PJ on Development: Blog

At the moment I am not able to use the Symantec Internet Worm protection, so I decided to try the famous ZoneAlarm.

I downloaded the demo version (which they claim to be just like the full version) of the ZoneAlarm Security Suite.

I have been a network administrator before, so I know how to proper setup a firewall and define which ports I want open and which I need to close.

Anyway, I had finished all the configuration on ZoneAlarm, clicked Apply and OK and put the application to rest when IE7 froze and I needed to give my machine a hard reset.

After Windows was alive and kicking again, I start receiving several alerts from ZoneAlarm regarding some ports I had previously opened.

I scratched my head... "What the heck? I had just configured those port open. Why it's blocking the connection?"

I went back to ZoneAlarm Control Panel and sure enough, all the configuration I did, which took me quite some time to personalize and refine to my taste, was gone.

It simply was not there.

It was just like I had just installed.

Factory default.

That couldn't be true. So I did the "Average Joe Test": I set some configuration, applied them thoroughly, and checked if they were functioning... I closed the ZoneAlarm Control Panel and check if they were still working.

They were. All the configuration I did was working perfectly.

Then I hit the reset button. Just like that.

When I went back to check if the configuration it was gone. Again.

But now I know what went wrong.

Apparently ZoneAlarm only saves the configuration you do when it's shutting down.

To test my theory I reconfigured ZoneAlarm once more, but this time I shutdown properly. And sure enough all my configurations were there when the computer went up again.

So, what's out there for the folks at ZoneLabs? Simple they need to remember to save the configuration the moment the user press the OK button, no when the application is shutting down, because sometimes it doesn't.

And the same lesson applies to us developers.

I must say that I had a long inner struggle regarding this post.

Yesterday I received an email from Symantec regarding the problem I had reported on this site.

I didn't know if I would or wouldn't post the Symantec email here.

But I came to the conclusion that the people has the right to know.

I only removed the name of the person who answered the email in order to protect his or her privacy.

With no further delay here it is...

Hello Paulo,

Thank you for contacting Symantec Online Technical Support.

I understand from your message that you are encountering script error in your computer.

Paulo, this issue can occur when an older version of the Scanwrap.dll file is present on the computer during the installation of NSW. This issue can also occur when Microsoft Internet Explorer (MSIE) is damaged. To resolve the issue, I suggest that you search and rename the Scanwrap.dll file to scanwrap.old. If the issue persist then reinstall MSIE and disable script debugging and error notifications.

For further detailed instructions, I suggest that you refer to the following document from our Online Knowledge Base, which will provide you with the necessary information on the subject. Please click on the link below, which takes you to the document:

Title: 'Error: "IE Script Error, URL: res:C:\PROGRAM%20FILES\NORTON%20SYSTEMWORKS\SWPLUGIN.DLL/1317" when starting or closing Norton SystemWorks'
Document ID: 2000100415111007
> Web URL:
http://service1.symantec.com/Support/nsw.nsf/docid/
2000100415111007?Open&src=con_ols_nam

Here is a document from our Online Knowledge Base that will assist you to download the latest version of MSIE.Please click on the URL link provided below:

Title: 'How to reinstall Internet Explorer'
Document ID: 2002043008264839
> Web URL:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/
2002043008264839?Open&src=con_ols_nam

To disable script debugging and error notifications. Please follow the steps given below:

1. Open Internet Explorer.
2. Click the Tools menu, and then click Internet Options.
3. Click the Advanced tab.
4. Check "Disable script debugging."
5. Uncheck "Display a notification about every script error."
6. Click OK.

Let me know if I can be of any further assistance to you in using the Symantec product.

Best regards,

Symantec Authorized Technical Support

On my reply to such great support I point this person to my site in a way to attempt to throw a little bit of light into his or her dark cubicle.

To know more about this problem, please read my previous posts:
- IE7 & System Works 2005
- IE7 & SW 2005 - Follow up

I sent an email to Symantec today about the error I got after installing IE7, and I got an automated message that say they will reply in 24 to 48 hours.

So while I'm waiting I did some research about this error and some digging in the System Works.

I took a good look at the error message that stated that the error has occurred at this URL: res://fwui.dll/ruleSummary.htm.

Well, it says in almost plain English that the error occurred in a Resource in the fwui.dll.

The next thing I did was to search for the said file and then I started my Visual Studio 2005 and opened the file. And there it was:

fwUI.dll
  Bitmap
  Cursor
  Dialog
  HTML
  Icon
  "REGISTRY"
  String Table
  "TYPELIB"
  Version

Everything I needed to find out what was wrong.

I went straight to the HTML branch and took a look at it.

There are several items there and the one I was looking for: "RULESUMMARY.HTM".

Reading this file I discovered that it is a pretty simple HTML file, with not much of a thing to look at anyway. But there are some scripts and the most interesting was named RuleSummary.js.

Opening this file and referring to the error message I got I went straight to the line of error (476), and discovered that it was inside a block code that should be only executed if the IE was lower than 5.

I scratched my head. Was IE7 reporting a wrong version number?

That didn't seem right. But I tested anyway and it reported 7 sure enough.

Therefore the error should be in the code I was looking.

The test for the IE version was:

if (g_IEVer < 5)

So I went looking for the assignment of g_IEVer and I found it as being:

var g_IEVer = GetIEVersion();

But no sign of the GetIEVersion function in the code I was looking at.

I went back to the HTML file I looked at first. There was another interesting script there by the name shared.js in another resource file, the niscmnht.dll.

I opened this file and searched for the shared.js script. And then I looked for the GetIEVersion function. Where I quickly discovered the error.

function GetIEVersion()
{
 // convert all characters to lowercase to simplify testing
 var agt = navigator.userAgent.toLowerCase();

 // Note: On IE5, these return 4, so use is_ie5up to detect IE5.
 var is_major = parseInt(navigator.appVersion);
 var is_minor = parseFloat(navigator.appVersion);

 // BROWSER VERSION
 var is_ie    = (agt.indexOf("msie") != -1);
 var is_ie3   = (is_ie && (is_major < 4));
 var is_ie4   = (is_ie && (is_major == 4) &&
                (agt.indexOf("msie 5.") == -1));
 var is_ie4up = (is_ie && (is_major >= 4));
 var is_ie5   = (is_ie && (is_major == 4) &&
                (agt.indexOf("msie 5.") != -1) );
 var is_ie5up = (is_ie && !is_ie3 && !is_ie4);
 var is_ie6   = (is_ie && (is_major == 4) &&
                (agt.indexOf("msie 6.") != -1));

 if(is_ie6)
     return 6;
 else if(is_ie5up)
     return 5.5;
 else if(is_ie5)
     return 5;
 else if(is_ie4)
     return 4;
 else if(is_ie3)
     return 3;

 return -1;
}

Do you see the error?

There is no test for IE7. Worse, it could have been done much more easier with regular expressions.

A better approach with the same results and upgradeable to ANY version of the IE could be:

function GetIEVersion()
{
  var agt      = navigator.userAgent.toLowerCase();

  var is_major = parseInt(navigator.appVersion);

  var is_ie    = (agt.indexOf("msie") != -1);
  var is_ie3   = (is_ie && (is_major < 4)); 

  // It's not IE so we don't care
  if (!is_ie)
    return (-1); 

  // It's IE3 report it
  if (is_ie3)
    return (3); 

  // It's IE4+ so we can use RegExp
  var rxIE       = new RegExp("msie\\s(\\d+.\\w+)","ig");
  var arIEResult = rxIE.exec(agt); 

  // arIEResult[0] contains the whole match
  // arIEResult[1] contains the first matching group
  //               in our case the full version
  //
  // We use parseFloat because we want a number
  return (parseFloat(arIEResult[1]));
}

Unfortunately I can't edit the file without risking my whole System Works, but now it's pretty easy for the folks at Symantec to fix the problem A.S.A.P.

Editted to Add:
You can can read the Symantec reply here.

Editted to Add:
Several people have in the past asked me for a fixed version of the niscmnht.dll file. However I wasn't able to provide at that time due some personal conflicts.

I was trully hoping that Symantec would sometime fix this darn file. But after more than three years since the first publication of this post, no such thing happened.

So I'm publishing a fixed version of this file here.

Simply unzip the fixed file over the old one.

If in some happenstance the file is in use, unzip it on another folder, boot up in Security Mode, and copy the file over the old one.

As always, remember to backup your original file BEFORE copying it over.

Well, it looks like something is happening after all.

I just got the news that a New York working mother with five children is going to fight the RIAA. And she's doing it alone, without expert help or legal representation.

When asked how far she's willing to go, she's quoted saying:

"I'm willing to take it as far as I have to to prevent other innocent people being dragged into frivolous lawsuits."

You can read more here and here.

The p2pnet website set up a fund raising campaign in order to help this outstanding person here.

I don't know if this is an error that happens only with me, because I could not find anything on the Internet yet, but as soon as I installed IE7 I ran into a strange error with my Norton System Works 2005.

This error occurs when I try to access the following settings of the Internet Worm Protection of the Norton System Works 2005:

• General Rules
• Trojan Rules

The other settings are fine.

After the error occurs I can't add any other rule, however I can edit and remove the existing rules. The complete error message is as follow:

An error has occurred in the script on this page.


 Line: 476
 Char: 8
Error: 'szModify' is undefined
 Code: 0
  URL: res://fwui.dll/ruleSummary.htm

I will keep posting information about IE7 as I gather some from its use.

In the meantime I will contact Symantec to see if they have some workaround for this, although I think I will be better off without asking them.

When I was having trouble setting up a connection with an email server that requires SSL the Symantec suggested turning off the email protection, because they (Symantec) did not have support for it.

Editted to Add:
You can can learn how to fix this on my post IE7 & SW 2005 - Follow up.
And read the Symantec reply here.

I finally got bold enough to intstall IE7 Beta 1.

My first impression: so-so.

What I like about it:

• Tabbed navigation.
  It's nice, and doesn't jam my taskbar with new windows.
• Phishing Filter
  It's always good to try to improve security on the web.
• PNG Support
  No need to hack CSS and use behaviors.

What I didn't like:

• Some toolbars are always locked no matter what.
  In special the Address Bar and the Tab Row
• Phishing Filter
  Sometimes it slows down navigation a little bit, specially for new sites.
• Personalized Favorites Menu is gone.
  My Favorites has several entries but with the Personalized Menu it showed only the most used ones. Now it's gone, although the option is still in the Internet Options.

But it's still beta, so let's wait to see what the full release wil bring us.

I don't know if I ever mentioned it here, but my wife's parents are Russian. In a couple of weeks it will be my parents-in-law 50^th wedding anniversary.

Anyway, I was designing some invitation cards when I realized that I didn't have the proper font. I needed a cursive, hand written font, and it OUGHT to have Cyrillic glyphs. Searching here and there over the net I finally found out what I needed and finished up the invitations.

Why did I say all of this?

Because when I was searching for the font I found out the next item for my wishlist: the Optimus Keyboard. On the right you can see some of its keys.

It's fully customizable by software. It is possible to configure each and every key to do whatever you want or, even better, develop applications that are "Optimus-aware" and configure each hot-key to show an Icon instead of text.

The possibilities are endless.

It's expected to be released by summer this year.

And I am really looking forward to having it.

While I was doing a research on the net about cryptography I came across the Electronic Frontier Foundation (EFF) website and I got a little bit distracted by it.

I started reading pages after pages on several lawsuits popping here and there across America, not only the ones from RIAA but several others.

One in special got my attention. It was not a lawsuit, it was censorship. Worse, it was SELF censorship.

It is an old case, but valid nonetheless. It's about a guy called Niels Ferguson. He lives in Amsterdam and discovered a serious flaw in Intel's High-bandwidth Digital Content Protection (HDCP for short) that could render the said protection useless.

Any sane person in the world would toss this discovery over to the wind, the more people knew about it the better, after all we are talking about a protection system that can protect your work too.

However, Ferguson was advised by US attorneys not to publish his findings because he could be prosecuted by ANY American citizen that felt affected by his paper.

When I read this I could almost see several MPAA lawyers sharpening their axes.

If you want to know more about it, Ferguson keeps a website about this at http://www.macfergus.com/niels/dmca.

I am not a lawyer, nor I am in any length an expert on the subject, but given the amount of trouble that DMCA is causing since it was signed I wonder if it's not the time for it to be reviewed.

I'd like to get something straight first.

I think the American Judicial System is one of the best in the world, but sometimes I can't stop thinking that something in the system is incredibly wrong.

Let's take RIAA lawsuits for instance. If I were a judge I wouldn't accept such cases in my court. Not in a million years. "But they are criminals!" would claim RIAA's supporters.

Are they? Let's see... (the figures are made up -- if you know the right figures let me know)

How much does it cost to produce a single CD that is sold to the public at any convenience store?

• $ 4.00 for the recording company


• $ 3.50 for transportation


• $ 1.00 for the artist/composer


• $ 1.00 for the store profit


• ¢ 50 for the physical media

Summing up $10 for a CD (cheap isn't it) divided by an average of 15 tracks per CD, gives us ¢ 66 per music.

iTunes sells songs by ¢ 99 each.

That's 50% more expensive than buying the whole CD for the same songs, or 147% more expensive if you take into consideration that you don't have transportation and media costs.

Who's being the criminal here?

"But they are violating copyright laws", scream RIAA's supporters.

Well, let's go back a few years in the past. In the 60's we had those huge vinyl records (the quality was a little better than a scratchy noise), and a lot of people wanted to share the music they liked and so they transferred the music to (an even worse) tape.

As long as they didn't sell the tape there was no harm done.

Back then there was an understanding that if you are not making profit with your copy you could freely distribute it. Why? Simple, because at $1 a tape it wasn't worth making more than a few copies to share with your closest friends.

Now, let's fast forward to the present. The price per copy of anything is close to $0, there is no cost for transportation, so you can make more and more copies of anything, and instead of giving just a few tapes to your friends you can give the same thing to hundreds of thousands of your acquaintance's.

And that's when RIAA screams "not fair". Because they see those hundreds of thousands copies you freely give to your acquaintances as "lost sales", instead of the more appropriate "free advertising".

I did an informal and unscientific survey among my friends and every single one of them had downloaded at least one song from the Internet. And they liked the song so much that they bought the CD AFTER they downloaded the song.

And if they own the CD they can have it in their computers.

So there's no copyright infringement here.

"But a lot of them doesn't have the CD", say the RIAA's supporters scratching their heads.

A lot of people listen to radio and record the music on tapes. Some radio stations go even further and promote sessions EXCLUSIVELY to be recorded.

"But... but... but... Does this all mean that you are pro piracy?"

Not at all. I am STRONGLY against piracy. I do have some creative work myself, and I don't like to see my work everywhere without the proper recognition.

But instead of keeping my work closed and private, I make it available for free... Well almost, all I ask is a little recognition by the part of the person using my work by placing my name in his or her "About Boxes".

Now I ask you to take a step further...

Write to your congressmen, let them know that you are not happy with the way things are being held. Let them know that the law is, if not wrong, at least, misleading.

I already did my part.

Not in a biblical sense, let me get this straight.

He synthesized all my feelings about this new generation of programmers in a beautiful article on his site.

You can find it here.