Scott Hanselman's ComputerZen.com

I received an interesting email today where a fellow was trying to make sure that all browsers could successfully download his company's MSI installer. He had found a blog post that I wrote SIX YEARS AGO on the Content-Disposition header and some trouble I'd had with Check Images. Just in case you're not clear, 6 years is like a century years on the internet.

Here's a little snippet from my incredibly old blog post:

HTTP Headers are name values pairs, so they are easily added with the Response object in ASP or ASP.NET You use it like this (the HTTP Headers):

HTTP/1.1 200 OK
<snip>
Content-Disposition: filename=checkimage.jpg
Content-Length: 76127
Content-Type: image/JPEG

Or, if you want to immediately prompt the user with a File Download Box:

HTTP/1.1 200 OK
<snip>
Content-Disposition: attachment; filename=checkimage.jpg
Content-Length: 76127
Content-Type: image/JPEG

However, Internet Explorer has never really got it right.

Here's a list of gotchas, starting with my own:

• On IE 6.0, things mostly work, but if you ALSO setup Cache-Control: no-cache, your suggested filename (and type!) will be IGNORED.  A bummer if you have to choose between security and convienence.  Of course, security wins.
• On IE 4, the attachment option is flaky, see Q182315
• On IE 5.5, the attachment option is REALLY flaky, see Q267991 and Q279667 and Q281119
• On IE 5.0, the filename suggested can mangle your filenames, see Q262042
• On nearly all versions of IE, including 6.0, sometimes the browser will use the filename in the address bar instead of the Content-Disposition Header, and with IE5.5SP2 you're expected to change the UseCDFileName registry key, see Q303750.  This was fixed with IE6.0SP1.

IE's not the only browser with past trouble around this header, but it's been the worst historically. Last year, IE8 made a good move forward when it proposed (during the beta cycle) an "authoritative=true" addition to the Content-Type HTTP header. This would be a way for your server to basically insist that the Content-Type it offered was the correct one. Seems reasonable, like it should have always been that way, eh?

Here's an example on how we'd (under this OLD proposal) force an HTML page to be delivered and rendered as plaintext. Sam Ruby thought it was a good idea as well as sniffing, while inside the HTML5 spec, is generally considered a bad idea.

HTTP/1.1 200 OK
Content-Length: 108
Date: Thu, 26 Jun 2008 22:06:28 GMT
Content-Type: text/plain; authoritative=true;

<html>
<body bgcolor="#AA0000">
This page renders as HTML source code (text) in IE8.
</body>
</html>

Unfortunately this blog post was never updated. EricL (author of Fiddler and very nice person) wrote it, and he'll know I'm not picking on him personally, as this is a huge problem on all blogs, mine included. It's really hard to update old posts when they are obsolete. It's a manual process and all we as bloggers can do is our best to update our old posts with pointers to new information.

Two months later, this post came out and the final design that was agreed on with community feedback looked like this:

Over the past two months, we’ve received significant community feedback that using a new attribute on the Content-Type header would create a deployment headache for server operators. To that end, we have converted this option into a full-fledged HTTP response header.  Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type.

For example, given the following HTTP-response:

HTTP/1.1 200 OK 
Content-Length: 108 
Date: Thu, 26 Jun 2008 22:06:28 GMT 
Content-Type: text/plain; 
X-Content-Type-Options: nosniff

<html> 
<body bgcolor="#AA0000"> 
This page renders as HTML source code (text) in IE8. 
</body> 
</html>

I'd like this post to serve as a reminder to all of us who are blogging technical content to update our posts if and when appropriate, and certainly when a reader points out errata. As the gent who emailed me so wisely put it:

"These are the little bugs that lead to madness."

Thoughts?

Microsoft's new Search Decision Engine called Bing is live now (in preview/beta). I thought Bing meant "Bing Is Not Google" but apparently "bing!" is the "sound of found." Found it! Bing!

If you use Google Chrome as your browser you can make Bing your default search. Here's how:

1. Click the Wrench Icon in Google Chrome and click Options.
2. Click "Manage" under Default Search.
3. Click "Add" and make the form look like this:
   
4. Now with your new Bing entry selected, click Make Default.

Go give Bing! a try. I'm going to use Bing for the whole month of June and see how it goes. I'll blog my results.

Technical International Note: If you're outside the US, while Bing is rolling out over the next few days (it's literally rolling) you can temporarily force it to think you're in the US with this Bing URL.

Feel free to post your Bing tips and impressions here in the comments, or follow @bing on Twitter.

Derek Powazek dropped this little piece of truth on Twitter recently:

Twitter was more fun when I could b*tch about a company without them replying to ask how they can provide me with excellent service today.

Things have changed since Word of Mouth got a permalink. When I'm complaining about a company to my friends or while walking down the street, no one seems to care. When I'm calling a company and complaining one-on-one, I don't always get excellent service. Boy, but if you mention a company on your blog, or even better, on Twitter, you'll likely get a reply in minutes.

It's getting to the point that I get better customer service (and hence, satisfaction) on Twitter than I do calling a 1-800 number. I'll spend less time on hold as well!

Where's my Mower?

I recently ordered a Lawn Mower from HomeDepot.com and was bummed when I realize that HomeDepot is NOT Amazon. By that I mean, not every online retailer ships virtually instantly like Amazon. Seems like Amazon has your package being prepared while it's still in the shopping cart. Click Checkout and walk to the mailbox, bam! With other retailers, not so much.,

With my Lawn Mower, it wasn't available anywhere locally so I ordered it online. I was bummed when checking the order status that it was still "processing" four days later and I complained (lower-case "c") on Twitter at 1:26pm on May 19. Sarah from Home Depot replied first thing the morning of the 20th offering to look into it for me. That's pretty cool, so kudos to HD for offering to help.

There's 100s of brands on Twitter (here's the top 100). I'd say, that Comcast got on board first, as I recall, and made really good use of Twitter for customer support. Twitter's also nice for customer support as it's (almost always) clearly a human behind the account. Twitter's not just for customer support, but also for collecting feedback and posting coupons, offers, etc. It's a brilliant medium because of it's elegant publisher-subscriber model and the its brevity constraint.

Why doesn't Home Depot (or any company, as HD isn't the point of this post) jump when I complain on Facebook?

One word: Permalinks.

Facebook is a walled garden, as you likely know. My facebook posts aren't indexed on Google and even within Facebook, they aren't easy to search and very hard to link to, IMHO. On Twitter, tweets are easy to search and you can bet that every one of these folks are using Tweetdeck to hunt for mentions of their brands. That's no doubt how HomeDepot found mine. You don't need a lot of followers, you just need to mention their name.

I've said before, don't give bile a permalink. Brands with an online or social media presence live in constant fear that you will, and it'll be about their brand.

They know that the spark of a negative tweet can fan the flames of rebellion. The threat of RT (retweets) or blog posts about tweets only pours gas on the flames. Even worse, tweets can end up in newspapers and if the company doesn't handle it well, it's over.

Consumer-driven > Company-driven

To Derek's point, yes, it WAS more fun before. I'm not sure I like the reframing of my relationship with these (often global) brands being based on fear, especially their fear of a global uprising based on potential negative publicity. I do like the idea that not only is one not complaining alone any more, but also that Twitter allows the customer (me) to reassert my role as the driving force behind the relationship.

My  question is, however, is this going to scale? I can't see how. There's only, what, 10 million people on Twitter? It's nice now, while there's so few people on Twitter, but it'll be really interesting when Twitter becomes Customer Service Central for every brand on the planet.

I still think it's lame that it took 4-5 days for my Lawn Mower to ship, but I think it's cool that Sarah at Home Depot offered to help me out.

(I got the Toro Personal Pace Mower, on sale at the time, plus a coupon, if you care.)

Disclaimer: It's very likely that I have NO idea what I'm talking about. This is a blog, not a technical article or official anything. Listening to me may well kill your pet kitten and render both your computer and you personally unbootable. Run away in fear as this is all completely useless information.

I paved (reformatted and started over) my main machine, formerly named QUADPOWER, now QUADPOWER7 to use the new Windows 7 RC a few days ago. I went through the process, but wasn't really paying attention. I have a tendency to just Next>Next>Next>Finish my way through most wizards. This will likely be the death of me at some point.

Anyway, my system is a little non-standard and I had at some point a year ago switched hard drives around to make the faster one be my boot drive. I did this by changing the boot order in the BIOs.

Fast forward a bit, and today I wanted to format my DATA drive - my D: drive - and the format applet said "not so fast."

I opened up Disk Management and it showed me this...

Yikes! See how my D: drive is Disk 0 and is marked as System, but my C: drive is Disk 1 and marked as Boot? That means that the Boot Configuration Data (BCD) is on my D: drive. I checked my BIOs, and it turned out, in fact, that I had told it to boot of that drive. However, I'd installed Windows to the other drive and got myself into this situation:

• Disk 0 - D: Drive with BCD
• Disk 1 - C: Drive with C:\windows and other booty

I couldn't format D: because it was what I booted off of. Poop.

I searched around and found all sorts of hard and scary descriptions of how to fix this. Basically it boiled down to:

Approach 1: Nuclear Option. Wipe and Start Over.

Approach 2: Copy the Hidden/System Boot Manager and Boot Folder over to the C: drive and run a tool called BCDEdit to move things around in 12 short steps. ;)

This was a scary prospect for me, because from my point of view, while this was a fairly advanced operation, I just wanted to switch where the boot info comes from.

Turns out there is a new (profoundly advanced, you have been warned) command line tool called BCDBoot.

C:\windows\system32>bcdboot /?

Bcdboot - Bcd boot file creation and repair tool.

The bcdboot.exe command-line tool is used to copy critical boot files to the
system partition and to create a new system BCD store.

bcdboot <source> [/l <locale>] [/s <volume-letter>] [/v]
                 [/m [{OS Loader ID}]]

  source            Specifies the location of the windows system root.

  /l                Specifies an optional locale parameter to use when
                    initializing the BCD store. The default is US English.

  /s                Specifies an optional volume letter parameter to designate
                    the target system partition where boot environment files are

                    copied.  The default is the system partition identified by
                    the firmware.

  /v                Enables verbose mode.

  /m                If an OS loader GUID is provided, this option merges the
                    given loader object with the system template to produce a
                    bootable entry. Otherwise, only global objects are merged.


Examples: bcdboot c:\windows /l en-us
          bcdboot c:\windows /s h:
          bcdboot c:\windows /m {d58d10c6-df53-11dc-878f-00064f4f4e08}

This means that I could type this from an Administrator Command Prompt:

bcdboot c:\windows /s c:

And BCDBoot would basically re-gen the BCD stuff I needed on the C: drive given what it knows about the C:\Windows install.

I ran it, and rebooted. I immediately went into the BIOS and changed the Boot Order so that my 300 GIG C: faster drive (the one I thought I was booting off of all the time) was my startup drive.

Now, Disk Management shows that C:\ is both System and Boot and all is right with the world.

More subtle awesomeness from Windows 7.

I asked on Twitter today if it was "OK to be a dick as long as you were introspective about it?" I received a few responses, including one asking if I'd be more gender-neutral and pick a word like asshole instead. You can't please everyone. Forgive my language in this instance.

There's a lot of discussion on the Interweb right now about an individual in a technical community who used some imagery in a technical presentation at a technical conference that could be described as gender-insensitive. That's a PC way to say it. Another way to say it is that a guy used a porn metaphor and soft-core porn imagery in a technical presentation in front of a gender-mixed technical crowd.

Boiled down, the issue ultimately was not just about the images as it relates to gender, but rather that the images and the presentation metaphor was simply in poor taste. Certainly, taste in this context is subjective, but it's easier than you think to find the limits of good taste.

Dana Jones had this very erudite comment on a Rails mailing list:

Imagine a presentation about recruiting developers for your firm with the analogous presentation: "Big Game Hunting", replete with pictures of dead animals smilingly displayed by the hunters who killed them. Hunting is a perfectly legal sport and one which I personally have no objections to (just as I have no objections to porn), but do graphic images that will likely disturb at least *some* audience members really have a place?

What about a presentation about writing code on deadline: "Delivering Like a Birth Mom." Or how about graphic images of up-close breastfeeding in a talk titled "Nursing Your Projects Along."

These parallel theoretical presentations of Dana's brilliantly provide the boundaries of good taste vs. poor taste in this context. "I know it when I see it" is a truism. But with all subjective opinion, one man's norm is another's outlier.

That technical community is discussing the issue and working it out. One of the related posts by DHH, the creator of Ruby on Rails - but not the presenter in question - had an interesting post called "I'm an R-rated individual." It's basically a disclaimer/declaration that he's loud and proud and may offend. Some folks believe Rails.equal?(DHH) but that's of course, short-sighted.

This paragraph of David's post is excellent:

Blending like this isn't free. You're bound to upset, offend, or annoy people when you're not adding heavy layers of social sugarcoating. I choose to accept that trade because my personal upside from congruence is that I find more energy, more satisfaction, and more creativity when the bulls**t is stripped away.

A lot of people are talking about personal brand and "image management" right now, and it's easy to say, "oh, so-and-so is a jerk." and write them off. The reason that paragraph is so insightful is because DHH expresses two things. One, he consciously chooses his path. +1 Wisdom there. And Two, he realizes there are consequences...it "isn't free." +2 Introspection. Like a guy/gal or not, but give them credit for deciding to be someone. Feel bad if someone is a jerk and doesn't realize it. I thinking living consciously and unapologetically is to be commended.

DHH's path is not for everyone. It's not for me. I believe one should avoid being overtly offensive whenever possible and appropriate, public or private. I expend a some amount of effort being a consensus builder (perhaps because I'm an ENFJ and DHH is, I'm guessing, likely an ENTP) and I think one can be real without being rude. I encourage others to do the same.

However, it depends on what you feel strongly about and if what you feel strongly about outweighs what you believe others might feel. You need to be yourself, but you there ARE social norms, and others feelings, that should be considered.

@mstum on Twitter said: I'd rather have honest f-bombs than gentlemen hypocrites... Honest and direct people are so much easier to work with.

But can't one be an honest gentleman? Why is online (or offline) use of the F-word and general crassness somehow exemplary of "honesty?" If someone swears and slams their hand on a table in a business meeting I don't immediately think "Whew, finally an honest person!"

Being generally pleasant and helpful isn't sugarcoating, it's being pleasant and helpful.

@David_Ing said: Different worlds I guess. Reminds me of high school. Makes me feel old. Edgy douche is the new cool.

So where does it stop?

I had this conversation with Ade Miller on Twitter:

• AdeMiller: @shanselman Would it be better to lie to conform to a set of social norms you don't believe in? http://is.gd/vcEZ · View Tweet

• shanselman: @AdeMiller if he was a nudist, should he show up to conferences and user groups nude? Post pics on his blog? · View Tweet

• AdeMiller: @shanselman That's reductio ad absurdum. A more interesting question is should he never admit to being a nudist so avoid upsetting plp? · View Tweet

• shanselman: @AdeMiller If he wants to sell software to the enterprise and lead a movement, yes. · View Tweet

This may be a generation gap. I'm in my mid-30s and "social internet culture" for me doesn't automatically involve ending online arguments via reductio ad Hitlerum (Godwin's Law). Young people today (get off my lawn!) are largely more comfortable being unapologetically themselves online. I'm of a slightly older Internet generation that doesn't believe everyone is a unique snowflake and that if everyone behaves with a "this is me, like me or leave me alone" attitude then anarchy (ahem, or the internet) will emerge.

People believe strongly about some things and less strongly about others, and you'll never get everyone to agree. I certainly don't promote being a push-over. If something is an injustice, then, by all means speak up. There are some folks in the .NET community that people consider abrasive or have written off as jerks. But see it from their perspective! For them, there is a great injustice, or a number of them, and social norms be damned! I deeply respect this perspective.

For example, my wife is Black. If I post pictures of my wife on my blog, I risk alienating racists and folks against interracial marriage. However, that's a risk (hopefully small) that I'm willing to take, as I certainly feel strongly about it and I think I'm on the right side of history. I'm also a diabetic and I don't hide it. These are stands, small or large, that I'll take, as they are important to me.

You might knee-jerk and think that's a trite example. You might say "we're all too Politically Correct." This might be a true, but just because you want to avoid being Politically Correct doesn't mean you should email me and say, "Hey, how's your Black Wife? How's Diabetes sucking for you? Still blind?"

A question on code comments showed up on StackOverflow this week, and the most highly-voted answer included the F-word. An "Edit War" ensued, with members of the community switching a code sample back and forth between the actual F-word, and various other forms like F*ck, Frick, and Foolish.

I swear occasionally. I can appreciate the F-word as appropriate punctuation while simultaneously realizing its crassness. I don't typically swear in meetings. It's conceivable I would if I could find the right situation. Most everyone who speaks English realizes that the N-word is off limits. Americans also have other words that we Just Don't Use, although the British do. Using them in a meeting is certain death.

The point is that NOT using these words doesn't fundamentally make my life worse. DHH says:

"I find more energy, more satisfaction, and more creativity when the bulls**t is stripped away."

I respect that, and good for folks who agree. I respect everyone's right to say what they like.

If you're a nudist and you give your technical talks on C# naked, I likely won't be there to watch your talk. You may feel REALLY strongly about nudism, and I wish you well. You may believe in the legalization of drugs and prefer to give your technical presentations high, and I say, kudos, but I and others may not show.

There are some social norms, and you should know what they are and know how strongly you feel about them when you take your message to a larger audience. Know that there are consequences when what you value is broadcast in a larger context while promoting a technology. I've lost readers who have said I don't do enough deep technical content, or they find my "intensely personal" posts off-putting, but I'm conscious of my decisions and I feel strongly about the things I choose to discuss on my blog.

I respect DHH's perspective and others like him. Some are concerned that some edgy attitudes are preventing female programmers from embracing programming as a vocation. DHH says:

"You certainly have to be mindful when you're working near the edge of social conventions, but that doesn't for a second lead me to the conclusion that we should step away from all the edges. Finding exactly where the line goes — and then enjoying the performance from being right on it — requires a few steps over it here and there."

Again, another paragraph with layers. He knows where the edge is, enjoys dancing on the precipice jumping back. To dismiss him as merely loud and obnoxious is to do him (and people like him) a disservice.

I have set a level of what I consider reasonable professional conduct both online and offline. You should too. Know what THE edge is, know what YOUR edge is and know the effects of being near both. Decide what you feel strongly about and what you don't. Not everyone has the same norms, but everyone should know what the consequences are and measure them according to their own value system.

The advice that works for me is to avoid giving bile a permalink. Don't be a dick. If you are a dick, you don't get to complain when things go bad for you. There are consequences to all actions and they live on. They live on longer if you give them a permalink.

What do you think?