Terminally Incoherent

This is hopefully the last post from my VBA Purgatory cycle. This time around it is a rant about one of the more infuriating little bugs in MS office namely the lack of scroll wheel support in the built in VBA editor. I have no clue why that little editor doesn’t work with the scroll wheel when the rest of the office does. It makes no sense.

I read somewhere that this may have something to do with mouse drivers you are using. Apparently some of proprietary MS drivers do work. I currently use MS Sidewinder and I can confirm that the scroll wheel works in the copy of Office 2007 that was graciously provided to my by the CS department at my university. On my work laptop however I use Logitech VX Revolution with Logitech drivers installed on the XP running inside a VM and the wheel doesn’t work in Office 2003.

Two things may be happening here. Perhaps MS finally fixed this issue on 2007 version of their product (and about time damn it!) or it is indeed a driver dependent thing. Either way, most of office users are still on 2003 because the ribbon interface sucks total ass until you get the hang of it. I’ve been using it for over 2 semesters now so it makes no difference to me - just another interface I guess. I can find my way around easily, but I noticed that learning new UI is akin to the end of the world for some people. Also not everyone owns a MS mouse so I set out to find a solution to this issue.

As you can suspect, there are millions of google hits for the VBA editor scroll wheel query. I found that Daily Dose of Excel had the broad range of solutions to this issue. It pointed me to a MS Knowledge Base article which apparently claims this behavior is by design, but also offers two workarounds one of which is the download VB6MouseWheel.EXE package which may (but doesn’t have to) fix it for you.

If it doesn’t work, the Daily Dose blog recommends 3 software solutions that are targeted specifically at VBA. Some are more configurable than others and may offer additional functionality. Personally I recommend the last one - the Scroll Wheel Fix for VB6 (and others). While it is the least configurable of the 3 it is also the only one which is published both as binary and as source code. And this is not just the security freak in me talking here. After all I did not go through the code line by line to check for shady stuff. It’s just that the act of making code available is praiseworthy, and I want to support the guy who releases his solution to the world rather than just posting a binary on his home page bragging about his awesome haxin skills.

Also, the solution doesn’t seem to be that incredibly complex. I counted a little over 500 lines of code in the source. While it is a sizable chunk of code, it doesn’t seem like a complete show stopper of a project that could not be included in each of the successive releases of MS’s flagship product. To me the fact it was never fixed indicates that no one at MS actually cares about the VBA editor. They know full well that the core users of their product never will actually see it. The only people who will work with it are the poor souls forced to write macros as a form of punishment by pointy headed managerial staff. And since they will loathe the task anyway MS sees no reason to actually make their life any easier.

Being a geek, and a developer/sysadmin by trade I sometimes forget how regular people’s brains work. I mean I sort of get that they view technology as magic that can only be understood by unattractive an unpopular people. That element of their belief system is clear to me. What I forget is that their whole world view is wrapped around and corrupted by their ignorance. For example this is a conversation I had with my co-worker the other day:

The moral of this story is that you should always encrypt your Wifi and set your ssid to be something like “fbi.gov” to scare away persistent bandwidth leeches. But that’s not really what I wanted to point at. Did you notice the following logic:

Downloading Movies == Theft
Using someone’s Wifi != Theft

That’s sort of backwards, isn’t it? Unlike copyright infringement which while morally reprehensible is definitely not theft (neither morally, legally or semantically) leeching on someones wireless connection can definitely be viewed as such. After all, there is a reason why we call it bandwidth theft. Most of us have unlimited bandwidth contracts with our ISP’s but in some parts of the world people still have theirs capped and metered and can’t go over some quota. Your connection would count against their quota and any overages would be paid out of their pockets. In the world of unlimited bandwidth there is no danger of incurring overage charges but you are still using bandwidth that someone else paid for without permission. If they are for example trying to play Counterstrike online, while you are downloading bunch of torrents you will doubtlessly clog up their intraweb pipes (internet is not a truck kids!) and introduce lag.

In other words, leeching is much more like theft than copyright infringement could ever be because you are actually depriving someone of something they paid for. It is still not actuall theft in a legal sense of course. It probably falls under “unauthorized access to a computer system” but IANAL. Perhaps a real lawyer can clarify this for us. Either way, I personally view it as much more serious and actually damaging activity. While the concept of “lost sales” is a complete fiction, loss of bandwidth due to a leeching neighbor is very real, and very tangible (page load time, lag and etc).

The polite thing to do is to knock on your neighbor’s door and tell them they have an unsecured Wifi network. I know there are people out there who actually purposefully leave their networks open, and do not mind sharing their connection (Bruce Scheiner is one of them). Most people however simply are too stupid to set it up properly. But if you help them out and set it up for them they may be nice enough to let you leech until you get your own internet connection, or maybe will be happy to simply split the bill with you.

It seems that the cancerous message spread by RIAA and MPAA is actually working. People have been brainwashed. My coworker for example thinks nothing of leeching Wifi from their neighbor (a real person they see almost every day) but balks at infringing copyright of some huge corporation. Sigh… I remember a time when it was the other way around and people would stick it to the man, and help their neighbors. I guess that this time has passed and we have other priorities now. Priorities such as OBEY, CONSUME, WATCH TV, BUY, SUBMIT, STAY ASLEEP…

“I hate computers! I really do.” said the girl crossing her arms and staring at the screen with an evil glare. Her expression was a mix of frustration, anger and intense hatred for inanimate object. Then as if to punish the defiant, malevolent machine she started angrily pressing the alt+ctrl+del combination rising her finger high above the keyboard and smashing the Delete key harder each time.

Quick inspection of the machine revealed that it was simply hopelessly stuck swapping to disk. Poor, old, battered laptop was running Windows XP with merely 256 MB of Ram to work with and it’s screen was literally littered with open windows. I noticed iTunes (known resource hog), AIM (the new super-bloated client) 5 or 6 open Office documents, dozen IE windows, some yphoto editing software, and a whole array of apps running in the task bar. There was a recent Norton Internet Security Suite there, Google Desktop, 3 or 4 icons that were probably installed with the Printer drivers, bunch of auto-update tray apps for Adobe, HP, Cannon, and Quickbooks. There were 3 different garbage apps from Dell, a quicktime icon, a real player icon and some other stuff that I didn’t even recognize. I bet there was some spyware running in the background as well.

What we had here was a classic user problem. If you have a slow machine with a limited amount of memory, and proceed to open few dozen applications it will slow down to a crawl and eventually freeze on you. It is a simple resource management. And yet most people fail to see it this way and assume that their computer is somehow broken, or better yet, that it somehow became sentient and is simply being malevolent and hateful.

The truth is that there is no more point in hating a computer - it is an inanimate object. It is a simple tool. Would you say you hate screwdrivers or hammers for example? Or, I don’t know - shoes? Of course not. That would be stupid. Naturally you may not care for a particular pair of shoes, or dislike a certain screwdriver because they are shoddy or uncomfortable. But you wouldn’t hate all of them.

If your computer acts weird, its usually your own fault. 99% of problems are caused by user stupidity, ignorance or just carelessness. Almost all software problems can be traced back to some user action that caused an infection, corruption or interruption of some sort. These problems are your fault. You are the one to blame for them. The remaining 1% are real issues such as genuine hardware failures, and actual software bugs. Most of the time you are the one in control, and you have the power to both cause and prevent nearly all potential computer problems. We geeks thrive on the fact. Mere mortals rarely even admit that they may have any kind of control over the internal workings of their machine. To them it is a mystical, semi-sentient device that has it’s own mind and temperament. And of course such a magical being can never be figured out so you should not even try.

By allowing people to “hate computers” we are enabling them. They end up anthropomorphizing their machines so that they do not need to learn them. It is easier to say “I hate computers” or “this computer hates me” than actually admitting you don’t know how to do something, or worse - that you did something wrong. This is the attitude we should fight with extreme prejudice!

I’m sick and tired of hearing people enthusiastically claim that they are “computer illiterate” as if this was something to be proud of. It’s shameful and disgraceful! It is nothing one should be bragging about. And yet people say it loudly and proudly. It is not a badge of honor. It is not a lifestyle choice. When you willfully choose to be “computer illiterate” you are crippling yourself. Don’t do that and don’t let you friends and family do that to themselves!

Not so long ago my university’s email got blacklisted by Comcast and Microsoft due to large amounts of spam streaming from our network. This lovely email explains the details of the situation:

To Our Campus Community-

Information Technology has received several reports from users that email sent from mail.montclair.edu accounts to Hotmail.com, MSN.com, and Comcast.net email addresses are being returned as non-deliverable.

Upon further investigation we have determined that Hotmail and MSN (both owned by parent Microsoft Corp.) as well as Comcast have put the montclair.edu email domain on a “blacklist’ for alleged spam activity and are temporarily refusing to accept mail from our campus server.

Information Technology has contacted all three ISPs to request that our domain be removed from their blacklists. As of this writing, only Comcast has responded to our request and removed us from their blacklist.

How did this happen?

Last week there was an email “phishing” scam circulating that asked users to respond with their email account name (NetID) and password. A handful of users contacted IT to say that they had mistakenly responded to that phishing scam and provided their NetID and password. It is likely that other users may have done something similar but have not yet contacted IT.

Even just a few compromised mail.montclair.edu accounts can be used by spammers to send thousands of spam messages from our domain. We believe it was exactly this scenario that landed us on the Hotmail, MSN, and Comcast blacklists.

Note: If you responded to the phishing scam last week please change your NetID password immediately by going to the NetID account form at https://netid.montclair.edu

As a reminder: Montclair State’s Division of Information Technology will *never* under any circumstances ask you to provide your password, social security number, or other personal information via email. Any email you receive asking for such information, regardless of the alleged source, should be considered fraudulent and deleted immediately.

We apologize for any inconvenience this situation has caused, and will update this list as soon as we get confirmation of our removal from the Hotmail and MSN blacklists.

It seems that the issue was resolved quite swiftly the same day actually. Here is the follow up email:

To Our Campus Community-

This is an update to my previous email regarding blocked email delivery to Hotmail.com and MSN.com accounts.

As of 6am this morning, Friday August 8th, Microsoft Corp has lifted the anti-spam block for mail.montclair.edu and is now accepting mail from our domain. Any messages that you had attempted to send to Hotmail or MSN address that were returned as non-deliverable will need to be re-sent.

Again, we apologize for any inconvenience this temporary block may have caused. We hope that through continued diligence by our user community to avoid phishing scams, and some additional configuration of our outbound mail gateway we can prevent further blacklisting incidents in the future.

Then it happened again:

To Our User Community-

Information Technology was alerted late last night (Sunday August 17th) that Hotmail.com and by affiliation MSN.com have again placed the mail.montclair.edu domain on their blacklist for alleged spam activity.

We have contacted Microsoft and they have indicated that the blacklisting will be lifted tomorrow, August 19th at Noon. Until then,
any mail sent to hotmail.com or msn.com addresses will bounce back as non-deliverable.

It is unfortunate that Hotmail/MSN has taken this action without any pro-active notification to the University and without any detail as to what conditions caused us to be blacklisted.

In the coming weeks Information Technology will be reviewing our anti-spam policies and the configuration of our outbound email gateways in an effort to minimize these arbitrary blacklisting incidents by Hotmail and other major ISP’s.

Being blacklisted once is bad enough. Being blacklisted twice indicates that OIT didn’t learn anything from the first incident, and failed to take any preventative actions. I don’t think we can dump this on users alone. After all, every organization, and corporate entity out there has a number of computer illiterate staff members who are likely to fall pray to phishing. And yet they somehow manage to steer clear from these blacklists. User education is important, but it is hard to teach people who hardly ever use email about email security.

This is not a user problem - this is an institutional issue. I personally believe that OIT (MSU’s IT branch) could have prevented this from happening by immediately taking couple of preventative steps and tightening their security policies after the first incident. The following three questions are the key to understanding what went wrong here:

1. How do Phishers and Spammers obtain valid MSU emails?
2. How do we prevent compromised account from sending massive amounts of email?
3. How do we identify compromised accounts and disable them before they become a liability?

The first question is trivial. The answer is located on the OIT page itself, and if you ask a random computer science student hanging out in the CS Department area he/she will probably be able to show you how to poll university systems for emails, and brag about their perl/python script which can pull thousands emails according to some rules or self imposed requirements (ie. stealth, speed etc..) from anywhere in the world, and without any authentication. Yeah, we all wrote those. I think most of us give up trying to alert the OIT about this around the sophomore year and just learn to accept it. I never gave my script to anyone, and deleted the email addresses I collected from my hard drive. I could have sold them to spammers - and so could other students. How many of them did? That’s a good question. Besides, I’m pretty sure that if we figured it out quite a few spammers figured it out as well by now.

The other two questions are there for OIT. I don’t know the answers. I suspect that the first one is probably “we don’t”. There is storage quota but I believe there is no email volume quota on student accounts which is both a good thing and a bad thing. It is a good thing, because quota’s suck. It is a bad thing because a compromised account can really spew out large amounts of crap before someone notices anything. I trust that someone is watching over these things. At least I hope that there is a monitoring script somewhere that sends out an email to the sysadmin saying something among the lines of: “BTW, you might want to know that this one student just sent 10 million emails yesterday”. But alas, I do not know whether we have it or not. I can just hope we do.

I believe there is a policy for disabling compromised accounts but I don’t know whether there is a process. And if there is, it is obviously not efficient enough if we get blacklisted this easily. My solution would be to look at question #1 REALLY closely, because that is the big one. Fix that, then revise the process, and perhaps introduce some generous quota and more aggressive monitoring.

There is not much I can help with from the institutional part though. I don’t really have a say in these matters. I can however help with the user education, ~30 students at a time. And this is what I will do. The coming semester I will try to put more emphasis on Phishing, Pharming, online scams and social engineering in general. That will be my input into fixing this issue. OIT has to do the rest.

Dear History Channel,

I wanted to start this letter by politely saying: WHAT THE FUCK? As you may or may not know the name of your network (”The History Channel” in case you forgot) sort of implies that your programming should at least relate to history. Don’t you agree? I may be completely off base here, but I would think that when TV viewers hear this name they have certain expectations, and preconceptions as to what your programming is going to be.

For example, majority of normal people (may they rot in hell for all eternity) will avoid your network like a plague because they are generally allergic to knowledge and anything remotely educational fills them with fear and doubt. On the other hand people whose IQ is not a single digit number (and sadly it seems that we are a dying breed) actually seek your channel out for precisely the kind of programing which scares off the mainstream sheeple. I really think that well made documentaries, be it about ancient civilizations, weapons, world war 2 or more contemporary stuff are much more interesting than the Reality TV bullshit that many of my coworkers enjoy so much.

Only recently, there has been preciously little of actual History on my History Channel! In the past I had your channel running in the background most of the day, and whenever I looked at TV there was something interesting on. And even if it was not interesting, it did not provoke nausea in me. These days I usually end up flipping channels in disgust because I just can’t stand the crap you are airing in the evening sometimes.

Let me ask you a question: what do shows like Ice Truckers, Axemen, It’s Tougher in Alaska, and Monster Quest have to do with History? Absolutely nothing! Why are they on your network then? What is the purpose? In case you have failed to notice, these are pretty much reality shows. Reality shows without promiscuous sex, relationship drama and attractive women in bikinis. Reality shows about grizzled, overweight truckers, lumberjacks and Bigfoot enthusiasts. I’m sorry but even big fans of reality tv genre are probably turned off by this shit.

Here is a newsflash: reality shows suck ass. People who watch reality shows and enjoy them are a fucking IDIOTS. Idiots do not watch History Channel because knowledge is like Kryptonite to them. It is that simple. Who are you pandering to by making new seasons of these titles? Do I need to remind you who your core audience is? It’s predominantly white collar intellectuals, people from the academia, college students and history buffs. My guess is that 98% of these people have no interest in watching a reality show about dim-witted blue collar physical laborers who can barely string together a coherent sentence. Can you see why this is a bad idea?

Why can’t you stick to what everyone expects you to do - and that is documentaries. The reality TV is going to scare away your core viewers, and it won’t attract new ones because dumb people don’t watch your network - and this is the only kind of viewers you could possibly catch watching this crap.

And while you are at it, can you please ditch the supernormal shit? How many shows can you make about NOT catching Bigfoot, or NOT proving or disproving the existence of ghosts, monsters or UFO’s? This shit was awesome when I watched it on Discovery Channel when I was 14. But then Discovery decided that they want to spent most of their time airing shows about bikers, grease monkeys, and home improvement shows. So I stopped watching it. Now you are doing the same fucking thing.