Rob Eberhardt

I thought I'd share some Small Business Server 2003 security silliness.  Following is a series of Internet Explorer dialogs when you setup VPN via the Remote Web Workplace:

Notice the Big Red Flag??  Microsoft's SBS team never signed the VPN installer (sbspackage.exe), so IE on XPSP2 (and presumably 2003SP1 now) does its scary "don't take candy from strangers" warning.  (How long has Microsoft been touting executable signing now?!?) 

*sigh*

 

I just asked a guru of advanced Object-Oriented Javascript, Douglas Crockford the following question.  For posterity, and for other possible takers, I'm posting it here too.

Also, for the record, this has nothing to do with IE's proprietary -- but wonderful -- setExpression method or CSS expression capabilities.  Those dynamic properties only apply to DOM objects, not custom Javascript objects.

---

Do you know of a way to define dynamic object properties in Javascript?

For example, VBScript lets us define classes such as this:

CLASS myClass
    PUBLIC phrase
    PUBLIC PROPERTY GET firstword    'get first word from phrase
        firstword = left(phrase, instr(phrase, " "))
    END PROPERTY
    PUBLIC PROPERTY LET firstword(v) 'set phrase's new first word
        phrase = v & " " & phrase
    END PROPERTY
END CLASS

This demonstrates two important features:
1. the firstword property can return dynamic results (depending on the current value of the phrase property). 
2. setting the firstword property can run other code (which dynamically prepends to the phrase property).

We can fully accomplish #1 (Property Get) in Javascript, by reassigning the toString method/property to a function like so:

function myConstructor(){
    var self = this;    //preserve object's context
    this.phrase = '';
    this.firstword = function(v){
        if(v){self.phrase = v + ' ' + self.phrase};    //LET
        return self.phrase.substring(0, self.phrase.indexOf(' ')); //GET
    }
    this.firstword.toString = this.firstword;
}

...But I've found no way to achieve #2 (Property Let or Set) in Javascript.  I can set firstword as a method, but setting the property value overwrites the method definition (and all subsequent GETs return that static value).

I've extensively searched, but found no answer (at least not before Javascript 2.0, which doesn't yet exist).  Any ideas from the experts?

Update: Douglas Crockford responded that he doesn't care for getter/setter properties, since "it allows simple assignment to have side effects, which I think works against reliability."  (I take that as a "No, it's not possible.")
    My current need is that I'm patterning my custom object after part of the DOM, whose objects certainly do have getter/setters.  I agree with Douglas that getter/setter side effects can be dangerous (esp. in the hands of a poor coder, as with any powerful code construct), but I think the use of methods -vs- getter/setter properties should be in the realm of "best practice" rather than a language limitation. 

"when velocity and distance are incorporated into the equation, the 5 second rule is dramatically increased"

I've run into this often: the need to have a VBScript constant containing a line-break character.  Today I finally got a definitive answer on whether it's possible (for the impatient, the answer is NO).

If you're interested in history...

Of course this is right out:

CONST blah = "hello 
there"

...It's just bad syntax.  The closing string quote has to be on the same line as the opening one.

The normal approach I've tried was this:

CONST blah = "hello " & vbCRLF & " there"

..But the ampersand (concatenation operator) automatically makes it an expression to the VBScript compiler, and therefore it assumes "not constant." This is of course despite the fact that both parts are known at the time of compilation (which is the main criterion for a constant -- value is known at compile time).  Anyway, the ampersand is right out.

Now in JScript/Javascript/ECMAScript, you can do this:

var blah = "hello \r\n there"

...The \r\n switches define the line-break character, they go inside the string, and they are only interpreted when it's read. 

Unfortunately, there's no similar switch in VBScript.  While HTML does honor ASCII codes like 
 or 
, and web browsers honor hexadecimal codes in URLs, VBScript does neither.  So these also don't work:

CONST blah ="hello 

 there"
CONST blah = "hello %0A%0D there"
CONST blah = "hello 0x0A0x0D there"

So I was reading a blog entry by Eric Lippert (who I believe wrote most of VBScript) today, and he mentioned Constant Folding, and proceeded to outline the mechanics behind this VBScript constant problem.  It rung a bell, I asked about line-breaks in VBScript constants in his comments, and Eric responded:
"Sorry, you are correct -- there's no way to do that. Sub-optimal, I know. "
...Straight from the dev's mouth.

SO, if you need a line-break in a VBScript constant, just use a variable instead:

DIM blah
blah = "hello " & vbCRLF & " there"

...Yes, there may be some slight performance penalty compared to a constant, but it is script after all -- racing performance ain't the point.

25 And Over - Playtime's Over, Kiddies

Hilarious and disturbing in how much it has needed to be said.  My favorite bit:

“ 4. Develop a physical awareness of your surroundings. As children, we live in our own heads, bonking into things, gnawing on twigs, emitting random squawks because we don't know how to talk yet. Then, we enter nursery school. You, having graduated college or reached a similar age to that of the college graduate, need to learn to sense others and get out of their way. Walk single file. Don't blather loudly in public spaces. Give up your seat to those with disabilities or who are struggling with small children. Take your headphones off while interacting with clerks and passersby. Do not walk along and then stop suddenly. It is not just you on the street; account for that fact.”

My own contribution to this is the boring “keep right except to pass.”   I'm usually just bothered by two things when driving:

• Passing Lane Squatters (as I've dubbed them, except the term sometimes follows a less-descriptive, more emotional adjective), and...
• Failure to Indicate (as in turns or lane-changes).

Unfortunately, the entire Passing Lane situation is complicated by two other things:

• My Lovely State's lack of any laws related to the Passing Lane, and...
• My Larvaly State's perverse plethora of Left-side Exit Lanes!  (pardon the alliteration)

Hence the righteous indignation (which might otherwise lead me to shoot cars with paintball guns) must remain at bay. 

Laws can be changed, but Exit Lanes are forever.

 

Mapping/Connecting a Drive Letter to a WebDAV or Front Page website

Update:

Apparently Windows XP makes this possible through an integrated WebDAV client and updated Net Use command.  For icing: if you have a Passport, you can map your online Documents folder to a drive letter with this command:
net use * "http://www.msnusers.com/My Web Documents/Documents" /persistent:yes /user:UserName@passport.com

Tons of cool possibilities with this...  (Now if we could just do the same with FTP!)

I just setup a webDAV-enabled website in IIS, enabled HTTPS, setup a couple virtual directories with pass-through authentication to my file server, and voila! thanks to the above trick, I can have secure, full-control remote access to it from anywhere.

Actually, there was a lot of toil to the process, since there are a lot of bugs and tricky bits with DAV, HTTPS, and UNC Virtual Directories.  Here's useful info I found when wrestling my share of them...

WebDAV:

• You experience a delay when you use your Windows XP computer to log on to a domain or to connect to a network resource
• WebDAV Mini-Redirector (MRXDAV.SYS) Versions and Issues List
• greenbytes WebDAV resources
• Windows XP and Apache WebDAV, Password problems with webfolders

HTTPS/SSL:

• HTTPS/SSL - Error Message: The Page Cannot Be Displayed . . . Cannot Find Server or DNS Error

Passthrough Authentication:

• problem with IIS6 pass-through authentication,
• ...and the solution for me: Deploying and Configuring Internet Information Services (IIS) 6.0 with Remotely Stored Content on UNC Servers and NAS Devices

Web Folders:

• KB892211 - Jan 25 2005 Software Update for Web Folders

Lemme see if I've got this process straight now. Create the Virtual Machine, then...

1. Host: Compress the Virtual Disk file.
2. VM: Start the VM and Install the Guest OS.
3. Guest: Disable pagefile entirely, and restart OS.
4. Guest: Stop all services.
5. Guest: Compress entire hard drive(s).
6. Guest: Defrag til the cows come home (at least 20x).
7. Guest: Restart needed network services, so I can...
8. Guest: Install Eraser, create a new "zeroes" method of unused space overwriting, setup unused space task.
9. Guest: Run Eraser (possibly 2x).
10. Guest: Shut down OS & VM.
11. Host: Run Virtual Disk Wizard to compress Virtual Disk to new file.
12. Host: Defrag Virtual Disk file til the cows come home.

Dang... that's involved! VMWare definitely beats Virtual PC here.

It's several hours worth of drive grinding, in fact, but it'll get that image file as small as possible, and should make it run faster.

Alright, so I've doc'd the process for future reference. Some further explanation and tips:

• I compressed twice, both in the guest and host OS. This does several things:
  1. Sacrifices CPU for better hard disk performance, which is Virtual PC's speed bottleneck.
  2. Frees more space in the Guest OS, which can then be zeroed-out and shrunk more effectively by the Host OS's file compression.
  3. Achieves an overall smaller image file. When combined with “trimming the Windows fat” *, it can make VMs of most basic Windows installs fit on a single CD.
• I stopped all services for the compression and defrag. This unlocks more files which can then be compressed and defragged.
• I defragged til the cows come home, because...
  1. A spanking fresh Windows install is already quite fragmented, and file compression fragments it much more.
  2. Windows' built-in defragger is by no means thorough. Running it several dozen times is as close as it gets. Fortunately this can (now) easily be scripted for easy walking-away.
  3. Theoretically, free-space defragmentation should also help the external compression scheme too, but this is the worst . Most 3rd-party defrag tools would be more effective at this.
• Step 8 may need to be repeated. I'm not sure why, but sometimes Eraser doesn't do the trick the 1st try. The indication of this is the Virtual Disk file not actually shrinking.
• I suggest disabling Undo disks for this process. It only adds one more looong step of merging the undo disk with the original.
• Step 3: If you've got the RAM (say 1GB), give it to the VM and disable its pagefile. That'll further bypass the slow disk issue.
• Step 12: I use Defragmentor Lite for single-file defragging. I also sometimes find it effective to switch between that and Windows' defrag utility.
• * “Trimming the Windows Fat”
  1. Uninstalling via Windows Add/Remote Components: MSN Explorer and most of Windows' Accessories (I just keep Paint around for screenshots).
  2. Uninstalling via various obscure commands:
     • Agent: %windir%\system32\RunDll32.exe advpack.dll,LaunchINFSection %windir%\INF\agtinst.inf, RemoveAgent
     • Messenger: %windir%\System32\RunDll32.exe advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
  3. Deleting various nonessential files:
     1. All temp files
     2. Search for files matching “*.bmp; *.wma; *.wmv; *.wav”. Of these, most of the biggest ones can be deleted without being noticed.
     3. Possibly %windir%/DriveCache/ ? Hardware won't change in a VM. I've successfully done it before without problem. The worst that should happen is prompting for the install CD. Not sure what other repercussions this could have.

As way of disclaimer: I'm no expert/guru/pro with VPC. These are just my learnings and observations so far after a few years' use and fiddling. I'll gladly defer to the pros on this, but I haven't seen much on this subject either.

2005-03-12 update: I just found out that SP1 for VPC makes the disk prep steps slightly simpler (the "zeroing" part).  It does this via a new Virtual Disk Pre-compactor CD image which it makes available for mounting, which saves the extra hassle of installing and configuring Eraser.  (via Robert Moir's excellent VPC site)

I'd just like to volunteer something: "Show friendly HTTP error messages" was one of the worst thought-out features ever added to IE.

The few times I've missed it on a new development workstation have been absurdly baffling (“give me some useful error information!!!”).  The many times a user has said “it doesn't work” but had no more details and no error message have been all the more painful to track down.

Argh!

(at least the fix is scriptable, so I've just added it to my standard “prefs” scripts..)