Tim Marman's Loosely Coupled

Browse by Tags

• .NET
• Audio
• C#
• Gadgets
• Microsoft
• Music
• Privacy
• Security
• Software Development
• Tablet PC
• Things that bother me

• More on UrgeMS.exe

  UrgeMS.exe seems to be causing issues for a lot of people. I mentioned previously that you can disable the process via security policy, and someone pointed out a registry setting to disable it a little cleaner. I was hoping they'd fix this in the future, but it looks like all they did was make it worse. A recent update made this process a bit, shall we say, heartier. In previous versions, UrgeMS.exe was launched only when Windows Media Player started up; now it seems to launch the process repeatedly while using URGE. Worse yet, the registry fix mentioned no longer works - whatever launches this process explicitly resets the Enabled registry key to true. A user on the CNET forums posted another workaround : replacing the UrgeMS.exe process with an "empty" executable. So while Windows Media Player will still repeatedly launch this process, at least now it won't thrash your disk and use a significant amount of CPU. I've attached the empty executable I'm using - it's simply a new console application... Posted Jul 01 2007, 05:28 PM by Tim with | with 1 comment(s) Filed under: Technology, Music, Misbehaving Software, Microsoft, Audio

• The Prevalence and Danger of SQL Injection

  Michael Sutton looks at the prevalence of SQL injection vulnerabilities ( via Bruce Schneier ). He tested 708 different servers and found verbose SQL errors on 80 of them (11.3%) - numbers that are not, as Michael says, surprising but are certainly sobering. Michael acknowledges that his method is imperfect, and in fact I think the percentage is actually a lot higher. His test only captures sites that are vulnerable and actually return verbose error messages. I guarantee there are countless others on his list that were actually vulnerable and fail "silently" (i.e., reporting user name not found, but not the words he is testing for). If you're not familiar with SQL injection, and what can happen as a result, I suggest reading Steve Friedl's wonderful introduction in SQL Injection Attacks by Example . (Image above borrowed from his article). Oh, Scott Guthrie also had a great post on how to avoid these problems . As you can see, it's not difficult - you just have to be aware and not construct... Posted Oct 12 2006, 03:53 PM by Tim with | with no comments Filed under: Technology, Software Development, Security, Misbehaving Software, C#, .NET

• Misbehaving Software: Zinio Reader

  Zinio Reader is a application that allows you to download digital magazines and view them in a magazine-like presentation, complete with turning pages. It is especially cool on the Tablet PC platform (indeed, it is preinstalled on many Tablets now). The only problem is that Zinio misbehaves when it comes to internet connection. You would think that software that is largely going to be used on the go, where one may or may not have a connection, would handle this situation a bit more gracefully. First, you get prompted because Zinio can't download, even when you've told it in the past to use the default IE settings. If you click ok, and don't have an active Internet connection, you are prompted with this message. Clicking Cancel isn't much better. What should have happened? Zinio should have tried to connect. If it didn't have a working connection, it should have silently logged it. If, like most AntiVirus software, it went x days without a working connection, notify me in an unobtrusive... Posted Jun 16 2006, 04:38 AM by Tim with | with no comments Filed under: Technology, Software Development, Gadgets, Things that bother me, Tablet PC, Misbehaving Software

• Microsoft's Genuine Advantage: WGA Phones Home

  Windows Genuine Advantage phones home , sending the product key, manufacturer, operating system version, BIOS information and user locale setting and language back to Microsoft servers. WGA phones home even after the particular copy has been validated. Microsoft defended this , saying its intentions are good. when the WGA Notifications checks in with Microsoft when a PC is booted, it is not providing any information to the vendor if a PC's copy of Windows has already been validated. Instead, it is checking with a "server-side configuration setting to determine if WGA should run or not." The check-in also gives Microsoft the ability to disable the WGA program, if necessary. It looks like Microsoft has since backed off somewhat and will only be checking on 14-day intervals. Fortunately, OneCare blocks it. (Apparently, some have reported that ZoneAlarm does not ). Tags: Microsoft , Windows , WGA , windows genuine advantage Posted Jun 15 2006, 08:59 AM by Tim with | with 2 comment(s) Filed under: Technology, Security, Things that bother me, Privacy, Misbehaving Software