Scott Hanselman

I was trying to run a PowerShell script that I downloaded from the Internet today and got this security warning:

Security Warning
Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your
computer. Do you want to run foo.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"):

I've written about Signing PowerShell Scripts before, but not about totally unsigned, totally un-trusted scripts. When a script is downloaded via Internet Explorer from the Internet or an Intranet, an NTFS Alternative Data Stream is added to the file with a Zone Identifier, indicating the file's origin.

You can use the free streams.exe from SysInternals to see the Alternate Data Stream for each file/script.

C:\>streams foo.ps1 
Streams v1.5 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2003 Mark Russinovich
Sysinternals - www.sysinternals.com 
C:\foo.ps1:
:Zone.Identifier:$DATA 26

You can see clearly that there's a Zone.Identifier stream attached alongside this foo.ps1 script.

It can be easily opened in notepad like this:

notepad foo.ps1:Zone.Identifier

And see the hidden ini file with a Zone Identifier. There's six possible values

public enum SecurityZone
{
  NoZone = -1,
  MyComputer = 0,
  Intranet = 1,
  Trusted = 2,
  Internet = 3,
  Untrusted = 4,
}

Notepad is kind of a coarse, but effective, way to access these streams. The PowerShell Guy has created an extension method for System.IO.FileInfo called GetStreams that lets you get at these streams from PowerShell.

In Vista, you can use the new /R switch to DIR as in DIR /R.

Personally, I like to just use the built-in (have you see this?) support in Explorer's General Property Pages for the file. You can just select Properties and under Security click "Unblock." Clicking Unblock completely removes  the Zone.Identifier Alternative Data Stream and makes scripts (and other things) executable again.

To summarize, there's lots of ways to manipulate Alternative Data Streams:

• Use Notepad.exe filename:streamname
• Use extensions to PowerShell's FileInfo object
• Use Streams from SysInternals.
• In Vista use DIR /R
• On any OS, use more < foo.ps1:Zone.Identifier

SECURITY NOTE: Firefox doesn't appear to know about zones at all, so PowerShell scripts that are downloaded from the Internet with Firefox are not marked with this Alternative Data Stream, and are therefore immediately executable, so take care. Firefox on Windows could fix this by calling IAttachmentExecute (MSDN).

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

I've been increasingly disappointed with Comcast's Internet Service of late. Even though I pay a monthly premium on top of the regular rate for Internet Access, I'm rarely getting good throughput. This makes downloading big stuff like Orcas Beta 1 VMs more than a little irritating.

(Yes, I know American's are spoiled by good bandwidth at cheap prices. I realize this more than you might know. See my post on Bandwidth in the Bush.)

UPDATE: I forgot to mention that I'm paying US$50 a month for the 15/2 service.

I got fed up recently and decided to move over to Verizon Fios as I'd had it with Comcast and Verizon had already torn up my yard a few months back to get Fiber Optic Cable to my neighbor.

TIP: A Verizon Employee confirmed to me that the online database and an internal database of "Is FIOs available in my neighborhood" is NOT in sync. Be sure to call and ask them if it's available where you are. My house was not available when checking online, but WAS available when I called and talked to a human.

Installation

I called and made the appointment. The day came (today) and the guy showed up. He absolutely knew his stuff. He was careful not to bad-mouth Comcast, which was classy, but he was clear to express Fio's culture. His feeling was "massive bandwidth, reasonable price, do what you like." That's nice, because I didn't like hearing from Comcast when they think I'm using too much.

My neighbor had the fiber come to his house, then a box attached to the side of his house, then a battery backup in his garage. Then the Verizon guy installed Verizon's Wireless Router on the wall in his garage and put in a bunch of small PCI 802.11 cards. So his whole house is wireless. No hub, no closet. Great for him, not acceptable for me. There's a lot of traffic flowing on my network and I want both the throughput and comparative security of wires.

TIP: Plan your network layout before the installer arrives. I had, fortunately, three contingency plans.

Initially I was quite concerned, thinking that there'd be no way for the Verizon guy to get the Internet Service into my second floor where the wiring closet and punchdown block is. This is when he dropped this surprise on me. A few months back, he says, they got the OK and hardware to run their service over the last 100 or so feet inside your house using the existing Coax Cable you've likely already got strung. This was perfect for me, as I already went to the work of getting Cable into my computer room.

See the diagram below. Now the fiber comes in from the street, into the optical converter, then under my house and into my walls on 75Ohm Cable Coax then out of the wall in my computer area and into the Verizon Router. The router converts that one Coax Run into RJ-45 Ethernet, that I plug back into the the house, which in turn, lights the house up - exactly as it was - for Internet. I was VERY pleased with his installation and the process.

Router Software

When I heard that Verizon insists (you can change it when they leave, but they lower-case-i "insist") that you use their ActionTec MI424WR Router as your first level router, I was thinking "I'll be damned if I'm going to give up my DD-WRT LinkSys Router after all the work I put into the whole network topology, QoS, and what-not.

The installer dude was sympathetic, and we chained the two with the Verizon Router basically neutered and just forwarding traffic along. This allowed Verizon to do whatever diagnostic magic probing they want and I could keep my existing stuff exactly as it was.

However, after he left, I started poking around the Actiontec's Web Interface, and upgraded its firmware to 4.0.16.1.45.160. I must say, it's really quite powerful once you get into the deeper parts of the system, bypassing all the safety warnings.

TIP: Make a hard-copy report of all your networked devices and their MAC addresses. It'll be easier to figure out who got what address later if those devices don't have names.

I decided to copy (manually) all my DHCP lease settings, uPnP stuff, QoS rules, Port Forwarding (for Windows Home Server, etc) and some other things over to the new router. Not only was I able to get it all up and working in about 90 minutes, but it actually feels quite a bit snappier than the LinkSys. The LinkSys would get really sluggish when the network was working overtime. This ActionTek one works great. I was pleasantly surprised. Now I've got two LinkSys Wireless Routers that need a home.

Current Network Map

Here's how things look currently. I consolidated inside the wiring closet, and while there's two RJ-45 ports in each room in the house, for now I'm getting away with one 8-port hub into the closet, and the built-in 4-port hub on the ActionTek Router.

TIP: Just as it's useful to have a Family Backup Strategy and accompanying diagram, it's useful to have a Current Network Map for your spouse in case you get hit by a bus. If you've got knowledge that exists only in your head, write it down.

Conclusion

I'm off to cancel Comcast Internet next week. Personally, I'd completely given up on Verizon many years ago and had long left them for dead. I'm completely surprised with the smoothness of the whole experience. Hopefully the uptime for FIOs will turn out good as well. I may also switch away from Vonage, given the current lawsuit, and move over to Verizon using this same network.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

My sixtieth podcast is up. We discuss "Web 2.5" as Silverlight (ne WPF/E) is announced. Seems that Rich Cross-Platform Runtimes quickly approach from both Microsoft and Adobe. What does this mean to the average developer? We also try to make up for some misinformation we spread in Show 46 on WPF/E, and while we do it, we probably speculate wildly and spread more.

ACTION: Please vote for us on Podcast Alley ! Digg us at Digg Podcasts !

Links from the Show

WPF/E Show - Be sure to read the commments (o3p)
Ted Patrick, Flex Evangelist on Silverlight and Flash/Flex (o3u)
Keith Elder speculates on a Mobile Silverlight (o3z)
WPF/E Announced at Mix06 (o3q)
Scott Barnes says "Stay Agnostic" (o3v)
Tools for developing Silverlight (o40)
Paul Wilson's Analysis of the Silverlight Announcement (o3r)
Adobe Flex (see the screencast on creating Flex apps also) (o3w)
MSDN Silverlight SDK (o41)
Silverlight Home Page (o3s)
Adobe Apollo - Next Gen RIAs (o3x)
Silverlight Architectural Overview (o42)
Tim Sneath on Silverlight (o3t)
Developing Flex Screencast (o3y)

Subscribe:

Do also remember the complete archives are always up and they have PDF Transcripts, a little known feature that show up a few weeks after each show.

Telerik  is our sponsor for this show.

Telerik is a new sponsor. Check out their UI Suite of controls for ASP.NET . It's very hardcore stuff. One of the things I appreciate about Telerik is their commitment to completeness. For example, they have a page about their Right-to-Left support  while some vendors have zero support, or don't bother testing. They also are committed to XHTML compliance and publish their roadmap. It's nice when your controls vendor is very transparent.

As I've said before this show comes to you with the audio expertise and stewardship of Carl Franklin. The name comes from Travis Illig, but the goal of the show is simple. Avoid wasting the listener's time. (and make the commute less boring)

• The basic MP3 feed is here, and the iPod friendly one is here. There's a number of other ways you can get it (streaming, straight download, etc) that are all up on the site just below the fold. I use iTunes, myself, to listen to most podcasts, but I also use FeedDemon and it's built in support.
  • Some other clients are Doppler (also suppose Windows CE), FireAnt, Nimiq, and PrimeTime Podcast.
• Note that for now, because of bandwidth constraints, the feeds always have just the current show. If you want to get an old show (and because many Podcasting Clients aren't smart enough to not download the file more than once) you can always find them at http://www.hanselminutes.com/.
• I have, and will, also include the enclosures to this feed you're reading, so if you're already subscribed to ComputerZen and you're not interested in cluttering your life with another feed, you have the choice to get the 'cast as well.
• If there's a topic you'd like to hear, perhaps one that is better spoken than presented on a blog, or a great tool you can't live without, contact me and I'll get it in the queue!

Enjoy. Who knows what'll happen in the next show?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

I couldn't be prouder. My little sixteen-month-old Z said "Mommy Bathing in the Water" while my wife was in the shower. He said it with American Sign Language (ASL), a language we've been teaching Z. I think it's a big deal because he independently strung these words together, one after another, and made a declaration.

The Language Explosion has begun with my little man. He's starting to speak more and more (verbally) and my wife is continuing to (try) to speak to him in her language. When he starts school he'll (hopefully) be in an Spanish immersion program, so he'll theoretically have four languages going forward. (ASL qualifies as a foreign language in college and has a different sentence structure than English.)

The "language events" of the last few weeks got me thinking about choosing Programming Languages.

(No, not for Z, hopefully he'll be much more well-rounded than I, and will NOT be a programmer.)

There are many folks who study linguistic learning in young people and the conventional wisdom says that learning between 4 and 5 languages is quite reasonable, even easy, if some basic rules are followed. Things like one language per care-giver, consistency, etc.

If a theoretical child (not mine) was to get "good language coverage" from a population perspective - trying to pick a set of languages that would enable the child to communicate with the largest number of people - they might want to learn English, Chinese, Spanish, Hindi, Russian and maybe Arabic. If a theoretical person wanted to learn a set of programming languages that would enable them to write code today with a good chance of getting a job they might want to learn Java, C, C#, PHP, Ruby, maybe Javascript and possibly Python.

However, if a theoretical child wanted to get a good set of solid languages that would enable them to more easily learn other languages, they might want to learn English and Spanish (Indo-European Family), Chinese (Sino-Tibetan Family), Arabic (Afro-Asiatic Family), Swahili (Niger-Congo Family) and maybe Japanese or Turkish (Altaic Family). These languages would give the child very broad exposure to different structures and tones.

What programming languages would a new Student of Programming want to learn in order to get good coverage and enable them, at an early age (or stage in their career) to not only learn other languages but also solve problems in non-traditional ways.

An parallel could be drawn between an older life-long English speaker having trouble learning a language because the sentence structure of the new language is so very different from English, or a tonal language like Mandarin where the English speaker's brain simply can't hear the tones.

Studies have show that children who are exposed to tonal languages at some length, like Mandarin, before their second year can lay the pathways to recognize and distinguish between "similar" tones years later. But they have to hear the tones early in life.

What programming languages should a New Programmer experience early so that they might be more able to "hear the tones later" when a new languages comes along? What language should a new programmer be exposed to first?

Should we make selections from the major Programming Language "families"?

• Imperative - statements that contain a sequence of commands
  • Fortran, C, Pascal, VB, LISP
  • Object-Oriented
    • Smalltalk, Java, C#, Ruby, LISP
• Declarative - "It's like this, figure it out"
  • XSLT, SQL (kinda)
• Logical - describe some theoretical state and the steps it implies, and work backwards to solve
  • Prolog
• Functional - Keep it stateless and create functions, often recursive
  • ML, Haskell, Common LISP

Should young (or new) programmers be taught many languages and philosophies, or just ones that will get them a job? Should we optimize for language coverage or language diversity?

If there are benefits in teaching young children Chinese because of the language's complexity and tonal qualities, is there a benefit in teaching new programmers Lisp for the (mostly) same reasons?

Speaking only to Basic's comparative "linguistic" value, to be clear. if Lisp is comparable to Chinese then should Basic considered on par with English Slang?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By

I'm a big fan of Notepad2. I have used a ton of text editors, but I keep coming back to Notepad2. Partially because it's one better than Notepad, but mostly just because it feels very natural. Notepad++ is nice, but still, I'm drawn to Notepad2.

After nearly three years of silence, Florian Balmer of Flo's Freeware has updated Notepad2! You can get the latest version here directly from Flo, as well as the C++ source.

There's some cool changes in this version, including the removal of settings from the Registry. They're stored in a .ini file now, which makes Notepad2 more appropriate as a Portable App.

Here's a few of the changes that I'm enjoying (full list of changes here):

• "Insert HTML/XML Tag" helper tool (Alt+X)
• Rectangular selection (Alt+Mouse)
• BSD License for Notepad2 and source code (see License.txt)
• Multiline find and replace
• Find and replace dialogs are now modeless
• File change notification (optional)
• "Duplicate Selection" command (Alt+D)

And dozens and dozens more small improvements. Let's all congratulate Flo on his triumphant return!

Unfortunately, Ruby as a syntax highlighting scheme still isn't included in this distribution, and while I want the new Notepad2, I can't give up the Ruby support added before by Wesner. So, I took the source of the New Notepad2 used Beyond Compare and Rubyified it, again. If you want to build it yourself, you have to get the source for Scintilla first, then modify it to change some Lexer linking stuff (see the Notepad2 readme.txt).

Download Notepad2 Version 2.0.15 with Ruby Highlighting added (+source diff)

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

About   Newsletter

Hosting By