Sometimes technical, sometimes not, never a kitty

I'm a Windows guy.  That's my job, that's what the family runs, so that's what I do.  But I'm fascinated by Linux, and I appreciate a lot of the rethinking the Linux crowd has done.  One of the more popular distributions of Linux is Ubuntu, and it's supported by several virtualization programs.  Two that I have in my hands are Virtual PC and Parallels.  Since I'm pretty deep into Windows work, I'd rather virtualize Ubuntu, as opposed to a dual boot, and dedicating hardware is out of the question right now.

So, after installing and using Ubuntu 7.10 (Gutsy Gibbon) under both Virtual PC and Parallels, my winner is Parallels.  Here are a few reasons why:

Installation

Installation under Parallels was much smoother than Virtual PC.  In both cases, I simply reassigned the CD Drive to the ISO, changed the default HDD space and booted into the Live CD.  From there, I ran the installer program to install Ubuntu.  Parallels needed no additional configuration, but for Virtual PC, I had to enable a boot script to make the mouse work.  There were times where installation under Parallels had hung up, but waiting a minute or two and it picked back up again.

Operation

Operation under Parallels is also much smoother.

As with installation, I had to make some boot script changes in order for the mouse to work under Virtual PC.  Thankfully someone had gone through this already and blogged about it, because I'm not at the level where I can figure these things out yet.  Also, there seems to be a somewhat random local echo when I press a key under Virtual PC.  When I hit a key, it may show up as if I pressed it 2 or 3 times.  This doesn't happen under Parallels.

The mouse issue seems to be more a fault of Linux than Virtual PC, since the mouse was being reported as a PS/2 mouse.  My mouse is really a USB mouse, which is picked up differently by Parallels and Ubuntu.  But the echo thing is driving me crazy.

Finally, performance.  Performance of Ubuntu under Parallels is much snappier than Virtual PC.  I can't load up all the snazzy desktop effects under either, but that's OK, all I want to do is learn more about Linux.

One major difference, and this may be a deal breaker for many, is that Virtual PC 2007 is free, while Parallels isn't.  I have Parallels because Lunarpages hooked their webmasters up with a free copy.

Overall, I'm looking forward to working with Linux more now that I have an environment which makes it easy to work with.

I've had hosts offer all sorts of free components on their servers you can use, or install, but Lunarpages takes the cake this month.  They negotiated with some fine software vendors for free tools or free advertising credits.  All told, you can claim $775 worth of goodies just for hosting with them!

All the free goodies are detailed in the June 2008 Newsletter, but here are some highlights:

Parallels Workstation - I'm stoked about this one.  Similar to Virtual PC or VM Ware, but much lighter.  Free for Windows and Linux users, only a discount for the Mac crowd.  Honestly, I didn't know they had a Windows version, so their promotion worked on me.

WinSettings - There's a lot of crap built up in my startup.config I need to clean out, and I'm always looking to boost performance or speed the boot process.

The Logo Creator - I'm a sucker for pretty logos.

Also, they offer bunches of components with their hosting plan, and some additional free tools for managing your site.  Lunarpages has been a very stable and affordable host for me, so if you're looking for a host and wnat some free stuff, too, chek out Lunarpages.

We have an old Dell Dimension 4400 with Windows XP Home Edition, SP1.  When we tried to upgrade to Windows XP SP2, the system slowed to a crawl.  It was terrible.  When I removed SP2, it worked great again.  I found one webpage which suggested replacing the standard hard drive would fix the problem.  I tried that, and no dice.  I replaced the Seagate with a Maxtor and Western Digital (I have these things laying around, since I'm kind of a pack rat when it comes to PC parts).

I had hopes that SP3 would not have the same issue, but it did as well.  Once I removed the SP, it worked great again.  My resolution in this case, since the computer is several years old and is wifey's main PC, is to get a new one and redeploy this one as something else.

Scrum Master training is coming to Pittsburgh, July 24 and 25, 2008.  I’ll be in this class, which is an attraction unto itself.

The classes return periodically, so if you can’t make this one, check their site for another.

The following error is a new thorn in my side.  It’s showing up in SSIS 2005 packages which are scheduled, but does not happen when I run the packages manually.  I changed the message slightly to remove identifying characteristics.

Executed as user: <MachineName>\SYSTEM. ...n 9.00.3042.00 for 32-bit  Copyright (C) Microsoft Corp 1984-2005. All rights reserved.    Started:  4:00:00 AM  Error: 2008-06-17 04:01:28.67     Code: 0xC001405D     Source: Script Task      Description: A deadlock was detected while trying to lock variables "<comma delimited list>" for read access and variables "<comma delimited list>" for read/write access. A lock cannot be acquired after 16 attempts. The locks timed out.  End Error  Error: 2008-06-17 04:01:28.67     Code: 0x00000005     Source: Script Task      Description: The script files failed to load.  End Error

The SQL DTS Wiki has some talk of the issue:

This error happens when two processes are trying to get a lock on the same variable. It is not a deadlock in the same way as a SQL Server, to use that terminology it is just a blocking scenario. When blocked, the process will have 16 attempts and then fail with this error. Certain problems exacerbate this issue, the obvious being time the locks are held, and write locks over read locks. Several issues have been addressed with the post-SP1 update, KB918222 Cumulative hotfix package (build 2153) for SQL Server 2005. System variables are now only read locked, which makes sense as they are always read-only anyway. If you encounter this problem, try SP1 + KB918222 to start with, then try and look at your package design and minimise locks taken, and minimise parallel processes that use the same variables

(full entry at http://wiki.sqlis.com/default.aspx/SQLISWiki/0xC001404D.html)

The recommendation to install SP1 + hotfix rollup is an issue, since I’ve patched the machine to SP2 already, and am seeing the error.  A contributor to the page offered the following suggestion on her blog:

I eventually realised that the only other place I had added the variable was to to the ReadWriteVariables list in the properties of the Script Component:

…

As soon as I removed this variable name from that field, I was able to get my script component to successfully run.

Full post at http://blog.cybner.com.au/2008/03/ssis-script-component-error-with.html.

There is a script task with ReadWriteVariables, but removing them threw a different error, since the script needs access to the variable.

After picking through the post-SP1 hotfixes, KB918091 seems likely to be the one which resolves this issue.  The error messages are different, but the symptoms are similar:

If you try to run a Microsoft SQL Server 2005 Integration Services (SSIS) package, you may receive an error message that resembles one of the following error messages:

Error message 1

The variable "User::MyVariable" is already on the read list. A variable may only be added once to either the read lock list or the write lock list.

Error message 2

Reading the variable "User::MyVariable" failed with error code 0xC0010009. The expression "@[User::MyVariable]+"\\"+ @[User::MyType]" on property "ServerName" cannot be evaluated. Modify the expression to be valid.

The error messages may be reported in several locations:

• When you try to run an SSIS package by using the dtexec command-prompt utility, the error message may be reported in the console window of the command line.

• When you try to run an SSIS package by using SQL Server Business Intelligence Development Studio, the error message may be reported in the Business Intelligence Development Studio output window.

• When you try to run an SSIS package and you use a log provider to redirect the execution output, the error message is reported in the redirected output.

The list of bugs fixed in SQL Server 2005 SP2 does not include this hotfix, so it’s the next step. 

<update>

Microsoft has a new process for delivering hotfixes.  After completing the process and downloading the file, the following error was thrown when I executed the downloaded file:

“This self-extracting zip file is part of a multidisk zip file.  Pleas insert the last disk of the set.”

I replied to the e-mail with the download link, but the reply bounced back.

<update>

After spending 90 minutes on the phone with Microsoft tech support (thanks Anu for the help!), we determined the original download was corrupted.  They sent me a new link, and I redownloaded the hotfix.  The install started correctly, but the hotfix threw a new error:

06/19/2008 11:58:30.235 ================================================================================
06/19/2008 11:58:30.235 Hotfix package launched
06/19/2008 11:58:32.985 Version level check successful for product instance MSSQLSERVER
06/19/2008 11:58:33.001 This update requires service pack 0. The service pack for product instance MSSQLSERVER is 2. Download the update for service pack 2.

Some more research led us to KB 918222, which does list this bug as being fixed (note that the SP2 list uses KB article, while this list uses bug report numbers).  Take home message from my 90 minutes of MS help is:

Take it for granted if your hotfix is in a previous compilation, it’s in the SP, even if it’s not specifically listed in the Kb article for that SP.  When an SP is rolled out, it includes all hotfixes in the previous SPs and cumulative rollouts.  The KB article for an SP lists only the hotfixes not included in any of the previous compilations. 

The next step is to submit another bug report for my error and do some more debugging with MS.

Continuing story, watch this post for edits.

From the mailbag, in response to Exporting to Excel in Crystal Reports .NET - Perfect Excel Exports

Hi, I was searching in the internet about how to solve a problem I have and found your name in an asp alliance article, I left a post there but I prefer to email you.
The problem is this:
Im developing a project with VS 2005 and Crystal Reports, I need to export two reports to Excel but not in just two different xls files but just one with different sheets, if you know how to help me please

Crystal Reports isn't designed for this.  If you want to easily create Excel from data, you need to look into a product like Spreadsheet Gear, OfficeWriter or ActiveXLS.  I've used the free ExcelXmlWriter with great success.

My first DotNetSlackers article has been published: Review: SQL Server Integration Services Using Visual Studio 2005 – A Beginners Guide.

Occasionally in life, the right thing shows up at the right time.  I was just ready to start some work in SQL Server Integration Services, and like a lot of DTS developers, my mind was boggled when I first opened the SSIS workbench.  My tasks looked daunting.

That same week, I received an email from Packt Publishing asking if I'd like to review this book.  Oh boy would I!  Long story short, this book was a significant help in my project.  I went from being an overwhelmed DTS guy to a pretty fair SSIS developer in a short period of time.  Check out the review for more about the book.

Like the other Packt books I've read, it's an easy read, partly because of the writing style and partly because of the typography.  I don't know how much time they spent researching the font style, kerning, etc., but their printed materials are easy on the eyes.  There are a lot of screenshots in the hands-on chapters, and being a beginner's guide, background information on using the relevant parts of VS 2005 is included.  There are no major changes to SSIS in SQL Server 2008, so this book will be relevant for a while.

Get it at Amazon: SQL Server Integration Services Using Visual Studio 2005 – A Beginners Guide

A few years ago, I was looking for a version control system that would be easy to implement and not cost a fortune.  I was splitting my time between my laptop and my desktop, and was always forgetting my thumb drive somewhere else.  I did not have a separate NAS device at the time, so that was out of the question.  I was paying for shared hosting, and was greatly underutilizing my disk space allotment.

Enter FtpVC, a version control system that works via FTP.  It was perfect for my needs!  I installed the client on both machines, configured it to use a folder on my hosting account, and got back to work.  Setup was very easy, and the shared hosting space was accessible to either machine, and offsite.  At $50, it was not a budget breaker, either.  All the usual version control features are there, including history and comparisons.  If you're a lone ranger picking up the odd client job, or a small development shop, FtpVC could be a great solution for you.

There's a new version out, and their announcement e-mail reminded me I should blog about it.  No relation other than happy customer.  As a matter of fact, I've since moved on to another solution, but I still recommend FtpVC as a lightweight and inexpensive way to get into version control.

The Internet Explorer team should be proud of themselves this week:

Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

However, if you're feeling ten feet tall and bulletproof because you're using FireFox, you might want to reexamine that idea and make sure you get the auto-updates installed:

In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it.

The scary thing here is that you don't have to do anything to engage this exploit, and JavaScript is all but invisible to any user not really looking for it.

Likewise, Apple cultivates the image of security to every fanboy's peril:

Safari 3.1 patches 13 holes affecting Mac OS X, Windows XP, and Windows Vista.

Think you're safe because you don't have Safari? You may have it without realizing it. Apple now distributes its browser with iTunes updates. Forget to uncheck a box in one of these updates, and it's there.

The Safari holes could allow an attacker to trick you into thinking that a fake site is really your bank site, or to take over your PC via a poisoned page.

Remember it was Safari that led to the hacking of a MacBook Air in a recent contest.  Add in the insult of sneaking Safari onto machines via iTunes updates and Safari in most corporate environments would be defined as malicious.  The distribution policy has recently been changed to be more clear about what is being installed, but some damage has been done, and you still have to refuse the automatic installation.

There is a reason corporate IT departments prefer software we can control via Group Policy, and why we have policies against anyone installing anything.

Although this attack targets websites powered by Microsoft SQL Server, databases such as Oracle are also vulnerable to this attack.

The attacks "are a very sophisticated form of SQL injection," Qualys CTO Wolfgang Kandek told TechNewsWorld. "Normally, SQL injection is targeted to one table. With this attack, they used a generic mechanism of the underlying database to make it work on a much broader set of applications."

The attacks have targeted sites running IIS and ASP that have an MS-SQL database. However, they are not exploiting a particular flaw in these applications -- the exploit could have been written to target any database -- Oracle or WebSphere, for example.

Rather, the code exploits what security researchers are bemoaning as an elementary lapse in Web security on the part of developers installing the databases.

In addition to this attack, the article mentions another one, specific to SQL Server, on the horizon:

"The underlying database servers are often misconfigured to have an extended stored procedure xp_cmdshell enabled," Belani told TechNewsWorld. "This setting allows an attacker to execute commands at the operating system level post compromise via SQL injection. This level of access is hard to come by in other database servers like Oracle."

Full story at http://www.technewsworld.com/edpick/62783.html?welcome=1209477802.

The root cause of these attacks is insecure web application design, which allows SQL code to be inserted into a page request and executed in the following database query.  This is an old technique known as SQL Injection.

If you're not familiar with SQL Injection, you need to be, since it's a very basic flaw with serious ramifications.  I recommend highly reading 19 Deadly Sins of Software Security for very good introductions to some very basic design issues.

Following up yesterday's post (http://rjdudley.com/blog/WindowsXPNotDeadYet.aspx):

Microsoft says Windows XP sales will end June 30 despite comments by Microsoft CEO Steve Ballmer. Microsoft says it's listening, but petition author Galen Gruman says Microsoft counts a Windows Vista sale even with an option to downgrade to Windows XP. Galen's petition has more than 170,000 names asking Microsoft to save Windows XP.

Full story at http://www.newsfactor.com/story.xhtml?story_id=121009GB4QVS&nl=2

The recent outcry from fans of Windows XP -- or at least from people who hate Vista so badly they don't want to buy it -- appears to have reached the ears of Steve Ballmer. The Microsoft CEO said the company would listen to its customers if they want to continue to buy XP.

full story at http://www.technewsworld.com/edpick/62741.html