Welcome to my blog. Here you'll find information about things that interest me. That means that mostly it will be about Microsoft Windows development and administration. My biggest interests are in SQL Server and C# development but I don't promise to limit my writings to what I know; I may also write what I think - even if I am wrong.
To get back to my home page, go to http://www.DalePreston.com
About Me
- Name: Dale Preston
- Location: Park Hill, Oklahoma, United States
I am a consultant specializing in developing Microsoft SQL Server, .Net Windows and ASP.Net applications using C#.
Archives
Trojan.WSUS
More Media Disappointments from MS
Windows Media Player and Album Art
Media Playe FAQ
What is COM Surrogate?
Metadata Backup
ID3 Embed Pictures
Online Music Databases
ID3 Raw Tag Viewer
Removing ID3 Tags
Learn to Program in .Net
Encapsulating Fields with Properties
C# User-Defined Conversions
It Works For Me... or...
Pretty Good Privacy, Update
Pretty Good Privacy, So-so Software
Identity Crisis Cured
Identity Crisis
Visually Add Client Scripts to Your ASP.Net Pages
Rootkits and Hooks
DLL Hell was a Walk in the Park in Comparison
You Only Run Once
I just want to encrypt this simple line of text...
Returning Custom Classes from a Web Service, Part 4
Returning Custom Classes from a Web Service, Part 3
Returning Custom Classes from a Web Service, Part 2
Returning Custom Classes from a Web Service, Part 1
Motivation by Insult
No Excuses for not Localizing.
Friday, November 04, 2005
It Works For Me... or... All PGP Problems Are PGP Management Problems
Remember the true user stories that Phil Zimmermann used to publish about how lives of people struggling to escape eastern European communist countries were saved because of PGP protection of data files? I am afraid that today, if those people depended on PGP 9.X, they would have a false sense of security that would cost lives instead.Imagine, if you will, the men in black pounding on the door just as the freedom fighter clicks "Shred" to delete the folder with the maps of safe houses and escape routes. Seconds later, the door finally gives way and the freedom fighter stands there smuggly, certain that he has at least saved the lives of everyone else by wiping the evidence on his laptop. But wait...
Suddenly the freedom fighter goes pale and the secret police agent has the smug look. They're both looking at the laptop screen where there is this message from PGP: "Operation could not be completed because a file operation error has occurred."
Days later, as he stands against the wall with the rest of his freedom fighting organization, the freedom fighter is thinking, "What the hell does 'Operation could not be completed because a file operation error has occurred' mean?" The secret police agent who led the raid stands there with one arm raised. As he drops his arm sharply, the roar of gunfire drowns out his whispered thanks to the PGP management philosphy of "It works for me."
You see, this hypothetical freedom fighter had, based on years of stories about how great PGP was, trusted his secrets to PGP 9.x. Then, when lives depended on it and he tried to shred the life-endangering evidence from his PC, PGP decided to protect the man from himself and not only did it refuse to delete the hidden/system thumbs.db file with its embedded thumbnail images of maps and safehouses, it also refused to delete all of the original documents, though not marked hidden or system, just because there was a hidden/system file in the folder with them.
I hate hearing software developers say to customers, "Well, it works for me." That is probably the single worst response they can have. It demonstrates arrogance and disdain for the user. When this response comes from the manager of development then it is even worse. Just another case of PGP blaming the customer for their defective software.
Here's the real life transcript of the latest exchange on the PGP bulletin board that inspired my hypothetical analysis:
Ffej
Joined: 01 Oct 2003
Posts: 78
Location: SLC, Utah
Posted: Wed Nov 02, 2005 11:28 pm Post subject: add-in error?
If it's just an Outlook add-in error, wouldn't it be easy to go to the Outlook add-in manager (I believe in Outlook Option and advanced, or maybe help, about Outlook, and then click the add-in manager). You should be able to tell Outlook manaully that you no longer want this add-in to be active -- which it isn't, it just remained in the add-in manager for some odd reason. Once removed, opening Outlook shouldn't give you a pgpexch.dll error, right?
I know this is a couple months past the fact, but I was reading this and wondering what the real problem was. Did PGP DT 9 Outlook proxy not work correctly because of the error, or was it more of an annoyance.
On a completely unimportant side note (I'm not in support anymore -- need to change my signature), I'm not sure if PGP DT 9 has the official "designed for Windows XP" or whatever the certification is. Not that this is that important, but I don't recall that the product claims this.
Hope this helped. If not, more than happy to look at more details.
Jeff
_________________
Jeff Jones
Systems Eng.
PGP Corp.
--------------------------------------------------------------------------------
dalepres
Joined: 04 Sep 2005
Posts: 32
Posted: Thu Nov 03, 2005 10:08 pm Post subject:
Now I am really shaking my head in amazement. So, PGP 9.0 is not certified for Windows XP? And you offer that as an excuse for it not working? And if you read the entire thread, you'll see where I said that the PGP add-in was not listed in my Outlook add-ins... Oh, wait... you'll have to look in other parts of the bulletin board where the thread started before my posts were tucked away in the area reserved for those who say negative things about PGP.
By the way, for those who still ARE in PGP support, any word on a fix for the fact that Shred doesn't work on hidden files?
I haven't had time to start a new, and possibly related, thread about the fact that the option to automatically shred when emptying the Windows recycle bin has the same problem intermittently. If there are folders in the recycle bin that have hidden files within them, they cannot be emptied from the recycle bin. They have to be restored to the desktop and wiped there.
But, in the eyes of PGP, all of these in depth features and issues are supposed to be identified within the first 30 days?
I am curious. How many man-days (or is that person-days) of testing did PGP run on the product before releasing it and they did not identify all of these problems? Yet, because PGP's paying customers did not identify the problems within 30 days they are not eligible for a refund.
Since most users should never have to put in more than an hour a day struggling with their encryption process, and you expect us to identify all of the problems within 30 days, I must assume that the total man-hours of product testing at PGP Corporation must have been less than 30 hours... Certainly you wouldn't expect us to find the bugs in less time than you spent trying to find them, would you?
--------------------------------------------------------------------------------
dalepres
Joined: 04 Sep 2005
Posts: 32
Posted: Thu Nov 03, 2005 10:14 pm Post subject:
And, Jeff, I bet you get a nasty internal email from Robert. Something about letting sleeping dogs lie...
--------------------------------------------------------------------------------
EarleLowe
Joined: 01 Jun 2005
Posts: 169
Posted: Thu Nov 03, 2005 11:07 pm Post subject:
It shreds hidden files just fine for me. It does not shred system files by design to prevent the user from shredding something critical to the system.
_________________
Earle Lowe
Dev Manager: Client Products
PGP Corporation
--------------------------------------------------------------------------------
dalepres
Joined: 04 Sep 2005
Posts: 32
Posted: Fri Nov 04, 2005 7:04 am Post subject:
Where in the documentation is it mentioned that PGP does not shred system files by design? When it refuses to shred those files, where is the indication to the user that the files cannot be shredded because they are system files?
And, since Windows will (and should) allow me to delete system files, why would PGP decide that I shouldn't? Now, I need PGP's approval to shred files? Does this screening process involve socio-political analysis as well?
Even the hidden folder.ini files or thumbs.db files in folders that might otherwise be deleted have the hidden and system attributes set. These are not critical system files, they are common files in folders that are commonly deleted.
What good is a program that pretends to shred confidential files if it leaves thumbnail images of those files stored in the thumbs.db?
So not only are the encryption and signing processes content-sensitive, but now it turns out that the shredding process is content-sensitive as well.
That is just the kind of "blow off the customer" reply I've learned to expect from PGP: "Works for me". Well, there you have it. It works for you so paying customers are just out of luck if it doesn't work for them.
You know, all problems are management problems. It is no wonder PGP support is so bad.
