those events happened in the early 1990s, so a simple web search will reveal all. But go back ten years and you've crossed the boundary of the "all information is online" era. Now you're dealing with people's memories, or maybe you are going to a library or a newspaper morgue and looking through old issues (I did this for my book also, going to the Seattle Library to look through its collection of PC Magazine; but the web search way is much easier).

So after 418 comments on Slashdot, and another 98 on this blog, what did the collective mind of the computer industry reveal about "DOS Ain't Done til Lotus Won't Run?"

There seem to be two potential breakage points: DOS 2.0 and DOS 3.31.

For DOS 2.0, we have the following statements:

  1. From the book Hard Drive, the following quote on p. 233: "According to one Microsoft programmer, the problems encountered by Lotus were not unexpected. A few of the key people working on DOS 2.0, he claimed, had a saying at the time that 'DOS isn't done until Lotus won't run.' They managed to code a few hidden bugs into DOS 2.0 that caused Lotus 1-2-3 to brea kdown when it was loaded. 'There were as few as three or four people who knew this was being done,' the employee said. He felt the highly competitive Gates was the ringleader."
  2. On Slashdot, Steve1952 says: "I am an old timer, and I do remember an issue when the first IBM-PC with a hard drive (the IBM PC-XT) launched (around 1983). The PC-XT required DOS 2.0. My college department had asked me to purchase a computer, and I had purchased a brand new PC-XT on about the first day it came out. I also purchased a copy of Lotus 1-2-3 (developed for DOS 1.1).
    I had a lot of colleagues watching me as I set things up.
    Much to my chagrin, I found that Lotus wouldn't run right. I called Lotus tech support. They informed me that they were aware of the issue, and that a patch would out come shortly.
    They did patch it quite quickly, so it wasn't a big issue for the company. But when you have just spent thousands of dollars of your department's money, and things aren't running right, you tend to remember!"
  3. In my blog comments, Daniel posts: "If my memory is not failing me, Lotus 123 1.0 copy protection failed when moving from DOS 1.1 to DOS 2.0. This was caused by a timing problem (DOS took more time to do some operation), so it was a problem in Lotus's code, not in Microsoft's."
  4. Andrew Schulman, author of the Undocumented DOS and Undocumented Windows, states in my blog comments: "I looked into this 'DOS ain't done 'til 1-2-3 won't run' story some years ago. (I was the main coauthor of the 'Undocumented' books from the early 1990s.) I don't think there's anything to the story.
    From what I could tell looking through old newsgroup postings, Lotus 1-2-3 used a form of copy protection (Softguard?), and this may have broken with the significant file-system change from MS-DOS 1.x to 2.x.
  5. Finally, you have the fact that none of the Lotus people I asked remembered any deliberate breaks, and the Microsoft people's assurance that no deliberate breaks were put in.

So when you put all this together, I am pretty confident that DOS 2.0, which introduced hard-drive support, broke Lotus 1-2-3's floppy-disk-based copy protection scheme. I am also reasonably confident that it was not intentional on the part of Microsoft. Although the one person who purports to have inside knowledge (the anonymous source in Hard Drive) says it was intentional. And certainly it would be possible to disguise an intentional break as an unintentional one. But it's also quite possible that an unintentional break got morphed in the retelling into an intentional break and this is the legend that the anonymous programmer heard.

For DOS 3.31, meanwhile, we have the following:

  1. Slashdot poster Degrees writes: "The purposeful breaking was between DOS versions 3.30 and 3.31. The part that was changed to break Lotus 1-2-3 was the Extended Memory Manager.
    Microsoft's EMM grew out the LIM extended memory manager specification. LIM = Lotus, Intel, Microsoft.
    Yes, Lotus and Microsoft partnered together to let DOS load a driver to access RAM greater than 640 KB. Prior to LIM, each memory card came with its own driver.
    DOS 3.31 included a new EMM which aligned memory access on word boundaries, not byte boundaries.
    Microsoft's claim was that this would be speedier; the trade off of speed for bloat was worth it to them - they saw the future, and it included more RAM.
    And heck - it broke MS Excel's biggest competitor too: double win!
    Infoworld did an in depth piece on the controversy, and got a quote from a product manager at Microsoft who stated that yes, they 'knew there were problems.' (When asked if they tested against Lotus 1-2-3 - the biggest app in the world at that time).
    Note that Microsoft did not tell Lotus of the change to shipping code, prior to release. Well, not enough prior to let Lotus present a compatible version."
  2. On my blog, David G (who I strongly suspect is the same person as Degrees on Slashdot) tells that same story, and adds: "It should also be noted that at the time DOS 3.31 was shipped, Microsoft took out full page advertisements saying 'If you want a crash-proof system, you should get your applications from the same vendor as your operating system'. The advertisements had photos of a jet plane test pilot helment."
  3. On my blog, Andrew Schulman responds: "I would be VERY interesting in seeing copies of such an ad, or learning an exact date it appeared.
    MS-DOS 3.31 came out in 1988. A Google Groups search for all messages before 1989 with 'applications same operating system', 'want applications same vendor operating system', etc. doesn't turn up anything similar to this quotation. I would have thought someone would have found such a statement worth quoting."
  4. To which js answers with: "I remember the LIM/EMM breakage, and the helmet ad."

So what is going on here? Well, I am more doubtful of this one. And it's really because of the point Schulman raises: between 1983 (DOS 2.0) and 1988 (DOS 3.31) we are entering the era of continuous information (although we are not quite fully there). So why are there no traces of this online? Schulman implies he investigated "DOS Ain't Done" in the early 1990s, so surely something that happened in 1988 would have hit his radar?

All the same it could be true. But if it is, I would expect that somebody would be able to find the Infoworld investigation with the quote from the Microsoft product manager, and a copy of the ad with the test pilot helmet. Wouldn't you think?

There is followup someone could do, if motivated. We could track down Wallace or Erickson and try to get more information on the source of the quote from Hard Drive, although I doubt the person would talk (or necessarily be considered authoritative). Someone could go through back issues of Infoworld looking for the article, or computer magazines from that era looking for the advertisement. We could even try what Schulman suggested, get actual copies of Lotus 1-2-3 and DOS 2.0 and 3.3.1, and do the experiment. Heck, I could probably figure out who was doing marketing for DOS 3.31 and ask about the ad.

We may never know what color dinosaurs were, but we can probably get closer to the truth here.

Posted by AdamBa at 09:23 PM | Comments (1) | TrackBack

Monad Webcasts

For those interested in Monad (and who isn't), there is a two-part webcast this month titled "Next Generation Command Line Scripting using Monad". Part 1 is happening right now, and Part 2 is next Wednesday from 9:30 to 11 am (Pacific time).

Posted by AdamBa at 11:02 AM | Comments (3) | TrackBack

Rotate Images With Monad

When mainpulating pictures I sometimes want to go through an entire directory and perform the same operation on every picture.

The following MSH script takes avantage of the .Net Image class to rotate each picture in a directory 90 degrees clockwise. It creates a new file with "rot." prepended to the name, in the same format as the original:

[System.Reflection.Assembly]::LoadWithPartialName("System.Drawing") | out-null

foreach ($f in resolve-path *) {
    trap [OutOfMemoryException] {
        write-host "Error processing" $f
    . {
        $img = [System.Drawing.Image]::FromFile($f)
        $format = $img.RawFormat
        $fi = get-childitem $f
        $newname = combine-path ($fi.DirectoryName) ("rot." + $fi.Name)

The LoadWithPartialName() loads in the .Net assembly with the classes we use; System.Drawing is not loaded into Monad by default (there is some debate about whether you should use LoadWithPartialName(), but I don't know a better way to load a known .Net assembly without locking it to a particular version).

The trap statement catches the OutOfMemoryException which is what FromFile() somewhat inexplicably throws if the file is not actually an image of some sort. The continue statement inside the trap means "continue execution at the next statement after the exception." In this case "next statement" means "next statement at the same scope level as the trap" which is why the entire block of code that we want the trap to guard is a dotted script block -- that makes the whole thing one statement from the point of view of the trap, so the "continue" inside the trap jumps to just after that statement, which is the end of the foreach block. The foreach will then interate again and the next file will be processed.

RotateFlip() takes an object of type System.Drawing.RotateFlipType. Looking at MSDN you can see that this enumeration allows you to any combination of rotation (in 90 degree increments) and X/Y/both flipping.

Posted by AdamBa at 09:33 AM | Comments (0) | TrackBack

August 01, 2005

DOS Ain't Done til Lotus Won't Run?

In response to the recent kerfuffle over Andrew Orlowski's claim on the Register that IE7 is deliberately disabling Yahoo! and Google's search toolbar, Robert Scoble's response, and the subsequent counter-claims and counter-counter-claims, Ed Bott posted this which included the following: "The implication of Andrew's story is that Microsoft deliberately or negligently blocked IE7 from working with software from two rivals. It's the modern equivalent of the old 'DOS ain't done till Lotus won't run' canard. Which also wasn't true."

If you've listened to the anti-Microsoft crowd, you've probably heard this phrase. A web search returns a wide range of attributions, everything from an alleged battle cry to just short of an official company motto. The rumor being that Microsoft would intentionally break competitors' applications with each release of DOS, to give a competitive advantage to its own applications while the other company scrambled to work around the block that Microsoft had inserted.

Nowadays, I know from personal experience that today Microsoft takes application compatibility very seriously. The company has a lab to test a variety of third-party applications, and also conducts extensive betas partly to shake out any app compat issues in the wild. It sometimes continues to emulate bugs in the OS, or obsolete internal data structures, just to avoid breaking third-party apps that depend on them (in fact, a Well Known Microsoft Blogger used to spend a lot of time on these kinds of tweaks and send amusing email about the foibles of applications, but when I asked, WKMB declined to reveal any of that publicly). When an application can't be made to work with a new OS, Microsoft often works with the other vendor to ensure that a patch is available at the same time the OS ships.

And there was an incident in the early pre-release days of NT where our boot sector code broke multi-boot with OS/2; in that case, despite claims of outrage from the Blue Ninja Clan, it was simply that we had never tested that configuration; once we heard about the bug, we fixed it and added it to our test mix.

Still, was it possible that back in the rough-and-tumble 1980s things were different?

To try to find out the truth, I contacted some old Microsoft hands who were around in the heyday of DOS. The replies were unanimous that Microsoft NEVER attempted to damage 1-2-3's functionality within DOS. Quite the opposite, in fact. Some quotes: "For the version I worked on, we sweated bullets to make it backwards compatible with existing applications." "We had to make changes to DOS to help some very old applications that were doing some very bad things (like writing to files that had already closed their FCB's). DOS had to stand on its head to make every application work from version to version, including Lotus." "There never was a time that anyone in the MS-DOS team said 'it ain't done until Lotus won't run' In point of fact for MSDOS 3.2, 4.0 and OS/2 1.0 (developer release), Lotus 1-2-3 was one of the 'must work' parts of the regression suite."

One old-timer categorically stated: "Nope - actually it was EXACTLY the opposite. Lotus 1-2-3 was ALWAYS the first app we got working on ANY version of DOS."

OK, but those are Microsoft people speaking. What about the view from the Lotus side? Presumably if 1-2-3 was broken by a new version of DOS (intentionally or even just accidentally), there would be war stories about Lotus needing to rush a new version out to fix the problem.

I first asked Mitch Kapor, founder of Lotus, and his quote was "I've heard the stories over the years, but I don't have any specific recollection that there was a devious silent break of the kind you mentioned. I also have a bad memory." Kapor was kind enough to put me in touch with some old Lotus people he knew. And they all corroborated the story: "It's an interesting myth, and one I've heard about in general terms, although I've never heard the specific quote before. However, I have no recollection of any instance of its actually happening with 1-2-3 or with any other product I've worked on." And, "My memory of the early days (1984-85) is that we would get early betas of DOS to test with 1-2-3 and any errors that we found were 'bugs' in DOS and fixed by Microsoft."

One former Cantabrigian commented, "I was possibly being naive, but I didn't see any evidence that MS was deliberately putting roadblocks in our way. Actually, during that time, I don't see how they could have considered it to be a benefit to them. To a very high degree, sales of the IBM PC (and Compaq and HP and.Radio Shack.. all MS OEM clients) depended on 1-2-3's availability. Anything that limited that availability would limit MS's expansion. The problems I recall were either clear bugs or design issues that we had to deal with. Personally, I found MS reasonably easy to deal with at the time." Which is really they best argument you can make for debunking this myth. As someone else put it, "This was a long time ago and it was far less clear who was the tail and who was the dog. Would people buy a DOS that did not run 1-2-3 in 1984?"

Try to imagine a customer with a working copy of 1-2-3 who installed a new version of DOS and 1-2-3 stopped working. Would they blame Lotus or Microsoft? Would their reaction be "1-2-3 sucks" or "DOS sucks"? Would their solution be to get rid of 1-2-3, or stop buying DOS upgrades?

Another Lotus veteran summed it up: "MS was cooperative and wanted to be cooperative. They wanted to sell OSs." So if anything, DOS wasn't done until Lotus DID run.

Posted by AdamBa at 08:51 PM | Comments (110) | TrackBack

More Information from Amazon.Com

Having previously given the world the Statistically Improbable Phrase, Amazon has now come up with some new analysis to soak up the CPU cycles: Capitalized Phrases, Books on Related Topics, Concordance, and Text Stats. The Concordance and Text Stats are particular fascinating. For example the concordance for the book Microsoft Office Project 2003 Step by Step shows the most popular word is "project", followed by "task", "resource", "click", and "work" (I wonder if Amazon has a patent on "showing a concordance indicating frequency of words via font size"). The Text Stats shows the Fog, Flesch, and Flesch-Kincard Indices, as well as complexity, character/word/sentence counts, and the "Fun stats" of words per dollar and words per ounce.

The Project 2003 book has 6466 WPD and 3186 WPO. I don't know if those are good deals or not. By comparison, Who Moved My Cheese? has 1020 WPD and 1632 WPO. A paperback of War and Peace has an astonishing 53,181 WPD (no WPO, I guess because there's no weight listed). Green Eggs and Ham, which famously was written with only 50 unique words, shows a concordance of only 25 words (dang, I was thinking maybe the site would crash on a book with fewer than 100 words), with "eat" in front with 25 occurences, and "green", "eggs" and "ham" all tied (not surprisingly) with 11 each. You only get 63 WPD, but isn't your little moppet worth it?

UPDATE: Changed The Cat in the Hat to Green Eggs and Ham--makes a little more sense that way.

Posted by AdamBa at 01:14 PM | Comments (1) | TrackBack