And unlike her embarrassing mistake with the alligators, this time Mama is right.

To those unfamiliar, PHP makes available something called super global arrays that allow you to access various things, server properties ($_SERVER), cookies ($_COOKIE), post and get values ($_POST, $_GET), etc.

When you submit a page that looks like this:

http://localhost/foo.php?key=value

Your variable is available in the $_GET superglobal array. You can access it with $_GET['key']

Likewise, when you submit a form via post, you can get the form values from $_POST the same way.

$_REQUEST, however, is the grandaddy of them all, allowing you to access all of the POST, GET, and COOKIE values from one array. How convenient, right? How very courteous, to make an array I can grab anything from at any time I want. Lovely, right?

Wrong. Really wrong. Really, really, really wrong. $_REQUEST is the same thing as using register_globals to handle GET and POST. It allows anything and everything you have to be hacked given very little knowledge of your actual application internals.

For example: Let’s say you have a web application with a front-end and an administration panel. You only want people with admin rights to be able to access the admin panel, most likely, so you build yourself a little login panel, and a form, which posts to a script the variables username and password. Those are then checked against the database, and boom, you’re in business, knowing who to authorize and who not to.

That code would look something like this:

$username = $_POST['username'];
$password = $_POST['password'];

$result = mysql_query(”select id from admin where username=’$username’ and password=’$password’”);

if (mysql_num_rows($result))
{
$_SESSION['admin_access'] = TRUE;
$_SESSION['admin_id'] = mysql_result($result, 0, “id”);

}

(The code above is far over-simplified and only used as an example. I recommend error checking, good connection management, and database framework classes. Don’t code like this.)

Now then, the problem with using $_REQUEST['username'] instead of $_POST['username'] in the example above is this: I can hack you in 2/10s of a heartbeat. Literally. Let’s call this script “login_check.php” for giggles. Hitting the following URL would compromise access to your administration panel:

logincheck.php?username=foo’%20or%20true%20–

Because you’re using $_REQUEST instead of the right array, username is going to be populated with the value I entered in the url, not what you thought it was going to be populated with. So, the query you thought you were executing now looks like this:

mysql_query(”select id from admin where username= ‘foo’ or true –’ …);

And since MySQL sees everything after the two dashes as a comment, guess what? That query will ALWAYS return records, meaning that hitting it with that url will always log someone in as an administrator.

It’s called SQL injection, and if you’re using $_REQUEST or register_globals=On, you’re asking for it to happen. Begging for it, even.

I could go on and on, but if you read this far into the piece, you care enough about your code and your professional reputation not to use $_REQUEST or register globals. And if you don’t, you may never regret it, and someone will come hire me to clean up your mess later. Fine by me.

~A!

I was a late comer to the whole Sopranos obsession. I have always enjoyed movies like Goodfellas, the Godfather series, Scarface, all of those. The best mob/gangland movie I’ve seen lately was The Departed, with Jack Nicholson, DiCaprio, and the rest.

I got my first taste of the Sopranos from a friend in Vegas when I lived there, and fell right in love with the show, albeit at the very end of the fifth season. I watched the sixth season of the Sopranos in its entirety.
So, when I heard there was a video game coming out for the PS2 entitled “The Sopranos: Road to Respect” I was psyched. So, as soon as there was a copy available over at Blockbuster Video, I snapped it up, brought it home, and started fantasizing about all the cool and nifty things they would do with a game based on an award winning HBO series.

I really should have known better. TV Series games, most movie games, they just kind of.. well… they suck. Sopranos was an exception to the rule because it sucked more. I’ll explain.

In Sopranos: RTR, you play Joey LaRocca, son of the notorious rat “Big Pussy” LaRocca (the guy they shot and threw off the back of a boat a season or two ago, I never saw that episode.) In the opening scene, we see Joey smash a car window and steal an old woman’s purse, and Tony Soprano knocks him over and drags him into the pork store to give him a good talking to, then offers him some work.

From there, you go on missions to do various things, one of the first of which is to dump a body in the harbor (after slamming his head into a urinal and accidentally killing him, of course.). The plot lines are egregious and over the top, but that’s a mob movie/show/game all over, so that’s not only acceptable, but a good thing.

The dialog interface allows you to choose three different versions of saying the same thing in a conversation. You can select “Tough”, “Neutral”, and “Smooth”. This could have been a very cool feature, except for the fact that you have until the other person in the conversation is done speaking to choose your response type, or Neutral is automatically selected. This is prohibitively annoying, because as any RPG player knows, sometimes you need to think about your actions in a game to get the most out of them, and this game forces you to rush through the process and really detracts from the experience.

The actual game play when you’re not watching cut-scenes (which are the best part of this travesty of a game) is composed mostly of punching people in various ways to intimidate them or knock them cold. There are no puzzles, your role-playing in your responses doesn’t seem to affect much, and all you do is beat people up through various stages that are so linear you absolutely can not go the wrong way, ever.

And for a game entirely composed of third-person combat, the combat system sucks like a hoover with a hyperdrive. The controls are awkward, and more often than not the opponents just grab you and force you to the ground. I found the best way to win a fight with more than one opponent was to let them get me down on the ground, push the square button until I rolled them over and punch them into unconsciousness. If more than one opponent is on you at a time standing up, they just pummel you into oblivion. You’re dazed after taking a hit, and the other guys beats you up, dazing you some more, then the first guy goes at it again…. and so on.

You can pick up various weapons and use the environment to your advantage, which was the only cool thing about the combat system. Everything from a filing cabinet (slamming their head in it repeatedly), to a table saw is hanging around in various stages, just waiting to be used to disable or kill your opponents.

When you’re not fighting, you’re wandering around looking for loot to pick up off desks, tables, magazine stands, and the like. Each piece of loot you pick up adds some money to your character’s balance, but the only thing you can buy in the game is tributes for Paulie, your captain in the game. You can pay a tribute to Paulie to refill your respect meter, which appears to go down for no reason whatsoever.

The respect system. Ah, how I expected something more. I expected something a little more akin to BioWare’s Knights of the Old Republic series, where you can affect your destiny and character by the choices you make in the game. Not a chance in this one, you’re responses aren’t really yours to choose, and they don’t affect the outcome of the game unless you lose enough respect to get whacked.

I got whacked once in the game, when I shot someone at a bachelor party because I was tired of the combat system and just wanted to end the fight. Immediately, without warning, a cut scene started with my character begging not to get it in the eyes and being blown off the back of a boat by Tony and Paulie a la Big Pussy’s fate. No warning, no anything except an immediate cut scene and game over.
I stuck with it, hoping against hope it would get better, and then about four hours into the game play, it was over. I had beaten the game after a long mission on the docks to kill a rival gang. Suddenly your character is a made man, the game is over, and you’re left with this sinking feeling that there are still six days left to the rental, and the game has all the replay value of pong.

There were some good things, too. They used the cast from the Sopranos for the voices, and they did a great job of making the dialog you hear fun and profane as all get-out. I haven’t heard the F-word that much in anything except the original series, ever. Definitely, definitely definitely not a game to have anyone under 18 in the room with you while you’re playing.

With the short playing time, the absolutely horrible combat system, and the half-assed attempt at RPG elements, this game is really one of the worst I have played since Star Wars: Revenge of the Sith for the PS2.

Rent it if you must indulge your obsession with the Sopranos, but don’t expect much, and definitely do not buy it.

If I was giving out stars, this game would get a 1 star rating, and even then only because the plot was fun to listen to, and I love hearing James Gandolfini talk.
~A!

I just came off a full day fighting with a dynamic table addition, and I thought I'd go ahead and save someone else the pain.

I have a table, and I want to add rows via JavaScript when the user clicks a button. I created a function that did this. Since I develop against FireFox, I usually cross my fingers, load in IE for testing, and hope for the best.

Well, hope is, as they say, as hollow as fear.

the following function worked in FF, Opera, and Safari

This created a new row in my table in FireFox and the like with a textfield in it. I've stripped out a lot of the extraneous properties and such, although I did add an onkeypress event to the field, twelve different fields, two select elements, and three text nodes.
Then I ran it in IE7, and nothing happened when I clicked the button. Or so it seemed. When I posted the form these were contained in, the new fields were there in the POST array, but nothing appeared on the screen.

After spending hours upon hours puzzling, googling, and trying different things, I found this:

http://msdn2.microsoft.com/en-us/library/ms532998.aspx

Which basically tells you what I am about to, but they do it in more detail. IE7 exposes a TOM (Table Object Model) that allows you to do what I wanted to very easily, except that the TOM doesn't work in any other browser. They also offer a standard DOM methodology, which is what my problem was. Here's the code that works in both IE and FireFox (untested in the others):

Hat-tip: Keith Moulton (Link:Etheric Arts)
See, the problem here was that I was adding a tr, td, and cell contents, but no tbody element to contain them. IE 7 was enforcing standards on me that FireFox and the others overlook.

While it was a frustrating lesson, it was a powerful one. Hope it helps someone else in need.

~A!

It's funny, because when something "doesn't work" in IE7, I'm finding more and more it is because IE7 doesn't hold a developer's hand as much as FireFox 2 does. I'm maintaining several code bases I didn't write, so I want to see exactly what's wrong.

Developers who still want to put VBScript in their web pages, unbelievable though that may be, give me one headache after another. Here's a tip:

VBScript works in exactly one browser, Microsoft Internet Explorer. And it only works there for legacy support. No one is writing for a single browser any more. If you are using VBScript on the client side, stop. JavaScript is universally understood for the most part in all of the major browsers.

Right, so the page breaks in IE, because there's bad VBScript on the client side, but it doesn't break in Firefox, because FireFox ignores it. I'm a little disappointed that FireFox doesn't pop me some kind of error in the status window, javascript console, wherever, saying something like "Un-supported script type: VBScript on line {blah}".

Now, here's the part where things get hairy for IE. When you run IE7, script debugging is disabled by default. That makes a lot of sense, because this is a consumer product, after all, and not a development tool for the main base of its users. However, once you clear the checkbox for the script debugger (clearing the checkbox turns it on, isn't that intuitive?), you get an alert when there is a script error, and it asks you if you want to debug. If you don't have Visual Studio installed, and you don't have the Microsoft Script Debugger downloaded and installed, nothing happens.

I don't mean that it goes away with no message, I mean it acts as if I had never touched the button. I sit there clicking the button for a good fifteen seconds wondering what's happening, and then I realize "D'OH! I need to install the Microsoft Script Debugger!".

I can't upload the script debugger and link to it here, because of stupid Microsoft Genuine Advantage rules, but I can give you a link over to MS to download it yourself, always assuming you pass the Genuine Check.

(Ms Script Debugger Link)

Next time, I'll talk about the new Developer Toolbar for IE7. Does it measure up to the Firefox extension?

~A!

Ooh, the industry is a-buzz with the interim report by Privacy International Placing Google 23rd out of... well... 23 in internet privacy.

PI gave them the lowest possible rating, saying they were information hoarders who were hostile to privacy.

The circus that has ensued since is lovely. Just... lovely. Google says PI is in Microsoft's pocket (one of their 70 panel members actually does work for Redmond), and PI says it's all "sour grapes" on Google's part, and they want an apology.

So the big thing people are calling me and emailing me about now, is "Should I stop using Google?" I hear it a million times a day. Are they really hostile to privacy?

Well, PI is a firm that's done this for a long, long time, and their results are usually pretty trustworthy. I'm going to give them the benefit of the doubt and say yes, Google is probably hostile to privacy.

I run all of my mail into a single GMail account, and I see adds based on the content of the email messages. Come on, are you just going to _believe_ them when they say it's safe to let them do that? Granted, it's ingenious, but it plays into the whole culture of elitist entitlement google has always had a tendency for.

One caveat I've been giving people: If you look at the report I linked to above, you're going to see that Windows Live  (eg. hotmail, passport, all that stuff), came in as a "Substantial threat" to privacy. So you take a couple steps up, maybe, by switching over to MS. AOL, same thing, they're a "Substantial threat". Yahoo?

And in the defense of Google, PI based some of their rating on the fact google wouldn't give them all the details. Hey, if I ask somebody "you're not going to sell my email address, are you?" and they just whistle and turn away, I ain't givin' em my email.

But I also counsel people not to panic. They've been using google's tools for a long time, most of them, and migrating away is a big, scary proposition.  Also, it's not like anyone else is doing any better with it, PI entitled their report "Race to the Bottom? 2007". Not a single one of the 23 companies listed in the report received a privacy-friendly rating.

And if you're going to go with the best of the bunch for privacy, you'll want the BBC, eBay, Wikipedia, and LiveJournal.

Am I switching? I'm afriad that's kind of private.

~A!

There is a popular misconception about code, and about programming in general. Programming is a science, but most people think it is ONLY a science. In point of fact, programming is an art, like music, or painting, or sketching.

Programming is most like poetry than any other expression. It is poetry rather than prose because of the rhythm, the subtle flow of ideas, the tempo of it all. While it is true anyone can learn to rhyme, it takes a mastery of more than fundamentals to be a poet. The same is true with programming. Anyone, and I do mean anyone, can learn the basic syntax of any programming language. Most are straightforward, simple, and logical. Just like phonics, the basic syntax of any language can be picked up by most anyone.

Fewer can write code for a living. Usually it takes a B.S. degree or better to work for a "good" company that will let you sit in a cubicle and churn out reams of code to make them rich. But what makes a programmer? Is it the ability to solve a problem by writing code? Is it designing the solution, rather than writing the code, that makes one a programmer?

I say no. I say there is a subtle, remarkable passion that underlies the great programmer. The great programmer exults in her discoveries and struggles constantly at the edge of something better. The great programmer sees his solution as an amorphous glimpse of something big, something grand that he can bring about with just a keyboard and a mouse, maybe a compiler.

In my experience, I've come across a great many people who write code. I've seen clients design their own sites to save a buck, and outsourced programmers churn out code too quickly in order to move on to the next project and make their dollar. I've seen it in house, too, but mostly I see it in the outsourcing realm.

Beyond that quick buck, down inside that quick and inefficient hackery that permeates this industry, there is a betrayal. It is subtle, and small, but a betrayal nonetheless. To "produce" code, as it were, is to deny the art, and to spit out chunks of code that barely get the job done in the most inelegant way possible through brute force and turning the error reporting off should be criminal.

Perhaps this article should be called "How to write bad code", because I'm about to tell you how to do it. If you want to write ugly, unmaintainable monstrosities, just pick up a book at the bookstore and go to it. Don't read anything but the syntax, and don't ever look for a cleaner way.

Don't refactor, don't think, and pepper your code with spelling errors in variable names. Make your databases huge and ungainly, without well-defined keys, and write all of your queries ad-hoc into your pages without checks and balances, and interpolate them directly into the HTML they affect. Don't learn about normalization, performance tuning, or object orientation in even the most basic context.

Most of all, if you want to write bad code, all you have to do is lack a passion for it. Daydream about leaving work as you write your code. Separate yourself from it.

There is an old saying, that the difference between something built and something created is simply this: What is created is loved before it is completed, and what is built can only be admired after it is built.

Create, don't build. If you find yourself simply building, stop and go find something you love to do.

Code is poetry.

~A!

I recently had the opportunity to refactor and normalize an extremely large database in MySQL. I love refactoring as a matter of course, and normalization just makes me all a-tingle, so it's good work if I can get it.

I was noticing as I pored through the fields in the various tables, that many, many fields had the same varchar length. 90% of them were varchar(100), including zip codes. Well, that's when the zip codes weren't integers, but I digress.

The point is this: I did some checking online, and I couldn't find a good guide to field sizes, so I thought I'd just share a little of an approach I feel is common-sensical and worthy of at least writing down.

Let's take a look at a record, and go from there:

John Smith, 123 Somewhere Street Northwest, AmityMothertonvilePokeno, New Hampshire, 03101, 603-555-1212, jsmith2007@funky-nowhere.com

That's pretty basically a bit of contact information. It's normal, it's average, and we all use it constantly in just about every app we develop using MySQL and PHP. So how long should we make the fields?

The name. "John Smith" is only ten characters, but what if someone has a longer name? What about "Luxaranimous Fitzgerald Luntensteinivilosky"? I think we could all agree that's an egregiously long name, and it still comes in at 43 characters. So maybe we bump it up for a bit of a buffer, and call it 55 characters. Now I feel better, and I have my new "Fullname" field size for all time.

Next we have the street address. I once knew a person who lived on Martin Luther King Boulevard, and that's decent size, so I'll use that as a baseline. Assuming 6 characters for the number, and 5 for "north" or "south", we come in at 39 characters. Add an apartment (Apartment 123) and we're at 41 characters. Again, we pad it, and I come up with 55 as a decent field size for an address.

City and state are both easy. The longest city name in English is 60 characters long (look it up if you don't believe me), and it is also the longest 'place' name in the English language. So that means that the city field is 60, and the state field, if you're not just using abbreviations, is 60 as well. (Longest "place", remember?)

Zip codes/postal codes in the US are easy, that's nine without the dash, ten with the dash (12345-1234 or 123412345). Foreign postal codes are a bit longer in some cases, and according to This site, the longest postal code in the world is currently 10 characters long.

Next, let's take a look at the dreaded phone number. I know this one always gave me fits when I started out, never could decide what to do with it. Do I store it into separate fields, do I exclude foreign phone numbers? If I don't exclude foreign phone numbers, how do I make it familiar for all?

Relax, first of all. The longest phone number in existence, country code and all, is 14 characters by all accounts. The format varies wildly from country to country, so if you're dealing with international phone numbers, you can still split them up the way you would with US numbers, just make sure you add a country code field. As long as the split fields end up adding to 14, you're ok. If you want to add in the ability for separators, dashes, dots, morse code, whatever, jack it up to twenty. No need to go overboard. This methodology of course applies to mobile phone numbers and fax numbers, as well.

And then the email address field. My email address is "anthony.levensalor@opentravelsoftware.com". That's 41 characters right off the bat, and I know I don't have the longest. In fact, the longest email address can be 64 + 1 + 255 characters long (user name, @ sign, domain name) according to the IETF.

Does that mean your email field needs to be 320 characters long? Well, technically, it is best practice to make sure you cover the extremes, so yeah. Just make sure you crunch that by allowing the field to be null. If that sounds silly to you, rest assured it sounds silly to me too. But somebody's gonna have a 320 character long email address, and you know it.

So here's the basic field specs, as much for my edification as yours:

full name: varchar(55)
address:  varchar(55)
city:         varchar(60)
state:       varchar(60) [or varchar(2) if you're using the US abbreviations only]
zip:          varchar(10)
phone:     varchar(14) [that's just digits, no symbols. Of course, in the US, you only need 11]
email:       varchar(320)

Until next time, I hope this helps you out.

~A!

AS much as Steve Jobs and the Apple community want to complain about Microsoft "stealing" features (wasn't there already a lawsuit about that in the 80's, and MS won?), one of the things I liked best about Vista in the tests I did on it was the destop search.

I know, it seems unnecessary somehow, what with google desktop and all the other possibilities out there for indexing and searching the computer, but I love the fact that it is integrated directly with the operating system and just makes searching a hell of a lot easier. And faster. And more comprehensive.

I was trolling around the Microsoft site's XP downloads and came across a version of the search that runs on XP. Since I'm not really ready to upgrade to Vista (bought a copy of the upgrade, waiting until I get better video), I went ahead an installed it. (You can download it here).

Once installed, it creates a little search bar in the upper-right hand corner of the screen. Start typing and it brings up a list of the most relevent matches right away. Click "more", and you get a full interface that allows you to choose different types of files, specify search criteria, just a whole bunch of cool stuff.

The way I look at it is this: I'm tempted to try out an iBook, because the hype is hard to resist, and my wife loves hers. But let's be pragmatic for a moment. I am a professional software developer, and I do a lot of heavy lifting on my machine. I write PHP, Perl, MySQL, HTML, CSS, Javascript, Java, VB.NET, VB6, C++, and once in a while a little Delphi to pass the time. Do I really want to risk all those working on Mac (with or without the emulation of windows they provide now)?

Not really, no. Besides, I like using windows. I also like using Linux. I'd probably like using OS X, too. But the value of understanding the software that's running your machine cannot be overstated. Perhaps I'm just with Windows because I've been on Microsoft products for all 22 years of my programming life, and I've never had something happen I couldn't fix. Even when I was eight, DOS was easier to work with than The Apple IIe we had at the grammar school.

This isn't a "Windows is good, everything else is bad" article, just saying that's a nifty search they put in, and I'm glad they ported it down to XP.

~A!

 

Q: When I modify php.ini file in "c:\php\--IIS 6.0 is not picking it up.  Any changes made in php.ini do not reflect when I run phpinfo().  However, I can run *.php files.  I setup IIS 6.0 with the appropriate web extensions--on the web service extension and the web site directory mapping.  Both pointing to c:\php\php5isapi.dll  Just can't get php.ini to pick up???
Thank you for your help and God Bless!
- Tony

A:

You are slightly outside my strongest area when engaging in IIS interop with PHP, but I will say that the little experience I have with it inclines me to think that your php.ini file should be in a system path for windows, e.g. c:\windows. I've had a lot of luck getting things to pick up appropriately when I copied the php.ini file into system directories and restarted the IIS process.

~A!

Like everyone else who runs a windows box for development, I've been psyched about the new Windows Operating System, Vista. Normally I am not an early adopter of Windows OS's, but it's been so long since I got to play with something new from MS that wasn't an office installation that I decided to give it a whirl.

 This article is the catalog of the results of that experiment.

I purchased my Vista license from the digital locker, so I can download it again if I need to and reinstall without all those cumbersome DVD's. I'd never done it before, so I gave that a shot. The download for Vista was in three parts, the core of which was a 2.3GB download that took a couple of hours over my DSL connection, nothing too severe.

 I ran the windows Vista upgrade advisor, and it advised me I needed to uninstall Nero before I could upgrade to Vista, that my video card would not handle the new Aero GUI, and that a few of my programs might possibly maybe have configuration issues after the upgrade. The language used to describe the possible incompatibilities was gentle enough that it seemed ok to just go ahead with the upgrade.

Operating System upgrades take a long time, longer than a clean install, and for good reason. When the OS is attempting to upgrade, it's simultaneously trying to put in the new while preserving the old configs and settings, so it makes sense that it will take forever. I defragged, cleaned up the disk space, and ran the upgrade.

The upgrade ran for about two and a half hours, and everything seemed to be progressing nicely, until the last reboot. When the screen said "preparing to run windows for the first time", I was really excited to try out the new OS. What I saw a minute later, though was "Upgrade was not installed successfully, your old Operating System is being restored".

It restored my XP Pro installation precisely to where it had been before I started the Vista install, so I couldn't complain too much. I was disappointed, but figured I had missed something simple. After all, the advisor had told me I was ok to upgrade, so I figured I was ok to upgrade. I ought to know better.

So I did some research on the MS website, in some discussion forums, and read over what little information there was to be had so far on the internet regarding Vista upgrades and installs. I saw other people with the same issues, and got the general impression that I needed to uninstall all of the possibly conflicting programs on my machine before I could upgrade. So that's what I did and, long story short, had the same result another 3 hours later.

Still determined to use my new $200 operating system, I backed up all of my development folders, files, and settings, and did a clean install. This one took 2 hours, and I had a shiny new Vista installation on my computer.

Something, however, seems to have changed in the definition of "clean" install, because Vista backed up my old operating system in a folder named windows.old that took up half my hard drive, and left all of my custom folders under root (C:\) completely untouched. I dunno if it's just me, but I had expected, you know, maybe a format, something to justify being a "clean" install. But nope, it only touched things past the root of the C drive, which it was easy enough to fix, just a minor annoyance.

Since I am a web programmer and 90% of my work is in PHP/MySQL, the first step to getting productive again was an installation of Apache 2. While I was installing it, I was asked for permission to continue from the OS about thirty times, and granted it each and every time. Then, at the end of the Apache installation, it told me it couldn't start, there was no installed Apache service.

 "Hmm", I thought. "I know I just installed that." Back to google I went, and sure enough, it was the new "Secure" feature in Vista, a bodyguard with a bad attitude named "User Access Control". The function of the UAC is to make sure that nothing can happen to your machine without your permission. Which is great, and reminds me of Unix and Linux and Mac, except that when you grant permission on those OS's, it actually gives whatever you're doing permission. The UAC seems, at least in the case of my Apache install, to have decided I didn't know what the hell I was talking about when I said yes, and denied the installation of the service because it knew better than I did.

 Luckily, the UAC was easy to turn off. So now I can actually run my machine, I just get a popup every five minutes or so telling me how unsafe my machine is because I don't have UAC turned on. That's irritating, I think, but I still pressed on.

I run a Gateway 7330GZ Notebook as my general use machine, to write PHP code and build and deploy my .NET applications. Gateway does not have the correct Video or Sound drivers for Vista yet, and support has told me they don't know when they'll be coming out. So that's two mistakes: One by Gateway for not getting on the ball with their driver development, and one on MS for not even setting up the pretense of backward compatibility. I have to use an external monitor with a generic driver to have a proper display, since the 1280x768 laptop screen will not display anything but 1024x768 on Vista at the moment, which just makes my head hurt.

I also have no sound for the time being, and oddly discomfiting feeling after being so used to pops and clicks and youtube videos and listening to my collection of music.

Having worked out the WAMP environment for development, I move on to VS.NET, which I run the 2003 version of. Immediately, Vista tells me there is a known compatibility issue with 2003, so back to google I go. Turns out it's just a couple of quirky things, nothing serious, so I install it anyway. Been using it since with no issue, so the compatibility issues are something I can't speak to yet.

Having done the .NET install, I went back to VS6 to install my old dev environments that I use to support some software I wrote back in the day and still support. While I got compatibility issues with the 2003 version of the development environment, it didn't make a single peep about the old, archaic VS installation from 1998. What kind of logic is this, I wonder? 2003 has compatibility issues, 1998 is ok.

So far, I've been using Vista day in and day out, and once I turned off the UAC, it's been good. I can't shake the feeling, however, that I spent 200 dollars for no other reason except to fumble around learning a new OS for a few weeks. I can't use the Aero interface, I have no sound, and I can't stand to look at my laptop screen.

There are prettier icons and things are smoother, and the networking is a thing of beauty. Downloads and uploads are a lot faster, and finally I have a system on which IE7 does not crash every time I open it. But now, regardless of the default browser set on the system, when you type an address in the address bar, it opens IE7, not your default browser.Ditto for double-clicked htm,html files. It opens IE7, even though FireFox is specified as the default browser. WTF?

Vista is going to be great, and it's going to be adopted across the board, no doubt. It has some definite room to grow, though. Vendors need to get their drivers working, MS needs to patch some of the dumber features (like overriding the default browser), and UAC needs to work better than it does now, or the benefits derived from it will be lost because the biggest support answer on planet earth will become "Turn off UAC" by a host of companies and vendors that need access to any system resources to do their job.

I'm not going back to XP, but I'm not enjoying the experience a whole bunch yet. I need my drivers, and without Aero, how do I know I'm not looking at XP? Prettier icons? A deskbar on the right I replaced with google desktop immediately, because google desktop works and is easier to configure? It looks just like XP with a different wait cursor, unless you have a top of the line video card and can run Aero. And I don't know what that looks like, because I don't.

~A!