The Blog

The implementation of the BDC entity picker dialog (opened with the Browse button) can cause some firewall and security software to think a worm or sql injection attack is happening and block the traffic.

The manner in which properties and entity IDs are encoded into long query string values makes the urls appear to be injection attacks. On a particular client’s BDC application, the picker dialog used a url similar to the following:

http://domainname.org/_layouts/Picker.aspx?MultiSelect=False&CustomProperty=uU2hhcmVQb2ludC5Qb3J0YWwsIFZlcnNpb249MTIuMC4wLAF%2F%2FAQAAAAAAAA9QcmltYXJ5Q29sdW1uSWQQU3lzdGVtSW5zdGFuY2VAAA
AAAMAgAAAF9NaWNyb3NvZnQjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibG
ljS2V5VG9rZW49NzFlOWJjZTExMWU5NDI5YwUBAAAAPk1pYAEAAAD%2F%2F%23Jvc29mdC5TaGFyZVBvaW50LlBvcnRhbC5XZWJDb250cm9scy5JdGVtUGlja2
VyRXh0ZW5kZWREYXRhB
JZAhFbnRpdHlJZBNTZWNvbmRhcnlDb2x1bW
5zSWRzAAAABw8PDw8CAAAANw4AAAcOAAAIDgAACQMAAAAPAwAAAAAAA
AAPCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
3D&EntitySeparator=%00&DialogTitle=Choose%20User&DialogImage=%2F_layouts%2Fimages%2Fbizpicker.gif&PickerDialogType=Microsoft.SharePoint.Portal.WebControls.ItemPickerDialog%2C%20Microsoft.SharePoint.Portal%2C%20Version%3D12.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D71e9bce111e9429c&DefaultSearch=

Using the HTTP GET for this kind of thing is a bad idea, and I hope that Microsoft fixes this in the future.

I keep a land line for various reasons, and have really hated all the charges and fees from Qwest just to maintain this. To start with, if you want long distance service, you have to pay up to $10 a month in just taxes and fees to have it, even if you never use it. We ended up dropping the long distance service on our land line, since we had cell phones. This turned out to be a big pain since we couldn’t use our fax machine on long distance calls, and couldn’t use it on the rare occasions when the cell phone wasn’t good enough.

Enter ooma to the rescue.

Ooma is a Voice Over IP system that lets you stick it to the phone companies. For a one time fee of around $250, you get a device that let’s you have a phone line using your broadband internet connection. The sound quality is great, and you never have to pay any monthly fees (unlike MagicJack), and domestic long distance is free. You can even port over your existing phone number for a $39.99 fee.

I started the port away from Qwest about 3 weeks ago, and it is currently switching over right now.

Since I also have Internet service with Qwest, I was concerned that when the port occurred, my internet connection would also go down. However, Qwest has gotten much smarter about this, and will automatically convert your DSL service to a “standalone DSL”, and give your DSL service a new phone number that is only used for data.

Our old bill was $90 per month, and will be ~$50 now for the standalone DSL. Add in the $39.99 porting fee and cost of the unit ($215 from Amazon with their credit card), and it will take us around 7 months to break even (also counting the extra 3-4 weeks of keeping the land line during the porting process).

The only quirk I’ve found so far is a setting for an “ooma Connection Tone”. When a call is connected, a little jingle is played which informs both parties that the connection is on ooma, and not a standard land line. It’s mainly an advertising thing for ooma, but it has the odd side effect of screwing up voice mail. When someone’s voicemail message picks up on the other end, the jingle acts like hitting the “*” key, and sends you to their password prompt to get into their mailbox. I just turn that off, as it is unnecessary anyway.

[rating:4]

I’ve just started skeptically using Bing. The first thing I searched for was “xPollinate”, my Live Writer plugin. I guess I can safely say, “Bing!”.

On Google, the first result was for a PHP data conversion project, hosted on a GeoCities web page (apparently not updated since 2004):

image

On Bing, the first result was my plugin’s CodePlex site. The PHP GeoCities site wasn’t even in the top 10.

image

Is this a case of bias? Is Google ranking sites about PHP higher than sites about Windows-based technology? Is Bing ranking Windows-based content higher? Or is this just a result of algorithms?

In any case, this is the first time I’ve preferred the results of a search engine other than Google.

After writing a Windows Live Writer Plugin and publishing it to the gallery, I’ve become completely frustrated with the user experience of that site. The Windows Live Gallery web site matches all the negative stereotypes that people typically have about Microsoft products. It is a hodgepodge of functionality, loosely tied together, with no visible support anymore. I can only imagine that it was a good idea from a good group, that has then suffered through re-org’s and budget slashes, and is now a headache for some Product Manager that is avoiding touching the system at all costs.

Posts go unanswered, the forum is no longer moderated and full of garbage. Authors can’t review or respond to issues about their own plugins. It has half-implemented technology (it tells me my plugin is “FREE”, but there is nothing that they currently charge for and they don’t have a shopping cart system in place). There is no mechanism to contact anyone for help (help and support links take you to the general Windows Live help pages).

I wouldn’t be too surprised if a year from now, some manager just pulls the plug on it and displays “The Gallery is now closed. You will be redirected to www.bing.com in 15 seconds.”.