Category: Bug Report

Mouse Trails Slow Graphics on XP!

Using Microsoft’s Mouse Visualizations, such as mouse trails or show location, well if you’re using a modern system with hardware acceleration, you’re doing so at a very high performance cost. Read on to see why this option should be off.

Today’s trick will give you an astounding performance boost, while at the same time make you just shake your fist at Microsoft.

First of all, to start with, let me say that my Dell Precision 470 (2.8Ghz Dual CPU with hyperthreading on) and 2GB of RAM running XP Pro is …slow. I mean the kind of slow where clicking the Start button takes several seconds to draw the rectangle for the menu.

I have a dual monitor system. I’m using a Dell 2005FPW via DVI at 1680×1050 60Hz as my primary monitor and a Dell 1907FP via analog SVGA/XGA at 1280×1024 60Hz as my secondary. Both are driven by an ATI FireGL V3100 using the latest drivers from ATI’s site for XP Professional, and hardware acceleration is set to full.

I first noticed the severity of the problem when using iTunes 7.3.1.3’s music visualizer. Here’s how playing a simple CD turned into a fantastic diagnostic tool.

With the iTunes visualizer running on the primary monitor, I noticed that when I put the mouse on the secondary monitor the visualizer ran at full speed and was completely fluid. When I put the mouse on the primary screen, even when I wasn’t moving it, the frame rate dropped to about two frames every second (music, however, played fine).

Task Manager, after a violent killing spree, showed a minimal number of processes and services, idle times in the high 90%s, and no interesting page or interrupt activity — but the behavior continued. Opening additional applications didn’t affect performance, as long as the mouse was on the secondary screen.

When I showed this behavior to a friend of mine, Brian Busch, he suggested I turn off mouse trails. And, to humor him, I did. Instantly my system sprung to life and the problem was gone.

That’s when it struck us. Windows XP’s mouse pointer options don’t use hardware acceleration. And to confirm it, I pressed the CTRL button, which showed the location of my mouse. As the little target was drawn around the cursor, the frame rate dropped. When Microsoft’s little visibility animation ended, the system resumed at full speed.

Why was mouse trails on? Because Dell still hasn’t fixed the jumping mouse problem. But I don’t love them enough to kill my system’s responsiveness. Laptop users, beware.

Performance Recommendation: Go to Settings / Control Panel / Mouse, select the Point Options tab, and in the Visibility section uncheck ‘Display Pointer Trails’, ‘Hide pointer while typing, as well as ‘Show location of pointer when I press the CTRL key’ and press OK.

Macbook Pro: Network connectivity just disappears

Interesting problem on the Macbook Pro: after several hours of use, the all the applications act as if the network connection is gone. Problem is, I still have full strength signal and other devices can get to the internet. Toggling the AirPort brings things back. I’m trying to figure out why. Notes, tips, and code fragments.

Shortly after the 10.4.9 update, and even though I’m running 10.4.10, I’ve noticed an odd behavior with my wireless network connectivity. While using my machine, often for hours at a time without incident, my applications will all suddenly act as though there’s no internet, and indeed, looking at the routing tables, by all appearances it is gone.

The odd part is that my signal strength is at full. And, even more confounding, if I turn off the wireless and turn it back on, I suddenly get connectivity again and the applications recover. Meanwhile, other devices connected wirelessly don’t see the drop, so I know it’s local to the Macbook Pro.

Is anyone else out there experiencing a similar problem where the machine just drops internet awareness?

The only clue I ever seem to get in my console.log file is the message:
mDNSResponder: SetupAddr invalid sa_family 0
mDNSResponder: getifaddrs ifa_netmask for fw0(7) Flags 8863 Family 2 169.254.59.71 has different family: 0
mDNSResponder: Repeated transitions for interface en1 (FE80:0000:0000:0000:0216:CBFF:FEB6:AD8C); delaying packets by 5 seconds

According to websites with source code for the operating system, the file dDNS.c contain codes that looks like this:

mStatus dDNS_SetupAddr(mDNSAddr *ip, const struct sockaddr *const sa)
	{
	if (!sa) 
                { 
                LogMsg("SetupAddr ERROR: NULL sockaddr"); 
                return(mStatus_Invalid); 
                }

	if (sa->sa_family == AF_INET)
		{
		struct sockaddr_in *ifa_addr = (struct sockaddr_in *)sa;
		ip->type = mDNSAddrType_IPv4;
		ip->ip.v4.NotAnInteger = ifa_addr->sin_addr.s_addr;
		return(mStatus_NoError);
		}

	if (sa->sa_family == AF_INET6)
		{
		struct sockaddr_in6 *ifa_addr = (struct sockaddr_in6 *)sa;
		ip->type = mDNSAddrType_IPv6;
#if !defined(_WIN32)
		if (IN6_IS_ADDR_LINKLOCAL(&ifa_addr->sin6_addr)) 
                    ifa_addr->sin6_addr.__u6_addr.__u6_addr16[1] = 0;
#else
		if (IN6_IS_ADDR_LINKLOCAL(&ifa_addr->sin6_addr))
                    ifa_addr->sin6_addr.u.Word[1] = 0;
#endif 		
		ip->ip.v6 = *(mDNSv6Addr*)&ifa_addr->sin6_addr;
		return(mStatus_NoError);
		}

	LogMsg("SetupAddr invalid sa_family %d", sa->sa_family);
	return(mStatus_Invalid);
	}

It appears that the software can’t figure out whether IP4 or IP6 is in use, so it reports it has no idea how to set up the socket. It’s interesting to note that the socket isn’t null, so something’s going on.

But what is mDNSResponder? Well, for one, it contains Apple’s Bonjor services that allow zero-configuration networking.


mDNSResponder is a multi-cast DNS deamon. And, what’s even cooler, is that you can force it to emit its status and dump tons of info in the console.log by sending it a gentle signal:
sudo killall -INFO mDNSResponder

Even FreeBSD has mDNSResponder in its ports collection.

And, even while Apple has a way to disable Bonjour, I’m not sure that I want to, nor am I 100% convinced this is the problem, but is more likely a symptom. Afterall, Apple has had network problems before. Plus, they appear to be actively working on Bonjour.

As my friend Phil points out, the IP addresses in the 169.254 range are in the zero-configuration range for peer-to-peer communication.

Like I said, I’m curious to know if I’m alone in this, or even better, if someone’s solved the problem, what was it…?

UPDATE 1-Aug-2007: It appears that the AirPort Extreme Update 2007-004 fixes this problem. And, while you’re at it, get the Security Update 2007-007 as well.

Using In A JavaScript Literal

Today I got bit by a very interesting bug involving the tag. If you’re writing code that generates code, you want to know about this.

I’m currently working on an application that takes content from various web resources, munges the content, stores it in a database, and on demand generates interactive web pages, which includes the ability to annotate content in a web editor. Things were humming along great for weeks until we got a stream of data which made the browser burp with a JavaScript syntax error.

Problem was, when I examined the automatically generated JavaScript, it looked perfectly good to my eyes.

So, I reduced the problem down to a very trivial case.

What would you suppose the following code block does in a browser?

<HTML>
<BODY>
  start
  <SCRIPT>
    alert( "</SCRIPT>" );
  </SCRIPT>
  finish
</BODY>
</HTML>

Try it and see.

To my eyes, this should produce an alert box with the simple text </SCRIPT> inside it. Nothing special.

However, in all browsers (IE 7, Firefox, Opera, and Safari) on all platforms (XP/Vista/OS X) it didn’t. The close tag inside the quoted literal terminated the scripting block, printing the closing punctuation.

Change </SCRIPT> to just <SCRIPT>, and you get the alert box as expected.

So, I did more reading and more testing. I looked at the hex dump of the file to see if perhaps there was something strange going on. Nope, plain ASCII.

I looked at the JavaScript documentation online, and the other thing they suggest escaping are the single and double quotes, as well as the backslash which does the escaping. (Note we’re using forward slashes, which require no escapes in a JavaScript string.)

I even got the 5th Edition of JavaScript: The Definitive Guide from O’Reilly, and on page 27, which lists the comprehensive escape sequences, there is nothing magical about the forward slash, nor this magic string.

In fact, if you start playing with other strings, you get these results:
  <SCRIPT> …works
  <A/B> …works
  </STRONG> …works
  <\/SCRIPT> …displays </SCRIPT>, and while I suppose you can escape a forward slash, there should be no need to. Ever. See prior example.
  </SCRIPT> …breaks
  </SCRIPTX> …works (note the extra character, an X)

With JavaScript, what’s in quotes is supposed to be flat, literal, uninterpreted, meaningless test.

It was after this I turned to ask for help from several security and web experts.

Security Concerns


Why security experts?

The primary concern is obviously cross site scripting. We’re taking untrusted sites and displaying portions of the data stream. Should an attacker be able to insert </SCRIPT> into the stream, a few comment characters, and shortly reopen a new <SCRIPT> block, he’d be able to mess with cookies, twiddle the DOM, dink with AJAX, and do things that compromise the trust of the server.

The Explanation


The explanation came from Phil Wherry.

As he puts it, the <SCRIPT> tag is content-agnostic. Which means the HTML Parser doesn’t know we’re in the middle of a JavaScript string.

What the HTML parser saw was this:

<HTML>
<BODY>
  start
  <SCRIPT>alert( "</SCRIPT>
  " );
  </SCRIPT>
  finish
</BODY>
</HTML>

And there you have it, not only is the syntax error obvious now, but the HTML is malformed.

The processing of JavaScript doesn’t happen until after the browser has understood which parts are JavaScript. Until it sees that close </SCRIPT> tag, it doesn’t care what’s inside – quoted or not.

Turns out, we all have seen this problem in traditional programming languages before. Ever run across hard-to-read code where the indentation conveys a block that doesn’t logically exist? Same thing. In this case instead of curly braces or begin/end pairs, it was the start and end tags of the JavaScript.

Upstream Processing


Remember, this wasn’t hand-rolled JavaScript. It was produced by an upstream piece of code that generated the actual JavaScript block, which is much more complex than the example shown.

It is getting an untrusted string. Which, to shove inside of a JavaScript string not only has to be sanitized, but also escaped in such a way that the HTML parser cannot accidentally treat the string’s contents as a legal (or illegal!) tag.

To do this we need to build a helper function to scrub data that will directly be emitted as a raw JavaScript string.


  1. Escape all backslashes, replacing \ with \\, since backslash is the JavaScript escape character. This has to be done first as not to escape other escapes we’re about to add.
  2. Escape all quotes, replacing ' with \', and " with \" — this stops the string from getting terminated.
  3. Escape all angle brackets, replacing < with \<, and > with \> — this stops the tags from getting recognized.

private String safeJavaScriptStringLiteral(String str) {

  str = str.replace(“\\”,”\\\\”); // escape single backslashes
  str = str.replace(“'”,”\\'”); // escape single quotes
  str = str.replace(“\””,”\\\””); // escape double quotes
  str = str.replace(“<“,”\\<“); // escape open angle bracket
  str = str.replace(“>”,”\\>”); // escape close angle bracket
  return str;
}

At this point we should have generated a JavaScript string which never has anything that looks like a tag in it, but is perfectly safe to an XML parser. All that’s needed next is to emit the JavaScript surrounded by a <![CDATA[]]> block, so the HTML parser doesn’t get confused over embedded angle brackets.

From a security perspective, I think this also goes to show that lone JavaScript fragment validation isn’t enough; one has to take it in the full context of the containing HTML parser. Pragmatically speaking, the JavaScript alone was valid, but once inside HTML, became problematic.

Registry Mechanic PCTLicHelper.dll Missing

Got a message from Registry Mechanic that the file PCTLicHelper.dll was missing or corrupt. Here’s the workaround until PC Tools fixes the problem.

I’m an avid fan of Registry Mechanic and can’t say enough nice things about the product.

I recently downloaded Registry Mechanic 6 (version 6.0.0.750 w/ engine 2.0.0.560), installed, and ran it. It worked great – I even like the slightly sleeker interface. However, after doing the Smart Update, Registry mechanic displayed a message that C:\Program Files\Registry Mechanic\PCTLicHelper.dll is missing or invalid, and it suggested I uninstall and reinstall.

The uninstall worked fine. The reinstall worked fine. The re-running worked fine. But upon another update, I got the same error message.

My next thought was that the file might be getting deleted accidently during the upgrade, and to simply install the software, copy the file to a safe haven, do the upgrade, and put it back. No such luck, the file doesn’t exist in the pre-upgraded application. This is a new file needed by the latest upgrade, and judging by the file name, I believe it’s highly related to PC Tools’s license scheme that is subscription based.

A little experimentation with uninstalling and reinstalling shows that the fault lies in the Smart Update’s getting of the updated Registry Mechanic. I suppose they wrote the code but forgot to bundle the DLL.

Simply uncheck the entry that says Registry Mechanic 1.43Mb, but leave all the other items checked. You’ll be able to scan just fine.

I tried reporting this problem to PC Tools at their website support page, but that reported an error: Fatal error: Undefined class name ‘datetime’ in /home/shared/include/tickets/rawmessage.php on line 222. I guess they have bigger problems than they thought.

After calling their USA support line, 1-800-764-5783, I got a recording that said they could also be reached at [email protected]. That would have been nice to have on the website somewhere obvious.

This trivial issue aside, Walt gives Registry Mechanic a big thumbs up!

UPDATE 22-Feb-2007: As Mike suggested, I got the latest update this morning and this time there was an updated program, a PC Tools License Helper, and a revision to the white list. I installed the update, and Registry Mechanic worked just fine. I never did hear back from PC Tools about the issue, or its website being broken.

UPDATE 24-Feb-2007: This morning got an email from PC Tools informing me that the problem had been fixed and to simply reinstall, commenting there was no need to re-enter license information. They made no comment on the fact that their website was broken, other than to generically tell me it was a “great source of knowledge for future questions.”

FIX: Apple’s Security Update 2007-001 for AirPort breaks internet connectivity

After installing Apple’s Security Update 2007-001 for AirPort, the AirPort icon on my toolbar stopped working correctly. This is the workaround I’m using until that gets fixed.

Immediately after installing Apple’s Security Update 2007-001 for AirPort, I no longer had wireless connectivity to the internet. This is how I got around the problem.

Here’s how it’s supposed to work: You go to Apple / Software Updates…, it presents a Security Update, to which you select it to download and install. If it affects core pieces of the running operating system, then it may require a reboot. If that’s the case, then you are asked to authenticate the new module when it starts. For instance, a new AirPort driver asks you if you want to let it use your keychain (so you can connect to networks) – this extra line of defense would, for instance, let you know if some malicious program is trying to steal your passwords. Since it came from Apple via an update you explicitly requested, you authenticate, and all is good — everything is back to normal, and you’re more secured.

This didn’t happen when I installed the Apple Security Update 2007-001 for AirPort.

Immediately after the system reboot, I noticed that I wasn’t prompted for my password for the new replacement driver. This doesn’t always happen with minor changes, but you can almost always expect it with a security update.

Additionally, my AirPort icon in the tool bar was gray, suggesting that the AirPort power was off. So, I selected Turn Airport On, which normally starts scarfing the air for networks, joining my default one or letting me choose from a list. However, in this case, nothing happened.

I confirmed I wasn’t connected via the browser. And repeated attempts to turn on the network were futile.

At this point I opened the Network Diagnostics utility using QuickSilver.

If you don’t have that, you can go to your main disk, and go inside the System folder, then the Library folder, then the CoreServices folder, and click the Network Diagnostics application. Or, you can open a Terminal window and enter:

  $ open /System/Library/CoreServices/Network\ Diagnostics.app

Surprisingly, this told me my computer’s internet was working normally, and did I want to continue. I picked Yes. It then wanted to know which network port I wanted, I chose AirPort. My network appeared in the list, and I selected it and clicked Continue. It said I was now connected, and I hit Quit.

Sure enough, Apple / System Preferences / Network showed a green light next to my AirPort, and the text said I was now connected. A quick browser check to the internet confirmed that was, indeed, the case.

Meanwhile, the AirPort icon on the toolbar remains grayed out, convinced I’m not connected, and that there’s nothing that can be done about it.

Obviously the network card is working, as are the new security patches. It looks like something relatively minor got overlooked with the interface. But it’s nice to know there’s a workaround at the moment.

UPDATE 16-Feb-2007: I HAVE A FIX.
Grab a copy of OnyX, go to it’s Automation page, and fill out the form like this:

OnyX Automation Screen

Then press Execute, this will take a while and require a reboot at the end.

Next, grab a copy of AirPortExtremeUpdate2007001.dmg and re-install it, this will require a reboot as well. At this point your Wi-Fi AirPort problem should be fixed.

And while you’re at it, grab a copy of SecUpd2007-002Univ.dmg and install that too, then reboot.

I believe what’s going on, and this is pure speculation, is that there’s some kernel cache files that either prevent the 2007-001 update from being installed or simply override the changes is has. By using OnyX, it’s possible to clear out all the cruft that’s plaguing the operating system, allowing the patches to work as advertised.

And, once you do the above, be sure to go to Apple / Software Update… — if you weren’t getting any updates since installing 2007-001, you’ll notice things like Final Cut Pro, Java for Mac OS X 10.4 Release 5, and Daylight Savings Time Update.

As an aside, here’s a list of Apple Security Updates for OS X.

Internet Explorer 7 — Zoom Bug

Internet Explorer version 7 has a nasty little problem selecting text when the page is zoomed. Try it yourself, then switch to Firefox.

Adding to the list of why IE7 is a nightmare, try this… I was using version 7.0.5730.11.

Bring up your favorite web page and double click a word on the page, not a link, but a word. It highlights that word, yes? Good. It should.

Note that one of the features that CSS is designed for is so that the user can override the appearance. Say for instance, I’m blind as a bat, and I would like the font larger so I can read the web page without strain.

Hold down the Control key and roll your mouse wheel. You can zoom-in and zoom-out. Again, very handy.

Now, double click a word on the page. Surprised?

That’s right the code that handles what you highlighted is misaligned with where the text is rendered. This means if you’ve zoomed in, as I did, in order to copy something, you can’t do so with any degree of precision.

Yet another annoyance from the people who want to take over your desktop.

Parallels Beta – it works, again. (build 3120)

Parallels beta, build 3120 solved all the problems that I was experiencing with build 3094.

Parallels is wonderful. Parallels beta is even more amazing.

However, when I went to try build 3094, things did not go well at all. It screwed up my screen sizes, hosed my computer, and in general, it was the first time I’d seen a beta that acted, well, like a beta.

I updated to build 3120, today, and everything is happily back to normal and running great. It did require a reboot after installation to get the virtual bridge working.

I can’t wait to buy the next version when it goes official. Even better, I can’t wait if they give it away as a free update to existing owners.

Where is &_= Coming From? (…not a typo…)

Server not responding to AJAX requests? Finding “&_=” being appended to your messages? Here’s an easy fix to solve that.

I recently was playing with Prototype, the JavaScript framework that implements an AJAX object to send Request to do a cross-browser XMLHttpRequest.

My server was reporting problems with the messages being sent from AJAX, and after a quick debugging session, I found that everything AJAX was sending had a “&_=” appended onto the end of it.

This clearly looks like a bogus parameter, say appended to a GET sequence, designed to pacify something. A little bit of digging on Google, and it appears it was introduced to resolve an old problem in Apple’s Safari.

Problem is, Prototype is still sending it, and when I sent an XML message to my server, the SAX parser didn’t take too kindly to the extra cruft at the end of the document.

If you open up prototype-1.4.0.js, and jump to line 631, you’ll see a line that looks like this:
if (parameters.length > 0) parameters += '&_=';

…removing it solves the problem. I found this more elegant than making my server pre-process an XML message.

WordPress Tilde Hack for Home Directories

WordPress has a problem when it is run from a user’s home directory. Apache will honor a tilde (~) or a hex code (%7E) in a URL, getting to the correct directory, but that’s where things break down: WordPress sees those two strings as logically different. And that poses some serious problems for applications that are trying to do the safest course of action. HACK WORKAROUND PROVIDED.

While browsing through the preferences of NetNewsWire, I noticed in the preferences there was a way to blog a entry of an RSS feed. To do this, the application shelled out to another application to do the heavy lifting.

That application was MarsEdit, a tool that was supposed to make blogging as easy as writing an email.

Problem was, when I went to open my blog in MarsEdit, I ran into a bit of a problem. MarsEdit was inserting %7E in the url, which is obviously the safe hex representation for the tilde sign. (Note, it’s tilde, with an ‘e’, not tilda.)

Look at your web browser’s URL for just a second. You should see something that looks like this: http://www.wwco.com/~wls/blog/

The tilde is a short hand notation that says to use my home directory. The default install of Apache allows this, because user home pages are in physically separate locations from the actual site’s webpages.

MarsEdit was trying to do the safe thing, by encoding something that should always work. And, Apache did the right thing by going to the right web page. Problem is, WordPress does the wrong thing — it reads the URL as-is and doesn’t realize %7E is the same as ~.

MarsEdit is not the only application that does this, many others do: it is the correct behavior. Even links from Digg, will do this on occasion.

I failed to find a decent solution to fix the problem, too. Discussions on the WordNet site seemed to ignore the fact that this was a problem, pointing people to Apache’s pages. Solutions that worked for others, didn’t work for me. Remember, Apache was delivering content, specifically WordPress content, and WordPress couldn’t deduce the entry to show, so it showed it’s own 404. This further supports the problem being WordPress’s.

I tried some mod_rewrite tricks, and those didn’t work. I even tried muddling inside the functions of WordPress, but it seemed that no matter where I made my changes, they either didn’t take or something broke. The page selection code was happening far to upstream, and I was getting bitten by it.

So I resorted to the final hack I knew would work. All WordPress requests go to the index.php file to start with, and it is Apache’s REQUEST_URI which is correctly preserving the encoded string. So, I figured before any other script of function could get its hands on it, I’d change that string.

Inside the <?php?> tags, I added this one line:
$_SERVER['REQUEST_URI'] = preg_replace( "/%7[Ee]/", "~", $_SERVER['REQUEST_URI'] );

This simply substitutes the %7E back into a tilde, so WordPress gets a familiar string to work with.

This solved my problem instantly. It’s ugly, but it works.

Please if you suffer from this problem because you’re using WordPress in your home directory, make a little notice to the authors, but while you’re at it, express some gratitude too at what a nice system they’ve made.

XP Gripe: Deleting Files

I’m really getting to hate XP for trivial tasks, like deleting a file. Allow me to prove to you why XP fails in terms of usability.

There’s something that two software design experts, Steve Krug and Joel Spolsky, both agree upon in regard to usability: in order to be considered good, an interface should behave in a predictable manner that the user expects, and it should do so consistently.

Windows XP, by that definition, fails even at the simplest task. Allow me to prove my point.

I’m a keyboard user, and when I have a file in explorer selected, I delete it by pressing the Del key. This in turn pops open a dialog box asking me if I’m sure. I am, so I press Enter to accept the default OK, and the file gets moved into the trash bin. What could be simpler, especially since those two keys are near each other on my keyboard?

I’m also a power user. I often have numerous applications up, and when one is busy doing something, I switch focus to another while the one I just left continues to process in the background. At any given point in the day, I may be compiling in one window, copying server files from another, have spiders crawling website contents, have a BitTorrent pulling the latest Linux distro, email polling in the background, version control doing a checkout, all the while burning a DVD backup of our database. This is not unusual at all, but it does mean that my computer is busy, and that can induce a few millisecond lags here and there.

And there’s the problem. XP is temperamental.

As a power user, my muscle memory tells me that to delete a file I simply select it and rock my hand over Del and Enter in an instant, and there will be a quick flash, if I see any at all, where the dialog would have come up and gotten its answer, and gone away. For the majority of the time, this works.

However, if my XP system decides to be busy for a few milliseconds between the Del and Enter, which I have no way of knowing if it will or won’t, then this happens: The Del is seen, but not acted upon, Explorer gets control again, and this time it sees the Enter, which means “open this file.” At that point, the program starts running, which may not be a good thing if the objective was to delete it. Now I’ve got a rogue program starting up, and I want to shut it down quickly, only I can’t, because a new dialog box comes up and steals all control of the machine, telling me I can’t delete the program because it’s already running, and now I need to acknowledge that dialog box. Meanwhile, the evil program is in the background, taunting me, doing all the evil things it wants while I’m trying to navigate through this unexpected path.

In short, if I select a file and press Del Enter, sometimes it deletes my file, and sometimes it runs it.

Sure, I could slow down and wait between keystrokes, however this breaks my train of thought and slows me down to the speed of the computer.

And, yes, I could change the behavior of the recycle bin confirmation, but in some cases I want that prompting, otherwise I would have turned it off already.

In short, I shouldn’t have to reconfigure my environment and change my habits because the software is unpredictable.