No Zytrons In Range

I recently had this problem, and found the solution after a little Googling.

You might notice that sites that used to auto-log in, like your webmail provider, now require you to manually log in each time. Your login information is stored in cookies, and this likely means that Firefox’s cookie file is corrupted.

Navigate to the following folder (in Vista):
C:\Users\[Your User Profile Name]\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default

Put your Windows user name in the first blank. The actual folder has a randomly-generated name, something like “5gjbzh6p.default”, but you most likely only have one of them. You’ll need to have Explorer show hidden files and folders, as the “AppData” folder is hidden by default. (In Vista, the setting for this is in Organize->Folder and Search Options->View->Show hidden files and folders.)

Inside that folder is a file named “cookies.sqlite”. This is the corrupted file. Rename the file to something like “cookies.backup”. (So that we can restore the file, if it turns out that this wasn’t the problem after-all.)

Open up Firefox, log in to your favorite website to set your cookie. Now to test if cookies are saving correctly, close Firefox, re-open Firefox, and go to your favorite website again: you should be automatically logged in.

I don’t normally post about boring work topics, but I wanted to talk about this because it’s a gigantic WTF, and because it might come in handy for someone else who’s stuck on a Javascript project.

It turns out that the thing getElementsByName and getElementsByTagName returns isn’t actually an array. It looks like an array, it walks like an array, and it quacks like a duck, but it’s not actually an array at all. It’s actually a “dispHTMLElementCollection”.

I’ve been doing tons and tons of Javascript work for years, and I’ve actually never come up against this particular quirk before. The only reason I figured it out is that I tried to push() an element into a dispHTMLElementCollection, and it turns out that dispHTMLElementCollections don’t have a push() method. Why doesn’t it have a push() method? Who knows.

Oh, and to make it worse: it’s not documented. Anywhere. This forum post is all MSDN (Microsoft’s developer site, maker of the most popular web browser on Earth) has. Mozilla (makers of the second-most popular web browser on Earth) has absolutely nothing on it, or at least nothing Google’s indexed. Nor does w3.org, the maintainers of the DOM standards (most relevant to this issue.)

What. The. Fuck.

Here’s a test page to demonstrate the issue:

<html>
<head>
<title>Test</title>
</head>
<body>

<p>h</p>
<p>e</p>
<hr />
<p>l</p>
<p>l</p>
<hr />
<p>o</p>

<script type="text/javascript">

    // Call the "broken" version of CombinedElementList
    // This function fails in both IE and Firefox, even
    // though at first glance it looks fine. Reason?
    // getElementsByTagName *doesn't* return an array,
    // instead it returns a "dispHTMLElementCollection"
    // which looks and acts exactly like an array, but
    // has no .push() method.

    //var combo = CombinedElementListBroken();

    // The "fixed" version uses a Javascript array to
    // store the results of the two
    // getElementsByTagName calls.

    var combo = CombinedElementListWorks();

    alert(combo.length); // Expect: 7

    function CombinedElementListBroken()
    {
        // Create two "arrays" of HTML elements
        var paras = document.getElementsByTagName('P');
        var hrs = document.getElementsByTagName('HR');

        // Attempt to combine the two using a simple FOR loop
        for (var i = 0; i < hrs.length; i++)
        {
            // IE: Object doesn't support this property or method
            // Firefox: paras.push is not a function
            paras.push(hrs[i]);
        }

        return (paras);
    }

    function CombinedElementListWorks()
    {
        // Create two "arrays" of HTML elements
        var paras = document.getElementsByTagName('P');
        var hrs = document.getElementsByTagName('HR');

        // Create a third, blank, array to store the combined list
        var combinedArr = new Array();

        // Puts elements from the first "array" into the combined array
        for (var i = 0; i < paras.length; i++)
        {
            combinedArr.push(paras[i]);
        }

        // And the second
        for (var i = 0; i < hrs.length; i++)
        {
            combinedArr.push(hrs[i]);
        }

        return (combinedArr);
    }

</script>

</body>
</html>

Ok, so I posted this to TheDailyWTF, thinking it’d be a laugh: it’s not. Don’t do that, ever. You’d never know it from the frontpage, but the WTF forums are full, apparently, of programmers with psychic or telekinetic powers. To them, it’s my own fault that I couldn’t tell with only my mind that a dispHTMLElementCollection is actually the same thing as a NodeList as documented in the DOM2 standards.

Read the thread if you like.

One useful piece of information I did glean from this, though, the reason that getElementsByTagName (and similar functions) return something other than an array: the list they return is “live”, meaning they can update as elements are added or removed from the page. I don’t see this as being particularly useful, but, hey, at least it explains why it’s not an array.

Several non-useful pieces of information I received: link after link after link to documentation that doesn’t have the terms “dispHTMLElementCollection” and “NodeList” on the same page, and thus have absolutely nothing to do with the WTF I reported.

Apparently, to the WTF posters, this is all “common knowledge” that I should have gotten based on vague comments in a Javascript library I don’t even use. Or I was supposed to look up getElementsByTagName in the DOM, then assume that the type returned (NodeList) just happens to be the same thing as a dispHTMLElementCollection even though there’s nothing to indicate that that is the case.

To the WTF posters, writing a simple page on either Mozilla or Microsoft’s site saying, “oh BTW, dispHTMLElementCollection is the interface we use to DOM2′s NodeList, here’s a link” is a horrible burden that should be never be inflicted on anybody.

BTW, kudos to tgape who not only agrees with me that the lack of documentation is a WTF, but who wasn’t a jerk about it.

Anyway, some good came out of all of this: the next person to search for this completely undocumented class (or interface, or whatever the hell it is) will find either the WTF post or this one, and hopefully won’t waste as much time and energy on it as I have.

It brings up a question, though, that I’m too lazy to test on a Sunday morning (but maybe I will tomorrow): Since the DOM NodeList can be a different class in a different browser, how the holy hell are you supposed to use typeof(x) to find whether something is a NodeList in a cross-browser way? Alternatively, if it’s represented internally to IE as a dispHTMLElementCollection, but typeof(x) returns NodeList (which is what I suspect happens), then why the holy hell would the debugger show dispHTMLElementCollection instead of NodeList?

There’s WTFs all around.

I just moved this blog onto another host, and of course in the process you have to move your database to another host. Of course, this couldn’t be an easy task:

• First, MySQL changed the default collation on their database server installs from latin1 to UTF8. UTF8 is by far a superior choice, but it’s the change that causes the pain since all older databases are latin1.
• To make things worse, it turns out WordPress (the software running this blog) shoves UTF8 into the database regardless of what the database collation is set to. Christ.
• To make things more worse, when you have a latin1 database table with UTF8 in it, phpmyadmin can’t export it without filling in those UTF8 entries with junk characters.
• And just to top it off, I have a whole blog posting based around the word “piñata.”

Anyway, after database export after export after export, and with the help of a WordPress plug-in designed specifically to fix this dumbness, I think I have it all finally straightened-out. Everything’s moved over to the new host, and working exactly how it did on the old host. (With one exception: the backup plug-in I was using isn’t compatible with Windows servers because it uses hard-coded path separators.)

Joy.

If you see any problems with anything, please let me know in the comments. Unless comments aren’t working, then send me a singing telegram.

I have no idea why I visit or post to Slashdot.

There was an article up a couple days ago about a new open source multiplayer FPS game. I like multiplayer FPS games, and I like free things, so I thought I’d give it a try. Big mistake.

After one of the game developers (“qreeves”) received a lot of negative comments about the game, he posted a plea for fair treatment. So here it is.

The game was actually not that bad, but the website was abysmal. Anyway, after struggling for over 15 minutes just to figure out how to download the game, there was the following exchange:

My Challenge to Slashdot Users (Score:2, Insightful)
by qreeves (1363277) Alter Relationship on 09:31 AM February 26th, 2009 (#27000285) Homepage

I’ve noticed quite alot of misinformation and negativity from the users of Slashdot, and I must say that I am quite disappointed by it. Geeks are supposed to be intelligent people with thought out answers and responses, and it seems to me everyone who comments either did not bother to try the game at all, or find some other off-topic fault to complain about.

I have worked in Open Source for a decade now, and this is the reason most developers become jaded and rude to their users – nothing else. You all want Free and Open Source Software, but where is your empathy? What do we get out of it other than an earful of crap? Please wake up to yourselves and do something to benefit the community for once, rather than idly making rude remarks to inflate your own sense of ego.

My challenge to you all is this: Actually play the game and come up with some constructive criticism. Otherwise, please just ignore this post and move along.

Re:My Challenge to Slashdot Users (Score:2)
by Blakey Rat (99501) on 12:12 PM February 26th, 2009 (#27002825)

The download link on the website doesn’t work. It took me 15 minutes to find how to download the game, and that’s only because I was deconstructing how terrible the website actually was (so I could talk about it to some co-workers.)

In short, what did you expect would happen? You couldn’t be bothered to test whether your own website works, and it’s *our* fault you’re seeing negativity.

Re:My Challenge to Slashdot Users (Score:1)
by qreeves (1363277) Alter Relationship on 06:46 PM February 26th, 2009 (#27007683) Homepage

You’re still not providing any useful feedback. I can only test it on so many configurations considering my limited access to everything under the sun.

Re:My Challenge to Slashdot Users (Score:2)
by Blakey Rat (99501) on 08:40 PM February 26th, 2009 (#27008305)

Dude.

The download link, on the website, does not work. The website. It’s HTML, it’s the same for every platform. It doesn’t work. Does. Not. Work. Clicking it does not begin a download, instead it takes you to the release notes. Every platform’s download link does this. If you think the download link works, you’re living in some bizarre fantasy-land full of flowers and daisies. How is that not useful feedback?

It took me something like 15 minutes to figure out how to download the game. But since I did, WTF, here we go:

1) Is the name of the game “Blood Frontier” or “BloodFrontier?” The website has it one way, my Windows Start menu the other way.
2) On first startup, the game sets the resolution of my main monitor to … something, and also blanks out my secondary monitor for no reason whatsoever. Despite changing the resolution, it still runs in a letterbox, which prompts me to ask what the hell the point of changing the resolution was. Kudos on it correctly handling Alt-Tab, however.
3) When I’m typing in my username, and I press shift to capitalize a letter, my “character” seems to duck down, even though I’m typing in a username and not actually playing… WTF?
4) When I’m done typing in my username, nothing happens? I think I’m in a game, but there’s no other players, and no way of figuring out how to get to the menu. (Turns out escape, or walking up to the bank of monitors, does it. If I were new to the world of FPS games, I’d have no idea either of those two options existed.)
5) The font used for menus is almost unreadable on my monitor. It has some kind of shadow effect, and it’s really tiny.
6) Turning off “fullscreen” in options/display does nothing. (Although the option stays unchecked.)
7) Changing the game resolution in options/”gfx” does nothing. The resolution you check doesn’t even stay checked. Some quality settings are in “gfx”, others are in “display” with no apparent rhyme or reason.
9) You can’t simply set all options to “slow and pretty” by clicking the text that says “slow and pretty” in options/”gfx”. That would be too easy. So would auto-detecting what my hardware is capable of, apparently, since it’s running at 120+ FPS in the default configuration.
10) The radio buttons in options/mouse are backwards. For some reason, the COLUMNS are labeled “fixed, panned, free” yet the rows are labeled as the specific mouse mode you’re setting. Actually, this might make sense if it were presented as a single table of radios instead of three columns next to each other, but as-is it’s pretty unusable. (You also have to ask: how many people will change this? Seriously? I doubt it’s enough to warrant the code to support it.)
11) While speaking about options, the tabs at the top don’t give any sort of mouse “grace period”, therefore it takes very deliberate mouse movements (vertically straight down, then left) to interact with the options. If you move your mouse quickly, like a normal rational person does, the tab will be accidentally changed before your mouse pointer reaches the option you want to change.
12) Also, there’s no tooltip telling me what the hell some of these options are. “Absolute mouse?” “Mumble positional audio?” “stencil bits?” … uh, WTF are those? “Yes, please, I’d like the positional audio to mumble. I hate it when it’s too clear.”
13) Autoexec.cfg? Seriously? Did I go back in time 15 years to when this crap was acceptable?
14) To start a bot match, I go to “Game” and click “Vote?” WTF.
15) And why is there a “mystery map” in the middle of the maps list? Does this mean randomly select a map? If so, why is there a text field next to it? What do I type in the text field? “Yes, I would like a random map please!” was my guess, but it did nothing.
16) The “Get online support” option under “Help” does… some… confusing… thing. I suppose this is the IRC interface? (It’s hard to tell because I can’t read the damned font.)
17) It says “if you do not agree please part now.” Part what? Do you mean DEpart? Also, how do I do that? There’s no X button or any visible way of closing the IRC window. (Although escape seemed to work. For all I know, that just hides it and doesn’t exit it.) … Oh wait, I’m still seeing people’s chat, presumably in IRC, so I guess “escape” didn’t exit it.
18) My game is still in the intro/menu level, and the message says: “Please Wait, Ready to respawn.” Ok, but how? Left-clicking does nothing. Right-clicking does nothing. Space does nothing. What would be the point of respawning in an empty map anyway, except to walk up to the monitors to see the menu again? (Also, how did I die on an empty map with no enemies?)
19) While I’m in observer mode, I can pass the camera though solid objects. (Possibly intentional, but it looks like crap on screen because of the clipping.) If you’re going to let the camera pass through solid objects, follow the example of most games and make the object translucent proportionally to how close the camera is, then entirely transparent when the camera “enters” it.
20) While I’m in observer mode, the menu no longer opens when I bring the camera close to the monitors.
21) Opening the “Servers” menu doesn’t ping the servers by default. What the hell else are people going to open this menu for? It should just do it.
22) Of the 5 servers running, one is me. One is labelled “v156 != v157″ which I assume is a version mismatch error, but who the hell knows. 3 are empty.
23) 1 player. The server has 1 player, and that’s it. And it’s me. Hard to play-test a multiplayer game when there’s nobody playing! Shadowrun has a more active community, and it sucks.
24) So I join an empty server, other than my own. There’s a map marker named “base” which is off-screen, apparently. No matter which way I turn, it’s always stuck against the top or bottom of the screen.
25) Grenades fly in a straight line, apparently not subject to gravity.

There, 25 pieces of feedback, and I didn’t even play against an actual human. Happy?

Re:My Challenge to Slashdot Users (Score:1)
by qreeves (1363277) Alter Relationship on 12:21 AM February 27th, 2009 (#27009313) Homepage

14:17.19 * Blakeyrat (n=Blakeyra@pool-71-113-17-244.sttlwa.dsl-w.verizon.net) joined
14:24.31 [+bfbot] Blakeyrat has joined the game
14:28.36 [+bfbot] Blakeyrat has left the game
14:28.36 * Blakeyrat (n=Blakeyra@pool-71-113-17-244.sttlwa.dsl-w.verizon.net) quit (“Blood Frontier, It’s bloody fun! www.bloodfrontier.com”)

Yeah buddy, you really gave it a chance.. So no, I am not happy; your feedback is done with malice and spite. While you make valid points; for a beta you are just nitpicking. You made no attempt to talk to us or work out how to do things, you’re just too self involved to care. I’m not afraid to say these truthful things either; people like you, we do not need – people who are helpful; they’re more than welcome.

Re:My Challenge to Slashdot Users (Score:2)
by Blakey Rat (99501) on 06:14 AM February 27th, 2009 (#27011083)

Wait, I played, according to your IRC log, 11 minutes on an EMPTY SERVER (a server with NO OTHER PLAYERS), and I didn’t give it a chance? What’s the typical user behavior when joining empty servers? Sticking around for an hour? Three hours? What’s the cutoff for me having “given it a chance?”

Look, I’m trying to test a multiplayer game, there’s no players. It took me 15 minutes to figure out how to download the damned thing. As pointed out in the issues I brought up, which you apparently don’t care about despite (most of them) being valid bugs, the usability of your game is abysmal. Arguably the two most important functions for a game (changing to Windowed mode, and changing the game resolution) simply *do not work.* The menu text is impossible to read. Maybe I’m an old fogey with bad eyes, but it’s impossible to read.

We’re talking about a game that is, supposedly, in beta and you don’t even know what the NAME of it is. (“BloodFrontier?” or “Blood Frontier?”)

I think I’ve jumped through about a dozen more hoops than anybody should EVER have to jump through to test a beta product, and you just come back with: “oh well you only played for 11 minutes.” Dude, 11 minutes of this shitty game with no players is an ETERNITY.

Oh well, just like every experience with open source, it just encourages me to never, ever help open source programmers. You simply do not give a crap about the quality of your product. Someone points out tons of low-hanging-fruit bugs, and you just reply with “oh well you weren’t serious.” Screw that.

Do I come across as a jerk? Yah. I am a jerk most of the time. But that list of bugs, they’re all valid. And people who will get Slashdot to post an article to thousands of people before even checking that their own website works, those people piss me off. What a colossal waste of time.

I did a Google search for the acronym “FFA” today to figure out what it means other than Future Farmers of America, and I noticed something really weird about the results.

Take a look at page 3 of the results:

Notice the bottom-most entry on page 3 is Football Federation Australia. Fair enough. But when I kept clicking on, I noticed that Football Federation Australia was also the bottom-most result on page 4, and 5, and 6, and 7, and 10:

and 20:

and 29:

but not 30:

The bottom-most result on every page of results from page 3 to page 29 is Football Federation Australia.

What’s going on here? Is the bottom-most entry on each page actually a sponsored link? (It’s not labeled as one on the page at all, if so!) Is this some weird bug having to do with the SearchWiki feature? Or maybe it’s a plain ol’ bug that’s been around for ages.

Another one of those things that I have a love-hate relationship with is World of Warcraft. The good news is that Blizzard actually makes an effort at Vista compatibility. (Unlike, for example, Valve who doesn’t even try.) The bad news is that Blizzard has no fucking clue how to actually make their product compatible with Vista.

WOW was built with the assumption that it would be able to read and write files from the Program Files folder at will. This assumption was wrong when it was built, and it’s especially wrong now that Vista is out. Windows 2000, BTW, has the exact same limitations for regular users as Vista does for administrative users, so it’s not as if this is new or anything. WOW has simply always been broken on Windows 2000, XP, and Vista.

The solution before was always just “well, run as administrator.” To this I reply: screw you. I’m sick of video games, which pretty much by definition never do any administrative tasks, relying on administrator permissions. WOW does nothing but shove tons of data through the Internet, both directions. With administrator permissions, that means WOW can, at the instruction of some random Internet server, completely fuck with any file on my system. The same applies to any other Internet-aware video game, and I’m sick of it.

Security aside, using the wrong folders also breaks the multi-user model of Windows. It’s impossible for WOW to have different settings for different computer users, because they only have one copy of the settings file. It’s also impossible for different users to run different sets of Add-Ins, because there’s only one folder that Add-Ins can be put in.

Game developers: Windows 98 was a long, long time ago. Please spend a few seconds to learn how NT permissions work before releasing a game to the unsuspecting public! You’re doing nothing but adding security holes to people’s computers and breaking OS built-in multi-user features. Stop it.

So back to WOW. WOW decides to store its configuration data in a “WTF” folder (no kidding, Blizzard!) inside its Program Files folder. This is wrong; that data should be stored in “Users/[User]/AppData”. Additionally, Blizzard puts interface add-ins in the Program Files folder. This is wrong; that data should be somewhere like “Users/[User]/WOW Add-Ins”. (For those reading closely, in this paragraph I’ve just outlined exactly what changes Blizzard needs to make for full Vista compatibility.)

Obviously Blizzard knew their way was wrong, because they tried to fix it. How? In the most half-assed way possible, of course.

Blizzard moved their entire install to “Users/Public” (or presumably “Users/All Users” in XP.)

That user account is supposed to be used for files you want to share among all users on a computer, for instance, custom desktop backgrounds or maybe a music library. (You’ll note that’s where Vista puts all its sample media, so all users can access it.) It’s not intended for programs. In fact, nothing in the “Users” folder is intended for programs! Wrong, wrong, wrong!

And even worse, apparently Blizzard didn’t even bother to test if this would fix their issues. It doesn’t, it makes them worse! The problem they were trying to fix their auto-updater getting blocked by UAC prompts, what they ended up with is a situation where WOW is silently prevented from saving its own configuration files, and so it appears to be working just fine, except every time you log out, WOW forgets everything it ever knew. This includes making you agree to the EULAs over and over and over again.

Are you trying to tell me that nobody at World of Warcraft knows how NT permissions work? A 15-year-old system? At least Valve can use the excuse that they don’t even bother to try.

Blizzard, you’ve really earned this:

P.S. And whenever you see issues like this and look into the forums, people are always blaming Vista. As if Microsoft did something wrong by making their OS more secure. It’s almost enough to get me to break out that crazy pills image again.

Ok, so MS SQL Server has the worst installer in history. And Visual Studio 2008 has the second-worst installer in history. That’s a given. But when the two installers attempt to interact with each other, you’re left with an experience only slightly more pleasant than a lifetime of burning in hellish torment.

If you work with these two products, you’ll probably see the following dialog box when trying to install MS SQL Server 2008 SQL Server Management Studio (say that one three times fast!):

Rule “Previous releases of Microsoft Visual Studio 2008″ failed.

A previous release of Microsoft Visual Studio 2008 is installed on this computer. Upgrade Microsoft Visual Studio 2008 to the SP1 before installing SQL Server 2008.

(Yes, the grammatical error is in the original.)

It sounds simple enough, but true evil is always subtle in its workings. Once you receive this message, you do the only rational response, open up Visual Studio 2008 and select “Check for Updates” in its Help menu. This takes you to Windows Update which, lo and behold, actually has a download available for Visual Studio 2008 SP1! So you spend the next hour and a half (no kidding) installing the service pack from Windows Update.

So far this is the most easily-overcome obstacle I’ve ever encountered with one of these horrible installers! Or it would be if it worked, but of course it doesn’t. Despite the Windows update installer claiming to update Visual Studio 2008 to SP1, it doesn’t appear to actually do anything at all. Even after you reboot. At least, the version number for Visual Studio doesn’t change and SQL Server’s installer still barfs all over it.

Crap.

After a long Google search, I found a lengthy explanation of the problem, and if you spend the requisite 3 hours trying to understand the gibberish, you’ll realize where you went wrong. You can’t update Visual Studio using the update link that comes built-in to Visual Studio, you fool! You must instead use the one available at this website!

I write this in the hope, probably futile, that it’ll rise in the Google rankings and help the next pour soul who receives that poorly-written error message with no clue how to resolve it. And with the hopes that somebody who works on Microsoft’s SQL Server or Visual Studio teams will read this and fix their goddamned installers already! (but I’m not holding my breath on that one.)

Edit: I should have anticipated this!

Of course, after writing instructions on how to remove a common virus, I should have realized my content-sensitive Google ads on the left side of the page would all instantly turn into scam anti-virus tools.

Please, please don’t attempt to use any of those advertisers’ products to fix your computer if that’s what you came here to do. In fact, don’t click them at all. They won’t work, and you’ll just have more crap on your computer. Remember, despite anything Google might tell you, they don’t personally vet ads before letting them loose on their network and they don’t bother removing bad ads until somebody complains.

Sorry.

I managed to infect my work machine with this little bastard, and it took me several hours but I finally figured out how to get rid of it. Despite the name on the Wikipedia page, Vundo isn’t a trojan, it’s a plain ol’ virus, which managed to gain a foothold on my computer through Sun’s Java plug-in.

Lesson 1: Java is by far more trouble than it’s worth; uninstall it.

Anyway, I seem to have gotten a brand new variant of Vundo that slipped under Symantec’s radar, and the existing removal instructions and tools simply didn’t work for me at all. The most useful existing tutorial is on this seemingly nameless page, and the instructions on McAfee’s guide, which got me 75% of the way to the solution, and from there I found my own way to finishing the job.

To remove Vundo:

1. These instructions assume you are running Windows XP and have Administrator privileges. This shouldn’t be an issue, as if you didn’t run as Administrator, or were using Vista, you probably wouldn’t have been infected in the first place.
2. Follow the instructions on the seemingly nameless page linked above for identifying the DLL files used by the virus, up to the “Remove the Infection” header. (These instructions outline using ListDLLs.exe to get a list of all DLLs currently running on your computer. Vundo DLLs have a blank Version column, “C:\Windows\System32″ in the Path column, and have a string of 8 random characters as the filename.) Save the list somewhere handy, or print it out.
3. Locate the first DLL file on the list in your “C:\Windows\System32″ folder. Right-Click the icon and select Properties. Click to the Security tab. Make sure the “Everybody” group is selected, then click the Deny checkbox next to Full Control. This should automatically check all other permissions in the Deny column. (Note: you won’t be able to uncheck the “Allow” column, but the fix will work anyway.)
   

4. Repeat the last step for the other Vundo files identified using ListDLLs.exe. (In my case, there were 3 DLL files used by the virus.)
5. (This is the kind of nasty part.) Perform a hard reboot by holding the power button of your computer in for 15 seconds, or until it turns itself off. You cannot allow your computer to shut down normally, or Vundo will rename and reproduce itself during the shut down process.
6. After your computer finishes restarting, you can now delete the DLL files you changed permissions on. You should also empty the recycling bin, to ensure they are fully deleted.
7. Run a virus scanning program that’s normally capable of getting rid of Vundo to ensure nothing else remains. Spybot Search and Destroy seemed to do a good job of identifying it, or you could download and use Symantec’s removal tool.

How does this work? The variant I have keeps its DLL files constantly open and locked using both WinLogon.exe and Explorer.exe, so they are impossible to rename or remove.

The seemingly nameless page recommends queuing the files to be deleted on the next boot, but that didn’t work at all on my system. (Once WinLogon.exe is running, the DLL files are impossible to delete. I think the “delete on next boot” utility doesn’t run until WinLogon is already running.)

McAffe recommends using Process Explorer to Suspend Explorer.exe, WinLogon.exe and RunDLL32.exe as you do the removal, and then do a hard reboot. This in theory would prevent Vundo from re-establishing itself during the shut down process, but it didn’t work for me because the DLL files were impossible to rename or remove while Explorer.exe and WinLogon.exe were running, even when they were suspended. (Which makes sense– suspend is like pausing a program. If the program has locked files, why would you expect them to become unlocked while it was paused? I can only assume McAffe’s directions work on a different variant of Vundo, although I can’t see how.)

My solution relies on three handy bits of trivia I’ve learned:

• Windows XP boots using Administrator group permissions.
• Deny permissions always over-ride Allow permissions.
• The NTFS driver starts enforcing file permissions really, really early in the boot process

Basically, by setting Deny permissions for the Administrator group on the DLL files, we made it impossible for any program on the computer to run them, even programs that start before the user is logged in (like WinLogon.exe.) Once WinLogon.exe and Explorer.exe both fail to open the Vundo DLLs, they can simply be deleted from the system because they are no longer locked.

I hope this is helpful to somebody down the line.

Posted from a new iPhone. I’m so ashamed.

Ok, the iPhone is a really slick piece of technology. It also requires iTunes for all of its features to work. If you want an analogy, this is kind of like taking the precision steering of a formula one racer and installing it into a 5-ton garbage truck.

iTunes sucks.

iTunes sucks a lot.

I’ve spent the last 2 and a half hours on the phone with Apple, trying to fix this:

And this:

After a few long exercises in time-wasting* and lots of hold time, we finally managed to solve the first problem, hopefully permanently.

The second problem? Not so much… even re-installing iTunes didn’t help it. It’s just a giant steaming turd of iTunes suckage I have to click through now every goddamned time I plug in my iPhone.

And yes, I made Apple’s techs wait on the phone the whole time it took me to uninstall iTunes (4 uninstallers!), download a new copy from the web, and install it again (one installer with 2 UAC prompts!) If they’re going to release shoddy products, they’ll have to cough up the dough to keep those techs paid when I run into problems. Even trivial problems, in fact, even more so for trivial problems simply out of spite.

I bet if every iPhone user who had problems with iTunes called them up, they’d be rushing to make a new version of iTunes with the shittiness removed. Am I the only one who gets bothered by crappy software that hardly works?

Oh well. The iPhone works, finally, and it’s busy loading itself up with music from my media server.

* No, idiot Apple tech, my default Vista cookie settings are not the cause of the problem, otherwise you’d get 10,000 calls a week about this exact same issue from other Vista users! Engage your brain!

A recent “live chat” with an Earthlink customer service representative. Proving that if you ever see anything that looks like dry-loop DSL in Washington State, you’re dreaming and should go back to bed.

Chat Information: Thank you for choosing our secure EarthLink Sales chat. All agents are currently assisting other customers. Thank you for your patience. You are number ’1′ of ’1′ customers in line. Your estimated wait is ’0′ minutes and ’30′ seconds.
Chat Information: Hello and welcome to EarthLink’s secure live Sales chat. You are chatting with Kelly K..
Kelly K.: Thank you for using EarthLink’s live Sales chat. How can I help you today?
James Schend: Hi, I currently have Verizon and I want to drop my landline phone service and get dry-loop DSL, is that a service you offer?
Kelly K.: Great, I can help you with that.
Kelly K.: Let me see what is the best service available for you.
Kelly K.: To do a check for service I will need your full name, phone number and complete physical address at that location.
James Schend: My name is James Schend
James Schend: Phone is ___-___-____
James Schend: And address is __________
Kelly K.: Thank you.
Kelly K.: One moment while I get that information for you.
Kelly K.: Thank you for your patience.
Kelly K.: I see that you are serviceable for our High Speed DSL service.
Kelly K.: Our Freestanding (Dry Loop) DSL Internet is not available at that location yet.
James Schend: Ugh, that’s no better than Verizon. Is there any way to be notified when it’s available, or request it?
James Schend: I’d rather not give Comcast any money, but I’m sick of being ripped-off for a local phone I never use.
Kelly K.: I am afraid no. Well you can keep your phone service to the minimum so that our Highspeed DSL Internet can run.
James Schend: What would that cost per month?
Kelly K.: This is a best effort technology with speeds up to 1.5mb on the download and up to 128kb on the upload.
Kelly K.: Right now I can save you $99 by waiving the fee for equipment and activation. You then get the first 3 months of your contract for only $12.95/ mo. and the remaining 9 months are just $39.95 each.
Kelly K.: I can get this started for you right now, if you would like.
James Schend: I’d rather have 3 mbit, is that available?
James Schend: That’s what I currently have through Verizon.
Kelly K.: Sure.
Kelly K.: This is a best effort technology with speeds up to 3.0mb on the download and up to 384kb on the upload.
Kelly K.: Right now I can save you $99 by waiving the fee for equipment and activation. You then get the first 3 months of your contract for only $19.95/ mo. and the remaining 9 months are just $39.95 each.
Kelly K.: Would you like me to get this order started for you?
James Schend: What kind of phone service comes with that? You said the bare minimum, but I still ahve to pay all the phone taxes
Kelly K.: Well we do not provide phone service.
James Schend: You just said it would be minimum phone service to qualify for DSL
Kelly K.: I am just telling you that you can keep your existing phone service to the minimum cost so that you can use our Highspeed DSL Internet.
James Schend: That’s no different than what I have now, except I have to pay 2 bills every month
James Schend: Instead of one
Kelly K.: Well that’s right but EarthLink DSL service is rated the best service by PC Magazine as well as JD Power. With all of the additional features that we offer with our Internet service that is hard to get with other companies , along with our Award Winning Technical and Customer support
James Schend: I don’t care about any of that, I just want internet service at a decent price with NO local phone and NO cable TV.
James Schend: I don’t know why it’s so damned hard to get that.
James Schend: I’m knowledgeable enough on computers that I guarantee that I’ll never call your tech support or download your software.
James Schend: I just need service.
Kelly K.: I understand your concern but our Freestanding (Dry Loop) DSL Internet is not available at that location yet.
James Schend: It’s 2008. When will it be? When I’m long dead?
James Schend: Sorry, I’m just so frustrated that I’m chained to this goddamned useless phone.
Kelly K.: I understand your frustration.
James Schend: Well, thanks anyway for your help. But paying more and having two bills instead of one isn’t an improvement.

Yes, just because Washington State is home to Microsoft, Amazon and Nintendo of America doesn’t mean we get any reprieve from the lousy state of Internet provider monopolies in this country. God-forbid I go my life without a useless and annoying land-line telephone, Verizon’s doing me a favor by offering me shitty service!

(P.S. Yes, I realize I was pretty rude to the sales person there. Oh well.)