Friday, October 16. 2009
A Warning to SonicWall Users about IP Fragmentation
Recently I discovered and corrected an obscure problem on a client's system relating to SMTP mail not being received from a single remote domain. The ultimate cause turned out to be the cause for an earlier (only partially solved) problem relating to POST data getting lost for the server hosting their website, and it is all the result of the default configuration on their SonicWall firewall.
By default, SonicWall will block/discard fragmented IP packets. This can lead to very difficult to diagnose problems as large packets (packets larger than the MTU of any link between the source and destination) will mysteriously fail to arrive. To solve the problem, follow the instructions to re-enable fragmented packets.
Note: The reason that fragmented packets are disabled by default is reasonable (at least for simple IP implementations). An IP implementation must keep track of fragments received but not yet reassembled so that when other fragments of the packet arrive (possibly much later and out of order) the original packet can be reassembled. Attackers can use this fact to contribute to a DoS attack by sending many packet fragments which do not contribute to complete packets. This will force the victim system to hold the fragments in memory and exhaust system resources. However, I would expect all practical IP implementations have a limited cache size for fragments to mitigate this scenario...
In summary, I find this default configuration completely unacceptable. A "break the Internet" default policy is ridiculous. I'm surprised that this hasn't bitten more people and wasted more time (or that the affected people haven't complained more loudly about their wasted time). Perhaps it is just Montana that is still using carrier pigeons and other forms of transport with small MTUs...
Monday, October 5. 2009
Broken Date.format in Microsoft ASP.NET 2.0 AJAX
The most recent version of the Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (1.0.61025 according to the support info. in Add/Remove programs) has a bug that just bit me. This library adds a format function to the Date object which provides support for Date and Time Format Strings comparable to the .NET implementation. This is a very handy feature, given JavaScript's lack of a built-in date formatting function. But, if you are going to use it, be careful about the following bug: The time zone offset formats have incorrect sign. For example, if you are in the Pacific Time Zone at UTC-8, Date.format will return formats with UTC+8 (which matches the sign of JavaScript's Date.getTimezoneOffset method).
I created a workaround for the websites that I maintain which does not reimplement Date.format (and likely introduce new bugs) nor require any changes to existing code (with one exception - noted below). This code is a horrible hack and I am almost too embarrassed to post it... but not quite. Here it is:
(function() {
var dfmt;
function fixedDateFormat(format) {
var gto = Date.prototype.getTimezoneOffset;
try {
Date.prototype.getTimezoneOffset = function() { return -gto.call(this); }
return dfmt.call(this, format);
} finally {
Date.prototype.getTimezoneOffset = gto;
}
}
var fixfails = 0;
function fixIt() {
dfmt = Date.prototype.format;
if (typeof(dfmt) != "function") {
// If the library has not been loaded yet, defer
if (++fixfails < 3)
setTimeout(fixIt, 100);
return;
}
if (new Date().getTimezoneOffset() > 0 == new Date().format("zz") > 0)
Date.prototype.format = fixedDateFormat;
}
fixIt();
})();
Just include this code somewhere on the page and it will wrap the Date.format function and negate Date.getTimezoneOffset so that the formatted offset is correct. The significant limitation of the code is that if it is included before Date.format is defined, it will wait for the code to load and try again later. The problem with this approach is that code which is run after Date.format is defined before the fix is installed will still trigger the bug and it will be hard to figure out why that code is not working. Therefore, if possible, include this code immediately after the Microsoft AJAX extensions JavaScript is loaded on the page. Alternatively, use your own workaround or avoid using any of the "z" specifiers in your custom format strings.
Tuesday, September 29. 2009
CallerID for Windows Fax Service
Having recently configured fax sending/receiving on both a Windows server (using Windows Fax Services on SBS2003) and a Linux server (using Hylafax on Debian Lenny), I felt compelled to write down a few troubleshooting steps for fixing Caller ID problems. Both of these systems include Caller ID information with received faxes (separate from any TSID), but often this information is missing and it is difficult to determine why. Make sure that each of the following items are satisfied:
- Does the phone line to which the fax is connected have Caller ID service from the phone company? (easy to test using a Caller ID-capable phone)
- Does the modem support Caller ID? (check the specs, or skip to the next step)
- Is Caller ID enabled in the modem? Is it being received? To test this, use the following steps:
- Stop the fax service
- Connect to the modem using Hyper Terminal, telnet, or cu
- Query the status of Caller ID on the modem using
AT#CID?
(or a different modem-specific command). If the modem reports 0 (disabled), enable it withAT#CID=1
and add this to the modem initialization string so it will be enabled after reboot/reconnect. - While still connected to the modem, make a call to the phone line and watch for Caller ID information to be printed. If no Caller ID information is printed, continue troubleshooting the modem/phone until the information is printed.
- Disconnect from the modem when finished and restart the fax service
Once the items above are satisfied, the Caller ID information should be gathered by the fax service and included with received faxes. If not, check that the initialization commands include enabling Caller ID, if it is disabled by default (try restarting the fax service, then step 3 from above. If the Caller ID is disabled, something in the fax service is disabling it - or not enabling it). Otherwise, something else is broken and you should add a comment below on how to fix it.
Sunday, September 13. 2009
You can't not carry out this action at the present time (Error 2486)
I recently encountered the following error in Microsoft Access 2000:
Apparently this is a catch-all error for any condition where the database engine (or presumably one thread of the engine) is busy completing a task and something else (such as a VBA macro) attempts to perform a function which requires the engine to perform some task. It is horribly difficult to track down, due to the lack of internal debugging interfaces in Access, but check for macros which may be updating visual elements in a form and getting into a loop (for example, OnCurrent actions cascading in a loop or likewise). In my particular case, the error was only triggered when a filter was applied in a form which contained a subform with a field whose default value depended on a field in the parent form. Once I removed the default value from the field in the subform, the error disappeared. (Note also that this only occurred in Access 2000, not Access 2003)
Good luck in tracking down the source of this error if you encounter it.
An error occurred while communicating with scanning device
In the office we are using an HP OfficeJet 6310 All-In-One (donated by a friend, thanks mate!). I recently encountered a problem while attempting to scan from the device using the provided HP software bundle. The (very uninformative) error message that I received after pressing the Scan Document button was:
The communication problem is often solved by reinstalling the drivers (simply remove the printer from Printers and Faxes and click "Add Device" from the installation CD - no need to reinstall the included software) or by correcting common network misconfigurations (wrong IP, disconnected network cable, etc.). Steps for basic troubleshooting are discussed on HP's Website for USB and Network connections.
If/When the basic troubleshooting procedures don't solve the problem, there is a very involved solution for correcting the driver network connection settings posted by Ken Leon on the HP Forums (along with other useful suggestions/diagnostics in that thread).
However, in one (increasingly common) case, it may be possible to avoid the need to reconfigure the internals of the scanner drivers. If your ISP participates in DNS Hijacking, it may be prudent to rule this out as a cause of the error. It appears that the scan drivers attempt to address the device based on its hostname rather than its IP address (regardless of configuration) and when it resolves the address of the device, the DNS request gets hijacked and the scan drivers attempt to connect to the ISP server instead of the device. To diagnose this, simply disconnect the network from the Internet (and restart the router and computer after disconnecting to clear their DNS cache) and see if the error still appears. If it does, then this is not the problem, if it does not, you have found the problem. To remedy the problem, add an entry to the hosts file which associates the hostname of the device (both the name displayed in its web configuration as the hostname and its MAC address prepended with "HP" as this is often used by the drivers).
Sunday, September 6. 2009
Late night HTML5
The new HTML 5 specification is now operating under its 25th revision of the working draft so I have to assume that it will be finished here pretty soon. Some of the browser manufacturers are trying to get a head start by implementing some of the new features outlined in the draft. One new feature that really has me excited is the browser based geolocation API. Mozilla apparently implemented the geolocation functionality in version 3.1 of Firefox so I had to test it out.
Geolocation Testing Page (You will be asked if you want to allow Digital Engine Software to find your location at the top of the browser).It's not perfect but it's not horrible either. The location it gives me is about 5 miles away from my actual location, but it is in the right direction. As of this posting I was only able to get the script to work in Firefox. Hopefully the other major browser providers will be following suit in the coming months as the html5 spec is finalized. Code after the break.
Edit: Testing the site from work my listed location is eerily close to my actual location, within about 50 feet.
Continue reading "Late night HTML5"
Thursday, September 3. 2009
First day at the leads meeting!
Wednesday, September 2. 2009
The Chamber of Commerce
Thursday, August 13. 2009
Insurance RABBLE RABBLE RABBLE
Kevin and I have been looking to purchase group health insurance for the company. I contacted several local agents, over e-mail, asking for rough quotes based on our ages, marital status, number of dependents, etc. We received a litany of replies ranging from a quick e-mail with rough rates to a couple of agents insisting on meeting with us in our office who then had us fill out detailed insurance application forms. The quotes we have received so far have all been fairly comparable ranging from approximately $250/month for $2,600 deductible and 0% coinsurance with Companion Life to $85/month for $5000 deductible 0% coinsurance with Assurant. So much more after the break…
Continue reading "Insurance RABBLE RABBLE RABBLE"
Friday, July 24. 2009
The effect of advertising on brand awareness and perceived quality: An empirical investigation using panel data by C. Robert Clark, Ulrich Doraszelski and Michaela Draganska (2009)
Summary: This study looks at correlations between advertising expenditures, brand awareness and perceived quality. The authors arrive at some pretty interesting conclusions. First, and most importantly, advertising does not appear to have any statistically significant effect on perceived quality. Brand awareness does show a positive, statistically significant correlation with advertising expenditures up to $400M, from $400-$800M the effect of advertising expenditures on brand awareness is not statistically different from 0 and beyond $800M per year in advertising expenditures the effect on brand awareness is actually negative. The rate of brand awareness carryover depreciation (the amount of brand awareness that is lost by not advertising for a year) varies by product but is in the range of 12% to 25% per year. And finally, a one-standard-deviation increase in advertising spending increases brand awareness by between .0340 standard deviations and .0408 standard deviations.
Take Away: Advertising increases brand awareness but not perceived quality. Consumers forget about you when you don’t advertise but only at a rate of about 17% per year.
Affirmative Action and It’s Mythology by Roland G. Freyer and Glenn C. Loury (2005)
Summary: This paper talks about the 7 myths of Affirmative Action: Affirmative action can involve goals and timetables while avoiding quotas, color-blind policies offer an efficient substitute for color-sighted affirmative action, affirmative action undercuts investment incentives, equal opportunity is enough to ensure racial equality, the earlier in education or career development affirmative action is implemented, the better, many non-minority citizens are directly affected by affirmative action, and affirmative action always helps its beneficiaries.
Review: I did not care for this paper very much. The authors did not contribute any new research, they simply aggregated the research done by other economists, to no great effect.
Take Away: Empirical evidence has shown quite consistently that wealth builds on itself. If you start out well-to-do you have a much greater chance of success later in life. Likewise, minorities that have faced poverty and discrimination have to overcome greater hurdles to reach the same levels of success. Affirmative action can be an effective tool in tearing down hurdles but it is not perfect and needs to be tempered with common sense.
Innovation and Institutional Ownership by Philippe Aghion, John Van Reenen and Luigi Zingales (2008)
Summary: This paper examines the correlation between innovation (measured as cited-weighted patents) and institutional ownership. The authors also study two possibilities for lack of innovation within firms: career-concern and managerial laziness. Career concern arises because innovation requires risk. If a project fails the manager is held responsible and could potentially lose her job. Innovation also requires motivation. A manager that prefers to “live a quiet life” will not innovate and succumb to the lazy manager problem. The authors ultimately find that a 10% increase in institutional ownership leads to a seven percent increase in the probability of obtaining an additional cite-weighted patent, which does prove to be statistically significant. The authors also come to the conclusion that the career-concern model of innovation is most likely to describe the increase in innovation correlated with an increase in institutional ownership.
Take Away: Innovation is risky and failures, when attempting to innovate, should not be punished. Instead owners should encourage their managers to innovate and take an active role in observing and evaluating their manager’s abilities outside of success or failure in previous innovation efforts.
Television and Radio Advertising for Bozeman and the Gallatin Valley - A Case Study
Hello! I'm Mike Archer and I am in charge of the "business" side of Digital Engine Software. Being pretty new to this whole "running a business" thing I have been reading a ton about business and marketing since we got started. My degree is in economics which has been very helpful in certain aspects of our business but the scope of economics definitely isn't at the level that it encompasses all of our business questions. To that end my main contribution to this blog will be in the summary and review of different business related literature. To get started, however, I would like to post the results to my very own research project that I conducted a couple of weeks ago looking at who has the cheaper advertising rates in the area (in terms of probability to buy based on the advertisement medium as well as cost per impression): radio or Televsion.
Continue reading "Television and Radio Advertising for Bozeman and the Gallatin Valley - A Case Study"
Thursday, July 23. 2009
Write Conflict Where None Exists
BIT
and was allowed to be NULL
. Changing the columns to BIT NOT NULL
and refreshing the linked table in Access solved the problem.
Update: KB 280730 covers this issue.