Fixing iTunes CDDB lookup – more details

Since Apple’s forums don’t seem to support permalinks, the hint I previously posted about fixing iTunes for Windows’ connection to CDDB isn’t complete. Here’s how to reestablish connection to CDDB if your track lookups start failing:

  1. Quit iTunes for Windows.
  2. In Internet Explorer, go to Tools | Internet Options, click on the Connections tab, and click on the LAN Settings button.
  3. In the dialog that follows, uncheck the checkbox about using a proxy. Hit OK, then OK again.
  4. Open RegEdit and look for the following key: HKEY_LOCAL_USERSoftwareCDDBControl2.0. Delete this key.
  5. Open iTunes and insert the CD. iTunes should now be able to connect to CDDB again—at least, until it forgets again later…
  6. If necessary, reenable your proxy settings.

How to remove MyDoom

Consider this a “reader request” posting. I don’t do reader requests as often as I should, but I noticed that there were quite a few people coming to my pages with questions about the MyDoom worm and realized I hadn’t included direct pointers to any worm removal tools.

Metadata, secrets, and user education

Cory Doctorow at BoingBoing does everyone a favor by pointing to the new “Remove Hidden Data” tool for Office XP and Office 2003. Few people know (or care) how much information is revealed by the standard metadata and revision information that is tracked inside Office files, including name of original author, template, editing time, and the ability to peel back revisions to understand the evolution of a document.

From a textual standpoint, this stuff is fascinating; there’s never been an opportunity to so quickly and simply lay bare the mechanics of the creation of texts before. I expect to see Jerome McGann doing a book on this sometime soon. 🙂 But of course from a business and politics standpoint the fact that so many people don’t know about this feature and what it exposes is a little scary.

Which raises a question: why is there no permanent way to disable tracking author name, editing time and the other core metadata? It’s easy to understand how documents get sent out with this information on them since the data is always there whether you ask for it or not. It’s harder to understand why people don’t always accept all changes when they’s sending out a final version document that was created in revision tracking mode. The first exposure is done from ignorance, but someone has to go in and turn on revision tracking…

Can’t keep a good entrepreneur down

I confess: I’ve been playing on Orkut. So far there appear to be three differences between this latest social networking app and its predecessors, Friendster, Ryze, etc.:

  1. Lots more blogerati are on Orkut.
  2. Slightly faster and easier to use.
  3. Did I mention it was backed by Google?

But I have been inviting friends on anyway, and in the process reopened communications with Paul Colton, whom I continue to touch base with about every other year. For those of you just tuning in, Paul was my high school friend who spent so much time in the high school computer graphics lab and at his afterschool job that we feared he wouldn’t graduate. He went on to found Live Software and write its flagship product, JRun, and to sell the company to Allaire, about a year and a half before its acquisition by Macromedia.

It turns out that he’s been working on not one but two new products. PhotoPeer is a photo-sharing peer to peer application, which is either the best way ever to get grandparents to use their computers or the best porn application ever. The other, Xamlon, is a runtime that will allow creating XAML-like applications that will run on the current .NET Runtime under Windows XP. (Jeremy Allaire pointed to this a while back but I missed it.)

I wonder if Scoble has seen this?

Keeping yourself informed about viruses

A quick follow up to yesterday’s report about the Mydoom virus: You can stay informed of security updates from Microsoft via the security mailing lists available on the Microsoft Security web site. There are two lists, one for general users and one for technical folks, so you can choose the level of information you want to get about security issues. These are good resources if you want to make sure your machine is secure against viruses that exploit Microsoft vulnerabilities—though it doesn’t look like they will help much in the case of Mydoom.

Incidentally, why does Microsoft.com offer email alerts and not RSS feeds for advisories? Good question. As Scoble has said, it will take a lot of effort before Microsoft.com is fully RSS-enabled. Also, there are some users, like my dad, for whom an RSS feed isn’t the right answer for notification, at least not now. There are still a lot of problems to be solved in RSS before we can assume that everyone understands and uses the technology.

In the meantime, for those who do use RSS, there are scraped RSS feeds of security bulletins, hotfix announcements, and patches available from NewsIsFree, PatchDayReview (with evaluations of each patch), and KBAlertz (by product).

Viruses (mine and others’)

Ironic timing… As I’m working from home today between vigorous attempts to clear the sinus infection from my head, I get a new virus alert in my mail about Mydoom.

Microsoft Consumer Virus Alert

Why We Are Issuing This Alert

W32/Mydoom@MM spreads through e-mail. This worm can disguise the sender’s address, a tactic known as spoofing, and may generate e-mails that appear to have been sent by Microsoft. Many of the addresses Mydoom uses are valid addresses that are being spoofed for malicious purposes.

Mydoom Virus Alert: What to Do

Treat all e-mail attachments with caution, particularly .zip files in the case of this virus, even if they appear to be from a trusted source. Learn what to do about virus infections. http://www.microsoft.com/security/antivirus/mydoom.asp

Complete Information: http://www.microsoft.com/security/antivirus/mydoom.asp

To which I can only add: be careful out there.

Personal Firewall Day

This is smart: a coalition of computer software companies, including Microsoft, McAfee, ICSA Labs, Sygate, TruSecure, and Zone Labs, have put up a consumer facing site touting “Personal Firewall Day.” The site features information about why personal computer firewalls are important and links to how to get them set up, including a link back to the automatic firewall enabler on the Protect Your PC site at Microsoft. (Note: the link is fully automatic only on Windows XP.)

On helping customers, or the questions we get

Joe Bork posted a hilarious list of real and made up questions that people ask him when they learn he works for Microsoft. My favorites:

  • How to use Word’s Mail Merge feature
  • How to use Excel’s PivotTable feature
  • How to use PowerPoint’s Slide Transition feature
  • How to use Outlook’s Journal feature
  • What that one error message means, come on, I know, the one with the buttons and the exclamation point thingy
  • Do I read Slashdot too, and how does it feel to be an assimilated corporate drone carrying out the evil, subversive plans of a massive, soulless company that is racing towards its own inevitable doom because of the undeniable goodness and purity of the free (as in speech, not as in beer) software movement
  • How much free (as in beer, not as in speech) pop I drink
  • Have I heard this one great Microsoft joke yet, it is really very clever, okay stop them if I’ve heard it

I think it’s pretty obvious why I like the last four items. The first four items? It reminds me (as if talking to people over the holidays weren’t enough to remind me) that each of us is an ambassador of the company, which for many people means that we are their one chance at a personal connection with software they try to use to get things done.

Which is why I don’t mind answering questions about Office features, if I know the answer, or helping people find their answers in Office Online or the Knowledge Base if I don’t. Generally I end up learning something too.

Cringely: Spreading FUD about TechNet

Interesting example of the fine art of FUD from pseudonymous columnist Robert X. Cringely. He takes a reader email about a problem searching TechNet, then extrapolates to say that Microsoft is removing value from TechNet to hobble small IT consultants so it can extract more revenue from that part of the market.

Um. Interesting theory, Mr. Cringely. Care to pass the tin foil?

All joking aside, Cringely’s fundamental argument stems from a badly constructed straw man. He claims that “TechNet appears to be broken.” What he actually says is that TechNet returns no results for a particular search string: "1010"+"perfctrs.dll"+"perflib". What he does not say is that if you search without the quotation marks or the pluses, the search returns some very relevant results, namely articles in the Knowledge Base at support.microsoft.com about the relevant events in the error log.

There is also a factual error. Cringely implies that we just recently changed the search engine behind TechNet, and that this was a move intended to “hobble TechNet and in so doing hurt its small to medium sized customers.” In fact, the new search engine has been in place since July, and provides search results for all of Microsoft.com.

The confusion about the search is forgiveable. We used to expose the big seams in our corporate web site by scoping searches by default, so that if you searched for something in a site (say the Windows site), you only got results if the content lived in the Windows site. TechNet’s scope happened to extend to the Knowledge Base, hence the customer’s statement that we used to return results. The big change from the customer perspective is that if you search anywhere on the site, you get results from everywhere on the site by default, broken down into categories. But we don’t interpret quotation marks and plus signs the same way Google does, so if you use the same search string in both search engines, you get different results.

But taking this misunderstanding about search functionality and blowing it up to say we’re out to screw our customers is fearmongering, at best.

Here are a few tips for searching Microsoft.com effectively so that you don’t fall prey to the same problems that Cringely had:

  • Provide more words than just the name of the product about which you have a question.
  • Try to avoid using extra punctuation, particularly extra quotes and plus signs.
  • Search results are returned in categories. If you’re looking for a download, it will be right at the top of the list, followed by troubleshooting info, product info, resources for technologists and developers, training and book info, resources for partners and other business professionals, information from our product newsgroups, and information about Microsoft the corporation. If any of the categories found more than three results for your search query, you can click to see the full list of results for that category.
  • If all else fails, the Advanced Search allows you to pick more explicit search options, including excluding words, focusing in on only one search category, or looking only at a specific site. There’s also help available.

Finally, if all else fails, it’s possible we don’t have the content—but one of our partners does. In that case, you could do worse than to use the Microsoft-focused search at Google.

Patch management critiques

Scott Berinato’s article in CIO Magazine about the dangers of patch management, “FrankenPatch,” discusses the issues around patch management, the problems that come about with trying to keep on top of patches, what happens when patches break things, etc.

It suggests that the right approach is to be watchful, and to patch selectively and late after others have worked out the kinks, and to not disclose vulnerabilities so as not to give hackers a roadmap to exploit the problem.

Eminently sensible.

Except for this one small problem: in a highly networked world, where worms can infect all the world’s vulnerable systems in less than ten minutes, it’s hard to make a case that selective patching and risk management makes things better. In fact, I’d argue that it gives virus writers a broader target.

And not disclosing vulnerabilities? Smells like liability lawsuit to me. Even if it didn’t, though, I think we as software makers have an ethical obligation to fix vulnerabilities and tell customers about what we fixed.

An interesting factual error too: Berinato mischaracterizes MSDE (the Microsoft SQL Desktop Engine) as embedded database connection software. It’s actually a database engine that a developer can embed in a desktop application.

That said, applying the patches that prevent Slammer was a truly painful process.

Working fix for CDDB lookups in iTunes for Windows

Since the release of iTunes for Windows, I haven’t been able to get it to connect to the CDDB to get track information for my CDs. Judging from the activity on Apple’s discussion boards, I’m not alone. Today I found a fix that works on the board, involving turning off the use of proxy servers and deleting a registry key (see linked post for details). I don’t think Apple did a lot of testing of these features with machines that sat behind corporate firewalls and proxy servers…

iTunes for Windows update out

Apple has published a bugfix release for iTunes for Windows (v. 4.1.1) which is apparently aimed at folks who experienced the freezing bug in Windows 2000, such as Patrick Nielson Hayden. No word yet on whether it addresses the “Nomad not working” bug.

Update: From the readme:

What’s new in iTunes 4.1.1
iTunes 4.1.1 includes improved performance when using your iPod, addresses an incompatibility with Windows 2000 and older third-party CD burning software, and improves support for non-standard mp3 files. Also, the “Keep iTunes Music folder organized” preference is now turned off by default.