Please Note: Archived information (e.g. below) may become out of date.
How To Subscribe and Unsubscribe is at the end of this note.
The LangaList
5-Jan-99
(Happy New Year!)
A Free Email Newsletter from Fred Langa About BrowserTune,
HotSpots, Columns, Tips & Tricks, and Other Activities
In This Issue:
YAISB (Yet Another IE Security Bug!)
Other "Critical Updates"
D-360, and Counting
Browser Fraud?
Locked Out Of Her System!
Just for Grins
More!
No More Going .BAT-ty
I have a confession to make. Even in this age of GUIs and visual programming and the Windows Scripting Host, I still use a lot of Batch files.
A Batch file is simply a list---or batch---of DOS-level commands which your operating system processes sequentially. Batch files are just text files that end in .BAT instead of .TXT. Anything you can type at a command prompt can be placed in a Batch file. This makes the Batch language great for carrying out long sequences of repetitious low-level operations. (Most people are familiar with one particular Batch file---AUTOEXEC.BAT---that runs when your PC first starts up.)
Batch files are very primitive. They employ ancient command-line technology dating back to the darkest days of DOS. Batch files also inherit all of DOS's limitations (e.g. no long filename support, no polished interface, etc.), and they can be quite unforgiving.
But Batch files are easy to write and can be quite surprisingly powerful. In fact, the DOS Batch Language can handle conditional (IF…THEN) statements, can be structured with named subroutines, can CALL other programs or batch files, and more. That's what's kept Batch files useful---that plus the fact that this easily accessible power has been largely missing from Windows.
I had high hopes for the Windows Scripting Host (WSH) that ships with Windows 98 and IIS. Karen Kenworthy did a great job of showing how WSH can work with JavaScripts and Visual Basic Scripts to carry out all kinds of Windows operations in her feature "Automate Windows" in the September 1998 issue of WinMag. (See http://content.techweb.com/winmag//library/1998/0901/fea0059.htm. And, if you don't have WSH installed, just open Control Panel's "Add/Remove Software" applet, and select the Windows Setup tab, then Accessories, then the WSH.)
For simple functions, the WSH is great. For example, if you have the WSH installed, try a quick experiment. Open Notepad, and type this one line of Visual Basic Script, exactly as shown:
MsgBox "Hello, World!", 0, "The Windows Scripting Host says"
Use Notepad's SAVE AS function and save the file to your Desktop as HELLO.VBS. Now click on the file's icon. The WSH (running in the background) interprets your Script and opens the little "Hello, World" dialog box. It's that easy to add and run scripts on your Win98 system.
That's a trivial example, of course. In reality, the WSH can do anything a Visual Basic Script or JavaScript (or more precisely, the Microsoft variant known as Jscript) allows---and that's a lot. What's more, the WSH is a no-extra-cost option included with Windows. It's hard to beat that.
But naturally there's a catch: VBS and Jscript/JavaScript have their limitations and their warts. And the learning curve required to make WSH perform complex, genuinely useful functions may be steeper than you want to climb.
That's where this week's WinMag column comes in. In it, I'll tell you about a new version of a Windows Batch Language that's even more powerful that the WSH, is easier to learn and use, and that may--- just may--- finally let us kill off the DOS Batch Language.
I'll also point you to a free online resource page where you can download free, live samples of WSH and Windows Batch programs, and tell you where you can get a free 30 day trial of a powerful, commercial scripting application.
But what about you? Have you tried the Windows Scripting Host or other batch and scripting tools? Which ones do you like or dislike, and why? What other ways do you use to automate repetitive tasks in Windows? Join in at
http://bbs.winmag.com/columns/archives/010399/monday/column.asp?frames=yes as we discuss how to make using Windows more automated and easier than ever.My new battle cry is: Death to DOS Batch files!
YAISB (Yet Another IE Security Bug!)
I'm glad Microsoft is up-front about the security problems in its programs. I just wish there weren't so many. 8-)
This time, it's something called the "Frame Spoof" Vulnerability. It's a fairly subtle thing that could allow a malicious web site operator to create a web page that would appear (to you) to be a window on a legitimate web site. Any information you entered into the fake window would be sent to the bad guys, although it would appear that you were communicating with the legitimate site.
The problem affects:
- IE 3.X, 4.0, 4.01, 4.01 Service Pack 1 for Win95
- IE 4.01 Service Pack 1 for Win98
- IE 3.X, 4.0, 4.01, 4.01 Service Pack 1 for Win3.1
- IE 3.X, 4.0, 4.01, 4.01 Service Pack 1 for NT 4.0, NT 3.51
- IE 3.X, 4.X for Macintosh
- and IE 4 for UNIX on HPUX and Sun Solaris
Microsoft has released a patch for this problem and they've bundled a pair of other patches into the same download: Along with the "Frame Spoof" patch, you'll also get the "Untrusted Scripted Paste" and "Cross Frame Navigate" patches, which I told you about in previous issues of the LangaList. If you already downloaded those, downloading them again will do no harm. If you haven't gotten any or all of them yet, you now have an easy one-step way to do so.
If you're running Win98, run the Update Wizard; the patches will be listed in the "Critical Updates" section.
If you're running IE 3.X or 4.0, there's no patch; you have to upgrade to IE 4.01 with Service Pack 1 (http://www.microsoft.com/windows/ie/download/). After you've got that up and running, then you need to apply the patch via http://www.microsoft.com/windows/ie/security/spoof.asp.
If you're running IE4.01, go to http://www.microsoft.com/windows/ie/security/spoof.asp and grab the patch there.
Everyone else, go to http://www.microsoft.com/ie/security/.
If you want more information, check out http://support.microsoft.com/support/kb/articles/q167/6/14.asp.
More "Critical Updates"
A few other patches and bug fixes have cropped up on the Microsoft site: There's a new OLE Automation fix that fixes a problem that can "cause the operating system to be unresponsive." (That's Microsoft-speak for "hung until dead.")
There's also a "Microsoft Libraries Update" that resolves conflicts between some MS apps and third-party (i.e. non-Microsoft) software.
If you're running Win98, just run Windows Update (on the Start menu) and you can grab all this stuff at once. For other versions of Windows, check out http://support.microsoft.com, and search for the patch appropriate for your version.
D Minus 360, and Counting…
With the year 2000 just 360 days away, you can't escape the Y2K buzz. I was at a holiday party last week and got buttonholed by a State representative who wanted to know "all about Y2K." The Congressperson's question was simplistic, of course, but her concern was real: She worries that there might be so many simultaneous small enterprise failures that it would become an economic hardship for society as a whole.
A few days later, I was interviewed by the San Jose Mercury News; they were preparing a general-circulation Sunday supplement piece on Y2K, and wanted to pick my brains a bit because of a Year 2000 feature article I wrote for Windows Magazine. That story, at http://content.techweb.com/winmag//library/1999/0101/fea0061.htm, contains what is perhaps the most thorough test procedure ever published to verify a Windows-based PC's Y2K compliance. It also has pointers to a ton of additional Y2K information.
But despite all the information out there, an amazing number of people are still in the dark. For example, far, far too many users of Microsoft's operating systems don't know that every version of Windows---3.x, 9x, CE and NT---has Y2K bugs. Most require a patch or Hot Fix to remedy, but some either can't or simply won't be fixed. See http://content.techweb.com/winmag//library/1999/0101/fea0061i.htm.) In fact, there are enough Y2K problems in Microsoft's offerings that it spawned a joke: Microsoft (so goes the joke) announced the ship date for the final Y2K patches for all its software has slipped. The patches actually will be delivered early in the first quarter of 1900.…
I confess I'm beginning to take a very Darwinian view on Y2K: The harsh way of saying this is simply this: Any person or business with his/her/its head in the sand about Y2K probably deserves whatever happens. What possible excuse for inaction can there be? What possible rationale for delay is there?
What’s your take? Am I being too harsh? (The Congressperson thought I was.) Have you checked out your hardware and software? Do you fully expect the lights to be lit and the world turning as usual on January 1st 2000---or do you think there’s a real risk of TEOTWAWKI ("The End Of the World As We Know It")? Join in Starting Wednesday Jan 6 at http://www.informationweek.com/langaletter!
Browser Fraud?
A Canadian reader sent me urgent email with the heading "Browser Fraud?"
In it, he said:
"I believe that Microsoft is perpetrating a fraud on Canadian customers; recently the largest Canadian [mirror] download site of tucows has listed both communicator and Explorer in their download browser section.
"The microsoft download is available at this site and is 17,918,846 bytes. On the same page is Netscape Communicator not available at this site and is 14,961,846. THE REASON GIVEN BY MICROSOFT OR TUCOWS IS THAT EXPLORER DOES NOT ALLOW DOWNLOADS OF MORE THAN 12 MEG. and can therefore not include Communicator in the browsers they will download even though it's listed on the page.
"So how come the humoungous MIE 4.1 at almost 18 megabytes CAN be downloaded from this site; I believe this evidence [check it out yourself] should be forwarded to the office of Janet Reno as ongoing proof of the fraudulent practices of Microsoft.
"Please don't let them get away with this or Communicator will soon no longer be available in Canada. This is a barefaced lying fraudulent act by Microsoft and/or tucows!!
"Surely this is out and out fraud. Please respond as soon as possible!"
Well, this would be a major problem if it were true. However, it is not.
It's cropped up several times now, although I'd never seen the allegation on a site as reputable as Tucows before.
Here're the facts: There is no arbitrary file size limit in IE; in fact I have used IE to download software almost twice the size of the Communicator version this reader references.
Microsoft also has explicitly refuted this particular charge---that somehow IE prevents downloads of Netscape products.
I personally believe much of this is the result of the current anti-Microsoft sentiment today; when anything goes wrong, the assumption is that it's a deliberate Microsoft ploy to rule the world.
But sometimes things just don't work right, period. It's just an error, not a conspiracy.
For example, I have had download failures many, many times from within Communicator; the update feature often hangs on the last byte of upgrades for me. This is using a Netscape product to download updates from the Netscape site. It's just an error, period.
Download problems happen, but there is no anti-Netscape filter inside IE (nor any anti-Microsoft filter inside Netscape browsers), nor any arbitrary file size limits. If you run into a download problem, just look for a different site to download the software you want.
And if you see an allegation about Microsoft (or anyone else) deliberately breaking someone else's software, check it out before calling in the Feds. 8-) Microsoft may have done some evil things to competitors, but many of the things they're accused of doing simply aren't true.
Locked Out!
Another reader, Steve Waldron (swaldron@bright.net) wrote to ask "....a friend of mine messed around and put supervisor password into the bios but doesn't remember what it was. Now all she gets is the start screen and it gives three tries [to log on] and you're out. Anything to do? Computer= hp; bios=amibios."
I've had similar problems in the past, not with passwords, but with incorrect BIOS settings that wouldn't go away: I'd change them to the correct value, but the bogus settings would return on reboot.
One way to make your BIOS forget everything is to shut down your system and remove the clock battery (usually a coin-type watch battery somewhere on the motherboard). Wait half an hour or so. The nonvolatile memory should fade, and then if you replace the battery and restart, all the bios stuff will be wiped out and you can start over.
If that doesn't work, all the BIOS makers have good web sites; just visit the site and check the FAQs and tech support areas.
Just For Grins: Ten Thoughts For The New Year
Peter Higbee (pgh@earthling.net) sent these to me. And as you'll see, there's more to these than "just" a grin! 8-) Nice list, Peter!
1. Never judge a day by the weather.
2. The best things in life aren't things.
3. Tell the truth -- there's less to remember.
4. Speak softly and wear a loud shirt.
5. Goals are deceptive -- the unaimed arrow never misses.
6. He who dies with the most toys -- still dies.
7. Age is relative -- when you're over the hill, you pick up speed.
8. There are 2 ways to be rich -- make more or desire less.
9. Beauty is internal -- looks mean nothing.
10. No rain -- no rainbows.
See you next issue!
Best,
Fred
(fred@langa.com)
(P.S. Please Use this easy form to recommend the LangaList to a friend!)
Administrivia:
Why are you getting this newsletter? There are only two ways to get on the list (direct email request or via the WinMag mail list signup page) so if you're getting this newsletter; your name came to me through one of those channels.
SUBSCRIBE (it's free!): Send email to
subscribe-langalist@lyris.dundee.netUNSUBSCRIBE: Send email to langalist-unsubscribe@egroups.com
LIST TROUBLE? HAVE QUESTIONS? NEED HELP? See http://www.langa.com/help.txt
This newsletter is a free service of Langa Consulting LLC and is Copyright © 199
9 Langa Consulting LLC. All rights reserved.Please Note: Archived information (e.g. below) may become out of date.