Monday, April 25, 2005

Rebuild Windows Boot.ini

This should work for W2K, W2003 and XP all versions. I've only tested it on W2K Server with a W2003 CD.

Boot from a Windows 2003 Server CD The command you want doesn't exist in earlier Windows versions, but you can use a Windows 2003 Server recovery console to rebuild the boot.ini for XP and w2K

Go to the recovery console.

Select the Windows install you want to repair.

Run the command:

bootcfg /rebuild

If you get an error that the disk may be damaged, run:

chkdsk c:

The /f option is not available in the recovery console

Tuesday, April 19, 2005

Pope Benedict XVI

Former Hitler Youth Member Elected Pope!

There's already a book about Benedict XVI, the Pope elected just a few hours ago.

The Publisher's page is here.

You can download a sample chapter as a PDF here(PDF)

And let's not forget, which argues that Benedict XVI is the second to last Pope before the return of Christ. Fascinating reading to say the least, and this LJ entry goes into more detail.

From CNN

In the Vatican, he [Newly Elected Pope Benedict XVI] has been the driving force behind crackdowns on liberation theology, religious pluralism, challenges to traditional moral teachings on issues such as homosexuality, and dissent on such issues as women's ordination.

Emphasis Mine

Monday, April 18, 2005

I hate cars, I REALLY hate cars

I get to work, and pull towards the back of the small, compact but serviceable lot. I stall the engine while trying to back up. I try to start the engine. The lights come on in the car, but I hear nothing from the engine itself.

"Feh, I must not have been pressing the clutch right."

Try again.

Nope, that's not it.

"Something with the position of the steering wheel?"

Nope, still nothing from the engine. The starter isn't even turning over.

At this point I've starting to swear. A coworker notices that he can pull the positive lead right off my battery, and says that the battery is probably "Not getting purchase, and not recharging."

"Damn Battery" I mutter, glad of the emergency jump start kit I got at a Christmas gift. I tighten the problem lead and try to jump start the car.

No dice. Jump starting fails to get even a murmur form the engine.

Checking the fuses also yielded no love.

I ended up walking to the Sullivan across the street and handing them my key. I told them where the car was and am waiting for them to show up and take it.

In the mean time, most my coworkers have to park on the street to leave room for them to come in with a tow truck when they get off their asses and to move the sucker.

Yeah, because you know after paying my taxes, getting a bunny fixed and struggling with credit card debt, I desperately needed to spend money on engine work on a car with cosmetic damage I can't afford to repair.

I'm not QUITE to the point of putting it up for sale, but this is getting pathetic. I've had it less than a year. Part of my brain is saying "Sell it, get rid of it, get another Toyota." Another part is saying "You drove a convertible all blooming winter. Do you have any idea what a sap you'd be to sell it before driving it with the top off?"

Senator Santorum, Too Stupid to Breed

Issue turns personal for Santorums
Father First, Senator Second

God puts smack down on ultra conservative senator, but senator is too dumb to realize what happened.

"I killed his son to get him to see late term abortions from the mother's side, but he's too insensitive to his wife's suffering to have any empathy, and too stupid to see the point I'm trying to make."

When asked about future plans for dealing with senator Santorum God replied, "I thought about making his kids gay, to try and force him to see gay rights from a different viewpoint, but Lucifer started chanting about how well that worked with Dick Cheny. I've given up on trying to make American see something from an alternate viewpoint by making them live it. If it's another family member, they just ship them off to be 'treated' and if I do something to their own bodies, they babble about me testing their convictions or Satan trying to attack them for being so virtuous."

When asked about the message to be conveyed by the September 11th attacks, God grew irate and said "None. There's no message in it. It's not judgment on anyone. I nearly struck Pat Robertson with Leprosy when he claimed it was my judgment on America over gay rights. I decided that was too Old Testament, so I just made him see images of black pots and kettles everywhere for a couple of months."

Wednesday, April 13, 2005

Sent to "The Daily Shark Tank"

This programmer Pilot Fish is part of a team developing a distance learning product for a multinational financial firm.

Fish Says, "We were building it as an add on to our existing code base, and all of out other clients used the social security number as a username, so we did the same thing with the new client's setup.

Fast forward three months. The site is going live in three days and 700 students from the New York office are in the system. That's when the firm's Chief Privacy Officer takes a look. "Naturally he was horrified, and demanded the Social Security Numbers be deleted. We generated new usernames based on other criteria and moved on."

Two days after go live, the client says the system needs to tie in with their Peoplesoft system. They send a chart of Social Security Numbers and the Peoplesoft ID, but no other data. Naturally, sales promises this as a free reporting add on.

It takes about a week to explain to the client that there's no way to add these IDs to the database, because the Social Security numbers have already been purged, and the backups deleted.

In the end, the client sends another spreadsheet with the Peoplesoft ID Numbers and the users' names, but again, no other data.

"While this works for many users, it took over a year to iron out all the snafus with names like "John Smith" and "Sara Miller."

Notes on SQL

Asterisks in select statements are something of a performance hog. I try not to use them in production code unless I actually need all the columns in the table.

Let me give you a real world example:

The stock version of the IntraLearn ASP 3.0 LMS can handle about 100 to 150 course logins a day before it grinds to a halt. It ships with no indexes.

I set up the performance monitor for about 12 hours and fed the results into the MS SQL "Create Index Wizard." The resulting indexes allowed the system to handle 400 to 500 logins a day.

Next, I decrypted the Cold Fusion scripts in which IntraLearn had been written (CF gives you the option of a rather absurd "encryption" routine to obfuscate your code) and started rewriting queries. All I did was remove asterisks and replace them with references to the actual columns used in the code. The result was a system, still on the same hardware, that could handle 1,300 to 1,500 student logins a day.

Enabling Cold Fusion's query result caching for language variable queries added another 200 daily logins. I did more to optimize IntraLearn after that, but that's not relevant here.

The advice about indexes is good. If you do a select * the only index used is generally the clustered index. It's always better to have indexes that reflect the actual queries you run, but a select * eliminates the possibility of doing that.

One way to see the difference is to run a few select queries in the MS SQL Query Analyzer with "Show Execution Plan" enabled. It adds an "Execution Plan" tab next to "Grids" and "Messages" that tells you, among other things, which indexes if any are being used to process the query.

An easy way to test one query against another is to run them both at the same time, and see what percentage of the total Query cost each one represents. I used this trick at my last job to convince the CTO that a few applications needed some work. Looking up the same data twice and demonstrating the existing query ate up 85% of the Query cost was a simple and persuasive argument. Not terribly scientific, but persuasive.

For example, say you want to get the imageid and expiration date for all the items in photos_def. On my current test database, I run the following queries:

    select * from photos_def

select imageid, expires_on from photos_def

The one with the asterisk represents 77.05% of the total Query cost.

Another advantage to only retrieving the columns you need is the reduced memory and processing overhead. Using the more efficient query means I don't have to iterate through the other values or waste memory assigning them to local variables. Don't underestimate this memory and CPU savings. It adds up FAST.

Matthew (Webmaster of

This was written as part of an in office conversation about this Usenet post

David Portas Oct 8 2004, 1:00 pm show options
Newsgroups: microsoft.public.sqlserver.server
From: "David Portas" - Find messages by this author
Date: Fri, 8 Oct 2004 21:00:18 +0100
Local: Fri,Oct 8 2004 1:00 pm
Subject: Re: asterisk in select_list in queries...

Best practice is to avoid using SELECT * in queries (except in an EXISTS
subquery or other subqueries that don't return data and aren't referenced by
an outer query).

Listing the column names makes sense in an N-Tier environment because you
want to make efficient use of network resources by returning to the client
only the data that is actually needed. This is an important difference from
a desktop, ISAM database like FoxPro where you have to retrieve a whole
record whether all the data is required or not.

Listing only the required columns also increases the opportunities for SQL
Server to optimize your query by making use of indexes.

Also, listing column names improves reliability and ease of maintenance. If
you later add another column you don't want to break existing code that
doesn't require that column. Use a column list and then just modify the code
that needs to reference the new column. If you use an asterisk in your
SELECT list then potentially more code could need modification and more code
would need to be unit-tested for each schema change.

Shortcuts? In Query Analyzer you can drag a list of column names from the
Object Browser into the query window. That can save you a lot of typing.

David Portas
SQL Server MVP

"Encrption.txt (sic)" in the wild

Regular readers (Do I even HAVE any of those? I doubt it.) Will remember this post about an amusing file found in the IntraLearn LMS.

Here are a couple examples of "Encrption.txt (sic)" in the wild. To check for it on your IntraLearn install, just add /cgi-bin/Encrption.txt to the end of the URL itself, deleting /home/ or other information at the end of the URL.

Why does this file matter? Because it consists of the IntraLearn corporation admitting that it distributes software for which it has lost the source code, and as a result, has no way to know what's really in the files they distribute. Seems the perfect place for someone to have put a back door or logic bomb, doesn't it?

The sad thing is, the code isn't compiled, it's encrypted using the cfencrypt utility that comes with Cold Fusion. A quick web search for cfdecrypt would lead them to a command line utility that would allow them to recover the source code of the offending files.

That's right folks, a quick Google is too complicated for IntraLearn developers.

Please note, an absence of the warning about the files does not mean your version of IntraLearn is magically running code for which IntraLearn has the source.

SiteIntraLearn SiteLink to file
UMass Roxbury View the sample
Enbanet Powered Boston University Site View the sample