Archive for the 'Coding' Category

RSS Feed for the 'Coding' Category

Facebook status change is not a crime

Thursday, September 6th, 2007

TechCrunch has been speaking to Christian about his PHP code that he had to pull down, my C# code I had to pull down (about which I also posted a comment this week), and the others who did. you can read what they wrote about it at

It's nice to see things called by their real name

Monday, September 3rd, 2007

Facebook Terms of Service state that it is forbidden to "[…] use automated scripts to collect information from or otherwise interact with the Service or the Site […]"

For this reason, I had to pull down the code of the small application I had previously released, which was "logging" into the mobile web application "pretending" to be a mobile browser and change your status. Big deal!!!

I am quite sure there are a lot of people writing "official" applications (that is using the "platform API" and so on) that are collecting A LOT of information about users who install their applications. They are being sent the info about the visitors by facebook, they are storing them, they might do whatever they please with (study it, sell it to spammers, to marketers, to making-money-assholes) and nobody will ever notice because it is on their servers and nobody can check that.

But a script that changes your status from remote – since this is not a functionality they CHOSE to expose in their API – then THAT is a big issue. Doh!
It's just plain ridiculous, but that's it.

Sure, the terms of service for app developers say a bit more in this regard:

4) Except as provided in Section 2.A.6 below, you may not continue to use, and must immediately remove from any Facebook Platform Application and any Data Repository in your possession or under your control, any Facebook Properties not explicitly identified as being storable indefinitely in the Facebook Platform Documentation within 24 hours after the time at which you obtained the data, or such other time as Facebook may specify to you from time to time;

5) You may store and use indefinitely any Facebook Properties that are explicitly identified as being storable indefinitely in the Facebook Platform Documentation; provided, however, that except as provided in Section 2.A.6 below, you may not continue to use, and must immediately remove from any Facebook Platform Application and any Data Repository in your possession or under your control, any such Facebook Properties: (a) if Facebook ceases to explicitly identify the same as being storable indefinitely in the Facebook Platform Documentation; (b) upon notice from Facebook (including if we notify you that a particular Facebook User has requested that their information be made inaccessible to that Facebook Platform Application); or (c) upon any termination of this Agreement or of your use of or participation in Facebook Platform;
You will not directly or indirectly sell, export, re-export, transfer, divert, or otherwise dispose of any Facebook Properties to any country (or national thereof) without obtaining any required prior authorizations from the appropriate government authorities;

Are we sure everybody is playing by these rules, when every facebook "application" really runs on the developer'server ? How do you know that they are really storing only what you want them to store, and deleting what you want them to delete ? Everybody knows how difficult it is to really "delete" digital content once it has come into existance… who knows how many copies of this database/social graph are floating around ?

Of course that is not an issue because people don't talk about it enough. But a script that changes your status – now, THAT is a very terrible thing.

I just don't get this "politically correctness". It must be me.

Oh, no… look! It's not only me!
I had read this post of Dare, but I problably had overlooked the last bit of it…. because he did point out this Hypocrisy going on:

Or (5) the information returned by FQL about a user contains no contact information (no email address, no IM screen names, no telephone numbers, no street address) so it is pretty useless as a way to utilize one’s friends list with applications besides Facebook since there is no way to cross-reference your friends using any personally identifiable association that would exist in another service.

When it comes to contact lists (i.e. the social graph), Facebook is a roach motel. Lots of information about user relationships goes in but there’s no way for users or applications to get it out easily. Whenever an application like FacebookSync comes along which helps users do this, it is quickly shut down for violating their Terms of Use. Hypocrisy? Indeed.

He then insists in a more recent post in calling things by their name:

I will point out that 9 times out of 10 when you hear geeks talking about social network portability or similar buzzwords they are really talking about sending people spam because someone they know joined some social networking site. I also wonder how many people realize that these fly-by-night social networking sites that they happily hand over their log-in credentials to so they can spam their friends also share the list of email addresses thus obtained with services that resell to spammers?
how do you prevent badly behaved applications like Quechup from taking control away from your users? At the end of the day your users might end up thinking you sold their email addresses to spammers when in truth it was the insecure practices of the people who they’d shared their email addresses with that got them in that mess. This is one of the few reasons I can understand why Facebook takes such a hypocritical approach. :)

Thanks, Dare, for mentioning Hypocrisy. Thanks for calling things by their name. I do understand their approach, I just don't agree with it.

I did pull my small application off the Internet because I have a family to mantain and I don't want to have legal troubles with Facebook. Sorry to all those that found it handy. No, I cannot even give that to you per email. It's gone. I am sorry. For the freedom of speech, especially, I am sorry.

I will change my status more often on Twitter.

43things Facebook app

Tuesday, August 28th, 2007

WOW I already have 13 (thirteen) users for my Facebook application showing your goals pulled from 43things!

Sure, gapingvoid has got 700+ users in 3 days, I know. But hey, he's famous, and I don't see the point of cluttering my already busy Facebook profile with a cartoon. I do read him and generally like his cartoons, and I am in the "friends of the blue monster" group (so to say I like him).

But I prefer reading him in my "normal" aggregator.

I think Facebook apps should rather "inject social objects" (where did I read this definition? sorry I cant recall it or I would appropiately link to you… I swear).

There are of course other similar applications that just pull comics in your profile (like Dilbert, Garfield, etc) but again – I think this is all stuff that YOU are interested in, and thus should just go into your aggregator – so YOU can read it; on the opposite your profile in Facebook should talk about YOU and things YOU are doing, for example. Occasionally they can be YOUR posts or they can even be someone else's posts that you read and want to share/let other people see (that's why I pull in my Google Reader's shared items for example – things I read and want you too to see). If this includes importing other social objects/information from other social networks, like the music you are listening to on last.FM, or the photos you published on Flickr, then it is fine. That's why I wrote an app that shows the things you want to do, pulled in from and one that shows the places you want to visit pulled in from Because I felt those social objects from another network were missing. In fact a user commented "[…] Glad someone finally took a step forward to create this, though :) […]".

But of course what I wrote about which kind of applications you should or shouldn't have in your profile, remember that this is just my personal opinion rant, and everybody is free to put whatever stuff he/she likes onto his/her profile, in the end :-)

New Photo Category Visualization

Sunday, August 26th, 2007

New Photo Category Page

Copying the advice by Small Potato, I made a different page for the 'Photos' category/tag on this blog. It has been a bit trickier than I first thought, because he keeps his picture uploaded into wordpress itself, while I had to write a small plugin using a regular expression to extract the "IMG SRC" portion of the post content. This way I also experimented with WordPress templates, plugins and structure a bit more than I had done before… and I am even more convinced than before that it can easily be used as a CMS rather than *just* a bloging software.

My lost Facebook Appz! doh!

Saturday, August 25th, 2007

I am just figuring out that on this post of the 26th of July I mentioned I was trying to write a simple facebook application. I am not realizing I never wrote anything about it anymore. I did not spend a lot of time figuring out all the possibilities, and indeed I have not looked into it anymore since then, but that very night I did write something. Not just one application, but TWO (copycat) very simple applications: my43places and my43things, that pull into your profile the data about the things you want to do you entered in and the places you want to visit you entered in, respectively.

They are very simple: you enter your user name and they connect to their REST web service, extract the information about your places and/or goals, and show them as a list in a box in your profile.

I don't know why I did not blog about them before… maybe I thought they were too simple ? Well, they are, but, seriously: who cares? :-)

Open Source Projects and Microsoft

Friday, August 24th, 2007

This CNet article about CodePlex has some VERY interesting points:

[…] Bayarsaikhan has posted the top 25 most active open-source projects on Microsoft's Codeplex site. Looking at the list, it looks like Microsoft developers spend their time doing much the same as the rest of the Java/other world: play games and make the Web world pretty with AJAX. You can see the top project interests below in the Codeplex tag cloud.

Codeplex is interesting to me for several reasons, but primarily because it demonstrates something that I've argued for many years now: open source on the Windows platform is a huge opportunity for Microsoft. It is something for the company to embrace, not despise.

And it does several things well (better than Sourceforge, in my opinion) […]

Facebook Mobile is not working for Italy

Tuesday, August 21st, 2007

Facebook Mobile is not working for Italy

Facebook mobile is not working from mobile operators not in the US, I suppose.
I can't even log on to with my WIndows Mobile SmartPhone.
I can't send status updates through SMS.

I can't even send them by mail, or I get the following back:

Facebook Mobile is not working for Italy

So, now, I am updating Twitter.
Twitter can be updated with an SMS even from Europe. Or it can be updated with a bot running GTalk. Very easy, can do it from everywhere.

I then wrote a small command line application (based on the same "hack" as the one described before) that runs every five minutes from the scheduler on my server and keeps the two in sync.

I wrote it in C# as a Console application because that's usually what I do when I want it to run it both on my windows machines and/or on my Linux server (with MONO). I already used this approach in the past and I found it to be successful. As long as you keep the application simple enough and check out the documentation for the implemented classes on mono, it runs without modification both on windows on the "real" .Net framework and on Mono on Linux. i just copy the executable and I am ready to go.
Not this time, though.
I am hitting what seems to be a bug in mono. I might be able to find a workaround, but I haven't had the time to dig in the issue yet.
I posted some info about this on this forum.

Windows Live ID Web Authentication 1.0 SDK !

Thursday, August 16th, 2007

Check this out:

Windows Live ID Team has published on the web the SDK that lets you liveID (or "passport")-enable your applications!

There are even code samples in six different languages: C#, Java, PHP, Python, Ruby e Perl! You can download them from

Wow! Having time, it would be cool to write a WordPress plugin using Passport authentication to authenticate/identify users that want to comment… mumble mumble….. :-)

Interoperability. Wow.

More info at the Live ID starting Page:

Why do developers tend to forget about people behind proxy servers ?

Monday, August 13th, 2007

I know this is a very common issue.

I keep finding way too many software that claim to interact with Web 2.0 sites or services, and connect here or there…. still forgetting one basic simple rule, that is: letting people use a proxy.

Most programmers for some reasons just assume that since they are directly connected to the internet, everybody is. Which isn't always the case. Most companies have proxies and will only let you out to port 80 – by using their proxy.

…which in turn is one of the reasons why most applications now "talk" and tunnel whatever application protocol on top of HTTP… still a lot of softwares simply "forget" or don't care proving a simple checkbox "use proxy", which will translate in two or three extra lines of code… three lines which I personally usually include in my projects, when I am not even a *developer*!! (but that might explain why I *think* of it… I come from a security and networking background :-))

I thought of writing this post after having read this post by Saqib Ullah.

Anyway. I keep finding this thing over and over again. Both in simple, hobbyist, sample and/or in complex, big, expensive enterprise software. Last time I got pissed off about a piece of code missing this feature was some days ago when testing The previous time was during Windows Vista beta-testing (I had found a similar issue in beta2, and had it fixed for RC1.)

Actually, I am being polite saying it is "missing a feature". To be honest I think missing this "feature" would have to be considered a bug: every piece of software using HTTP *should* include the possibility to pass thorugh proxy (also, don't forget about  AUTHENTICATED proxies), or the purpose of using HTTP in the first place is defeated!!

Developers!!! You have to remember people ARE behind proxies !!!!!

Powershell and RegExp: a "match" made my day.

Thursday, August 9th, 2007

Today I was working with a customer and friend (Claudio Latini, who I thank for the permission to post this, which is also work of his brain – especially the regular expression you'll see reading on!).

We are running several projects and activities together and, among several other things, he's in the process of migrating his users from Exchange 2003 to Exchange 2007. In this infrastructure, he has some ISA Server that publish both the Exchange2003 and the Exchange2007 frontends.

Now he wanted to know HOW MANY and WHICH ONES of his users actually have a PocketPC or other WIndows Mobile device and were actively connecting to the old FrontEnd. You give out mobile devices to people but those things are usually less "managed" – when compared to corporate PCs, at least. So you loose a bit control of the thing… usually people with mobile devices using ActiveSync in companies are managers, and especially since some of them might be on holiday at the moment, it was important to know WHO were the people that had to be told to reconfigure their device to point to the new name/server BEFORE he would start complaining about ActiveSync not working anymore…

So how do you figure out who's connecting ?

I am NO Exchange expert whatsoever… but a thing that came in handy was the thing that an ISA Server was reverse-publishing the frontend server. I know ISA (and firewalls/proxies in general) much better than Exchange, so I can help on that side. In the log files, ActiveSync Connections looked like the following URL, passing most parameters in the POST request: (and on an unrelated note: yes, if you try to crawl this link, you are a bot :-))

So we exported ISA logs (there are several tools for this, including "Extract logs", but we did not use a script, we just used a filter for the correct publishing rule in the "Monitoring – Logging" tag in ISA Server Console and then copied and pasted those log lines) and tried to see if PowerShell could help tackle the issue.

Here we load our sample log (in a real log you would have much more information – each single line wrapping several console rows; I cut it short to the URL to make it more readable.

PS> get-content log.txt

We know Get-Content does not just display the file, it loads the file into a string array.

So we can cycle through the file and try to extract (using a regexp) the string after "User=" and before the first ampersand ("&"), which translates in the following regular expression:


(the regexp has been the most difficult thing to figure out, but it is very worth the hassle once you've done it…)

PS> get-content log.txt | foreach {$_ -match "User=(?<nome>.*?)&" | out-null; $matches}
Name                           Value
----                           -----
nome                           Mario
0                              User=Mario& nome                           Gino
0                              User=Gino&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Gino
0                              User=Gino&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Antonio
0                              User=Antonio&
nome                           Antonio
0                              User=Antonio&
nome                           Mario
0                              User=Mario&
nome                           Mario
0                              User=Mario&

This seems to work. Now we only have to get the Named Captures called "nome" (containing the user name):

PS> get-content log.txt | foreach {$_ -match "User=(?<name>.*?)&" | out-null; $matches["name"]}
Antonio Antonio

Awesome. Now sort them and remove duplicates. Which is one more command in our pipeline:

get-content log.txt | foreach {$_ -match "User=(?<nome>.*?)&" | out-null; $matches["nome"]} | sort-object -uniq

P> get-content log.txt | foreach {$_ -match "User=(?<name>.*?)&" | out-null; $matches["name"]} | sort-object -uniq


Now you can call those three users and tell them to modify their ActiveSync configuration :-)

Facebook StateTray

Friday, August 3rd, 2007

Facebook StateTray

Facebook StateTray, uploaded by Daniele Muscetta on Flickr.

This is a Screenshot of the small application I first described in my previous blog post.

It is a simple Windows Form that lets you change your status on Facebook without having to browse to the site. It does not rely on Facebook's API (as they won't let you change your status, at least to date) but is really uses a hack on the Facebook mobile pages. It is based on PHP code posted by Christian Flickinger, ported to C# (.Net 2.0) by me.

When you pull down the form you get to see the settings:

Facebook State Tray

Those can be stored in an XML file, that gets loaded automatically every time the program starts.
Beware that password ARE displayed and stored in clear text.

The idea so far is that you run it on your PC and you just keep it resized so it does not show the "dangerous" bits.
You can keep it minimized on the tray in windows, pop it up when you need to update your status, write your new status and click "change" – it will freeze for a couple of seconds while updates your status, since it uses synchronous calls – then you can minimize it again.

UPDATED –  September 1st 2007: I have been asked by Facebook to pull down the source code from the Net, as it violates their terms of service (I had not realized that). Apologies to all.

Facebook API and WinForm experiment

Thursday, August 2nd, 2007

While testing with the Facebook API, I started creating a WinForm using the Facebook Toolkit.

What I had in mind was a simple program that would run on my PC, maybe minimized in the system tray, that would let me update my status in a click, thorugh the day, without having to log on to the website. Most of the day I am busy working, and I don't really have time to go surf and check Facebook… but I like the possibility for people to hear how I am doing. Changing the status would keep them up to date, and would keep my profile current.

As I figured out afterwards, their API does not yet let you change your status yet.

There are other people asking for this possibility… but then I went further searching on the Internet, and I found this blog:

I just hacked together a small WinForm written in C# that reimplements this idea.

Facebook StateTray

I indeed would like to thank Christian for the idea, and my friend and colleague Pierluigi for his precious help with the regular expressions :-)

At the moment it has terrible things such as hardcoded passwords in it, but as soon as I will have time to polish the code a bit, I will post it.

One more thing I would like to do with it is turning it from a standalone application into a Live Messenger Add-In, so that it synchronizes my messenger status with the one of Facebook. When I will have time for that.

Facebook development

Thursday, July 26th, 2007

I have been quite hooked into Facebook for the last couple of days, figuring out what it can and cannot do. It can do a lot. The possibility to inject code and brand new application into it is absolutely awesome.

PopFly lets you create mashups and even custom blocks, and I liked that too. But you have to use fancy-shiny Silverlight (which is very cool indeed, but probably not *always* necesary) and you can only create blocks using Javascript. Sure, as someone as already written, the meaning of AJAX is "javascript now works". I can understand (even if I don't know them for sure) the reasons behind certain choices. But I find it limiting. Maybe it is because I don't like Javascript. It must be it. 

Facebook, instead, empowers you to inject code into their social networking framework. Any code. In whatever language you like. They started it in PHP, but you can plug-in whatever you like: Java, Ruby, Perl…. you can even have your application running on your own server, still providing a seamless experience inside of facebook. This opens up to millions of possibilities, and I got fascinated by that.

At the same time, the paranoid part of myself has been thinking to the security implications of it. This open platform is cool, but it also sounds like a framework for cross-site-scripting (XSS) attacks. Sure, you can "report" an application made by a third party that does something weird… but who will really notice if all that happens under the hood is that your cookies get stolen (and someone accesses your bank account) ? Will you figure it out it has happenend because you wanted to see the "dancing pigs" loaded in your profile ? Or will you figure it out at all ?

This said, I set aside my fear for a while and I delved into coding. What I did learn in the last couple of years, having slowly moved away from security engagements, is to relax. When I was working costantly with security I was a lot more paranoid. Now I case much less, and I live a lot more.

So I developed a couple of quick and simple apps running from this very server into Facebook, and I started using thePHP5 library they provide, so to be able to follow the examples first and figure out how it was working.

Now I also want to take a look at the .NET library for facebook when I have time. It sounds cool.

IronPython and Visual Studio Shell

Friday, June 8th, 2007

I read on the IronPython Mailing List about this cool integration with Visual Studio Shell! Also, further in the same thread, you can find out that the current CTP of ASP.NET (ASP.NET Futures) also includes ironPython integration. Look at this:

IronPython running in VS Shell

Where did I leave that old JavaScript book ?

Tuesday, June 5th, 2007

When testing out PopFly, I figured out I *really* need to know JavaScript better than I do, in order to build "blocks". And I don't just need it for PopFly, of course, but in general – because these days it is ubiquitous, and it is being used so much on the Web. One more thing on my to-do list. Jeff seems to agree.

This blog in C#

Wednesday, May 30th, 2007

I have been busy trying to write a new frontend for this blog that uses .Net. I already blogged about it here. In the last couple of weeks I have been adding stuff – permalinks using mod_rewrite, I finally show the comments properly, I have added categories and category archives (as in There is even an RSS Feed.

The layout is still crap, but I sort of like it being so light weight, so that is not on my priority list so far. Moreover, I am a crap designer.

Before that, tough, I still have to add important functionalities like the possibility to POST comments (which needs a new CAPTCHA, etc, so it will take me a while), and I am having issues with text encoding (it does not show the accented characters properly, yet).

But I am having fun doing it.

[Edit of December 2009 – I killed the above experiment. I had fun doing it, but there is not time for all, it needs a lot of work to keep it running/update it with every wordpress update, and mod_mono is wasting too many resources on the server.]

Death by right-click -> Delete ? Nope. PowerShell.

Wednesday, May 30th, 2007

So at one stage I was testing the RSS reader capabilities of Outlook 2007, and I imported an OPML file with roughly 500 feeds! Of course I was NOT interested in reading ALL of them, and it was causing quite a bit of work to do on my machine to fetch them all and sync the content in my mailbox…

So I figured out it was possible to remove the subscription (from the Tools menu -> Account Settings -> RSS Feeds) but the folders were left there. Now, I didn't want to have those 500 folders in my mailbox, and I did not even want to die by right-clicking, pressing "delete", confirming…. all of this 500 times! No way.

So I wrote this little PowerShell script, I guess it *might* be helpful to someone at one stage, who knows ?

$oApp = New-Object -COM 'Outlook.Application'
$rss = $oApp.GetNamespace("MAPI").GetDefaultFolder("olFolderRssFeeds")
forach ($folder in $rss.Folders)

Please note that if you don't have the Office Interop Assemblies installed on your machine, you can't use the first line. As a result, you will have to change the third line hardcoding the number that represents the RSSFeeds folder, so it would become:

$rss = $oApp.GetNamespace("MAPI").GetDefaultFolder(25)

Note: I found out (later, of course) that there is a much more general post on this subject (that is, automating Outlook through PowerShell):

Microsoft Popfly

Saturday, May 19th, 2007

Microsoft Popfly

You can build complex web-mashups in minutes.

Read on an interesting review at and, obviously, more info at the official site

Create a Script-Based Unit Monitor in OpsMgr2007 via the GUI

Thursday, May 10th, 2007

Warning for people who landed here: this post is VERY OLD. It was written in the early days of struggling with OpsMgr 2007, and when nobody really knew how to do things.
I found that this way was working – and it surely does – but what is described here is NOT the recommended way to do things nowadays. This post was only meant to fill in a gap I was feeling existed, back in 2007.
But as time passes, and documentation gets written, knowledge improves.
Therefore, I recommend you read the newly released Composition chapter of the MP Authoring Guide instead – and start building your custom modules to embed scripts as Brian Wren describes in there, so that you can share them between multiple rules and monitors.

This said, below is the original post.

Create a Script-Based Unit Monitor in OpsMgr2007 via the GUI

There is not a lot of documentation for System Center Operations Manager 2007 yet.
It is coming, but there's a lot of things that changed since the previous release and I think some more would only help. Also, a lot of the content I am seeing is either too newbie-oriented or too developer-oriented, for some reason.

I have not yet seen a tutorial, webcast or anything that explains how to create a simple unit monitor that uses a VBS script using the GUI.

So this is how you do it:

Go to the "Authoring" space of OpsMgr 2007 Operations Console.
Select the "Management Pack objects", then "Monitors" node. Right click and choose "Create a monitor" -> "Unit Monitor".

You get the "Create a monitor" wizard open:

Choose to create a two-states unit monitor based on a script. Creating a three- state monitor would be pretty similar, but I'll show you the most simple one.
Also, choose a Management pack that will contain your script and unit monitor, or create a new management pack.

Choose a "monitor target" (object classes or instances – see this webcast about targeting rules and monitors:… ) and the aggregate rollup monitor you want to roll the state up to.

Choose a schedule, that is: how often would you like your script to run. For demonstration purposes I usually choose a very short interval such a two or three minutes. For production environments, tough, choose a longer time range.

Choose a name for your script, complete with a .VBS extension, and write the code of the script in the rich text box:

As the sample code and comments suggest, you should use a script that checks for the stuff you want it to check, and returns a "Property Bag" that can be later interpreted by OpsMgr workflow to change the monitor's state.
This is substantially different than scripting in MOM 2005, where you could only launch scripts as responses, loosing all control over their execution.

For demonstration purpose, use the following script code:

On Error Resume Next
Dim oAPI, oBag
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreateTypedPropertyBag(StateDataType)
strFileName = "c:\testfolder\testfile.txt"
strContent = "test "
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objTS = objFS.OpenTextFile(strFileName,FOR_APPENDING)
If Err.Number <> 0 Then
Call oBag.AddValue("State","BAD")
Call oBag.AddValue("State","GOOD")
objTS.Write strContent
End If
Call oAPI.Return(oBag)

[edited on 29th of May as pointed out by Ian: if you cut and paste the example script you might need to change the apostrophes (“) as that causes the script to fail when run – it is an issue with the template of this blog.] [edited on 30th of May: I fixed the blog so that now post content shows just plain, normal double quotes instead than fancy ones. It seems like a useful thing when from time to time I post code…]

The script will try to write into the file c:\testfolder\testfile.txt.
If it finds the file and manages to write (append text) to it, it will return the property "State" with a value of "GOOD".
If it fails (for example if the file does not exist), it will return the property "State" with a value of "BAD".

In MOM 2005 you could only let script generate Events or Alerts directly as a mean to communicate their results back to the monitoring engine. In OpsMgr 2007 you can let your script spit out a property bag and then continue the monitoring workflow and decide what to do depending on the script's result.


So the next step is to go and check for the value of the property we return in the property bag, to determine which status the monitor will have to assume.

We use the syntax Property[@Name='State'] in the parameter field, and we search for a content that means an unhealthy condition:


Or for the healty one:

Then we decide which status will the monitor have to assume in the healty and unhealty conditions (Green/Yellow or Green/Red usually)

Optionally, we can decide to raise an Alert when the status changes to unhealthy, and close it again when it goes back to healty.


Now our unit monitor is done.
All we have to do is waiting it gets pushed down to the agent(s) that should execute it, and wait for its status to change.
In fact it should go to the unhealthy state first.
To test that it works, just create the text file it will be searching for, and wait for it to run again, and the state should be reset to Healthy.

Have fun with more complex scripts!

Ancient and Modern (aka "Digital Printouts" and Writing Secure Systems)

Saturday, May 5th, 2007

Ancient and Modern (aka

Digital Printouts.
I often find it funny to use the old reflex camera with films, but I mostly use it as if it was a digital one: I make many shots, some are good some are bad – I don't bother printing them, I just let it develop and I scan the pictures I like from the film (several ones are even posted here this way).
I have even been talking about this with fellow flickerer's:…

On the opposite, it often happens that I want to print some photos made with the digital camera. So I take them to the shop on the Compact Flash, or more often on a USB pen drive.

Today, tough, something strange happened: the machine they use to print digital photos (some very big professional system for printing on photographic paper with a proprietary application which manages it) hanged while it was trying to load this one photo which was on the USB pendrive.

The guy at the shop got panicked: he said a week earlier a guy got the machine infected with a Virus through his USB pen, and he had to stop working for three days, spend a lot of money to get the system reinstalled…

I tried to tell him to close the application but he did not even get what I was talking about. He was saying that the system was not responsive… I was pretty sure the system WAS responsive, it was just the APPLICATION which was hanging, and since it looked like an NT-based system I tried to guide him through CTRL+ALT+DEL, to start "Task Manager", kill the application (this whole procedure took several minutes, and I had to show him which keys I was talking about as he was abel to find "ALT" but he had never hear of CTRL, left alone "DEL"). It was a Windows2000 Professional… so I wondered how did he logged in if he did not know that key combination….. I asked how did he get in when he started the machine…. "it opens automatically" he said. I see. I though it must be configured for autologon then. After killing the application he asked "how do I get out of this now??" "This" being Windows Explorer… I mean, the desktop. I pulled out my USB pendrive he was afraid of, I helped him reboot. He was nervous and he said it took much longer than normal to start up (I don't believe ONE word of it, it just took much less time than my laptop with Vista takes to start up… but he was worried and that makes one anxious and makes time flow slower). He was afraid and nervous that the "thing" could have been broken somehow by trying to load a JPEG…
NOTHING made him confident about me: I tried to reassure him I am an IT Professional, that I work for Microsoft (unfortunately I did not have my business cards with me today, that would have probably helped!), that I put my hands on much more complex and "missioncritical" systems, that I would not bring him any virus whatsoever and I am paranoid about computer security…
Nothing. Nothing worked to re-assure him that there wasn't anything to worry about my pen…

While the machine started I saw it doing AutoAdminLogon with Administrator… with a password of TWO characters.
Oh my god!
Then he wonders that he gets viruses from strangers. He runs as Administrator all the time!!!

But then I though and asked… "is there maybe a LIMIT on the SIZE of the file?". "Of course there is!".

Since the photo I wanted to print is actually a composition made of two photos pasted together, and each of the original was a 8 Megapixel photo, the resulting is a 16 Megapixel picture, a JPG file of roughly 8 megabytes in size. Well, this days it isn't much anyway. We nearly have cameras which produce files with that high resolution…
..but if THAT application has a limit… WHY on earth doesn't it CHECK for the bloody SIZE of the file BEFORE trying to load it ?

I mean, those are professional systems which – he said – cost around 150 THOUSAND of Euros… which they let run with an application which does NOT do any input checking/validation, runs the whole time as Administrator… while letting people bring in their own CD-ROMs, USB pens, flash memory cards….
and they expect it to be safe?

Now the guy was panicked and wouldn't let me plug my pen in the machine again.

Then he's keeping his shop closed in the afternoon since it is saturday, and I need that photo (and other ones) printed for tomorrow, because tomorrow it is my grandad's 91st birthday and I wanted to bring them printed for him and framed as a present!

Morale: I have to find another place to print them in the afternoon, in a rush, because some company sells print systems which are written like crap, which need to run as Administrator and won't do any input validation in their code. This is one of those situations where a design flaw matters.